Malware Analysis Report

2024-10-10 07:31

Sample ID 240616-lcyw7syajb
Target jfxrt.pack
SHA256 0840d659560e62fcc41cd42dec9d7aedb8359f606097b540806452ca8ad05e21
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

0840d659560e62fcc41cd42dec9d7aedb8359f606097b540806452ca8ad05e21

Threat Level: Likely benign

The file jfxrt.pack was found to be: Likely benign.

Malicious Activity Summary


Enumerates physical storage devices

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-16 09:23

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 09:23

Reported

2024-06-16 09:27

Platform

win7-20231129-en

Max time kernel

56s

Max time network

184s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\jfxrt.pack

Signatures

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\pack_auto_file\ C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\.pack C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\pack_auto_file\shell C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\pack_auto_file\shell\Read\command C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\pack_auto_file C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\.pack\ = "pack_auto_file" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\pack_auto_file\shell\Read C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\pack_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1372 wrote to memory of 1972 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe
PID 1372 wrote to memory of 1972 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe
PID 1372 wrote to memory of 1972 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe
PID 1972 wrote to memory of 2720 N/A C:\Windows\system32\rundll32.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
PID 1972 wrote to memory of 2720 N/A C:\Windows\system32\rundll32.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
PID 1972 wrote to memory of 2720 N/A C:\Windows\system32\rundll32.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
PID 1972 wrote to memory of 2720 N/A C:\Windows\system32\rundll32.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
PID 1272 wrote to memory of 632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 600 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 1004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 1004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 1004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1272 wrote to memory of 1624 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\jfxrt.pack

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\jfxrt.pack

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\jfxrt.pack"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5b79758,0x7fef5b79768,0x7fef5b79778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1192 --field-trial-handle=1320,i,11859077530948981150,8569797609968606654,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1320,i,11859077530948981150,8569797609968606654,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1656 --field-trial-handle=1320,i,11859077530948981150,8569797609968606654,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1612 --field-trial-handle=1320,i,11859077530948981150,8569797609968606654,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1636 --field-trial-handle=1320,i,11859077530948981150,8569797609968606654,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1328 --field-trial-handle=1320,i,11859077530948981150,8569797609968606654,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3204 --field-trial-handle=1320,i,11859077530948981150,8569797609968606654,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3152 --field-trial-handle=1320,i,11859077530948981150,8569797609968606654,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3436 --field-trial-handle=1320,i,11859077530948981150,8569797609968606654,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3556 --field-trial-handle=1320,i,11859077530948981150,8569797609968606654,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3136 --field-trial-handle=1320,i,11859077530948981150,8569797609968606654,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1440 --field-trial-handle=1320,i,11859077530948981150,8569797609968606654,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2504 --field-trial-handle=1320,i,11859077530948981150,8569797609968606654,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3932 --field-trial-handle=1320,i,11859077530948981150,8569797609968606654,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4208 --field-trial-handle=1320,i,11859077530948981150,8569797609968606654,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1040 --field-trial-handle=1320,i,11859077530948981150,8569797609968606654,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4088 --field-trial-handle=1320,i,11859077530948981150,8569797609968606654,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 miniblox.io udp
US 104.21.49.92:443 miniblox.io tcp
US 104.21.49.92:443 miniblox.io tcp
GB 142.250.187.196:443 www.google.com udp
US 104.21.49.92:443 miniblox.io udp
US 8.8.8.8:53 api.adinplay.com udp
US 8.8.8.8:53 sdk.crazygames.com udp
US 172.67.71.222:443 api.adinplay.com tcp
US 151.101.65.195:443 sdk.crazygames.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 stats.adinplay.com udp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
NL 93.119.15.97:443 stats.adinplay.com tcp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 104.18.23.145:443 cadmus.script.ac tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 172.67.41.60:443 btloader.com tcp
GB 142.250.200.10:443 imasdk.googleapis.com tcp
US 8.8.8.8:53 apps.identrust.com udp
BE 2.17.107.226:80 apps.identrust.com tcp
US 8.8.8.8:53 o1162526.ingest.sentry.io udp
US 34.120.195.249:443 o1162526.ingest.sentry.io tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 unleash.coolmathblox.ca udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 api.btloader.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 ad-delivery.net udp
NL 142.250.27.84:443 accounts.google.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 172.67.144.47:443 unleash.coolmathblox.ca tcp
US 172.67.144.47:443 unleash.coolmathblox.ca tcp
US 8.8.8.8:53 i.clean.gg udp
US 34.95.69.49:443 i.clean.gg tcp
US 172.67.144.47:443 unleash.coolmathblox.ca udp
US 34.95.69.49:443 i.clean.gg udp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
GB 108.156.39.61:443 config.aps.amazon-adsystem.com tcp
US 104.21.49.92:443 miniblox.io udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 session.coolmathblox.ca udp
US 172.67.144.47:443 session.coolmathblox.ca tcp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 script.4dex.io udp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 172.67.71.222:443 api.adinplay.com tcp
US 8.8.8.8:53 grid.bidswitch.net udp
US 8.8.8.8:53 server.cpmstar.com udp
US 104.26.9.169:443 script.4dex.io tcp
GB 18.245.189.34:443 aax.amazon-adsystem.com tcp
NL 185.89.210.90:443 ib.adnxs.com tcp
US 131.153.170.214:443 server.cpmstar.com tcp
NL 178.250.1.8:443 grid.bidswitch.net tcp
US 104.18.23.145:443 cadmus.script.ac tcp
US 104.26.9.169:443 script.4dex.io tcp
GB 142.250.200.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 s0.2mdn.net udp
GB 216.58.204.70:443 s0.2mdn.net tcp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 151.101.1.108:443 acdn.adnxs.com tcp
US 23.200.189.62:443 eus.rubiconproject.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 token.rubiconproject.com udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
GB 142.250.200.2:443 pubads.g.doubleclick.net tcp
US 8.8.8.8:53 csi.gstatic.com udp
GB 142.250.200.2:443 pubads.g.doubleclick.net udp
US 142.250.105.120:443 csi.gstatic.com tcp
US 142.250.105.120:443 csi.gstatic.com tcp
US 142.250.105.120:443 csi.gstatic.com tcp
GB 74.125.175.134:443 rr1---sn-aigl6nzr.googlevideo.com tcp
US 8.8.8.8:53 www.googletagservices.com udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 108.177.122.94:443 beacons.gcp.gvt2.com tcp
US 142.250.105.120:443 csi.gstatic.com udp
US 8.8.8.8:53 planet-r9ml2-5grmx.servers.coolmathblox.ca udp
US 3.209.1.132:443 planet-r9ml2-5grmx.servers.coolmathblox.ca tcp
US 104.21.49.92:443 miniblox.io udp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
US 172.67.144.47:443 session.coolmathblox.ca udp
US 108.177.122.94:443 beacons.gcp.gvt2.com udp
US 108.177.122.94:443 beacons.gcp.gvt2.com tcp
US 108.177.122.94:443 beacons.gcp.gvt2.com udp

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 3b80dc96795871796082a498490eac58
SHA1 bd50715635d73798be6a233b19ebcb429cb44a2a
SHA256 9e25030555bc628b2f59c7e8c634c43ebc448d170f6761611874a8928aefd995
SHA512 11f8d99b82000fa38606700a59cef7980cbc39a5d3ced42cb7a4cc0db6622b58a4b0ce8931b5bec8cbfc144b77cfb862344daa8efb0ca7eeaf2858f26e9df91b

C:\Users\Admin\Desktop\ConvertToInstall.xltm

MD5 36e74f7d70387ddf3450449f9f6db5aa
SHA1 e1c0fc6a9f079798f8c71d778ec9b145735e0652
SHA256 e8ca2199e4cb9e66601a52a0f8f88e62c71f6d8ef39e1fe678bc80adc4783ad0
SHA512 8ea1cc39faffa6a5cf0a9af018421523f01b2c17f449fd840b84f88147a816b003ab9c4982060faa49a2fada2988afb2d2dfe38187cf8ccb56c01a2d4c31cd74

C:\Users\Admin\Desktop\ProtectImport.DVR-MS

MD5 08acd0babbd85c8b471e5c74f7c3e456
SHA1 2de8a2144e5c9241c47809cbe6788cc714685e76
SHA256 1b98200ff61b9111ad6ef8b3d0b683ce8a29b19c18e84c998e81c8d0d7ee7ce1
SHA512 725d62bb6086f9162f91f6427ae7b71c3a7484eb4727df720c517f1d5299847ee5a172eeaccfe6fb28aaa63a0dd51025bccc5c7e5de1ca41f0eeb1afda7903c6

C:\Users\Admin\Desktop\InstallWrite.mp3

MD5 8c166ba5675c3d49e7a3aecc403ad123
SHA1 ad56042e8b03ff77178475d6d29b960129d83f74
SHA256 c7c4ef9f7d1fcdc6623ed645ce0d2d263d97b2d835d5dc39fdf8a48bc807734f
SHA512 172a28a8ae055b54e5b84f5dcaf832dc554bbae1c6a96aee28204f1bea73ae0957fc438e1976f1cdbe40dd26618a48cc9b9ae9892a8831bb3add2a23e42d33a0

C:\Users\Admin\Desktop\ImportSuspend.pps

MD5 53fd921a959897c68b37c3afca0ccea8
SHA1 e0c252835bbb8949bb6c2d7d99c8f0678ca2eda4
SHA256 3ea2145fc4675d24f2d2eaba2ce340949f38116b019a246b1d72950ba67bd9df
SHA512 c196a2cde33d4600f9928309b83569b44158f38286c96bec8bb8f10a52e3ff39c94c813d96bb530ae9d7ca645513910bcfae963222921656061a82036ce11d67

C:\Users\Admin\Desktop\ExpandReceive.dot

MD5 879b8742f4661ca6e986abf75e7a6587
SHA1 d8c38ed41580d6d77cca281529758e437cdd2dca
SHA256 1b543e8a581f546ee3d4f16a4c7f021d2240f7f792afe8a5d7a92e67efdc42f9
SHA512 bc16e259f167ee13f0514816303cd34b87be45264d5d26575c862d4e8308a97c7941fd4430c6da35aa2ae6d52f13db2ffc33f6aadc0b66411dc0d76a3b99ef17

C:\Users\Admin\Desktop\DisconnectConvert.mht

MD5 e4f3d5cd6eb7950d4a1652591c149f4e
SHA1 7f7fc59b6405e4cd340f47ffd5f0f21396db3cfb
SHA256 91fa6981767dae183868bef1634e44806f658ee13ae44cccb2f2a33b0faae553
SHA512 9f35309ede7a9be588c635eff38ff2dd41d8f08d1b470d4427d1c4324cee682cfba836ab8cb205bf86d06317846af6595d836401c422081d09e5b2904de04b90

C:\Users\Admin\Desktop\DenyExport.ADT

MD5 31687f162e5eab9e742dc7a911b9689c
SHA1 7d9e6b212741d097e9cbb23fbe342dcb397ecff2
SHA256 94c819b126c1ecb0a7ea2b7eeacceff424d193d2cc8b904fac82b9693001f718
SHA512 bee2a81770958a4328a98b529d6722abd6ed3102ab71016d16db3be622dec63f1ec3a85a1ac81a444456c7848ee4bfc029ce5e8f7c0d3c29c7d40c26299cd158

C:\Users\Admin\Desktop\CompareClear.wmf

MD5 a415327357230c8f7a044ec1f0cf3221
SHA1 2524fa4bb8002ec09fce97fcb6824cd65ace08ad
SHA256 13095b26705dc2c938d544891ba764c0847ebe99f8a1277ecf4638ed98c78866
SHA512 5d900d0525f375bf5eb412a7abe9752b235635836f0a6c92c7da76451712e1a94d9635317608fb2a025ed608a30a94e68afbce28c1a8e378a6ea8364b52e011b

C:\Users\Admin\Desktop\BackupCheckpoint.3gpp

MD5 e698763d7f115dc528d5fce518420d6d
SHA1 c4604d924fc3a66373fe01dc8ec56bdd5f74f67b
SHA256 efc293a3daa82977de9ab7344650f6bdb488b35361e979c754d5337fecdd1c9c
SHA512 0aa68680a984c03f5f3e972f2a557044ba350e3ef271d04f4ebda0bf08336ff9de2e1f206184251d1a2ab612f544f358442cb9b04a0cb91d718eab3cf938167a

C:\Users\Admin\Desktop\ApproveGet.tiff

MD5 f1949d163d7f641904e5d7f02d7c08e7
SHA1 883c3727b83ecc2b88669b68242ad6baec09ca4f
SHA256 564a686c59f1b6705790cddb64292e55e4f2d39467625e476d09001b66502ff4
SHA512 080bbcb1b464b99e9f9701c04929974b35ace35cb77d74d78e92c2878e4f383b1d8284e7b8d1e7e6742d648377fe47a85075aa6bbc3cde48fb758a5efc310a40

C:\Users\Admin\Desktop\PublishReset.M2T

MD5 f33e1644e1d5307ea78019f0e0ae71da
SHA1 1e0bd1dfffc88ab817d75bb547b4ac67add235f9
SHA256 42eb31de8e93abd4cb4da1cddf4110bda66031a12628c80d2d7f08d41792faa5
SHA512 2bf4663e3305ad2c362fe0a625a8c06d5fe84ad02dc7d3ce41bb55e39c649a29787dbea781ac60bcb3a18db90102e74f2e1d0133199d437894bfc11ec7c619bb

C:\Users\Admin\Desktop\ReceivePush.tmp

MD5 20d8ecdb89f640b14e3ea534cbfeaf56
SHA1 700fccc2ef40eb4f6b040076840e6de8d0ee1795
SHA256 edd0a0210278dfe770aa0480f87ada026090ac3d94d3ce27a17ccdbdf0a6e196
SHA512 4369c3301feaa2832dca2b445c299a352717c24e027018cbc4ccd5074369dbc44de9067bc08a7c08fc88438e1bd899a214db385b12c25728799be586029cfc35

C:\Users\Admin\Desktop\RemoveRepair.asp

MD5 a56faa837e3df085d2908a3d324adaf5
SHA1 6bfbc0184b0a4152d6250cfa6fca33c55546e11e
SHA256 0ffbc0c8970b578d640654a2d83e320ffc3c21437e41c762766ec508c5f19dd5
SHA512 398a4f36b8f76549efaf16960383b1e9105453e526edb77586f8bc0cecf16fc68a4a489932bf72821f5cb48483209557246cda61b458c57ed96b4e15b5d6b485

C:\Users\Admin\Desktop\RequestRegister.wpl

MD5 b5c96fbc352fe1786441f00db9098012
SHA1 4b309e6357d9a093db38cd17f10c7077628a9abf
SHA256 ed5c04081e5d174c86eefd5ed41c1b98248c5f0120a0989b93ae1b4c029fa5c2
SHA512 49a8b9abd39ba624b087e8954f96b3b99a60a7a8db317b549ee594e4e1a38ec86a3200240e54281057c5c45bbe4ef686b1102d5d0ebfb38f32858b6710c9f08f

C:\Users\Admin\Desktop\ResetExit.m1v

MD5 3f34966f9b08e27a4475a960075156d5
SHA1 59d2da43c4b1de288b126cb52aaaa7f65129dd69
SHA256 97541d00572eb4604062c3fdad93a3da1858f6df66ddf64159b17b3c181ee93b
SHA512 2eff6467f4e29e243beb9bd39d2e0a594a6384e5022f31810979676c84eea1ec9c80e0d7d22cd88953730374e1cf4a61ddd33e125b9fcc7abfcecee9944d1263

C:\Users\Admin\Desktop\ResolvePop.mhtml

MD5 c56374ade449a45e1e30e4b704ba8b5e
SHA1 1aa75abc09359e78acc9c8c729d7ff36b6aed810
SHA256 62db51e0ec86f3ff63247ce810af800e1e36b83ff717e24f0221223915896249
SHA512 0ada93694e0f3be28d281ef882cf3a96837b012cf1f98d7e65c92e78cbc7ed52466f9b58bbb3dfd365dcc324d7fb401feaab32b800a6d7041f60d1da04d21f55

C:\Users\Admin\Desktop\SavePublish.mp4

MD5 477043eb37555952c35f8a4dc111224e
SHA1 1acdb426f9e274db5375f245ac2964de50758ac1
SHA256 2a32564646cbaab3adbcf14951796140b3037c8b803ece0aac0cb1bfc37e77b2
SHA512 31236df3f5a35cc38611cf48808992879d316b5d08c6766a51895720c43b4939c5cff35afa206599bd6cb4967c6903ee3b3f9b22654b79c630e5c46b4c42c30b

C:\Users\Admin\Desktop\SelectSwitch.clr

MD5 e195e707005e7c567f328a7272bb29fc
SHA1 f12aa18c6ab89f5f97ac6a40877b46173673e8ff
SHA256 b98dd66556f6cf2ed50e38c30bc901641a43538ee995b85b4a1e1411207f2c72
SHA512 2b6c35e8e8b37f31df59c4f03fce71c34d93fc64be9d62e33db69f28bb6908580ffbb70f7cd6a0aea77f9e63cbb900939540fc2d1509599d4dfb45a6e58fdb02

C:\Users\Admin\Desktop\StartSave.mp3

MD5 1e6d0ca35226b00f598be4385fddcb75
SHA1 5cdbfdf472ec849d4f249744f5ca0ca7bfeea387
SHA256 6c427ec1b5a6cde3448276a551871e1c6a0029e92216ed988b26d20717513c21
SHA512 2a257b75b1c87f6942f8287ec33e287c070ac593a1ce065d5c137f8016fe3857b1fff2e72636ad274599e0b015ec87f2f4a13234fae1c56ca52b73bb59963ad6

C:\Users\Admin\Desktop\SetRepair.mhtml

MD5 508fc1e6a09f24b1b5f7c52f064f0d39
SHA1 a0d0f24040fc0e1d40c7c8f606d8d338d8b59ac3
SHA256 ed00f7d40ce7bc81d407585d22793401396eb59c7d1050b9dac6719608c252ee
SHA512 8df5bb2d317b8a1bc3863f5b175897d9297d82a76e3d43d90efa1df7fb2559a0e7604bf10fa4addfb90e5c5fca91efcaeed3d25b931715428ea0f4fa34867170

C:\Users\Admin\Desktop\SyncUnblock.avi

MD5 0bbfee51b6baff946b4b4573ba5179e6
SHA1 12f6e864b023cf8066f71208edccb26966dddbe1
SHA256 6dbf12bd7615596c4dade3bde1ca31eb1dda51534a81d91c68f7697249f77472
SHA512 e0cf646450a665a0579f64d2a96651631715ec19d57bc4c069fa7cb13ca48db130ce91c8c2fafa21f05d176bdb641172ca5a7ce8724a3af762de40dc9de1c079

C:\Users\Admin\Desktop\UnregisterRepair.asp

MD5 9455047d7bbe4ee8b3f66bb75b57ca2a
SHA1 4fcaea12108b9db44a73c595172043917b638db1
SHA256 c364763fbe91cf1fe455b0c7dd4e7d8015e51aad3727584cb657004ef39333d2
SHA512 6b119beb09cfdc208cb6b1bd53750fe865cfd40362a0ef5c0611a69e73fe59e0919e98007dd517e220a201d815707d4f904b631871c1d46087bd4b820430ad6f

C:\Users\Admin\Desktop\WaitMount.mpa

MD5 a83836b2d5a1ed885358af3924594021
SHA1 9e431e9c5ad60bd68495bbe73103def996128729
SHA256 6fda1e6ca662d69f606af18ee4f897ad6b19d296a8a99da32134acde95c3d6d2
SHA512 49615e90c7123be09ce08f0be703a5f35c021f71e3b9f08cadfe96c9c0c45360836a1042649e9cfc7f6c34de46c88d51a6fa0a797e50cf1711d966575f22b86f

C:\Users\Public\Desktop\VLC media player.lnk

MD5 f8c13d3e51ad3f1e1f49d4436e27fccb
SHA1 862e55198e9819de90ce4ad521d13ca06f11c3b9
SHA256 e54ddd0119fe8591c0e3b9eeafad2f113de9a63f3fd9a3a9052c989fefb8deba
SHA512 58c4366f8a04eb206fc487c0700360d781d721af8c862aa8d0f2dc79b70105258ad09a1d6a85441ca4ff921d499a41d0385f2b7030949b69cdc301bd893d8662

C:\Users\Admin\Desktop\AddRepair.html

MD5 92b31c4a1f1cdb578ef250637d6ed05c
SHA1 23694d403621cb4466984831c4e058b567d5106c
SHA256 16cfece21122314764fd6262500caa9e33db0a5a0f1c65f9282a672dc518d7d0
SHA512 ec20882ea8c68bd5752f5a0443a3a61bc823463435e75e69d617bdfe6afebe3989341506582168f4c4b67604c6d3786b1a5ed9417f4f2ece0039c41ada1520d1

\??\pipe\crashpad_1272_BYSGXQDJPZLEFKHL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Temp\Tar341.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 27ec5240a65cda28aff4e659afef9812
SHA1 0925ecaa541c44a5d293c59fbda4c2a3a9019cfa
SHA256 8b1c9f522f9be0f034029ff8808f7d3b5c9f3656ef6ca9294eb30e0ce27346e9
SHA512 78138b2d1629efebcfe4f46dd460244ed1feda170e82f86834ee4397920ec33ac887f30ac76e98b85cdffa73725152071bdc018a9dbfdef7098b3ad73c9e2028

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c85d0f8411b1c81f2b6e8e9694bf2ee
SHA1 03542467efb00d99fc389bb9635fcd5c20750286
SHA256 b862e4553b417d002ac334f512f7a93bda7af041644b4a998d6e67c35a1db596
SHA512 1dff4591586299439649f91191e7e99cc6d006f453fc99182417bb0ce8979d984743890539a5233061dafb93cd3936419e1fb376314161c1a88acf80f3b006d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 258d8eaaf88e69b10db46fb5604aba95
SHA1 49e7e1d0c87a7ba18bd2b9c76b7be5fc9bd95961
SHA256 f69179c44817d4ce71f0484542074b275c24ee838910b8ca40ed4dc2c201aa39
SHA512 2e9fc81a9858418652d7332213f42407f1e9904ea54785a91c9d6ea24b96017c0cb386c42c5cf33acf7df1b7f3cc9fe3f7350f39fa92486dcdb48969309887c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 60b6076425f9b47fcc50ac030144f674
SHA1 ad0886a2444e86255b77d4f5e04a1f0cc4594428
SHA256 0f2a2b879be4a3177e4e9097f8995226bc96fc144adc81e6f7f738a8d2dabce7
SHA512 170bcc7450ecb40b9379ce64d0a293f802a063dbb6166891a7c5a08510caca35af920c05caf69efd294668ec8913d1bdef735ac2777eceab562dd6e0f7e898c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ccaf782a29f8507239432d1fa5e2917c
SHA1 42d6a01b03efeef3ce7602282bc444b50b7c7c52
SHA256 91fe1203756161b60e2bcbfe8edd0dc3203763caf4457d9a54e08103c7884be6
SHA512 3bd7b9bc5dd1c5775202ea62e71db7354fc315fc08ac97a10cbf5e9be0939a2f90d00276c486b2c201586d56527f23972dff1749c0f4c3d071afecb1bf4c002c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 2ee16e374c5278a180cacbdcdef71262
SHA1 1c996d29e2badff0c882535e841c999f5d41d8ef
SHA256 4b87b2b61081f45969711da804964062e31c7dab249d20f3ece1d32eec563ddc
SHA512 5dc80fc7d4bc7de547be7e84e3f4b01040c02bb92fd5cdc35ab37cda30a586c666c895689e2fd4c5d3276a4299aeb70e7c89813869e7a1eb8e67c73d674e4078

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46a02a09df70955e3b0e533088748eb4
SHA1 fc0236ccc0130cd54519745b6aa70e3b8faaf38a
SHA256 2fee661be7f49b060bb31f721dd52cf56df4b17bdcc341dec68c791bb5d8561d
SHA512 7476497f92f5698e289d76c465829e7949a4fc735e392c49eb9e52c036f7970e6f13947a10218fbbfd92336ba2b53fbad79f21811d99de5213613332a14ae725

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 146aedbe9745d221d843789b98c150de
SHA1 3d75cc7bde3722da45dd3ea050803da177669bbf
SHA256 67d24c1b4da8f8763c78151f687ba57159386ced4490d218167a12446806518f
SHA512 d514a4454809c53409cd47ec043aa84ca9ded92f04bf9d71b86b4d0089b9f334a2ef6d6815be69127bdbd58e8430a5d01dcdfa75fd5ffe3cac6381caaaf34b70

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a1ba00125933015d44980a071e756a5
SHA1 4c8384b14c49f96f47c2380d8e41e2d3202e4fc9
SHA256 383dd634d0fc2d54c2c82c5f2a01f74feaf67fe8a2e0ac0e57f05ad3f4d7759d
SHA512 1f87b2b5f6de1bfd8fbac3e411f789e97efa0ca8e3a8737ba52f4126a6fde65bbc5f23435b4413210ab77dda647096e595173a29eed24f21636ac0451924ff82

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d18781af38c50c9c05d86a49c2adf64d
SHA1 5a8e185db828bce30c26cc53634d3bd4a32ebdb7
SHA256 395d5290db214b84491bfb45fcf3c19d942fb484979fc86d612df9c8c91be424
SHA512 53736581069f9e12b49ad460205402ccaca78afa819febf8d2e9b3676498bd2ef0831710bf6bdebab27a745224c0cf120779e1a0a4c47afa65021eb30288dd74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 173ca9243bfdf54e6a4653044bb58c0d
SHA1 e134808884027baffc382573fbb5895acd1dd5d3
SHA256 211e43a4db9f455cdbe49d584e7acf550c5c0d750f9195a2f2ec4df6c5fefda1
SHA512 4f9a26c7b9ac1ae4c06345fccf65336fd44a5af722e86d13393ad497f1c1b620dafa9bfd9339b45862b3216ccf2deec54efca4176e6194b9c3caa4ca630731d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e60f7bcb6da63d25bb5e86a24b6fbecc
SHA1 bdf57857be5a06abdcddfb3d2f409fcf7421a979
SHA256 423fc2426a1733007667f7ae498afb3b844b2a1daeaef59f8dc7bd807a67184a
SHA512 8e0d095bae4c2afefd0a5c5453da6d410123ded83a782b3ca4a0aac58ddfa8288315d17609c0cd0562e2af843c290ec85275b3ee11f611d534a6c08176343911

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e4bc4388c575f4e2f79314efaa3d6b8
SHA1 2c7cde3886f63bbe04d5b27726a67f6e04ee1655
SHA256 a37011d72c86b16e67b2058f839077ebc6c7095312d05da3417076e774c9b37d
SHA512 dfbd5d82cb360c413d538df127c6694969d4410033a6399f5f3a84343ffbc8aba22f6a38eb87fa6063a20ec070f3cfb92b3f17273541a9d516fd3837d6c349f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 99916ce0720ed460e59d3fbd24d55be2
SHA1 d6bb9106eb65e3b84bfe03d872c931fb27f5a3db
SHA256 07118bf4bbc3ba87d75cbc11ddf427219a14d518436d7f3886d75301f897edaf
SHA512 8d3d52e57806d1850b57bffee12c1a8d9e1a1edcf871b2395df5c889991a183a8d652a0636d5452068f5ef78d37e08ce10b2b2f4e05c3e3c0f2f2230310418a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2160943d4cc2ed209988f33c4684e3d
SHA1 69fa63ba01116b39505cf29cf4a61dfdbeb4aaa9
SHA256 9786a98d788e581719d1de73d5cda83774f141826eb861bc0267ca882073f055
SHA512 b2d96d5b38d230e5cb8814e222d64672e0e3f7e5de328a4422cb4067412778680df120be110d3059524041a1bdb06217b44087a2b43254b233c4c710a5dddda8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a73e5f568b7d15490f24082b9fc9d7ee
SHA1 71dc3acb94b2c82985ef0730911cefe00b55d741
SHA256 97cff783c0ca7c795a76630dd17da3fe8f6637049bcd14d1183bd7c019274e18
SHA512 88826673d3b699d17ff46b50190cc6c240162ad63a1906d109e133173ffdad2682ff8804f535d57eb4124f9fa04207fb1e95b3e57055eac85a359595a84b8926

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 70c29a24c419530569f7e09c4c1201e8
SHA1 225acc315dca1fd9fced248daaf7fcca14eadf4e
SHA256 308940ec397df79a5031e140436a508dab75ae4cb6320b609e8835384b71d33a
SHA512 0f28332360b67e52d60dccfdcdbb90402fdad1a65b0ffec477e1814adc12c30e03da94ea7a2ff2056da4b1d85d3e0f323860be31ae3e819ed9bcf1234a6a6300

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 379b54b469941e41517c41a99966a1f9
SHA1 998fcef1e69f0208e861124ddc4b522d60eb3f5a
SHA256 e53f7384a1767a10f47a0b0652c8bef9a2c00a50f3c4317da3801616bd835540
SHA512 6cd925c6c1f03148d9c40397edf0bdaaf27113a2187134ca865608c739cc1a9b368ebb46c72265ba6bc2951e404e9230ac5c657cf3bc56ae74025e7fc8d242d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae3a8fb376ceaa9d36b2ca2ce5020d2a
SHA1 8543243f3fd2d09032dd7f989a35c6ac2da584bd
SHA256 e3a6dcd953e940be8ef6942bce4c6955f1712d4d751d65a9b9914f4b5c38c5c1
SHA512 1e360b14f87c2c35db7ad8bf3dfd2eeafd9586cfead0d1d83c6126d78c5a85b21ce173f2cd7b8d7a59dee4ededf1db03a7bb02ee47ebeca0c7ae2eb86fa56f5a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1207c188d32e5ba6003c2c6d063f554
SHA1 acf17ee35313483f2b4afa40c8ddefc7a2622991
SHA256 c4d02db546d29705ef53fdf633529e90125666f8d0397902a8b077344c8c4dd9
SHA512 ee34acc287f1c3c94949b63815e746947d73480947571fe772f20b43c68e6c754e2bd801d5a0d717f76a32a8648fcb0357993f8b0e7242aad828549c309ecc8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 013974cd289c7f3f35ed0682fbe7d9f8
SHA1 c68b0975c58b9e72e30a34a229a5ba1887e7afea
SHA256 fba174955353bf9964fecefae54f311695f3bc739731429ecb80fa32582a7bef
SHA512 40ea6cfee6a05ea5f221af86b7bbd72b59b77a635fe8539baa60dea08c81b4b3bfcf086b73692bff2e58fbbf76f017d32504bc48f7e889b9fbe523aaaf20e808

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca7ef9e3cf101993f1d1acb766ff60fd
SHA1 1b0e5e60db603f1093878d2cf08fc8d3e4274fd3
SHA256 77d2ede5b93b2af2b9ae50074a330f3bf43cb7224b3acb622ebd302177fc17d7
SHA512 e6fe53f69e1a1222fccb2c7cff9847aa19bd1e915c25fa44e04f062d42f1fc5c985ca0b6cb1ec73c27dcd8e5c0d14314e3317d32ed8a85ea32ad8633a783285c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 aedef93dc80c28340e7b92489b0c8bd4
SHA1 f1e6c5d0d78e7d0411a69da976a4f065e3cbec95
SHA256 e6e32b92107eb0ffe79e93caf7bf27e607eb419c169a48465d4d1377b8e87516
SHA512 138815bc473f5103795fdac1922f73c959517fc8f4f2b18838a113901149eb7b7c0f9c0a5a3613e753f688823dc2e90e156b484838f20fa4deea13a1e5865029

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b50944202292ef54582bbaf67bc36f7
SHA1 4417b95aed80dfad03c7a88c5466a22c70e775b0
SHA256 ac9bf9f2c97cec49a1cab03bfe0e8de02902d6891d43ee0276a78e3163d45137
SHA512 c9ca3695e3a4b9ddf127a03bf1fb4d1484d0c4f24e7e8d24caeedcb126fbb90f14d499895510366520bc1c95b4b0f305122726f64da504002adc884cca7bcff8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 168067d5a5754d833b22e9769b41beb9
SHA1 cbd3c6e009dcb0a79139c612ed7bf427eb6a16a8
SHA256 6c9ec1e11cfb998328629964a7f5f2e979f56cb115b546764e3c1bccad996100
SHA512 9905b99e88b55b41151c39d4fc6307b0e25a2ad4cf3face9d5aa77d41296e08fc3ca7cdd74e20fcee8a25e546aeca01d6435c1a99f72e4fb6164c5dadf8f1b3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d878a888a3f2a38301d23e8de2a8d847
SHA1 86debee4111242f9411274ed77cc43bc28308199
SHA256 a9c9a3ff8713beaa5d242e5008a73782384f9676c7244781f42c2c46e21b814e
SHA512 4c027948a7ed9ae6e7ae3409f2c47d346da2c11282126056a4f00addc090bbd95bf61b5b783509596ad9fa8653bbd11057bea8b016db861df61f7b11644d1780

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f5624383edbc3fb0bfa83c7404b761f
SHA1 f18ab07f8b67d31339c314435d2000a9fd55b9ba
SHA256 b9e49053f627bf3cc693e632609a321003655bd709cc8689de2b412220c9b6bb
SHA512 a1563d980d3f93289250f11ab8422a77392e2b0cf16c9136ec7752cf63dbd91f3de555073e0bad6c2a911816e30f8b23b5fc523d63cef0379c532e87e073c977

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f316b9caf55532d4cabb429b3859991
SHA1 fd597f8ad6cf47e2a0a1d28338a91883d1daa70d
SHA256 ed14c11432bde6027c84160dcbb2dcc695f7bc151fd3e44c01531fc6f9a6c144
SHA512 09fabc3eb4573dcfc3c9c5a94a92acea42d764ca5a1faf6d9782f3c9ab46922820baa1e438b427e839b6f9341bfce9c31e04845a8e154627a31ae48a97a25c12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb903da249a938b8b9fd8a261e2e1c6b
SHA1 05d0428949a1dd9943c596e6c7a9b2f9af87cbb7
SHA256 2971dff651e75b8c459243cd53f4c73c9948da5cc200917f725faa8e6407bc88
SHA512 79e65a6ad5be14f8af16f2d936258e7d1b6e6c851c9184ecc937e42585aa804ded946cdd0cb913e0f5bbb23a9e96754f12f5d7c9b36db7b5fb76432356a89161

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 38e8f8427529db7d6abcc2f2459a3923
SHA1 6aed24f77cbc4ae7bf85f9062c1ce15b95ac9651
SHA256 917561f0a146540e53b99dbc1bc8b42ab7bb61e6506e4d3a846ae35bb1ed9a6d
SHA512 063d295173b72eca563521c6b62c0f7c25ba58bebd9fb5c0128695b2d952aeb5443e173d8c87acdd90ef487f3f3d124dbadcd7fc9977bd4737b846717609b14c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 057808933c6d644c906e48d506bc77dc
SHA1 2485336ba3d8cf88c73f7c214765ee795abb73e9
SHA256 2a1da3077027999cef2a7099a8f952717747b17e9aaaad6bc198e13efd19a0be
SHA512 6c9af26e08398d92acd436089cc6e1914b908e2969a7a60111660bc29506773b4e6c4ece43e6af0636110c57fc1ecfb94e5886d2ae49e830d716308bc248bb92

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 51979d444118df7aa874a585eeb901d6
SHA1 298dcf7dde63e43d915edd971938b868346184dc
SHA256 19c0fc8dd671a7efc108a991621161d714710da968dfec4aa1454db79a968d8d
SHA512 f8dc01b7e93216f32b3d8b165a9f38389a913315af4ceeb0fb6e0a26ebc7d0d9c52d64341ac0d24a2db7ef05ccb2ee03ac99225b7051a544e6142a03c9d3a98c