Malware Analysis Report

2024-11-30 19:05

Sample ID 240308-xq2qsseh6t
Target gotohttp_x64.zip
SHA256 379ab42eadf2f3e0a552aeb280ffe7e2616c64e6eb96a9dbfcd4429b0ba67fb3
Tags
lokibot agilenet bootkit collection discovery persistence spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

379ab42eadf2f3e0a552aeb280ffe7e2616c64e6eb96a9dbfcd4429b0ba67fb3

Threat Level: Known bad

The file gotohttp_x64.zip was found to be: Known bad.

Malicious Activity Summary

lokibot agilenet bootkit collection discovery persistence spyware stealer trojan

Lokibot

Reads user/profile data of web browsers

Obfuscated with Agile.Net obfuscator

Looks up external IP address via web service

Writes to the Master Boot Record (MBR)

Enumerates connected drives

Downloads MZ/PE file

Adds Run key to start application

Accesses Microsoft Outlook profiles

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

Checks system information in the registry

Executes dropped EXE

Drops file in Windows directory

Checks installed software on the system

Modifies system executable filetype association

Drops file in Program Files directory

Loads dropped DLL

Registers COM server for autorun

Enumerates physical storage devices

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Checks SCSI registry key(s)

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

outlook_win_path

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: AddClipboardFormatListener

Uses Volume Shadow Copy service COM API

outlook_office_path

Checks processor information in registry

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

System policy modification

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-08 19:04

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-08 19:04

Reported

2024-03-08 19:36

Platform

win10-20240214-en

Max time kernel

1799s

Max time network

1755s

Command Line

"C:\Users\Admin\AppData\Local\Temp\GotoHTTP_x64.exe"

Signatures

Lokibot

trojan spyware stealer lokibot

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook C:\Users\Admin\Downloads\Lokibot.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook C:\Users\Admin\Downloads\Lokibot.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook C:\Users\Admin\Downloads\Lokibot.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\Update\\OneDriveSetup.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Standalone Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\OneDriveSetup.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A

Downloads MZ/PE file

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\msiexec.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A wtfismyip.com N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\GotoHTTP_x64.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 6572 set thread context of 5360 N/A C:\Users\Admin\Downloads\Lokibot.exe C:\Users\Admin\Downloads\Lokibot.exe

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.UIElementsModule.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.UnityAnalyticsModule.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\app.info C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\Assembly-CSharp-firstpass.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\Assembly-CSharp.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\System.ComponentModel.DataAnnotations.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\System.Configuration.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\System.DirectoryServices.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\MonoBleedingEdge\etc\mono\2.0\Browsers\Compat.browser C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\MonoBleedingEdge\etc\mono\2.0\web.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\MonoBleedingEdge\etc\mono\mconfig\config.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\System.Runtime.Serialization.Formatters.Soap.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\UnityPlayer.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.PhysicsModule.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Plugins\nvdaControllerClient.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\MonoBleedingEdge\etc\mono\4.5\web.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\globalgamemanagers.assets C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.ClusterInputModule.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.GridModule.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.UnityWebRequestWWWModule.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.VideoModule.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\Mono.Posix.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\System.Security.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.HotReloadModule.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.StreamingModule.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.UNETModule.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\resources.resource C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\sharedassets0.assets C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\System.Data.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.ClusterRendererModule.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.ParticleSystemModule.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.StyleSheetsModule.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.TerrainPhysicsModule.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.UnityTestProtocolModule.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\UnityCrashHandler64.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.DirectorModule.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\boot.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.SharedInternalsModule.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.TLSModule.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.UnityWebRequestAssetBundleModule.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.UnityWebRequestTextureModule.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\resources.assets.resS C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\Accessibility.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\Mono.WebBrowser.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\mscorlib.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\Ookii.Dialogs.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.UnityWebRequestModule.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.UnityConnectModule.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\globalgamemanagers C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\System.Drawing.Design.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.AccessibilityModule.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.FileSystemHttpModule.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.UI.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\MonoBleedingEdge\etc\mono\4.0\machine.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\Mono.Data.Sqlite.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\Unity.TextMeshPro.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Resources\unity_builtin_extra C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.ARModule.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.AudioModule.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.ClothModule.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.Physics2DModule.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Managed\UnityEngine.TextRenderingModule.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Speedtest\Speedtest_Data\Plugins\sqlite3.dll C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e6098eb.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e6098e9.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e6098e9.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9AB1.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{49DC746F-BFC1-41CC-B5B1-AE3721829A3A} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9CD5.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{49DC746F-BFC1-41CC-B5B1-AE3721829A3A}\AppIcon.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9A62.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{49DC746F-BFC1-41CC-B5B1-AE3721829A3A}\AppIcon.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9975.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9A41.tmp C:\Windows\system32\msiexec.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files\Speedtest\Speedtest.exe N/A
N/A N/A C:\Program Files\Speedtest\Speedtest.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files\Speedtest\Speedtest.exe N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{2e7c0a19-0438-41e9-81e3-3ad3d64f55ba}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\" /cci /client=Personal" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileCoAuthLib64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuthLib.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_CLASSES\WOW6432NODE\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\LOCALSERVER32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileCoAuthLib64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileSyncShell.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\" /cci /client=Personal" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{2e7c0a19-0438-41e9-81e3-3ad3d64f55ba}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileSyncShell.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{A3CA1CF4-5F3E-4AC0-91B9-0D3716E1EAC3}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\amd64\\FileSyncShell64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileCoAuth.exe\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\FileCoAuth.exe" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceDesc C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\ C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\ C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Mfg C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Mfg C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\ C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E C:\Windows\system32\svchost.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Speedtest\Speedtest.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Speedtest\Speedtest.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Speedtest\Speedtest.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Speedtest\Speedtest.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133543986932838253" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache C:\Windows\system32\svchost.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1A\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1b C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\TypeLib\{C9F3F6BB-3172-4CD8-9EB7-37C9BE601C87}\1.0\HELPDIR C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\grvopen\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\" /url:\"%1\"" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Interface\{da82e55e-fa2f-45b3-aec3-e7294106ef52}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Interface\{a7126d4c-f492-4eb9-8a2a-f673dbdd3334}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileSyncShell.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\Interface\{da82e55e-fa2f-45b3-aec3-e7294106ef52}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\Interface\{A87958FF-B414-7748-9183-DBF183A25905} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Interface\{944903E8-B03F-43A0-8341-872200D2DA9C}\ = "ICheckFileHashCallback" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{20894375-46AE-46E2-BAFD-CB38975CDCE6} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\AppID\{EEABD3A3-784D-4334-AAFC-BB13234F17CF} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\Interface\{F062BA81-ADFE-4A92-886A-23FD851D6406}\ = "IGetLinkCallback" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\Interface\{F0AF7C30-EAE4-4644-961D-54E6E28708D6} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\Interface\{1196AE48-D92B-4BC7-85DE-664EC3F761F1}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Interface\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Interface\{2B865677-AC3A-43BD-B9E7-BF6FCD3F0596}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{2e7c0a19-0438-41e9-81e3-3ad3d64f55ba}\VersionIndependentProgID C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Interface\{3A4E62AE-45D9-41D5-85F5-A45B77AB44E5}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\TypeLib\{082D3FEC-D0D0-4DF6-A988-053FECE7B884}\1.0\0\win32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\Interface\{2F12C599-7AA5-407A-B898-09E6E4ED2D1E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Directory\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_CLASSES\TYPELIB\{082D3FEC-D0D0-4DF6-A988-053FECE7B884}\1.0\0\WIN32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\FileSyncClient.FileSyncClient\CLSID C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\18.151.0729.0013\\amd64\\FileSyncShell64.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Interface\{f0440f4e-4884-4a8F-8a45-ba89c00f96f2} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Interface\{0299ECA9-80B6-43C8-A79A-FB1C5F19E7D8}\TypeLib C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\Interface\{2692D1F2-2C7C-4AE0-8E73-8F37736C912D}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{2e7c0a19-0438-41e9-81e3-3ad3d64f55ba}\ProgID C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\Interface\{EE15BBBB-9E60-4C52-ABCB-7540FF3DF6B3}\TypeLib\ = "{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F647CD941CFBCC145B1BEA731228A9A3\MainFeature C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\Interface\{b5c25645-7426-433f-8a5f-42b7ff27a7b2} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\Interface\{f0440f4e-4884-4a8F-8a45-ba89c00f96f2}\ = "IUnmapLibraryCallback" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\ = "SharedOverlayHandler Class" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\Interface\{1196AE48-D92B-4BC7-85DE-664EC3F761F1}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\Interface\{5d65dd0d-81bf-4ff4-aeea-6effb445cb3f}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\BannerNotificationHandler.BannerNotificationHandler\CurVer\ = "BannerNotificationHandler.AutoBannerNotificationHandlerPlayHandler.1" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Interface\{F062BA81-ADFE-4A92-886A-23FD851D6406}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\Interface\{F062BA81-ADFE-4A92-886A-23FD851D6406}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\Interface\{22A68885-0FD9-42F6-9DED-4FB174DC7344}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Interface\{390AF5A7-1390-4255-9BC9-935BFCFA5D57}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\ = "ReadOnlyOverlayHandler Class" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\Interface\{2387C6BD-9A36-41A2-88ED-FF731E529384}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{2e7c0a19-0438-41e9-81e3-3ad3d64f55ba}\ = "BannerNotificationHandler Class" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Interface\{f0440f4e-4884-4a8F-8a45-ba89c00f96f2}\ = "IUnmapLibraryCallback" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\Interface\{679EC955-75AA-4FB2-A7ED-8C0152ECF409} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Interface\{5D5DD08F-A10E-4FEF-BCA7-E73E666FC66C} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\BannerNotificationHandler.BannerNotificationHandler\CurVer\ = "BannerNotificationHandler.AutoBannerNotificationHandlerPlayHandler.1" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Interface\{ACDB5DB0-C9D5-461C-BAAA-5DCE0B980E40}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\Interface\{da82e55e-fa2f-45b3-aec3-e7294106ef52}\TypeLib\ = "{909A6CCD-6810-46C4-89DF-05BE7EB61E6C}" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\ = "ErrorOverlayHandler2 Class" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\TypeLib\{F904F88C-E60D-4327-9FA2-865AD075B400}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\CLSID\{47E6DCAF-41F8-441C-BD0E-A50D5FE6C4D1}\VersionIndependentProgID\ = "NucleusToastActivator.NucleusToastActivator" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Interface\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\ = "IFileSyncOutOfProcServices" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Interface\{390AF5A7-1390-4255-9BC9-935BFCFA5D57}\ = "IAlbumMetadataCallback" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\VersionIndependentProgID\ = "OOBERequestHandler.OOBERequestHandler" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Interface\{466F31F7-9892-477E-B189-FA5C59DE3603} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\WOW6432Node\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005\\FileSyncShell.dll" C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Interface\{9D613F8A-B30E-4938-8490-CB5677701EBF} C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000_Classes\Interface\{a7126d4c-f492-4eb9-8a2a-f673dbdd3334}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Users\Admin\Downloads\Lokibot.exe N/A
N/A N/A C:\Users\Admin\Downloads\Lokibot.exe N/A
N/A N/A C:\Users\Admin\Downloads\Lokibot.exe N/A
N/A N/A C:\Users\Admin\Downloads\Lokibot.exe N/A
N/A N/A C:\Users\Admin\Downloads\Lokibot.exe N/A
N/A N/A C:\Users\Admin\Downloads\Lokibot.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\GotoHTTP_x64.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\GotoHTTP_x64.exe N/A
N/A N/A C:\Windows\system32\notepad.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\GotoHTTP_x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4864 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\GotoHTTP_x64.exe C:\Users\Admin\AppData\Local\Temp\GotoHTTP_x64.exe
PID 4864 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\GotoHTTP_x64.exe C:\Users\Admin\AppData\Local\Temp\GotoHTTP_x64.exe
PID 1848 wrote to memory of 5008 N/A C:\Users\Admin\AppData\Local\Temp\GotoHTTP_x64.exe C:\Windows\system32\control.exe
PID 1848 wrote to memory of 5008 N/A C:\Users\Admin\AppData\Local\Temp\GotoHTTP_x64.exe C:\Windows\system32\control.exe
PID 2596 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 4580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 2984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 3372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2596 wrote to memory of 4824 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

System policy modification

evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\AppData\Local\Temp\GotoHTTP_x64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\SoftwareSASGeneration = "1" C:\Users\Admin\AppData\Local\Temp\GotoHTTP_x64.exe N/A

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook C:\Users\Admin\Downloads\Lokibot.exe N/A

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3356371483-1660115160-1611493187-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook C:\Users\Admin\Downloads\Lokibot.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\GotoHTTP_x64.exe

"C:\Users\Admin\AppData\Local\Temp\GotoHTTP_x64.exe"

C:\Users\Admin\AppData\Local\Temp\GotoHTTP_x64.exe

"C:\Users\Admin\AppData\Local\Temp\GotoHTTP_x64.exe" service

C:\Users\Admin\AppData\Local\Temp\GotoHTTP_x64.exe

"C:\Users\Admin\AppData\Local\Temp\GotoHTTP_x64.exe" Global\GotoHTTP_1

C:\Windows\system32\notepad.exe

"C:\Windows\system32\notepad.exe"

C:\Windows\system32\control.exe

control

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe

"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe5f069758,0x7ffe5f069768,0x7ffe5f069778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4012 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe

"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" /update /restart

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe /update /restart /peruser /childprocess /extractFilesWithLessThreadCount /renameReplaceOneDriveExe /renameReplaceODSUExe /removeNonCurrentVersions /enableODSUReportingMode

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4968 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe

"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe"

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe

/updateInstalled /background

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5084 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5224 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2232 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1820 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5088 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5232 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5388 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5548 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5844 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5812 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5808 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5884 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5864 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6664 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6968 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6992 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6880 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7428 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7572 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7772 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7560 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8112 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7936 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7876 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7096 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8124 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7376 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7880 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6800 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=8504 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8576 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=8676 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=8892 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=8912 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9176 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=9240 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=7088 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=6972 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=9996 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=7980 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=6828 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=5528 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=5668 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=5628 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=5572 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1080 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=10164 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3a4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9268 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=10052 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=8148 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=7288 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=9320 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=5572 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=10020 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7012 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=2356 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\speedtestbyookla_x64.msi"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8384 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 52B0C8E19C19443E0928164EE5D04042 C

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 88A3EDE7DC9B46276BD7FE7821AD43A0

C:\Program Files\Speedtest\Speedtest.exe

"C:\Program Files\Speedtest\Speedtest.exe"

C:\Program Files\Speedtest\UnityCrashHandler64.exe

"C:\Program Files\Speedtest\UnityCrashHandler64.exe" --attach 3024 3161779605504

C:\Program Files\Speedtest\UnityCrashHandler64.exe

"C:\Program Files\Speedtest\UnityCrashHandler64.exe" "3024" "3161779605504"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {24AC8F2B-4D4A-4C17-9607-6A4B14068F97} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=8460 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=4744 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=1884 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=4736 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=3556 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=8384 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=9620 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=9972 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=6272 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=5928 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7836 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6024 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=8452 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9980 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5544 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8908 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8804 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9320 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Users\Admin\Downloads\EternalRocks.exe

"C:\Users\Admin\Downloads\EternalRocks.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7040 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2992 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9496 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8228 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6632 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8328 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9980 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=164 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8112 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --mojo-platform-channel-handle=8244 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7900 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9532 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2232 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --mojo-platform-channel-handle=7240 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --mojo-platform-channel-handle=5088 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --mojo-platform-channel-handle=9048 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Users\Admin\Downloads\Lokibot.exe

"C:\Users\Admin\Downloads\Lokibot.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3ec

C:\Users\Admin\Downloads\Lokibot.exe

"C:\Users\Admin\Downloads\Lokibot.exe"

C:\Users\Admin\Downloads\Lokibot.exe

"C:\Users\Admin\Downloads\Lokibot.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:8

C:\Windows\explorer.exe

explorer.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --win-jumplist-action=most-visited https://sus.ct8.pl/

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe5f069758,0x7ffe5f069768,0x7ffe5f069778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1684,i,1265044048064985254,12699849121553161574,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1860 --field-trial-handle=1684,i,1265044048064985254,12699849121553161574,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --mojo-platform-channel-handle=1860 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --mojo-platform-channel-handle=5928 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --mojo-platform-channel-handle=9328 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --mojo-platform-channel-handle=6688 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --mojo-platform-channel-handle=6524 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --mojo-platform-channel-handle=5132 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --mojo-platform-channel-handle=6536 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --mojo-platform-channel-handle=9336 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --mojo-platform-channel-handle=3652 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --mojo-platform-channel-handle=5016 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --mojo-platform-channel-handle=6264 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --mojo-platform-channel-handle=5808 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --mojo-platform-channel-handle=6692 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --mojo-platform-channel-handle=7076 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --mojo-platform-channel-handle=9484 --field-trial-handle=1832,i,4827932475697797039,6579598111947467525,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 def.gotohttp.com udp
US 43.130.10.102:443 def.gotohttp.com tcp
US 8.8.8.8:53 usw.gotohttp.com udp
US 8.8.8.8:53 102.10.130.43.in-addr.arpa udp
US 43.130.10.102:80 usw.gotohttp.com tcp
US 8.8.8.8:53 use.gotohttp.com udp
CA 49.51.102.118:80 use.gotohttp.com tcp
US 8.8.8.8:53 hk.gotohttp.com udp
US 20.231.121.79:80 tcp
SG 47.241.41.42:80 hk.gotohttp.com tcp
US 8.8.8.8:53 eu.gotohttp.com udp
US 8.8.8.8:53 118.102.51.49.in-addr.arpa udp
DE 43.131.61.143:80 eu.gotohttp.com tcp
US 8.8.8.8:53 tk.gotohttp.com udp
JP 103.143.72.251:80 tk.gotohttp.com tcp
US 8.8.8.8:53 spa.gotohttp.com udp
US 8.8.8.8:53 42.41.241.47.in-addr.arpa udp
BR 152.32.197.201:80 spa.gotohttp.com tcp
DE 43.131.61.143:443 eu.gotohttp.com tcp
DE 43.131.61.143:443 eu.gotohttp.com tcp
US 8.8.8.8:53 201.197.32.152.in-addr.arpa udp
US 8.8.8.8:53 143.61.131.43.in-addr.arpa udp
N/A 127.0.0.1:49787 tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 31.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 49.192.11.51.in-addr.arpa udp
US 8.8.8.8:53 18.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 225.88.219.68.in-addr.arpa udp
US 8.8.8.8:53 127.109.16.96.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 132.194.113.52.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
GB 142.250.178.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 speedtest.net udp
US 151.101.130.219:443 speedtest.net tcp
US 151.101.130.219:443 speedtest.net tcp
US 8.8.8.8:53 www.speedtest.net udp
US 104.18.202.232:443 www.speedtest.net tcp
US 8.8.8.8:53 cdn.ziffstatic.com udp
US 8.8.8.8:53 b.cdnst.net udp
GB 2.16.153.162:443 cdn.ziffstatic.com tcp
US 8.8.8.8:53 219.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 232.202.18.104.in-addr.arpa udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
CH 18.165.187.137:443 c.amazon-adsystem.com tcp
GB 2.16.153.162:443 cdn.ziffstatic.com udp
US 8.8.8.8:53 cdn.static.zdbb.net udp
GB 92.123.26.128:443 cdn.static.zdbb.net tcp
CH 18.165.187.137:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.18.131.236:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 162.153.16.2.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 137.187.165.18.in-addr.arpa udp
US 8.8.8.8:53 43.103.224.13.in-addr.arpa udp
US 8.8.8.8:53 128.26.123.92.in-addr.arpa udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
CH 18.165.183.39:443 config.aps.amazon-adsystem.com tcp
GB 172.217.169.34:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 zdbb.net udp
GB 142.250.178.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 gurgle.speedtest.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
IE 52.209.62.127:443 zdbb.net tcp
US 34.205.238.85:443 gurgle.speedtest.net tcp
CH 18.165.183.10:443 tags.crwdcntrl.net tcp
US 104.18.131.236:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 cdn.hadronid.net udp
US 104.22.52.173:443 cdn.hadronid.net tcp
US 8.8.8.8:53 cdn.id5-sync.com udp
GB 172.217.169.34:443 securepubads.g.doubleclick.net udp
US 104.22.53.86:443 cdn.id5-sync.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 216.239.32.36:443 region1.google-analytics.com tcp
IE 52.211.239.186:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 236.131.18.104.in-addr.arpa udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 39.183.165.18.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 127.62.209.52.in-addr.arpa udp
US 8.8.8.8:53 10.183.165.18.in-addr.arpa udp
US 8.8.8.8:53 85.238.205.34.in-addr.arpa udp
US 8.8.8.8:53 173.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 186.239.211.52.in-addr.arpa udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 172.67.23.234:443 id.hadron.ad.gt tcp
CH 18.165.181.36:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 gurgle.zdbb.net udp
US 8.8.8.8:53 speedtest.boxbroadband.co.uk.prod.hosts.ooklaserver.net udp
US 151.101.2.219:443 b.cdnst.net tcp
US 8.8.8.8:53 speedlon.hyperoptic.com udp
US 8.8.8.8:53 speedtest.upp.com.prod.hosts.ooklaserver.net udp
US 8.8.8.8:53 speedtest-1.london.network.youfibre.com.prod.hosts.ooklaserver.net udp
US 8.8.8.8:53 speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net udp
US 8.8.8.8:53 speedtest.swishfibre.com.prod.hosts.ooklaserver.net udp
US 8.8.8.8:53 lon.host.speedtest.net.prod.hosts.ooklaserver.net udp
US 8.8.8.8:53 speedtest02a.web.zen.net.uk.prod.hosts.ooklaserver.net udp
US 8.8.8.8:53 speedtest.noone.co.uk.prod.hosts.ooklaserver.net udp
US 8.8.8.8:53 lg-lon.fdcservers.net udp
GB 96.17.179.184:80 apps.identrust.com tcp
GB 45.10.101.252:8080 speedtest.boxbroadband.co.uk.prod.hosts.ooklaserver.net tcp
GB 45.92.46.45:8080 speedtest-1.london.network.youfibre.com.prod.hosts.ooklaserver.net tcp
GB 152.37.112.6:8080 speedlon.hyperoptic.com tcp
GB 193.3.26.19:8080 speedtest.upp.com.prod.hosts.ooklaserver.net tcp
GB 31.22.12.17:8080 speedtest.swishfibre.com.prod.hosts.ooklaserver.net tcp
GB 93.113.26.250:8080 speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net tcp
GB 95.87.111.214:8080 lon.host.speedtest.net.prod.hosts.ooklaserver.net tcp
GB 51.148.82.21:8080 speedtest02a.web.zen.net.uk.prod.hosts.ooklaserver.net tcp
GB 188.94.45.252:8080 speedtest.noone.co.uk.prod.hosts.ooklaserver.net tcp
GB 50.7.152.4:8080 lg-lon.fdcservers.net tcp
US 34.234.187.69:443 gurgle.zdbb.net tcp
US 8.8.8.8:53 jogger.zdbb.net udp
US 8.8.8.8:53 tags.bkrtx.com udp
US 8.8.8.8:53 a.ad.gt udp
US 52.22.232.212:443 jogger.zdbb.net tcp
GB 23.207.215.130:443 tags.bkrtx.com tcp
US 104.22.4.69:443 a.ad.gt tcp
US 8.8.8.8:53 cdn.krxd.net udp
US 151.101.2.133:443 cdn.krxd.net tcp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 36.181.165.18.in-addr.arpa udp
US 8.8.8.8:53 252.101.10.45.in-addr.arpa udp
US 8.8.8.8:53 219.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 6.112.37.152.in-addr.arpa udp
US 8.8.8.8:53 19.26.3.193.in-addr.arpa udp
US 8.8.8.8:53 45.46.92.45.in-addr.arpa udp
US 8.8.8.8:53 17.12.22.31.in-addr.arpa udp
US 8.8.8.8:53 250.26.113.93.in-addr.arpa udp
US 8.8.8.8:53 214.111.87.95.in-addr.arpa udp
US 8.8.8.8:53 21.82.148.51.in-addr.arpa udp
US 8.8.8.8:53 252.45.94.188.in-addr.arpa udp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 4.152.7.50.in-addr.arpa udp
US 8.8.8.8:53 69.187.234.34.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 130.215.207.23.in-addr.arpa udp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 212.232.22.52.in-addr.arpa udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 ib.adnxs-simple.com udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 c2shb.pubgw.yahoo.com udp
FR 178.250.7.10:443 bidder.criteo.com tcp
DE 52.28.129.74:443 btlr.sharethrough.com tcp
DE 52.28.129.74:443 btlr.sharethrough.com tcp
DE 52.28.129.74:443 btlr.sharethrough.com tcp
DE 52.28.129.74:443 btlr.sharethrough.com tcp
DE 52.28.129.74:443 btlr.sharethrough.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
NL 213.19.162.41:443 fastlane.rubiconproject.com tcp
NL 213.19.162.41:443 fastlane.rubiconproject.com tcp
NL 213.19.162.41:443 fastlane.rubiconproject.com tcp
NL 213.19.162.41:443 fastlane.rubiconproject.com tcp
NL 213.19.162.41:443 fastlane.rubiconproject.com tcp
US 35.186.253.211:443 rtb.openx.net tcp
NL 185.89.210.153:443 ib.adnxs-simple.com tcp
DE 18.156.195.47:443 c2shb.pubgw.yahoo.com tcp
DE 18.156.195.47:443 c2shb.pubgw.yahoo.com tcp
DE 18.156.195.47:443 c2shb.pubgw.yahoo.com tcp
DE 18.156.195.47:443 c2shb.pubgw.yahoo.com tcp
DE 18.156.195.47:443 c2shb.pubgw.yahoo.com tcp
US 8.8.8.8:53 stags.bluekai.com udp
GB 173.222.13.68:443 stags.bluekai.com tcp
DE 18.156.195.47:443 c2shb.pubgw.yahoo.com tcp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 211.253.186.35.in-addr.arpa udp
US 8.8.8.8:53 10.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 153.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 41.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 74.129.28.52.in-addr.arpa udp
US 8.8.8.8:53 68.13.222.173.in-addr.arpa udp
US 8.8.8.8:53 47.195.156.18.in-addr.arpa udp
US 8.8.8.8:53 static.criteo.net udp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 p.ad.gt udp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 ids.ad.gt udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 image2.pubmatic.com udp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 sync.smartadserver.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 104.22.4.69:443 ids.ad.gt tcp
US 8.8.8.8:53 40711f81768080ee7a3527781788cafb.safeframe.googlesyndication.com udp
US 52.223.40.198:443 match.adsrvr.org tcp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 142.250.200.34:443 cm.g.doubleclick.net tcp
FR 91.134.110.136:443 sync.smartadserver.com tcp
GB 185.64.191.210:443 image2.pubmatic.com tcp
US 172.67.23.234:443 ids.ad.gt tcp
US 172.67.23.234:443 ids.ad.gt tcp
NL 178.250.1.11:443 gum.criteo.com tcp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
US 104.18.32.137:443 privacyportal.onetrust.com tcp
NL 213.19.162.90:443 token.rubiconproject.com tcp
DE 37.252.171.21:443 secure.adnxs.com tcp
GB 216.58.204.65:443 40711f81768080ee7a3527781788cafb.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 sync.go.sonobi.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 69.166.1.66:443 sync.go.sonobi.com tcp
BE 64.233.166.156:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 id5-sync.com udp
DE 162.19.138.116:443 id5-sync.com tcp
US 8.8.8.8:53 bh.contextweb.com udp
US 104.22.4.69:443 ids.ad.gt tcp
US 104.22.4.69:443 ids.ad.gt tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 secure-us.imrworldwide.com udp
GB 142.250.200.34:443 cm.g.doubleclick.net udp
IE 99.80.121.231:443 secure-us.imrworldwide.com tcp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 pixels.ad.gt udp
US 104.22.4.69:443 pixels.ad.gt tcp
US 8.8.8.8:53 uipglob.semasio.net udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 210.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 136.110.134.91.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 90.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 65.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 118.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 21.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 156.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 66.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 116.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 231.121.80.99.in-addr.arpa udp
DK 77.243.51.122:443 uipglob.semasio.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 cdn-gl.imrworldwide.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
CH 18.165.183.111:443 cdn-gl.imrworldwide.com tcp
GB 216.58.212.193:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 bee.imrworldwide.com udp
CH 13.224.103.18:443 bee.imrworldwide.com tcp
US 8.8.8.8:53 ice.360yield.com udp
IE 52.210.27.230:443 ice.360yield.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 fw.adsafeprotected.com udp
US 8.8.8.8:53 s0.2mdn.net udp
US 8.8.8.8:53 cdn.doubleverify.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
DE 162.19.138.116:443 id5-sync.com tcp
GB 142.250.179.230:443 s0.2mdn.net tcp
GB 142.250.179.230:443 s0.2mdn.net tcp
US 8.8.8.8:53 js-sec.indexww.com udp
GB 104.77.160.206:443 cdn.doubleverify.com tcp
GB 104.77.160.206:443 cdn.doubleverify.com tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 ookla-d.openx.net udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
IE 54.77.58.207:443 fw.adsafeprotected.com tcp
IE 54.77.58.207:443 fw.adsafeprotected.com tcp
US 35.244.159.8:443 ookla-d.openx.net tcp
US 172.64.149.180:443 js-sec.indexww.com tcp
GB 92.123.242.2:443 eus.rubiconproject.com tcp
GB 96.16.109.9:443 ads.pubmatic.com tcp
GB 172.217.169.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 122.51.243.77.in-addr.arpa udp
US 8.8.8.8:53 111.183.165.18.in-addr.arpa udp
US 8.8.8.8:53 18.103.224.13.in-addr.arpa udp
US 8.8.8.8:53 230.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 230.27.210.52.in-addr.arpa udp
GB 92.123.242.2:443 eus.rubiconproject.com tcp
GB 96.16.109.9:443 ads.pubmatic.com tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 d.turn.com udp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 sync.teads.tv udp
US 8.8.8.8:53 sync.search.spotxchange.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
GB 142.250.179.230:443 s0.2mdn.net udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
GB 104.78.177.107:443 sync.teads.tv tcp
US 172.64.151.101:443 dsum-sec.casalemedia.com udp
NL 46.228.164.13:443 d.turn.com tcp
US 8.8.8.8:53 static.adsafeprotected.com udp
CH 18.165.183.78:443 static.adsafeprotected.com tcp
CH 18.165.183.78:443 static.adsafeprotected.com tcp
US 8.8.8.8:53 dt.adsafeprotected.com udp
CH 18.165.183.78:443 static.adsafeprotected.com tcp
US 35.155.2.123:443 dt.adsafeprotected.com tcp
US 35.155.2.123:443 dt.adsafeprotected.com tcp
US 35.155.2.123:443 dt.adsafeprotected.com tcp
US 35.155.2.123:443 dt.adsafeprotected.com tcp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 206.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 207.58.77.54.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 180.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 2.242.123.92.in-addr.arpa udp
US 8.8.8.8:53 9.109.16.96.in-addr.arpa udp
US 8.8.8.8:53 231.149.71.3.in-addr.arpa udp
US 8.8.8.8:53 13.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 107.177.78.104.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 78.183.165.18.in-addr.arpa udp
US 8.8.8.8:53 123.2.155.35.in-addr.arpa udp
US 8.8.8.8:53 rtb.gumgum.com udp
US 8.8.8.8:53 rtb0.doubleverify.com udp
IE 54.220.54.244:443 rtb.gumgum.com tcp
US 130.211.44.5:443 rtb0.doubleverify.com tcp
US 34.98.64.218:443 us-u.openx.net udp
US 8.8.8.8:53 eoqml8xr3tyoaa4f2mb0s0mq4sp1d1709925136.nuid.imrworldwide.com udp
CH 18.165.183.36:443 eoqml8xr3tyoaa4f2mb0s0mq4sp1d1709925136.nuid.imrworldwide.com tcp
US 8.8.8.8:53 image6.pubmatic.com udp
US 8.8.8.8:53 dis.eu.criteo.com udp
GB 185.64.190.78:443 image6.pubmatic.com tcp
NL 178.250.1.9:443 dis.eu.criteo.com tcp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 67.220.226.238:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 www.googletagservices.com udp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 simage2.pubmatic.com udp
DE 91.228.74.168:443 cms.quantserve.com tcp
US 8.8.8.8:53 dsp.adfarm1.adition.com udp
GB 142.250.178.2:443 www.googletagservices.com tcp
NL 198.47.127.205:443 simage2.pubmatic.com tcp
DE 85.114.159.93:443 dsp.adfarm1.adition.com tcp
US 8.8.8.8:53 244.54.220.54.in-addr.arpa udp
US 8.8.8.8:53 5.44.211.130.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 36.183.165.18.in-addr.arpa udp
US 8.8.8.8:53 78.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 p.rfihub.com udp
NL 198.47.127.205:443 simage2.pubmatic.com tcp
US 54.162.21.52:443 sync.srv.stackadapt.com tcp
NL 193.0.160.130:443 p.rfihub.com tcp
GB 142.250.178.2:443 www.googletagservices.com udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 8.8.8.8:53 cr.frontend.weborama.fr udp
US 8.8.8.8:53 ce.lijit.com udp
US 8.8.8.8:53 a.audrte.com udp
US 8.8.8.8:53 um.simpli.fi udp
US 8.8.8.8:53 c1.adform.net udp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
IE 34.247.62.134:443 match.prod.bidr.io tcp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
IE 34.246.118.212:443 ce.lijit.com tcp
US 8.8.8.8:53 pubmatic-match.dotomi.com udp
US 8.8.8.8:53 ad.turn.com udp
IE 52.209.135.120:443 a.audrte.com tcp
NL 63.215.202.140:443 pubmatic-match.dotomi.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
NL 35.204.158.49:443 um.simpli.fi tcp
IE 34.254.110.70:443 pr-bh.ybp.yahoo.com tcp
DK 37.157.5.133:443 c1.adform.net tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 34.111.129.221:443 cr.frontend.weborama.fr udp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 image4.pubmatic.com udp
GB 185.64.190.81:443 image4.pubmatic.com tcp
US 8.8.8.8:53 tps.doubleverify.com udp
US 8.8.8.8:53 sonata-notifications.taptapnetworks.com udp
DE 18.197.13.6:443 sonata-notifications.taptapnetworks.com tcp
US 130.211.44.5:443 tps.doubleverify.com tcp
US 8.8.8.8:53 idsync.frontend.weborama.fr udp
US 34.111.131.239:443 idsync.frontend.weborama.fr tcp
US 8.8.8.8:53 238.226.220.67.in-addr.arpa udp
US 8.8.8.8:53 168.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 205.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 93.159.114.85.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 130.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 52.21.162.54.in-addr.arpa udp
US 8.8.8.8:53 134.62.247.34.in-addr.arpa udp
US 8.8.8.8:53 221.129.111.34.in-addr.arpa udp
US 8.8.8.8:53 120.135.209.52.in-addr.arpa udp
US 8.8.8.8:53 140.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 212.118.246.34.in-addr.arpa udp
US 8.8.8.8:53 11.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 49.158.204.35.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 70.110.254.34.in-addr.arpa udp
US 8.8.8.8:53 133.5.157.37.in-addr.arpa udp
US 8.8.8.8:53 198.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 81.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 6.13.197.18.in-addr.arpa udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
FR 91.134.110.137:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 239.131.111.34.in-addr.arpa udp
US 8.8.8.8:53 137.110.134.91.in-addr.arpa udp
US 8.8.8.8:53 simage4.pubmatic.com udp
US 8.8.8.8:53 tpsc-ew1.doubleverify.com udp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
GB 95.87.111.214:8080 lon.host.speedtest.net.prod.hosts.ooklaserver.net tcp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 142.250.187.194:443 ade.googlesyndication.com tcp
GB 142.250.187.194:443 ade.googlesyndication.com udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
GB 95.87.111.214:8080 lon.host.speedtest.net.prod.hosts.ooklaserver.net tcp
GB 95.87.111.214:8080 lon.host.speedtest.net.prod.hosts.ooklaserver.net tcp
GB 45.10.101.252:8080 speedtest.boxbroadband.co.uk.prod.hosts.ooklaserver.net tcp
GB 152.37.112.6:8080 speedlon.hyperoptic.com tcp
GB 93.113.26.250:8080 speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net tcp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 3.49.178.192.in-addr.arpa udp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 install.speedtest.net udp
US 8.8.8.8:53 d5p.de17a.com udp
US 8.8.8.8:53 sync-tm.everesttech.net udp
SE 213.155.156.185:443 d5p.de17a.com tcp
US 8.8.8.8:53 t.adx.opera.com udp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
US 8.8.8.8:53 cm.adgrx.com udp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 8.8.8.8:53 csync.loopme.me udp
US 8.8.8.8:53 ipac.ctnsnet.com udp
NL 72.251.241.196:443 cm.adgrx.com tcp
NL 35.214.169.187:443 csync.loopme.me tcp
US 35.186.193.173:443 ipac.ctnsnet.com tcp
US 8.8.8.8:53 core.iprom.net udp
US 8.8.8.8:53 ad.mrtnsvr.com udp
SI 195.5.165.20:443 core.iprom.net tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 8.8.8.8:53 cm-supply-web.gammaplatform.com udp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
US 8.8.8.8:53 green.erne.co udp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 8.8.8.8:53 a.tribalfusion.com udp
FR 141.94.240.143:443 green.erne.co tcp
US 104.18.25.173:443 a.tribalfusion.com tcp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 185.156.155.213.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 173.193.186.35.in-addr.arpa udp
US 8.8.8.8:53 196.241.251.72.in-addr.arpa udp
US 8.8.8.8:53 187.169.214.35.in-addr.arpa udp
US 8.8.8.8:53 6.163.102.34.in-addr.arpa udp
US 8.8.8.8:53 20.165.5.195.in-addr.arpa udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 matching.truffle.bid udp
NL 46.228.174.117:443 sync.1rx.io tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
US 8.8.8.8:53 mwzeom.zeotap.com udp
DK 77.243.51.122:443 uipglob.semasio.net tcp
DE 162.55.120.196:443 matching.truffle.bid tcp
US 172.67.40.173:443 mwzeom.zeotap.com tcp
US 8.8.8.8:53 pixel-eu.onaudience.com udp
FR 141.94.171.212:443 pixel-eu.onaudience.com tcp
US 8.8.8.8:53 pixel.onaudience.com udp
US 8.8.8.8:53 match.adsby.bidtheatre.com udp
FR 141.94.171.212:443 pixel.onaudience.com tcp
NL 188.166.17.21:443 match.adsby.bidtheatre.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
US 8.8.8.8:53 s.tribalfusion.com udp
US 8.8.8.8:53 ps.eyeota.net udp
DE 3.120.214.218:443 ps.eyeota.net tcp
US 8.8.8.8:53 143.240.94.141.in-addr.arpa udp
US 8.8.8.8:53 173.25.18.104.in-addr.arpa udp
US 8.8.8.8:53 196.120.55.162.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 41.249.124.192.in-addr.arpa udp
US 8.8.8.8:53 173.40.67.172.in-addr.arpa udp
US 8.8.8.8:53 21.17.166.188.in-addr.arpa udp
US 8.8.8.8:53 218.214.120.3.in-addr.arpa udp
US 8.8.8.8:53 212.171.94.141.in-addr.arpa udp
US 8.8.8.8:53 sync.targeting.unrulymedia.com udp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
GB 95.87.111.214:8080 lon.host.speedtest.net.prod.hosts.ooklaserver.net tcp
GB 142.250.200.34:443 cm.g.doubleclick.net udp
GB 95.87.111.214:8080 lon.host.speedtest.net.prod.hosts.ooklaserver.net tcp
NL 46.228.164.13:443 d.turn.com tcp
GB 95.87.111.214:8080 lon.host.speedtest.net.prod.hosts.ooklaserver.net tcp
GB 95.87.111.214:8080 lon.host.speedtest.net.prod.hosts.ooklaserver.net tcp
GB 95.87.111.214:8080 lon.host.speedtest.net.prod.hosts.ooklaserver.net tcp
GB 95.87.111.214:8080 lon.host.speedtest.net.prod.hosts.ooklaserver.net tcp
DE 37.252.171.85:443 ib.adnxs.com tcp
US 8.8.8.8:53 85.171.252.37.in-addr.arpa udp
US 35.155.2.123:443 dt.adsafeprotected.com tcp
GB 172.217.16.228:443 www.google.com udp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 35.186.253.211:443 rtb.openx.net udp
US 172.64.151.101:443 dsum-sec.casalemedia.com udp
FR 178.250.7.10:443 bidder.criteo.com tcp
NL 213.19.162.41:443 fastlane.rubiconproject.com tcp
DE 37.252.171.85:443 ib.adnxs.com tcp
DE 3.125.238.57:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 c2shb.pubgw.yahoo.com udp
DE 35.157.246.167:443 c2shb.pubgw.yahoo.com tcp
DE 3.125.238.57:443 btlr.sharethrough.com tcp
FR 178.250.7.10:443 bidder.criteo.com tcp
DE 37.252.171.85:443 ib.adnxs.com tcp
DE 3.125.238.57:443 btlr.sharethrough.com tcp
DE 3.125.238.57:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 ssp-sync.criteo.com udp
US 8.8.8.8:53 167.246.157.35.in-addr.arpa udp
US 8.8.8.8:53 57.238.125.3.in-addr.arpa udp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.8.8.8:53 7.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 192.178.49.163:443 beacons.gvt2.com tcp
GB 172.217.169.34:443 securepubads.g.doubleclick.net udp
US 192.178.49.163:443 beacons.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 c.pm-serv.co udp
US 8.8.8.8:53 warp.media.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
DE 23.213.168.26:443 warp.media.net tcp
GB 184.28.198.96:443 c.pm-serv.co tcp
GB 216.58.212.193:443 tpc.googlesyndication.com udp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
GB 172.217.169.34:443 securepubads.g.doubleclick.net udp
GB 184.28.198.96:443 c.pm-serv.co udp
US 8.8.8.8:53 l.pm-serv.co udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 hblg.media.net udp
US 8.8.8.8:53 163.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 96.198.28.184.in-addr.arpa udp
US 8.8.8.8:53 26.168.213.23.in-addr.arpa udp
GB 92.123.240.21:443 contextual.media.net tcp
NL 23.206.82.156:443 hblg.media.net tcp
US 8.8.8.8:53 c21lg-d.media.net udp
US 69.166.1.66:443 sync.go.sonobi.com tcp
GB 92.123.240.21:443 contextual.media.net udp
US 8.8.8.8:53 premiumsearches.net udp
US 8.8.8.8:53 156.82.206.23.in-addr.arpa udp
US 8.8.8.8:53 21.240.123.92.in-addr.arpa udp
US 8.8.8.8:53 medianet-match.dotomi.com udp
NL 89.207.16.140:443 medianet-match.dotomi.com tcp
US 8.8.8.8:53 cs.media.net udp
US 151.101.1.108:443 acdn.adnxs.com tcp
US 8.8.8.8:53 140.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 108.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 dmp.adblade.com udp
US 34.199.73.116:443 dmp.adblade.com tcp
DE 18.158.154.121:443 rtb.mfadsrvr.com tcp
DE 18.158.154.121:443 rtb.mfadsrvr.com tcp
DE 18.158.154.121:443 rtb.mfadsrvr.com tcp
US 8.8.8.8:53 121.154.158.18.in-addr.arpa udp
US 8.8.8.8:53 116.73.199.34.in-addr.arpa udp
US 8.8.8.8:53 id.rlcdn.com udp
US 35.244.174.68:443 id.rlcdn.com tcp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 computernewb.com udp
US 188.114.96.2:443 computernewb.com tcp
US 188.114.96.2:443 computernewb.com tcp
US 188.114.96.2:443 computernewb.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.57.101:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 2.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 101.57.16.104.in-addr.arpa udp
US 8.8.8.8:53 match.deepintent.com udp
US 8.8.8.8:53 bttrack.com udp
US 192.132.33.69:443 bttrack.com tcp
US 8.18.47.7:443 match.deepintent.com tcp
US 8.8.8.8:53 sus.ct8.pl udp
DE 136.243.156.120:443 sus.ct8.pl tcp
DE 136.243.156.120:443 sus.ct8.pl tcp
US 8.8.8.8:53 69.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 7.47.18.8.in-addr.arpa udp
US 8.8.8.8:53 120.156.243.136.in-addr.arpa udp
US 8.8.8.8:53 my.kevinthe.horse udp
US 172.81.131.177:443 my.kevinthe.horse tcp
US 172.81.131.177:443 my.kevinthe.horse tcp
US 8.8.8.8:53 getbootstrap.com udp
US 172.67.30.148:443 getbootstrap.com tcp
US 8.8.8.8:53 148.30.67.172.in-addr.arpa udp
US 8.8.8.8:53 177.131.81.172.in-addr.arpa udp
US 172.67.30.148:443 getbootstrap.com udp
GB 142.250.200.14:443 clients2.google.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 resendayter.my.kevinthe.horse udp
US 172.81.131.177:443 resendayter.my.kevinthe.horse tcp
US 172.81.131.177:443 resendayter.my.kevinthe.horse tcp
US 8.8.8.8:53 aid.send.microad.jp udp
JP 202.233.84.1:443 aid.send.microad.jp tcp
JP 202.233.84.1:443 aid.send.microad.jp tcp
US 8.8.8.8:53 pixel.advertising.com udp
US 8.8.8.8:53 trace.mediago.io udp
US 35.208.249.213:443 trace.mediago.io tcp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 213.249.208.35.in-addr.arpa udp
US 8.8.8.8:53 bricks.my.kevinthe.horse udp
US 172.81.131.177:443 bricks.my.kevinthe.horse tcp
US 172.81.131.177:443 bricks.my.kevinthe.horse tcp
US 8.8.8.8:53 www.creativefabrica.com udp
US 104.18.6.235:443 www.creativefabrica.com tcp
US 104.18.6.235:443 www.creativefabrica.com tcp
US 8.8.8.8:53 235.6.18.104.in-addr.arpa udp
US 8.8.8.8:53 bricks.com udp
US 23.21.157.88:443 bricks.com tcp
US 23.21.157.88:443 bricks.com tcp
US 23.21.157.88:443 bricks.com tcp
GB 143.244.38.136:443 plausible.io tcp
GB 143.244.38.136:443 plausible.io udp
GB 143.244.38.136:443 plausible.io tcp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 88.157.21.23.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp
US 34.117.186.192:443 ipinfo.io tcp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 use.typekit.net udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 website-cdn.ipinfo.io udp
US 8.8.8.8:53 p.typekit.net udp
GB 88.221.134.88:443 use.typekit.net tcp
US 34.160.152.12:443 website-cdn.ipinfo.io tcp
US 34.160.152.12:443 website-cdn.ipinfo.io tcp
US 34.160.152.12:443 website-cdn.ipinfo.io tcp
US 34.160.152.12:443 website-cdn.ipinfo.io tcp
US 34.160.152.12:443 website-cdn.ipinfo.io tcp
US 34.160.152.12:443 website-cdn.ipinfo.io tcp
GB 88.221.134.122:443 p.typekit.net tcp
US 34.160.152.12:443 website-cdn.ipinfo.io udp
US 8.8.8.8:53 192.186.117.34.in-addr.arpa udp
US 8.8.8.8:53 12.152.160.34.in-addr.arpa udp
US 8.8.8.8:53 122.134.221.88.in-addr.arpa udp
GB 88.221.134.88:443 use.typekit.net tcp
GB 88.221.134.88:443 use.typekit.net tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 34.117.186.192:443 ipinfo.io udp
US 8.8.8.8:53 js.hsforms.net udp
US 8.8.8.8:53 api.iconify.design udp
US 104.16.136.206:443 js.hsforms.net tcp
US 104.26.12.204:443 api.iconify.design tcp
US 8.8.8.8:53 pixel.ipinfo.io udp
US 34.117.59.81:443 pixel.ipinfo.io tcp
US 8.8.8.8:53 static.ads-twitter.com udp
US 8.8.8.8:53 a.quora.com udp
US 8.8.8.8:53 js.hs-scripts.com udp
US 8.8.8.8:53 tracking.g2crowd.com udp
GB 151.101.60.157:443 static.ads-twitter.com tcp
US 162.159.152.17:443 a.quora.com tcp
US 104.16.189.89:443 js.hs-scripts.com tcp
US 172.64.144.225:443 tracking.g2crowd.com tcp
US 34.117.59.81:443 pixel.ipinfo.io tcp
US 104.16.189.89:443 js.hs-scripts.com tcp
US 172.64.144.225:443 tracking.g2crowd.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
BE 64.233.166.156:443 stats.g.doubleclick.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 q.quora.com udp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 analytics.twitter.com udp
US 34.160.152.12:443 website-cdn.ipinfo.io udp
GB 172.217.16.228:443 www.google.com udp
US 52.71.52.146:443 q.quora.com tcp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 88.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 206.136.16.104.in-addr.arpa udp
US 8.8.8.8:53 204.12.26.104.in-addr.arpa udp
US 8.8.8.8:53 157.60.101.151.in-addr.arpa udp
US 8.8.8.8:53 17.152.159.162.in-addr.arpa udp
US 8.8.8.8:53 81.59.117.34.in-addr.arpa udp
US 8.8.8.8:53 225.144.64.172.in-addr.arpa udp
US 104.244.42.69:443 t.co tcp
US 104.244.42.3:443 analytics.twitter.com tcp
US 8.8.8.8:53 js.stripe.com udp
US 151.101.0.176:443 js.stripe.com tcp
US 8.8.8.8:53 js.hubspot.com udp
US 8.8.8.8:53 js.hs-analytics.net udp
US 8.8.8.8:53 js.hs-banner.com udp
US 8.8.8.8:53 js.hscollectedforms.net udp
US 104.17.88.154:443 js.hscollectedforms.net tcp
US 104.19.154.83:443 js.hubspot.com tcp
US 104.16.77.186:443 js.hs-analytics.net tcp
US 172.64.153.27:443 js.hs-banner.com tcp
US 104.19.154.83:443 js.hubspot.com tcp
US 104.17.88.154:443 js.hscollectedforms.net tcp
US 8.8.8.8:53 69.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 3.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 146.52.71.52.in-addr.arpa udp
US 8.8.8.8:53 176.0.101.151.in-addr.arpa udp
US 8.8.8.8:53 27.153.64.172.in-addr.arpa udp
US 8.8.8.8:53 83.154.19.104.in-addr.arpa udp
US 8.8.8.8:53 186.77.16.104.in-addr.arpa udp
US 8.8.8.8:53 154.88.17.104.in-addr.arpa udp
US 8.8.8.8:53 cta-service-cms2.hubspot.com udp
US 8.8.8.8:53 perf-na1.hsforms.com udp
US 104.18.176.125:443 perf-na1.hsforms.com tcp
US 8.8.8.8:53 track.hubspot.com udp
US 8.8.8.8:53 forms.hscollectedforms.net udp
US 8.8.8.8:53 125.176.18.104.in-addr.arpa udp
US 104.19.155.83:443 track.hubspot.com tcp
US 104.19.155.83:443 track.hubspot.com tcp
US 8.8.8.8:53 m.stripe.network udp
US 8.8.8.8:53 forms.hsforms.com udp
US 104.17.239.249:443 forms.hsforms.com tcp
US 34.117.186.192:443 ipinfo.io udp
US 8.8.8.8:53 m.stripe.com udp
US 44.237.151.236:443 m.stripe.com tcp
US 8.8.8.8:53 83.155.19.104.in-addr.arpa udp
US 8.8.8.8:53 249.239.17.104.in-addr.arpa udp
US 8.8.8.8:53 236.151.237.44.in-addr.arpa udp
US 188.114.96.2:443 computernewb.com udp
US 104.16.57.101:443 static.cloudflareinsights.com tcp
US 188.114.96.2:80 computernewb.com tcp
US 8.8.8.8:53 kit.fontawesome.com udp
US 172.64.147.188:443 kit.fontawesome.com tcp
US 8.8.8.8:53 ka-f.fontawesome.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 172.64.165.7:443 ka-f.fontawesome.com tcp
US 172.64.165.7:443 ka-f.fontawesome.com tcp
US 172.64.165.7:443 ka-f.fontawesome.com tcp
US 172.64.165.7:443 ka-f.fontawesome.com tcp
US 8.8.8.8:53 elijahr.dev udp
US 8.8.8.8:53 home.elijahr.dev udp
US 8.8.8.8:53 egg.l5.ca udp
US 8.8.8.8:53 cvm.alee14.me udp
US 8.8.8.8:53 dank-vm.xyz udp
US 104.19.218.90:443 js.hcaptcha.com tcp
CA 54.39.157.64:443 elijahr.dev tcp
US 193.122.201.206:443 ocishitbox.elijahr.dev tcp
US 188.114.96.2:443 home.elijahr.dev tcp
US 104.21.47.26:443 dank-vm.xyz tcp
US 172.64.165.7:443 ka-f.fontawesome.com udp
US 23.148.232.35:443 egg.l5.ca tcp
US 8.8.8.8:53 188.147.64.172.in-addr.arpa udp
US 8.8.8.8:53 7.165.64.172.in-addr.arpa udp
US 8.8.8.8:53 26.47.21.104.in-addr.arpa udp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 64.157.39.54.in-addr.arpa udp
US 8.8.8.8:53 206.201.122.193.in-addr.arpa udp
US 193.122.201.206:443 ocishitbox.elijahr.dev tcp
US 8.8.8.8:53 ipodvm.top udp
FI 185.148.3.169:443 ipodvm.top tcp
US 23.148.232.35:443 egg.l5.ca tcp
US 8.8.8.8:53 bricks.fr.to udp
US 8.8.8.8:53 35.232.148.23.in-addr.arpa udp
US 8.8.8.8:53 169.3.148.185.in-addr.arpa udp
US 68.237.62.211:443 bricks.fr.to tcp
US 8.8.8.8:53 coolvm.ddns.net udp
US 129.213.83.208:443 coolvm.ddns.net tcp
US 8.8.8.8:53 spy-is.top udp
US 104.21.63.132:443 spy-is.top tcp
US 8.8.8.8:53 208.83.213.129.in-addr.arpa udp
US 129.213.83.208:443 coolvm.ddns.net tcp
US 8.8.8.8:53 home.madz258.top udp
US 8.8.8.8:53 132.63.21.104.in-addr.arpa udp
US 104.21.73.32:443 home.madz258.top tcp
US 129.213.83.208:443 coolvm.ddns.net tcp
US 129.213.83.208:443 coolvm.ddns.net tcp
US 8.8.8.8:53 mail.mdmck10.xyz udp
US 104.219.236.110:443 mail.mdmck10.xyz tcp
US 129.213.83.208:443 coolvm.ddns.net tcp
US 104.21.73.32:443 home.madz258.top tcp
US 8.8.8.8:53 cvm.boohbah.win udp
US 129.213.83.208:443 coolvm.ddns.net tcp
US 8.8.8.8:53 32.73.21.104.in-addr.arpa udp
US 8.8.8.8:53 110.236.219.104.in-addr.arpa udp
US 104.21.47.26:443 dank-vm.xyz tcp
US 68.237.62.211:443 bricks.fr.to tcp
US 8.8.8.8:53 16.234.44.23.in-addr.arpa udp
US 104.219.236.110:443 mail.mdmck10.xyz tcp
US 8.8.8.8:53 129.134.221.88.in-addr.arpa udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 68.237.62.211:443 bricks.fr.to tcp
US 104.21.47.26:443 dank-vm.xyz tcp
US 104.21.47.26:443 dank-vm.xyz tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
US 188.114.96.2:443 home.elijahr.dev udp
US 104.21.47.26:443 dank-vm.xyz tcp
US 8.8.8.8:53 secure-us.imrworldwide.com udp
IE 34.254.50.186:443 secure-us.imrworldwide.com tcp
US 8.8.8.8:53 186.50.254.34.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
BE 64.233.166.156:443 stats.g.doubleclick.net udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 myipmyipg.wtf udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 myipmyipg.wtf udp
US 8.8.8.8:53 myip.wtf udp
FI 65.108.75.112:443 myip.wtf tcp
FI 65.108.75.112:443 myip.wtf tcp
US 8.8.8.8:53 wtfismyip.com udp
US 8.8.8.8:53 stun.wtfismyip.com udp
FI 65.108.75.112:3478 stun.wtfismyip.com udp
US 8.8.8.8:53 112.75.108.65.in-addr.arpa udp
US 8.8.8.8:53 duckduckgo.com udp
IE 52.142.124.215:443 duckduckgo.com tcp
IE 52.142.124.215:443 duckduckgo.com tcp
US 8.8.8.8:53 improving.duckduckgo.com udp
US 8.8.8.8:53 215.124.142.52.in-addr.arpa udp
FI 185.148.3.169:443 ipodvm.top tcp
US 8.8.8.8:53 links.duckduckgo.com udp
IE 20.223.54.233:443 links.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
US 8.8.8.8:53 233.54.223.20.in-addr.arpa udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
US 8.8.8.8:53 222.125.142.52.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:443 github.com tcp
DE 140.82.121.3:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 3.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.21:443 collector.github.com tcp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 140.82.113.21:443 collector.github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 140.82.113.21:443 collector.github.com tcp
DE 140.82.121.5:443 api.github.com tcp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 5.121.82.140.in-addr.arpa udp
FI 185.148.3.169:443 ipodvm.top tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 github.com udp
GB 172.217.16.228:443 www.google.com udp
FI 185.148.3.169:443 ipodvm.top tcp
US 143.244.180.136:443 bloxd.io tcp
US 143.244.180.136:443 bloxd.io tcp
US 8.8.8.8:53 www.recaptcha.net udp
US 8.8.8.8:53 connect.facebook.net udp
GB 142.250.187.195:443 www.recaptcha.net tcp
FR 157.240.196.15:443 connect.facebook.net tcp
US 8.8.8.8:53 ka-p.fontawesome.com udp
US 8.8.8.8:53 bloxdcdn.bloxdhop.io udp
US 172.67.71.133:443 bloxdcdn.bloxdhop.io tcp
US 172.67.71.133:443 bloxdcdn.bloxdhop.io tcp
US 8.8.8.8:53 136.180.244.143.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 15.196.240.157.in-addr.arpa udp
US 172.67.71.133:443 bloxdcdn.bloxdhop.io tcp
FR 157.240.196.15:443 connect.facebook.net udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.214.35:443 www.facebook.com tcp
GB 142.250.187.195:443 www.recaptcha.net udp
US 172.67.71.133:443 bloxdcdn.bloxdhop.io udp
US 8.8.8.8:53 133.71.67.172.in-addr.arpa udp
US 8.8.8.8:53 35.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 solve.crazygames.com udp
US 8.8.8.8:53 n.gameads.io udp
US 51.81.57.71:443 n.gameads.io tcp
US 8.8.8.8:53 static2.bloxd.io udp
US 104.17.196.57:443 solve.crazygames.com tcp
US 8.8.8.8:53 firebase.googleapis.com udp
US 64.23.177.165:443 static2.bloxd.io tcp
US 64.23.177.165:443 static2.bloxd.io tcp
US 8.8.8.8:53 workers.crazygames.com udp
US 8.8.8.8:53 ncdn.gameads.io udp
US 104.17.196.57:443 workers.crazygames.com tcp
US 104.26.7.136:443 ncdn.gameads.io tcp
US 51.81.57.71:443 n.gameads.io tcp
US 216.239.34.36:443 region1.analytics.google.com udp
BE 64.233.166.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net udp
US 143.244.180.136:443 bloxd.io tcp
US 8.8.8.8:53 57.196.17.104.in-addr.arpa udp
US 8.8.8.8:53 71.57.81.51.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 165.177.23.64.in-addr.arpa udp
US 8.8.8.8:53 136.7.26.104.in-addr.arpa udp
GB 157.240.214.35:443 www.facebook.com udp
US 8.8.8.8:53 matchmaking.bloxd.io udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 164.92.122.81:443 matchmaking.bloxd.io tcp
US 8.8.8.8:53 81.122.92.164.in-addr.arpa udp
US 8.8.8.8:53 beacons2.gvt2.com udp
MX 172.217.3.131:443 beacons2.gvt2.com tcp
US 8.8.8.8:53 api.gameanalytics.com udp
US 107.21.236.205:443 api.gameanalytics.com tcp
US 172.67.71.133:443 bloxdcdn.bloxdhop.io udp
MX 172.217.3.131:443 beacons2.gvt2.com udp
US 8.8.8.8:53 131.3.217.172.in-addr.arpa udp
US 8.8.8.8:53 205.236.21.107.in-addr.arpa udp
US 64.23.175.71:443 gs-bedwars-kbytxv39fafi7zrzildkp.doodlecube.io tcp
US 64.23.175.71:443 gs-bedwars-kbytxv39fafi7zrzildkp.doodlecube.io tcp
US 8.8.8.8:53 71.175.23.64.in-addr.arpa udp
US 8.8.8.8:53 blesblochem.com udp
US 34.174.78.212:80 blesblochem.com tcp
US 34.174.78.212:80 blesblochem.com tcp
US 8.8.8.8:53 212.78.174.34.in-addr.arpa udp
US 34.174.78.212:80 blesblochem.com tcp
DE 136.243.156.120:443 sus.ct8.pl tcp
US 216.239.34.36:443 region1.analytics.google.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 craftnite.io udp
US 104.26.11.209:443 craftnite.io tcp
US 104.26.11.209:443 craftnite.io tcp
US 8.8.8.8:53 ssl.minijuegosgratis.com udp
US 8.8.8.8:53 api.adinplay.com udp
US 172.67.68.50:443 ssl.minijuegosgratis.com tcp
US 104.26.3.232:443 api.adinplay.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 209.11.26.104.in-addr.arpa udp
US 8.8.8.8:53 50.68.67.172.in-addr.arpa udp
US 8.8.8.8:53 232.3.26.104.in-addr.arpa udp
GB 142.250.178.10:443 ajax.googleapis.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 country.adinplay-venatus.workers.dev udp
US 8.8.8.8:53 stats.adinplay.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
NL 93.119.15.97:443 stats.adinplay.com tcp
US 188.114.96.2:443 country.adinplay-venatus.workers.dev tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 webgames.io udp
US 8.8.8.8:53 static.addtoany.com udp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 taming.io udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 sdki.truepush.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 c.delivery.consentmanager.net udp
US 104.18.22.145:443 cadmus.script.ac tcp
US 172.67.193.243:443 webgames.io tcp
US 172.67.193.243:443 webgames.io tcp
US 172.67.193.243:443 webgames.io tcp
US 172.67.39.148:443 static.addtoany.com tcp
US 172.67.71.199:443 taming.io tcp
US 104.22.75.216:443 btloader.com tcp
GB 142.250.187.202:443 imasdk.googleapis.com tcp
GB 172.217.169.34:443 securepubads.g.doubleclick.net udp
CH 18.165.187.137:443 c.amazon-adsystem.com tcp
DE 87.230.98.76:443 c.delivery.consentmanager.net tcp
CH 18.165.183.88:443 sdki.truepush.com tcp
US 172.67.39.148:443 static.addtoany.com tcp
US 8.8.8.8:53 cdn.consentmanager.net udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
GB 89.187.167.9:443 cdn.consentmanager.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
CH 18.165.187.137:443 c.amazon-adsystem.com tcp
CH 18.165.183.44:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 172.67.193.243:443 webgames.io udp
US 104.26.3.232:443 api.adinplay.com tcp
US 172.67.39.148:443 static.addtoany.com udp
US 172.67.39.148:443 static.addtoany.com udp
CH 18.165.183.88:443 sdki.truepush.com tcp
US 8.8.8.8:53 ssl.minijuegos.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 i.clean.gg udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 97.15.119.93.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 145.22.18.104.in-addr.arpa udp
US 8.8.8.8:53 243.193.67.172.in-addr.arpa udp
US 8.8.8.8:53 199.71.67.172.in-addr.arpa udp
US 34.95.69.49:443 i.clean.gg tcp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 216.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 76.98.230.87.in-addr.arpa udp
US 8.8.8.8:53 88.183.165.18.in-addr.arpa udp
US 104.26.12.2:443 ssl.minijuegos.com tcp
US 8.8.8.8:53 148.39.67.172.in-addr.arpa udp
CH 18.165.181.36:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 9.167.187.89.in-addr.arpa udp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 44.183.165.18.in-addr.arpa udp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 elb.the-ozone-project.com udp
US 8.8.8.8:53 targeting.unrulymedia.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 151.101.1.229:443 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 130.211.23.194:443 api.btloader.com udp
DE 51.89.9.252:443 onetag-sys.com tcp
US 104.18.34.178:443 mp.4dex.io tcp
NL 213.19.162.41:443 fastlane.rubiconproject.com tcp
US 172.64.151.101:443 htlb.casalemedia.com udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
DE 37.252.171.53:443 ib.adnxs.com tcp
US 104.18.43.178:443 elb.the-ozone-project.com tcp
DE 3.121.203.112:443 tlx.3lift.com tcp
IE 52.210.86.187:443 hb.yellowblue.io tcp
US 104.26.8.169:443 script.4dex.io tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
CH 18.165.183.26:443 tags.crwdcntrl.net tcp
CH 18.165.184.98:443 cdn.prod.uidapi.com tcp
DE 87.230.98.76:443 c.delivery.consentmanager.net tcp
US 34.95.69.49:443 i.clean.gg udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 104.26.8.169:443 script.4dex.io tcp
US 8.8.8.8:53 esp.rtbhouse.com udp
US 8.8.8.8:53 sdk.truepush.com udp
US 35.190.39.111:443 esp.rtbhouse.com tcp
IN 137.59.203.101:443 sdk.truepush.com tcp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
IE 52.211.99.1:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 id5-sync.com udp
DE 141.95.98.64:443 id5-sync.com tcp
US 104.26.11.209:443 craftnite.io tcp
IN 137.59.203.101:443 sdk.truepush.com tcp
US 104.26.11.209:443 craftnite.io tcp
US 172.67.39.148:443 static.addtoany.com tcp
US 104.26.11.209:443 craftnite.io tcp
DE 51.89.9.252:443 onetag-sys.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 eb2.3lift.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
GB 96.16.109.9:443 ads.pubmatic.com tcp
US 76.223.111.18:443 eb2.3lift.com tcp
US 104.18.38.76:443 js-sec.indexww.com tcp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
GB 173.222.13.62:443 eus.rubiconproject.com tcp
DE 37.252.171.53:443 ib.adnxs.com tcp
US 8.8.8.8:53 baguette.webgames.io udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 hb.yellowblue.io udp
US 172.64.151.101:443 htlb.casalemedia.com udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 8.8.8.8:53 49.69.95.34.in-addr.arpa udp
US 8.8.8.8:53 252.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 115.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 2.12.26.104.in-addr.arpa udp
US 8.8.8.8:53 53.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 178.43.18.104.in-addr.arpa udp
US 8.8.8.8:53 169.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 178.34.18.104.in-addr.arpa udp
US 8.8.8.8:53 112.203.121.3.in-addr.arpa udp
US 8.8.8.8:53 187.86.210.52.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 111.39.190.35.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 98.184.165.18.in-addr.arpa udp
US 8.8.8.8:53 1.99.211.52.in-addr.arpa udp
US 8.8.8.8:53 26.183.165.18.in-addr.arpa udp
US 8.8.8.8:53 101.203.59.137.in-addr.arpa udp
US 8.8.8.8:53 64.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 76.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 eu.gotohttp.com udp
US 172.67.193.243:443 baguette.webgames.io tcp
US 172.67.193.243:443 baguette.webgames.io tcp
IE 54.228.129.168:443 hb.yellowblue.io tcp
DE 43.131.61.143:443 eu.gotohttp.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
DE 95.101.200.189:443 acdn.adnxs.com tcp
DE 95.101.200.189:443 acdn.adnxs.com tcp
US 172.67.193.243:443 baguette.webgames.io tcp
US 172.67.193.243:443 baguette.webgames.io tcp
US 172.67.193.243:443 baguette.webgames.io tcp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 cdni.truepush.com udp
US 8.8.8.8:53 168.129.228.54.in-addr.arpa udp
US 34.174.78.212:80 blesblochem.com tcp
CH 18.165.183.18:443 cdni.truepush.com tcp
CH 18.165.183.18:443 cdni.truepush.com tcp
US 8.8.8.8:53 189.200.101.95.in-addr.arpa udp
US 8.8.8.8:53 18.183.165.18.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 172.64.151.101:443 ssum-sec.casalemedia.com udp
US 172.64.151.101:443 ssum-sec.casalemedia.com tcp
US 8.8.8.8:53 token.rubiconproject.com udp
NL 213.19.162.90:443 token.rubiconproject.com tcp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 blesblochem.com udp
US 34.174.78.212:80 blesblochem.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 34.174.78.212:80 blesblochem.com tcp
US 34.174.78.212:80 blesblochem.com tcp
US 8.8.8.8:53 blesblochem.com udp
US 34.174.78.212:80 blesblochem.com tcp
US 34.174.78.212:80 blesblochem.com tcp

Files

memory/1848-0-0x0000000000B40000-0x0000000000B41000-memory.dmp

memory/1848-3-0x0000000000B40000-0x0000000000B41000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\PreSignInSettingsConfig.json

MD5 e516a60bc980095e8d156b1a99ab5eee
SHA1 238e243ffc12d4e012fd020c9822703109b987f6
SHA256 543796a1b343b4ebc0285d89cb8eb70667ac7b513da37495e38003704e9d88d7
SHA512 9b51e99ba20e9da56d1acc24a1cf9f9c9dbdeb742bec034e0ff2bc179a60f4aff249f40344f9ddd43229dcdefa1041940f65afb336d46c175ffeff725c638d58

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W0EKIFFP\update100[1].xml

MD5 53244e542ddf6d280a2b03e28f0646b7
SHA1 d9925f810a95880c92974549deead18d56f19c37
SHA256 36a6bd38a8a6f5a75b73caffae5ae66dfabcaefd83da65b493fa881ea8a64e7d
SHA512 4aa71d92ea2c46df86565d97aac75395371d3e17877ab252a297b84dca2ab251d50aaffc62eab9961f0df48de6f12be04a1f4a2cbde75b9ae7bcce6eb5450c62

\??\pipe\crashpad_2596_OFORNXHEABAXSCPN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe

MD5 76009f0518c0faa83f24068b1c171a56
SHA1 0be8f8e5520ac9c63535e508c15846ac5b1cdaa5
SHA256 71ed6183de7933c4ffecf6cd71a9d085aff4a795071d9f4e36ec46d7d9af1e3c
SHA512 6a2faeac75a66f40bedcb7fc3378a5ff4819127295a8b1205a2575ce59bd715027641b912609d3e7e7bdbc5a09c8ce020548c4206ab8dc6e28762e70c2a373cd

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe

MD5 a9e811d6c1b70dbeb64ff7270e88fa14
SHA1 54ffdc8b0676afce1d2772acd5bd3754196aca9d
SHA256 fd9b5ac73e79bf09e8a29009defb108d262b741473dbb2759487a639e8e70243
SHA512 e61a3862b61d1d0905a48c1799ebdb4bb311a2a48abe349e8d3a3fc806dd07f6abe387f92049785f719b3b2c90541463c0759bc18bd441e1675b1f40e4d3d32e

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe

MD5 b860dd36b3044863677888c856e492f7
SHA1 be4a47ae71173831dbcb0a783b29ae23aa8a4a24
SHA256 46b6142e37cd06605a0ee90cb7712c1d45ee07a5644026eb6528bd9ffa21ecdd
SHA512 08d74a83e4d9bb22707c4e7a714b0dc88d604f0089f5ff36c5d5160aafff214db697d50dc5a5a10e83cd9efff26a73456a1ef91bbc0c38d1eccde37e1de8df35

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe

MD5 1d0c3734bfd21c245d5ffe64d37b328b
SHA1 629019a8d65d5827cb7e03af9c80d29a26ed43d4
SHA256 3b7c86884be3a2dd9af39333c407d5eecd32d161d5e374164116f384bd74ab77
SHA512 4a89561aae312f5aeddcb7b4e0ad542eda9a01955189d5547076eeee6165dd99993a921e526a7582714fa49fa060d50a522ff59697a1b8449de331e9825f0346

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\setup\logs\DeviceHealthSummaryConfiguration.ini

MD5 1ab47c0fd138950fc5e2ce192c935a28
SHA1 331e86a6e69bad6ee01b822bc5fff9e6bd5b8f0b
SHA256 c65780f2c86b69f31543abb5c3b6549101895c5cc48c206281be376badc5e514
SHA512 022de0dffbae7672cab8d01a3fad8b2b2c5ecdac5528b50559b69614f971ddb25823b0c132bfbfe7fdcf30cb15ec7e00857a93a0e85122f7a477c9109d3d1dae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\tmpD732.tmp

MD5 b12d52d254887dafd143e3206f07c07a
SHA1 4c857fcda482d7fee21fa08a0a37f9c9970787df
SHA256 454149b55534d7231b1cee815364b4cc122158adc956fe12c9a180bac900a277
SHA512 4ae12d13b50d797764a5e24f3c3a896513ba0b7d8af0ea429ca04d9c505d5a0101e0c8adb20327607ac29b3112a8951fe73c69277a7deacff3454a3862b72455

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\Personal\logUploaderSettings_temp.ini

MD5 cc04d6015cd4395c9b980b280254156e
SHA1 87b176f1330dc08d4ffabe3f7e77da4121c8e749
SHA256 884d272d16605590e511ae50c88842a8ce203a864f56061a3c554f8f8265866e
SHA512 d3cb7853b69649c673814d5738247b5fbaaae5bb7b84e4c7b3ff5c4f1b1a85fc7261a35f0282d79076a9c862e5e1021d31a318d8b2e5a74b80500cb222642940

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDrive.exe

MD5 c2938eb5ff932c2540a1514cc82c197c
SHA1 2d7da1c3bfa4755ba0efec5317260d239cbb51c3
SHA256 5d8273bf98397e4c5053f8f154e5f838c7e8a798b125fcad33cab16e2515b665
SHA512 5deb54462615e39cf7871418871856094031a383e9ad82d5a5993f1e67b7ade7c2217055b657c0d127189792c3bcf6c1fcfbd3c5606f6134adfafcccfa176441

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDrive.VisualElementsManifest.xml

MD5 5ae2d05d894d1a55d9a1e4f593c68969
SHA1 a983584f58d68552e639601538af960a34fa1da7
SHA256 d21077ad0c29a4c939b8c25f1186e2b542d054bb787b1d3210e9cab48ec3080c
SHA512 152949f5b661980f33608a0804dd8c43d70e056ae0336e409006e764664496fef6e60daa09fecb8d74523d3e7928c0dbd5d8272d8be1cf276852d88370954adc

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDriveStandaloneUpdater.exe

MD5 9cdabfbf75fd35e615c9f85fedafce8a
SHA1 57b7fc9bf59cf09a9c19ad0ce0a159746554d682
SHA256 969fbb03015dd9f33baf45f2750e36b77003a7e18c3954fab890cddc94046673
SHA512 348923f497e615a5cd0ed428eb1e30a792dea310585645b721235d48f3f890398ad51d8955c1e483df0a712ba2c0a18ad99b977be64f5ee6768f955b12a4a236

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Resources.pri

MD5 7473be9c7899f2a2da99d09c596b2d6d
SHA1 0f76063651fe45bbc0b5c0532ad87d7dc7dc53ac
SHA256 e1252527bc066da6838344d49660e4c6ff2d1ddfda036c5ec19b07fdfb90c8c3
SHA512 a4a5c97856e314eedbad38411f250d139a668c2256d917788697c8a009d5408d559772e0836713853704e6a3755601ae7ee433e07a34bd0e7f130a3e28729c45

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-400.png

MD5 096d0e769212718b8de5237b3427aacc
SHA1 4b912a0f2192f44824057832d9bb08c1a2c76e72
SHA256 9a0b901e97abe02036c782eb6a2471e18160b89fd5141a5a9909f0baab67b1ef
SHA512 99eb3d67e1a05ffa440e70b7e053b7d32e84326671b0b9d2fcfcea2633b8566155477b2a226521bf860b471c5926f8e1f8e3a52676cacb41b40e2b97cb3c1173

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-200.png

MD5 d9d00ecb4bb933cdbb0cd1b5d511dcf5
SHA1 4e41b1eda56c4ebe5534eb49e826289ebff99dd9
SHA256 85823f7a5a4ebf8274f790a88b981e92ede57bde0ba804f00b03416ee4feda89
SHA512 8b53dec59bba8b4033e5c6b2ff77f9ba6b929c412000184928978f13b475cd691a854fee7d55026e48eab8ac84cf34fc7cb38e3766bbf743cf07c4d59afb98f4

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-150.png

MD5 ed306d8b1c42995188866a80d6b761de
SHA1 eadc119bec9fad65019909e8229584cd6b7e0a2b
SHA256 7e3f35d5eb05435be8d104a2eacf5bace8301853104a4ea4768601c607ddf301
SHA512 972a42f7677d57fcb8c8cb0720b21a6ffe9303ea58dde276cfe2f26ee68fe4cc8ae6d29f3a21a400253de7c0a212edf29981e9e2bca49750b79dd439461c8335

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-125.png

MD5 09f3f8485e79f57f0a34abd5a67898ca
SHA1 e68ae5685d5442c1b7acc567dc0b1939cad5f41a
SHA256 69e432d1eec44bed4aad35f72a912e1f0036a4b501a50aec401c9fa260a523e3
SHA512 0eafeaf735cedc322719049db6325ccbf5e92de229cace927b78a08317e842261b7adbda03ec192f71ee36e35eb9bf9624589de01beaec2c5597a605fc224130

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.scale-100.png

MD5 1f156044d43913efd88cad6aa6474d73
SHA1 1f6bd3e15a4bdb052746cf9840bdc13e7e8eda26
SHA256 4e11167708801727891e8dd9257152b7391fc483d46688d61f44b96360f76816
SHA512 df791d7c1e7a580e589613b5a56ba529005162d3564fffd4c8514e6afaa5eccea9cea9e1ac43bd9d74ee3971b2e94d985b103176db592e3c775d5feec7aac6d1

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LoggingPlatform.DLL

MD5 4ffef06099812f4f86d1280d69151a3f
SHA1 e5da93b4e0cf14300701a0efbd7caf80b86621c3
SHA256 d5a538a0a036c602492f9b2b6f85de59924da9ec3ed7a7bbf6ecd0979bee54d3
SHA512 d667fd0ae46039914f988eb7e407344114944a040468e4ec5a53d562db2c3241737566308d8420bb4f7c89c6ef446a7881b83eaac7daba3271b81754c5c0f34a

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\UpdateRingSettings.dll

MD5 037df27be847ef8ab259be13e98cdd59
SHA1 d5541dfa2454a5d05c835ec5303c84628f48e7b2
SHA256 9fb3abcafd8e8b1deb13ec0f46c87b759a1cb610b2488052ba70e3363f1935ec
SHA512 7e1a04368ec469e4059172c5b44fd08d4ea3d01df98bfd6d4cc91ac45f381862ecf89fe9c6bedce985a12158d840cd6cfa06ce9d22466fbf6110140465002205

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe

MD5 57bd9bd545af2b0f2ce14a33ca57ece9
SHA1 15b4b5afff9abba2de64cbd4f0989f1b2fbc4bf1
SHA256 a3a4b648e4dcf3a4e5f7d13cc3d21b0353e496da75f83246cc8a15fada463bdf
SHA512 d134f9881312ddbd0d61f39fd62af5443a4947d3de010fef3b0f6ebf17829bd4c2f13f6299d2a7aad35c868bb451ef6991c5093c2809e6be791f05f137324b39

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png

MD5 3c29933ab3beda6803c4b704fba48c53
SHA1 056fe7770a2ba171a54bd60b3c29c4fbb6d42f0c
SHA256 3a7ef7c0bda402fdaff19a479d6c18577c436a5f4e188da4c058a42ef09a7633
SHA512 09408a000a6fa8046649c61ccef36afa1046869506f019f739f67f5c1c05d2e313b95a60bd43d9be882688df1610ad7979dd9d1f16a2170959b526ebd89b8ef7

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-200.png

MD5 22e17842b11cd1cb17b24aa743a74e67
SHA1 f230cb9e5a6cb027e6561fabf11a909aa3ba0207
SHA256 9833b80def72b73fca150af17d4b98c8cd484401f0e2d44320ecd75b5bb57c42
SHA512 8332fc72cd411f9d9fd65950d58bf6440563dc4bd5ce3622775306575802e20c967f0ee6bab2092769a11e2a4ea228dab91a02534beeb8afde8239dd2b90f23a

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-150.png

MD5 552b0304f2e25a1283709ad56c4b1a85
SHA1 92a9d0d795852ec45beae1d08f8327d02de8994e
SHA256 262b9a30bb8db4fc59b5bc348aa3813c75e113066a087135d0946ad916f72535
SHA512 9559895b66ef533486f43274f7346ad3059c15f735c9ce5351adf1403c95c2b787372153d4827b03b6eb530f75efcf9ae89db1e9c69189e86d6383138ab9c839

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-125.png

MD5 2c7a9e323a69409f4b13b1c3244074c4
SHA1 3c77c1b013691fa3bdff5677c3a31b355d3e2205
SHA256 8efeacefb92d64dfb1c4df2568165df6436777f176accfd24f4f7970605d16c2
SHA512 087c12e225c1d791d7ad0bf7d3544b4bed8c4fb0daaa02aee0e379badae8954fe6120d61fdf1a11007cbcdb238b5a02c54f429b6cc692a145aa8fbd220c0cb2d

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png

MD5 f4e9f958ed6436aef6d16ee6868fa657
SHA1 b14bc7aaca388f29570825010ebc17ca577b292f
SHA256 292cac291af7b45f12404f968759afc7145b2189e778b14d681449132b14f06b
SHA512 cd5d78317e82127e9a62366fd33d5420a6f25d0a6e55552335e64dc39932238abd707fe75d4f62472bc28a388d32b70ff08b6aa366c092a7ace3367896a2bd98

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-400.png

MD5 e593676ee86a6183082112df974a4706
SHA1 c4e91440312dea1f89777c2856cb11e45d95fe55
SHA256 deb0ec0ee8f1c4f7ea4de2c28ff85087ee5ff8c7e3036c3b0a66d84bae32b6bb
SHA512 11d7ed45f461f44fa566449bb50bcfce35f73fc775744c2d45ea80aeb364fe40a68a731a2152f10edc059dea16b8bab9c9a47da0c9ffe3d954f57da0ff714681

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-200.png

MD5 13e6baac125114e87f50c21017b9e010
SHA1 561c84f767537d71c901a23a061213cf03b27a58
SHA256 3384357b6110f418b175e2f0910cffe588c847c8e55f2fe3572d82999a62c18e
SHA512 673c3bec7c2cd99c07ebfca0f4ab14cd6341086c8702fe9e8b5028aed0174398d7c8a94583da40c32cd0934d784062ad6db71f49391f64122459f8bb00222e08

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-150.png

MD5 a23c55ae34e1b8d81aa34514ea792540
SHA1 3b539dfb299d00b93525144fd2afd7dd9ba4ccbf
SHA256 3df4590386671e0d6fee7108e457eb805370a189f5fdfeaf2f2c32d5adc76abd
SHA512 1423a2534ae71174f34ee527fe3a0db38480a869cac50b08b60a2140b5587b3944967a95016f0b00e3ca9ced1f1452c613bb76c34d7ebd386290667084bce77d

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-125.png

MD5 d03b7edafe4cb7889418f28af439c9c1
SHA1 16822a2ab6a15dda520f28472f6eeddb27f81178
SHA256 a5294e3c7cd855815f8d916849d87bd2357f5165eb4372f248fdf8b988601665
SHA512 59d99f0b9a7813b28bae3ea1ae5bdbbf0d87d32ff621ff20cbe1b900c52bb480c722dd428578dea5d5351cc36f1fa56b2c1712f2724344f026fe534232812962

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.scale-100.png

MD5 57a6876000151c4303f99e9a05ab4265
SHA1 1a63d3dd2b8bdc0061660d4add5a5b9af0ff0794
SHA256 8acbdd41252595b7410ca2ed438d6d8ede10bd17fe3a18705eedc65f46e4c1c4
SHA512 c6a2a9124bc6bcf70d2977aaca7e3060380a4d9428a624cc6e5624c75ebb6d6993c6186651d4e54edf32f3491d413714ef97a4cdc42bae94045cd804f0ad7cba

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-400.png

MD5 adbbeb01272c8d8b14977481108400d6
SHA1 1cc6868eec36764b249de193f0ce44787ba9dd45
SHA256 9250ef25efc2a9765cf1126524256fdfc963c8687edfdc4a2ecde50d748ada85
SHA512 c15951cf2dc076ed508665cd7dac2251c8966c1550b78549b926e98c01899ad825535001bd65eeb2f8680cd6753cd47e95606ecf453919f5827ed12bca062887

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-200.png

MD5 f1c75409c9a1b823e846cc746903e12c
SHA1 f0e1f0cf35369544d88d8a2785570f55f6024779
SHA256 fba9104432cbb8ebbd45c18ef1ba46a45dd374773e5aa37d411bb023ded8efd6
SHA512 ed72eb547e0c03776f32e07191ce7022d08d4bcc66e7abca4772cdd8c22d8e7a423577805a4925c5e804ed6c15395f3df8aac7af62f1129e4982685d7e46bd85

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-150.png

MD5 de5ba8348a73164c66750f70f4b59663
SHA1 1d7a04b74bd36ecac2f5dae6921465fc27812fec
SHA256 a0bbe33b798c3adac36396e877908874cffaadb240244095c68dff840dcbbf73
SHA512 85197e0b13a1ae48f51660525557cceaeed7d893dd081939f62e6e8921bb036c6501d3bb41250649048a286ff6bac6c9c1a426d2f58f3e3b41521db26ef6a17c

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-125.png

MD5 8347d6f79f819fcf91e0c9d3791d6861
SHA1 5591cf408f0adaa3b86a5a30b0112863ec3d6d28
SHA256 e8b30bfcee8041f1a70e61ca46764416fd1df2e6086ba4c280bfa2220c226750
SHA512 9f658bc77131f4ac4f730ed56a44a406e09a3ceec215b7a0b2ed42d019d8b13d89ab117affb547a5107b5a84feb330329dc15e14644f2b52122acb063f2ba550

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-white_scale-100.png

MD5 19876b66df75a2c358c37be528f76991
SHA1 181cab3db89f416f343bae9699bf868920240c8b
SHA256 a024fc5dbe0973fd9267229da4ebfd8fc41d73ca27a2055715aafe0efb4f3425
SHA512 78610a040bbbb026a165a5a50dfbaf4208ebef7407660eea1a20e95c30d0d42ef1d13f647802a2f0638443ae2253c49945ebe018c3499ddbf00cfdb1db42ced1

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-400.png

MD5 e01cdbbd97eebc41c63a280f65db28e9
SHA1 1c2657880dd1ea10caf86bd08312cd832a967be1
SHA256 5cb8fd670585de8a7fc0ceede164847522d287ef17cd48806831ea18a0ceac1f
SHA512 ffd928e289dc0e36fa406f0416fb07c2eb0f3725a9cdbb27225439d75b8582d68705ec508e3c4af1fc4982d06d70ef868cafbfc73a637724dee7f34828d14850

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-200.png

MD5 09773d7bb374aeec469367708fcfe442
SHA1 2bfb6905321c0c1fd35e1b1161d2a7663e5203d6
SHA256 67d1bb54fcb19c174de1936d08b5dbdb31b98cfdd280bcc5122fb0693675e4f2
SHA512 f500ea4a87a24437b60b0dc3ec69fcc5edbc39c2967743ddb41093b824d0845ffddd2df420a12e17e4594df39f63adad5abb69a29f8456fed03045a6b42388bc

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-150.png

MD5 771bc7583fe704745a763cd3f46d75d2
SHA1 e38f9d7466eefc6d3d2aaa327f1bd42c5a5c7752
SHA256 36a6aad9a9947ab3f6ac6af900192f5a55870d798bca70c46770ccf2108fd62d
SHA512 959ea603abec708895b7f4ef0639c3f2d270cfdd38d77ac9bab8289918cbd4dbac3c36c11bb52c6f01b0adae597b647bb784bba513d77875979270f4962b7884

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-125.png

MD5 b83ac69831fd735d5f3811cc214c7c43
SHA1 5b549067fdd64dcb425b88fabe1b1ca46a9a8124
SHA256 cbdcf248f8a0fcd583b475562a7cdcb58f8d01236c7d06e4cdbfe28e08b2a185
SHA512 4b2ee6b3987c048ab7cc827879b38fb3c216dab8e794239d189d1ba71122a74fdaa90336e2ea33abd06ba04f37ded967eb98fd742a02463b6eb68ab917155600

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogoImages\OneDriveMedTile.contrast-black_scale-100.png

MD5 72747c27b2f2a08700ece584c576af89
SHA1 5301ca4813cd5ff2f8457635bc3c8944c1fb9f33
SHA256 6f028542f6faeaaf1f564eab2605bedb20a2ee72cdd9930bde1a3539344d721b
SHA512 3e7f84d3483a25a52a036bf7fd87aac74ac5af327bb8e4695e39dada60c4d6607d1c04e7769a808be260db2af6e91b789008d276ccc6b7e13c80eb97e2818aba

\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Telemetry.dll

MD5 50ea1cd5e09e3e2002fadb02d67d8ce6
SHA1 c4515f089a4615d920971b28833ec739e3c329f3
SHA256 414f6f64d463b3eb1e9eb21d9455837c99c7d9097f6bb61bd12c71e8dce62902
SHA512 440ededc1389b253f3a31c4f188fda419daf2f58096cf73cad3e72a746bdcde6bde049ce74c1eb521909d700d50fbfddbf802ead190cd54927ea03b5d0ce81b3

\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\msvcp140.dll

MD5 ce8a66d40621f89c5a639691db3b96b4
SHA1 b5f26f17ddd08e1ba73c57635c20c56aaa46b435
SHA256 545bb4a00b29b4b5d25e16e1d0969e99b4011033ce3d1d7e827abef09dd317e7
SHA512 85fc18e75e4c7f26a2c83578356b1947e12ec002510a574da86ad62114f1640128e58a6858603189317c77059c71ac0824f10b6117fa1c83af76ee480d36b671

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\VCRUNTIME140.dll

MD5 cefcd5d1f068c4265c3976a4621543d4
SHA1 4d874d6d6fa19e0476a229917c01e7c1dd5ceacd
SHA256 c79241aec5e35cba91563c3b33ed413ce42309f5145f25dc92caf9c82a753817
SHA512 d934c43f1bd47c5900457642b3cbdcd43643115cd3e78b244f3a28fee5eea373e65b6e1cb764e356839090ce4a7a85d74f2b7631c48741d88cf44c9703114ec9

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe

MD5 414283a0b615104c2607e859d88be042
SHA1 29531d24451f130ebcc0737dc966e924053a8358
SHA256 d4e1f03d673b8b0a38c40ccec44c93227d29089e665a71ab9565744c0c542e9f
SHA512 c61f864bb6292deac60b6563d458e4bca389c0323cb5816960bcc4d5ecdec190a92dcd928068206d90118e0f2c61a3dfc4f77f1849b03568584cef35a4b86b84

\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\ucrtbase.dll

MD5 db94732a3698e38fbdc0281021111b39
SHA1 84eaa24886b04a1c91a591bc2dd3ed0867e52fe9
SHA256 0afaf8b6125bc29d00ed1426243b6afd3fba4a36e4a07c9928d42b432f1ceb1b
SHA512 06cccb8626e923f13c6e31c921c5248420cf0a379f5873007c8b6d1b8e0ad6c7331538eef834183b1b74d666a4af8b5d951073ff12ace2059f40427c4245e21c

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\ucrtbase.dll

MD5 7a333d415adead06a1e1ce5f9b2d5877
SHA1 9bd49c3b960b707eb5fc3ed4db1e2041062c59c7
SHA256 5ade748445d8da8f22d46ad46f277e1e160f6e946fc51e5ac51b9401ce5daf46
SHA512 d388cb0d3acc7f1792eadfba519b37161a466a8c1eb95b342464adc71f311165a7f3e938c7f6a251e10f37c9306881ea036742438191226fb9309167786fa59a

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDriveTelemetryStable.dll

MD5 e90dbf3235d7730a64acf095534c04d2
SHA1 710a4d724dcec86dc41caaa514b2764d07b0fd46
SHA256 c4e9ef636738543e5c06564c198602391534ae4a1b0e8eea10b809ccafec8155
SHA512 be0c98f8435076272aa49d86a4ffd66766abb6ec843da4492fc37bd1e3f478c985ae4a8518bd3b53ffb1d8a1a05b96ec2a50fc6b37f88a61ad9b4af30a5f73b5

C:\Users\Admin\AppData\Local\Temp\aria-debug-2764.log

MD5 30b5a9ccfddbed95a6399a8f60b843f8
SHA1 4199026fdc56792ca1540e3c06b6ca945e06c81e
SHA256 81238ba4116e0b6a775ec7db258ce75e2308c96d5fe4a64182ea839b35ff6ec0
SHA512 ba2864b02791f189daa7ac5110efcf47166f6cc6468f106e3a32e5499c2c165ff4f1dfe0ec14d4c930b0fed751a693041914c9e71420a3910a8d85d2fd1da2f6

\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncTelemetryExtensions.dll

MD5 51b6038293549c2858b4395ca5c0376e
SHA1 93bf452a6a750b52653812201a909c6bc1f19fa3
SHA256 a742c9e35d824b592b3d9daf15efb3d4a28b420533ddf35a1669a5b77a00bb75
SHA512 b8cfdab124ee424b1b099ff73d0a6c6f4fd0bf56c8715f7f26dbe39628a2453cd63d5e346dbf901fcbfb951dfbd726b288466ff32297498e63dea53289388c0c

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncClient.dll

MD5 2d99e1109d0661a45898c539d7864f49
SHA1 84b7b53cba576e7c68f09073a4c42a0e8ef23d66
SHA256 ff984618977b7045091fafa795a07ac9ad1ce2cfe6af0fa57ddf540a069cda48
SHA512 39b4bbd98d27e1cc3cffbfd8b747c91f546a498ce5ad1ed30a7b5b957b772a67b1d70ab95f0bc8b8abfd69b4f6a0fb010e109a617ee61b6767073b77110df6ea

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Qml.dll

MD5 ee4c888cc776603f71f970942eac4c24
SHA1 8760d5977846287f6fe13a49a653b6ba9942b82b
SHA256 efe80c60da8368dbf1f7f4b43bca01bf70b6e8991a1ae5aec44e02c8724bb8a1
SHA512 37d2999edd159af2797b9e4a9ce167260304784dc3a7c67ad7d3a158507d89bc5feb3e8818ebf5537beb77d0168326579867e3bbad390e61314bd66b66d8e230

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Gui.dll

MD5 b8ba5823561da49c124f3de67418150a
SHA1 04de86d8815e84896717d2da7c0548987d8c990c
SHA256 47887c778bdc3ca7fb488c92902c50c373fd2a58886729989d0eaae88eea6517
SHA512 7bac11d3bbbe360118b2e30b18823cfe9c00f2a93ce32f94e42f02a20e133d489c37d4acf0b3988fad7efeee391da0713b539606bef3b06c64dade47dbc6fb4a

\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Widgets.dll

MD5 7405fd0dda9bc6c36e1b8b634e5d30b3
SHA1 07e1c80967c1a6e393f0af4632e1645c985a132c
SHA256 cfbbb7670ea0777ad26f7ed1a18a9eb3638fe60548e6683a9680e38954482b20
SHA512 7d42a3ccfbdf8dab24aee2aba149f72ded54fee75aea99dbb5506b5faa54ffe523ee21ed72168b8a041d91e9c2fb1de26949f59ce2d01a6a1ff8c09ca4345109

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5WinExtras.dll

MD5 e94c89df4aab6ecc5c4be4d670245c0a
SHA1 4d6c31556dbdbee561805557c25747f012392b65
SHA256 8bc10ab2b66a07632121deb93b3b8045b5029e918babc2ee2908a29decdab333
SHA512 3f42f9eadc0cbebc8e99ee63761aadb7851572b3600197514febd638455b34ee9075d4ec36eae82b2786877f06ebfade73735e3c9d3232fcbb66bed55b96595e

\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Core.dll

MD5 286fa19966533535d799392eaf942d88
SHA1 4a01332b82a8e99417a098f04a35d0ff41cdf239
SHA256 1467f6d76b53dc39e426f82e9745d7aca32983fdd6b9cdd4012d02736c6e841a
SHA512 5bdc00046a4b51904bdc55903dd7bca9c1a6119b801ebb8481e638da320dce62e18c51a1be57c4ee298ca3e878acfcfcda63b900cab0901a0d0f24897e5a2731

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Widgets.dll

MD5 f04e84141afc5af38f15a654057ec033
SHA1 4496f5d38870bdb6e58e92469e8ec088b8c83f4e
SHA256 9a27e598a14d5065dcb150323a262a15dda35d20692529b9ba3d8abb76380cd5
SHA512 9e45c6d6427a9963c9428418face04d3b61b2f9b431a4c90c63af9226b5b9a93a531d67cdc3118d5dbfb21cab31b1f91284114b5c6957db0bd6e048b0517a989

\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\SyncEngine.dll

MD5 989278e98b44f46b2881edcc05ebb83c
SHA1 b30c1389976c7686e1b94cf458bcd59308dfffee
SHA256 0d35c4c16930acf173d47b3dc46fc9f9f2eefcb49e1db01fdc30628e518b91a2
SHA512 38d9a9c008d97f6e433205ea2a652d4a49d7faeadb221751f2ff3a41e06c84988dd1a988da98d70429f5f999a73574f3b987d5284229afbfa1313fede9f83b3f

\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Quick.dll

MD5 4e257a393e31dd2a4c3b52efcd7f5fcf
SHA1 4bbc61aaa57694546341bb12a0b851e4969c4a3f
SHA256 9520e729dabecb507941326037aa7f94d3df8691b2bd601e15922d5a6d7cbb9d
SHA512 795bf28bc9880eb71c7d7c069429c4017dc489d94d8767a3782a569b2aa10c3bcc6063303d1303d91e295fa344ec391833d467258d2b16268f0b79242ce4d428

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Quick.dll

MD5 c97d5e013eee603c746072a819fefab3
SHA1 c154e29cbb440b9a0ef6d00a544a8cdeafb34419
SHA256 9700461a7141d4c1a421439531fa604dfc219a1b69ecf9a55b7e6affb5a129ef
SHA512 08f676fb39f1e8ca01bd34c585d9c5cb4b27c9da60a427a9f1a8b0e611a7f3f9370336f52d9c265cde4408fc999115158618124e1648b65dce1b09810785513d

\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\WebView2Loader.dll

MD5 925531f12a2f4a687598e7a4643d2faa
SHA1 26ca3ee178a50d23a09754adf362e02739bc1c39
SHA256 41a13ba97534c7f321f3f29ef1650bd445bd3490153a2bb2d57e0fbc70d339c1
SHA512 221934308658f0270e8a6ed89c9b164efb3516b2cc877216adb3fbd1dd5b793a3189afe1f6e2a7ef4b6106e988210eeb325b6aa78685e68964202e049516c984

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Qt5Core.dll

MD5 0c0158e51d0d959322e2943fe30ce6d4
SHA1 a97f466cb9a026784371798796cdb349b5a95457
SHA256 ca3d6cf5fe327b4bc9a318cfe1c1f5b5fd2b4ee9cb4817f436c63e7b7f316b57
SHA512 9225bb62533a80c184ce4d5dcc9c4083a22e49d95856f989649d448beee8984416021ff4e2ec6a0b921e2041d6cdcb7eb4f28af46b6c6b610b7687e607d1dd79

\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\adal.dll

MD5 8c70a74f5ace4205533a6b3e8b788e8c
SHA1 4c13d54009459c176ca184a20105265b8d6cf33c
SHA256 f75cbf75cfb271a25bb9a1d0fd9e648de247ce9ebec330067c91d7583f8f6d82
SHA512 d9cfe2a63df623a0e90dd37dfe4993fe4c59acb03dae21951b15e8a20e2cc2771756484bb36c0cda844f61e1d60a476ae0e9303d1cf1064d4134a71d9cd9aa75

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\adal.dll

MD5 cfbcb567149aa0afcc0a7f2d958b3ef2
SHA1 171c1a17f3e95fbf9e63b40a09dc1eec8b14d34a
SHA256 2a49d27a92f021d98068e75b35c4edad526239c42a84b43d7049c16ac6801535
SHA512 c906926df96d1695460887e195319d8ef96fd1f80e572e6c23d3c7b26b27040ebc5074c405f28410db0dc614ed40a90f43d1329fa4e54ac60e6c34b38eefd358

\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncViews.dll

MD5 8e9ef192850f858f60dd0cc588bbb691
SHA1 80d5372e58abfe0d06ea225f48281351411b997c
SHA256 146740eddcb439b1222d545b4d32a1a905641d02b14e1da61832772ce32e76ba
SHA512 793ad58741e8b9203c845cbacc1af11fb17b1c610d307e0698c6f3c2e8d41c0d13ceb063c7a61617e5b59403edc5e831ababb091e283fb06262add24d154bf58

\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\LogUploader.dll

MD5 03f13c5ec1922f3a0ec641ad4df4a261
SHA1 b23c1c6f23e401dc09bfbf6ce009ce4281216d7e
SHA256 fe49f22bb132fedf1412e99169d307fa715dbdd84fe71c3e3ff12300d30d4987
SHA512 b47dbd9fad9467f72d4d0d5ca9df508247176f9e11b537c750837e8b3782a2d20f31fad361153d816ddf7f5e8109a614f3c6e4e2307af69cd3e2506cc0515d81

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\SyncEngine.DLL

MD5 3906b7048cc27143c953eb1586f304b7
SHA1 a9bbd38192639e7e42e51f6fe7861e470d178320
SHA256 c4da334f51f0cc80e68bfba500c6655ec69dd81aefb78beb771d8370f0c71aa5
SHA512 98423622d0c95239269d69fe4810fb9a9f0b65ff53bf862b1f4fff8b7bd8ef2ce1c6bf4bc7ca831c9c027d78af3cf3771eb8cf6b389f37f844167cc5e17c4e47

\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncSessions.dll

MD5 ae97076d64cdc42a9249c9de5f2f8d76
SHA1 75218c3016f76e6542c61d21fe6b372237c64f4d
SHA256 1e0c26ceecee602b5b4a25fb9b0433c26bac05bd1eee4a43b9aa75ae46ccf115
SHA512 0668f6d5d1d012ec608341f83e67ce857d68b4ea9cfa9b3956d4fc5c61f8a6acd2c2622977c2737b936a735f55fdcce46477034f55e5a71e5ef4d115ee09bfec

\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncClient.dll

MD5 2df24cd5c96fb3fadf49e04c159d05f3
SHA1 4b46b34ee0741c52b438d5b9f97e6af14804ae6e
SHA256 3d0250f856970ff36862c99f3329a82be87b0de47923debefe21443c76cddf88
SHA512 a973bc6fd96221252f50ebb8b49774ccfd2a72e6b53e9a412582b0b37f585608e1b73e68f5d916e66b77247b130b4fc58bf49f5bf7a06e39b6931c5f7dac93ab

\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\OneDriveTelemetryStable.dll

MD5 6e8ae346e8e0e35c32b6fa7ae1fc48c3
SHA1 ca0668ddb59e5aa98d9a90eceba90a0ee2fb7869
SHA256 146811735589450058048408f05644a93786a293c09ccb8d74420fb87c0a4d56
SHA512 aa65ef969b1868a54d78a4f697e6edbded31b118f053bbe8a19a599baaf63821dc05f75b2ac87452cb414ab6572b8d9b349093931e64601c47f8ebbb49c431cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bf0b315c00e9681fe7d2be788f036d0f
SHA1 fa66a340f3c9421d47de29e5295d96c87dc0977b
SHA256 320bc65749700f6d333171ab5c1d363b94e0981c2171459a5c2e8ec0f10733ae
SHA512 8177877e4b323d4e0bcd69b3787d58ab4b970ef2a527c96d6953cd87215bdc0867172b2747f0a28a0a0e542d91a5eea0594e641c5b67967ef6ed59ab52d292ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b0fce8fd4424599f9e6b110507bb4282
SHA1 7f328363208ab711346391099485043128458289
SHA256 11ccde64cae309b5dab9b3d4981a416de37d2005d0eba24ccc5840b897b2b358
SHA512 f2335e4db2cb4e2a468255ee07279dfa7d097cf1de5669631d17660f8ca02e080ae96a320ad9799065a0145970164876c65dbfed02a9415f7f67076194b52142

memory/5420-959-0x0000000007AE0000-0x0000000007AF0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f281af7ea4486a854c9adb5b8452b820
SHA1 b6ed2b275f56157ad7fe8acae1310e11c6cf70bd
SHA256 b655afa4e304885ecfe1902849b983c8ccf43fc830807290950df5c4d66f6791
SHA512 fecdeb179cbfb938e3cf8b5d583155419bfd1f96f5f25cfe892130e1cceb117eb078d43fac158a25eacd264539f49149f8752f9ec8cab68ec9d24d238b6c7941

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 04e5a67d89c56902d6e84db2bd0690ca
SHA1 de460da34d321854a86b78ba8f794b9062ad217a
SHA256 4d256cc735c440051cc9f422486836fed8ad24b40358288603ecf2e3eb71d2b7
SHA512 ecd7742c4e1dddf86be81bb8848c6f73d0842975e939b8727e17c57b070422c41f86c4ca4e8de44bdf0f05aa3bad68bbdfd62892d76035e80292962189ceb771

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 f5b4137b040ec6bd884feee514f7c176
SHA1 7897677377a9ced759be35a66fdee34b391ab0ff
SHA256 845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6
SHA512 813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\settings\Personal\logUploaderSettings_temp.ini

MD5 7dd455daf0b71f14f552c28b69df4c98
SHA1 0d1402095205f1b9034c489c8c353b12e7fc4b96
SHA256 d08257d4073e7b26048859e209ecf952fc08c42cd4aa0bf16bdde232570cdd79
SHA512 065bfee8eb4d1bf758d2830d16d4024891a894ee0fc9223a2203c35885b525a6343d8d8416a26a98bb26cbaf0f44a4471f832fbe4d8875ffdcc830e3ad466226

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2fb6ca33628c9d32569240ed3eaa54f4
SHA1 540694edfcd6901c1789afbcb75db07c90d7f8d3
SHA256 db49692cdc6aa1d87036e40dde5e253ef7e34dbd6537972e5df6f6d8326d821d
SHA512 04b429729082ddf5734c25cb7197381f492d8ced28b9773707a933d79c114779cd23015eacf4d47ea30a39f36d5876ac25b72f9d7ff106ff247bc458dae1aa52

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2e880dc26ded04551e1488cdb0e62350
SHA1 71b65bde855148fea2a1f2681125b2fc2192aa95
SHA256 c97c82519410ccb55fa4f53b4b6f56ce76fe26fd6c7960e3c59791527bdfb0c0
SHA512 fe62fcf4e54788a5f227af006eff424e23e2803c7ecb6e2eb5a1415dfdfbf8eca6aaa4f57107405dbba95099adc7b10c3b511199630867e7edd7f1eb8bb88760

memory/5420-1048-0x0000000007AE0000-0x0000000007AF0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

MD5 b82ca47ee5d42100e589bdd94e57936e
SHA1 0dad0cd7d0472248b9b409b02122d13bab513b4c
SHA256 d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d
SHA512 58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c6bdef4331ec9758763ef34708fee58e
SHA1 3ec9579309bf8c490ca53fe463d4ef4577589eae
SHA256 5a9719ed10b20ae999fd663ab5db32aecc904afb68251e71e1ceccfa5a1a9462
SHA512 5c2a112da412e1510f8f4e57b87b6ca833be9d16754f6b992db74a8006998b014364e36257c1c5b436ac5a078a72a6199934b1e54a8141ef0162567187a7e8e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 acbfc35084e4030261c96402c4311342
SHA1 c0f7fcc673df4b60601e555f1d0619ce23901160
SHA256 b73a4ae3ebf6150fcb51191bf3d601862937506830f4054cbe36a3b52d39a675
SHA512 2c223bced84734de398b91fd98cefbc25070aff98374dd97715b86532ca161c3ec7459ae523d5b36ee0a349e6d72fda39f3b4de694ce8eff709bd8ed651b3ab2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 daa01cc5a9b8b3a7730d8c940015554c
SHA1 6d3091870737fffb408000a4664c8a6f088b5cf7
SHA256 60dfc7c4f1adc5282ff9d3a0bd9445b59874ce5e123226d3d6f5339d1b998a6d
SHA512 7de57bc1ef544432cd0cf5e27b87fd19af248d2adde11b9b0b7f1cd5e762fe8ab08954344027b7fe32a62c142ba8411e3db42df87ed47a009437aaa511d6246e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 69ed9041ba45401c0f42d9a0f0a2fb2e
SHA1 071d243a76bfb14e304b3e48c12ac87931d99553
SHA256 5d80d99a68c21e8e4d1fcaa7b1000b26827567d29479617a636876d705935b48
SHA512 196ef5f8d750f4ec546f7ed081c1f11b4399c51e3defd148c8fd66e90d01a0858dbc02d9504ce5f67f3fd0c4607a61b7b98903277607a1aa04ad0bf51abdb8fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f04b084f1c4a3ba31c00e0ded3779c86
SHA1 bb044ad96b62ae3d289f43970d8940fcb6ac5187
SHA256 073ef48fc655d93816743515d3851b184b4149f429af9435fbfba5def27856b7
SHA512 da046282038005cd390c2df8f90b9268310e701b5fdeca45558012b4052c1d4e4eddf0c151cefcd90f3e6bbb1ca898220ce47aa603902e3c32bc07be7b30cf6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 72b1aae0acaf6a960b21473925f23a58
SHA1 7483f6d536d72e2de6c54fe720b9e17fed1e2337
SHA256 2bee13a611156a920aee2d564d9aeda84405d69ac07c425dad9677ac9f0922bb
SHA512 761ca0a2f6c585aea4b4084109f4a83ec10acf0e27bf223936ab0a9e115fb7cc62eb812bf0ea2d4c7b2d19e8ed2ff06a0155d06a01513215ecf581c040f681a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5ca31d.TMP

MD5 4766791248fd44981b7d935daedcc517
SHA1 48e741570a0a9c26a4fed596286d6e898e022c94
SHA256 ce6df441e235cf1bdd8038b40411e6a76facb7577b6ef2564f4af3046e16b1bc
SHA512 fa62563c7594553dcad22515fd7d5741ccb58cd2989fa338f851ac740bbc78f4cd8ee5821350d702d8a2e076af8d37ebda70083485f6c722573e72e8745833d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 531adb2992b91f996ac4c802ffbc3881
SHA1 9582704b1b9bdfdb796fc06351154e162903d47f
SHA256 78ccc8e9168607100d957e2c272ae2313e7c4cbbf22fbeb32426b484a2fa7fe1
SHA512 3d202adadfbc00857dbc3d461c5d4131dc35cd84f6b09c6c31eafb0325ecdfd3527ec3873e76ed8da1dc6ff2149b260a9aff31440126ca9af2601309f8d7b353

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e3e2eec87416034c9958fcf8b3a0093c
SHA1 f0847306d97ccc9d9150d05da1042cc3596cb2f8
SHA256 f0669fbcea9d8e0ef518b0eaf4a4a40ecc6f5137254b121aae69772f80f51f84
SHA512 4b793c6c324382c9f6916c6e87bc2a90072461545039aa16b994c46f726fd6829399c3871a119bc9db1d49dfc15c55a2c25ca72b54320905b9164fb489705f27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f57032c210145f354e0025a38bbcbf7f
SHA1 301f5b948b86828bc61b434f0ad1e4ebeaf51ac4
SHA256 e09c7df35e3702ed7a20bc97fb897e76f34a6492a6cfc60348c7be876bd62445
SHA512 1f017134ab0b6f0cb938d8b2936a5db5c650d5bd77be778102bfa5a63248293b7727c185ca652027b3ccae0a02f40893df1c4bf8c90e2f7a0c6637bb1934e813

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 037907749a4b2400313e58503623108a
SHA1 d4500cb479a007b7e90703c8fa5e8af20d94539a
SHA256 609788cf6f3fa7887006360bfc1f6f1accc9185fb52b068e63e41bb7c1ab68fe
SHA512 c78ba0336ffb8b0fc75703b8de72489fab924e35f3996d323ce582cf429418f5c4282fb568a4fe92494031e1c32c180a595d149506e5560815d5a7b9a9ae0f20

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c3907516ce69935b76d9aed182378618
SHA1 d8a370a018030e63acc207121bd11d5f27d62565
SHA256 5d13c6b48d462d9b15f4649e89f42650a0d2a5ca45949a1515b3c014871af01e
SHA512 0d07d162b69e1f37eb83f2404acf6546703a906edbbe9a9d00cea60ee6550847e132f727622df0c2d42c6427417f8bc4005573fbb05c74b674849b1b5ab794a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5b30fee8d2d552aafdd73d690dc83947
SHA1 3c364a68578c48bb0780c3d1af7f84cd5d877864
SHA256 4997b6dca4ef6e27c3356f591467acff94aa7f8e3a4a45f73211a634e7970bae
SHA512 16591da5fd5572b66f67ef55774638709bc1d9d304eddc018e4bfcb1398e95ecfcf7009550620f105bbdf4e138c295b1b68e41599622e5089e0c022d401f28af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 dd51cbb6c96875413d0d2844be1b7ad9
SHA1 59692559c67e7393538bc8635da5154e0689f226
SHA256 c9718eaddcbafa34ec35b99865bbab5a6f602202dcc4bfbb69296cfd31732692
SHA512 9941d12000bcc331a2e3bc323c7891f612402b67a93072bdb36a5f4dd3b8846a7ab33fe2ecf603365f8888918fa2a55e4f39d0697127d2c1e5f14e25c8c59200

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7a21145a4f0b9fd0_0

MD5 90c95b8acd3206a8d438ff38225ca954
SHA1 2f10780de21a292280720114ff919c1940d8a961
SHA256 fcd60306a7c7cf88ab7af4f5cb274907cfbba08936246ee7a03709be45b34a42
SHA512 5ece8da4137d99fca26dc4fb64cb7202ef3e0989faefb04e77bfe54f3b802055c778064ec3ab341602115e7cd08d1758e57b5ebb88b6230c1ed5c064e7f8ca8a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ef6de214c9e6be71_0

MD5 f78b0b6a38831bd4c8f87570a39aabe8
SHA1 92d7e5740845d33a18b8dbb9f20ed3facaf08b92
SHA256 5466bf63192c67a37f3b64de904d34cfb559b41e465eb83ab29d68189895c72d
SHA512 f7c1f46c4f3ea76c432a27f7f09d80981706beaba1389d3cbb0d319480267fd56191e50e92223fb4d1e265f93b062b079935f49e6260b726b34f3bd3a9405bff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 86e5107960252bacff84a72c0668a2f8
SHA1 7ceff56e1e16bf6005aab13f89adb9a8b12f6735
SHA256 29209edee3d47ce72054717a24145bca842cd4aad3ca15602ab439b9cbd5130e
SHA512 5db87e699aa61c1a530883b8900c8b1b18139c026451de69b313fbc2aae5bae04594fc51321d3cea15a9b16f2eeeb81a91e8bc1797237267a8ef0234eb03cc66

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bc8f3ed8-56b7-4dc9-84aa-bfd8674540b8.tmp

MD5 258ebab2fe4012a5f411cf6e77ea9768
SHA1 352921aa5f49445983356e3ce24034ca99faec42
SHA256 588776f224aa26e4a2071a18017c7eb90c55a668a7536d7b7db3d5841c3162eb
SHA512 37eb83b249a034541faaa052b5b74dfef424fafc8683bfdf96f4c3c08220797b86229caa90edf8e58c7a01d8a59a40054ce7da70ca492f951b55018297be0973

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0ae4cc5f530f2d69e3e9beb88a3de149
SHA1 0cc8ec04249c28cded87bc43e7d860b9b5ec21ec
SHA256 6f314668487fdaec17aa030d77245239a0e2fc6235804c5ead368b78bb550ca1
SHA512 b69847047a350a6c1699a72a33b827e8c26b636605023d0266b293073220a05ca94b2ca9bd6c98efdbd65ebffb146d9cb7c1993f121ffc714e996d576c2a068c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004f

MD5 a267f9343d5e51be467cfef6826d4a42
SHA1 cbde21dc017e1e829c08c5205b12cb02f5b67091
SHA256 9bce122657f038e59c4f5753da2e7a004fd75bce48392788552963ab021291f6
SHA512 fb647126f664a0eab67cf2abe8dd22b6e1db8bacf0bc39b0db65978693e4c0e5ffc4094646dff79d21b41978a637415180db520eb8f3b4408f67a6f8f4fa6d23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 662a265f06b370b102c740ad87555622
SHA1 cf68084bb64aa3d7a25adbfa2fb2f8fe08ccae3a
SHA256 9acc65b1a5a2d51a4fcaf6e867d2513089932636792fa884c4dcd8306ac6e65d
SHA512 16cb4360ef80f3c6d2f3e9041ba8765108d8613f258f46469686b86d38f783c917db864ddd03c0369957bb67a353252a210026843a871ce2a270abc3925de8db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\bb0069b3-7d69-481a-8f1c-5c6140f718a7.tmp

MD5 a65c69321c63acf66f342395b6d95822
SHA1 dd29b025286b39b3c995b37611bfc8c0eac4a0a8
SHA256 14b21cfcacd547566bbbd20e8f684324564e5352eec6eda5d6896cddab52802b
SHA512 cfadd3f057fc4f22470a875f6b8776fdfb6a80b7e8ffa5589ccb52c9b94f32429b03f28f4d41a29f0427a7203d2d24138116aae98424614f3595d77f1d121e92

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b9494a276286fa1a7361ce38771fa458
SHA1 104d3199ed8db616b7bd7a9410da73d071a54092
SHA256 aada2ccb0caba122d609ffcfa55e88717ee36cee1c6c83bfd9c4160824a22b70
SHA512 f61924f90d912c5573c634cd66c4ac973563bcd72174b800384db2ffdf5d1f634015efb43b3becb0330eab7c689f3cb60d0e3bf530f960704a0cc07f3537a773

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ab2fac65c82becc95c1ae838e8e2887b
SHA1 f4f9559a599da3ab47bd24ae943d8d988f557a71
SHA256 6928cb77a82c07c149e6be86f1464469a9f9872fccb73b37a6e71ae449cc8feb
SHA512 2feab6185f1a1a54cd0dc5894bbb1bcf6bf59fdb6b2646a05aa7c4331391c849f615737fcca406f12d3af2a6d64e6936fb216831e6df4bb500443e6189f70d94

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e24ca433e9fe430209f5aae0bd091937
SHA1 75c709d0f4bdfcd7ba902152b311e735050c1cb0
SHA256 1a8f9c879fd3d60c570d0e3e2af49e6c2cf3b7eaf12f9670a6a1fd5a3d097d15
SHA512 7882259ce3acf9497ab451b4f1e51f2818664a228d89b56bb08b5dae503998ca1971dbfeaf127a154737655ac8982d5fde623f2abb2042ad7ad611f3cb48dbc8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 149827fee5c983ef09e1213f6fbd484b
SHA1 c6bb43c8164eeaf758903e80933b2e419d2ff490
SHA256 e8c6e5ce59434d06317826e92b4fda8e2d9f8c03a4d44c57fbeeb8005d949536
SHA512 03cdd3dc0a596d46cd6aa77bc6ba76a8abd370dceaf9b9782dcec6e439fa16865bb67a3f59660e35ccfe1a59ba78d03f4454035996c7870d1ee65c41e3464a16

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 86feb4b9dc1e75167ac2d8415093ef82
SHA1 109d71c5f3e23eaa90132fb8c226016c3c24bbe9
SHA256 c8f273ffce26bf3d83a099324cf3edfc0b3bd2385e59a35db5126cfd34f191bf
SHA512 03f0f26a9f2d212c50b4247d61237952ef53e7381e73b9fdd0d80805ce8d4cbffa130f6309bdee4261cc78daa54598a54797bd126f2ec382773eedd3b977d96f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 afe388e79b19c745e9ec565d29bfcaf9
SHA1 a41bba17f865667465267d521a8d203619629920
SHA256 90b1246377fa3030e5bb8cb0af9d77837ef87998b9ef80de2c5d4d6bff604a67
SHA512 51b0c1c0d2043582ba6232a055dc89d68677f8284bc2c2907ea9a18b1b0441d19927682953492d2215ccd9f6df351f5388e8976bb051475b8d5aaa4680069b2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bf9076ea68154c838e1f59c4bcf8676c
SHA1 f2060c86d0ebd9ae8f3d41f278ddaf5741c5b301
SHA256 2a6e8718e52e6288cc15f58c6506d289c4500b3890e36143b13c2b0ac491b4e9
SHA512 660bc5ba745cf345ba7717bfe452ee68aa7945e0956f3c5e5eda3d3e452664d55f4af20cbcb862e6ef619f4c674fde70917a371bd443e724a3770a0816f0e00f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ba87fc2c6f6f03b8b25cd281a4a9599d
SHA1 a0afa487f775496b0a4a742aafe1c7f630cb9cb1
SHA256 30d6155b3bde2dd1acdbcab0b592f89c3496ab68ca86e675bc6729a119cf82cb
SHA512 e1e58b7e25fafad1360e57bb9cd5f8d41445ecabbc0782dc44b9d27150dfdec8305dab47f5c3f1b30abb2ebe0121af9085dcab2e6c3e9109aa3faa4a8c755f57

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 606962d4365801b1dd95a563efa03db9
SHA1 ba5b54ae2fdbd61d890206a5b2967802c5ba3cd9
SHA256 af7297f723a0f8502f11d8718537618c32291149b383a4a15f9ae1cf77805a75
SHA512 d8c1fd896eae785a10bc3fb5e9179c49a685534e43713083e0917d75492624b83beb9a007b1b4f97922726c887a52be157a78c3574c1953284fd7a3974110220

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6fb5b469868deb51061527c0dc268b4f
SHA1 186494a794915f0fb6a230416f972dc11e12df23
SHA256 ec77f9149acf176f1d5155bde3eaa18b6add4448f215301a1be395ef6327269e
SHA512 7831115785d01c10fa88297e1dcf1100e4e7da7042626d8cc4523413f275bba17287dc30d5bbdafe0250092536ab81e9d81177b1203bbaaea313f845fae95477

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3a99f28af4811eeeb0a5034877125768
SHA1 edcf6361f93ba6aa0944a8738187fefd26bc0290
SHA256 1d1568b8437883127e9a01a8cd0066f6736dd65702dd7d512f92945c391920d6
SHA512 fa94fe73631ee3daf4e12e1911ee7e3b71048255a581e112389ed7b483c286d73090f5e2a7c6a7a9c926055faa3f5858955a166e8aebfaf088cec7c60f56331c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dd4f02ed1c14216b5cbcd630cea70d92
SHA1 83ec7b5c03f8a93eea1bd787d5cc526c50912503
SHA256 0caf734c38e92e95e41fea72e421609198b7402c0df2c478b51cfb214deaa501
SHA512 3b30ce52b34fd11111ff85b37046bf68d22da3dc3a8433d8d08eae6a9c3dc74b098db3d1b113a290b1f9d0d5bfaa217d02eb5d4840665c6f33dff3967cbc6f8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1a55c63c7ca7d3428e94c7010cf98fb4
SHA1 32af65a3ccc7d5fad8a2209ec2257709fca9113d
SHA256 88e270cd7c670770a8dfb9b7c2fd17771e12abb80c4b42cb15a3326d59a05481
SHA512 92e81589d36a6dd5a6ac3b33bd45d3120f1b61cf5d36a7f60755add9be92cc04217166f982e597ff02dd2f2347068fc987b1488fd1b4c82f82982bfba6fc2fb2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6d076c55d18d0bc9134d2da9f7a83a7b
SHA1 720899c713e8ef595782cfda7e7f152a35911a82
SHA256 2861fe7df65a870eb01ee8ade1ca3970d697741e61875a499f988635d2e7b530
SHA512 a40795123dc46bfa1eec612e17513bd81766fc6de48e601324699f03c89304eb916ceaf8d61bfac2e4d3db362c39f49f4a12cee2ac9065eadc772cc785e95c0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7cc8da21e0f7940141dd54d0e529472d
SHA1 9289729454f3c218bc1757ecca9b89bfde13a8a7
SHA256 0e02a832b7624d8842a9291bb57d951a94a246bf8275d12387c56596780b668f
SHA512 9376b6c910a5413da93abd6947eb94ba4c62159041deadc3b8f9643eadc640cdb8df01f0a2dd1b4983a23fcb3338d23dc45e253091207ddc287964e80a02c6ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 bd56bbe66ca8f4f6386798dfa603dbc7
SHA1 4e720d9e2b7fb3635e7c186816b03ab8d7da9be7
SHA256 cbbaf3e5d7b4d8e8262a0c7ce96da380f1ac37873cf4cb1c6f42b9fc1de588fa
SHA512 a84df4c659fef832a08a237d0fcbfa6394110c7f6e7cdf0c6ff75de8e71efb6808fda18381ab22cf0b7dbdb1988c56e5c254409401e74cadf25dbcc9fefffbc3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5ea9e51b904019f36717683d2b4cf313
SHA1 ab986403c397db2f27cd4404e39a86fc1c5e57fb
SHA256 53e1f83ba24ffa2b4fda6c823959c55454e977b4ca0f9108af7a809c81305ae7
SHA512 0b6727347062b525f39913142f39dcab378ee2cbe2357a354bdb574a5eecf4f8e542414e5354eb5820e28cbec5ba8070476594bad2d2744b99fd3f94f1413c22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a5bf711aabd6ae30711d7b2fc92cb0a0
SHA1 6cf5c34452a769d5174cff4ee29cfac662346c3c
SHA256 7fdd17c17d633d0007d3c8fc5e633a4bb1d5ad3264218b878fa552deda72d1b1
SHA512 a9a114d4b6c038ab9d03e4d4f208cb54e5f50af80b545c72309ae522b94835f4bc72924e42ba96ce8fe9b62420464b38fe4507354f12626418e87e556ef85ff3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3c4db75e365289ef0ec04337665b280a
SHA1 89c952caaefaeafa2e1bd5b14bc84efe8f250204
SHA256 c3d0738a4a6c7374cbbd70d7228e9d1509a37442a6ca29e255dada78282f5cc2
SHA512 4c86c257d5a18d6b4975890bf21ae105132ba8915e534e9fdc89c3bef0d0408f020db2ebb460ab30b61267771eba8da0f83feaed93f0ab9a3ada73f29ba464d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5c3bc58098cfe2941848fff0de1bb5c8
SHA1 00aa9dd7647eaf9d99dcf65bffceb17060995c60
SHA256 8e57ad978b02de68c0dc04270fc90a3fb42476ea90c979e248024d99a62cb220
SHA512 a5826ac01b28b8d2a46f97ba6dde1b5c96f05428ddfb823d5bf552719b08c8f860b144d85614b14b31a2cdd394ce9eee18f417bbbca03eaf43c7521ffa243fcc

C:\Users\Admin\AppData\Local\Temp\MSI5CBC.tmp

MD5 758906ebb05ce8e68c78052f2d6c4090
SHA1 42c8f5ab03c15d28f59c4cc14dc9b504f0de7eba
SHA256 91efe02d560f64358436746bb25f9a5002e76c85d4e5f78bce59a763149696bd
SHA512 faaad48edd792bcadeeeb9ebd0b9bf491e698c48c190f97a0552f9da74f2871209c571238c1f3e12290b7837457045ada0413d99e8a85ebf7d73d3c853fedabf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 a3c3c4586c121353132d7d7ca3cfe151
SHA1 217aacaf87ccbf2b68aa3968321ba6439dd880fe
SHA256 a312dc4a01675a952e56e88708d79c1cf8ee0de04c8b28d976c7709450b7901a
SHA512 32774480f8f32fac807e18a68fe54cdadbead75bb6c566aeaad83f4ec3edd7561b84e8171de8b632445fa8453313f124cb4f74d63a89441c5a593426cf0e0773

C:\Users\Admin\AppData\Local\Temp\MSI754C.tmp

MD5 f39307643d2e7e626e82e3e1f6c78373
SHA1 3bff6ed2f31d1f2ce4a51800cc72bc583131c63e
SHA256 6b06f88b68a37212e0a14306c2683f15584e03dc1519b0177b6cf754e29cb64a
SHA512 e46a0d64d98311812bb6945bf87a453cc7335c2568cd064d5935bbd4dbc419fa8653f504a25d17df43c570abc1353936e25c3aee680001a78af0a88b7562a951

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d98ba36f582e0005f2545a24d28ee2d7
SHA1 b0179b79dc031f4d1569fd8295d694a29246e362
SHA256 9831237ac1e4d822160fb351eecdaed8d7908fc2f0e8f80868e7f5a4efad65d1
SHA512 67d7b005f97f1569cf459281f724c208952f2402be29f9542b6c94de74579fdd6e70b76ddb47a775335cd65c65a83fcb41c5d7adf206f7d49363df171ec1f711

C:\Windows\Installer\e6098e9.msi

MD5 a5ef3481df1f2013ca0c898bb91b6135
SHA1 d1209cba92d714d231e89932987535aaef784f49
SHA256 b2f69cc7c8fcf6038a7f76773732f12268ad58c46b7164afb4475ac35afc2b5d
SHA512 bb9748d39575fe2e88ee4c9df3bf4538238355b4fbbaae5ba72de4afd714f60452c19c5943646fcfd96e07c64d80a9398e7154fb85c33ac1d90d64a2ea237918

C:\Config.Msi\e6098ea.rbs

MD5 e9adb1aca0ad8d82ca32804c4dd9339c
SHA1 e2691eb3d2c6a3d6aed690b52026f1ddcab0d915
SHA256 da8b01781fd8ad16e086d4db9bd8444c0166fd6648d4a110a7f34737c8fad078
SHA512 088ca87b019782c2402060603086a30e096f4e192284db9daf5d8194cf42a5b6181b714c3d9dacf62f9a168f6b66db4f15ba90941f358e3ba6b0a946fc5f0c98

memory/3024-2339-0x000002E028C40000-0x000002E028C50000-memory.dmp

memory/3024-2340-0x000002E028C30000-0x000002E028C40000-memory.dmp

memory/3024-2343-0x000002E02EE40000-0x000002E02EE50000-memory.dmp

memory/3024-2344-0x000002E02EE50000-0x000002E02EE60000-memory.dmp

memory/3024-2345-0x000002E033930000-0x000002E033940000-memory.dmp

memory/3024-2346-0x000002E033240000-0x000002E033250000-memory.dmp

memory/3024-2347-0x000002E0332C0000-0x000002E0332D0000-memory.dmp

memory/3024-2348-0x000002E0332D0000-0x000002E0332E0000-memory.dmp

memory/3024-2349-0x000002E0332E0000-0x000002E0332F0000-memory.dmp

memory/3024-2352-0x000002E0332F0000-0x000002E033300000-memory.dmp

memory/3024-2364-0x000002E033190000-0x000002E0331A0000-memory.dmp

memory/3024-2363-0x000002E033120000-0x000002E033130000-memory.dmp

memory/3024-2365-0x000002E0331B0000-0x000002E0331C0000-memory.dmp

memory/3024-2366-0x000002E028C40000-0x000002E028C50000-memory.dmp

memory/3024-2368-0x000002E033130000-0x000002E033140000-memory.dmp

memory/3024-2367-0x000002E028C30000-0x000002E028C40000-memory.dmp

memory/3024-2369-0x000002E0331A0000-0x000002E0331B0000-memory.dmp

memory/3024-2370-0x000002E0331C0000-0x000002E0331D0000-memory.dmp

memory/3024-2371-0x000002E033DC0000-0x000002E033DD0000-memory.dmp

memory/3024-2372-0x000002E034420000-0x000002E034430000-memory.dmp

memory/3024-2373-0x000002E033DB0000-0x000002E033DC0000-memory.dmp

memory/3024-2374-0x000002E034410000-0x000002E034420000-memory.dmp

memory/3024-2375-0x000002E034430000-0x000002E034440000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 915e4d5ffa303de5d258a771be37bb60
SHA1 423d7e8b4b599485947c427e5f3eaeea0efe858b
SHA256 e607b7740a962389ca47cee02ad7d04642e2a8405bd40d26972a67eea6bf64c0
SHA512 c37f0a3f6b1a2cace43aaba8d5ac0be9ca8ce3b38133d46f492b840c4d878d393fc311647458a8aa053682b4dd5ba23784fa7305c7e19408d67a0c6fac4bbedc

memory/3024-2385-0x000002E02EE50000-0x000002E02EE60000-memory.dmp

memory/3024-2386-0x000002E033930000-0x000002E033940000-memory.dmp

memory/3024-2387-0x000002E033240000-0x000002E033250000-memory.dmp

memory/3024-2397-0x000002E0332C0000-0x000002E0332D0000-memory.dmp

memory/3024-2398-0x000002E0332E0000-0x000002E0332F0000-memory.dmp

memory/3024-2399-0x000002E0332D0000-0x000002E0332E0000-memory.dmp

memory/3024-2400-0x000002E0332F0000-0x000002E033300000-memory.dmp

memory/3024-2402-0x000002E0331C0000-0x000002E0331D0000-memory.dmp

memory/3024-2406-0x000002E028C40000-0x000002E028C50000-memory.dmp

memory/3024-2407-0x000002E028C30000-0x000002E028C40000-memory.dmp

memory/3024-2405-0x000002E034430000-0x000002E034440000-memory.dmp

memory/3024-2404-0x000002E0331B0000-0x000002E0331C0000-memory.dmp

memory/3024-2403-0x000002E033190000-0x000002E0331A0000-memory.dmp

memory/3024-2401-0x000002E033120000-0x000002E033130000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 11557d4bd24a91f1df820778988934fc
SHA1 9c843b720b46314c4fd728ed7bea99db6000782f
SHA256 0a38636779997b8f52318efd7f0c1dcb42fddfad125539f6a168dcb96745aa47
SHA512 3146495969511562e1808961ee3d562675d54ce3201c5dbf4ca327e029f969eac0b892d9abef909191967199808e687ccafa8e6be32848bc5f7b74cb3b09f648

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 66015fd5248fbdcbb31b271d4a89353e
SHA1 1272062a2de866d8bd53361020756dd8d0ee8a60
SHA256 ada68e6e5855b2e9e955bb535f77e3ad35335ec5bf81420b810cb74d3662568c
SHA512 c1c0c8a55897b84896dfafbd518af2a79e4c658639185a53ece1702ee537acd9633300db2c3963aa924c7bfba9c0520432d0b982427cbf066e22e05d6a494619

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 c644026bfd1477c6d7ab1acfec1cb35d
SHA1 4fa32c15ccaf6bd99b688a91bd7e1308c069dd96
SHA256 3ba7471daf0f8432a783aa0e7cf96e5ce5ea4a7e3659778b1241cfd47f84b407
SHA512 c08c0877700b90219db34fa54b8a20dd42172db3809f9e989bcda00eeb566a853815eb1202c2750c4755f0a124f8586942ef84fede2228664e9509ce9c87fcbe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0a93aa708c86b94066394c7689d719ee
SHA1 7cd85ffd6b1123f48908a3ed3e96f788696efc5e
SHA256 1cd81896098185852bc7d6a679ce4731d33a24ec6dbbadd5886bd396361d8696
SHA512 6c222966eb221746e22f83d5ef66f3906dc520fd5b7518b8bf2f40199295d3f497cb773d15f6d39aa9759c20ba275677662eff522b100c59988ecd92d1439923

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7e3da5c12ea9b1d0c2ab6e394849075b
SHA1 524ef0e995de8d0144a5a392bfec1000d0b2adc4
SHA256 c7bb1f685dd4c1afe60324bf7b0579d6e5a22d48d2e96ef1a6a623ec78380436
SHA512 9f3fa6bb5109cc1a8b38fdec108187b23b607328fc723245107d2e1b4d3a0b7f6b3c5bf6d3f08bd88fb0dc35032e47bc0d7d1d23c0d1ea605a0f5e248657e4d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2399d49221425b4b3c7f4cd49d578b02
SHA1 1ebbbfa957a28f8eb7843e06bd8e5716e6472957
SHA256 366685f8c4d5e7e8e15f4766ca654c118d5af25557a045ef8843164860061dfc
SHA512 3e7a9524576a1df0b3e285cb8c21fddd9c6047412b609592a5acbd3b49df5b017eda60bac3fb1c2d7587768d9fc5b866989c7c77ac4b3e4a0d26c090085ac704

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6351e074e655074908798473f77846d9
SHA1 7af5e798203981220b77f1a32221105c55b9e16b
SHA256 6ac562123079c6f5f240a6daaeff966353b99ae40b754174047598c88d5603e6
SHA512 f8cf9754e7479b58d76fb812615000de5c77904517a99b88ebea3697696afab1165eb83329e3c6d0043e9730e986d33e8a4f57aa486d2737557588a1b806bb72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 10bce3993cf4b5a016bb449f2a51f2e1
SHA1 d77d6ce6da491a3c8683e323b77147e9beb63be8
SHA256 edc0e54305188803790a458891bc1204bfd9af2c81320669766d9750e36d10de
SHA512 d48f2bd592f21f7aee50a51fc65e542e0594dc5a0b38a4e5c97d42ac43375f1854a4f47e703fa7a6b59120c66aa56cf358ed50f447aac9253465329bfda36967

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9c9370e516bed1825d194dd97ab568a8
SHA1 19a8bd44d1632f1c2b2311e2686ca73fb1575ef7
SHA256 4c0185df1fd5db9f3c886b2bd96fd00a0555764356e264350c7f8f3966907015
SHA512 9b27ad85dad02ed004a8222839fa311c1c1aabc7b7b56fd12a820c54df4febb2350736cda9385f3767536679ad1fe557802aa92715e854c1008491b3ac48fb3a

C:\Users\Admin\Downloads\Unconfirmed 80938.crdownload

MD5 c52f20a854efb013a0a1248fd84aaa95
SHA1 8a2cfe220eebde096c17266f1ba597a1065211ab
SHA256 cf8533849ee5e82023ad7adbdbd6543cb6db596c53048b1a0c00b3643a72db30
SHA512 07b057d4830d3e2d17c7400d56f969c614a8bae4ba1a13603bb53decd1890ddcfbaad452c59cc88e474e2fd3abd62031bf399c2d7cf6dc69405dc8afcea55b9a

memory/6808-3018-0x0000000002CE0000-0x0000000002CF0000-memory.dmp

memory/6808-3017-0x00007FFE59AF0000-0x00007FFE5A490000-memory.dmp

memory/6808-3019-0x00007FFE59AF0000-0x00007FFE5A490000-memory.dmp

memory/6808-3020-0x000000001B9B0000-0x000000001BDDE000-memory.dmp

memory/6808-3021-0x000000001C570000-0x000000001CA3E000-memory.dmp

memory/6808-3096-0x000000001D790000-0x000000001DC9E000-memory.dmp

memory/6808-3097-0x000000001DD40000-0x000000001DDDC000-memory.dmp

memory/6808-3098-0x0000000002CE0000-0x0000000002CF0000-memory.dmp

memory/6808-3099-0x000000001B990000-0x000000001B998000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2a2d3104947281fabe64d63b52b0a3e8
SHA1 379808106cb0daba2b6fcccdc2d7c340b9499c48
SHA256 76724067cd92a392fd751a1105842f8deaa68b6ee23a601d34ad85675300c617
SHA512 41ffd818378a0c4451de687a032606d204348ff4b7f206e8843483e8604e59f1d52e3a30f86746e33dc6bd6e35bfe2e5359dbb4237289f4c268d3e7b73df964b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3c438280bfc957b36c7dd4c78ad6bd56
SHA1 000355854d778524f2310986c39404f30c7145a6
SHA256 3aa3e940496b54b934e488c69b4cfea406564474e1cc237237514092ee577d89
SHA512 b41edf13e36fd8956b54b399dfc002bf52bcab9bd45f6f7781cf90b90db7bdb57c6283c9b14bf52c4bc4d653b38741d49ec87a35b34f33db13036993d9abfe58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 c83bdfe8cf044f2bb6c6003270833d17
SHA1 9d1a174273b898c3f404dd49c0f568227ffb1d1e
SHA256 f4286bb6169c10f5fd1190ea65ab774e0e051779fc7e0668b6a29a2d55f6b22e
SHA512 5fbcc65b3f4f30dc3ebf5defecc7e0a911af4b3ea28057e81a4be74cff79fb0924a1c07f8b00ef25911a5551de17ef86da9f5a6e0cd99a53fd4dc4021e0092b1

memory/6808-3138-0x00007FFE59AF0000-0x00007FFE5A490000-memory.dmp

C:\Users\Admin\Downloads\CodeRed.a.exe

MD5 6f5767ec5a9cc6f7d195dde3c3939120
SHA1 4605a2d0aae8fa5ec0b72973bea928762cc6d002
SHA256 59fe169797953f2046b283235fe80158ebf02ba586eabfea306402fba8473dae
SHA512 c0fbba6ecaef82d04157c5fcf458817bf11ce29cdaf3af6cac56724efcf4305565c6e665cdcf2106c675ba0574c60606be81d9baafe804fc7d2d3a50fed0baf6

memory/6808-3157-0x0000000002CE0000-0x0000000002CF0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 facdfdac1f497b6f509b790f46362417
SHA1 ea2b9a3c8d98219a6808531ded5d48196faeb010
SHA256 62757bd0a58f7c211bdb6ba5e8678d527a8e4b0307224f988b39c4872f0aaae6
SHA512 e34ca22b42c9d98baf999d4821d5df0501b21570b3a975461e37d107a59f6d1e0ccf342272263b1f059aaf3b0c5db384f1333ec8b9acd8ceae7d481a5a5ff047

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dda97611ff031fcf490ca1f94fdfb7cd
SHA1 c203e78e0e0aec42328fc14b19ea1066f97c3833
SHA256 7052e759cf502327fd9e04ef1feb615b32ffb20990d37bc51f50516edbc4a166
SHA512 3deb36deba6187b491ccfe5d16be46bb3ece5c2e292e728db6fde00667a0fa1c1c634ee90929c614326ff1d1cced1995c5034ee071ee35f2a9de60f35ff308b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 e4498642f4590b05b21a820963f0750e
SHA1 4e82cbd3246beb7ff452e89106c567e9fa0f8496
SHA256 0188dccec635af40d82504b3027ea2a82ee6c02e1a08e037d7090e792492be45
SHA512 ab2183f379e62d5b2634c0e83cf2caf5e12a40e51163deb98c19d3ba0e5105526618f045c9963129a19982e8444e3e81f21cbcb4524033d430e6d29c22381100

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ad22958835a40e95fed1360b1d2fc692
SHA1 a8809b90f536d22db6b7e59eac8f04a96106fe87
SHA256 d3bc1ace5fe3c77f083fc1259597a5da32cb374b2ac7229baef5002e27c25e07
SHA512 aa8b9786fb170ef1819a43cd15a5efe3cf226a20489e140d337583203398c7f3c2534aa39d8312366643ea908a7cd35d01292dd447a87af3643ccf774cffb0b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2bda30edb8fdc141_0

MD5 f1af10e370465fef80652573e566d18f
SHA1 ed6eae97aff4d8368edabad634758ace00199613
SHA256 ff96d39bab707abdeda49fa3d4904ecebca845daf87dc186988994e41ebc2261
SHA512 6e271fd033607362ccc45c6ab83202ce4da46c49d3bcf2b26d6ebf2814dca5db28dbbf02ccc806c23f8742a5f5265a85d965ecb26c50b3a546ed5b69d2259078

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b45bdb71e41a8eba_0

MD5 f30e1ffc1a5d4399f4c4da2b9acf2eff
SHA1 acf8814dc81d35f6188c6b62f60bb0f7a218a40a
SHA256 2440e40af273956e3388d6a4b7ce80356464ffdf98f0aed4da811c931e238388
SHA512 9155df000df6948684d68d3e4752ecd3f6f2f267ce220f940727279a7657923218952306dfcb704cd882b3b86bf276177d2f60940e1507ac3c85e7b72eb93800

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c202964ef99e3fafbfc1e06cd88278a3
SHA1 9b6836b4f31dbe274a9084c55619d4cac9fce9a7
SHA256 e7331f88e2381ec1ba8bd125133d60106ad5de200cbd11b2589878dba28bdeab
SHA512 5b6d8609e551a717b056b4690341177a9aecea85e8c341a409f745857951c7e3c8fea0a356e1248eeeaafe2c6cdf9fd7ed5e5e742b27144456447c5f3bb57dc6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 58e760a7394d652c671735b9fec1fde4
SHA1 148401b64ffc37a5f149c5e1d581f57beba79afa
SHA256 bd66a4766cd62640d607beedd8a8630c12328f0e1d5ef2232bd5a203e3d9caee
SHA512 1a4b1a7171694a7420dcc87a1b72ebcc01b235356ca5a1d74a23bf879d7e23c1bd49c858c90ecfd8056e40d03e5eeb1bdad0907457386710881994f361c467e6

C:\Users\Admin\Downloads\Lokibot.exe

MD5 f52fbb02ac0666cae74fc389b1844e98
SHA1 f7721d590770e2076e64f148a4ba1241404996b8
SHA256 a885b1f5377c2a1cead4e2d7261fab6199f83610ffdd35d20c653d52279d4683
SHA512 78b4bf4d048bda5e4e109d4dd9dafaa250eac1c5a3558c2faecf88ef0ee5dd4f2c82a791756e2f5aa42f7890efcc0c420156308689a27e0ad9fb90156b8dc1c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 96b3ab3369854f8067f669dedf041f09
SHA1 3b31bf03bc071cfa12ce7097a45c0b9f2b9b48d4
SHA256 f73a6f38de1e7562f7f7bb4c946fe9b89ea940a2fc9ea5f218ff69920c04ac12
SHA512 cce79db0724530bf5eb4360a396ba63528be4d16ad84fd0a7d6481919e89ca3b56c9c32d164d3687aa2fd69ccf392cb23dc382abb2cff6b18c62500f10293eaf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ad199ec84d6253f83689fb80a67dc01a
SHA1 e1a8e71f82075387d98646f51e2ba840a2bbe1e7
SHA256 76da1af9c1bf4371c6b239cf0610325fa53908bffc58590167624040c154e711
SHA512 19e96515f5ca4cc3e3c7f7a4a34895598b6b7a4225b9f76e805100ad5b55a4b6f962926a3b80320c496afa9ba3041d8e6afbb9a3d21166626d75098afce0725e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 34d3757435c87ce3b237ef654c225707
SHA1 e8956cfd89276945e244a74c1222e2e0b8a978e0
SHA256 b4a6f36b80af2e574169a290d906764a414ffc168bd6cc2accccee448a93fb4b
SHA512 aa4077544edac32401f5539f3ce02184cbd74b740d1b517ccc4e71e93f4f32d18b4c6055e90807d7aac403129898a2663a674d9c12da4554a73bb98e995dd096

memory/6572-3354-0x0000000000C50000-0x0000000000CA2000-memory.dmp

memory/6572-3355-0x000000006AD30000-0x000000006B41E000-memory.dmp

memory/6572-3356-0x00000000013E0000-0x00000000013F4000-memory.dmp

memory/6572-3357-0x0000000005A50000-0x0000000005F4E000-memory.dmp

memory/6572-3361-0x0000000005710000-0x0000000005720000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_bloxd.io_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_bloxd.io_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

memory/6572-3410-0x0000000005A20000-0x0000000005A28000-memory.dmp

memory/6572-3411-0x00000000061B0000-0x0000000006242000-memory.dmp

memory/6572-3413-0x00000000061A0000-0x00000000061A8000-memory.dmp

memory/6572-3412-0x0000000005710000-0x0000000005720000-memory.dmp

memory/6572-3414-0x0000000006310000-0x0000000006354000-memory.dmp

memory/5248-3416-0x000000006AD30000-0x000000006B41E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 84a3ec988846dca6c89b6ccdacd35266
SHA1 6bf952007a430c546350f3f8cbe9226bfce9ea2d
SHA256 68f8e14de4f489acba3b2f232cd2827a43afbd0c6ad113df960bb851ca5edd79
SHA512 6194100050ac64975c019607f396be19346b35053d281a779ba2f347ddbf651f68b6851814a098db5f0429dc716d009899fdaeea10d7f8613e24cdb9fb57a4a8

memory/6572-3437-0x000000006AD30000-0x000000006B41E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7beb6cee8ac4bb781e3448dfa2863cda
SHA1 2a3304602b3cf03d0236b1a7114e5085c113faa9
SHA256 8ffd0f74fdf0c3c4dd6042ce9e337b73a5d86801e77a42a5f907c3afae079525
SHA512 cab0de09bcf2936abd5d3cf8609cc6bbe8a7a8d42e698ec9cd9b22e0729316ed5bf6912f230b597d46f258186eeb9f3c6cf54297a58a33816cf6a5d1b9d43113

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5655abbeafe9712e5f86c238b2bdd544
SHA1 38f416059a15aef0656dc3b6edc6928982fd860e
SHA256 28ff785e3eb55685e05635da48d24bb0e9da8201f41dabf76e564e3b63a03f67
SHA512 e325cd4900b5fd1ff3d0502cc225fff3fcdbfc7df56de57dd465215590c157355279b5eec7328d58e3bed9a93efdc6c5cd3ee773d6ecffe17e951450989543c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f2f78d732caa7ff27589a06082a62c1e
SHA1 7dc50a9feb292d9b4a378183fcd6c8f9dbfa2284
SHA256 cacb0d7caa645a7bdb39e14a296391c01f9b79ef2d42ba95c8b26f112036c5aa
SHA512 0ae7f74f3889546845c8f84fb3ea6c52c628d7fb4ce60ef33c24f5489f76af2970be1e870656e254fef26b18f21e9a2405f3c0fb23869d993690baa9c0b32015

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 c78bb7eebce42a9ae49bd7ca22b2764d
SHA1 21a5f8b49a3809faf3be1653eb1bd99dc18223b8
SHA256 412e45e16fe89e7e6cf1d9b13470415ba0f3ab3ef6e87253e89d2841fda5b1db
SHA512 e303886662e9a8944c809de5001543a4aefaeda7a85341a9226d7e4dc96c39aa13b0981718b77d5f615a4e0a6fa52a2e7ddd0610506f4ba8443b59893a2047a7

memory/5360-3495-0x0000000000400000-0x00000000004A2000-memory.dmp

memory/5360-3497-0x0000000000400000-0x00000000004A2000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3356371483-1660115160-1611493187-1000\0f5007522459c86e95ffcc62f32308f1_afab1cc6-508d-4594-8ad5-792ed039c007

MD5 d898504a722bff1524134c6ab6a5eaa5
SHA1 e0fdc90c2ca2a0219c99d2758e68c18875a3e11e
SHA256 878f32f76b159494f5a39f9321616c6068cdb82e88df89bcc739bbc1ea78e1f9
SHA512 26a4398bffb0c0aef9a6ec53cd3367a2d0abf2f70097f711bbbf1e9e32fd9f1a72121691bb6a39eeb55d596edd527934e541b4defb3b1426b1d1a6429804dc61

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3356371483-1660115160-1611493187-1000\0f5007522459c86e95ffcc62f32308f1_afab1cc6-508d-4594-8ad5-792ed039c007

MD5 c07225d4e7d01d31042965f048728a0a
SHA1 69d70b340fd9f44c89adb9a2278df84faa9906b7
SHA256 8c136c7ae08020ad16fd1928e36ad335ddef8b85906d66b712fff049aa57dc9a
SHA512 23d3cea738e1abf561320847c39dadc8b5794d7bd8761b0457956f827a17ad2556118b909a3e6929db79980ccf156a6f58ac823cf88329e62417d2807b34b64b

memory/5360-3521-0x0000000000400000-0x00000000004A2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9f37020985f11d75b259571bc2adc3a0
SHA1 a41c745f03515af03277922a11a01d75b636af2b
SHA256 6c467cb25b9b4835801dd9b2cc7354d55844e495b60e5a42770cddd4565522b0
SHA512 c2c4142b1a1225ad1df6bd1dd358fa7edca0a83dcc6a9218b726508002af958d1675e2ef39443a791e52ae436e84c4362974b213cfa6016f0b56afda43a52b15

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 3d8b7614539a82aca8ae69f87a579e41
SHA1 de5e5621ce7f8eae4a856181724ef6253388f95a
SHA256 d04ffa6781d9b1a868f283cff1761fa587e1c799ed56706fb831e7ddf774f558
SHA512 51d575037279d4270592f852ecfdcf23a21563047590338579072ac57b815765cc47d692e373c4924c758f54476ec608f1d8cb3da6e156783382529b0f77f3b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b5f1127c58a7f40e6c69053a470e4723
SHA1 cbc947296b4a914ac6ffd37348a3c1330ce9c15b
SHA256 d1c2ec1598f9b6f49701cfc9818157fb70ee9bf0f65661c952e9ad9693e06117
SHA512 e3aadbbc9d073b94d15e604a8a899e3e9640f9979999833f2d2aa492f5d270f312f570fbec98a8a3cdfc04a093b3fab1d1642fcbe1b51ef617d305716c14ee68

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 5680baec286b4c40140bad39821b200b
SHA1 457ee64fa546ef7d42107ea11f281c1e5eb6d954
SHA256 e17e5b670f00fd4b243a50a6735ea61fe6827c88b42cc977c545516664cc8b64
SHA512 313badfc75bcca9010032d37ebea2f1dba87c88acadfc3bde5c2349fe983aa028ba4d3f22c7230cc56b1387e0018c870cbd48523fcfa2448ba08c6e3746eae27

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 9cf53e031803a5ddd87592e33f34653b
SHA1 e804b548ed8d142613c31664492486d176820ae9
SHA256 2f1c82b8b653ba3701b9a239ce9fadcc09a090ba31e41583619201eb290286e2
SHA512 d84e4b4c36d949e4bc1219aea346b2ee231a608f5aa14e5a91f46a0fa0b9a488a3769aab62b3e6e20d139a404c2072d3c883c2faa410c848890dd392c3f56571

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 370e7cf7a299f3f1a30f9b6773fd0ee9
SHA1 2c83d74c8c2c540276927205b87c4dc3e7bc11ed
SHA256 c7348490d4ba723251fffa22bc80eecd52479912542d279c6a4a9df79b1540d6
SHA512 b29dde94a307049bbd740454c2f237d307b90972100c3787f41e5c5ac56b83fa7bc3e7b3877c9b0fe0aed368d548b515cd4194708e5d79ed4176f60fbf29a126

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 42cccb3632923d8bc33999e3f8a6dd32
SHA1 f03f8a1d69747a550045207c3b1d8609d78d5621
SHA256 3165428937529a0a9b92ba7a35037a283f1093b8d3233e7a1d2ac3b23d6bcc86
SHA512 5e8442fe361136fa35c3a616a6b433f62e6a72c244609f283a17007d6526e77617d18caa9fb88b3f653fe5f34821cbb24349efb29bb10780f75f67c3a247e588

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\738184b4bb16e32c_0

MD5 fc56c3221943c422efecb6adbad4d16e
SHA1 907d9e4ae4ec3417037bb8a3e8454d251a29477d
SHA256 29e57f84688e2969ea866f3de2ad356937094cb4acd52f1fa100d431c4f31da9
SHA512 560650643c2d0482ac4987b8ee4eb511bbc35b64bc1cd30e2363e320a612a52f45f3c1ecb93f633dbb194332270fc0c131d7cd79d34503aa2e8190aaa2d4f5da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ee1a6561ea58f5cd533c886b0e57c93f
SHA1 64a9eaf779611735e887623f415716bb5540a6cd
SHA256 6a63ffffe4a72ee40f2b7245a5d0759f53de9b468d02391c1075b3cf3b977959
SHA512 2b30097d18d44e737ba96cf3267ef548dadc9a4210395cddd85be102e405797a00fca675a23e21fc63f74d2c8ec2e6a216a30351f1a8965eb6f85ba57de6d9fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e8

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\feb3ffbb-32d0-4ff3-a4f5-e5748fe73ecb.tmp

MD5 0f0b240894abd78ba9dcebb8276ec323
SHA1 b5a468b34a99ea7991bb6aae58b98b69819c2e49
SHA256 727f40d5a06443a276a481d18a9ec83452ecbde73214e559fe6a537bf4758d02
SHA512 894e2847f67adbb06f6e41d95da4a8b9c2a27c407d81fbabc21b83c3327031b7a11b4214184d9b518a8fd9675f5c4cc534a721c9f5bdfc90791a9145204558f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 76c86e2c460cb98cb8a8892a609dff33
SHA1 48fa6613a70b7d5213f6a3ab832286d711d0ec1b
SHA256 a94a032e7273daf8472e33ccc384199831f0a53cc47bc11ccddecd70dcde2515
SHA512 7a6cc4a7a19afa8d294ae492bfa89fb09fa9b337b45d615ec4c46ef13780aaee0766ffcc3cf043bd2237e569b32dceca18dc5277449df705debfed2162d26d91

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000de

MD5 c8b4222a17109e8685c24131aecaa1c1
SHA1 be99378d30f3e1948b8fda29cd4d5af1f03a1de0
SHA256 4e92f1120c881aa63cd73d39d1de0d6fc2dbc2a4c2d6a4bc5bd0edbacb7029da
SHA512 42969a54b8a4c27bab8e35efc976fe80cda6d75138aa0a0eaecfda511aea1805595b745d5b7a7558a1a386bdf4b0afe9ab79da972538df27a606042a105ed2d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ab71187fcec339fe6cab5386c2e71006
SHA1 979cb1d348e6540c2bb628ba0d79928dd7af6bfa
SHA256 f44a39d99bf0f4003b2ed4a8982d7007ee6528b9330f82c81e4b7ff3d25c89cd
SHA512 a1b9f7e5cfa3fe8f201f260bdff65c53831ed1f75f52a66df7cb492984ed790998566c459450674481a37bb9092dda35276fe38115ed5806559ba50d266b97cb

memory/5360-3846-0x0000000000400000-0x00000000004A2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6a6d813a913e1de39bb210e062693f8c
SHA1 b7c8640b56a071da9fdccd518ca2ddfa0883e93b
SHA256 28ce19996ab912a985875831b65027d5993b5c09f516bf2bbf6766924bf68427
SHA512 048359fd8220672880ed28572f0be5f19db17b85e60efbb8638371edad2a6794684aec7cdfd5e7b4b3360feb0d88261194c3520af6fcca757d59bdbb661126ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5d7596a10eb64a8e243f0b90d799c065
SHA1 1914605e12cea4ab9eedc3120e327ca66cb71d22
SHA256 d60efb4158eb37a8253e55614725b273062f91b2d95d7aeb4d0a40523bf784b5
SHA512 e2e8546976d4cb467aa9404a877a994c7f6f3333f61e430980739ebec11a1a5e4d19371bbf7ce533e02b8c2cd917f8c6e5caa6ef01a2683b4ecdb20250dacb50

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\f3c4d58c-64ff-4cad-8ee6-f1b78db54771.tmp

MD5 68a5c5fd44928b85aa073f75e127b582
SHA1 bab13b5adbe71d0546ebfe2577bb7d9bea22c98c
SHA256 d52252c43453e7dc33c262da71a5967b0234004c5c0057cc081dcb5201b21d38
SHA512 36de92881b1ef7c524260be3495ecfc20e99578fec0a3cea5c8f9e46c573049ccf2b7895c2dd70d59b93d93cf4027683384d70b4b2a11e385b393d5735ac24aa

memory/5360-3935-0x0000000000400000-0x00000000004A2000-memory.dmp

memory/5360-3943-0x0000000000400000-0x00000000004A2000-memory.dmp