Malware Analysis Report

2025-08-05 09:28

Sample ID 240223-pb4ylsga55
Target Proforma fatura.msg
SHA256 307119554d57a79005b8b76c692ff226ca961b17f7f9ad0d43590556632d3745
Tags
agenttesla collection discovery keylogger spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

307119554d57a79005b8b76c692ff226ca961b17f7f9ad0d43590556632d3745

Threat Level: Known bad

The file Proforma fatura.msg was found to be: Known bad.

Malicious Activity Summary

agenttesla collection discovery keylogger spyware stealer trojan

AgentTesla

Downloads MZ/PE file

Executes dropped EXE

Reads WinSCP keys stored on the system

Reads user/profile data of web browsers

Loads dropped DLL

Reads data files stored by FTP clients

Reads user/profile data of local email clients

Checks installed software on the system

Accesses Microsoft Outlook profiles

Enumerates connected drives

Drops file in System32 directory

Suspicious use of SetThreadContext

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Office loads VBA resources, possible macro or embedded object present

Modifies Internet Explorer Phishing Filter

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

outlook_win_path

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: AddClipboardFormatListener

Modifies registry class

Uses Task Scheduler COM API

Suspicious use of SendNotifyMessage

Uses Volume Shadow Copy WMI provider

Modifies data under HKEY_USERS

Suspicious behavior: GetForegroundWindowSpam

Modifies Internet Explorer settings

Uses Volume Shadow Copy service COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-23 12:10

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-23 12:10

Reported

2024-02-23 12:43

Platform

win7-20240221-en

Max time kernel

1902s

Max time network

1996s

Command Line

"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\Admin\AppData\Local\Temp\Proforma fatura.msg"

Signatures

AgentTesla

keylogger trojan stealer spyware agenttesla

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zOC121D73B\HZbCDaqwtPi2zal.exe N/A
N/A N/A C:\Users\Admin\Downloads\hashcalc\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-6AMEF.tmp\is-P0EBJ.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-6AMEF.tmp\is-P0EBJ.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-6AMEF.tmp\is-P0EBJ.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-6AMEF.tmp\is-P0EBJ.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-6AMEF.tmp\is-P0EBJ.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-6AMEF.tmp\is-P0EBJ.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-6AMEF.tmp\is-P0EBJ.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-6AMEF.tmp\is-P0EBJ.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-6AMEF.tmp\is-P0EBJ.tmp N/A
N/A N/A C:\Users\Admin\Downloads\AccessData_FTK_Imager_4.7.1.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\MSIEXEC.EXE N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A

Reads WinSCP keys stored on the system

spyware stealer

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\7zOC121D73B\HZbCDaqwtPi2zal.exe N/A
Key queried \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\7zOC121D73B\HZbCDaqwtPi2zal.exe N/A
Key enumerated \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\7zOC121D73B\HZbCDaqwtPi2zal.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\Proforma fatura pdf\Proforma fatura pdf\HZbCDaqwtPi2zal_Original.exe N/A
Key queried \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\Proforma fatura pdf\Proforma fatura pdf\HZbCDaqwtPi2zal_Original.exe N/A
Key enumerated \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\Proforma fatura pdf\Proforma fatura pdf\HZbCDaqwtPi2zal_Original.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\P: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\W: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\N: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\R: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\S: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\T: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\U: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\Y: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\L: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\Q: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\J: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\X: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\Z: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\I: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\K: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\V: C:\Windows\system32\MSIEXEC.EXE N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\perfc009.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfh00A.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfh00C.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfc011.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File opened for modification C:\Windows\SysWOW64\PerfStringBackup.INI C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfc00A.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfc00C.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfh010.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfh011.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfc007.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfh009.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfh007.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\system32\perfc010.dat C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File created C:\Windows\SysWOW64\PerfStringBackup.TMP C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Google\Chrome\Application\debug.log C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files\AccessData\FTK Imager\LMS-FS.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\msvcr80.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\ADIso.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\msvcr100.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\api-ms-win-core-sysinfo-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\adshattrdefs.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\langs\esp_adencrypt.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\msvcp90.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\api-ms-win-core-namedpipe-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\HashCalc\is-TU4NG.tmp C:\Users\Admin\AppData\Local\Temp\is-6AMEF.tmp\is-P0EBJ.tmp N/A
File created C:\Program Files (x86)\HashCalc\is-DHVUD.tmp C:\Users\Admin\AppData\Local\Temp\is-6AMEF.tmp\is-P0EBJ.tmp N/A
File created C:\Program Files\AccessData\FTK Imager\rpcrt4.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\adfs_globals.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\api-ms-win-crt-math-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\HashCalc\is-TBDD7.tmp C:\Users\Admin\AppData\Local\Temp\is-6AMEF.tmp\is-P0EBJ.tmp N/A
File created C:\Program Files\AccessData\FTK Imager\ADIsoDLL.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\langs\trk_FTKI.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\api-ms-win-crt-string-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\IsoBuster.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\langs\jpn_FTKI.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\langs\ptb_FTKI.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\api-ms-win-crt-convert-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\api-ms-win-crt-heap-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\api-ms-win-crt-time-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\adencrypt.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\langs\chs_adshattrdefs.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\msvcp80.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\langs\nld_FTKI.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\ProfUISad64.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\vcruntime140_1.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\api-ms-win-core-handle-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\api-ms-win-core-util-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\LGPL\libbfio\readme_lgpl.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\api-ms-win-core-file-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\api-ms-win-core-interlocked-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\HxD\is-QSIUS.tmp C:\Users\Admin\AppData\Local\Temp\is-6TGJU.tmp\HxDSetup.tmp N/A
File created C:\Program Files\AccessData\FTK Imager\cbfsconnect20.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\langs\fra_adencrypt.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\langs\ita_adencrypt.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\api-ms-win-core-errorhandling-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\debug.log C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files (x86)\HashCalc\is-3NICC.tmp C:\Users\Admin\AppData\Local\Temp\is-6AMEF.tmp\is-P0EBJ.tmp N/A
File created C:\Program Files\AccessData\FTK Imager\langs\ptb_adencrypt.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\HxD\HxD.exe C:\Users\Admin\AppData\Local\Temp\is-6TGJU.tmp\HxDSetup.tmp N/A
File created C:\Program Files\AccessData\FTK Imager\api-ms-win-core-profile-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\ucrtbase.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\HxD\is-G4K1P.tmp C:\Users\Admin\AppData\Local\Temp\is-6TGJU.tmp\HxDSetup.tmp N/A
File created C:\Program Files (x86)\HashCalc\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-6AMEF.tmp\is-P0EBJ.tmp N/A
File created C:\Program Files\AccessData\FTK Imager\ad_globals.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\boost_thread-vc140-mt-1_59.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\icudt57.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\api-ms-win-crt-utility-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\adencrypt_gui.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\langs\chs_FTKI.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\msvcp140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\langs\nld_adencrypt.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\boost_chrono-vc140-mt-1_59.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\libeay32.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\api-ms-win-core-datetime-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\api-ms-win-core-file-l1-2-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\api-ms-win-crt-filesystem-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\langs\fra_adshattrdefs.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\AccessData\FTK Imager\langs\kor_FTKI.dll C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
File opened for modification C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\Installer\MSI5A31.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{9D79A83A-8F84-4B3C-BADB-2EE8A22F5194}\ARPPRODUCTICON.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev1 C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\f89590a.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\Installer\{9D79A83A-8F84-4B3C-BADB-2EE8A22F5194}\StartMenu_E89932EF1F4845B58F97B52030E88CEA.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\inf\Outlook\outlperf.h C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File opened for modification C:\Windows\inf\Outlook\outlperf.h C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File opened for modification C:\Windows\INF\setupapi.ev3 C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\f895909.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{9D79A83A-8F84-4B3C-BADB-2EE8A22F5194}\ARPPRODUCTICON.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{9D79A83A-8F84-4B3C-BADB-2EE8A22F5194}\NewShortcut4_B0DE7DF0970D443C9CCEB94A9DA01A19.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{9D79A83A-8F84-4B3C-BADB-2EE8A22F5194}\StartMenu_E89932EF1F4845B58F97B52030E88CEA.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f89590c.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\inf\Outlook\0009\outlperf.ini C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\{9D79A83A-8F84-4B3C-BADB-2EE8A22F5194}\NewShortcut4_B0DE7DF0970D443C9CCEB94A9DA01A19.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\Installer\f895909.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f89590a.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Enumerates physical storage devices

Office loads VBA resources, possible macro or embedded object present

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer Phishing Filter

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PhishingFilter C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 809cf1c15166da01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TypedURLs\url3 = "https://login.aliexpress.com/" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TypedURLs\url4 = "https://signin.ebay.com/ws/ebayisapi.dll" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c00000002000000030000000083ffff0083ffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url2 = 0000000000000000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url3 = 0000000000000000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url5 = 0000000000000000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\COMMAND C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CNum_CpCache = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "414852128" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e00000000020000000000106600000001000020000000ea6901cfc78d8d02b13a0b332d1dc9cab495eab3982fe30b66ce70090f6a0f6f000000000e80000000020000200000009fd78fa5c29549d95b3fc4233c60531fa3c16227748ecfb64f044171ffb4e30a40030000819de4dc6553422a858f6f5d66eeca9500cd53f546d07829d6cea6504b5d64bd17e97e8d2c22f75179cab927a3979b5e976455a4698cd0da98c8799d99f2e17b4a38a8b256e9d4f42c44de087696777a9f34e177d4c2e5f83a617bcd5b97cb8dd2c5c47b816de57cef3df1d1cbf081afc0fbbc65dce1c2fcf2311eb37a6a2e15a9a6d550dd9b816ad6bf5ee2bbaf29c28515e19fc4926a368c5966cfcd89a5127b908e1d53523ecc0d6e41c6cde09f1afe8fffd02df88c67a2f759297682e63ae1439fd13d3cce4c7fd9d1478741cb71f745db90c288a128ab721eb0668e70fd4c0a0b16b74bab68514f12147c4e1146065db7e9f7c5fabc5b4b01650b9e93634a88a2381728fcfa184c4219298a98863c6ffbbb6b2c0b5e6f2253d36486b2538b2711fe8a3e9b868261a5d1a7c37228558049280436cbf5c746cb79b01d4c6fc24a08cdb267bf61f70c967d55c4441e9f45feca098ca84d2289f5ebbc650bcc03190779163e325ec72e07b9d95082eed6e39c78bc86cf3375c23b5305dc61595de20761120fb130db86a86918dff9b4b7a595c3a4c999f56a58b6134653d7c28b422eb4c19c3294bd963d399ebf8cc46e28e6596eb6bc1a3da3a590e798a1a59b08af06d3322764d7f107932fa363952d2cca51bc537d858a285d5cfdaca8c40de5fa020a3f84b405242387defc55c6ed6dc67a80a70b2915a28258bb29145852a18a46d27ca605e7dbd656895a7978e44f20a411ff3bc0bc275edff17e8d5bc4013d1bf44b465a9682c6cd72a8927635f96e285d09e03150350c2f65e2f315bfd40e6cef4d13398033db2789bad5bff5449d8ca2578a00860d877235f8c4fdeb81bbb0293f9416fea63ad9aeae25a245233802bc1566628f2830d7de4ac12e5b3d31ff4f162946e0257b97389bd9e1a31644996ca5480cf7b1f82473257557e07bb59779730e85cc8f40e7fd4e357d681ef05ef27ace847fb907f4b6625c8b0ef4754e8bbe8aea8918fb09a1c8009e62a9c3a89b655079575f888b48112727fff5ac0c94bfa45cbe6655df20b2384c870a12616651bcd989f5329e071b3e184f0b139744d69ebd65ba24c160580984c0145694fd751cc93c1e4e389dfa60d2289b428ea73cd2fb17629913b34725911284a18e0b950fb1b65eeafe30ce0a7640000000c97d68c1e54a075ee0b4caeca6608a1c1d75a24441ed932340d71182f6a453d4695ea70e024c7dc69fa37af3ee14aad3925676cdf04f66f7773aba0d31280f49 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\ = "&Edit" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\DownloadWindowPlacement = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TypedURLs C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\ = "&Edit" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e0000000002000000000010660000000100002000000055206ad809547b8de131939f37dd34cbda0dfe9f465a41a2c4b1dd700983199c000000000e8000000002000020000000edef8762b1e080a09061b94efc42250785fe907288cba6dbde1baf281f21e5e020000000d2231ef9b964ab1628598179e785aa306349c5d2507a5f437c6ab0f6025814c14000000023ba4ff807297677c0828ea06447aa17dec284ca091e507b93e655333e85a9c40f1d74d405c99388d03b0758e3652e23d5f252af22ff8c7c3e6aee78c6935176 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\COMMAND C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\"" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpCache = e9fd0000 C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\14\ = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff C:\Program Files\HxD\HxD.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\DefaultIcon\ = "\"%1\"" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A38A97D948F8C3B4ABBDE28E2AF21549\SourceList\Media\1 = "DISK1;1" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\8 C:\Program Files\HxD\HxD.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 6c003100000000005758f662100050524f464f527e310000540008000400efbe5758f6625758f6622a0000007adc0100000004000000000000000000000000000000500072006f0066006f0072006d00610020006600610074007500720061002000700064006600000018000000 C:\Program Files\HxD\HxD.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0c00000050000000a66a63283d95d211b5d600c04fd918d00b0000007800000030f125b7ef471a10a5f102608c9eebac0e00000078000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Program Files\HxD\HxD.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Program Files\HxD\HxD.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\SniffedFolderType = "Generic" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\ShellEx C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Generic" C:\Program Files\HxD\HxD.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\HxD\HxD.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000 C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Program Files\HxD\HxD.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\HxD\HxD.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000 C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\DefaultIcon C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell C:\Program Files\HxD\HxD.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" /p %1" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.adcf C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\HxD\HxD.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Program Files\HxD\HxD.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Program Files\HxD\HxD.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000 C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\command C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings C:\Program Files\HxD\HxD.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\application\ = "Excel" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\ = "&Open" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ = "&Open" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A38A97D948F8C3B4ABBDE28E2AF21549\PackageCode = "946F3CE78671D7449974A38ECD764B1A" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\application\ = "Excel" C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A38A97D948F8C3B4ABBDE28E2AF21549\SourceList\PackageName = "AccessData_FTK_Imager_(x64).msi" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zOC121D73B\HZbCDaqwtPi2zal.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\MSIEXEC.EXE N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
N/A N/A C:\Windows\SYSTEM32\WISPTIS.EXE N/A
N/A N/A C:\Windows\system32\SnippingTool.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\HashCalc\HashCalc.exe N/A
N/A N/A C:\Program Files (x86)\HashCalc\HashCalc.exe N/A
N/A N/A C:\Program Files (x86)\HashCalc\HashCalc.exe N/A
N/A N/A C:\Program Files (x86)\HashCalc\HashCalc.exe N/A
N/A N/A C:\Program Files (x86)\HashCalc\HashCalc.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A
N/A N/A C:\Program Files\AccessData\FTK Imager\FTK Imager.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 832 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe
PID 832 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe
PID 832 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe
PID 832 wrote to memory of 1260 N/A C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe
PID 1260 wrote to memory of 1892 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1260 wrote to memory of 1892 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1260 wrote to memory of 1892 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1260 wrote to memory of 1892 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1032 wrote to memory of 2340 N/A C:\Windows\system32\SnippingTool.exe C:\Windows\SYSTEM32\WISPTIS.EXE
PID 1032 wrote to memory of 2340 N/A C:\Windows\system32\SnippingTool.exe C:\Windows\SYSTEM32\WISPTIS.EXE
PID 1032 wrote to memory of 2340 N/A C:\Windows\system32\SnippingTool.exe C:\Windows\SYSTEM32\WISPTIS.EXE
PID 2120 wrote to memory of 2204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 2204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 2204 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 2852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 2852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 2852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 2852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 2852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 2852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 2852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2120 wrote to memory of 2852 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

outlook_win_path

Description Indicator Process Target
Key queried \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\Proforma fatura pdf\Proforma fatura pdf\HZbCDaqwtPi2zal_Original.exe N/A

Processes

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\Admin\AppData\Local\Temp\Proforma fatura.msg"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://ddei5-0-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fwww.mediafire.com%2ffile%2fn3pynq1ahyj3sp5%2fProforma%2bfatura%2bpdf.tgz%2ffile&umid=FF77B1C9-11F2-F806-B0B2-939DC61042D6&auth=63cded8e322153b72c43efd522ce71164e75829b-43e5315b7c99def4ba82db1e7773f265cbe0e71c

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1260 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Desktop\Analysis.docx"

C:\Windows\system32\SnippingTool.exe

"C:\Windows\system32\SnippingTool.exe"

C:\Windows\SYSTEM32\WISPTIS.EXE

"C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch;

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef49d9758,0x7fef49d9768,0x7fef49d9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1136,i,11821597207765704712,1650606304139956898,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1136,i,11821597207765704712,1650606304139956898,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1136,i,11821597207765704712,1650606304139956898,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2280 --field-trial-handle=1136,i,11821597207765704712,1650606304139956898,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2288 --field-trial-handle=1136,i,11821597207765704712,1650606304139956898,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3248 --field-trial-handle=1136,i,11821597207765704712,1650606304139956898,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3256 --field-trial-handle=1136,i,11821597207765704712,1650606304139956898,131072 /prefetch:1

C:\Windows\splwow64.exe

C:\Windows\splwow64.exe 12288

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{53362C32-A296-4F2D-A2F8-FD984D08340B}

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Proforma fatura pdf.tgz"

C:\Users\Admin\AppData\Local\Temp\7zOC121D73B\HZbCDaqwtPi2zal.exe

"C:\Users\Admin\AppData\Local\Temp\7zOC121D73B\HZbCDaqwtPi2zal.exe"

C:\Users\Admin\AppData\Local\Temp\7zOC121D73B\HZbCDaqwtPi2zal.exe

"C:\Users\Admin\AppData\Local\Temp\7zOC121D73B\HZbCDaqwtPi2zal.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef49d9758,0x7fef49d9768,0x7fef49d9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1992 --field-trial-handle=1364,i,4699729042844643983,14547424473846735070,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1976 --field-trial-handle=1364,i,4699729042844643983,14547424473846735070,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1488 --field-trial-handle=1364,i,4699729042844643983,14547424473846735070,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1404 --field-trial-handle=1364,i,4699729042844643983,14547424473846735070,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1364,i,4699729042844643983,14547424473846735070,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2284 --field-trial-handle=1364,i,4699729042844643983,14547424473846735070,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef49d9758,0x7fef49d9768,0x7fef49d9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1488 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1556 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=2268 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1812 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --mojo-platform-channel-handle=1316 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3696 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --mojo-platform-channel-handle=3804 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --mojo-platform-channel-handle=2748 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1772 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=2460 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=3752 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=2340 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=3448 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=2864 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=2376 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2752 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=2284 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2756 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=2724 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=3480 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=3972 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=1916 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=3776 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=4024 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4140 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --mojo-platform-channel-handle=1320 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --mojo-platform-channel-handle=4320 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --mojo-platform-channel-handle=4228 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --mojo-platform-channel-handle=4400 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --mojo-platform-channel-handle=4296 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --mojo-platform-channel-handle=4424 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --mojo-platform-channel-handle=4408 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --mojo-platform-channel-handle=5636 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --mojo-platform-channel-handle=5608 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --mojo-platform-channel-handle=5492 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --mojo-platform-channel-handle=5380 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --mojo-platform-channel-handle=5860 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --mojo-platform-channel-handle=5972 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --mojo-platform-channel-handle=6796 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --mojo-platform-channel-handle=6684 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --mojo-platform-channel-handle=4164 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --mojo-platform-channel-handle=6816 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --mojo-platform-channel-handle=5360 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --mojo-platform-channel-handle=6732 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --mojo-platform-channel-handle=4576 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --mojo-platform-channel-handle=7796 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --mojo-platform-channel-handle=5424 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --mojo-platform-channel-handle=7660 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --mojo-platform-channel-handle=5756 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --mojo-platform-channel-handle=5796 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --mojo-platform-channel-handle=5812 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --mojo-platform-channel-handle=4448 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --mojo-platform-channel-handle=4472 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --mojo-platform-channel-handle=4344 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --mojo-platform-channel-handle=6980 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --mojo-platform-channel-handle=6912 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --mojo-platform-channel-handle=6932 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --mojo-platform-channel-handle=6992 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --mojo-platform-channel-handle=5848 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --mojo-platform-channel-handle=5508 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --mojo-platform-channel-handle=7928 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --mojo-platform-channel-handle=8584 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --mojo-platform-channel-handle=8468 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --mojo-platform-channel-handle=8300 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --mojo-platform-channel-handle=6420 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=74 --mojo-platform-channel-handle=9612 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --mojo-platform-channel-handle=9476 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --mojo-platform-channel-handle=9448 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --mojo-platform-channel-handle=9432 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --mojo-platform-channel-handle=9136 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=82 --mojo-platform-channel-handle=11040 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=81 --mojo-platform-channel-handle=10764 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=80 --mojo-platform-channel-handle=9364 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=79 --mojo-platform-channel-handle=9376 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --mojo-platform-channel-handle=10020 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --mojo-platform-channel-handle=10448 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --mojo-platform-channel-handle=10604 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=75 --mojo-platform-channel-handle=10388 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=83 --mojo-platform-channel-handle=11160 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=84 --mojo-platform-channel-handle=8956 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=85 --mojo-platform-channel-handle=8996 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --mojo-platform-channel-handle=9120 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=87 --mojo-platform-channel-handle=2756 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=88 --mojo-platform-channel-handle=4664 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=89 --mojo-platform-channel-handle=6800 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8092 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=97 --mojo-platform-channel-handle=4524 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=96 --mojo-platform-channel-handle=7240 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=95 --mojo-platform-channel-handle=8880 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=94 --mojo-platform-channel-handle=6476 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=93 --mojo-platform-channel-handle=4604 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=92 --mojo-platform-channel-handle=12484 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=91 --mojo-platform-channel-handle=7812 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6212 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=101 --mojo-platform-channel-handle=10768 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=100 --mojo-platform-channel-handle=11092 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=99 --mojo-platform-channel-handle=6236 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=102 --mojo-platform-channel-handle=5500 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8740 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4e8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\hashcalc\" -spe -an -ai#7zMap2464:78:7zEvent2865

C:\Users\Admin\Downloads\hashcalc\setup.exe

"C:\Users\Admin\Downloads\hashcalc\setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-6AMEF.tmp\is-P0EBJ.tmp

"C:\Users\Admin\AppData\Local\Temp\is-6AMEF.tmp\is-P0EBJ.tmp" /SL4 $B0294 "C:\Users\Admin\Downloads\hashcalc\setup.exe" 256685 52224

C:\Program Files (x86)\HashCalc\HashCalc.exe

"C:\Program Files (x86)\HashCalc\HashCalc.exe" /install

C:\Windows\SysWOW64\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\HashCalc\README.TXT

C:\Program Files (x86)\HashCalc\HashCalc.exe

"C:\Program Files (x86)\HashCalc\HashCalc.exe"

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Proforma fatura pdf\" -spe -an -ai#7zMap31109:100:7zEvent22395

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=104 --mojo-platform-channel-handle=904 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Proforma fatura pdf\Proforma fatura pdf\" -spe -an -ai#7zMap4545:140:7zEvent7157

C:\Program Files (x86)\HashCalc\HashCalc.exe

"C:\Program Files (x86)\HashCalc\HashCalc.exe"

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Desktop\Analysis.docx"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8168 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=107 --mojo-platform-channel-handle=6956 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=108 --mojo-platform-channel-handle=7384 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=109 --mojo-platform-channel-handle=1040 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=110 --mojo-platform-channel-handle=7540 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=111 --mojo-platform-channel-handle=7352 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=112 --mojo-platform-channel-handle=6156 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=113 --mojo-platform-channel-handle=10232 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=115 --mojo-platform-channel-handle=7404 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=116 --mojo-platform-channel-handle=8940 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8924 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8972 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=119 --mojo-platform-channel-handle=9944 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8912 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4376 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7352 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=123 --mojo-platform-channel-handle=2780 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=124 --mojo-platform-channel-handle=4080 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=125 --mojo-platform-channel-handle=4052 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=126 --mojo-platform-channel-handle=3760 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=127 --mojo-platform-channel-handle=4080 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=128 --mojo-platform-channel-handle=1960 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=129 --mojo-platform-channel-handle=5840 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=130 --mojo-platform-channel-handle=3772 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=131 --mojo-platform-channel-handle=6060 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=132 --mojo-platform-channel-handle=9596 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=133 --mojo-platform-channel-handle=6308 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=134 --mojo-platform-channel-handle=4184 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=135 --mojo-platform-channel-handle=6100 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=136 --mojo-platform-channel-handle=1028 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=137 --mojo-platform-channel-handle=4120 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=138 --mojo-platform-channel-handle=5684 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=139 --mojo-platform-channel-handle=7332 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=140 --mojo-platform-channel-handle=3900 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=141 --mojo-platform-channel-handle=4544 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=142 --mojo-platform-channel-handle=7072 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=143 --mojo-platform-channel-handle=2060 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=144 --mojo-platform-channel-handle=9688 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=145 --mojo-platform-channel-handle=1964 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=146 --mojo-platform-channel-handle=3916 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=147 --mojo-platform-channel-handle=3452 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=148 --mojo-platform-channel-handle=6288 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=149 --mojo-platform-channel-handle=1084 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=150 --mojo-platform-channel-handle=7544 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=151 --mojo-platform-channel-handle=2800 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=152 --mojo-platform-channel-handle=4056 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=153 --mojo-platform-channel-handle=4072 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=154 --mojo-platform-channel-handle=9668 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=155 --mojo-platform-channel-handle=3840 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=156 --mojo-platform-channel-handle=9656 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=157 --mojo-platform-channel-handle=3740 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2416 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9276 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2780 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4080 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4120 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=163 --mojo-platform-channel-handle=8916 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9964 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Users\Admin\Downloads\AccessData_FTK_Imager_4.7.1.exe

"C:\Users\Admin\Downloads\AccessData_FTK_Imager_4.7.1.exe"

C:\Users\Admin\AppData\Local\Temp\{9C0A51E6-77B4-45BA-9D2E-4D98C451F709}\AccessData_FTK_Imager_4.7.1.exe

C:\Users\Admin\AppData\Local\Temp\{9C0A51E6-77B4-45BA-9D2E-4D98C451F709}\AccessData_FTK_Imager_4.7.1.exe /q"C:\Users\Admin\Downloads\AccessData_FTK_Imager_4.7.1.exe" /tempdisk1folder"C:\Users\Admin\AppData\Local\Temp\{9C0A51E6-77B4-45BA-9D2E-4D98C451F709}" /IS_temp

C:\Windows\system32\MSIEXEC.EXE

"C:\Windows\system32\MSIEXEC.EXE" /i "C:\Users\Admin\AppData\Local\Temp\{9C0A51E6-77B4-45BA-9D2E-4D98C451F709}\AccessData_FTK_Imager_(x64).msi" SETUPEXEDIR="C:\Users\Admin\Downloads" SETUPEXENAME="AccessData_FTK_Imager_4.7.1.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding DC4DC103DFA8DC322E99A7CFF8C02624 C

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\DrvInst.exe

DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000002A0" "0000000000000588"

C:\Program Files\AccessData\FTK Imager\FTK Imager.exe

"C:\Program Files\AccessData\FTK Imager\FTK Imager.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c rmdir /s /q "C:\Users\Admin\AppData\Local\Temp\{9C0A51E6-77B4-45BA-9D2E-4D98C451F709}"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=165 --mojo-platform-channel-handle=4068 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=166 --mojo-platform-channel-handle=6060 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=167 --mojo-platform-channel-handle=9636 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=168 --mojo-platform-channel-handle=10220 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=169 --mojo-platform-channel-handle=9904 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Temp1_HxDSetup.zip\HxDSetup.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_HxDSetup.zip\HxDSetup.exe"

C:\Users\Admin\AppData\Local\Temp\is-6TGJU.tmp\HxDSetup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-6TGJU.tmp\HxDSetup.tmp" /SL5="$60302,2973524,121344,C:\Users\Admin\AppData\Local\Temp\Temp1_HxDSetup.zip\HxDSetup.exe"

C:\Windows\SysWOW64\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\HxD\readme.txt

C:\Program Files\HxD\HxD.exe

"C:\Program Files\HxD\HxD.exe"

C:\Program Files\HxD\HxD.exe

"C:\Program Files\HxD\HxD.exe" /chooselang

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9676 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8944 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Desktop\Analysis.docx"

C:\Windows\system32\SnippingTool.exe

"C:\Windows\system32\SnippingTool.exe"

C:\Windows\SYSTEM32\WISPTIS.EXE

"C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch;

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8920 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6924 --field-trial-handle=1368,i,8231376250959084178,12134872466535860208,131072 /prefetch:8

C:\Users\Admin\Downloads\Proforma fatura pdf\Proforma fatura pdf\HZbCDaqwtPi2zal_Original.exe

"C:\Users\Admin\Downloads\Proforma fatura pdf\Proforma fatura pdf\HZbCDaqwtPi2zal_Original.exe"

C:\Program Files\HxD\HxD.exe

"C:\Program Files\HxD\HxD.exe"

C:\Users\Admin\Downloads\Proforma fatura pdf\Proforma fatura pdf\HZbCDaqwtPi2zal_Original.exe

"C:\Users\Admin\Downloads\Proforma fatura pdf\Proforma fatura pdf\HZbCDaqwtPi2zal_Original.exe"

C:\Windows\system32\SnippingTool.exe

"C:\Windows\system32\SnippingTool.exe"

C:\Windows\SYSTEM32\WISPTIS.EXE

"C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch;

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Desktop\Analysis.docx"

C:\Windows\splwow64.exe

C:\Windows\splwow64.exe 12288

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef49d9758,0x7fef49d9768,0x7fef49d9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 --field-trial-handle=1308,i,16232996871819608738,5953763019789318388,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1308,i,16232996871819608738,5953763019789318388,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1308,i,16232996871819608738,5953763019789318388,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2264 --field-trial-handle=1308,i,16232996871819608738,5953763019789318388,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2272 --field-trial-handle=1308,i,16232996871819608738,5953763019789318388,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3264 --field-trial-handle=1308,i,16232996871819608738,5953763019789318388,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2256 --field-trial-handle=1308,i,16232996871819608738,5953763019789318388,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3524 --field-trial-handle=1308,i,16232996871819608738,5953763019789318388,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2860 --field-trial-handle=1308,i,16232996871819608738,5953763019789318388,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3764 --field-trial-handle=1308,i,16232996871819608738,5953763019789318388,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3960 --field-trial-handle=1308,i,16232996871819608738,5953763019789318388,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4176 --field-trial-handle=1308,i,16232996871819608738,5953763019789318388,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4384 --field-trial-handle=1308,i,16232996871819608738,5953763019789318388,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=1308,i,16232996871819608738,5953763019789318388,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 config.messenger.msn.com udp
US 64.4.26.155:80 config.messenger.msn.com tcp
US 8.8.8.8:53 ddei5-0-ctp.trendmicro.com udp
US 44.237.38.223:443 ddei5-0-ctp.trendmicro.com tcp
US 44.237.38.223:443 ddei5-0-ctp.trendmicro.com tcp
US 44.237.38.223:443 ddei5-0-ctp.trendmicro.com tcp
US 8.8.8.8:53 api.bing.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 44.237.38.223:443 ddei5-0-ctp.trendmicro.com tcp
US 44.237.38.223:443 ddei5-0-ctp.trendmicro.com tcp
US 44.237.38.223:443 ddei5-0-ctp.trendmicro.com tcp
US 44.237.38.223:443 ddei5-0-ctp.trendmicro.com tcp
US 44.237.38.223:443 ddei5-0-ctp.trendmicro.com tcp
US 44.237.38.223:443 ddei5-0-ctp.trendmicro.com tcp
US 44.237.38.223:443 ddei5-0-ctp.trendmicro.com tcp
US 44.237.38.223:443 ddei5-0-ctp.trendmicro.com tcp
US 8.8.8.8:53 api.bing.com udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.114.74:443 www.mediafire.com tcp
US 104.16.114.74:443 www.mediafire.com tcp
US 8.8.8.8:53 download2295.mediafire.com udp
US 199.91.155.36:443 download2295.mediafire.com tcp
US 199.91.155.36:443 download2295.mediafire.com tcp
US 8.8.8.8:53 ddei5-0-ctp.trendmicro.com udp
US 44.237.38.223:443 ddei5-0-ctp.trendmicro.com tcp
US 44.237.38.223:443 ddei5-0-ctp.trendmicro.com tcp
US 44.237.38.223:443 ddei5-0-ctp.trendmicro.com tcp
US 44.237.38.223:443 ddei5-0-ctp.trendmicro.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.16.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 virustotal.com udp
US 216.239.36.21:443 virustotal.com tcp
US 216.239.36.21:443 virustotal.com tcp
US 216.239.36.21:80 virustotal.com tcp
US 216.239.36.21:80 virustotal.com tcp
US 216.239.36.21:443 virustotal.com tcp
GB 216.58.213.3:80 www.gstatic.com tcp
US 216.239.36.21:443 virustotal.com tcp
US 216.239.36.21:443 virustotal.com tcp
US 216.239.36.21:443 virustotal.com tcp
US 216.239.36.21:443 virustotal.com tcp
US 8.8.8.8:53 www.virustotal.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
GB 142.250.187.195:443 www.recaptcha.net tcp
US 8.8.8.8:53 recaptcha.net udp
GB 142.250.200.3:443 recaptcha.net tcp
GB 142.250.200.3:443 recaptcha.net tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
GB 142.250.200.3:443 recaptcha.net udp
GB 172.217.16.234:443 content-autofill.googleapis.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.213.14:443 apis.google.com tcp
US 8.8.8.8:53 hashcalc.en.softonic.com udp
US 35.227.233.104:443 hashcalc.en.softonic.com tcp
US 35.227.233.104:443 hashcalc.en.softonic.com tcp
US 8.8.8.8:53 sc.sftcdn.net udp
US 8.8.8.8:53 images.sftcdn.net udp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
GB 104.84.84.34:443 images.sftcdn.net tcp
GB 104.84.84.34:443 images.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 8.8.8.8:53 softonic.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 35.227.233.104:443 softonic.com tcp
US 35.227.233.104:443 softonic.com tcp
IT 99.86.159.15:443 sdk.privacy-center.org tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 172.217.169.66:443 securepubads.g.doubleclick.net tcp
US 204.79.197.200:443 bat.bing.com tcp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
FR 13.249.10.203:443 c.amazon-adsystem.com tcp
US 151.101.1.91:443 sc.sftcdn.net udp
IT 99.86.159.15:443 sdk.privacy-center.org tcp
US 35.227.233.104:443 softonic.com tcp
GB 172.217.169.66:443 securepubads.g.doubleclick.net tcp
US 204.79.197.200:443 bat.bing.com tcp
GB 172.217.16.238:443 www.adsensecustomsearchads.com tcp
US 8.8.8.8:53 partner.googleadservices.com udp
GB 142.250.178.2:443 partner.googleadservices.com tcp
GB 172.217.169.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
US 8.8.8.8:53 btloader.com udp
IT 108.138.190.144:443 www.datadoghq-browser-agent.com tcp
US 104.22.75.216:443 btloader.com tcp
US 35.227.233.104:443 softonic.com udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 storage.googleapis.com udp
GB 142.250.178.27:443 storage.googleapis.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
BE 142.251.173.156:443 stats.g.doubleclick.net tcp
IT 99.86.159.15:443 sdk.privacy-center.org udp
FR 13.249.10.203:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
IT 108.139.243.64:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 104.22.52.86:443 cdn.id5-sync.com tcp
US 8.8.8.8:53 notix.io udp
NL 139.45.240.92:443 notix.io tcp
US 8.8.8.8:53 api.privacy-center.org udp
GB 172.217.16.238:443 www.adsensecustomsearchads.com tcp
IT 13.226.175.20:443 api.privacy-center.org tcp
US 216.239.32.36:443 region1.analytics.google.com udp
IT 13.226.175.20:443 api.privacy-center.org tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 shb.richaudience.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 104.22.52.86:443 cdn.id5-sync.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 brightcombid.marphezis.com udp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 09208f35b945bb00983fac1a242e53c3.safeframe.googlesyndication.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 34.120.63.153:443 prebid.media.net tcp
IE 54.194.115.74:443 ap.lijit.com tcp
NL 185.89.210.180:443 ib.adnxs.com tcp
DE 157.90.0.38:443 shb.richaudience.com tcp
DE 157.90.0.38:443 shb.richaudience.com tcp
DE 157.90.0.38:443 shb.richaudience.com tcp
IT 108.157.179.185:443 aax.amazon-adsystem.com tcp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
GB 104.84.84.34:443 images.sftcdn.net tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
GB 216.58.204.65:443 09208f35b945bb00983fac1a242e53c3.safeframe.googlesyndication.com tcp
IE 54.73.193.1:443 ad.360yield.com tcp
US 8.8.8.8:53 ampcid.google.com udp
GB 216.58.204.78:443 ampcid.google.com tcp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.205:80 apps.identrust.com tcp
GB 96.17.179.184:80 apps.identrust.com tcp
IT 13.226.175.20:443 api.privacy-center.org udp
BE 142.251.173.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
GB 216.58.212.193:443 tpc.googlesyndication.com udp
GB 216.58.204.65:443 09208f35b945bb00983fac1a242e53c3.safeframe.googlesyndication.com udp
GB 172.217.169.66:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 en.softonic.com udp
US 35.227.233.104:443 en.softonic.com tcp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 rtb.gumgum.com udp
IE 54.194.152.196:443 rtb.gumgum.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 dis.eu.criteo.com udp
NL 178.250.1.9:443 dis.eu.criteo.com tcp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 sync.richaudience.com udp
US 172.64.149.180:443 js-sec.indexww.com tcp
GB 96.16.109.9:443 ads.pubmatic.com tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
GB 2.17.4.21:443 contextual.media.net tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
US 8.8.8.8:53 acdn.adnxs.com udp
GB 2.17.4.21:443 contextual.media.net tcp
US 172.64.149.180:443 js-sec.indexww.com tcp
GB 96.16.109.9:443 ads.pubmatic.com tcp
US 151.101.1.108:443 acdn.adnxs.com tcp
DE 157.90.211.246:443 sync.richaudience.com tcp
DE 157.90.211.246:443 sync.richaudience.com tcp
US 8.8.8.8:53 ce.lijit.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
IE 34.254.42.124:443 ce.lijit.com tcp
US 8.8.8.8:53 onetag-sys.com udp
US 172.64.151.101:443 ssum-sec.casalemedia.com tcp
DE 51.75.86.98:443 onetag-sys.com tcp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 67.202.105.24:443 ssc-cms.33across.com tcp
NL 89.149.192.76:443 ssbsync.smartadserver.com tcp
IE 34.254.42.124:443 ce.lijit.com tcp
BE 142.251.173.156:443 stats.g.doubleclick.net udp
US 172.64.151.101:443 ssum-sec.casalemedia.com udp
DE 51.75.86.98:443 onetag-sys.com tcp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 csync.loopme.me udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 jadserve.postrelease.com udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 hbx.media.net udp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 c21lg-d.media.net udp
US 8.8.8.8:53 medianet-match.dotomi.com udp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
IT 13.226.175.26:443 api-2-0.spot.im tcp
US 52.72.28.150:443 sync.srv.stackadapt.com tcp
IE 34.248.80.148:443 jadserve.postrelease.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
IE 34.251.175.98:443 match.prod.bidr.io tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
GB 185.64.190.79:443 image8.pubmatic.com tcp
NL 35.214.145.58:443 csync.loopme.me tcp
US 3.218.186.210:443 cs-server-s2s.yellowblue.io tcp
US 52.223.40.198:443 match.adsrvr.org tcp
IE 34.251.175.98:443 match.prod.bidr.io tcp
NL 35.214.145.58:443 csync.loopme.me tcp
GB 185.64.190.79:443 image8.pubmatic.com tcp
US 52.72.28.150:443 sync.srv.stackadapt.com tcp
IE 34.248.80.148:443 jadserve.postrelease.com tcp
US 3.218.186.210:443 cs-server-s2s.yellowblue.io tcp
NL 178.250.1.9:443 dis.criteo.com tcp
IT 13.226.175.26:443 api-2-0.spot.im tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
GB 23.44.232.24:443 c21lg-d.media.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
GB 23.44.232.24:443 c21lg-d.media.net tcp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
US 35.244.159.8:443 us-u.openx.net tcp
NL 64.158.223.140:443 medianet-match.dotomi.com tcp
GB 23.44.232.24:443 c21lg-d.media.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
GB 23.44.232.24:443 c21lg-d.media.net tcp
NL 64.158.223.140:443 medianet-match.dotomi.com tcp
US 35.244.159.8:443 us-u.openx.net tcp
US 52.223.40.198:443 match.adsrvr.org tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 t.adx.opera.com udp
US 8.8.8.8:53 pixel-us-east.rubiconproject.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
IE 67.220.228.203:443 aax-eu.amazon-adsystem.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
DE 18.198.96.60:443 rtb.mfadsrvr.com tcp
US 8.43.72.97:443 pixel-us-east.rubiconproject.com tcp
NL 213.19.162.90:443 pixel-eu.rubiconproject.com tcp
DE 18.198.96.60:443 rtb.mfadsrvr.com tcp
IE 67.220.228.203:443 aax-eu.amazon-adsystem.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 8.43.72.97:443 pixel-us-east.rubiconproject.com tcp
NL 213.19.162.90:443 pixel-eu.rubiconproject.com tcp
US 35.244.159.8:443 us-u.openx.net tcp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 cs.krushmedia.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 cms.quantserve.com udp
US 8.8.8.8:53 image6.pubmatic.com udp
NL 185.184.8.90:443 creativecdn.com tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 casale-match.dotomi.com udp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 p.rfihub.com udp
US 8.8.8.8:53 c1.adform.net udp
US 8.8.8.8:53 cdn.indexww.com udp
US 8.2.110.134:443 cs.krushmedia.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
DE 91.228.74.244:443 cms.quantserve.com tcp
US 52.46.151.131:443 s.amazon-adsystem.com tcp
NL 193.0.160.131:443 p.rfihub.com tcp
DK 37.157.3.20:443 c1.adform.net tcp
NL 89.207.16.140:443 casale-match.dotomi.com tcp
US 8.8.8.8:53 cs.media.net udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 data.adsrvr.org udp
US 8.8.8.8:53 bttrack.com udp
GB 2.17.5.216:443 eus.rubiconproject.com tcp
US 192.132.33.67:443 bttrack.com tcp
US 52.223.40.198:443 data.adsrvr.org tcp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 ads.avct.cloud udp
US 35.244.174.68:443 id.rlcdn.com tcp
US 192.132.33.67:443 bttrack.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.8.8.8:53 ads.avads.net udp
DE 91.228.74.244:443 cms.quantserve.com tcp
US 8.8.8.8:53 cr.frontend.weborama.fr udp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 8.8.8.8:53 um.simpli.fi udp
US 52.223.40.198:443 data.adsrvr.org tcp
DK 37.157.3.20:443 c1.adform.net tcp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 sync.1rx.io udp
BE 35.205.207.25:443 ads.avads.net tcp
IE 99.80.159.252:443 a.audrte.com tcp
NL 35.204.158.49:443 um.simpli.fi tcp
IE 52.213.48.86:443 pr-bh.ybp.yahoo.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
IE 52.211.215.251:443 sync.crwdcntrl.net tcp
GB 2.17.4.21:443 contextual.media.net udp
US 8.8.8.8:53 s0.2mdn.net udp
US 8.8.8.8:53 image2.pubmatic.com udp
GB 172.217.169.38:443 s0.2mdn.net tcp
GB 185.64.191.210:443 image2.pubmatic.com tcp
GB 185.64.191.210:443 image2.pubmatic.com tcp
NL 35.204.158.49:443 um.simpli.fi tcp
US 8.8.8.8:53 bh.contextweb.com udp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 35.244.174.68:443 id.rlcdn.com udp
US 8.8.8.8:53 ad.turn.com udp
NL 46.228.164.11:443 ad.turn.com tcp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 aorta.clickagy.com udp
NL 213.19.162.90:443 token.rubiconproject.com tcp
US 18.213.128.33:443 aorta.clickagy.com tcp
FR 13.249.10.203:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 cacerts.rapidssl.com udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
IE 34.254.42.124:443 ce.lijit.com tcp
GB 104.84.84.34:443 images.sftcdn.net tcp
US 204.79.197.200:443 bat.bing.com tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.147.23:443 connect.facebook.net tcp
GB 163.70.147.23:443 connect.facebook.net tcp
IT 108.138.190.144:443 www.datadoghq-browser-agent.com tcp
DE 157.90.0.38:443 shb.richaudience.com tcp
DE 157.90.0.38:443 shb.richaudience.com tcp
DE 157.90.0.38:443 shb.richaudience.com tcp
US 34.120.63.153:443 prebid.media.net udp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
IE 54.194.115.74:443 ap.lijit.com tcp
NL 185.89.210.180:443 ib.adnxs.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
IE 54.73.193.1:443 ad.360yield.com tcp
IT 108.138.190.144:443 www.datadoghq-browser-agent.com tcp
GB 172.217.16.238:443 www.adsensecustomsearchads.com udp
IT 108.157.179.185:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 c5826862c7d2ea4c72424f25d4217c5d.safeframe.googlesyndication.com udp
US 172.67.69.19:443 ad-delivery.net tcp
GB 216.58.204.65:443 c5826862c7d2ea4c72424f25d4217c5d.safeframe.googlesyndication.com tcp
US 34.120.63.153:443 prebid.media.net tcp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
US 35.227.233.104:443 en.softonic.com udp
DE 157.90.0.38:443 shb.richaudience.com tcp
IE 67.220.228.203:443 aax-eu.amazon-adsystem.com tcp
IE 54.194.152.196:443 rtb.gumgum.com tcp
GB 96.16.109.9:443 ads.pubmatic.com tcp
DE 51.75.86.98:443 onetag-sys.com tcp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 eb2.3lift.com udp
US 35.244.159.8:443 u.openx.net tcp
US 76.223.111.18:443 eb2.3lift.com tcp
NL 89.149.192.76:443 ssbsync.smartadserver.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 35.244.159.8:443 u.openx.net tcp
US 52.72.28.150:443 sync.srv.stackadapt.com tcp
IE 52.213.48.86:443 pr-bh.ybp.yahoo.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 sync.ipredictive.com udp
US 8.8.8.8:53 match.deepintent.com udp
DK 37.157.3.20:443 c1.adform.net tcp
US 52.223.40.198:443 data.adsrvr.org tcp
NL 89.149.192.76:443 ssbsync.smartadserver.com tcp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 185.89.210.122:443 secure.adnxs.com tcp
US 52.71.54.29:443 sync.ipredictive.com tcp
US 8.18.47.7:443 match.deepintent.com tcp
US 52.71.54.29:443 sync.ipredictive.com tcp
US 8.18.47.7:443 match.deepintent.com tcp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 tg.socdm.com udp
NL 185.89.210.122:443 secure.adnxs.com tcp
US 8.8.8.8:53 b1sync.zemanta.com tcp
JP 124.146.153.164:443 tg.socdm.com tcp
US 64.74.236.127:443 b1sync.zemanta.com tcp
US 64.74.236.127:443 b1sync.zemanta.com tcp
JP 124.146.153.164:443 tg.socdm.com tcp
US 52.223.40.198:443 data.adsrvr.org tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 74.125.34.46:443 www.virustotal.com tcp
DE 157.90.211.246:443 sync.richaudience.com tcp
IE 67.220.228.203:443 aax-eu.amazon-adsystem.com tcp
US 151.101.1.108:443 acdn.adnxs.com tcp
US 172.64.149.180:443 cdn.indexww.com tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 track.adform.net udp
US 74.125.34.46:443 www.virustotal.com tcp
GB 2.17.5.216:443 eus.rubiconproject.com tcp
DK 37.157.4.29:443 track.adform.net tcp
US 8.8.8.8:53 u.ipw.metadsp.co.uk udp
US 8.8.8.8:53 usersync.gumgum.com udp
NL 35.214.166.72:443 u.ipw.metadsp.co.uk tcp
IE 34.247.205.196:443 usersync.gumgum.com tcp
NL 35.214.166.72:443 u.ipw.metadsp.co.uk tcp
IE 34.247.205.196:443 usersync.gumgum.com tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
US 8.8.8.8:53 sonata-notifications.taptapnetworks.com udp
NL 46.228.164.11:443 ad.turn.com tcp
DE 18.195.132.36:443 sonata-notifications.taptapnetworks.com tcp
IE 34.247.205.196:443 usersync.gumgum.com tcp
IE 34.247.205.196:443 usersync.gumgum.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
DE 18.198.96.60:443 rtb.mfadsrvr.com tcp
US 8.43.72.97:443 pixel-us-east.rubiconproject.com tcp
NL 213.19.162.90:443 token.rubiconproject.com tcp
NL 35.204.158.49:443 um.simpli.fi tcp
US 35.244.159.8:443 u.openx.net tcp
US 8.8.8.8:53 ums.acuityplatform.com udp
NL 46.228.164.11:443 ad.turn.com tcp
NL 154.59.122.79:443 ums.acuityplatform.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 35.214.145.58:443 csync.loopme.me tcp
IE 34.248.80.148:443 jadserve.postrelease.com tcp
US 3.218.186.210:443 cs-server-s2s.yellowblue.io tcp
IT 13.226.175.26:443 api-2-0.spot.im tcp
IE 34.251.175.98:443 match.prod.bidr.io tcp
GB 185.64.190.79:443 image8.pubmatic.com tcp
US 192.132.33.67:443 bttrack.com tcp
DE 51.75.86.98:443 onetag-sys.com tcp
US 67.202.105.24:443 ssc-cms.33across.com tcp
NL 89.149.192.76:443 ssbsync.smartadserver.com tcp
US 8.43.72.97:443 pixel-us-east.rubiconproject.com tcp
US 8.8.8.8:53 match.360yield.com udp
IE 54.77.71.210:443 match.360yield.com tcp
US 8.8.8.8:53 dsp.adfarm1.adition.com udp
DE 85.114.159.93:443 dsp.adfarm1.adition.com tcp
DK 37.157.3.20:443 c1.adform.net tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 8.8.8.8:53 uipglob.semasio.net udp
US 8.8.8.8:53 pubmatic-match.dotomi.com udp
US 8.8.8.8:53 pixel.onaudience.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 104.22.50.98:443 mwzeom.zeotap.com tcp
FR 141.94.170.64:443 pixel.onaudience.com tcp
NL 63.215.202.172:443 pubmatic-match.dotomi.com tcp
DK 77.243.51.121:443 uipglob.semasio.net tcp
US 52.72.28.150:443 sync.srv.stackadapt.com tcp
NL 89.207.16.140:443 casale-match.dotomi.com tcp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 8.8.8.8:53 pm.w55c.net udp
DK 37.157.3.20:443 c1.adform.net tcp
US 52.46.151.131:443 s.amazon-adsystem.com tcp
NL 213.19.162.90:443 token.rubiconproject.com tcp
NL 193.0.160.131:443 p.rfihub.com tcp
US 8.8.8.8:53 simage2.pubmatic.com udp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
IE 52.215.83.151:443 pm.w55c.net tcp
GB 185.64.191.210:443 simage2.pubmatic.com tcp
GB 23.44.232.24:443 cs.media.net tcp
DE 51.75.86.98:443 onetag-sys.com tcp
NL 64.158.223.140:443 medianet-match.dotomi.com tcp
US 35.244.159.8:443 u.openx.net tcp
NL 178.250.1.9:443 dis.criteo.com tcp
GB 185.64.191.210:443 simage2.pubmatic.com tcp
GB 23.44.232.24:443 cs.media.net tcp
US 8.8.8.8:53 d5p.de17a.com udp
SE 213.155.156.182:443 d5p.de17a.com tcp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
US 8.8.8.8:53 match.adsby.bidtheatre.com udp
NL 188.166.17.21:443 match.adsby.bidtheatre.com tcp
US 8.8.8.8:53 simage4.pubmatic.com udp
NL 35.214.145.58:443 csync.loopme.me tcp
US 8.8.8.8:53 core.iprom.net udp
GB 185.64.190.81:443 simage4.pubmatic.com tcp
SI 195.5.165.20:443 core.iprom.net tcp
US 8.8.8.8:53 green.erne.co udp
FR 141.94.242.204:443 green.erne.co tcp
US 8.8.8.8:53 cm.adgrx.com udp
US 8.8.8.8:53 ipac.ctnsnet.com udp
US 8.8.8.8:53 cm-supply-web.gammaplatform.com udp
NL 173.231.181.122:443 cm.adgrx.com tcp
US 35.186.193.173:443 ipac.ctnsnet.com tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
GB 185.64.190.81:443 simage4.pubmatic.com tcp
US 8.8.8.8:53 ad.mrtnsvr.com udp
US 8.8.8.8:53 a.tribalfusion.com udp
IE 34.251.175.98:443 match.prod.bidr.io tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 104.18.24.173:443 a.tribalfusion.com tcp
SE 213.155.156.182:443 d5p.de17a.com tcp
NL 35.214.145.58:443 csync.loopme.me tcp
US 8.8.8.8:53 matching.truffle.bid udp
DE 23.88.86.2:443 matching.truffle.bid tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
IE 34.247.205.196:443 usersync.gumgum.com tcp
IE 34.251.175.98:443 match.prod.bidr.io tcp
SE 213.155.156.182:443 d5p.de17a.com tcp
NL 35.214.145.58:443 csync.loopme.me tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
NL 188.166.17.21:443 match.adsby.bidtheatre.com tcp
GB 185.64.191.210:443 simage2.pubmatic.com tcp
GB 185.64.191.210:443 simage2.pubmatic.com tcp
US 8.8.8.8:53 s.tribalfusion.com udp
NL 208.93.169.131:443 bh.contextweb.com tcp
GB 185.64.190.79:443 image8.pubmatic.com tcp
GB 104.84.84.34:443 images.sftcdn.net tcp
FR 13.249.10.203:443 c.amazon-adsystem.com tcp
GB 163.70.147.23:443 connect.facebook.net tcp
US 204.79.197.200:443 bat.bing.com tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 52.223.40.198:443 data.adsrvr.org tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
IT 108.138.190.144:443 www.datadoghq-browser-agent.com tcp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
NL 185.89.210.180:443 ib.adnxs.com tcp
IE 54.194.115.74:443 ap.lijit.com tcp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
IE 54.73.193.1:443 ad.360yield.com tcp
DE 157.90.0.38:443 shb.richaudience.com tcp
DE 157.90.0.38:443 shb.richaudience.com tcp
US 8.8.8.8:53 f053e1757edd3825151d1ca3f7eb599f.safeframe.googlesyndication.com udp
US 8.8.8.8:53 cdn.playwire.com udp
US 8.8.8.8:53 js.adscale.de udp
GB 216.58.204.65:443 f053e1757edd3825151d1ca3f7eb599f.safeframe.googlesyndication.com tcp
IT 18.66.196.16:443 cdn.playwire.com tcp
IT 13.226.175.99:443 js.adscale.de tcp
US 172.67.69.19:443 ad-delivery.net tcp
IT 108.157.179.185:443 aax.amazon-adsystem.com tcp
FR 13.249.10.203:443 c.amazon-adsystem.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
GB 23.48.165.134:443 articles-img.sftcdn.net tcp
GB 23.48.165.134:443 articles-img.sftcdn.net tcp
GB 23.48.165.134:443 articles-img.sftcdn.net tcp
GB 23.48.165.134:443 articles-img.sftcdn.net tcp
GB 23.48.165.134:443 articles-img.sftcdn.net tcp
GB 23.48.165.134:443 articles-img.sftcdn.net tcp
US 8.8.8.8:53 push-sdk.com udp
US 8.8.8.8:53 ih.adscale.de udp
DE 52.57.189.237:443 ih.adscale.de tcp
DE 157.90.33.72:443 push-sdk.com tcp
IE 67.220.228.203:443 aax-eu.amazon-adsystem.com tcp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 cdn.intergient.com udp
IT 18.66.218.86:443 cdn.intergient.com tcp
US 8.8.8.8:53 uidsync.net udp
DE 157.90.33.68:443 uidsync.net tcp
US 8.8.8.8:53 px.moatads.com udp
DE 51.75.86.98:443 onetag-sys.com tcp
GB 96.16.109.251:443 px.moatads.com tcp
US 35.244.159.8:443 u.openx.net tcp
NL 89.149.192.76:443 ssbsync.smartadserver.com tcp
DE 157.90.33.68:443 uidsync.net tcp
US 8.8.8.8:53 config.playwire.com udp
IT 108.139.243.20:443 config.playwire.com tcp
US 8.8.8.8:53 ice.360yield.com udp
IE 54.73.163.254:443 ice.360yield.com tcp
US 8.8.8.8:53 csi.gstatic.com udp
SG 172.217.194.120:443 csi.gstatic.com tcp
SG 172.217.194.120:443 csi.gstatic.com tcp
SG 172.217.194.120:443 csi.gstatic.com tcp
SG 172.217.194.120:443 csi.gstatic.com tcp
US 8.8.8.8:53 cdn.video.playwire.com udp
IT 18.66.218.93:443 cdn.video.playwire.com tcp
IT 108.139.243.20:443 config.playwire.com tcp
US 8.8.8.8:53 imasdk.googleapis.com udp
GB 142.250.180.10:443 imasdk.googleapis.com tcp
US 8.8.8.8:53 gsf-fl.softonic.com udp
US 199.232.194.133:443 gsf-fl.softonic.com tcp
GB 142.250.180.10:443 imasdk.googleapis.com udp
GB 172.217.169.38:443 s0.2mdn.net udp
GB 163.70.147.23:443 connect.facebook.net udp
US 172.64.149.180:443 cdn.indexww.com tcp
US 151.101.1.108:443 acdn.adnxs.com tcp
DE 157.90.211.246:443 sync.richaudience.com tcp
GB 96.16.109.9:443 ads.pubmatic.com tcp
IE 54.194.115.74:443 ap.lijit.com tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
NL 89.149.192.76:443 ssbsync.smartadserver.com tcp
DK 37.157.4.29:443 track.adform.net tcp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
IE 34.254.42.124:443 ce.lijit.com tcp
IE 34.254.42.124:443 ce.lijit.com tcp
US 8.8.8.8:53 www.facebook.com udp
SG 172.217.194.120:443 csi.gstatic.com udp
FR 185.60.219.35:443 www.facebook.com tcp
FR 185.60.219.35:443 www.facebook.com tcp
US 67.202.105.24:443 ssc-cms.33across.com tcp
FR 185.60.219.35:443 www.facebook.com tcp
US 35.244.159.8:443 u.openx.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
IE 34.248.80.148:443 jadserve.postrelease.com tcp
US 3.218.186.210:443 cs-server-s2s.yellowblue.io tcp
US 8.43.72.97:443 pixel-us-east.rubiconproject.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
DE 91.228.74.244:443 cms.quantserve.com tcp
NL 35.204.158.49:443 um.simpli.fi tcp
IT 13.226.175.26:443 api-2-0.spot.im tcp
IE 34.251.175.98:443 match.prod.bidr.io tcp
GB 185.64.190.79:443 image8.pubmatic.com tcp
NL 35.214.145.58:443 csync.loopme.me tcp
US 52.72.28.150:443 sync.srv.stackadapt.com tcp
US 192.132.33.67:443 bttrack.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
GB 142.250.200.34:443 pubads.g.doubleclick.net tcp
US 18.213.128.33:443 aorta.clickagy.com tcp
NL 213.19.162.90:443 token.rubiconproject.com tcp
US 8.2.110.134:443 cs.krushmedia.com tcp
US 52.223.40.198:443 data.adsrvr.org tcp
DE 18.198.96.60:443 rtb.mfadsrvr.com tcp
IE 67.220.228.203:443 aax-eu.amazon-adsystem.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
NL 154.59.122.79:443 ums.acuityplatform.com tcp
NL 89.207.16.140:443 casale-match.dotomi.com tcp
US 52.46.151.131:443 s.amazon-adsystem.com tcp
IE 52.215.83.151:443 pm.w55c.net tcp
DK 37.157.3.20:443 c1.adform.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
GB 23.44.232.24:443 cs.media.net tcp
NL 64.158.223.140:443 medianet-match.dotomi.com tcp
US 35.244.159.8:443 u.openx.net tcp
US 8.8.8.8:53 dsum.casalemedia.com udp
GB 142.250.200.34:443 pubads.g.doubleclick.net udp
US 172.64.151.101:443 dsum.casalemedia.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
GB 23.44.232.24:443 cs.media.net tcp
NL 213.19.162.90:443 token.rubiconproject.com tcp
US 52.223.40.198:443 data.adsrvr.org tcp
GB 142.250.200.34:443 pubads.g.doubleclick.net udp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 rr3---sn-1gi7znek.googlevideo.com udp
GB 216.58.204.66:443 www.googletagservices.com tcp
GB 216.58.204.66:443 www.googletagservices.com tcp
CH 74.125.108.200:443 rr3---sn-1gi7znek.googlevideo.com tcp
NL 139.45.240.92:443 notix.io tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
IT 18.66.196.16:443 cdn.playwire.com tcp
IT 108.139.243.20:443 config.playwire.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
IT 18.66.218.93:443 cdn.video.playwire.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 www.virustotal.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
GB 142.250.180.10:443 imasdk.googleapis.com udp
GB 172.217.169.66:443 securepubads.g.doubleclick.net udp
GB 142.250.200.34:443 pubads.g.doubleclick.net udp
GB 142.250.200.34:443 pubads.g.doubleclick.net tcp
SG 172.217.194.120:443 csi.gstatic.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
DE 157.90.0.38:443 shb.richaudience.com tcp
DE 157.90.0.38:443 shb.richaudience.com tcp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 34.120.63.153:443 prebid.media.net udp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 ap.lijit.com udp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 8.8.8.8:53 ad.360yield.com udp
GB 18.154.77.98:443 aax.amazon-adsystem.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
IE 52.214.40.59:443 ap.lijit.com tcp
NL 185.89.210.244:443 ib.adnxs.com tcp
US 172.64.151.101:443 htlb.casalemedia.com udp
IE 34.251.149.17:443 ad.360yield.com tcp
SG 172.217.194.120:443 csi.gstatic.com tcp
GB 216.58.212.193:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 216.58.204.66:443 www.googletagservices.com udp
US 8.8.8.8:53 rr5---sn-1gi7znes.googlevideo.com udp
GB 172.217.16.225:443 yt3.ggpht.com tcp
CH 173.194.160.74:443 rr5---sn-1gi7znes.googlevideo.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
GB 172.217.169.67:443 beacons.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com tcp
GB 172.217.169.67:443 beacons.gvt2.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
SG 172.217.194.120:443 csi.gstatic.com udp
SG 172.217.194.120:443 csi.gstatic.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 www.virustotal.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 recaptcha.net udp
GB 142.250.200.3:443 recaptcha.net udp
GB 142.250.200.3:443 recaptcha.net tcp
GB 172.217.169.67:443 beacons.gvt2.com udp
GB 172.217.169.67:443 beacons.gvt2.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
GB 142.250.200.34:443 pubads.g.doubleclick.net udp
GB 142.250.200.34:443 pubads.g.doubleclick.net tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 shb.richaudience.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 brightcombid.marphezis.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 172.64.151.101:443 htlb.casalemedia.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 ad.360yield.com udp
DE 195.201.193.117:443 shb.richaudience.com tcp
DE 195.201.193.117:443 shb.richaudience.com tcp
NL 18.239.81.214:443 aax.amazon-adsystem.com tcp
NL 185.89.210.153:443 ib.adnxs.com tcp
IE 52.30.227.228:443 ap.lijit.com tcp
US 34.120.63.153:443 prebid.media.net udp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
IE 52.213.215.127:443 ad.360yield.com tcp
US 34.120.63.153:443 prebid.media.net tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 push-sdk.com udp
DE 157.90.33.121:443 push-sdk.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
GB 172.217.169.66:443 securepubads.g.doubleclick.net udp
GB 172.217.169.66:443 securepubads.g.doubleclick.net tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
SG 172.217.194.120:443 csi.gstatic.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 id.google.com udp
SG 172.217.194.120:443 csi.gstatic.com tcp
US 8.8.8.8:53 accessdata-ftk-imager.software.informer.com udp
US 100.25.93.238:443 accessdata-ftk-imager.software.informer.com tcp
US 100.25.93.238:443 accessdata-ftk-imager.software.informer.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 img.informer.com udp
US 8.8.8.8:53 hits.informer.com udp
US 8.8.8.8:53 software.informer.com udp
US 8.8.8.8:53 i.informer.com udp
US 74.117.179.70:443 img.informer.com tcp
US 74.117.179.70:443 img.informer.com tcp
US 74.117.179.70:443 img.informer.com tcp
US 74.117.179.70:443 img.informer.com tcp
US 74.117.179.70:443 img.informer.com tcp
US 74.117.179.70:443 img.informer.com tcp
US 208.88.224.98:443 i.informer.com tcp
US 208.88.224.98:443 i.informer.com tcp
US 208.88.224.98:443 i.informer.com tcp
US 208.88.224.98:443 i.informer.com tcp
US 204.155.159.109:443 hits.informer.com tcp
NL 74.125.143.84:443 accounts.google.com udp
US 208.88.224.98:443 i.informer.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 204.155.159.109:443 hits.informer.com tcp
GB 172.217.16.238:443 www.adsensecustomsearchads.com tcp
GB 172.217.16.238:443 www.adsensecustomsearchads.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 172.217.169.67:443 beacons.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com udp
GB 172.217.169.67:443 beacons.gvt2.com tcp
GB 172.217.16.238:443 www.adsensecustomsearchads.com udp
GB 216.58.212.193:443 tpc.googlesyndication.com udp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 100.25.93.238:443 software.informer.com tcp
US 100.25.93.238:443 software.informer.com tcp
US 208.88.224.98:443 i.informer.com tcp
US 74.117.179.70:443 img.informer.com tcp
US 204.155.159.109:443 hits.informer.com tcp
US 204.155.159.109:443 hits.informer.com tcp
GB 172.217.169.38:443 s0.2mdn.net udp
NL 185.89.210.153:443 ib.adnxs.com tcp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
GB 172.217.169.38:443 s0.2mdn.net udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 m.exactag.com udp
GB 142.250.187.194:443 googleads4.g.doubleclick.net tcp
DE 213.202.235.10:443 m.exactag.com tcp
US 100.25.93.238:443 software.informer.com tcp
US 100.25.93.238:443 software.informer.com tcp
US 208.88.224.98:443 i.informer.com tcp
US 100.25.93.238:443 software.informer.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.117.179.70:443 img.informer.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 204.155.159.109:443 hits.informer.com tcp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 142.250.180.2:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 files.informer.com udp
US 208.88.224.211:443 files.informer.com tcp
US 8.8.8.8:53 ad-exe.s3.amazonaws.com udp
US 54.231.159.17:443 ad-exe.s3.amazonaws.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
US 100.25.93.238:443 software.informer.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 www.exterro.com udp
US 104.22.29.228:443 www.exterro.com tcp
US 104.22.29.228:443 www.exterro.com tcp
US 8.8.8.8:53 tribl.io udp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 tag.simpli.fi udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 ws.zoominfo.com udp
US 8.8.8.8:53 fw-cdn.com udp
US 204.79.197.200:443 bat.bing.com tcp
IT 108.139.243.113:443 static.hotjar.com tcp
NL 35.234.162.151:443 tag.simpli.fi tcp
IE 46.137.132.32:443 tribl.io tcp
GB 88.221.135.104:443 snap.licdn.com tcp
US 104.16.136.15:443 ws.zoominfo.com tcp
IT 13.226.175.31:443 fw-cdn.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 142.251.173.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 script.hotjar.com udp
IT 108.156.2.69:443 script.hotjar.com tcp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 8.8.8.8:53 cdn.seersco.com udp
IT 108.156.2.123:443 cdn.seersco.com tcp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 widget.intercom.io udp
US 8.8.8.8:53 exterro1-8e1610c834f6cc316989291.freshchat.com udp
US 104.22.29.228:443 www.exterro.com tcp
US 76.223.64.65:443 exterro1-8e1610c834f6cc316989291.freshchat.com tcp
IT 3.160.212.6:443 widget.intercom.io tcp
IE 46.137.132.32:443 tribl.io tcp
IE 46.137.132.32:443 tribl.io tcp
IE 46.137.132.32:443 tribl.io tcp
US 8.8.8.8:53 js.intercomcdn.com udp
IT 108.138.189.102:443 js.intercomcdn.com tcp
IT 108.138.189.102:443 js.intercomcdn.com tcp
US 8.8.8.8:53 wchat.freshchat.com udp
US 54.172.247.4:443 wchat.freshchat.com tcp
US 8.8.8.8:53 assetscdn-wchat.freshchat.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
IT 18.66.218.121:443 assetscdn-wchat.freshchat.com tcp
IT 18.66.218.121:443 assetscdn-wchat.freshchat.com tcp
IT 18.66.218.121:443 assetscdn-wchat.freshchat.com tcp
GB 216.58.204.74:443 ajax.googleapis.com tcp
US 8.8.8.8:53 api-iam.intercom.io udp
US 3.222.169.126:443 api-iam.intercom.io tcp
US 8.8.8.8:53 s.ytimg.com udp
US 8.8.8.8:53 go.exterro.com udp
GB 142.250.200.14:443 s.ytimg.com tcp
US 52.54.96.194:443 go.exterro.com tcp
US 8.8.8.8:53 rts-static-prod.freshworksapi.com udp
IT 3.160.212.90:443 rts-static-prod.freshworksapi.com tcp
US 8.8.8.8:53 storage.pardot.com udp
IT 13.226.175.119:443 storage.pardot.com tcp
US 8.8.8.8:53 nexus-websocket-a.intercom.io udp
US 35.174.127.31:443 nexus-websocket-a.intercom.io tcp
US 8.8.8.8:53 exterro.webpush.freshchat.com udp
IT 18.66.218.20:443 exterro.webpush.freshchat.com tcp
US 8.8.8.8:53 fc-use1-00-pics-bkt-00.s3.amazonaws.com udp
US 16.182.74.217:443 fc-use1-00-pics-bkt-00.s3.amazonaws.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 104.22.29.228:443 www.exterro.com tcp
US 3.222.169.126:443 api-iam.intercom.io tcp
US 104.16.136.15:443 ws.zoominfo.com udp
IE 46.137.132.32:443 tribl.io tcp
NL 35.234.162.151:443 tag.simpli.fi tcp
US 204.79.197.200:443 bat.bing.com tcp
US 104.16.136.15:443 ws.zoominfo.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 fast.wistia.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 151.101.2.132:443 fast.wistia.com tcp
US 151.101.2.132:443 fast.wistia.com tcp
US 151.101.2.132:443 fast.wistia.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
IT 3.160.212.6:443 widget.intercom.io udp
US 54.172.247.4:443 wchat.freshchat.com tcp
US 76.223.64.65:443 exterro1-8e1610c834f6cc316989291.freshchat.com tcp
IE 46.137.132.32:443 tribl.io tcp
US 3.222.169.126:443 api-iam.intercom.io tcp
IT 3.160.212.90:443 rts-static-prod.freshworksapi.com tcp
US 35.174.127.31:443 nexus-websocket-a.intercom.io tcp
IT 18.66.218.20:443 exterro.webpush.freshchat.com tcp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 edge-admin.us-east-1.freshedge.net udp
US 216.239.34.117:443 beacons2.gvt2.com tcp
US 216.239.34.117:443 beacons2.gvt2.com tcp
US 44.195.157.51:443 edge-admin.us-east-1.freshedge.net tcp
US 216.239.34.117:443 beacons2.gvt2.com udp
NL 74.125.143.84:443 accounts.google.com udp
NL 74.125.143.84:443 accounts.google.com tcp
US 52.54.96.194:443 go.exterro.com tcp
US 52.54.96.194:443 go.exterro.com tcp
US 8.8.8.8:53 go.pardot.com udp
US 3.215.172.219:443 go.pardot.com tcp
US 3.215.172.219:443 go.pardot.com tcp
IT 13.226.175.119:443 storage.pardot.com tcp
US 52.54.96.194:443 go.pardot.com tcp
US 204.79.197.200:443 bat.bing.com tcp
US 8.8.8.8:53 use.typekit.net udp
US 52.54.96.194:443 go.pardot.com tcp
GB 88.221.134.88:443 use.typekit.net tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.42:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 pi.pardot.com udp
US 3.92.120.28:443 pi.pardot.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
GB 216.58.212.238:443 redirector.gvt1.com tcp
US 8.8.8.8:53 r4---sn-1gi7znek.gvt1.com udp
CH 74.125.108.201:443 r4---sn-1gi7znek.gvt1.com udp
US 8.8.8.8:53 google.com udp
GB 216.58.201.110:443 google.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
IE 46.137.132.32:443 tribl.io tcp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 172.217.169.22:443 i.ytimg.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.46:443 www.youtube.com tcp
GB 142.250.200.46:443 www.youtube.com udp
GB 172.217.169.22:443 i.ytimg.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 172.217.16.230:443 static.doubleclick.net tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
GB 172.217.16.234:443 content-autofill.googleapis.com tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
GB 172.217.16.234:443 content-autofill.googleapis.com udp
US 104.22.29.228:443 www.exterro.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 www.virustotal.com udp
US 74.125.34.46:443 www.virustotal.com tcp
IE 46.137.132.32:443 tribl.io tcp
NL 35.234.162.151:443 tag.simpli.fi tcp
US 204.79.197.200:443 bat.bing.com tcp
US 104.16.136.15:443 ws.zoominfo.com udp
US 13.107.42.14:443 www.linkedin.com tcp
US 54.172.247.4:443 wchat.freshchat.com tcp
US 76.223.64.65:443 exterro1-8e1610c834f6cc316989291.freshchat.com tcp
US 3.222.169.126:443 api-iam.intercom.io tcp
IE 46.137.132.32:443 tribl.io tcp
IT 3.160.212.90:443 rts-static-prod.freshworksapi.com tcp
US 35.174.127.31:443 nexus-websocket-a.intercom.io tcp
IT 18.66.218.20:443 exterro.webpush.freshchat.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
GB 142.250.187.206:443 encrypted-tbn2.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn3.gstatic.com tcp
GB 172.217.16.238:443 encrypted-tbn1.gstatic.com tcp
GB 172.217.16.238:443 encrypted-tbn1.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn2.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn2.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn2.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn2.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn2.gstatic.com tcp
GB 142.250.187.206:443 encrypted-tbn2.gstatic.com tcp
US 8.8.8.8:53 ftk-imager.software.informer.com udp
US 100.25.93.238:443 ftk-imager.software.informer.com tcp
US 100.25.93.238:443 ftk-imager.software.informer.com tcp
US 208.88.224.98:443 i.informer.com tcp
US 74.117.179.70:443 img.informer.com tcp
US 204.155.159.109:443 hits.informer.com tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
US 204.155.159.109:443 hits.informer.com tcp
GB 172.217.16.238:443 encrypted-tbn1.gstatic.com udp
GB 172.217.16.238:443 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 35.244.159.8:443 u.openx.net tcp
GB 104.78.177.107:443 sync.teads.tv tcp
US 8.8.8.8:53 servedby.flashtalking.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 104.78.177.107:443 sync.teads.tv tcp
US 35.244.159.8:443 u.openx.net tcp
GB 184.87.191.178:443 servedby.flashtalking.com tcp
GB 216.58.212.193:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 s0.2mdn.net udp
US 8.8.8.8:53 ad.atdmt.com udp
GB 172.217.169.38:443 s0.2mdn.net udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 sync.search.spotxchange.com udp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 ajs-assets.ftstatic.com udp
US 74.125.34.46:443 www.virustotal.com tcp
IT 3.160.212.100:443 ajs-assets.ftstatic.com tcp
US 8.8.8.8:53 agen-assets.ftstatic.com udp
IT 108.156.2.54:443 agen-assets.ftstatic.com tcp
US 8.8.8.8:53 cdn.flashtalking.com udp
US 8.8.8.8:53 js.ad-score.com udp
GB 92.123.240.41:443 cdn.flashtalking.com tcp
GB 92.123.240.41:443 cdn.flashtalking.com tcp
GB 92.123.240.41:443 cdn.flashtalking.com tcp
IT 18.66.218.84:443 js.ad-score.com tcp
US 8.8.8.8:53 ad-events.flashtalking.com udp
US 8.8.8.8:53 stat.flashtalking.com udp
BE 23.55.96.51:443 stat.flashtalking.com tcp
GB 3.10.137.174:443 ad-events.flashtalking.com tcp
US 8.8.8.8:53 data.ad-score.com udp
US 130.211.115.4:443 data.ad-score.com tcp
GB 142.250.187.194:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 secure.flashtalking.com udp
US 130.211.115.4:443 data.ad-score.com tcp
GB 92.123.240.41:443 secure.flashtalking.com tcp
NL 74.125.143.84:443 accounts.google.com udp
US 100.25.93.238:443 ftk-imager.software.informer.com tcp
US 74.117.179.70:443 img.informer.com tcp
US 100.25.93.238:443 ftk-imager.software.informer.com tcp
US 130.211.115.4:443 data.ad-score.com tcp
US 130.211.115.4:443 data.ad-score.com tcp
US 130.211.115.4:443 data.ad-score.com tcp
US 8.8.8.8:53 js-staging.ad-score.com udp
US 35.239.117.218:443 js-staging.ad-score.com tcp
GB 3.10.137.174:443 ad-events.flashtalking.com tcp
US 35.239.117.218:443 js-staging.ad-score.com tcp
US 35.239.117.218:443 js-staging.ad-score.com tcp
US 35.239.117.218:443 js-staging.ad-score.com tcp
US 35.239.117.218:443 js-staging.ad-score.com tcp
GB 142.250.200.3:443 recaptcha.net udp
GB 142.250.200.3:443 recaptcha.net tcp
US 44.195.157.51:443 edge-admin.us-east-1.freshedge.net tcp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 74.117.179.70:443 img.informer.com tcp
US 204.155.159.109:443 hits.informer.com tcp
NL 74.125.143.84:443 accounts.google.com udp
US 100.25.93.238:443 ftk-imager.software.informer.com tcp
BE 23.55.96.51:443 stat.flashtalking.com tcp
US 35.239.117.218:443 js-staging.ad-score.com tcp
US 208.88.224.98:443 i.informer.com tcp
US 8.8.8.8:53 google.com udp
GB 216.58.201.110:443 google.com udp
US 8.8.8.8:53 e2c50.gcp.gvt2.com udp
US 35.212.16.125:443 e2c50.gcp.gvt2.com tcp
GB 142.250.187.206:443 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 www.exterro.com udp
US 172.67.30.176:443 www.exterro.com tcp
US 8.8.8.8:53 tribl.io udp
NL 35.234.162.151:443 tag.simpli.fi tcp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 bat.bing.com udp
US 104.16.136.15:443 ws.zoominfo.com udp
US 204.79.197.200:443 bat.bing.com tcp
IE 46.137.132.32:443 tribl.io tcp
IT 108.139.243.113:443 static.hotjar.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 8.8.8.8:53 fast.wistia.com udp
US 151.101.2.132:443 fast.wistia.com tcp
US 151.101.2.132:443 fast.wistia.com tcp
US 151.101.2.132:443 fast.wistia.com tcp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 wchat.freshchat.com udp
US 8.8.8.8:53 exterro1-8e1610c834f6cc316989291.freshchat.com udp
US 54.172.247.4:443 wchat.freshchat.com tcp
US 76.223.64.65:443 exterro1-8e1610c834f6cc316989291.freshchat.com tcp
US 8.8.8.8:53 api-iam.intercom.io udp
IE 46.137.132.32:443 tribl.io tcp
US 34.197.142.160:443 api-iam.intercom.io tcp
US 54.172.247.4:443 wchat.freshchat.com tcp
IE 46.137.132.32:443 tribl.io tcp
US 8.8.8.8:53 rts-static-prod.freshworksapi.com udp
US 76.223.64.65:443 exterro1-8e1610c834f6cc316989291.freshchat.com tcp
IT 3.160.212.60:443 rts-static-prod.freshworksapi.com tcp
US 8.8.8.8:53 nexus-websocket-a.intercom.io udp
US 35.174.127.31:443 nexus-websocket-a.intercom.io tcp
US 8.8.8.8:53 exterro.webpush.freshchat.com udp
IT 18.66.218.110:443 exterro.webpush.freshchat.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 172.67.30.176:443 www.exterro.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
BE 142.251.173.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
IE 46.137.132.32:443 tribl.io tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 edge-admin.us-east-1.freshedge.net udp
US 44.195.157.51:443 edge-admin.us-east-1.freshedge.net tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 104.16.136.15:443 ws.zoominfo.com udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 104.16.136.15:443 ws.zoominfo.com udp
US 172.67.30.176:443 www.exterro.com tcp
IE 46.137.132.32:443 tribl.io tcp
NL 35.234.162.151:443 tag.simpli.fi tcp
US 204.79.197.200:443 bat.bing.com tcp
US 8.8.8.8:53 fw-cdn.com udp
IT 13.226.175.102:443 fw-cdn.com tcp
US 13.107.42.14:443 www.linkedin.com tcp
IT 13.226.175.102:443 fw-cdn.com tcp
US 54.172.247.4:443 wchat.freshchat.com tcp
US 76.223.64.65:443 exterro1-8e1610c834f6cc316989291.freshchat.com tcp
US 34.197.142.160:443 api-iam.intercom.io tcp
IE 46.137.132.32:443 tribl.io tcp
IT 3.160.212.60:443 rts-static-prod.freshworksapi.com tcp
US 35.174.127.31:443 nexus-websocket-a.intercom.io tcp
IT 18.66.218.110:443 exterro.webpush.freshchat.com tcp
US 8.8.8.8:53 go.exterro.com udp
US 8.8.8.8:53 storage.pardot.com udp
US 3.92.120.28:443 go.exterro.com tcp
US 3.92.120.28:443 go.exterro.com tcp
IT 13.226.175.119:443 storage.pardot.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 216.58.201.110:443 google.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
IE 46.137.132.32:443 tribl.io tcp
IE 46.137.132.32:443 tribl.io tcp
US 204.79.197.200:443 bat.bing.com tcp
US 8.8.8.8:53 use.typekit.net udp
NL 95.101.78.218:443 use.typekit.net tcp
US 8.8.8.8:53 pi.pardot.com udp
US 3.92.120.28:443 pi.pardot.com tcp
GB 172.217.169.22:443 i.ytimg.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.46:443 www.youtube.com udp
GB 172.217.16.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 tribl.io udp
IE 46.137.132.32:443 tribl.io tcp
US 44.195.157.51:443 edge-admin.us-east-1.freshedge.net tcp
GB 142.250.200.14:443 www.youtube.com udp
IE 46.137.132.32:443 tribl.io tcp
IE 46.137.132.32:443 tribl.io tcp
US 3.92.120.28:443 pi.pardot.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
NL 95.101.78.218:443 use.typekit.net tcp
US 8.8.8.8:53 bat.bing.com udp
US 204.79.197.200:443 bat.bing.com tcp
BE 142.251.173.156:443 stats.g.doubleclick.net udp
US 3.92.120.28:443 pi.pardot.com tcp
US 8.8.8.8:53 d1kpmuwb7gvu1i.cloudfront.net udp
IT 108.138.187.168:443 d1kpmuwb7gvu1i.cloudfront.net tcp
IT 108.138.187.168:443 d1kpmuwb7gvu1i.cloudfront.net tcp
US 8.8.8.8:53 www.exterro.com udp
US 172.67.30.176:443 www.exterro.com tcp
IE 46.137.132.32:443 tribl.io tcp
US 204.79.197.200:443 bat.bing.com tcp
NL 35.234.162.151:443 tag.simpli.fi tcp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 104.16.136.15:443 ws.zoominfo.com udp
IT 108.139.243.113:443 static.hotjar.com tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 8.8.8.8:53 widget.intercom.io udp
US 8.8.8.8:53 wchat.freshchat.com udp
US 8.8.8.8:53 exterro1-8e1610c834f6cc316989291.freshchat.com udp
IT 3.160.212.74:443 widget.intercom.io udp
US 34.192.153.236:443 wchat.freshchat.com tcp
US 76.223.64.65:443 exterro1-8e1610c834f6cc316989291.freshchat.com tcp
IE 46.137.132.32:443 tribl.io tcp
US 8.8.8.8:53 api-iam.intercom.io udp
US 44.209.54.83:443 api-iam.intercom.io tcp
US 8.8.8.8:53 rts-static-prod.freshworksapi.com udp
IT 3.160.212.60:443 rts-static-prod.freshworksapi.com tcp
US 8.8.8.8:53 nexus-websocket-a.intercom.io udp
US 35.174.127.31:443 nexus-websocket-a.intercom.io tcp
US 8.8.8.8:53 exterro.webpush.freshchat.com udp
IT 18.66.218.110:443 exterro.webpush.freshchat.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
BE 142.251.173.156:443 stats.g.doubleclick.net udp
GB 172.217.16.228:443 www.google.com udp
IE 46.137.132.32:443 tribl.io tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
GB 142.250.200.46:443 www.youtube.com udp
US 8.8.8.8:53 edge-admin.us-east-1.freshedge.net udp
US 216.239.34.117:443 beacons2.gvt2.com udp
US 54.243.212.153:443 edge-admin.us-east-1.freshedge.net tcp
US 8.8.8.8:53 clients2.google.com udp
US 216.239.32.116:443 beacons4.gvt2.com udp
GB 142.250.200.14:443 clients2.google.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 ws.zoominfo.com udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 104.16.137.15:443 ws.zoominfo.com udp
US 104.16.137.15:443 ws.zoominfo.com udp
GB 142.250.187.206:443 www.youtube.com udp
US 8.8.8.8:53 mh-nexus.de udp
DE 89.107.188.153:443 mh-nexus.de tcp
DE 89.107.188.153:443 mh-nexus.de tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.241.137:80 www.microsoft.com tcp
GB 92.123.241.137:80 www.microsoft.com tcp
GB 92.123.241.137:443 www.microsoft.com tcp
GB 216.58.213.3:80 www.gstatic.com tcp
GB 92.123.241.137:443 www.microsoft.com tcp
GB 92.123.241.137:443 www.microsoft.com tcp
GB 92.123.241.137:443 www.microsoft.com tcp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 cdn-dynmedia-1.microsoft.com udp
US 8.8.8.8:53 web.vortex.data.microsoft.com udp
US 8.8.8.8:53 accdn.lpsnmedia.net udp
GB 96.16.110.13:443 c.s-microsoft.com tcp
GB 96.16.110.13:443 c.s-microsoft.com tcp
GB 96.16.110.13:443 c.s-microsoft.com tcp
GB 96.16.110.13:443 c.s-microsoft.com tcp
GB 96.16.110.13:443 c.s-microsoft.com tcp
GB 23.48.165.148:443 cdn-dynmedia-1.microsoft.com tcp
US 8.8.8.8:53 analytics.tiktok.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 cdnssl.clicktale.net udp
US 8.8.8.8:53 d.impactradius-event.com udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 lpcdn.lpsnmedia.net udp
US 8.8.8.8:53 lptag.liveperson.net udp
US 8.8.8.8:53 mem.gfx.ms udp
US 8.8.8.8:53 publisher.liveperson.net udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 www.clarity.ms udp
GB 178.249.97.23:443 lptag.liveperson.net tcp
US 34.120.154.120:443 lpcdn.lpsnmedia.net tcp
GB 178.249.97.99:443 accdn.lpsnmedia.net tcp
US 151.101.1.192:443 publisher.liveperson.net tcp
US 52.167.30.171:443 fpt.microsoft.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 35.186.249.72:443 d.impactradius-event.com tcp
IT 108.157.194.44:443 cdnssl.clicktale.net tcp
US 204.79.197.200:443 bat.bing.com tcp
GB 23.48.165.149:443 analytics.tiktok.com tcp
GB 96.16.110.13:443 c.s-microsoft.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.42.65.85:443 browser.events.data.microsoft.com tcp
US 20.42.65.85:443 browser.events.data.microsoft.com tcp
DE 89.107.188.153:443 mh-nexus.de tcp
US 20.42.65.85:443 browser.events.data.microsoft.com tcp
DE 89.107.188.153:443 mh-nexus.de tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 142.250.113.94:443 beacons2.gvt2.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
DE 89.107.188.153:443 mh-nexus.de tcp
US 8.8.8.8:53 recaptcha.net udp
GB 142.250.200.3:443 recaptcha.net udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.virustotal.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 www.virustotal.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
GB 142.250.200.3:443 recaptcha.net udp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c64.gcp.gvt2.com udp
US 34.162.18.59:443 e2c64.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.67:443 beacons.gvt2.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 142.250.200.14:443 www.youtube.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.74:443 content-autofill.googleapis.com udp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
GB 142.250.187.195:443 www.recaptcha.net udp
US 8.8.8.8:53 recaptcha.net udp
GB 142.250.200.3:443 recaptcha.net udp
GB 142.250.200.3:443 recaptcha.net tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com udp
DE 172.217.16.131:443 beacons.gcp.gvt2.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp

Files

memory/832-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

memory/832-1-0x000000007328D000-0x0000000073298000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

MD5 7018b94647cfa7568c606442ef65f0b1
SHA1 38cdeca7956767c69997f11ffe583697da55cdd8
SHA256 52344bbe879c6870954dd51613c107862534e573eb756531f564ac6a696e3c4a
SHA512 9ca4f57a08f17cc1e4e0137c33475516ef7378dab76a0955ef0b846597759d89c8f9fc27aaf138c9e22f30acb35629d2cc0dc84824d01e331b98763dc677517e

C:\Users\Admin\AppData\Local\Microsoft\Outlook\mapisvc.inf

MD5 48dd6cae43ce26b992c35799fcd76898
SHA1 8e600544df0250da7d634599ce6ee50da11c0355
SHA256 7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a
SHA512 c1b9322c900f5be0ad166ddcfec9146918fb2589a17607d61490fd816602123f3af310a3e6d98a37d16000d4acbbcd599236f03c3c7f9376aeba7a489b329f31

memory/832-164-0x0000000069141000-0x0000000069142000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{074847D5-1762-4AA6-AFC7-7DAD2A2E6E81}.html

MD5 adf3db405fe75820ba7ddc92dc3c54fb
SHA1 af664360e136fd5af829fd7f297eb493a2928d60
SHA256 4c73525d8b563d65a16dee49c4fd6af4a52852d3e8f579c0fb2f9bb1da83e476
SHA512 69de07622b0422d86f7960579b15b3f2e4d4b4e92c6e5fcc7e7e0b8c64075c3609aa6e5152beec13f9950ed68330939f6827df26525fc6520628226f598b7a72

C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Temp\Cab730E.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar73ED.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3176c9acab3ddde45de0d07a7c0aec6
SHA1 337b34656d642eb0c82051ecd9923b7757ece7b8
SHA256 3a563214b6ca1bb0c95d50a6ed9602646a56f1093e5b2d42611370c45cd1a20b
SHA512 a42afcb6a9adf97f33d25e4d624f78a1571a58045cdcbbf18e9163843af239c7fc1e96c3cf02b3174ce5950f5631c605a15d39e8d2d766426c348b52a345e531

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c32559871a410cf8e56f56cdc9b4cfe6
SHA1 a16019582aa761bd7ceb9cf7ba98e938e8183732
SHA256 80ce261b5023d4b4aa270c538894313c07896aa1e762b4551dfb80efdca1cb5e
SHA512 3002aa0ede5cbda4811a879bf934a2f3ac42c8d7fe99d915fcc358d425784faae8113480ad5e770bdd2afab8fd9bb1b29de377f77958ed0fb0eba5eff792bd5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c273c2fdb1df2ec1172fbaf04c23b458
SHA1 4977991fa516ee8c499377e9d1f2ae02290f9d87
SHA256 8b072a582225da807afcaa50a19da4a188554e8d87eae0f7e9bd3e8168648734
SHA512 b315aa6a678447a3ee3792f9d1cf52b9552cbe7f66485d2025b209f8569bb55462b0ca233ff45a64b0d54519e8ea66c8f9f71d509047253890f91e2bc7d19995

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df22db4febdaf624d1efd6adbe484ab2
SHA1 bbd2eac35ddc078e386a99d8d98483da371340fc
SHA256 06e4504c6ee1bcfdf63e6bddf6b6e0a49784dda52ef4cf0301dc4714d7407aca
SHA512 e81f3aa6d703ee6ee77a1346e4de01ddbb09b7ec01d0ba0ef60343503a712d2d672a11d88dd921af42ee35420d8709c405a287ba770697f1855817a8249a985a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c63bac47c3d642cb6b76ab812fcb9b55
SHA1 fa187256767d86d5e66f83b6bd690c8ce10dfc07
SHA256 9acab734126930a82cb87ac6f8b6e787d7862c9c4fdb94c69af2b8afe521ffb9
SHA512 e37841373d1bc7d3b074fbf58a70a9326d302ab393b858c61da598fc20a436e5c9c2a2c10797af104607f47a52a171c7f7801b303c10985d66716ecdfd177825

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fdb9631f2f162e1c5a8d06123799148b
SHA1 ee11ce51e0a272dffb4b878a0c6d644074631a76
SHA256 0e76d77010724c509da2ca512733157a6c7e0177cb337e0ba91fade2e11762ac
SHA512 45030566bc904f5d7b1ca689f55d1f265206e2227db79bab744eb785b4d235f993b25c1d58e326714ca1acb50a28f95ab9de34adbffed6a7e4d09c235cdcb8e4

memory/832-408-0x000000007328D000-0x0000000073298000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec34539f6945c315b5ef398d1a071c9d
SHA1 e913b5e6f5725626c9722bb3eb22a59413d1872b
SHA256 6e1a41fa39fe36157aec0e0461b4303c076b6dabfd4c1c8bd7173d0bf5b19306
SHA512 869617b28ee9a0a6effe496c2f828cd08c7cfc73c66823773521e0116496a281bd733a00ef68fdc64fe5de42ac827b05c546a9460f6518244c2a3ad7cd0a18da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76e75e79a641fd88b45f9db777c2b210
SHA1 4a0b3e36eab30ab9201a7de7f88024b2a7842f2b
SHA256 89f479f8b0d29c44f8f026abb7ef0157149922cd9822a428cea0bf3fff821f13
SHA512 7bd37e0f47e55def4768cbe919ddf0c910600fb1c20f0df45b09ca87f6123c9f94095b7ec11bbe98d93fdc6bb591329dc0fa998a7db7332de4a7738e276bbc6c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84ffd7412dfac92975bc8fe24977e687
SHA1 7b4a9c3d893c24ce02c17689f06fdd5334f7ded9
SHA256 abe57bc893fdd1c58b2a7bc4890368c17d518277720f235165f5634839297e8f
SHA512 1f3ba12e764c9956a4d86564b161c271b0ffc2e7da5ef5017060db6acb7ed66872d114076471a10048dfdce9ceb88acd33db785e787f291f2111f6022d39bafc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72969103c602dd1256e558993975d9f4
SHA1 017b3cae571c522bc3aa15bff3d82a0247bb9480
SHA256 76aeec0cf9317041ed190dfd521e416625dcb8e48d30a8905c2520fc17732d30
SHA512 cc559abfd26aea4b52a6c91aa23d8531db4813677e8ea8b6592939f4759db6fb22e5d97d5da83c0e008e51c32e958cb3e338dd82ca2ca4bbb0e849048e575892

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42f640d48a621403b6511b28a3623841
SHA1 f517bb8536808cf6ffeed4b65902a083d9b8af7f
SHA256 3cfdd37cdce7b6a8bae06a5b20fe0b168d15271335c023246c0ec9ff9f9b607a
SHA512 fe880071e18c8e5c932629f3d3f059e049a06f2b332ddf82ee1c98060509f10146d7de1ef8e16c77a6e482632b1d1c93de780144133eed94478092407b2671e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a50d9cf700f8507a63cf2980d69e2dd
SHA1 7734c97a50ec92f839f3ab7fe5ed6752ef8cf7ae
SHA256 e6a23532fbf7cc1ff86c46bf506fde0c3fb754463741a517830b82cc7ae64f5e
SHA512 ae5083f65f0ddbcc45cfefa246dcf9aa81e3d5e96f2f372abf271bf19eca9520544e70a8749025b57844d148545c3d11a0608b7d16fcce0d3e56d2ff40d78ae2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4135ece227593446925b1c86566c615
SHA1 2bd5826b978f37d151930f9903767b55facf989e
SHA256 15f0ea67227f12c25e00cfa39ed52575226de7c25b8f77ee82ea573184721b60
SHA512 018066f8545585a750c03c5ecd46f9bc9785efd7861e30afe47b9e0220cf8d4e82e4c325e06b4577b7ccf9ecface2974c8b88d66d8447c345f2716f494a71c91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 029f8cca848122e7f750b82c38daf9f0
SHA1 925adea6e21754586a1b65da7bbcd5078dba6ace
SHA256 c653ca81b81c728f4d683b5f9ae86f5fd7dc8a82b3b36487eb02fd318131c0d1
SHA512 cd5f5d9392253c4e5de42c4c53a5f59f5aa35d0edb2aef4c3f66c0bd0dd2c1b625c32da191bb34a2904c930ec657d622e0928adf71c3ab29ba39a797d82a5053

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85a0a36eb430993aff8c989410cba8ea
SHA1 90d8b482acd6625bc41e67e22bec8ca159343e0e
SHA256 338e882ac7c9cd5ac91c20af89638c9992d7c8aedff8d533ae34a7491bcd89b1
SHA512 0e7bd1f3e2262be4fa6cf0db6cd4cf6bd68a79b55e0368d83b7988c1b4dc10f2e95485c4f4a665579edea323cbbf37eea34b245c0ee80859973ab2d5ec168346

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f8cadb4ebf406e6b9172742070dee49
SHA1 4f6112a8faa413de5c19aa6cd1bed9176d6dbc2d
SHA256 5285b714a7b20fe30bb401477a4598502562e64f4b59d3d1f27ca46c8d118e3f
SHA512 c21bd91dab7088f6464ca8a4fd68d74c0a8b5001c941b77bb3ca217243422adb6ead8c97aa252145e3652589982a4a29ce0f7fad669c484d3c826af4b1d558f5

memory/832-921-0x000000000AEB0000-0x000000000AF84000-memory.dmp

memory/1848-922-0x000000002F2A1000-0x000000002F2A2000-memory.dmp

memory/1848-924-0x000000007328D000-0x0000000073298000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Office\MSO1033.acl

MD5 aa8e12c4044f0487c366c6d55a9f22ce
SHA1 e08a46168aa55ed5ed41360cbcc0581101a214cf
SHA256 9ea968f0b6b893350f6cdf031a00f3781e0ee3208ad53ffd51d7eda9d0385909
SHA512 83d3ea9727c4655edc4e9682416fdec672b898e1456a22377d38e3dbde800af155404edcbeee8718fe19e81e0701780d528a54d553062d7c34eace91d43b4c97

memory/2340-939-0x0000000001EC0000-0x0000000001EC1000-memory.dmp

memory/1032-940-0x00000000022B0000-0x00000000022B1000-memory.dmp

\??\pipe\crashpad_2120_IMMQMWSZAAVSZAGH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

memory/1848-981-0x000000007328D000-0x0000000073298000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\6ee8d029-5783-4e40-8a5a-2f03572a4b04.tmp

MD5 508375f73bb15e11bc65542fe201533b
SHA1 461a3efe15db2df76cd68217e8e911076a263e97
SHA256 c1db90144b4000eb242b016b96e224815c5d3176dc39a55758ccc6a689bdd57c
SHA512 d5e1c03c160abcb27ef202b6408601a35b7c529e13b6124a06ca0b89764251e08fcec8dc0310dbe58ff8466576c1d0b448a37303646cb1844aa99e2f61d46b65

memory/1032-1076-0x00000000022B0000-0x00000000022B1000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c4d639dce120d7566dce49fcce46c883
SHA1 25c474784476943dbef22fa8dd276f61f11a5a05
SHA256 764da1abd589ea3413f27feb584317677b6a6699cd93bcfcba528889873401e6
SHA512 9a71d4219fb3ee035d89803fc61b0f16d492fbff1a5f44ea0d3b5b920fe1de2a240808dd433c0a860848e6198006f10ae5069212a20d09f3eaafa933ca6d5fb0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9d2b6871c8711c87a1d63bbc0b42721
SHA1 9521264667401712f1261ed30bef855bc04f0133
SHA256 8e65bfd0d901203d818dac340c397ea5ab75e5cb9450f6111366dcc2dfecf1d1
SHA512 5aed9b69a5863a07b277f241ffd3058163864335aa9efb401e732dd83dc6ca25bad1cd6cbb4ca800e5d57afd281ea02f9232ba01f1fca8b8439d40384044e663

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6bb70f69244eadfb1e530791bfb778ae
SHA1 aba8a8265dbd5a97cc215f013b61027b363a6426
SHA256 5bd790b292358760d6ca82e0f7445843490e90372cd8563b1a8b32cb092bc877
SHA512 af9523ad822c399a8496358e025b529673b0eb3f4b03541005583cd924b6e28c89df97f2d9a478bc1e0c1f1ba7a878e26fd28913b5f2088859d8dd375b0f10e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f77788f0eaf3b83d5be911b9298c345b
SHA1 37897772026ffd9378192a6b063ed64459aa6e84
SHA256 a6ef0d82bbb81957c959ac363d7648aa46f03ec99b20a1b9a4ee5804466b3295
SHA512 a614faec1752e94d363cc6ecce5bb2a07843fbd49043a3d84df3908885f989159a90f8784f1f190c09408f9027538956bafe4703a89ef16a4728c796cf0e337f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe9a71fb9b254444fe2c79aead59ca55
SHA1 6d927895d538ba898e29111d4aa4e10ea4f52e1b
SHA256 0d2e8a5ac6eb53b6dfcbcda19ba11a3dab8594b1b26f6065d6b7b75ba68d03b7
SHA512 12b21cbe7fa1d1f4dd756efcb72b1a66cfa7ce535202b1fbcd37790aa81d63d6a9faf0661cb63d58e0248c53e209dd32c7daeec75aff009c1a2d3482199d759a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be1e21c04b7989ef00185da4508aabf7
SHA1 2bbf1aae72bc082894db4ff37067540873601f74
SHA256 c2d5a0f476dde198a2e50c14489d4c7f86c933f8224df378e2f8be6159048476
SHA512 9fcc5001325bfdd75fdbef83ebc0ca8358932deac318561ba9bd2ec9ce54e541cccbd6f55e68644b02babb10ab633d34a9603f3313967769109db758b203f0a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bdb1268b112d54b91c22d030df8e28f5
SHA1 ad2fd6792a4aeda5d3ee6481b3245a18e84778f4
SHA256 4bb2575144cdc0346dd2564a84937163c6424ad21cfc00ae78fa193c46f99911
SHA512 238f9c7b5ae7ace822e57c796797fd0ee7ec9d222462027a4518dfd023068da8e4511700f5fdcf26315e88db80eabeae20c13ae25896fd8a7843c8ec2a5f36a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 379a24c63d2f6d549a025ae0988f97c9
SHA1 df808ebfa0aa8fcf4d547eead40d40db8f685a1a
SHA256 9c93258a89dfe67bb2f1796a92494761e43abd9bd8f4a3a0920692759c2aeada
SHA512 6decfd49ee61b1b2ac25ef2308b7c99cf7243b34963e4b187d41152d16376a862c29017d06ff8f65bbd07de40fdfbbcd825495bedde93c250b5932ad678303c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 376d3b52bca76f0f4bbb23fc3b4749f8
SHA1 241c89f1859cdd1fef0d9b20f5ed3067044d7780
SHA256 7e8e6a8ca92a90e858532e30817173457ac690d26af8375b37769a3c2a5aa5fe
SHA512 5f248738fa58fb3e6926aec1a8c7a03f9a194e4618d55063a60a6414646129b9d841fa9aa632d1e8ba822bc5d30c41786c2ce6db49ca6ffd297ca0fc1af40fe7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82d964e44d5aa900d37a65f8276c0724
SHA1 e6ae96a4a38a289a069c515db88d220de130c72b
SHA256 858da853fd348489b0d9c26facbc6c03578582fec4fee7d07a59d29fa55144ba
SHA512 f3caf29cf6e25ae77f39a0126e08eac3f4579e721223cb72c06493774b8343ccebf6a80f03935f196c9dd77f77dc816b23f9d3393746a92223aa8fea55114ede

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 776457aef5022cd8511be6097b7738e9
SHA1 085014d1be0343e1e78d5f5db0872b5eba7d5376
SHA256 614166f80e803d823f2a5423129b857d5ac8ac0687f9a42139e832354e34bb00
SHA512 67900ac3a7c1d497c18955038d2b7a83d8dbbd431159ec4c12528dc0c352b5154d3570d4393109feb3e5325a4088fde96aaeb47920e56cbeb3b406757c14684e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c307aada0379f74d8466e2c0e124352c
SHA1 962c15b6ed16165f8acc8a83425c5eff42efec70
SHA256 1fa1be0be93a59cadf025bae8f70ce9aa7155c25399cd7f9cbcd0315c7cdf323
SHA512 296981978ccfaf51801f25b776c77c653b704713f55d45415048229f04890ee0a02b8e643f7453412e9c4f808c25a5c6c36463d9cf6d72290571bcb6451d9628

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a41b383de565fdd75853beeb134f0d49
SHA1 ebcb2f103d1c5498279de805822318facf6e735c
SHA256 0ca4dc6d82148728f153e5751e654eeec5ee9e5ea8d2c1d64f8df15ca7dd7c30
SHA512 cd805c12989a5c121f4259ec0fdecdbc986f051ab646369b884bd922c72a0fceff4c29faab8268c393aa2855fc075b07e569bdce8ca86d323bd9e00b7adf72cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ab21f0d9837b3f9f50ef896d907fc18
SHA1 261c55a389ff6989fb40e57e02051cbb6e126e81
SHA256 6742d0eec4b33ed0799b2c5cb7e387cafc3c406ee49c3454b96050539b77a0f9
SHA512 20325c38d533820ee1f9154e907a592fb2eb4939d5ca37abf434f80919a8ba8041ec9fe32b834eab988e385127605a13439cca3f2caa0df7daf750a9332dff54

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\commercial-templates-responsive[1].css

MD5 d2d57678ffe35edddbc7b35d73fbcd59
SHA1 7c5bcc3b8ce42fff32f58ca6d3cb3976080b4f16
SHA256 fbed34e2bdd33cfaed3e147ada81991ab68936acf4d730bd69d5bd8767b5c74f
SHA512 7c512946d2a21397e880d2dc2c3bd711e664ce9d08dbf72037739939799091eca5136d18a9172e42cf8a3fe64e05dcaac2bf46f39233eb01e6a105c588c9ceff

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\logo_32[1].png

MD5 d724f117eec46e481190d199c7584219
SHA1 c58e1f52a0254e3b771ec84b9b1439a8deef1365
SHA256 39e8aee62b2045144ecb70ec8c66558b4bf5d7167e7b3982bccb77a9df91a672
SHA512 be393a577bc8df17b7dc785ade82a799a52e588fac8dce2df46b5d859e0993d88495c212361e28d9d150cbcd041ef99a0e36930e08e241fc6758b9c88feca1b8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\3pl5scb\imagestore.dat

MD5 364c881a5e1330be34c28b08a8d7b6cf
SHA1 640585abafc32bcc4abd3f5fcc21a0bbb02122a6
SHA256 18785031e81aa24a09c2d8685ebec357282784c1e6a60a47b993fa15571b3f2f
SHA512 34b55ba6cc15256875d719e3d0eb7f7a6e6b839c60873f02c9e9b40e04d757a38177194c4a74399c78c70ede1b5675dfc7d56886ee8f1fcf52a02d4a444f3ddd

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\Interstate-ExtraLight-webfont[1].eot

MD5 35071d00819547a959ef3450c129d77e
SHA1 ea999c18c0e8e7e315b8d7da2dc415ad15508dd2
SHA256 ed4be0eeb281602511161bbaa52bf6ed5d1a3354ea63bfe579a2cb65e9de576d
SHA512 559c848b17a49e6fd4263f3c632dc9f65bdc7e7a76d06bee152ee8087c300952a9fc228959cb009ef0334a249b81ed08bc6d712f703292b45b9b966fd1e82be5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\bootstrap[1].css

MD5 49c77034f0785fc340abcf78a2f0f702
SHA1 b1c879165b223337a7a60bcdcc49dd272a14765e
SHA256 90a80a481d428d8232aadbce17f45526f44a4afc51a138ec0dc3e40ff55233ba
SHA512 72c4babccab99a14f1ad7d5c37d74ce20735ec89f268ee2a47fb3fcfd6ef1c4c59eaf798e23a294b17782a65b9c9316a08355cf8fca77b652dd4d35e69e52490

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\bootstrap-responsive[1].css

MD5 45721ca265adcc4c493011d76a1ded83
SHA1 9b883050e161e6c84a3565f7afeb6b25919f3669
SHA256 6c1402d8ea799caa8aedcfbade3122c261cfcd69e7938b472c2da551e2258c04
SHA512 a6e831dce3afc34445be90f60617cdf15503397e9afb4ad7dac1a35fbeb54452e5e012bd76ba947d20dcbc91121ac469e3ac700ca438277fd7d8e4aa586eb681

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a323a4f79e8b41d416d582f0d43132dc
SHA1 961863621d3033f4e706bc42c8c446f19c82dc35
SHA256 30e6461da373ec8eec38fa78b4e927f437c9901ee01a3421ca4deaeada884648
SHA512 405e7be3e13350a0af0390995fbd72836ccaba579fb2a1b2c02b08ee698b94ecf6381c42ebb71638781fa8285cb7affabb23fa055fe674b968fc46d3445a69f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14ddc54a64d971d97c4990b8b1261fd1
SHA1 5029e1a4cb6644e05bc7fd4cd2bb1e67cd4df25d
SHA256 546984126e8f1861b48ecdc9f37ea6ead39104762d031f56bd936e606204628c
SHA512 47b1ca968117a147dcb1887f0730e4ab9356e9472cc8bbed1f1f8b7b666eb922ce22e35c5cf2a031dcf65d95c1d45c0a745111cc587cf596221873d18d858ae6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0893236af6d1dceaa0018171d9b57df4
SHA1 073d519e65b8db5d48a57efb9e3da14d736cc320
SHA256 2671e2e20dc52093df3a024adec7fcf0411ce103ad043d2a4cd7f8f34e810ae4
SHA512 a12cf4b2d73e1b75f87fe3cfca760e3a4bf88aaf6bb3ee5dd3d7fed7f7b6a852adf91140d8e62ba956e2064fd79af04e2cb0d2441259fe2c9905a2896dc11d86

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\commercial-templates[1].css

MD5 5d2119dc79bbb888c6e9627dc0e861d0
SHA1 411aa5cbee83b8bce91e79d066a030677a87368f
SHA256 68f5df4ec7c0f155d8a9ca37d7db209b0ae32eda220c0763ccb519c794dd2a44
SHA512 6f11f6d3372870902dee35fc5b715c330be628dd8f4736caeb4b878bc4711a33304cc35af13290a8767dadfeb933689aafe90b3e247ef7dae96c2211615f71b4

memory/1032-2550-0x0000000002320000-0x0000000002330000-memory.dmp

memory/1528-2551-0x0000000000120000-0x0000000000122000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\Proforma fatura pdf[1].tgz

MD5 4bb5a39a4ae33b5c902c76976c4b8d5f
SHA1 319b59e4d668b01d58d6c97b33f2361870c535ac
SHA256 832bf08d7eeebcfdb3671df26693eba42a18fc296152c747647760907c8bcda1
SHA512 b105ca80917d1c44ab03a1417ced4688bcb8639f515d2a7e5e47e6f3984d6f3e2ae4a04d08398ab5816c8c833cef459de9723dea676d348777dad09e4a7c981c

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 b50d98f029b191f1070ca4441ea42480
SHA1 9a4748c0823456d45f697e2567555fed5979c7de
SHA256 0ae8985bf46e9f1e4a4861e3c072f092b9d2315b105125bc445ceaa224cdbc71
SHA512 427959d019bd9182e529f4bf15419bfd9d8b17fc70afefa86ae5025816c46caec74b201b9789a21ca7aa35716f2fa8a427be4466b4af1058d49c9d5f9d4ec38d

C:\Users\Admin\Desktop\Analysis.docx

MD5 03067444b643f8c38d37f50cffed2ab3
SHA1 90c2913e6437a913a7f542d67c82aab002f2660c
SHA256 92985d2b745bd76ac81b79417b45d026dff978485b09dad5ac3fad2d9101d15d
SHA512 06f26814bc328466fe21123ccba05189e7f1255debb4c960c0d2eb9b1fe2af161a22224ce46f47be99c855585af2d6eee1cc78eb57f124ce29fba416062eb370

C:\Users\Admin\AppData\Local\Temp\7zOC121D73B\HZbCDaqwtPi2zal.exe

MD5 3d224ba8ba62dc112b7d560990e9841f
SHA1 20f0ea222f2c45bec0d67c51a0ef7f96214a4846
SHA256 0bcf8081a872408b3354acb39557396ad770936afa76ffe0c060d2fd0188880b
SHA512 3c49041c8774fc6fa225c125cab43e79ebb41e9b2f3225b6795f3e518ad0d73bdccbaa837f284473c0632d7a109db65e6d38d9a59c04909b37ec43f5dad462b4

C:\Users\Admin\AppData\Local\Temp\7zOC121D73B\HZbCDaqwtPi2zal.exe

MD5 c6285eb53a09f56ee9a250e80ba1df10
SHA1 f5f2fe7b8dadadccdddb1c2512e0cf1b3121ae7e
SHA256 04a69d58520cb7784b0d9a51dd57d369a3734b90f6b1ca77b59abbd058f192c4
SHA512 7addfe9332748f0c1cc75cc673885d1ad5419cbd024f50b8552e6fc8c4c341d1714f2fab4a01b331965a244dca8297fb244e4aff9de835704e8990cc5131bbad

C:\Users\Admin\AppData\Local\Temp\7zOC121D73B\HZbCDaqwtPi2zal.exe

MD5 fd4c70be1c70edd5b8172ccc1886c280
SHA1 81381311a76c49f4a8cbd9de9ed658500cba73cf
SHA256 f3b9e9365893913ec7b1721332d02cc77ea9d4809ba9f73505a4c004bc5a1305
SHA512 e7f1020f7c89c3c809365a76d9558f986650764fb466fb93de4aeed91050e670eca0d696c82e817fbd6d0667efd3db729cdaf38f2d18e48b8aac306632638973

memory/2736-2607-0x0000000064230000-0x000000006491E000-memory.dmp

memory/2736-2606-0x0000000000FD0000-0x0000000001088000-memory.dmp

memory/2736-2609-0x0000000004BE0000-0x0000000004C20000-memory.dmp

memory/2736-2610-0x0000000000570000-0x0000000000590000-memory.dmp

memory/2736-2613-0x0000000000450000-0x000000000045E000-memory.dmp

memory/2736-2614-0x0000000000590000-0x00000000005A2000-memory.dmp

memory/2736-2615-0x0000000004C20000-0x0000000004CA4000-memory.dmp

memory/2588-2625-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/2588-2623-0x0000000000400000-0x0000000000442000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zOC121D73B\HZbCDaqwtPi2zal.exe

MD5 7ae06db6e592d2bd974a4704993a0003
SHA1 20545d62262ce3d2a498d1ca9a5b33c1a4fcb7bc
SHA256 c0efb868ee8e05d605c91f0185e170f0d5aa9d3af5dd855a88dd41e856a1f046
SHA512 7772adaf1cfc9b324ac1bbf84c00acb3d95e88d585da070589ec371196ceac4bdc91c8637b888eb62b9ae52dda379c1e7e686a3a3c66eacaca3128e4ce6cded6

memory/2588-2630-0x0000000000400000-0x0000000000442000-memory.dmp

memory/2588-2627-0x0000000000400000-0x0000000000442000-memory.dmp

memory/2588-2645-0x0000000000400000-0x0000000000442000-memory.dmp

memory/2588-2621-0x0000000000400000-0x0000000000442000-memory.dmp

memory/2736-2646-0x0000000064230000-0x000000006491E000-memory.dmp

memory/2588-2619-0x0000000000400000-0x0000000000442000-memory.dmp

memory/2588-2617-0x0000000000400000-0x0000000000442000-memory.dmp

\Users\Admin\AppData\Local\Temp\7zOC121D73B\HZbCDaqwtPi2zal.exe

MD5 5dcf83bc7add78cb379d4da76936bac2
SHA1 4bd94fe7d5dde3a864fe8a6136ca5ed7677ea1ac
SHA256 a82c15e07acf24ea413f8bf60c0feb8392cdb5dca79f0f9b0f240d4a28ce6095
SHA512 d71eb567ef596061cf811130f6cc65c432db6422b6149ec0ddd32bb6ff25de60462f0f1e9ec4d29b055de36f56cecf28155ca47a106fee5577dbc41d461a565e

memory/1848-2650-0x000000005FFF0000-0x0000000060000000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm

MD5 a9d0a3e6e7fa1d867bfd880ba007f90e
SHA1 5da0862c321a357736dd520f1359d1e910e6dd61
SHA256 803e1a1291596ddc7b8e3a0d4835c24e68b1c1f11835a06401a87737a0aa2339
SHA512 423dfd6319e6d986157e470c8de748d8d89a8e6537f24595bae882fb2cae0f1db9a29e09779690cffb3e3827c47049182239edcca12f0280065719d9d96ba8e3

memory/1848-2651-0x000000007328D000-0x0000000073298000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\~DF1DD6A2F6B093E416.TMP

MD5 35db0bb76d750e84b36e495f159c3afb
SHA1 4ab25b2673273e180d001c4e6ec996efa2e0e21c
SHA256 7f0b751c7c34d134132485a0ba49449fe84d48b969593e571553f5383a6489b5
SHA512 6c54219ce62f10d3d60c263382e42147d58459dd5a9a582611abfa67e9557cd990f89ffccb819f384ff4d573058b0684c548c08afe4a1c91dc236cd143afbcf4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\query[1].htm

MD5 e16a93d4d1ff492c2f93b0fe8698ed6a
SHA1 c7e4076556754341e98c9cf82acd197294265d98
SHA256 5ba361263b027b52bf0b1e467eb6c2674a2be320b21bd765492423d27c5cfd4d
SHA512 42dd88b564ae31dc70214f0c365e609f1d21475d52d268774fc6b2d540f68a480ad0f5b2e12310c7ea1a2e8150a73d5fe7cbc7c6571f517cea2ae9b473b8234c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 89f4922a7587a9f92f626d7868051285
SHA1 9419dc4f12c1cafefe5a1a12997cd4c0ae5d6702
SHA256 16d4c209625f423200c0a930685ec659bdc58c7e5c7848d0008979311b945ce7
SHA512 009d7b6d168824bb8c8c15f256502673af694fec8b7fd3761567bddcb0c40500d77de42c13313fa33e7848d8380d097cdc4c14dd21e71023572de5508127f9cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log

MD5 a2f36fd75efcba856d1371d330ed4751
SHA1 fb7c3dff0fa2b47c6f0026287d12d16d05d14d8b
SHA256 561fe33b81dac187686e9e50103590f3a857f4e1b9c8ada714d43964b938ea7f
SHA512 79ca96560a074fa678cfdc06007d0e1e01718831d18c4a800c5361b8ba8091b46acada47418a8d7be3b626d2d9af5cf346abcdd88166a9d1634f81157ab1ad6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

MD5 979c29c2917bed63ccf520ece1d18cda
SHA1 65cd81cdce0be04c74222b54d0881d3fdfe4736c
SHA256 b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53
SHA512 e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007

MD5 1be22f40a06c4e7348f4e7eaf40634a9
SHA1 8205ec74cd32ef63b1cc274181a74b95eedf86df
SHA256 45a28788cde0d2a0232d19c391eae45777fe640790ac0674d6daa5672c444691
SHA512 b8f6f42d375e3ad8015d744fa2814994fa6e588b41cce0131fca48194dd40146b08169a8ce0da350525ff32a59a16edb503c72e0f07254955c82a0d38074856e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

MD5 9da150078721d34163ba987707da7b6c
SHA1 f4d596d12b8f3328ea598cf8b1d6bd093d9f0bc3
SHA256 a76ac1e80e68311b079014a4e5259b0358fe4d9a75e8d16674cdac5c861c26d2
SHA512 a7ae7e06bb5d9e3b8dd271763fcc761f53f6dd0b59e75bbc1b861eb4829288bd46404e774092054a768ad426f4adec6d5abd712bcdf2f1135866ac0616ea99ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000008.ldb

MD5 5985b66f43b0101f2551eed9694de895
SHA1 210997c99c906621c1f5ac03c56834cbf8d662df
SHA256 84295b7ff170d99b3c39f5685469be69af5702f58bfb52bf3d2602f8848cbae2
SHA512 f1f2038c772e23bd41e0e49730e44b3d3e697d0ebf4b2e72b833f62119512aeda704c1087cae8d4db9a2cc9098ab20e9f964c1cb94114466cd3cc0692a5ac7cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007

MD5 1c0c23649f958fa25b0407c289db12da
SHA1 5f6b10cd5a39fe8c30353bcf4cd4e4a60ef35574
SHA256 d5134b804a775cfb79c6166d15b5721d38ffc2da11948a6c1263595d6c2941cf
SHA512 b691e882018833a108bd286bc76c55a140d00d5a266617a3a381af1ceff01aefaef17acef29d14dec931d7051455726cde8974cd04cc07302f1c3cc452fe2f52

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13353163900937400

MD5 d5db8e288a831d74e29632f959644610
SHA1 71bdef501609d2f6a7cfa4a4f782c51275199877
SHA256 0781928e278c4ee0f7cdeff7e0e792483e82512a1bc8840d83bf6363d03f90b9
SHA512 f019b039cce038e02cd40d7a29c9076bad131cc32b230471f1190ba348d2fb37611f90c2f682fb05a8626e9612b9561a56a7b381401b43a3fa1f5e23fdc4d6d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

MD5 540869983ebf03f4e8ad36e3560d5371
SHA1 ab32b29ccb16df61cd290717145c57a8a434ee80
SHA256 2d62b14fc2330ce24dcf8b98b10534b941b2bec67176b20052c3a8c302855643
SHA512 b04dc6e3fdda3e90f9635f44ce97db0286efc4f962c7c43ee3cfa910ac7c897549e69a16dd37832801ae5055b92a77253ccfa3ac4586791955d4bae365f5df8a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log

MD5 fe62c64b5b3d092170445d5f5230524e
SHA1 0e27b930da78fce26933c18129430816827b66d3
SHA256 1e1a9ca70503efd8c607f9bc7131f08aba0476d75f2586dadb4da5485a5315d4
SHA512 924daccfbfb0c0464b4c5fd769e01a8f2e96fe28b635aa27ab4cd91766b05b03bbf941af14c017436107673f01bad815ce1fac2a649e745c76b3c736994b4fd2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007

MD5 8ab225ff306b0773d7cc0d8a24462879
SHA1 e6022b87fb10627a496b1e4d067a8efd7aa4f7f5
SHA256 6fe89086a58fb8a42660bb85ba4da2086d8d23044f7ebb809d43cc03c94e9ff2
SHA512 d5d77d43ac14812da6c49de8f2ac4b6b17e02f6e4caa9945922698f315800f2a2800758fe9ffe28e4c6ee125afebf0b4d722e447863e464c5fac70240a1850fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

MD5 7ece5d56ef4178f5576cfb1ba917aa13
SHA1 01bcae654a1e4cc46e157961a115ca598b3c2f95
SHA256 fcf167f394a2c5625b9b5a0b26036703e4fd7de379a2485b50d31debaad51d0d
SHA512 2740ef54c7020533f705cf4b418587d848a1239bd3b1748014ae8a07db59ae80cb4474d16492491bdf8abac602d3580abf3c28b2a40efc66494612bd8159482c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb

MD5 b4018e05571dfd1573cbc420fe0ca9f1
SHA1 aa492be59c577f07e981015aaaeef3ce1c3884a2
SHA256 4c15984b51b2a0bc20450317ca4008b5eeadf8c1299bee38751da435747d293d
SHA512 657dff8b15604b6cad5696f9361b84bf6a594c86d9b0532546f0f8f8d8ceaf38be8afbe5c991be2aff5840b749b871fc6e7becc0c3a80876a50a19f63f6bcfe6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000010.dbtmp

MD5 60e3f691077715586b918375dd23c6b0
SHA1 476d3eab15649c40c6aebfb6ac2366db50283d1b
SHA256 e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee
SHA512 d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb

MD5 fe7ac6296a783949264d5abc8d69b443
SHA1 32bca04fb95f953deb38e3bc05c0314362420b76
SHA256 ee1ac8b2768e40583cad98e8edc274ec882384c4776b3fa07b75a6070d0b6ce2
SHA512 e4f55e14469880ba92bbb61d3708d3489f56f195d0a21938c9ab14588a29172258849c84b72d3405665889f88a55dadeba6c5a02b211c44c9ded24feb76ddbfc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

MD5 22b937965712bdbc90f3c4e5cd2a8950
SHA1 25a5df32156e12134996410c5f7d9e59b1d6c155
SHA256 cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb
SHA512 931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

MD5 03d881fc5a4ab4013bd1b30988abb179
SHA1 9ad861569715575d7b676e5683b14dd3cffec304
SHA256 5da7b30f55f920166ad821f532fb95bd11546bf63a228fc41357aa122fcaf5e8
SHA512 29ab8ac2c642a83086266f88ffde8d71c96cd0d98812fac526e0a0adc58d8bc7f99760ad19a71cc38c3ef5edb9ab9d642ef6b665bf4ce336260b0171411e26f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 3e314bf74ae7be73a549b3cec6bdc8d5
SHA1 6357691f4c4fd0068e29350c43852fdcfccd4bfb
SHA256 f65d0dd2872ceb68ad39f36d0a358af77932d9d91fbfae18ce5bf255b00ca89a
SHA512 e6218ef19a5db75edf5e2dc533a8a42c6324ed8b1419f50ee2e12d9dea3c2035acd20adc7ee1f22c363420496ddf2348a9174814f7cc831f61eae376aa27c727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 b197c1838a5ce3eb3b8e96220569a564
SHA1 7f077aeab5782fcabdd9a880fc341ce1340c0ac2
SHA256 e4cd34f72382e1210f8bf092102c102d45bc32a973a5b207ad1c1f213ebcdaee
SHA512 4248e13c81bb4540921b4d276c0aff83548b19271858f75aa2f054cf5573017428d085079585c0dd09b1688a9516b65238b595a4d733bdd108a7c62ace9958c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9bb66dcb5cfa4b9f61ce93bec672aa52
SHA1 4978f3212c3d527da457dd61bdac9b9295953cb7
SHA256 81e936e104af248348709c5a06148a36bd72e6c274371a8a2ae0e51b41219ab9
SHA512 b23f6e7b64ca0bfbd0d2a0be60934b0a5062519b9b86c87338c30739cf39ce727c0063182c8c3bc2a46cd6095258df686356e3f23a76132f29769b94c0143279

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 9eae63c7a967fc314dd311d9f46a45b7
SHA1 caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf
SHA256 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d
SHA512 bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

MD5 25abc125ef053cca06e0c9323dfae318
SHA1 701763c50027fa1977ebcf76a0b5c4ca8f9b2fe1
SHA256 c0c9504fce4f594a573e2f7968fa05309642bf4952b207a11ca350178abfb82c
SHA512 2a9d372d852e2c78b5f857a6903260539c0d7e690ad92e472843d506f5163cfea1cecd94f33f099c3aef6a3f80b1bc60ca4b050c2e5ae4c01e992329c9878245

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000009.log

MD5 e9c694b34731bf91073cf432768a9c44
SHA1 861f5a99ad9ef017106ca6826efe42413cda1a0e
SHA256 01c766e2c0228436212045fa98d970a0ad1f1f73abaa6a26e97c6639a4950d85
SHA512 2a359571c4326559459c881cba4ff4fa9f312f6a7c2955b120b907430b700ea6fd42a48fbb3cc9f0ca2950d114df036d1bb3b0618d137a36ebaaa17092fe5f01

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007

MD5 b6d5d86412551e2d21c97af6f00d20c3
SHA1 543302ae0c758954e222399987bb5e364be89029
SHA256 e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191
SHA512 5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

MD5 72d492d5e9eaaa4fdce5fcd3a3b67efc
SHA1 81fafe230532c05a18564414b3b616127ef0436d
SHA256 c3b219a457e89a1c610bf7dba32715bb38c62e0015821673336ae29dd5f32e69
SHA512 891e328d59cd75f25faf5abca0c7841f699a3adc9328d2a1421d5aebe0af9e60679f39a618efddfbcbef1c280d1bb0320de5bd5029b68b66697e89f830e92f9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 debc83e05897f7be86426b03c0114f85
SHA1 2e6e67d3a197b954ef8aef9b6e2b7666ccc1cc89
SHA256 55777e426594681eca0ae8e77c844866b246b04578f57c4b88cc79db565a6e08
SHA512 a5e90b6e7e60d0ed025abc11b6da51f7e1eb38bb4cf1db54efcaf7d07d6e5640eb76398fe98cc1f1a6a511fdc6ef9678e29feeb35c5b836a6a73cbf9411dc67c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5743972e6125d34c1b54051441f802a7
SHA1 3669fe21fb97f5fbeca2567296bc2fb0b43326b1
SHA256 9119ba59b2f5ac5ea7bfb19a23f63d99b116ab6538c74a0bfdde92d343ce2bd4
SHA512 bdd536cd413817363aac7dfadc2c12f4267a21448f0f145649ed4c39b82a5d5f6e170430638e3bb38af55c73e89a514f056cd2f23fded9f41bd02f59933f3080

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\2af5847f-39c4-4993-9ae0-232937240dab.tmp

MD5 c2d7db1a74fc748503f90b9e39ec473f
SHA1 b1e1604cf87be362d2b6151a05f70d80a0d1d665
SHA256 df99820cb0f444b99a88697b607190b923dfff33e128113ca356e2c31d42931d
SHA512 5b75810403d7641e50db8a4aee9d7af301d6c7a0b177f5052bb6005764fba0052069d43c9272bb100cb75b911d7aa20056b3dc3b09439631c9350893856d1812

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT

MD5 589c49f8a8e18ec6998a7a30b4958ebc
SHA1 cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA256 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512 e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 873734b55d4c7d35a177c8318b0caec7
SHA1 469b913b09ea5b55e60098c95120cc9b935ddb28
SHA256 4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d
SHA512 24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 b82ca47ee5d42100e589bdd94e57936e
SHA1 0dad0cd7d0472248b9b409b02122d13bab513b4c
SHA256 d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d
SHA512 58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 010c1bf055414026555305826cb8bf55
SHA1 1ed0342d26ea0ea9b4862e81239d64656dd4839b
SHA256 85637d1a4e2e5f39f5a2c5653941367e23a073e6d61d8584ab966a9ea7a8a2f6
SHA512 da0241ba0fe961badf1b1ac8a9c9a044fa6e0aad73a9442b29c9962135c1308647d8481dcc0fd4983198656c33365a6e57d3ff6f6aa737c2583fb99134a3cc0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 450308d33d8ddc88f1dfae3b71b4a405
SHA1 52d30d84a14496817b37d780049918e5c42af524
SHA256 17a205113008346f66b0cda66d69733db93fb515736f6ef07435de939f3acc73
SHA512 73e21440773b9d07ab6393f5f696799e58998fa3a6f50f30c05e268829b0d7946a5305829d0b8ef43217d3208a6770f1add8db93e7e74ac20a5e36535dc66702

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c71973c3e786b8f9f27bbc1ec6c8c2a2
SHA1 af627cd0fb7d280931e1992a115f42e45696124c
SHA256 7cd134feec5a6b076fc0c054eff2e9e60afacd57e10e6541d13885c9d92ab317
SHA512 bfa6573387911a62f556f0655fc04b9d9f377a444b2b5659f8bd3e5923e2d12fe6f4f0f29c8e61c7761941e9dc973d7f314e07113b44d8868ba0b1a892e9eac6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 625a1ffa0ed7dc2e7c84889fb232d34e
SHA1 3c8f3b1eeedbf841dc2a2a358a30883b8fe51cc3
SHA256 042638b5348caccc1356a008ba5e8af9e86671c338e35604eb530f3872e9918b
SHA512 db3cff075a5d8d3ca397eb0c09bec5a8dada3b336b43bfddd472916a5d9d596c020c46ff8f6f8183adabaf8a8bd052502d5240fe3b5d9793557cb4c893dd7700

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9685336a9eb6860ce873d9eff517fdae
SHA1 29a43b5314f81ebd832ee1f157e77ac0eec25d33
SHA256 4052a6b19557e502959bbf74cc2d9fa1b0ac019e03894c7587216f90a19f6580
SHA512 841ed116d61d07e5aed7a2ebfd33a602385ddbc5c636d81c0098e49a3835a9daf9e3c53a8983026ed59630624146bf936ff9d82816de35b165a7d2741aeb408e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b42fa4114baa138673893c8c8aa766f8
SHA1 e427260bae71dfe92a65436ab8510408a7fb70b4
SHA256 611925e4ba41cf3ce4935413f2c1f8a5384e0634ec6f8529372438f134832802
SHA512 1c8cc21107b5ddefee90131748d52211a693e8eeaf97def432ed7a0adb4cd13d61b3ad26e7fc3cd6ea794812707ef395cfe4c4611faa12a9303c99dc17ef8cc1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bd669729d33f4b183cdcd743d12f0e59
SHA1 e0be33dd3b4b2d509e2d65f21e9f243b65d6137c
SHA256 7815951a1d6328e060cf771c3dbe61e3d5819c6a13bc4f13899947145ab94717
SHA512 eec082270c538122afb20bf920a018397c3ba44e9198f2339e8aa514ab5d5c79e26c0957b671fe0f81f79e29ebf4e6aeabc8119407138ac912c64b4082eb3460

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b82445f2b43e9811268b3fec8ef51889
SHA1 d540e9a2ca0c5546286f93220cf1599317c02f01
SHA256 636dbce3811c9866d24f29d75204ba8f7e0c72d6422a8d3fdb7a4dabe45bff5f
SHA512 29da48d05258504078a856172418efc5fd6e271a86aef5b5c9773a32b657bb396de1cba7888159d74e81dcaa94eccf11e43145ac75bab93dab48415c5dfa2a79

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004c

MD5 1971e737391eabf87667012e84069a5a
SHA1 8fd29644afc6da70873c25f9bf9d1c495c759843
SHA256 c9aab23276584648e971c3745fca3bed6d9e4c7e373bf3dc7ad316f2aef42fd3
SHA512 23062a1d410b69532d3bf97ec7d1fa3c27e974613326fe3a3d80f909d595bda78f2ba366bcd612e494ecee1af1493264d0044a26fae604466e5437a25da6280b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

MD5 501c12d711b4a2782b4405cb18d150be
SHA1 a8a8297e83f92611a659475f3f3c5c8563c27630
SHA256 58f697b896dff041a0269124907bf106157c89950a12056b8284522e0c677a8b
SHA512 97a9e361dbe53d01cf9e8095cdadab3c4c94680572ba567f6c057cb42fef2c4a57e363cd9e2094b527447307f85d30207c8be0ca9a9f471e023317e3ab61be9d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

MD5 89d6b9301722b7d446e5d88639d8bfb9
SHA1 4d85b53f1bdbe32711205d2d5d529e31b1eaecd5
SHA256 fbe83e08416365d6759cb43f90ba15ca3423df8d888eac67bfa71751d735bf66
SHA512 e71a3ba44867cac03065a401d53ff0b4b7531629cfe4132f0999b1fdc6681d8df8d1117feefd6753dc0a2ff9d308fd32d75fd284ca060654249c6dc3e22acb95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

MD5 dc75b590a40d13a51463107e974c4446
SHA1 742bc8855d65ca8ca16b7c2efe2e9fdf5ce34014
SHA256 72b6cdad37cdd4cd296298647ac42284a6ea8a2ec5152d62b32a4f06045a8d1c
SHA512 3084361b6fec39e55bbf1c75860214464f8fb942c38f77791a7caa391a38439ac9991b5baf162b1445dd71a23334679040e1d43dc4afae6791106fdc30a799e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

MD5 f909660be05a416ca9cc39842bf33b9c
SHA1 b136a5d370136a2639f6e9ef1d78c5bb9e04c741
SHA256 341e52ff8eb70c74ccb06afb90ce0bea5fa7583ff5cc9e06f5df81805ce7ad52
SHA512 750c4bec455c8943fcb2af8d2759ec8b28842c1a0c84cac738ab578e5ef523ef72fa25ae3b1478843ec330ec7b59cdf42170b0669e0a5c077da2658556673f59

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

MD5 5fe82c87348d33ff41cd953130853ab9
SHA1 520ee09f0b1e90fb029c077aeca5b6d4339fbf46
SHA256 3d0a0fffc7cf63937ffc9ec2655d5ac522e3c9df49f68f1e4245343e515d8116
SHA512 7ef0db39e6aa9def447acdff21f84ff40b0f2d38873c2e64bf31fb406b4239a429b1969ddc3346114ee99f8b99159cef999c4d7d83e9307520b883e31dd78adb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

MD5 5627f81fefec7c1ba03b98202ca529fc
SHA1 65d3df8c490852fe2d92665489477092e1549f20
SHA256 c0f9ba97e23339deed2c0cd262887294d7567de9b5fd2ec88a8f7b9c63a8187a
SHA512 a46a3a892cdb4ab16701930d78797b00845b4b428498e1f04bb1ad897175b1880bd2ee5a25da5588f2e7b4a74b682d1bebb29070d2570f2c1d75de488cd1b9cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

MD5 c0e8d427fa6040540921c876f02d4dd2
SHA1 d548dd2eb319fe2ec867678277b8361e7ef1b572
SHA256 381de580d0cc5e4b3a4d8c992ef0a71c67ef3b0b8a698777f260dcb391df2788
SHA512 20027ffb598f2d2c2832d509cdf283726830884848abae3c928e98d3fbba06e7df80387b413ecca6767a76b903858ed7b61e6b08b556d46fdee3597fc4ba8ee6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

MD5 4787dd34ac59f7876fc7a3e8c4d3c01c
SHA1 0a2fa42f0b64a361f9404802fc4eea75da616df5
SHA256 cebb59025c724f97697d4cfabceb05bb69c991351ef578467104cf1cbb35beee
SHA512 fcfe75082898e159cbd1b0a2d449df81c577c04822ba598431c179d40fd9c87e9f01376691993b8c1860c189543c1a16cb8512d60d01270bb411eec229b5caed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

MD5 8c31fbae90811804db0ab3b2456ced8c
SHA1 811d97a6c837cd2a3f834fc830bfe335b4425d7d
SHA256 e61cc00bf5f00af417a795492269428bd803dd99d5395792e28ff3ce37b9e387
SHA512 46587378ac67e667fb2ddd11934e95f515426f7ef7ffd5d3656fee6dd1cbbe47ba3bc37b1ed7ba4d61f9930d8ccdbb5568410098d911498eeb420765d3eb22d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

MD5 27315aa14fece0ef5233bf50b5440e24
SHA1 eb856f539d59c99a0fd42ed51593ddf8c83c8f0a
SHA256 6e74f48f100c80327b38bbb8f7c845ecd772f7a010aa41e50d96b95e13fe2ca6
SHA512 75b0eb17321268b4e2c3fa1795d924949d4e95dd0e016b8fec61d238cf5f9dae1b6af6d2a336aab339ab6ec810340effb51161333b5ceb4f8e66ed200410e038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 26f445ab825ab80bf56b6af90825055e
SHA1 e764ee4a9b7c637493a60d81f299e662f5fa9c17
SHA256 4a0dd8d38436b6c6a99419677b5f9295f07eaf91e48a20e7025d70dd07c7c09f
SHA512 47b6c0fd4b3783053146504ac395b4c0e97e744c34f4dabb945396a72f3af63a0fd5b220bd3f8bed0c5207806bea4277d06ac046d0b925e540283569e293458f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

MD5 e2b40aed3189f9692d3217cf524137a3
SHA1 cab7c49afd93aa6c6a7547507b769d854c356b0d
SHA256 16fbfaeb3b61fb8365f67c6585a0a218da653828467d8c16174522c7363006f6
SHA512 07da8f70883e4ad17d415ff2fb68b24cd761a43eff8677e5ca860c87f468f49043529a74822b8ab6b08ef17d4c59cd2b03a5b59e96617960e17bc497a4812265

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

MD5 c798cfcf6e474347905784d759bdc9d8
SHA1 b52b669faee46fa11ac575cdc8c800612412ad92
SHA256 6ddfe42853b7114514a6dd22c221c9e13831314c5de1f063cfcda1031be3c82f
SHA512 bffdda1a1c71c13ec6516275f47cf3080530ff06d198a92c8426565bcb48a3611b422ee6f5945f1ba2cad48b80e9d5e1a7c3ccf9cd47f0a1e61cafc3a64787e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044

MD5 130c715097c9a838a6b48f62e5e97a99
SHA1 a1cf3c1d63de2c340e9d337ed714b760a92e9120
SHA256 b5a8393ca9277ac7e2fd4033d13669afb04fa0a7e04e269e88a2316ae144fef1
SHA512 7eb66b47004be11a508022056ffd24ce6273d53d9528a24234c8500dc52d592d3662cfb3e4985f82001661a8fb7ab0344da288ad31afcc2208214f844c5406e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046

MD5 9ce259904849c13e4e082bbb136b9bed
SHA1 c5d49bd681e72e46a3f6afc0136e1c2b15a89248
SHA256 6283b261e2faca0872cd4200b78788bff996ed8b50e99e5c50b10b07c2277285
SHA512 2ed542c651031f4fe90ab86e80aa49132e024648f0885174ca11a64d4e9e4b765d70b55902be0a228a131ed34ea65f858fd342a636e35ac35525cd940e406c94

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000057

MD5 5c9378ed9e195cd6b35e37ffb577e18f
SHA1 5d137828826e1dcd1ae6edb131b77ae1607f2df9
SHA256 94d9f8df415b0619d37f22686b5e6ebb344289c4f4953cd890dcbd840603af82
SHA512 7c581749a55a400d93083e0ccf968b3295766b3b6ffaa216510875e07505cec0fc792ba48dd788c6f89659a3ed852692d8ee9c8b3bc63d5bfba959e917036817

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000058

MD5 56a2e179e1b1eedc4441c42366b96b36
SHA1 85ab84df21d78c9781b69d689940b0e4f2320330
SHA256 1feb26e74b9f0107264f8161462fc11a693376e2b0c79428bdd86565c2378f34
SHA512 8ab4d4b46d5dbc72624a1fff12be51e71cbae916f6e6de48f6a8307b185c268e78772fc3d6b2cfeedc5f5f8823a5f44be26cc6d38919f1dfcd6a0af5a8e12e71

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7ffd888272957414e13a61e31c9fa9c6
SHA1 48c4c533cb4a6ebe49b8a6f011e7f35a0ac6e8b7
SHA256 e6210e84bc72512fddbbba2e461c8759134678543f9ce0eb692a136262a2b399
SHA512 fe3a3e69a7dccaa2702494dfac9cbd395d23e2f470563519d8edb3f0c7c3628b75dda371cf83ce97257471e628a08df6f05e2f83b37ee39e05d9110df751f019

memory/3468-3299-0x0000000000400000-0x0000000000413000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 eba178ef714bdecc50a18ab3c3135521
SHA1 910dd72d58e354a0671644b59f0fc8441d24c61a
SHA256 a65b53992909795ad2fd4ef04443125550e2ccc86f0fa98d013520817a5f19eb
SHA512 22a4d6eb207b84aefb73e0be4ca8bb13580b089161c61d770a3d507fbe32c6749daa576d3141d89d7ca5ea60116b3a7fcc695cfceaff6b374e60e3bc39fa07cc

C:\Program Files (x86)\HashCalc\HashCalc.exe

MD5 e922301da3512247ab71407096ab7810
SHA1 67559307995703808ed2f6ff723e00556dbb0e01
SHA256 72b08ebee27f2e57670300acaaa274d1f127f8ab0383d90d7498e2a6257761fe
SHA512 832c9320490a6e558c87612da5f39117ceeddf0b89c69108d1e52c171f8e68aaae46e035e0a9bb1a4f9d1fdbcbe7b5274eb0529215105edb46dc6c43db865f50

memory/3520-3351-0x0000000000400000-0x00000000004B3000-memory.dmp

memory/3468-3352-0x0000000000400000-0x0000000000413000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006a

MD5 9c48a0a5bd9686c757787bf4de4d332f
SHA1 9ac19a0d956bf1ed3335b3d9465cfdde99815f4e
SHA256 37062435ac62d6fa676dc75b1daa3721284b593e66e96854e00d1537daa0aa24
SHA512 c8f5f1082f3e5845346e3b463a2c6ac827b8c83e36f2da6b9f134980f674aea1293b5b7c9e80674bed7cf8276fbb19a82372b629d118b7b83e2b0bb29176ad7c

memory/2588-3401-0x0000000000F90000-0x0000000000FD0000-memory.dmp

memory/2588-3402-0x0000000064230000-0x000000006491E000-memory.dmp

memory/2736-3403-0x0000000004BE0000-0x0000000004C20000-memory.dmp

memory/2588-3404-0x0000000000F90000-0x0000000000FD0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fe4a02373a2978be0cdb85dc1c707b46
SHA1 3d95f7058d1860b6a38a113f41a8e0521634c254
SHA256 b7511eec94e293221c9b350f8faacaf6c7e1837a151e79e54b9a3dc701d5a017
SHA512 294d572179f1f0ffd9a5b4af54b0757d021698b42e63911714bb07eadd032a05b5a4641441a452ed4f645fb3c08f32ee6853fba13fe1aeb74e55dd633dcc1d54

memory/4608-3441-0x000000002F6A1000-0x000000002F6A2000-memory.dmp

memory/4608-3443-0x000000007328D000-0x0000000073298000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 7b527847c4c9fc7df868d8cdcc9dc384
SHA1 22c8f2bcb58903de0eb8a540fa397a641e70dadb
SHA256 15761e6dcc1684cab10b1aaabfaae90b3687283fcdef7c8cfc9a86a32878e12a
SHA512 1cf018e55f76d44bd3f7287c2cf81549a3cd765bcf37158989fc06b56e956150ab0271a2a027e3b7a1bff969bc2a2c2eec51a740cc70d496ca4cbe2533132b47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b620e42e52d13cda60ad146b04de3574
SHA1 a6f0d1cc77456599a693b78f1eed284b7f887d5b
SHA256 ccdeae50938b6063a2769ff26bf2ccd4bce06eadd124d3cddc129f429b7d1e06
SHA512 085a171d5326cf1640a002c2bc943fca0d2a9854e1ea994f6893990a3ab375db2140797a6f7fbfb03342e0a56bc57a447bfe43ad8b5277a8ae885566527f10a0

memory/4608-3468-0x000000007328D000-0x0000000073298000-memory.dmp

C:\Users\Admin\Desktop\Analysis.docx

MD5 c2d6fb1559a675f9c4663af96ae0e101
SHA1 fad807288b980cd3fcd95b755dab4cd23e46870a
SHA256 b3e50b3ce090d4d803f179797eac7e4c2374fbc9ef2592a6a4377611ad0475d3
SHA512 eb3f16166ab72a4140e3f75c6bb751e8b958dc6e211b5a11629d52be72403f3c88188702c968f1f64cb1fb50218795f5e398b532da23e0a8c9c3c69538c3be6d

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 895a822ac04ff9e2e12bfd4bc786c012
SHA1 d5b34a85f27d772bd4c971f3d572052a2d554854
SHA256 c57e5d95e500e47d9eba03c7c566486765c9335ec3f561a526799817803f0242
SHA512 6ea3f23e372cb55a390edee053eeccb3b30e46d1fd1246929f563f2240ec93930d5080a817c39a039ac1c298f9bcf9b8d771a1a0503764b1b83dd4d5f1500d35

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 060c653dc569e001bcfa28e85751ab5d
SHA1 7f45b0e6b6476d3b03cea03e5fdf84609c9d855c
SHA256 57e67854b172c454c39e4c08f7112f1dc21833875aa6b9b16b75537080fa9330
SHA512 ef27c0eb5db20845f2c3eec98b7d6019b23141b4a0d3280b6989df9b3206de3f1e1b6e1173fc42afc26dbe6470ef1e5175228326ad7688f5a54f8040823f9cd1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 38ed438830929617a8dd74e1566d2ea2
SHA1 930bf27fe32357d4ac05549c548655f9dacd0a3b
SHA256 d6de400af012ed0d0ed51543ddfdcb05099786eb6a44c208cefabb7ebbf285e7
SHA512 078d85336246391b72ad54fed9bf58200cda9c1f3cbd1ae4914dc85e78e2108abfe3847b33c155828c404cb0dd8afa71e84eb13ff6372b0174695d2b292bf021

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 03f0441f3fdea757d2d10ae402e4b9de
SHA1 9bc270b18582f750b9a9f33f6d584dfc8ae33716
SHA256 78a0a639b2a9fe1126b45947b9706ef1deb1bc57669ea1c52ee31113360939d1
SHA512 06c6cf1700574ecc574304bcf0db69eef5a84c6fefe03eca6cf428933fbf879934d19a3b95f769e4fa038d71435bea997d7fd4ec3ba0dc51dea2fe389ee70047

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b6

MD5 8d5a29da38f6a618f0e1eb3f5b1e26be
SHA1 1eb26474ef2908d939d8cc3da670e55ef8418219
SHA256 f9b094a95d2c3a0586c7b8638a4cfa73ae68e2f6164343806b750ca33e337ad1
SHA512 ec471da2cdd6a11248c85eb3dbf5bffeaafd11d5fb76043df0a294f27266b94eed4edd8041ce7eaab11c5337a7436d11fcffdec818280b1ddbadbbaad9874c50

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity~RFf855d8b.TMP

MD5 d559948ea815026ad5047c882878a63e
SHA1 b9bfd106861cddbbb8f6e98619da43ac168cf464
SHA256 952243f1d4ffcaaea5269b14737b5bc08fd6cff0c3931a091c5c34c73ac838fd
SHA512 f48208067d1b45c31430dbc391a4f76bdec1fa2ef94ffe7590c36960943b8000dd89b0acc2b299aafe6242d70e64c4601fd14c08fd3ec4976f3bca851712c628

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a3

MD5 caf5f3a8297bf43c8361cb43ca5a09f3
SHA1 06157a78d6b8fb776ea3a267a6ba95f2b02a77db
SHA256 475c01150a456fe98679d0a4d58a1d146c9701c2f7f6acffb3f6ba6062a320ec
SHA512 aea6de8c851f0aa4983162a57a8fc3ea97fa67372a7628567e5db3624d604381c3f28b789db0294d12c13d885bb97758000c6680b5207f0c81cefb930160d2e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a6

MD5 d51c348f1dd081d4794c745cc822c862
SHA1 9382ac8f070ef5574f18551bdc96c8059d83cbc1
SHA256 594f64538e3c668910847cc64d68444cbcabab021d10a181ef4dc5d76891ea82
SHA512 74d6a8c5f82dd086542ce22b12bd63e90693efc59e88f76546eb947b9c55482dbb92980c6673e156670aa93edde6cba1134d596c6a23daccbc232f25242f71cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a4

MD5 dccb1a6b79c3380d54f7b758fde0c45b
SHA1 c48ba6aea03abcd45ad6bffe643aee1148a35d0f
SHA256 227f5e83b31c944682f8fab4c094b0549c1f1ccad6040b1feafa595b477ea3ba
SHA512 e72477fb24d197adfe5929c4eb442af5073049fb9d9781787bc3748504abc4ee714b22e4035b6c78203f9e1af6b1b1ac156086b404265fb6991889ff3952b00e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a7

MD5 c85dc1509c5bd8a5158e5cd39ce45103
SHA1 dd1b86d16cfd9f2f2b06ca8eb100096df85b334b
SHA256 22976ac9bfb122c0be6eb218c7f94b23f90d16787f7520fe28b9a5b15de6df69
SHA512 49df909efb1288f538b8e3c0b94cdb1b4f33931f6c1d667d0129d6f6ff6ae638cbcc4ce6d7b54440ec0cefde3491db2e0253ce9caf28546181ae9882c57bccc5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ca

MD5 363a71c14b5c00ea220202b848b3d4d5
SHA1 c012c038c65400418ef7dd3ee4313480ed81ce73
SHA256 4ef1631c0c086a74b4d5c88c08887b0e7669af300dab9a31b73c0609f7fb7430
SHA512 be3944a2da2ac3e2d71c664eda88e39b45152d5314488d21c2fa0eb5dc0a7a26d09434d6d596cbd9cd9425584a9a97897952637b9f2cb70d7c1112d3a77f094f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b7

MD5 015c126a3520c9a8f6a27979d0266e96
SHA1 2acf956561d44434a6d84204670cf849d3215d5f
SHA256 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
SHA512 02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9043c9088706f0647e55c06787d053a5
SHA1 14a1806d9f52bae8190f040d16f8a1a8d5256f06
SHA256 084cd27dadeddb8c16186affb076d0c7790cba90b631d02e9e24b2f7cd7bda60
SHA512 797a330c174e58c9442dd49d325809e30336ab545266d99110e20f78e9bd98d6fe93cf9a73cec445540668b46f5556f5cf4c7ee56b81094d82d9e3d675194a6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 890d712633f99096167db328ce6f9f60
SHA1 67df48d1b7ae39b2b374140e0a4d0c590233b66e
SHA256 98c7c1db407bf1c4539a35c78b6a5d4c4ac3dd9fef9c1a53ea1bc9b332c95b36
SHA512 7cc10857a413a37188d7263087da4109fa2269c9ff7f1c0b3449f5b1be23a189b5c97d2e58d3c25fb13b692c330f0951036397e3c029a9eecdb77cc225459aaf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009b

MD5 11f43ee831b7d22dc47cd287a4e8622c
SHA1 dd0090133f252a307084e8a56a18409b1423f416
SHA256 3f0babfecde6ecc82e53eb595a9df23aceb9e0a7e6de748b9b2cec617ec30f24
SHA512 8f2a88a1ecbf5ee62243dab484503b6151dd4121304f7dc92b8ca3663479fcef9078358172e15246631a7c4311ae90f9ce8736a53ee63ab9db5439cee81e832c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009c

MD5 6e7cb8c30f031f8b48d29dbe886e59ae
SHA1 f32d598ffb8481e0e0aa808d07c85e3d2c841368
SHA256 b6b10e3e5049facee6921b96b5dac439668e79591e155bbf431aeb692bf0c858
SHA512 e6d893208f1527b727e76432bc4b338ee80b118fd8a7e660e6f89c0d656cb891033702c34f219cfaf963137a6968934ad443f6970b8af517c0a147c22cce7037

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009d

MD5 9c6da982c9a1da458ba2610cd7430414
SHA1 3326f77b7d3642b0fd949bc8ef0613e1e422412b
SHA256 8a3cabe8938abb743fb97798ffa5f32dd7391fabde99567ba92539b1029f435b
SHA512 56708ef3f0eda5fc6e842cd2d964e4955e616d461da8b139e17dbab4cc5fa8710cf92c8d99a6a4e6d03bf57faa7bc3e7f7dd259ff96f80454d38637379e6a32f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 ae2fe4fe5be048ff183db4ad506d9b90
SHA1 d6e5f9925cc299aca646f3aaf55df324f2932063
SHA256 ee98519d80625f797d3a74f3c639c5dced9c7f8a06bb5a84d284683f3939811b
SHA512 f68790de98aaaa2d292dea1ba2c613d44cb6abfd8e6706e50e4fefd7e7a2e19689ac1481069487f1c26394bbc512181769a2f6374c8da634865ebca6b29646c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

MD5 d2d0c427f1d093c36a9fd6751a9a9d61
SHA1 dbd596ab1f2256ed3e3816be5eeb75d34f38f821
SHA256 b37bce0e0f504a7b54d3a01007169d4126c2a401be8f93afe35f665e62c3e34f
SHA512 b8418e074df9619ae62461b5c42fcc42d2ffb8b099e09ec0271bb481f8e1ad8d7655fd5149d8abdbce1d35226029f200623574946d6223df1c9c14c7824d63ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009f

MD5 b40199dc9c07b6711abfa55f08c8b652
SHA1 e8bfdd813db3723b84fbd87688efbffb42e96876
SHA256 50790dd84ab1c742aa88ac0f130d15afa91c9f3feb26959a702fab699edfefb4
SHA512 0742a608d3a2414c19b31600770a4e8459054be49fe124f997cd7210f4c807bd824da41e9813c379a732ed92e24128341b9c4038fb2dcf5f9c512968a4b90aeb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a0

MD5 cb500843b3998731a5b5d71775802ed3
SHA1 3aff072ae277aa005bd9c81be1dbe081a56a181b
SHA256 d8b982b75de997ad9096e58b307b326eed9cd791d0d11e14f3ae1d3cca1f5ea4
SHA512 ca5f32cac41d33be688d5ccdd4c10e7430549a03abd12f9815446c109fd2121808d4fc5dda274df0afe39b32eff0391613baec31fcc9fb85ccee9b428f4d27b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

MD5 9125390530fc82d5befe5bb70726d018
SHA1 6c063be5fe70e85fa0f2b8d475ea4fa3bb0781cf
SHA256 346628282b064ecac56cdb80d9b63f6d39c66bb5e4630601e95ad55a121e67af
SHA512 67e3b5e026c94c5e58dbc0990ff1bc91ee6064d2508fb5d211d3b9353c80333d68dce83f694ecc1ce93a74a4cbe5708a950ee77906dae96d073b8112d002e519

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

MD5 c458cebbc1cc55e3caef40d465516c1d
SHA1 38f462fd2ae0b0c2e11d66763c9f69b514f36790
SHA256 67071a5eebcf402f7bae19b66197ab223ffd65414683bbcb09df50feff042523
SHA512 65fd67db87ae0890a2fea75a925077fd8b4b5fb6b47141806e0823da37a196572fa6e5a8309379f8c0380e91c9cc282bc2c9c0312843057b2d4f81a0b6e09c2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

MD5 35f356a1d71be1f4dab77980270257c7
SHA1 a42c561ad21d64a4c04cc309ef7515b640cea139
SHA256 585ba528cdb68775a0afdfa8ff866a59f3eba6f755fd4a92e9b825b7d49868c1
SHA512 7a65754031b5684b2d50a48771bd65976ef4aab6a552042a12baee8169430576f27a9affcc8e9d020732f548944bc9fd84268349be8a5da4d5fcccc6be9b02cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

MD5 df804cd1c930ad4346f76f8a391c3222
SHA1 46f2e7a5960c97e53a3ca76a9d2866b78b2a594f
SHA256 20b227f99e1609f001f93305b4724e29dc7b29207c712754639803f51eeceacf
SHA512 77968ba98043a5d5bde4f970fc81244603d434266d332d22e7c73b4e0c5b75a12eb99d1869bf5a41d9316a558b3a7386aebf2253ea77cae155e410eff74c1da7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ff8be2765b0bd3971de8fe56877d72a3
SHA1 771d93ac57c2be2626fe90b06548dbf9ebf7e95e
SHA256 b92a1faaa002a72b26b2a80b5c2cd1d9720445ab7998dae3e3a2c58574ce48bb
SHA512 6a90687c0bb01b0b030f39fc5db059a09c35a646e70ae24dec8ac39db7796981a86b4c3ea91f86b4d9b4cc945b906a590c71b076e6e95f4d296f6bf7765c94b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 650376655af076b751e0b55a6d3af932
SHA1 4447ff1486c28b7e6357f364954601b6ed66c48f
SHA256 b6a1bf69f0596d0c8200a3813e2b6aeef7e6a162a26ddf3fddca7b232f4f0de8
SHA512 38de39370ff209df0f8dc902efaeeb7c97fd787166d2b3106a5c942d5f5f7745261ecfe7b2184469791c0d3cf328d0b681c70c582aa8cffa093e5f205a568830

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000dc

MD5 1291dbe3b41c93c5aee4f3ed10b07a66
SHA1 f24bb0f789d12f73fa7ed4dd720c1694567e8f3f
SHA256 6297a72a9d7714b5cf1d38b23909371ef13bd423d3efd85a1128bd47c988e0eb
SHA512 995816d095db3ad3204c6d541fa6817e45cf53ce27ab08efdd4fef4c716f427fc388b02c60950f4dbe8368e6f92472c6a7f43a45aa58c04e0766431524740dd6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dd48e56d9f7395add4eab64d86fb6cc6
SHA1 bf96ba53d0843f7f774e5bfb6362d796824cc452
SHA256 e12d8f32ed3eaca5533e1c18f9d8399ef7c8b2d90893273a761a73e29f4dcff3
SHA512 bba764eef1185724c34eb04ea654d79f5422663ea009a7e014bc2ed1045e4618d45814fb92de06c499abab8de6252838882b4d53557307919d47f919c4fa4118

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9f5777f7c2dd841409dcb4ef4814e021
SHA1 82985170dbc3a0530cfe1771cdda6f055b48e88d
SHA256 401b52dff7a253d190ec3c7767690af5fca98c7f40f022f7b53b0c4be77874e4
SHA512 a9cd30927a9ffe1ceced0c25249743d44630bbd8ddd372408302f7c8a60ca930bba8544c1bd1568c88ec4d3a96d20ab2ec1e0c10fd11b1fabf53a27ccac3ec7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 57057f3bc383372e27c0dd364eafe4f0
SHA1 d31e7541a748a269b62223003b7d4a38ffad4a10
SHA256 8660b16202cab2852d8aadbcc86f8d91099c5added8f05325bac8ada55cff0cb
SHA512 42f2313ef4f75843cd7dcb71d29fbc3d8be92ff5a2b475f7483e8206486139f6a5e9565bbef7c4117427ee5f4052c4a921311906d11185a4408d4906321784c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d4

MD5 414cee8557edce864b518c328b355365
SHA1 537020bd62ccc9dd9364961015ce5aa274d8a16e
SHA256 64724a6f121a92e515def1ee81d29a2094df5bf76a76fd09e890b024e8d54573
SHA512 c70b451bb622f60cfa0afa30f37582a15b2bd2151dec14f9b65adc201f9483bbd5451ed1626eb8449ee04abd8a90d531aca6f282f19e78127c25f5dd51e1fbad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d7

MD5 2f0e777d0a2ee92e9fafca1a70225268
SHA1 45497d7aa2cdc72e048a6bf019417ecf6c887a44
SHA256 6665a74f2561393b6d144f00c23caca7cb14584a33d98237884e909b1399a127
SHA512 ad940ba38fd285d7db9faeaa7d7a87324cdcd95d9b9e9e70f8e3ee0b449061380ec517d979ca801ce32219836c2c6a155f34a677ca5e583a60d2528831134f54

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000dd

MD5 28a57accf1fceed0fad3fba3f34d2b77
SHA1 3c911b656eb8f29926b7d953db3a913d7557ead7
SHA256 6266c913df95dd7ffda68b245f474f4bfabd72f4f81604374338ed87bd476c65
SHA512 d8bc5199b0932dee588c8456610a932fd7d23597200eebe0ce116afac5fa5ee4a63d7afd9a2753c3ded6d467636b56d739e73ade8c28c826f3e516761781bd6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e1

MD5 0260645c87659bcd756cccc584569d23
SHA1 b1c3bc8e3be479360e4a50c04b6f766c744b3f32
SHA256 27ced2861c41bc5eb6a0a883c0bbe6510a389ff3d7b4cf738292986437fce027
SHA512 ae5e4d102009663de6e012ba27c787a0a0763d44e09d0e64d186da52d5c5fd874f3d1d2136cfe9e6c08b79b67da0fca24e4f0686cbe0ce343ac0faca085cf46a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e0

MD5 35c74e10d354e1166c41fd72674e0488
SHA1 a6daed87a1710aeae028bcb7664ef13551eda831
SHA256 64c200f3c523349ff6189ca9e28c345bd5239a15b9716c71bf38968efeb5bc74
SHA512 f84de77a0d48f7259f5a6fc774bd656f95ccebc329ba5857789e28d82ed597b415ac1187393be3b91fd03e2e74ecb6209a842fbcbc1eb965d1feb594572bab68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e3

MD5 ffead408a8ec063166896442a35c4931
SHA1 2a0defaa274e20743f68c853878b26695ae4a7e1
SHA256 320b5d516e580677bec77556bede1861b47fc53d70578cde7620a8977db04606
SHA512 d4e9201b01a02a093301c90937bdcacf259925d905c662d694dc6ae74c7d1f756f40e3b0f6d290515fb566a00b0c992e9cf03d28d242ee97ac170c204ce54b1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e2

MD5 e85a14ff609eba880ff962addd9ab9fa
SHA1 79b85d7b164728860d75e25c113b6e546bd63714
SHA256 c5fc493565ba63255848726659df6c6e6448536ec2042a7883a07f3390c6e1cd
SHA512 3b67901c12424132bac2189d179e578ef64a737cb4ee9f07b7a863a527ea060a901b4e4443af0d7b510bf32816f0ec1866aea3ba42bfd38503bc4366a33abcf6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e5

MD5 dd3bbbe883cd3fc64f025365ee1584af
SHA1 8dbb77929330fec4de3faa5befa81ed612cb7163
SHA256 a84cf0670ec2e14369916de8dfbdbe360452492b3bf7e71c236d2203ce10d6a6
SHA512 db63817b34c9a69f21f261118db745a709ba32b10792fa12c1a9eec0571753a3440ca2d64650a386fb9a84682fa443991165d2c29aaa35df87b90aecfb58a680

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e6

MD5 e05d1d6f09589c2e0c377bf28e0d3897
SHA1 01747539254426ad22a82281cb76f23718255142
SHA256 f2dafe644d535e74daa196bb0bba409378b744699c074c1a47e7eb7d9df634d5
SHA512 e4ec9a8a71f5fc8f27a47dd3f51a8c7a0b835ba79d04388dd2ad2d4ab6931732a7e5970b2b660a35017f5e306ab868fef6d7cf3472c88bf1967c3534ba477992

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e7

MD5 38d271e486a8212858ab6c431e821a03
SHA1 390a228cf37f6f613c8ebd74c793885b12c0f3d2
SHA256 d656e17a6abaa613e4024a09930978ca9a7b99d8eb578f9cbba8b1e77e3ed4f4
SHA512 940c2a42b56fe31764155a417178e23f900c701cf8af6aa404bf25058ce06042e2af15a8f0becbfcd5f08cc6a03318b26b00780cef063cb00f40bed5550eeca6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e9

MD5 6223f6893f268c3748f2f0ff2b6fa7cf
SHA1 1ff0927ce26cae1205773750ed2ecb868492d44d
SHA256 f79e09af285d7164dcabe408c315cf2b33d0dcf6c584fe41931fdb991881ebc3
SHA512 5fc1f6ef736e47cd94d449f9a6c8aa881f1317be9515f45d78930a33f70915fec51546eb3d8a06538d5169350a0dd554f5dafcda46b1c21c475aa44f42285246

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000eb

MD5 2f5072cff6fed6f9e174205007f0fe52
SHA1 ab13f634980e2275a4537092d388fa6fbe7d82ff
SHA256 f6dfe974f913ea0240aa9731bdad512e142c4a1bbd79eadbca5816d969435f4b
SHA512 31a166ab74094fbd4c0c10d2a903b608401ee27e1c235a371ccb0874db31d47aa0dcb1d000d66598e4068a03f2928e0a6f557d3e0da0042d8f2a5bf2cef329e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ec

MD5 c5f9cdf4a6864de3ae23f535c315bbc5
SHA1 222d2222bdbcc319f5d60ac4c3c9278207f4bb72
SHA256 04321513f498253aab0a672aff1daf487a697c383e06ce6922c660fe37fbb70c
SHA512 f9aee87c60b002c77ece3dc087ed8aa02666e39c043a0439c035898c9fe3506078e95a7647b1ece15bfde06af84249dd289f871e15ee479923129a094b8b1ef6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ed

MD5 90bc22d6aefa06156d317a4e79f7f2f0
SHA1 7ee1745671139dce12528a5c52eabac50b68cff0
SHA256 f8b92238df0faa9ca1b0df86e631178292ce5f77f0b1172608f8396572a04018
SHA512 d72cf1ea6cb82196515778fde7dadd35e1ce58a278cadcdad18774dc27669aee7a94e845fc1c56ca4305133e9924189a31c5a694d07d44b932bdab619b4cda97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ee

MD5 f60191624b31789c6e3a0e2e1791f276
SHA1 199891de127ecd234929e81dfbc0a2e035c9f5ba
SHA256 c881c37e3cd3e683c7de9f160e2c3aea076dd96a84fbf6b674c08c0ca8b006ef
SHA512 b63e0e3ab9ea17992b916bc1608834241cfccd698255661b37a92983c8058bb9e69c5a9d0fb38d8ccbca0fd50eedcb925932cb1fb1668d6403634758f77ecfac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ef

MD5 e9bc2d3579b20f366e023ae2a56779b2
SHA1 1b00132e5dc6d8e437f339627074dd2eaeddd010
SHA256 8580972287fd2442484926ca7534d038fd00ae79d65531c2bc38248347fbe9d3
SHA512 0a5a1e39a4af04bce0419d2ad5201aa02085013a64676f69ea1587317ba68603904d7fce35301b75a4c4ca855e77d6f8addbfcb0387185fac85caaa11330c40c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f2

MD5 7c0d218ccc4cbadfe144d28061c5b53e
SHA1 0e94fd815aeeb0e7f67d2a1c1c6cd9191e475bdc
SHA256 1c20daffc545ddff6687c56539fb5429541ed94ec5ffd6f60059b1741e072aaf
SHA512 463b2bfe11cd2bfb47535c2f89521aa78868657e60e2be11a19936bb9fcba8757070c23a207f4e35eb23f1c0f464def865c9985429d9f601ce2086f3bb2bb1e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f1

MD5 c7e41f017f8ddb9ca740abd9ed437b39
SHA1 d9d403a2041aaea2cad871f028af677edac99cb1
SHA256 2539b3e31209e8d6e32cfcf3a9416529f61d9dda03c75b8634ed2e44034c1a00
SHA512 914fdde6306034e92e32756766917431587963040fff244d730fe632d7236d907104fb0647db351ca4f1c33bbc4d3587a81471042bf8bc3c033ff49b4b74c340

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d1

MD5 42da71a380474bef9a5ffa22cc093df1
SHA1 cf07753e08db0de991b531326fbfe442942548bb
SHA256 281555adf43c791e9de1fb1974f1b257f690b640a0820af8a4cf82436e2cdcaf
SHA512 91b90f81215e71b71d8c427e2e67a9c2caada8d35b237e0d34e780c2cc5f015a6a07d23d75974288b3c5b8809c82e014e4f8402c008f48af51e1810736233140

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009e

MD5 2c4d04903a5323786ceda717a29536c1
SHA1 5dbf3cfc82fb511ab6932142d2b9244518db77af
SHA256 161acb2a60fba59c04ff000d2e060dbb5e216ff6ea947d77fb9aef111d9b549f
SHA512 9c584e14cff1063e57980e120d0614d27b6f539e7f66dd7c9c26942ffe02559e58979faf3a5faeb96b02ecf68a181d1a61c18a11d491a538dd5e83573987b1db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d3

MD5 aea3da1163d87a0d25349470ec3874bd
SHA1 5286396e22210051770be7925277b8ad2fd75bb0
SHA256 d17594a9ac6c37b280dd244dcc2bfaa91fefd3c73b920923a8364cc752bf537a
SHA512 3c1de54b93294227ee400a48f8b9b0595acabd7f0949319708a12d3d0d233a895be194a95673d2f718bd2037d5e83ad424e08dabe571150e738e045185be66e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00010d

MD5 e2c2aa3f2d32159a3270d8c1d7c9d015
SHA1 91f931e6f9396cae583ddcf7af7888e62a541b12
SHA256 c6367d91247cb8b62ca2eab760c2f87fa4217d7887bfe9a23b49a557237aeb33
SHA512 795f9e610276a6037f6c2689cea21bc1f0024872139d7b4a87fcdacf35869b2e1f26d62597c257e5d7fb8eec9f2aa09d9682c8e094c4811e501d3ed5020e2c27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00010e

MD5 8099f571ccac0d27d8fedd2ce93e6e68
SHA1 aa49813df53e6a97d86412cc2c6db6903c6d4d97
SHA256 1967bc4d3f937e71a565c1d818aae0dc7d1ba9af9c1b25c32f8f5f3c0307ee2f
SHA512 b5d62ea1ce7d60fd0614e855e4eb141d8f2f04a0475395038f1e9b65d74e30ad396f6e30608e73c3bdf87520970d23022d8df82f4ca81cfe6ac209e1f5f5ee28

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00010f

MD5 625678880d8c338450f204a33fec863b
SHA1 b24c1d2f287bea376ff5ce79065e5800c43dda8f
SHA256 a4c0d82e111e1bc9fc4565c5b0744b39fbeb888a2ba8c65fc56a41632b6a81b7
SHA512 3192be30a7735c01268353e7d0ff9aecc76a672008c5fce756fd57b528933f419b30f45540aa0de525e941fe3ae93af0c5bc0d748cbe7ddda90ada428949ae9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 afacf56e86fb923146ee713b07f9226f
SHA1 a806aecc5fa2d14df3395bc69ab3eb062e5aaeaa
SHA256 e87eb74bcfe4b554ffb9eb4f97320e48ee8fc1f1b6367363068c79b0f3a844de
SHA512 2d85763ec15e512dfe7970c5e913008c0846f4d382ec230ed91334b1b4ede838615c8004724a766c4878a6d9bbb7ca1cce620c190ed03bbffd84834a643d70c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b9

MD5 c15d33a9508923be839d315a999ab9c7
SHA1 d17f6e786a1464e13d4ec8e842f4eb121b103842
SHA256 65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
SHA512 959490e7ae26d4821170482d302e8772dd641ffbbe08cfee47f3aa2d7b1126dccd6dec5f1448ca71a4a8602981966ef8790ae0077429857367a33718b5097d06

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d6

MD5 bd1bff2f4ee30910d601abef11a959aa
SHA1 3f39957891f1be0e5050edad6b87385e0e21162f
SHA256 0781f5ef9474fa5b0bd4dfb5e6addff118abd9ecba80e10a186165fd744a75c8
SHA512 e606de64d0fd07efadcce16f12d94264a439c7c42fc5e30dd6da1a6022df02f0afb1be969be7344ceff233a01f30ae89a83f77036ae32c0fa9a61d64bb5f0bbc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000de

MD5 b9d397a52a8fd828fabcbff6e203abad
SHA1 72f7c6b26de836616f9517870371d0f429ddc168
SHA256 5ef01375f7ca1e6097adedb3b82c527b1ee107ae1ad3e02f42359102a23136ea
SHA512 29be3df6b247baf6994204664d6ea47c71957168399a0778031da15b27e605fdf02f49d07d1cb316e5d127fdaad00306cff569ad428640e005b155fe28ed45a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d9

MD5 a1ab0ad48f678dfcb425c4564b1ff110
SHA1 3d3aaed9ea28d065040439618ac7e7bd3ca28622
SHA256 b96d0121f1ef79267bcdc05266b479e00648ab337a24c7c950d0558e310c8674
SHA512 da8c6dc345d930d729f7aeb2a082b8d635835b83525b16572a3f731eb4befd9e107dcf6041b5ee1a9c3510ab34f2954be5fb2c0b841092fb07947f59959dceee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000da

MD5 84ba47b8448f7f8688d054ffebba49bc
SHA1 4d44d9ba404778e28949a76b56196ea90467ecae
SHA256 59c6057addee467689798b1a8562628cbd9e4d0f2e225406ca07d85682d2037d
SHA512 2e5d6550cdbae07e9c7f5843bbff24b27ccbc556e8058eeabb032b6a6f914b17927c0dca6609bcc6fbd464471674fbb448eedf355819f670e3bf703949c41a14

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000df

MD5 cd55ec5278541988b90b7481119ce5e4
SHA1 13d913783fa1ce1fff1f6c39ca238d18d1786695
SHA256 f48954ed0839f2929be07f4e65e6130410854c23264364845bbbc215fea168dd
SHA512 89e0cb4f3d3ee4362a19fc7d882ba9f116c700cb24cacb1583f9c0e951fdb04d53d1dd31be01a786c4fc79bebb185c6ce0fd722037d17ab88507c16b7d8778b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e4

MD5 2f8794fa66f725d7c36fc6e31ea111c3
SHA1 4db5057941dbc7da544c091a744f1f2f263bc821
SHA256 4a9256302b9921af0a381a01509e0cc84db54a7de7cf4ec8e866991ea96c502d
SHA512 ba82e72f8aec76237f465b38c6e966c85f9c1fcd5c0ff2897f884ed9128de7f21a661b433a418d52f33899c32f0e494aca8adc4d52bea5deec8d166834f8b48f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e8

MD5 f16500423cc2867eff8b773df637c48f
SHA1 1cd32d75b59a89c3a70274e383151a61ce0594f4
SHA256 6ca5dc8ad67639c69117ace46c93703cf5fff82824cfc0bada0cf0fb3b2d41d7
SHA512 2df5d23f6d2e1df8aa339ee51456e92a3544a9998b4a5f8d346623980f0b878a8223a247415080c490f51f083cd70440c434f5ed3b66f7be262a2837cf639917

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f0

MD5 a7f57cbce595380a83c779c07d5755d9
SHA1 b255aee78ffad06d0b18273e58693ac21112050e
SHA256 9868b2cc6ca39282925286d31903375b913f064c612b67be854a0e27bae40778
SHA512 cdac267d4d5948e92a8fdd4502e3987805521abc0721aa12d67ea569fbca97eacfe36d8f39528ed31318e2130b5acb96ba8087abce0a6fb30987d2712f3410d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ea

MD5 c49b7c3643f781d71645c5a40a78b5bf
SHA1 e71138026b38afc443fb60da5ffc2244c4f5eb11
SHA256 8cbc049ddbd7ca67068451ce754401833499959c4c6ed7b98f664d42e0597808
SHA512 b71533f82f759ad7bec575c8fa3f4d76e78362718e56934d5d5629a906ab66bcd402e177a80d0072e816b1290ea7c091e919cf3eb8444bfeba116437ee2eb22e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f97ba933c504219b66e99fdc7357cfc5
SHA1 4e395ac13a90b635478d80c575c251d59c9dffef
SHA256 21afb5c56625e8f79dad228f93c7c446d27925bfc515bb396f2e0d46c1d7b1fe
SHA512 7280af291a47b4a6340cbce04706c247ea7361cd053df53ddc51623165417637ed3cbed087f96c2ea1d43f3e8b0b658318b91c5b9b19b59dd9abc2b52a6068f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c3d2549641f8562c96c1b0ea767fcb66
SHA1 2efe7a1011bad8c85c9640fc0270108717b9c254
SHA256 16e8e80d532f39b2a61503ff80748ea6faff008e8f30cea788581d6a0eef6680
SHA512 e1251975f538d2c0ebbd50921a78d52361bc2613183f6341ae32224d3566cb04750b9488064eddbcdefcc17274ec306d9268f493fa5681bb58125a5e7ba59e72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ed6b5ca94b182016567becce9817a394
SHA1 ed8353eb332197c588c47d88e9b90c5aec20ac48
SHA256 4b7f6c532d417599bf6c679f408b9334a8a87bfdcadddb618ae8c6b2570e4fda
SHA512 3c25ed2e45ac0dcb43fb3afa68e47d6b61a1e9ad3e739923de333e74e2847ee54c5177ca85d18f62775f40515f5c08dfddc7f31b3794487ed8bf4c8fab0d9469

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0f59d1515677b4bbba79c4bc6a0b270c
SHA1 e937fef0f7b796326b3112499b2b5c77ddc7706c
SHA256 d6e9987e62c695dee78d5cb1cf4af601423f17e79e03b4a4588743a5d2436786
SHA512 d852d44d30429fd16eb824aadf325db2cbee2c971b97744ef3c0f0afed61574b3d920cec799d811ebb111281f217ce613498fe7f9d8671d1379e7638a77ee052

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6cbd37fde76792613af081f61fcd55ae
SHA1 97976d3ec08f730e33481746570ad073c789dab4
SHA256 decf40d244c53c9fd4cc541f3909b8be726db03fa35f730490be774c142fac6c
SHA512 6c046c287515a6a63dd5a889193cd1ce7463ac8e4a20b57cb32bb1f7c92f0f623e6b91c9ef865c97939c36622aa906074daf23b60011a976da564c6b67385e12

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\7c88b1f6-dcb9-4b81-9963-b7172d21a261.tmp

MD5 81965ef779ee2037b7c6a38ba30f0152
SHA1 b5f65e5caffb7458bdeae7d4ce9f519b183719c9
SHA256 c89f2f3620e0104a3a9cd88f63b2c37862105c9e2ab8b5bcc8c03a2bb20f22a5
SHA512 6caa0638891d3e3294e141db1cd977bdf0cacf5f021742715f651f506517f8e641870219c0e7401b1b57185773bd6b63fe312878d531ee07999e585e68db64e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000102

MD5 5fbc4922d2c5a701506cd95b1059404c
SHA1 d3a4473bf83528ef56d0df9ba27ad44bac4fe6e1
SHA256 5cfc8848b9bd875e636f43120607d1cfe4982ba94afcb7d9278c6465f1d1ea33
SHA512 bce1d5ee499e717257dd253a0e9199ea6b4a11225f3901f91509fbb7b09009dd486c0bfa685b8aa95e5ce455e1c25e3fbe9ca87638cdcfb15af264dbcfb32281

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000103

MD5 7cf459fb6a385376d557bfc91d964087
SHA1 43df1c5a3fd47487a815871ae01ff4da157bcac0
SHA256 6228b80b1a0b5e74b5ec45368b7d8254f3d03538ee1f9f1a6981a116d28ba979
SHA512 a3c8499d7181602790919cf14fa31c64aa5c26e179f72ea1649eb37651170a7f7e1b84858809fb5473932080d9b11ed7a9b28d9d9f61b283e05eaebd5c19cc34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000104

MD5 8dc55d79ac6100ca1ab865d0ad91ff38
SHA1 6e3b8312fed34b09d3d946a734d480aaf5a6c927
SHA256 d398f725280c2afe9a404fb93dcaa485f9092aab73809551ceef929576ed22e2
SHA512 3eee1b1a1ff0b6e7c964d0ffc4299ed24e68248b3b1ead5913fab4e2d649595cfe1f4bf4341794aa6b07cfa9f8ba8164f24dd6dd32e1d14ea1cff23ac1de83f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000105

MD5 dfba732e543ac41249928b06f425f4f6
SHA1 bf6b71502f28f91be43b90da9f8673701195e0ac
SHA256 0c558171292ae786f682a8139aa26504c26c35ab48ade22497e133703e7d084f
SHA512 7c61df0058e73e95ab75d1348582fe53522fb0950aecde499ba4ab1c5bdb83d4ca4d8b26cb6e89b6695bf5f01b8c07b2e647f4f53dd12c61124322ec00aa817e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000106

MD5 8318db8ce08e20961a259124b01ed12e
SHA1 cf66e2d5683836cc4c21369d3a422b4b9c177238
SHA256 adabe0cd0f13b34099125f1048d14a62bae093d484f41903f90da8e4ff23736d
SHA512 9737ae97918ed8c36856e29908da81f1e462f0ef7e3d3f742c634e3ed81b6e60d3e9225fea972def48ccda01c84c608da16461acfe7bef1e4ec9e24a11a164b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000107

MD5 63f8ce93cd5b30f76b0a6cd029b7d354
SHA1 3ff83134ad10ff1e5c8da09db619a0274e5e8546
SHA256 35b6dba4a78fb19170305143a6f3740fe43a43ae35471709431d8391786c55ab
SHA512 7adf420a457e00639565a3f5918c8dee5026307ba37d71b3471cebb4313ac29897f1860ed22eda7caa44a563911987efdc4ff9f686f228d1ea9876e76a9484df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 429eb63bde4e365a367c27462904219e
SHA1 9b1c625b781d0620d6d5ca671bb9f83deaae53ba
SHA256 a72fb1720131aee41861602d2682fd5184e8bb471b243a1c4600bbfe5a4a88be
SHA512 4f1a0ebf6b9e7db7f9898a3c3167629dfbb420cd9b694d1963f3777a9697d5e87a6377944cca6c293ab59ae735e55ae757f1af37dad55b0cd3552f26b740f864

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000fa

MD5 7c90010c33f34e01f2db93cfed1167e2
SHA1 768aa01dfa616dcff23758be7e94e773becf06b6
SHA256 bcf09749b7ba5099d1c6c1d591a48c78616b5b4396363c47fd495a75f9c3b513
SHA512 d788f630a538b6d57ac33bd01a24839c43aba118ec76b0f4e9afce78eddff3621efe1c7d36627ee1328338218c64aee8b7fc9debbafbe1bfa8c041fb9205e55f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000fc

MD5 ec3bb52a00e176a7181d454dffaea219
SHA1 6527d8bf3e1e9368bab8c7b60f56bc01fa3afd68
SHA256 f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
SHA512 e8c5daf01eae68ed7c1e277a6e544c7ad108a0fa877fb531d6d9f2210769b7da88e4e002c7b0be3b72154ebf7cbf01a795c8342ce2dad368bd6351e956195f8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000100

MD5 674d252d1d020643ae3ba6643638b3e7
SHA1 05c8a5bb1c13cc1a7f418341497819e0b32be59f
SHA256 49a49bff422df8cc5843a5acb649e888b7769b62ac3337d1be569af15bc7f423
SHA512 c7a33b6b2b91c515f7219affcd28ae044226ddd7b848d5159cd2e7cfa362d724611f424b0e5428e0e1246a951a47e7ff016f23a45a7ff2d1713f3a0b4456385a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dc710ef054c16496d5b6fbae7756eb87
SHA1 6cf5d5675db4733386efeedc1b8a65c7c0419f9d
SHA256 c0b20c41479ac54c69d237d236e2e74db5bd62e2c9f9b7bc8da935612bc15502
SHA512 d03c2ff020ff2fa8c23d985b0653feb1b2452e8c7f87480421a774c9b089b610a119ac6ce6e404b5e66fbbfbefa651a8a02073fda5e3d80f26702503eecb2330

C:\Users\Admin\AppData\Local\Temp\{9C0A51E6-77B4-45BA-9D2E-4D98C451F709}\_ISMSIDEL.INI

MD5 4af8ef7ae716f1072e1e033c6c917500
SHA1 7f0d93ff9aa531c15ba3534c1acee0d64ac25579
SHA256 4efd5ac78e06877f6db4e124c9a1ee4b13c285b91b4a61e2a41bb267eb877fd2
SHA512 3d9b094bd2ed03b886470b01a3e83e77ebb3081e223dcd0a1c7d4fc6e6f2145a40634b8b05195d863e3be4336e0dac11f0d723791b0666824ffc92a4c12c56c6

C:\Users\Admin\AppData\Local\Temp\~DF8.tmp

MD5 c103a5dea86afd1418ef947af7805b8f
SHA1 b9bd1209f76bfdd54b63d5f09d12ee1725883b16
SHA256 b4de52c07a92152b8a2a0421edfa24232b7c44e841c04c074cad96ea12cba8be
SHA512 59626df3a1b77b70f55381d31939b01331cca6c6717792fefe29aff8393bd7b443104be7b1bc54ddca79b9d41040129cb05daa7e2aea7acd13098641f152e3d0

C:\Users\Admin\AppData\Local\Temp\{9C0A51E6-77B4-45BA-9D2E-4D98C451F709}\0x0409.ini

MD5 a108f0030a2cda00405281014f897241
SHA1 d112325fa45664272b08ef5e8ff8c85382ebb991
SHA256 8b76df0ffc9a226b532b60936765b852b89780c6e475c152f7c320e085e43948
SHA512 d83894b039316c38915a789920758664257680dcb549a9b740cf5361addbee4d4a96a3ff2999b5d8acfb1d9336da055ec20012d29a9f83ee5459f103fbeec298

C:\Program Files\AccessData\FTK Imager\FTK Imager.exe

MD5 75c4eaf8d121675f3f533f7ddd57d13b
SHA1 17749ca19d876b256208e525e683e8a3a4c52969
SHA256 9d60caa20d860beeed4e21d5aee91b40597c7214021ae92fe3ccaa9d0f1b36d3
SHA512 05d75e914470f59c733bc13dc509b3f967b3f6df5e4d6915b18b39724d1cba1dcb8857cd5a2dd7c311e6e1a858e7a30eaa63be7884d82d7562879bdd13c16f49

C:\Windows\Installer\f895909.msi

MD5 63640acd19c0dedaa0945dd595ee6e43
SHA1 09164f15e394b3f5ecf6b50273aa255d59a44fff
SHA256 8c039cb71051881e34dbd5e2ea53873fcb6e644c7874c38d5472a4612b082472
SHA512 19aa5e05fce59976b0a0b5eeec86d3b94c970b8c77ff00683581dd2277a7153e8e975246b7d3cfb1ed7c4c52784f8d9295fd04bd6ceacb08d9e74144a7190a5a

C:\Config.Msi\f89590b.rbs

MD5 4e71d3acaeaa242270e456f3562a3fc4
SHA1 cc2bfef2fcc3d4e7da0dab84f9aa6607b3ff7d06
SHA256 491c5d9fcc05e704d5f14b00fed074a9a6a7bfd9f1733d180f073c2bd97fb43c
SHA512 911ed8d94a1c80559a8643e071a8e37969823cae03269e982b1832ffdb6111c1ad9582cf2e96a84ae46bedb988360fa712c0a06afb9d3b5ea0922d182218e5db

memory/6020-4747-0x0000000001750000-0x000000000175F000-memory.dmp

memory/6020-4748-0x00000000017C0000-0x00000000017FA000-memory.dmp

memory/6020-4749-0x0000000140000000-0x00000001418B1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{9C0A51E6-77B4-45BA-9D2E-4D98C451F709}\_ISMSIDEL.INI

MD5 db9af7503f195df96593ac42d5519075
SHA1 1b487531bad10f77750b8a50aca48593379e5f56
SHA256 0a33c5dffabcf31a1f6802026e9e2eef4b285e57fd79d52fdcd98d6502d14b13
SHA512 6839264e14576fe190260a4b82afc11c88e50593a20113483851bf4abfdb7cca9986bef83f4c6b8f98ef4d426f07024cf869e8ab393df6d2b743b9b8e2544e1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 51a4fbe0e252f6709f5d2c5e0da227ee
SHA1 9e713992c536524aac207804caf394d7149572d7
SHA256 722107c2ada500b124154ded34f3571a7a546f5ceeeebc6c86380dc8d6f69359
SHA512 e8f6981ecd942d13f9b2bc45502e07f4b5946eb4fe4e8318a32aac6d5dbab1a80532a0879b80f19f109a953bf88f34f36d4d1eb019365a1b1c74a4d04f9a91e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\5f5c5ec2-edd8-458a-850f-563865002606.tmp

MD5 858aed58d40111bd135bfb58d83e83e9
SHA1 3c1d8d8f26684969b779f15871ff4aa665e9aaeb
SHA256 4ee6bf14343f4b9d18e1243b4eb66b311c21f02e30432eafbddb5c0e0b690a31
SHA512 48742ab55f8e6f54770c66e69df5c1622a68161983dd8f1964ab8d201806b11b72037a7b3d8e3f46eee2f43be8e368d762f47263b57a6736feebc9c6dbfbb8d5

memory/3004-4876-0x0000000000400000-0x0000000000428000-memory.dmp

memory/3664-4881-0x0000000000240000-0x0000000000241000-memory.dmp

C:\Program Files\HxD\HxD.exe

MD5 881e8157dd6507eab30f5ff3b6f63596
SHA1 1ed2b6e0cb8e31c17f565b0a8731d9ef0900e5c5
SHA256 98a097e3c44a33ef88ce0eaf25d94e447e3f86be900fc9f4742afe16613ec139
SHA512 abf558b7e212cc8c7cf296e4e17c5693faebd3f4eff7f25a58ee38c60f47711ef34b64bc8b7c759f8ad1c14a328641482fe4ef3b52b0039225f643b6fb5ba198

memory/3664-4911-0x0000000000400000-0x000000000052E000-memory.dmp

memory/1540-4913-0x0000000000400000-0x0000000000AA8000-memory.dmp

memory/3004-4914-0x0000000000400000-0x0000000000428000-memory.dmp

memory/5896-4915-0x0000000000310000-0x0000000000311000-memory.dmp

memory/5896-4923-0x0000000000310000-0x0000000000311000-memory.dmp

memory/5896-4924-0x0000000004E40000-0x0000000004E41000-memory.dmp

memory/5896-4926-0x0000000000400000-0x0000000000AA8000-memory.dmp

memory/5896-4927-0x0000000004E40000-0x0000000004E41000-memory.dmp

memory/5896-4928-0x0000000000400000-0x0000000000AA8000-memory.dmp

memory/5896-4929-0x0000000002C40000-0x0000000002C41000-memory.dmp

memory/5896-4930-0x0000000000400000-0x0000000000AA8000-memory.dmp

memory/5896-4931-0x0000000000400000-0x0000000000AA8000-memory.dmp

memory/5896-4932-0x0000000000400000-0x0000000000AA8000-memory.dmp

memory/5896-4934-0x0000000000400000-0x0000000000AA8000-memory.dmp

memory/5896-4935-0x0000000000400000-0x0000000000AA8000-memory.dmp

memory/5896-4943-0x0000000000400000-0x0000000000AA8000-memory.dmp

memory/5896-4949-0x0000000000400000-0x0000000000AA8000-memory.dmp

memory/5896-4951-0x0000000000400000-0x0000000000AA8000-memory.dmp

memory/4048-4967-0x000000002FC61000-0x000000002FC62000-memory.dmp

memory/4048-4969-0x000000007328D000-0x0000000073298000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 41124aa2c308429f847924402058b129
SHA1 abd4c11c942cea8ab26b7284cee514d6bb73afdc
SHA256 71ff1adfab485d68cb323b105ee985df02d2a6c1221bed41449df5169cf2dd42
SHA512 c3a871f5c80c105aa573124264c44103d3825ed4b764ad971a62f0ed2ca11ae0173162e2bd62b94515f30215cf1b0b9fdbeea3f6e39bded82dcce1854a261ca0

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 20e07a72a690e0d905afef17db67108a
SHA1 c20702e43c671fa6c394892b0df0f15bd0e1d085
SHA256 6da870780cedd3bb05541acca9b385baa899789d88315447b243feab5857f4b7
SHA512 055e6a8ccd1182059d438416a6097efef92d7f6565fa81a9d21d82ccb704da1a3585d996bfdc8fc47ba7061cac33d564d1533d98ca751824f55bf245cdde6880

C:\Users\Admin\Desktop\Analysis.docx

MD5 874672d1754902c7f77c1a6dd0f25457
SHA1 0519aed3eb535aeb0b7c3c930a44147d9ee65d87
SHA256 8b2988432b76cf5dea49d3a02a28aad25d370f4c44d03b411fdd6b3cffaac975
SHA512 b619d3fdf79052fd74907bf4b355bbbfd94890b47017de6153ebeb7450435f57fecb1efb3e2ab79d04ac4e4ad8e690870bca78720e47cf81c74b90272f555d83

memory/4048-5011-0x000000007328D000-0x0000000073298000-memory.dmp

memory/2640-5029-0x00000000021A0000-0x00000000021A1000-memory.dmp

memory/5436-5030-0x00000000001C0000-0x00000000001C1000-memory.dmp

memory/2640-5031-0x00000000021A0000-0x00000000021A1000-memory.dmp

memory/5776-5064-0x00000000011C0000-0x0000000001278000-memory.dmp

memory/5776-5065-0x0000000064230000-0x000000006491E000-memory.dmp

memory/5776-5066-0x00000000005B0000-0x00000000005F0000-memory.dmp

memory/4036-5067-0x0000000000C00000-0x0000000000C01000-memory.dmp

memory/5776-5068-0x0000000000620000-0x0000000000632000-memory.dmp

memory/4612-5077-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/5776-5084-0x0000000064230000-0x000000006491E000-memory.dmp

memory/4612-5085-0x0000000064230000-0x000000006491E000-memory.dmp

memory/4612-5086-0x0000000001130000-0x0000000001170000-memory.dmp

memory/4036-5088-0x00000000050D0000-0x00000000050D1000-memory.dmp

memory/4036-5089-0x0000000000C00000-0x0000000000C01000-memory.dmp

memory/4612-5090-0x0000000064230000-0x000000006491E000-memory.dmp

memory/6136-5091-0x0000000001E40000-0x0000000001E41000-memory.dmp

memory/4612-5092-0x0000000001130000-0x0000000001170000-memory.dmp

memory/5740-5093-0x0000000001EC0000-0x0000000001EC1000-memory.dmp

memory/4036-5095-0x00000000050D0000-0x00000000050D1000-memory.dmp

memory/6136-5096-0x0000000001E40000-0x0000000001E41000-memory.dmp

memory/4856-5099-0x000000002FE51000-0x000000002FE52000-memory.dmp

memory/4856-5101-0x000000007328D000-0x0000000073298000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

MD5 1abfdf2eeaced796088c9b38a882d2e8
SHA1 76d73b061c70f658e15208fafe1f05e9a62aaefa
SHA256 16a366b2ee08891b1a129445732ac9b7441d3f243428b5262cac8717ca9253ff
SHA512 b58c73e8f6ffa60a96e7b8fd67846cab53840ad6f08a16ce2c64d51c487d8e48e555fc844cfbdee899bce1d6a373b02e891cc87c0466ac68e870259eb98fe7bc

memory/4856-5114-0x000000007328D000-0x0000000073298000-memory.dmp

memory/4036-5115-0x0000000003B00000-0x0000000003B01000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 0bd633e287348803be53b1f3c72dae89
SHA1 562b80d283b561fe6ff20722e9b99077ae12c30b
SHA256 d7062864344aa2e5a967ebb66396902475f3e54c5d7b5c2893ccf03a13a33bc1
SHA512 83f41b74d1c7316d15151fc77776bc55c2e1008baa4b819c1deb8214bbf0bd4e7ae4256a5a35c2a1b4614814ab6f725dc8470bf5b40216fdb82a363f8dcaa994

C:\Users\Admin\Desktop\Analysis.docx

MD5 8ce2d94d3b2b795be5bf36a6c194495f
SHA1 da6a313960069867ea2512fa718d9297f9413bef
SHA256 39ae961cedcd41c2e41a47e4ff086bd47dbde240d0afc34df2d9abb6dd649759
SHA512 d4046b9b0b166ab68cc475409b9bf84683093d9765a8cb654d95565de780e3aea8cfe550376b0dfd9b3f55ce40c47a55c33a8f0a8c2e71e105d8bc4ed42d11f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\38ef09e4-bd5a-4476-ba00-ec65ef5d17a3.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000004.dbtmp

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000013.dbtmp

MD5 a6813b63372959d9440379e29a2b2575
SHA1 394c17d11669e9cb7e2071422a2fd0c80e4cab76
SHA256 e6325e36f681074fccd2b1371dbf6f4535a6630e5b95c9ddff92c48ec11ce312
SHA512 3215a0b16c833b46e6be40fe8e3156e91ec0a5f5d570a5133b65c857237826053bf5d011de1fcc4a13304d7d641bcba931178f8b79ee163f97eb0db08829e711

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000016.dbtmp

MD5 edd71dd3bade6cd69ff623e1ccf7012d
SHA1 ead82c5dd1d2025d4cd81ea0c859414fbd136c8d
SHA256 befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
SHA512 7fa9b9ef95db0ce461de821f0dec1be8147095680b7879bad3c5752692294f94ebc202b85577b5abac9aeaf48371595dd61792786a43c0bd9b36c9fc3752669d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000157

MD5 22e4aa0b73e04477efd65996e0fd4595
SHA1 ae3fc17a56c326507d19c10e2201c8e93a52848f
SHA256 d79e602a3a8331ceaa3d9d49f4c95a3bd5d09cf9ddaee940a19035ca7459b7b1
SHA512 33dd30f0f624c64641701d568f53bc606d308a42c6d61334f581a9f2b67057298e93ab7cef993f6980a4418dd6e599f273287f0d8117f734fb65cdafd017070c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{005AC50C-8870-477A-BD0C-AF450F755112}.tmp

MD5 5d4d94ee7e06bbb0af9584119797b23a
SHA1 dbb111419c704f116efa8e72471dd83e86e49677
SHA256 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1
SHA512 95f83ae84cafcced5eaf504546725c34d5f9710e5ca2d11761486970f2fbeccb25f9cf50bbfc272bd75e1a66a18b7783f09e1c1454afda519624bc2bb2f28ba4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e0892524-1846-482a-acca-d28f02017db8.tmp

MD5 ee210bf9bbbca49e6f7088d2d467149e
SHA1 441026441639fc8919fe492ff79260fc9fd63ad0
SHA256 337b304996e2a66a4b00403e3e98c0d3649c9b2b760f64f9e71fe37b4d5656f9
SHA512 bcf07b3297689c75a12124bedf87d191cf5b3a55b88340e4d1b916fc8ac0446e17e5203f373ae1ba2619ae127225b614781b8ac19d2247a5d4bd7d70bedb1209

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 064734400ca5765a0729c3943e0d09a5
SHA1 4d9c816392a25d8d592853c59375a872aba9f97c
SHA256 adc119123c94dc3b95e0378384d88d89458a61fe4f3b4d7c3622d2b97648a469
SHA512 107b54802fda4ca4df64fc0e315eae5325c798dc96f4cd08ae5702e54dc0264f9ed3d069f5d78a93cf2ee8214388a65394f5e4aada4c8fde796d7dc98b9fd463

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-23 12:10

Reported

2024-02-23 12:30

Platform

win10v2004-20240221-en

Max time kernel

445s

Max time network

1170s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Proforma fatura.msg"

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1414748551-1520717498-2956787782-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1414748551-1520717498-2956787782-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Proforma fatura.msg"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 178.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 146.191.110.104.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 134.191.110.104.in-addr.arpa udp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-02-23 12:10

Reported

2024-02-23 12:30

Platform

win7-20240221-en

Max time kernel

837s

Max time network

837s

Command Line

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\Proforma fatura.png"

Signatures

N/A

Processes

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\Proforma fatura.png"

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-02-23 12:10

Reported

2024-02-23 12:30

Platform

win10v2004-20240221-en

Max time kernel

422s

Max time network

1149s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\Proforma fatura.png"

Signatures

Enumerates physical storage devices

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\Proforma fatura.png"

Network

Country Destination Domain Proto
US 8.8.8.8:53 5.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 208.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 67.112.168.52.in-addr.arpa udp

Files

N/A