Malware Analysis Report

2024-09-23 03:23

Sample ID 240625-pq3n4ashnk
Target Nursultan NextGen Crack.exe
SHA256 e766bc3bd8513eadc0d54e511049f1d35bc5c503aeef6cd38aa500d39d66da11
Tags
xworm execution persistence rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e766bc3bd8513eadc0d54e511049f1d35bc5c503aeef6cd38aa500d39d66da11

Threat Level: Known bad

The file Nursultan NextGen Crack.exe was found to be: Known bad.

Malicious Activity Summary

xworm execution persistence rat trojan

Detect Xworm Payload

Xworm

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Checks computer location settings

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Uses Task Scheduler COM API

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious behavior: LoadsDriver

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

Opens file in notepad (likely ransom note)

Scheduled Task/Job: Scheduled Task

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Modifies data under HKEY_USERS

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-25 12:32

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-25 12:32

Reported

2024-06-25 12:44

Platform

win10v2004-20240508-en

Max time kernel

659s

Max time network

660s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe"

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Xworm

trojan rat xworm

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wininit = "C:\\Users\\Admin\\wininit" C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133637924908387428" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{84AC0484-476B-447C-9A39-FBB25A85BDDC} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\schtasks.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\wininit N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\wininit N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2220 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe
PID 2220 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe
PID 2220 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe C:\Windows\system32\cmd.exe
PID 2220 wrote to memory of 5072 N/A C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe C:\Windows\system32\cmd.exe
PID 5072 wrote to memory of 2344 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\chcp.com
PID 5072 wrote to memory of 2344 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\chcp.com
PID 5072 wrote to memory of 3068 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\choice.exe
PID 5072 wrote to memory of 3068 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\choice.exe
PID 4880 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4880 wrote to memory of 3204 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4880 wrote to memory of 868 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4880 wrote to memory of 868 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4880 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4880 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4880 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4880 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4880 wrote to memory of 3644 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\schtasks.exe
PID 4880 wrote to memory of 3644 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\schtasks.exe
PID 3636 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3636 wrote to memory of 5100 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 5016 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 2684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 5092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5012 wrote to memory of 5092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3636 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3636 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3636 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3636 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3636 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3636 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3636 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3636 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3636 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe

"C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe"

C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe

"C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\и.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\choice.exe

choice /c 12 /n /m "Enter your choice:"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Nursultan NextGen Crack.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\wininit'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'wininit'

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "wininit" /tr "C:\Users\Admin\wininit"

C:\Users\Admin\wininit

C:\Users\Admin\wininit

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe9531ab58,0x7ffe9531ab68,0x7ffe9531ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe9531ab58,0x7ffe9531ab68,0x7ffe9531ab78

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\DenyUse.css

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:2

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE

"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\RepairDeny.xlsm"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=2000,i,646236753749252047,3437767256995764731,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2112 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=2000,i,646236753749252047,3437767256995764731,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe9531ab58,0x7ffe9531ab68,0x7ffe9531ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4364 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4368 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4084 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe9531ab58,0x7ffe9531ab68,0x7ffe9531ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4864 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4928 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5208 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5376 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4280 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5492 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff658a6ae48,0x7ff658a6ae58,0x7ff658a6ae68

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5172 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Users\Admin\wininit

C:\Users\Admin\wininit

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5416 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5036 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4556 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5248 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4080 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2008 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Users\Admin\wininit

C:\Users\Admin\wininit

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=1568 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4964 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:2

C:\Users\Admin\wininit

C:\Users\Admin\wininit

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4372 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=2268 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4116 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3144 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=2276 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2468 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=4132 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Users\Admin\wininit

C:\Users\Admin\wininit

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=3440 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=3232 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5848 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5996 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=5940 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Users\Admin\wininit

C:\Users\Admin\wininit

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=6444 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Users\Admin\wininit

C:\Users\Admin\wininit

C:\Users\Admin\wininit

C:\Users\Admin\wininit

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7152 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7064 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=6880 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=6324 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=6600 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=6588 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=6288 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=3440 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=4788 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=5044 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=5028 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=3012 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=5468 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=3152 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=7320 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=7592 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=7820 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=7964 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=8116 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=7292 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=8712 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=8704 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=8640 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=8884 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=8956 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=9244 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=7996 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=9580 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=9568 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=9820 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=9844 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=10048 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=10500 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=10532 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=11108 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=10520 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=11132 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=11332 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=11372 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=11388 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=11404 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=11520 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=11548 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=11772 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=12784 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=12328 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=12564 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=8680 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=13024 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=10872 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=10668 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=6540 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Users\Admin\wininit

C:\Users\Admin\wininit

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=6292 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --mojo-platform-channel-handle=5756 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7968 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8228 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=8500 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --mojo-platform-channel-handle=9660 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --mojo-platform-channel-handle=7664 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --mojo-platform-channel-handle=3472 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=11016 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10724 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --mojo-platform-channel-handle=5956 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Users\Admin\wininit

C:\Users\Admin\wininit

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --mojo-platform-channel-handle=13304 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3fc 0x498

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=13200 --field-trial-handle=1900,i,16663129452270646947,6198869669572621093,131072 /prefetch:8

C:\Users\Admin\wininit

C:\Users\Admin\wininit

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 seems-poet.gl.at.ply.gg udp
US 147.185.221.20:30996 seems-poet.gl.at.ply.gg tcp
US 8.8.8.8:53 20.221.185.147.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 147.185.221.20:30996 seems-poet.gl.at.ply.gg tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 46.28.109.52.in-addr.arpa udp
US 8.8.8.8:53 roaming.officeapps.live.com udp
FR 52.109.68.129:443 roaming.officeapps.live.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com tcp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 241.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 215.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.73.42.20.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
GB 142.250.180.14:443 encrypted-tbn2.gstatic.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.187.227:443 id.google.com tcp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 en.wikipedia.org udp
NL 185.15.59.224:443 en.wikipedia.org tcp
NL 185.15.59.224:443 en.wikipedia.org tcp
US 8.8.8.8:53 upload.wikimedia.org udp
US 8.8.8.8:53 meta.wikimedia.org udp
US 8.8.8.8:53 login.wikimedia.org udp
NL 185.15.59.240:443 upload.wikimedia.org tcp
NL 185.15.59.240:443 upload.wikimedia.org tcp
NL 185.15.59.240:443 upload.wikimedia.org tcp
NL 185.15.59.240:443 upload.wikimedia.org tcp
US 8.8.8.8:53 224.59.15.185.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 240.59.15.185.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c55.gcp.gvt2.com udp
US 8.8.8.8:53 e2c11.gcp.gvt2.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
AU 34.129.38.245:443 e2c11.gcp.gvt2.com tcp
CL 34.176.211.24:443 e2c55.gcp.gvt2.com tcp
US 172.217.204.94:443 beacons2.gvt2.com tcp
AU 34.129.38.245:443 e2c11.gcp.gvt2.com tcp
US 172.217.204.94:443 beacons2.gvt2.com udp
US 8.8.8.8:53 94.204.217.172.in-addr.arpa udp
US 8.8.8.8:53 24.211.176.34.in-addr.arpa udp
US 8.8.8.8:53 245.38.129.34.in-addr.arpa udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.3:443 beacons.gvt2.com tcp
GB 172.217.169.3:443 beacons.gvt2.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.227:443 id.google.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 google.com udp
GB 142.250.178.14:443 google.com tcp
US 8.8.8.8:53 e2c5.gcp.gvt2.com udp
KR 34.64.233.111:443 e2c5.gcp.gvt2.com tcp
KR 34.64.233.111:443 e2c5.gcp.gvt2.com tcp
US 8.8.8.8:53 111.233.64.34.in-addr.arpa udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com udp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 ru.wikipedia.org udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com udp
GB 142.250.178.14:443 google.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
GB 142.250.180.14:443 encrypted-tbn2.gstatic.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
IE 209.85.203.84:443 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
US 8.8.8.8:53 google.com udp
GB 142.250.178.14:443 google.com udp
US 8.8.8.8:53 seems-poet.gl.at.ply.gg udp
US 147.185.221.20:30996 seems-poet.gl.at.ply.gg tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 172.217.204.94:443 beacons2.gvt2.com udp
GB 172.217.169.3:443 beacons.gvt2.com udp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.178.14:443 google.com udp
US 147.185.221.20:30996 seems-poet.gl.at.ply.gg tcp
US 8.8.8.8:53 wikimedia.org udp
US 147.185.221.20:30996 seems-poet.gl.at.ply.gg tcp
IE 209.85.203.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 142.250.178.14:443 google.com udp
GB 216.58.213.3:443 beacons3.gvt2.com udp
US 172.217.204.94:443 beacons2.gvt2.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 147.185.221.20:30996 seems-poet.gl.at.ply.gg tcp
GB 142.250.178.14:443 google.com udp
GB 172.217.16.225:443 lh5.googleusercontent.com udp
US 147.185.221.20:30996 seems-poet.gl.at.ply.gg tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 142.250.178.14:443 google.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 www.webmd.com udp
US 172.64.153.18:443 www.webmd.com tcp
US 172.64.153.18:443 www.webmd.com tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 img.lb.wbmdstatic.com udp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 172.64.150.196:443 img.lb.wbmdstatic.com tcp
US 172.64.150.196:443 img.lb.wbmdstatic.com tcp
US 172.64.150.196:443 img.lb.wbmdstatic.com tcp
US 172.64.150.196:443 img.lb.wbmdstatic.com tcp
US 172.64.150.196:443 img.lb.wbmdstatic.com tcp
US 172.64.150.196:443 img.lb.wbmdstatic.com tcp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 img.webmd.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 polyfill.io udp
US 172.64.154.8:443 img.webmd.com tcp
US 8.8.8.8:53 assets.adobedtm.com udp
US 8.8.8.8:53 img.wbmdstatic.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
GB 23.36.168.235:443 assets.adobedtm.com tcp
US 172.64.150.196:443 img.wbmdstatic.com tcp
US 8.8.8.8:53 preferences.trustarc.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 104.18.51.3:443 polyfill.io tcp
US 8.8.8.8:53 ssl.o.webmd.com udp
IE 66.235.152.156:443 ssl.o.webmd.com tcp
US 8.8.8.8:53 privacy-policy.truste.com udp
US 8.8.8.8:53 18.153.64.172.in-addr.arpa udp
US 8.8.8.8:53 52.177.19.104.in-addr.arpa udp
US 8.8.8.8:53 196.150.64.172.in-addr.arpa udp
US 8.8.8.8:53 8.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 235.168.36.23.in-addr.arpa udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 156.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 3.51.18.104.in-addr.arpa udp
US 18.245.199.75:443 privacy-policy.truste.com tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 18.245.194.122:443 c.amazon-adsystem.com tcp
US 18.245.194.122:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 75.199.245.18.in-addr.arpa udp
US 8.8.8.8:53 122.194.245.18.in-addr.arpa udp
US 147.185.221.20:30996 seems-poet.gl.at.ply.gg tcp
US 8.8.8.8:53 dpm.demdex.net udp
IE 52.49.219.73:443 dpm.demdex.net tcp
US 8.8.8.8:53 mynt-test-privacy.my.onetrust.com udp
US 172.64.155.119:443 mynt-test-privacy.my.onetrust.com tcp
US 8.8.8.8:53 73.219.49.52.in-addr.arpa udp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 webmd.demdex.net udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
MX 23.41.25.82:443 contextual.media.net tcp
US 8.8.8.8:53 d15kdpgjg3unno.cloudfront.net udp
FR 18.155.129.126:443 sb.scorecardresearch.com tcp
IE 79.125.35.115:443 webmd.demdex.net tcp
FR 52.222.153.178:443 d15kdpgjg3unno.cloudfront.net tcp
US 52.21.170.218:443 preferences.trustarc.com tcp
US 8.8.8.8:53 dyv1bugovvq1g.cloudfront.net udp
IE 79.125.35.115:443 webmd.demdex.net tcp
FR 18.155.129.126:443 sb.scorecardresearch.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 3.165.112.149:443 dyv1bugovvq1g.cloudfront.net tcp
US 8.8.8.8:53 launchpad.privacymanager.io udp
US 8.8.8.8:53 launchpad-wrapper.privacymanager.io udp
FR 18.155.129.89:443 launchpad.privacymanager.io tcp
FR 18.155.129.80:443 launchpad-wrapper.privacymanager.io tcp
US 8.8.8.8:53 sync.mathtag.com udp
US 216.200.232.253:443 sync.mathtag.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 sqs.us-east-1.amazonaws.com udp
US 8.8.8.8:53 geo.privacymanager.io udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 hbx.media.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
MX 23.41.25.82:443 contextual.media.net udp
US 8.8.8.8:53 fid.agkn.com udp
US 8.8.8.8:53 bh-eu.contextweb.com udp
US 8.8.8.8:53 tag.tapad.com udp
US 216.200.232.253:443 sync.mathtag.com tcp
US 8.8.8.8:53 d.turn.com udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 82.25.41.23.in-addr.arpa udp
US 8.8.8.8:53 178.153.222.52.in-addr.arpa udp
US 8.8.8.8:53 218.170.21.52.in-addr.arpa udp
US 8.8.8.8:53 126.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 115.35.125.79.in-addr.arpa udp
US 8.8.8.8:53 149.112.165.3.in-addr.arpa udp
US 8.8.8.8:53 89.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 80.129.155.18.in-addr.arpa udp
DE 37.252.171.21:443 ib.adnxs.com tcp
US 3.236.169.45:443 sqs.us-east-1.amazonaws.com tcp
US 3.236.169.45:443 sqs.us-east-1.amazonaws.com tcp
US 34.160.46.1:443 fid.agkn.com tcp
US 35.186.225.155:443 tag.tapad.com tcp
US 18.245.199.98:443 geo.privacymanager.io tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
NL 208.93.169.131:443 bh-eu.contextweb.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 35.244.174.68:443 idsync.rlcdn.com tcp
NL 46.228.164.13:443 d.turn.com tcp
GB 142.250.187.226:443 cm.g.doubleclick.net tcp
NL 23.46.72.29:443 hbx.media.net tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
US 35.186.225.155:443 tag.tapad.com tcp
US 8.8.8.8:53 cms.analytics.yahoo.com udp
DE 3.71.149.231:443 cms.analytics.yahoo.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
NL 46.228.164.13:443 d.turn.com tcp
GB 142.250.187.226:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
FR 99.86.95.185:443 cdn.prod.uidapi.com tcp
US 8.8.8.8:53 global.ib-ibi.com udp
US 8.8.8.8:53 955d10d246c0861df7b275a84b098a44.safeframe.googlesyndication.com udp
US 69.169.85.6:443 global.ib-ibi.com tcp
GB 172.217.169.65:443 955d10d246c0861df7b275a84b098a44.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
FR 52.84.174.40:443 config.aps.amazon-adsystem.com tcp
US 18.245.199.156:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 bh.contextweb.com udp
US 8.8.8.8:53 thrtle.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 54.243.152.231:443 thrtle.com tcp
NL 23.46.72.29:443 hbx.media.net udp
US 8.8.8.8:53 hb-pb.media.net udp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
US 8.8.8.8:53 oajs.openx.net udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 ats-wrapper.privacymanager.io udp
US 54.243.152.231:443 thrtle.com tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
FR 18.155.129.21:443 tags.crwdcntrl.net tcp
US 34.120.135.53:443 oajs.openx.net tcp
US 34.107.148.139:443 hb-pb.media.net tcp
DE 162.19.138.83:443 id5-sync.com tcp
US 8.8.8.8:53 cdn.marphezis.com udp
GB 87.248.205.1:443 cdn.marphezis.com tcp
US 8.8.8.8:53 cdn.doubleverify.com udp
US 8.8.8.8:53 253.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 21.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 155.225.186.35.in-addr.arpa udp
US 8.8.8.8:53 1.46.160.34.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 98.199.245.18.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
FR 18.155.129.21:443 tags.crwdcntrl.net tcp
BE 23.14.90.89:443 cdn.doubleverify.com tcp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 29.72.46.23.in-addr.arpa udp
US 8.8.8.8:53 231.149.71.3.in-addr.arpa udp
US 8.8.8.8:53 45.169.236.3.in-addr.arpa udp
US 8.8.8.8:53 13.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 167.35.18.104.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 185.95.86.99.in-addr.arpa udp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 6.85.169.69.in-addr.arpa udp
US 8.8.8.8:53 40.174.84.52.in-addr.arpa udp
US 8.8.8.8:53 53.135.120.34.in-addr.arpa udp
US 8.8.8.8:53 156.199.245.18.in-addr.arpa udp
US 8.8.8.8:53 156.174.53.23.in-addr.arpa udp
US 8.8.8.8:53 139.148.107.34.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 83.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 1.205.248.87.in-addr.arpa udp
DE 162.19.138.83:443 id5-sync.com tcp
US 8.8.8.8:53 id.crwdcntrl.net udp
IE 52.215.98.156:443 id.crwdcntrl.net tcp
US 8.8.8.8:53 hblg.media.net udp
US 34.120.135.53:443 oajs.openx.net udp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 xch.media.net udp
US 34.107.136.65:443 xch.media.net tcp
US 34.107.136.65:443 xch.media.net tcp
US 34.107.136.65:443 xch.media.net tcp
US 34.107.136.65:443 xch.media.net tcp
US 34.107.136.65:443 xch.media.net tcp
US 34.107.136.65:443 xch.media.net tcp
US 8.8.8.8:53 compass-v2.deliverimp.com udp
US 3.94.45.118:443 compass-v2.deliverimp.com tcp
US 3.94.45.118:443 compass-v2.deliverimp.com tcp
US 3.94.45.118:443 compass-v2.deliverimp.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 67.220.228.200:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 c21lg-d.media.net udp
US 8.8.8.8:53 medianet-match.dotomi.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 i.liadm.com udp
US 3.33.220.150:443 match.adsrvr.org tcp
GB 23.36.168.202:443 ads.pubmatic.com tcp
NL 89.207.16.140:443 medianet-match.dotomi.com tcp
ES 23.60.223.190:443 secure-assets.rubiconproject.com tcp
US 44.214.226.155:443 i.liadm.com tcp
US 8.8.8.8:53 eus.rubiconproject.com udp
NL 35.214.149.91:443 x.bidswitch.net tcp
FR 3.162.38.8:443 ats-wrapper.privacymanager.io tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
FR 3.162.38.8:443 ats-wrapper.privacymanager.io tcp
US 8.8.8.8:53 similarsearch.net udp
US 8.8.8.8:53 www.media.net udp
US 8.8.8.8:53 cs.media.net udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 cdn.topsrvimp.com udp
US 8.8.8.8:53 rtb.gumgum.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 amazon-tam-match.dotomi.com udp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 sync-amz.ads.yieldmo.com udp
US 8.8.8.8:53 cs-tam.yellowblue.io udp
US 8.8.8.8:53 eb2.3lift.com udp
US 76.223.111.18:443 eb2.3lift.com tcp
DE 162.19.138.83:443 lb.eu-1-id5-sync.com tcp
IE 52.209.21.214:443 cs-tam.yellowblue.io tcp
FR 18.164.52.46:443 s.ad.smaato.net tcp
US 104.18.36.155:443 ssum-sec.casalemedia.com tcp
US 64.202.112.223:443 b1sync.zemanta.com tcp
IE 99.80.191.128:443 rtb.gumgum.com tcp
NL 63.215.202.172:443 amazon-tam-match.dotomi.com tcp
DE 18.158.98.19:443 match.sharethrough.com tcp
IE 54.229.31.146:443 sync-amz.ads.yieldmo.com tcp
GB 87.248.205.1:443 cdn.topsrvimp.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 compass-viewability.deliverimp.com udp
US 8.8.8.8:53 compass-events.deliverimp.com udp
US 8.8.8.8:53 lg3.media.net udp
US 8.8.8.8:53 21.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 89.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 156.98.215.52.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 65.136.107.34.in-addr.arpa udp
US 8.8.8.8:53 118.45.94.3.in-addr.arpa udp
US 8.8.8.8:53 200.228.220.67.in-addr.arpa udp
US 8.8.8.8:53 231.152.243.54.in-addr.arpa udp
US 8.8.8.8:53 150.220.33.3.in-addr.arpa udp
US 8.8.8.8:53 202.168.36.23.in-addr.arpa udp
US 8.8.8.8:53 140.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 190.223.60.23.in-addr.arpa udp
US 8.8.8.8:53 155.226.214.44.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 34.98.64.218:443 u.openx.net tcp
US 44.193.192.49:443 compass-viewability.deliverimp.com tcp
US 3.217.136.69:443 compass-events.deliverimp.com tcp
US 3.217.136.69:443 compass-events.deliverimp.com tcp
US 3.217.136.69:443 compass-events.deliverimp.com tcp
US 3.217.136.69:443 compass-events.deliverimp.com tcp
US 3.217.136.69:443 compass-events.deliverimp.com tcp
US 3.217.136.69:443 compass-events.deliverimp.com tcp
US 8.8.8.8:53 8.38.162.3.in-addr.arpa udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 34.98.64.218:443 u.openx.net tcp
US 44.193.192.49:443 compass-viewability.deliverimp.com tcp
US 44.193.192.49:443 compass-viewability.deliverimp.com tcp
US 44.193.192.49:443 compass-viewability.deliverimp.com tcp
US 8.8.8.8:53 lg3-a.akamaihd.net udp
US 104.18.36.155:443 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
IE 67.220.228.200:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 46.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 172.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 128.191.80.99.in-addr.arpa udp
US 8.8.8.8:53 214.21.209.52.in-addr.arpa udp
US 8.8.8.8:53 146.31.229.54.in-addr.arpa udp
US 8.8.8.8:53 19.98.158.18.in-addr.arpa udp
US 8.8.8.8:53 223.112.202.64.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 49.192.193.44.in-addr.arpa udp
US 8.8.8.8:53 69.136.217.3.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 34.107.136.65:443 xch.media.net udp
GB 142.250.187.226:443 cm.g.doubleclick.net udp
US 2.20.12.104:443 lg3-a.akamaihd.net tcp
IE 67.220.228.200:443 aax-eu.amazon-adsystem.com tcp
IE 67.220.228.200:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 c1.adform.net udp
GB 185.64.191.214:443 image8.pubmatic.com tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 52.46.155.104:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 us-u.openx.net udp
DK 37.157.6.254:443 c1.adform.net tcp
US 8.8.8.8:53 tps.doubleverify.com udp
US 8.8.8.8:53 adx.adform.net udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 apex.go.sonobi.com udp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 35.186.253.211:443 rtb.openx.net tcp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 ap.lijit.com udp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
US 8.8.8.8:53 btlr.sharethrough.com udp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 8.8.8.8:53 ads.yieldmo.com udp
FR 217.182.178.224:443 prg.smartadserver.com tcp
DE 51.89.9.252:443 onetag-sys.com tcp
DE 51.89.9.252:443 onetag-sys.com tcp
DK 37.157.2.229:443 adx.adform.net tcp
NL 145.40.97.67:443 prebid.a-mo.net tcp
US 34.120.63.153:443 prebid.media.net tcp
IE 52.50.194.100:443 ads.yieldmo.com tcp
US 130.211.44.5:443 tps.doubleverify.com tcp
IE 63.33.156.76:443 ap.lijit.com tcp
DE 3.125.188.154:443 btlr.sharethrough.com tcp
DE 3.125.188.154:443 btlr.sharethrough.com tcp
DE 51.89.9.252:443 onetag-sys.com tcp
FR 217.182.178.224:443 prg.smartadserver.com tcp
DK 37.157.2.229:443 adx.adform.net tcp
US 8.8.8.8:53 eu-u.openx.net udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
IE 63.33.156.76:443 ap.lijit.com tcp
IE 52.50.194.100:443 ads.yieldmo.com tcp
DE 51.89.9.252:443 onetag-sys.com udp
US 34.120.63.153:443 prebid.media.net udp
US 35.186.253.211:443 rtb.openx.net udp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev udp
US 54.235.152.162:443 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev tcp
GB 142.250.187.226:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 casale-match.dotomi.com udp
NL 89.207.16.201:443 casale-match.dotomi.com tcp
US 8.8.8.8:53 104.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 214.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 254.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 150.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 211.253.186.35.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 224.178.182.217.in-addr.arpa udp
US 8.8.8.8:53 252.9.89.51.in-addr.arpa udp
US 35.244.159.8:443 eu-u.openx.net udp
US 64.202.112.223:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 67.97.40.145.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 5.44.211.130.in-addr.arpa udp
US 8.8.8.8:53 229.2.157.37.in-addr.arpa udp
US 8.8.8.8:53 76.156.33.63.in-addr.arpa udp
US 8.8.8.8:53 100.194.50.52.in-addr.arpa udp
US 8.8.8.8:53 154.188.125.3.in-addr.arpa udp
US 8.8.8.8:53 8.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 104.155.46.52.in-addr.arpa udp
US 8.8.8.8:53 p.rfihub.com udp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 dmp.adblade.com udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 pulsepoint-match.dotomi.com udp
US 8.8.8.8:53 image6.pubmatic.com udp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 pixel.tapad.com udp
US 34.199.73.116:443 dmp.adblade.com tcp
GB 185.64.190.78:443 image6.pubmatic.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 34.111.113.62:443 pixel.tapad.com tcp
NL 193.0.160.131:443 p.rfihub.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 63.215.202.169:443 pulsepoint-match.dotomi.com tcp
NL 193.0.160.131:443 p.rfihub.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 34.199.73.116:443 dmp.adblade.com tcp
US 8.8.8.8:53 ad.turn.com udp
NL 46.228.164.11:443 ad.turn.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
US 8.8.8.8:53 media.net udp
US 8.8.8.8:53 related.focusedbuzz.com udp
US 8.8.8.8:53 162.152.235.54.in-addr.arpa udp
US 8.8.8.8:53 201.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 62.113.111.34.in-addr.arpa udp
US 8.8.8.8:53 131.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 169.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 116.73.199.34.in-addr.arpa udp
US 8.8.8.8:53 11.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 compass-allbids.deliverimp.com udp
US 35.153.220.166:443 compass-allbids.deliverimp.com tcp
US 8.8.8.8:53 secure.adnxs.com udp
NL 185.89.210.90:443 secure.adnxs.com tcp
US 8.8.8.8:53 166.220.153.35.in-addr.arpa udp
US 8.8.8.8:53 image2.pubmatic.com udp
NL 198.47.127.205:443 image2.pubmatic.com tcp
US 8.8.8.8:53 simage2.pubmatic.com udp
US 8.8.8.8:53 image4.pubmatic.com udp
NL 198.47.127.20:443 image4.pubmatic.com tcp
US 8.8.8.8:53 sync-pm.ads.yieldmo.com udp
US 8.8.8.8:53 um.simpli.fi udp
NL 35.204.74.118:443 um.simpli.fi tcp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 8.8.8.8:53 sync.ipredictive.com udp
US 8.8.8.8:53 match.deepintent.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 54.166.206.131:443 sync.srv.stackadapt.com tcp
IE 54.74.86.51:443 pr-bh.ybp.yahoo.com tcp
US 52.44.76.179:443 sync.ipredictive.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 38.91.45.7:443 match.deepintent.com tcp
FR 217.182.178.229:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 90.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 205.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 20.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 118.74.204.35.in-addr.arpa udp
US 8.8.8.8:53 tpsc-ew1.doubleverify.com udp
US 8.8.8.8:53 track.adform.net udp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
DK 37.157.5.133:443 track.adform.net tcp
US 8.8.8.8:53 ox-rtb-europe-west2.openx.net udp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
US 34.102.143.98:443 ox-rtb-europe-west2.openx.net tcp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 brightcom-d.openx.net udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 sync-tm.everesttech.net udp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 match.prod.bidr.io udp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 151.101.65.108:443 acdn.adnxs.com tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
US 54.166.206.131:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 yieldmo-match.dotomi.com udp
US 8.8.8.8:53 sync-openx.ads.yieldmo.com udp
NL 63.215.202.137:443 yieldmo-match.dotomi.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 131.206.166.54.in-addr.arpa udp
US 8.8.8.8:53 229.178.182.217.in-addr.arpa udp
US 8.8.8.8:53 179.76.44.52.in-addr.arpa udp
US 8.8.8.8:53 7.45.91.38.in-addr.arpa udp
US 8.8.8.8:53 133.5.157.37.in-addr.arpa udp
US 8.8.8.8:53 98.143.102.34.in-addr.arpa udp
US 54.166.206.131:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 cms.quantserve.com udp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 8.8.8.8:53 cr.frontend.weborama.fr udp
US 54.166.206.131:443 sync.srv.stackadapt.com tcp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
US 8.8.8.8:53 mwzeom.zeotap.com udp
US 104.22.51.98:443 mwzeom.zeotap.com tcp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 8.8.8.8:53 51.86.74.54.in-addr.arpa udp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 8.8.8.8:53 sync.targeting.unrulymedia.com udp
US 8.8.8.8:53 pubmatic-match.dotomi.com udp
US 8.8.8.8:53 uipglob.semasio.net udp
US 8.8.8.8:53 pixel.onaudience.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
NL 89.207.16.137:443 pubmatic-match.dotomi.com tcp
FR 141.94.170.77:443 pixel.onaudience.com tcp
DK 77.243.51.121:443 uipglob.semasio.net tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
DE 91.228.74.159:443 cms.quantserve.com tcp
DE 91.228.74.159:443 cms.quantserve.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
DE 91.228.74.159:443 cms.quantserve.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 151.101.66.49:443 sync-tm.everesttech.net tcp
IE 52.212.235.85:443 match.prod.bidr.io tcp
US 8.8.8.8:53 108.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 153.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 137.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 221.129.111.34.in-addr.arpa udp
US 8.8.8.8:53 98.51.22.104.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 137.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 77.170.94.141.in-addr.arpa udp
US 8.8.8.8:53 121.51.243.77.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 159.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 34.111.113.62:443 pixel.tapad.com udp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 52.46.155.104:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 ce.lijit.com udp
US 8.8.8.8:53 live.primis.tech udp
IE 34.253.176.232:443 ce.lijit.com tcp
FR 52.222.201.14:443 live.primis.tech tcp
US 8.8.8.8:53 beacon-ams3.rubiconproject.com udp
NL 69.173.156.130:443 beacon-ams3.rubiconproject.com tcp
US 8.8.8.8:53 49.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 85.235.212.52.in-addr.arpa udp
US 8.8.8.8:53 232.176.253.34.in-addr.arpa udp
US 8.8.8.8:53 14.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 130.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 s1.adform.net udp
DK 37.157.2.250:443 s1.adform.net tcp
US 8.8.8.8:53 250.2.157.37.in-addr.arpa udp
US 8.8.8.8:53 cdn.confiant-integrations.net udp
US 104.18.43.90:443 cdn.confiant-integrations.net tcp
US 8.8.8.8:53 simage4.pubmatic.com udp
US 8.8.8.8:53 cm.adform.net udp
DE 3.125.188.154:443 btlr.sharethrough.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
DK 37.157.3.26:443 cm.adform.net tcp
US 8.8.8.8:53 90.43.18.104.in-addr.arpa udp
US 8.8.8.8:53 26.3.157.37.in-addr.arpa udp
US 8.8.8.8:53 usersync.gumgum.com udp
IE 34.247.233.198:443 usersync.gumgum.com tcp
US 8.8.8.8:53 cs.yellowblue.io udp
US 8.8.8.8:53 dsum.casalemedia.com udp
NL 35.214.199.88:443 rtb.mfadsrvr.com udp
US 35.244.174.68:443 id.rlcdn.com udp
US 8.8.8.8:53 dsp.adfarm1.adition.com udp
US 8.8.8.8:53 t.adx.opera.com udp
US 8.8.8.8:53 ad.mrtnsvr.com udp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
DE 85.114.159.93:443 dsp.adfarm1.adition.com tcp
US 8.8.8.8:53 198.233.247.34.in-addr.arpa udp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
US 104.18.43.90:443 cdn.confiant-integrations.net udp
US 8.8.8.8:53 6.163.102.34.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 93.159.114.85.in-addr.arpa udp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 tr.blismedia.com udp
US 8.8.8.8:53 openx2-match.dotomi.com udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
US 34.96.105.8:443 tr.blismedia.com tcp
US 8.8.8.8:53 8.105.96.34.in-addr.arpa udp
US 8.8.8.8:53 csync.loopme.me udp
US 8.8.8.8:53 ipac.ctnsnet.com udp
US 8.8.8.8:53 d5p.de17a.com udp
NL 35.214.226.31:443 csync.loopme.me tcp
US 35.186.193.173:443 ipac.ctnsnet.com tcp
SE 213.155.156.183:443 d5p.de17a.com tcp
NL 35.214.226.31:443 csync.loopme.me tcp
US 35.186.193.173:443 ipac.ctnsnet.com tcp
SE 213.155.156.183:443 d5p.de17a.com tcp
US 8.8.8.8:53 core.iprom.net udp
US 8.8.8.8:53 cm-supply-web.gammaplatform.com udp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 8.8.8.8:53 cm.adgrx.com udp
US 8.8.8.8:53 green.erne.co udp
US 8.8.8.8:53 a.tribalfusion.com udp
US 8.8.8.8:53 matching.truffle.bid udp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
FR 141.94.240.143:443 green.erne.co tcp
US 104.18.24.173:443 a.tribalfusion.com tcp
IE 52.215.155.11:443 cm.adgrx.com tcp
DE 162.55.120.196:443 matching.truffle.bid tcp
SI 195.5.165.20:443 core.iprom.net tcp
US 8.8.8.8:53 match.adsby.bidtheatre.com udp
US 8.8.8.8:53 173.193.186.35.in-addr.arpa udp
US 8.8.8.8:53 143.240.94.141.in-addr.arpa udp
US 8.8.8.8:53 173.24.18.104.in-addr.arpa udp
US 8.8.8.8:53 11.155.215.52.in-addr.arpa udp
US 8.8.8.8:53 196.120.55.162.in-addr.arpa udp
US 8.8.8.8:53 20.165.5.195.in-addr.arpa udp
US 8.8.8.8:53 31.226.214.35.in-addr.arpa udp
NL 134.122.57.34:443 match.adsby.bidtheatre.com tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
US 35.186.193.173:443 ipac.ctnsnet.com udp
NL 35.214.226.31:443 csync.loopme.me tcp
US 104.18.24.173:443 a.tribalfusion.com udp
SI 195.5.165.20:443 core.iprom.net tcp
US 8.8.8.8:53 pixel-eu.onaudience.com udp
FR 141.94.171.216:443 pixel-eu.onaudience.com tcp
US 8.8.8.8:53 34.57.122.134.in-addr.arpa udp
US 8.8.8.8:53 216.171.94.141.in-addr.arpa udp
US 8.8.8.8:53 s.tribalfusion.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 qsearch-a.akamaihd.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 52.44.76.179:443 sync.ipredictive.com tcp
US 8.8.8.8:53 pm.w55c.net udp
FR 217.182.178.229:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 sync.adotmob.com udp
NL 188.42.63.48:443 dsp-ap.eskimi.com tcp
IE 54.77.130.68:443 pm.w55c.net tcp
US 8.8.8.8:53 sync.teads.tv udp
FR 45.137.176.88:443 sync.adotmob.com tcp
BE 92.123.51.152:443 sync.teads.tv tcp
US 8.8.8.8:53 stx-match.dotomi.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 80.77.87.161:443 cs.admanmedia.com tcp
US 8.8.8.8:53 sync-adform.ads.yieldmo.com udp
US 80.77.87.161:443 cs.admanmedia.com tcp
US 8.8.8.8:53 48.63.42.188.in-addr.arpa udp
US 8.8.8.8:53 68.130.77.54.in-addr.arpa udp
US 8.8.8.8:53 88.176.137.45.in-addr.arpa udp
US 8.8.8.8:53 152.51.123.92.in-addr.arpa udp
NL 23.63.101.177:443 qsearch-a.akamaihd.net tcp
NL 23.63.101.177:443 qsearch-a.akamaihd.net tcp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
US 8.8.8.8:53 177.101.63.23.in-addr.arpa udp
US 34.102.143.98:443 ox-rtb-europe-west2.openx.net udp
US 8.8.8.8:53 protected-by.clarium.io udp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
IE 52.215.149.193:443 protected-by.clarium.io tcp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
US 147.185.221.20:30996 seems-poet.gl.at.ply.gg tcp
US 8.8.8.8:53 193.149.215.52.in-addr.arpa udp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 tg.socdm.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
JP 211.120.53.205:443 tg.socdm.com tcp
JP 211.120.53.205:443 tg.socdm.com tcp
US 8.8.8.8:53 161.87.77.80.in-addr.arpa udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
US 64.202.112.223:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 1x1.a-mo.net udp
DE 18.157.173.136:443 1x1.a-mo.net tcp
US 8.8.8.8:53 136.173.157.18.in-addr.arpa udp
NL 178.250.1.3:443 static.criteo.net tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 8.8.8.8:53 dm-eu.hybrid.ai udp
US 8.8.8.8:53 match.justpremium.com udp
US 8.8.8.8:53 sync.smartadserver.com udp
US 8.8.8.8:53 rtb.adentifi.com udp
US 54.89.40.69:443 rtb.adentifi.com tcp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
US 3.236.169.45:443 sqs.us-east-1.amazonaws.com tcp
NL 81.17.55.172:443 sync.smartadserver.com tcp
NL 37.230.131.16:443 dm-eu.hybrid.ai tcp
DE 3.123.186.242:443 match.justpremium.com tcp
GB 142.250.187.196:443 www.google.com udp
IE 34.247.233.198:443 usersync.gumgum.com tcp
US 8.8.8.8:53 172.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 16.131.230.37.in-addr.arpa udp
US 8.8.8.8:53 242.186.123.3.in-addr.arpa udp
US 8.8.8.8:53 69.40.89.54.in-addr.arpa udp
US 54.166.206.131:443 sync.srv.stackadapt.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
GB 142.250.180.14:443 encrypted-tbn2.gstatic.com udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com udp
US 80.77.87.161:443 cs.admanmedia.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 hbxlp.media.net udp
US 34.160.55.127:443 hbxlp.media.net tcp
US 34.160.55.127:443 hbxlp.media.net tcp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
US 8.8.8.8:53 127.55.160.34.in-addr.arpa udp
NL 185.15.59.240:443 upload.wikimedia.org tcp
US 147.185.221.20:30996 seems-poet.gl.at.ply.gg tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 142.250.180.14:443 encrypted-tbn2.gstatic.com udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com udp
US 147.185.221.20:30996 seems-poet.gl.at.ply.gg tcp
US 8.8.8.8:53 en.wiktionary.org udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 147.185.221.20:30996 seems-poet.gl.at.ply.gg tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 rr5---sn-q4fl6n6r.googlevideo.com udp
US 173.194.140.138:443 rr5---sn-q4fl6n6r.googlevideo.com tcp
US 173.194.140.138:443 rr5---sn-q4fl6n6r.googlevideo.com tcp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 138.140.194.173.in-addr.arpa udp
US 147.185.221.20:30996 seems-poet.gl.at.ply.gg tcp
US 8.8.8.8:53 rr1---sn-q4flrnle.googlevideo.com udp
US 172.217.131.102:443 rr1---sn-q4flrnle.googlevideo.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 102.131.217.172.in-addr.arpa udp
US 8.8.8.8:53 rr1---sn-5hne6n6e.googlevideo.com udp
GB 142.250.200.42:443 content-autofill.googleapis.com udp
IE 209.85.203.84:443 accounts.google.com udp
GB 142.250.187.246:443 i.ytimg.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.74:443 jnn-pa.googleapis.com tcp
GB 142.250.179.238:443 www.youtube.com udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
NL 172.217.132.230:443 rr1---sn-5hne6n6e.googlevideo.com tcp
NL 172.217.132.230:443 rr1---sn-5hne6n6e.googlevideo.com tcp
NL 172.217.132.230:443 rr1---sn-5hne6n6e.googlevideo.com udp
US 74.125.157.136:443 rr3---sn-a5msenes.googlevideo.com udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 230.132.217.172.in-addr.arpa udp
US 8.8.8.8:53 136.157.125.74.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.200.46:443 youtube.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 consent.youtube.com udp
GB 216.58.212.206:443 consent.youtube.com tcp
US 173.194.140.138:443 rr5---sn-q4fl6n6r.googlevideo.com udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 172.217.131.102:443 rr1---sn-q4flrnle.googlevideo.com udp
US 8.8.8.8:53 rr4---sn-q4fl6ns7.googlevideo.com udp
US 173.194.191.137:443 rr4---sn-q4fl6ns7.googlevideo.com udp
US 8.8.8.8:53 137.191.194.173.in-addr.arpa udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 142.250.187.194:443 googleads4.g.doubleclick.net tcp
GB 142.250.200.2:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
GB 142.250.200.2:443 ade.googlesyndication.com tcp
GB 142.250.200.2:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
GB 142.250.200.2:443 ade.googlesyndication.com udp
GB 142.250.200.2:443 ade.googlesyndication.com udp
GB 142.250.200.46:443 youtube.com udp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 147.185.221.20:30996 seems-poet.gl.at.ply.gg tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 147.185.221.20:30996 seems-poet.gl.at.ply.gg tcp
IE 209.85.203.84:443 accounts.google.com udp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com udp

Files

memory/2220-0-0x00007FFE98213000-0x00007FFE98215000-memory.dmp

memory/2220-1-0x0000000000E50000-0x0000000000E8A000-memory.dmp

C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe

MD5 a9aee64b701db5f8cfc3c963872403b4
SHA1 48079f6822d84ea354f301cdb97d2ecb59552e06
SHA256 f46d7ae8973b42a0cb892c6aa8d6a559b4cc1d0c67b1d5df3072c4f7f77b53fb
SHA512 696e745d488841c3b1a55a350d754b69a1d6b0d83fd9eac247229239951b12bfd98d8cbbcbfffd567966495a10950040edd77398702763071f6eeb50f13a3a1e

memory/4880-15-0x00000000009E0000-0x0000000000A06000-memory.dmp

memory/4880-18-0x00007FFE98210000-0x00007FFE98CD1000-memory.dmp

C:\Users\Admin\AppData\Roaming\и.bat

MD5 9885bc1f632421f329efe28818361344
SHA1 9d0838fa885728361703a6e2b36e2aa3603b05ce
SHA256 6a218880f23edb2a809ee20919f355f80ef4a0b545c3d79ffa8c848441eced7a
SHA512 ddb5252457e9e02a91073f58662cd2eb72d670827f5173e8705c9e41d55a4ba4efdab80f24371ff61573d250f7b8463ce05f9cec7c48085dcacd38cd21e65203

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_olddudim.sza.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3204-29-0x000002566B240000-0x000002566B262000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 d85ba6ff808d9e5444a4b369f5bc2730
SHA1 31aa9d96590fff6981b315e0b391b575e4c0804a
SHA256 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA512 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 77d622bb1a5b250869a3238b9bc1402b
SHA1 d47f4003c2554b9dfc4c16f22460b331886b191b
SHA256 f97ff12a8abf4bf88bb6497bd2ac2da12628c8847a8ba5a9026bdbb76507cdfb
SHA512 d6789b5499f23c9035375a102271e17a8a82e57d6f5312fa24242e08a83efdeb8becb7622f55c4cf1b89c7d864b445df11f4d994cf7e2f87a900535bcca12fd9

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 67e8893616f805af2411e2f4a1411b2a
SHA1 39bf1e1a0ddf46ce7c136972120f512d92827dcd
SHA256 ca0dfe104c1bf27f7e01999fcdabc16c6400c3da937c832c26bdbca322381d31
SHA512 164e911a9935e75c8be1a6ec3d31199a16ba2a1064da6c09d771b2a38dd7fddd142301ef55d67d90f306d3a454a1ce7b72e129ea42e44500b9b8c623a8d98b4d

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 a9451a6b9669d49bd90704dff21beb85
SHA1 5f93d2dec01a31e04fc90c28eb1c5ca62c6fff80
SHA256 b2ff191507379930b97a212f869c3774c20b274e8fc9fcc96da5c154fb0e3056
SHA512 06634cb578f6ce8d721e6306004082073fc224b91ceea37ef870df87b12b2d5f59e7d08b20b520787a1d13f3edbbb004197bf70f180f86dd7f401a5ad289ccb5

memory/4880-67-0x00007FFE98210000-0x00007FFE98CD1000-memory.dmp

memory/4880-68-0x00007FFE98210000-0x00007FFE98CD1000-memory.dmp

memory/4880-69-0x00007FFE98210000-0x00007FFE98CD1000-memory.dmp

memory/4880-73-0x0000000001330000-0x000000000133C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 23e6ef5a90e33c22bae14f76f2684f3a
SHA1 77c72b67f257c2dde499789fd62a0dc0503f3f21
SHA256 62d7beeb501a1dcd8ce49a2f96b3346f4a7823c6f5c47dac0e6dc6e486801790
SHA512 23be0240146ba8d857fc8d37d77eb722066065877d1f698f0d3e185fcdae3daf9e1b2580a1db839c1356a45b599996d5acc83fda2af36840d3a8748684df5122

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

\??\pipe\crashpad_5012_ATUYWBKATXVDBESN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 890130ef1a69f01ea3ba07d66b3ef00c
SHA1 1cb1651fe9a8a0abee5e6ed97f4e6371004a7fe9
SHA256 dc4a3c83b03361507a4773f8d24c6fea00a9501f20a80a9f8853c959bb4ea1a2
SHA512 56cbe50834e4238e18b588bb92e21b48bf9ed066315ca7f15c796d80fc75adcf5603b0c40a6a4cc3021b3b7e622057212f5dc6223ace13c886b8fe0edb2b4af1

memory/3692-142-0x00007FFE76310000-0x00007FFE76320000-memory.dmp

memory/3692-145-0x00007FFE76310000-0x00007FFE76320000-memory.dmp

memory/3692-144-0x00007FFE76310000-0x00007FFE76320000-memory.dmp

memory/3692-143-0x00007FFE76310000-0x00007FFE76320000-memory.dmp

memory/3692-146-0x00007FFE76310000-0x00007FFE76320000-memory.dmp

memory/3692-148-0x00007FFE73FD0000-0x00007FFE73FE0000-memory.dmp

memory/3692-150-0x00007FFE73FD0000-0x00007FFE73FE0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Log.tmp

MD5 bd495a118f868f85e95bd81ce9143a09
SHA1 56f0fe9867316bf8dba31050d7dccdcb0212f5b8
SHA256 95c7441cee17d7658d9d74997e97b146db51270c2086a0d38e93a9020f0e7ff7
SHA512 71c7ffb7b1e8a862c43297759212d2d4ce242833d841792295adb73f906dad686d84bf8075aed7948c249342cf5720439429273cad0b9274f2225062fe01c4e0

C:\Users\Admin\AppData\Local\Temp\Log.tmp

MD5 0f1e967a898c3720832db86198a12890
SHA1 e7f0f569e41de29ba8037ccbae58cef6a3bc457c
SHA256 d8491796ca9e5a5d5d2ea6d48bf83c6337b1003de0a7559770e0effb1a22a035
SHA512 d927488aaa48c1ad5d5e3da522971435fcaf0de38b595f7ca5767621cf90ce9ece96d1d3f4123e53b6393b360b56ee35e95ad91cb747392d7047778b896bc6b0

C:\Users\Admin\AppData\Local\Temp\Log.tmp

MD5 fa2abf3a905e096503aba72022cb94e6
SHA1 d69f16ab27c9cb3d4706f2092551ab34ea44c664
SHA256 8137b9d16ec9b8bc36df3aaea0135705632a5c00958823c13e90141b56e193de
SHA512 616617753758aaffe5433860bfb203bc555028d8145d7f6bbe464799187a9ec8de78d3b322704e38f96f5d961d3d50e15b517016e41694fa936c91bfc71f0f2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d999f7aa9b84f0847f95f09a0e295f23
SHA1 041aadbaa82c8a1b5a442a0b500ba128b6940bf2
SHA256 815b91c09c5b17c5310afbf1166e1ec1b050756e83488769ee4bf58c04c21933
SHA512 d2a80053db389a486b92394805f452299cd6240f863dc5b98fca4e591f8bcc91defd35a90fcdacf695d2d337a1a07251b85ca1ddde491d67093318dd57e259ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 28b1af7f29cb418e4dfabf788b77678f
SHA1 039d42b4bd791f0f2b03f1bb6324076c7830b101
SHA256 2eb9c74f67af2d23d6525a044ba82c6e3a9889b67fd5353e8cfbd0662a5fc965
SHA512 6141edebf2b3de236aa2c6ebbefdc3844237d834938103b92aec858d1674ee02471e3c39a3ae769b4d31db02e797914b504bc2f4715e5794cf04051702056d17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b97eb0d6a43341e20b4bcf09508a63aa
SHA1 eddce6a96144fd9892d53974220bde49f8708b1e
SHA256 5d87c3454da02675aee236c16c4ed4301b266340adf296b8fdfffd3e471e5e6e
SHA512 2d356d596dc46450fe1583ca1ceddc1b312003fa0a30bc1a7c2187d7246a1bbdd4694bffc91195a748f4365791e46f914eaefc1124be301650f635634b85d266

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 100b40a08af2671517ec8744ea7d59e2
SHA1 8ee8597b1ad97762db6bb48bca2cf3bcd0568ee9
SHA256 4fdf6a70d283dc61bc398c986d11fea4dee77615eb10ac3f83d19818be6a9091
SHA512 9b69d9922d6cf656a1550564ed02e8baf2fd33f8a993ca4e42c886424efcdf2c7b5d247cbf4f1e9c4bb461de696b3fa7d39616e78ce20ca9614822c9a4985f1d

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\wininit.log

MD5 2ff39f6c7249774be85fd60a8f9a245e
SHA1 684ff36b31aedc1e587c8496c02722c6698c1c4e
SHA256 e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced
SHA512 1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 87c2b09a983584b04a63f3ff44064d64
SHA1 8796d5ef1ad1196309ef582cecef3ab95db27043
SHA256 d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512 df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 2280e0e4c8efa0f5fc1c10980425f5cf
SHA1 1d78ccb26fef7f1bf5bf29de100811e1ac8bda23
SHA256 b9225cb1f0df94ebe87b9eb2ad8c63cf664d2dfdb47aeaff785de6c7ce01aa74
SHA512 b759fcbf578947c0290ab703652df9f37abb1f9f5cf6140acaa8c4d4ee655ee0ee1f9bee9d4fd210d9e12585a51358b52e0e9c0878abf2713e6fd69a496ac624

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 87614c24968c59fa0d4c344f7842c606
SHA1 aa80141b22622be3de46c137a2687490547637ee
SHA256 05b8fa6db15bc27e1d99ee7e40fb01e9bbd0a8f3cbd8ecc6892e0c0577c6ebac
SHA512 bc28555cce156f76b6e35a108df0cc55bd7d1d5f218271ac72527fd974386d9c877bf02e6fb86a0c088c5a10bb3c6229c656e16d71849d45d67ee11c4e0ffd84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 78c1ecc7aeb6f4dd25d75537d0d2c5b1
SHA1 7122289f9e216f4b5590b50dea07393fae8cbfce
SHA256 291a7aa2372370a86c183b489039fa4a38f4de060bd3778614af35d8b128fe7e
SHA512 2c5b1b8f841731e22890b49eed82796da246f9e762a709625f7630710d01f3e564fdc3c58c64bff536f82c1023baa86b0647a76eab3919b5d9eee7467dd9ff63

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 48bb9d7bc7b4eaed20291a78ea1c0adf
SHA1 4a5789579690b2e1fd27fd08089abd140dcb58c2
SHA256 548bcb4f918a525249656acdbc5f042324ad7ff1bf2dea4ef1055189cb8e86c6
SHA512 9717c4ae84d165d0c9aa51da0281d4ecf1b252c49f3b3aefd4e6d898941cdce4fd5bd0cf1e25ddbcc99725ed54b6631e42553f4733aefa9d464a72d7ee34c6d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fd8c389a5e57b719cc0e7acdbbb59eb1
SHA1 f3088dc685f01e7521c046ee7cbcd63ad6197215
SHA256 a7704bc2220630688a70038b17934c13323f60ea611069f1f9741a909c9bdb30
SHA512 bc359450e4773a5e21abbafd61272c3617e46f29062a9aff89052bbf8c4ec2ae4d7d0bfc2f48508610b5a1a551d5bf004d2f214bf976eaaa13e3e9934cca49ee

memory/3692-493-0x00007FFE76310000-0x00007FFE76320000-memory.dmp

memory/3692-494-0x00007FFE76310000-0x00007FFE76320000-memory.dmp

memory/3692-492-0x00007FFE76310000-0x00007FFE76320000-memory.dmp

memory/3692-491-0x00007FFE76310000-0x00007FFE76320000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 683268494e83abfd6f7c3f4faf254102
SHA1 4d6e5ba1bb2ce44070d8ddd87d4c964956d527af
SHA256 10a92ce555ba6a38be96b8d3cea0ca0ef3649fd2d33847c42361b37237ef6818
SHA512 8622cc985d288e30307ed54c2d952bece0c1d365991c3317cb58963dd17b8fa0786f27272865625acf48cdd312a12abe62751a48e55c863015f4959e3ed59c8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0b6d79485854f917172f3c8b932f24c0
SHA1 466dc3e07c441486faaf630bc2d730a4f49fe1c6
SHA256 9149eb19217048dbc6f69e8c75e2a70f6eaca311a12db824886927ccdbe4e0cc
SHA512 7fdb2e4e089e7f4f156c28d9fefc61919cd3fe1f247e39f5d8829c73547df454556c64dc5418d9daee5faaa16b8458bbeaf5bfc153bd85558b7f24357d23469b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cec1cd39525ff3add341def7e430c61b
SHA1 693f1036a8eafaf87a6ac017413ae7e96b4451f6
SHA256 2340631d223c3b33bf9a82f939ec7bbb8f19028fd680ec02d2ab5cf37fe716d7
SHA512 564cd0792919d7ed66ee5f5768f3d1b2381baf598bd8ff56d9f9617b378c6054a35364f4c2a397be314da53f23f059559af8b0418e84b7415571bd5ae6bd519e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b6d5473df8b01d51e05cc773ab9f6f26
SHA1 450e2aa769dda98dfac83af403809c3c2fe6d0eb
SHA256 12fcd1989a88eebda5bde629afc68303b3ea84ad98cd322759947822bbcb07a2
SHA512 d65b8ccba4555081855a3974595a7e644ab54c1ce2f9dae10890a5b58c62ae58bb94de50d3c57abf3a8662cdc15472f701cdfd430bda6efa08a6cc23ddf15d70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 54d266fbe267377931b6381169629cd6
SHA1 1151979dd2cd921f78f133f9d3f0c51237783580
SHA256 dbb7d662c8cc533db764b7fd5ee9055cfa681c3b7c21e5f124243c4eb6a70fdc
SHA512 a9df848841b8922021cee182ffa2fb54abb406c872a43c7f65e0e506c4b528c6a9c59eaa350f8d0d8a01a326e6f0bac1c11d99e14aab4928903345e5c4a67141

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dc5f7d92c0c081547d2244c239c7acc6
SHA1 5b55231f76daf08853e3aab93703f87657603f70
SHA256 2c32ed647de0bfaf3bba985ab08716e4f85216f708d5fd76bf6f97f180181fe9
SHA512 cdda0ea291d319ffb537ddbd482f43dc7630bffcb82e11a6eb9b5ad36091c39605c8d5ddeff5f5267fa94c32bc7cb2d44e2047ce02d2e22defb22f64e116b12a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b7057fda412df004996d27385cecabe6
SHA1 2d170a146e967708ad99ade7c284bb5ee9f87719
SHA256 9dedeb6a8f8c625ab10efcdde93f861faa0afc62d13874c7bf8d00076914932f
SHA512 f0f0a722d335deee930d4384c46249b2f216aa47c19e7262211984bea646bfd2266689bfbeb3d0364b74742c615840d1f9b07c7f18e347775f8661e2cbcdcec2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 486a434e93b48e083674f7dc81bbd4e4
SHA1 f0ba64529b989c55bea8ed08a518841bba9ae630
SHA256 cf77eb5afcc8e4c9d51fa9866b8f0da6b04a45555c0ed1d9e72bd4373e19dfd6
SHA512 7fc3e1d20c699c11c514bdc2c782c2b5c892036a11017229d8671ead8f85080b322a535b3438b9595776dd50374a21362d247693061e7f5fab1327346963bb9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 77326d3861a5121bf1cf9e7064988675
SHA1 f1e77220ed645fa6ded590af1585a3acb73e8a05
SHA256 58605d148c5b7a029ba422564ad4342f733ad8150ce3a9a4ce0f4f363f5658c7
SHA512 ca32ae380a648dc1a9238956538f7a141b2f4370797649b1b5b28832ce5f0151b3328a1805c33c3d9bdce9b4403d4a43ec8225c547000d1956de2908d7ab4da1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 0beb05769a612a828541be24b4ba1cfb
SHA1 2c3a0d7e8c458a4213879390144ee8937c1c0550
SHA256 8598b33045cd2b1edd2c1db6d71eee200897d337b2dd06cc41716288b6f5b48f
SHA512 b64e383a438a460430409bbb5a731ae980631a63541aca44efd98dadd1063882c2a26fcf0d0df2b7f21c5351ead97bca1a5b2171b9bb052d435cb554b1f82e4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6e172d7bd8d4a0ed_0

MD5 5960c5ef169822009fb1d2d42645f011
SHA1 25986ac6063b691eea2f8c25b15c7de157a43191
SHA256 5f2b3af2baf4ec3d9ea8214814cf78bc2dc7e9754693312a7257d16d8f746b43
SHA512 911a6b2f4d42f723fc638c7add2c3107fe1d6ce6811ac572121ff54dbabc69c6d8ecfd6bf20f3c335aa560ccd14e3486c7231848d85f310191c4a4894af27fba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d0e8caaa10047fd8_0

MD5 4e96f18176926c4827939564239dd987
SHA1 f7f239cd739db18ba6338776a221f5f236fd831b
SHA256 dcd172021bcf77e79c6be1dea2cb008af5c8289c0838728068fdd9c9f2b5fd4c
SHA512 928e5e82e1c19099e2cf8cac7cfac6d2c7c3c6e93a10c23b2207d307db9d0ffb1ba4c5f9cb728306d33b24057f6bbcd0317e2f006751da9f22931e4c21772652

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e7b57b0115e1d5a686748802201c796d
SHA1 85a62e6a651cfd3fec6ec1fe7d53710d6f54b076
SHA256 11f1c317f7b75648e010689c7587127dcf01f46c17e028fd224adb09fa330181
SHA512 a81e5db2c8ea9344d8f057c1396bcf81dd726f1e4e881f0a50f8929e5e043eaee421678630dd355be10048ba58db965f3cc33121fd5da241c2da84ac1bb71765

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f86277d667ef7d32cc20cafef25ec6a7
SHA1 c7f7d359cc24d0d0bfd06d6d38fbe1d9c44a33f8
SHA256 d1dc6c7d555e2e254a2ed0b888792526076677f202e7d420de10f9a63f3ddc09
SHA512 adafcf6e6eba3a7806205f5a0e2c25e7b2cfc2459c2fbbf94bf859ae9d9474a19a031f62f577f02c410f4e63adbe8d8e31e609bafcd020fc83be5a202488acd5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0f52f8879caa3fea6ac0f28b3cb9e1f1
SHA1 204e471224a5fdf18c2e9f5b08ab20fac9831f84
SHA256 84377c84b06ab3b5f87b9bcffa32721232f0a1dc04899fbd0bfb45e768366fef
SHA512 7e3dbab96354001d04bf06c92972f2f0c841d7b04612fce13c930836157bb1603ff223af132ba68528ae2b5a20d972c48789ffc1d59c08fc0af65820c0d28feb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 941c582633f455d5628ea6734495a1b9
SHA1 aa7a20ff0575a0210c18fa1379506827536f2bcf
SHA256 ee894ac8cfa016766a9a2f29f57e849957ab6b09afbac798e9c09b122320dd30
SHA512 2b7aa955ca1f8c4c800f3d569727657844d631ed41f12839a2dd1468ecc7bbe508bc3b990264c52a2b0af49afc3ed3d0baea686af1f82386c940ec55c22596d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d588f2ebe7f1661150843dcc57e53168
SHA1 80774b398e54008f6eecfae05b24e91d1b405944
SHA256 fa673cffff7c9bc4ef1d14e14d287eb896c953c9e6ecec87315b074f0b303982
SHA512 426e88a4d12a55dae15d79b38a4ec9d72c241cde9c4e0a1d4ea37906b0af159059b87dc37838261ed25c2248ab6b3cc28da1b76883803954002ecbadd2d1651f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5e607ea824b0b5633376aa72acded69b
SHA1 00190119aa928fecac676f39c4fe1c72521f4596
SHA256 b824bffcc18d5662f7cc8add16b02a07a671f92168d4e20451ca88427fe2edf2
SHA512 82962761bd8b26e218acbe84d7d6cc0c872101cd8f44e20f8f748572f63fb0698498d36eac63f8310166a7c3e5265393f3f9f3ac6e24fc3d7292790cddf17b55

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 56efec68f4c46683af955025cb14dccb
SHA1 52d04b9b30f9ee01661725afdb80efc0a7e567dc
SHA256 fd9c3c7b2282d2d3014eef7a8377fa28a0c993f042b7ef2537920fda5701e536
SHA512 40f5b0ada9ef4ababe8aabf1869dc22b101056d710fa3b32f550d561f45bf040ecc879e2d61913b9828e09233e7479754703b57f29fb7c84bfcdba1b106d5870

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 abb9d86c188694e9b4653db664761a7f
SHA1 2f76cf2fd498204a8e976ecea265fa273cb2efcd
SHA256 2616ee3ec1cf18ee59c3319e9fd7192793b8e8bcabe153a2c838e7e79246342e
SHA512 ea7bc8a75123c23c9a5e2a885103f6de0223dbd4d39adc669f4d43ab3b3118e9f1105c469b7e7c9ce135c47c4e068d698c4a4e8f49838e410f35c4fc6b9bc730

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 3d5c8e1b74df37b7b9e494c0edd218fc
SHA1 97ec95282cf9abb63e5818e2ece014be3bb4d055
SHA256 6a3e37e40182b7cd51f0debb86633a115643da1f7b488acfe37dcb6d88be0c58
SHA512 35d29ecd35c09a6dedcd158569974db485f9cfa88df3c8955899306f4bbaa69e6681b9fae3b00559c06b1b586ddfadf09125c225091c27b018dd043791cbbcd1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 27fb9736d5310f84bd492922191baf1d
SHA1 d37ee71c06ad5eef0fbe101978fb3b4115b86ca1
SHA256 9b99ebf1dcd2097dd301e6e4aa7aa5668a9b6c1675a7c58479f623923a3fad21
SHA512 4290da78c81c2a5de927fe839b6324bc16ec45a0f4704c0d5691e226045331dbfafe1b5a7e01013276012a8322147478fe78850090976536e9f3ffeb72958765

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 27c67486bdbd4fc0500eb66c161abf3c
SHA1 b0cc11e118d0104bd5086c5a9175760132afd1f0
SHA256 8a4af9e527d4b06ee541b90ae418ff58ad4697bbc8a8a887d6c83db0f6dfe240
SHA512 08f2631fb8513f657d471996f2da3aa19edeb64ba71d73bfb0711fd55e7879715f041f88456a5b09035336236756a6f6d7cc792cc7641e47742b2c6fe5efed6b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 3b9990a2e08289c15bef63fdcb7f8c13
SHA1 2296774684ca38953498fb49e9f7028ca6282ca2
SHA256 2ce977df5ab50b4a6e2ea28cbac8d0e582491b65741b291f6baf6e07cb083453
SHA512 90460b5899e4935b59d76318b9ef148bf2bb83dcb5ed8a73bd1ee2c5921024b30280237035887daf4e21c6198fd56c4a1e0a013070e78b496bde095829570462

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 23b507b296900a860aa7bf6c273457db
SHA1 93b845259bbe226e8b283c942881fd0ca80f34b6
SHA256 dc84dbe36ea60a7d56d3144846d451c4c5aeaac46ec72a1bf63a682200a63e05
SHA512 80de15db295ee779376875e61e13c3f90233d51c8138f82d85536fda06d91e6876f6c1ab541127c9b83458dbc43d27182a87aee9d0bd16b27adaa4443dd34596

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bd9b72e001fce0fc77bb5cef412ecf28
SHA1 ace25cbf3afa32e6703eeb3c60c9edfb8bf9b06d
SHA256 5e2f6dff06a0cf33df9084cbc025e5f921f8639b645cff805d677125a0baa096
SHA512 d00366b2bd8535ea642440cf9cae762c9eab78274124d1c54da21e06d1c08d7a98c9e52ed2a0dd251e3afb1f952e94333cb824faa9f0f245b2136e1f6c903ecf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a1cff2a10851637e65e11244f7759f45
SHA1 be7e6d12abfc89357af994a454f57f8f873499d2
SHA256 920578f474a49038563e90da90696d20e250d202305217b1fb3c5f6cdc0ff871
SHA512 c06409d17f76e8025a0148c70b9b5b058e0a7619cfc68e964f8052fc1cd900b5fd7bcef84d4d83f3adf6dce4a6eb97cd413a32e7858e1eb5b543e90a508f52d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 14bd26ac2bdeb9a27b0862dee5774bdd
SHA1 e240ff1d9612a024b490232cf4292075c7e23bf4
SHA256 a032cfa165871e771c51dc5288493cb5278bd7c35ddb2f2f099070f3b5fb4edb
SHA512 110d518d436124ae0f9ed067d8a563917df6da405e46371f23ea9a0316b8d251932cae2fab0001e1b9203446320f5908c68a531b9e142e78123eccf469717d24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5b0135.TMP

MD5 e378b6f12e2702dbf1bdf1ac334306d5
SHA1 71bc0324730f98eba2c78ec317d6736588461040
SHA256 6bf4fb7488334fda3341be4b4bba33ef6cb68386307be9bf96dfd68fefad490e
SHA512 ec169dd09e3c0626561ed9f7840d2583cb5d1e183a7d79f3637dbb6450835524b5213c241dc2c4b8b26bbd8fabca661245819f697cff269dd93b85f1975f76f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 060bbdf0803931ce0893d44a6298e4ab
SHA1 33e5a943eb1fda9fe4a51bc3c5b0177151c257d4
SHA256 bfb6c6c22280feb5fbbbee9c5bcbf0363045787716afb1bfb7f5eb5a67c15d87
SHA512 80705adbef5b15963814cf96292411d0b071cf167fcaf7f46b34efa21e1ebe225f869b4087e543a44739ad3c9d78f225edfa1724680ade59eb9bf109cab55648

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a50a1173434f5920209059361905354f
SHA1 522cb8ea6caedc40bf920af00c39cb45927b5bb8
SHA256 804b3362a6976fc6ba81e1cc57dc567028f89ffc09621bf1098ecaa3eee10d90
SHA512 827e133036f444aac550c5eb44055c604d132adc44f2da4443f04bdce178063452e058a2e4c2eacd049d429c7bf1789abd47310b72a51833fabeb33b2ac88dd6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 584cf3eb1784073232fb4b462ed2e59c
SHA1 8c334bc3e3a187dac9d1f5a48963919a583908b6
SHA256 85358318bb2a0d9ebc6a8f14ec4b69869d7b249f7bf282b4d2cbea0e2c044ff5
SHA512 319c0d73cc052b072fbbc26ad0a8dbe3e427eb9da061aebd4ed788bb07c0efe36e2d60560430c35db39756b7362c14a40956b3971789e1a4ce5a4165de82955b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7d510aa2c4ba2cf80ca8501a9ea65507
SHA1 fc91dbdfc972e3a1f68fd9d61b2ab904d3dde443
SHA256 a5954c2d31ab74d1aee4eb2c6e33491895c0f2198f4fc4c212e0b81767784025
SHA512 698b00dd49e27c50a09d043e1defa9bcc7e4aca13307604058f86e0cd9c26680e9bf72f9c7ba194e329b7b71a59dd20ef4602166fd25f8edb9c952af583b7b1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ffe7ef11a316ffbb8650d479c95e74b8
SHA1 204aef45d0ea79c33361a956971a1cb9715036c3
SHA256 f0d946fb911d659fdf2df43dff10ad26c826eb40f752d732dd5f753a1c4ebd1e
SHA512 cd9f5c837750d3721fe78c1c5f098ec3a5cb8af28b8f0c74e31d7569763d14212ca83b71f1e1666f506586619c7bcb24014a3d3c8b357c1aeb6cf89237e6ede4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 906d03524f57902547ec3826579d9bc2
SHA1 12b35e71c1b9b66568e564c71b7af159d87502b9
SHA256 53b2842c3e1d84ad87e149d1135729c025cee550d5f0ff7c8bd717bf5c08304c
SHA512 13822365fed61c8e1800d76a23bc8d03757870d1b3505d31e4de3a87bb98b59e6c79763af3a4f1120a641c7bd6b54bc19d0d6cb0730046deef89e92f8e6283fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 a4df08ac1e362763f10329f5ee32a559
SHA1 09aa01cc0f28037ea76f040bc12998764c391950
SHA256 a6ec36fc20153bbe72cb84989fdba2a428d8edcff9279c1ec7d9d3db9d482ceb
SHA512 ad9a3e84fa4258952d1ac05a105393f5baadc7c20043915f6c3488d9ecacbd12f44080a19a0d7cd0289e3df108f54b2561ef1f12ff2d2bf34c4b0e7e649666ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ae33d663908dbef1d939309185de9ff4
SHA1 9f84e2351816487f8ab5ac51c74e8c91cd23beeb
SHA256 586ad0a8e587dcce61e825f7c3978f46121ad6d56ea02b55028398629c02f5fa
SHA512 e11d60f6b19ab9fd0fb0fce28be880678c0ef9b5008c14d64cab083d6adcb141c1b8f0dde66e9a4cc12e2186233851b86d71e7cee79b3ef74e6a819f1bfe65f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 1d5f57b36984d3bc13513937212f7c85
SHA1 6962d480bc6216080b90505c9f25c8a3ed4c8df0
SHA256 7c5544c2101aa4a9ab3bd0ed98d6d1126457f802c8073333d2e7fb7be273dc30
SHA512 dcb01342a2eb9ff3ed03a23b7e0914ccb626e1136c2a24dc4e8144cd785c90acdbffc877408a922519055f0a375b4a31172e3120744de656d55dcd83b84a4f4a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 76cfb34dff96d3a83e5bacfc25ff6bdc
SHA1 e008c6ebbfce2199b35436c408336998be4c9ee0
SHA256 5fdc6d62dfa27a1349b0ba261524e5d783150e67879bfe7f68b1ce8cd6950d56
SHA512 4689032c023de27456f60a8cca79d01c5bed94156e472d78db97630d9ebb3d0c6c969fe0740938838194175cdf542d7df8e0299c8dfb7462aa5cf014bc02b79d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\38505160d1c64aa9_0

MD5 206d3cbf8c445eecaecbd3d576b08af2
SHA1 69256df9a55e885ce495a310e3cf5b4c04ff1e10
SHA256 ea1283b7702348d1fd7e1de8ad3ad6fed34a0c01d844cfabb358ac8f2c7ac51b
SHA512 7bd42b4fc51b1878faa359a381b80028ea6dc623445ab76fbad984efe3a99218f758141879971401ffa1f7dac0290845a0c93705919d69ff3bd7a4d34ca07d9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d43be996bab16a06_0

MD5 a4f03d3e8152a78d1ae27883605a8a81
SHA1 80811a64fbcfaae3db216a4edb56a25d896dda4e
SHA256 2bbea8a4374be57cc7dbd15cae601a444e8d881dbf06b46a0f49741b4972bc48
SHA512 02ef3ed053e7b62fc6acf97c3732f578831cfa5571ee40108ce8d11a9dd83f3a0d173557d1ad09c05eccb9587b2ea47aefbf456b15eca5d7992a89265dfc7ccc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f4f1cabae3bd0871a33c4db2e0a160eb
SHA1 1e0eaad1053487447a944156faf493f6ea04418a
SHA256 b884eaa553a5ca214ae7762fe540e41f643e3ff9047ada53c49970e6b6a04b7a
SHA512 30f2080a73611a6cd5347b809dd527e89908d89a44ad7443f1d38626770fe52828b2f0acd9ac7ef1bf9df122cf5b282da6b1aa71a3e8479d02f5a91d67468ea3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ffc4ebc441981d51be44fb73477fee6f
SHA1 b0fe3b1e7356e0d3d1fa73e69fd64eb8d069bf67
SHA256 04f6bbcc46ecd8e2acd8e1cab292bb1a85c1fca87e718f4464844ff74c81e1c4
SHA512 7c2e265d8688ed4822f0cdc675a19485b527dc045858f81149f0e6033c900c9b8c5627aff4c82ed197aa4779268558d9afb574ffa8bd5470a473ea15b3da69c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 232d6cf8cfc71630f0a82a85e5f15ee4
SHA1 ae0427356fe60095f5387e66b2575b59e10f1e6c
SHA256 9a6d3c0758ed3458691c45eda9c48b025b960484f7e08770581312e4b447af67
SHA512 5450688abb053f608d578528e2a3f1f32d2cf649c55a53ad3e4f1fd5012e904ecad4f77f51cec9b0483d26419d4b33af26deb60daa2d94e4676768fd300f5e98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e20f0ad4a9a8d503_0

MD5 65a9a32df18397c171bb25e1dd6db8b4
SHA1 d73c644cb37b3175b3f00768098e8de1eee8b8a0
SHA256 4b048054afcb722e7e17657baefb606636c867c1187e47a9fe055870d16df236
SHA512 86cef2d8452b99055f737cefb0ee2a87bc08af38d6abf6f219cd0ce8c35f49d8f76d80780a394fb7885d891e20367c723f725f538682c5fe54d1ad3348c37c2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4a8255feed4a8c07_0

MD5 f76713864abf8e4e2ba4eefbde61d299
SHA1 b351c52f0d882fc619baa8d7fa31d01fa75c4306
SHA256 3941f8c24340e3d8e15dd054254d857498bf43aabf73f2aea0111822fdb340eb
SHA512 1dbd15209041b36ad2e2bc495884891ffa516712627c7d9e810b232c3c5e9dae6b323b20203fa01ba8005442689da13f77669e86bbc9a1aa91455aa9b822a74a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4cb68ac472ad03ebc2e718690f627f9b
SHA1 438b968b354bd284e900ba1a0a9bb2b139c564f5
SHA256 eee9380028893734b388513e03abe3924f8de4b56559d3809358ac20a0db705b
SHA512 785b7a0b1c39ec12cceea04169d3209d9b4566f7f0e944c23f1c989f5002d014379fd80609baf063e8fbee2c856145faf06a1329fed20ed6d1f06ad79ae3414d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 571e092a83f8acafa319e1ebe0fc34a6
SHA1 37ebca482f39de0bfc2507e5284cffbd7bc314fb
SHA256 5f70b1ab2fdaa42c95805f28fed660fd7e8be568e7da12104c87a035362073c1
SHA512 4d8fe2fa4f41b6b0de3d8ed492242f3654db773190921ae01072ef4599630f933320b0ced53dd869239be67d3f31b428115e727350f97bef2b9b79512442319b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 457f581d7a63de0395a5054a1329408a
SHA1 5d5cd0e482b06d58b2ec8976d745e1b16a56ec0e
SHA256 62ac4eeff059a591121ffd88d0b7194432f789f84458406fe2c62ff00bc167b5
SHA512 c7adfeb674ae2185fd9a9d838847fec9518e5d260df5bc9eb6690203740c2521c771871487e7e2daa9b78c31953d521dcfb8a2080535f85c33f8c40f59218a08

C:\Users\Admin\AppData\Local\Temp\Log.tmp

MD5 77fed057f0c0b96fbe57883b4c30a672
SHA1 700c38eac498aacf9eb7f0fe4bc2c3b64d5cccf6
SHA256 d54d7955879fc6d8c84ab0a8f7fb7925b4dcf990560458fe7ec20bc4aabeb210
SHA512 17b395b7c3b3d65eede72386e31a297be8b04d0ecf832eadfc649efc4e12555a53f7c97d3edb87c19d10f5c5ec59827523b4350d847a464ed1b193470582de0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 c7273ffa15aaf96b86ac0ef2ec214537
SHA1 a122a8c149a75cb6c2dbf8ba72d148204997c80c
SHA256 9bf1bb91f7559ce4d6fb12e8a86ba8b3c269fd264b7df3b4c5ada38aff52ecbb
SHA512 187ca7114dd8e3d1810316b6bc4c65d8aa41a2d5413f60cbad63f4b04bf7b7fb90a3c5b91515cb100f4ed6f07af803d753f356f77d810424b14f85a034f778e6

C:\Users\Admin\AppData\Local\Temp\Log.tmp

MD5 bbf7eabc9f8f5a3f7605a527488389cf
SHA1 6c38df9cf41776ede8df6e34d2c7b3e1b8d8b227
SHA256 15ac99c30d1d2628cfbab8e969e124817f618cd300745ed470cd2df5a94f5fad
SHA512 46f97ca5b1f7955d0e5a22dfcccf2414173936bc988c99b4599658dfeb318b4e00b879a99ae53548f4f6f164310b0df5b71f0b3ef3ffa78239da1ad658aaaff2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a1defe264b22c61d1130219fffe1dc69
SHA1 1e89de59d2ecb578bf8c45103ac6fd26e7a15002
SHA256 640e4b49486bfd9cf42e2823b6079a84b46b51349d18f81bf15dc287dc144a0d
SHA512 ee7fab39a5ba3cc9bcf96d391e8fe200f8152209fe54271f28ed4c89ae562e4fb3541a0bf2bcf4260b603100aa234b82df547c8d28211a559466f1ae72421c17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4b025181b85f97d5_0

MD5 19454c3a2824790533f2491bfea14a1e
SHA1 c3bef0070e0a0d48b69a7d7c8cce255432b35f82
SHA256 be8611a592627c33e2aed2fb43f2ee133fb0c9218fd5673dd9681ae720188323
SHA512 778763ee6198cbfc83db3cd9dd46e2c3734e609390c36e2b118b2b1a46ec7b333fdc644f3a892c5f6a0d848eff2e5e69ab5f35695829f93393c840652ee2f755

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 07c9001a860c0b153161a89d31df36d1
SHA1 ba31d23c171c9af33b0315615c43e5315763dab9
SHA256 fa7889d935890cbfc2bc44345eb2df9cd6c5ba6dea68b0c1960e8ee20abc727e
SHA512 9acd122f02ff51c8cc3ebf3102bec297e4dd907d7175070f4f751aabe88ccac5ba86f96603d86dd2cd2b26bd696d689ce19711e9b1c80981584d69931a14ff14

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5ffb97a64f4a5453_0

MD5 03acbb6935df17a2f87b6f5ededb5d3d
SHA1 c4761c1533d1179e2a701825a29eeb336d363572
SHA256 3912c93df914ceb189874a4f3c9be08eba4d8ae36e6630831949b2ac3a735a12
SHA512 cb212c4a7c0e877194081d1325ff15a5850f44c590ba315ca3c86729fd6e604fab8515ed1384bcb00baa4f4f6e49d4577ad08d7f7dbbcaf02b97318451ed161d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000051

MD5 55aee9d5b84d725b801f3ab1fb7d7132
SHA1 66377e4fa6f6a545df9c10122258ed39fa28c326
SHA256 803b1a938f60762cc79dd904f5d284ba0148de931e72edc11cc15cfcf617f64a
SHA512 3e870fdd8ca12b8487d1570fb0754be3e3d9ded60b519724ba0e6b998b0a24b195dd52f7371a946217166ae85e24d291284f8c7e4ed15bd57f679a9014e8729c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052

MD5 30d982e828b5c524980da42245ee9e90
SHA1 7364e3f1f7ed95e2d772ec151b49b73e4972fee6
SHA256 c41244b589eae8e53d412f7da31782c1b6389dbef2d422a58971e5f32346adb0
SHA512 c40ad603cfae96e89e4b852dc29a0ddd8f8bd259c2b7acb4fdc2d9100d039a05b6624d533851a375267e8d4bc55aed0b079651129477bcba4b32cedbfe901100

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053

MD5 2078cecf6e1cb55e505651668169fa0d
SHA1 eec7020c2cb9b6b68eabb5852b1c629a5517ad81
SHA256 cfe71823765aa71a9674c6ea411b1660f9851e074ff2fd5f90bade6abaa38d6c
SHA512 ab1da5da4f443e32f26e507fd3190e30ff63c6f4a454d68eeb2fbcb9b1a9bf61ef3f80ba1ae881291387b0fa420a185880527a2bcc61c564337b4486cccc90e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000054

MD5 b05a4b509bc2599903f3ca63bcbc8ebc
SHA1 5709e2014ab82f8a6d460bfb8b3fc5d6488c4889
SHA256 9dd2fd33862e07b7f3024f97c2ed1fcc0607b44f6d4eee94966ab09d5ed6a68a
SHA512 7bfa3f4fdcdc1159176c9b40010c8122bfa8125f0519f77934bd12fbf26a984f5e5f7317ac8a3b4d8ed337e31acdd6a95e107338069b29be1bedffaa4410a4d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4cb5ec98570e8287b98fd9916a6152f0
SHA1 c050e01e8a7d896b542c248acd4d63e04886afa7
SHA256 2ec94e9c2658c60caf446190feb8439807c561a042f592c065a9e34908491c84
SHA512 cabac9a4205a2e319ec7958ac407177c0c6ba5a55674ddb9a5553b9fe8aea78664d27007d722c8683f0efec845aeb5012800fd385998e5dc7c17a1eff95763d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 49814dc665ec4f0645ff1a3d4311d7e2
SHA1 03b1642442230335cdb17f5e7b1fb510b1cd402f
SHA256 585f881297e8b3f639ebe8544e007d4748141718caa540521bed826ce13450d4
SHA512 3bbbc89bc19869d9ab71fcce93602374f6a11128c9b99182d6d5372eebf026dbdedb2f83dd24d0093b11ad603c6732cd0e95dc0fe5e94a989d388baa2c77e7e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000067

MD5 8d3f9a60d4d791a547847ad7124d2bf7
SHA1 9821661901c8a986d290a6a040c376d451bc7cdc
SHA256 022eaf9a2628babc05dd75114c9df49cc700092522a43242eb1ad8068f3b7b3e
SHA512 0df52bb967829ae833dee0527d51eb5beb032dc13fe2b409d0b39ea4e728fe5ebafb8f0535d03802596a116a08a81914564a6e74c02dbfffdd49903155766dcd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d21eab4cf1b8f65cddea19f1b56855c3
SHA1 7a78c4eefd6ddac239e721e0f8d27df13ec1005a
SHA256 12e5229d0953ea5402d031cb0e2c86cf10ddb82e62afb091f42ac870e8aeb5c6
SHA512 52b92337a8c64f118149b0e034309d4e72796ce950ea1efe310708f0043bc1a588891265091ba204cccde20200f89795c64a0cff42f863c5e7bb96f487540c6b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 b8a83fa136c3ce58fdea659dce391b75
SHA1 7d9e52177466cc4966eb3c33f9b0469cb2e49e7e
SHA256 d94a376e4ecca8cf54288ed9981fef9ead70acf284f91e314de1a4eb95cbded2
SHA512 e42ee389f8c5a95476e5dc1e44e2fce7d8ed10d70f7b0c86a2e872ffb728bb2d78b473834f1d161da0947e217394dd1224192a2303532775ec435d12b3e42ac6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 db496434c5bd3096aefb898fa4b03312
SHA1 331f25659b059cbaac4e72a5858089134b18f3d1
SHA256 a07927933d92884e75ebc96de7a8d1b76d98f2163c4caf769fe2ac3b2f18505d
SHA512 2481077c679bcd07106b74474d7c1b47bad6064e3fa922cfdc22f9d10a015ccabb027cc0243f957ec9e05f0ef6c65f2a43464a31d363ad2b5f6391ad898c8820

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4d26a1e995af2cc61bffa703b6d07cf8
SHA1 c857ee05559f3bfca59659d55881b7457c177424
SHA256 f29d15b786783d256b16ac93845f053664e7d34c7f84d82ba0926a7d414c1cd8
SHA512 cc2a49316b5e63cf75fb567d652e0088d0a933f3a52d51872db734044ae2bdccb4310871a79774038b8c37bf19427f4b0a14037d63de6dd945f068976a3303a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c3f0698bdabacb4b8f8b49f0883b7fe5
SHA1 82ec82b598991ae0df8631273b337822a761f4d5
SHA256 3aa5c61a7b09f8f120a4d4fa90d6b77a0b583a79d494c73f70c4d6f9519f4019
SHA512 e6b90a84450845be3db935e6c192973b4161b92f4f6f9076484f54e9db514f71ff0fa95fa6fa68de6ab8bcf25ed144e4ba76dd075894537f86feb16dac8da070

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8fb648deaa7985612dd13476c3f19295
SHA1 21a60ff403221b7a4d9d4285b924ed613d73476a
SHA256 70ab5cd30bcee83600103ff1b5784956e32bbedec778cf2b66815a8e55954158
SHA512 48ff77ece6257f90f1f91ab0ec62b08be0b33134635a0b456efb46c9b24301f7267549ed349ba196fb568ff49a2c130447dc44f4bd0721a633bcc0049d188776

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 35b58a1ada14bb05cc1f6ee8219d9554
SHA1 557be6622c4672bc2484c3d7a6f0ea6c63ee8cb0
SHA256 410659c9fc44e27881d04c7848e48a7323ab5fa170db18dfd778690faf780c20
SHA512 d9a1fa98109148c306288627f360aa05172a921129826b05a6179e422997f50059294f3e4c3d26c35162c54e807c7ea917517a3f828094d40a19990eed6b5856

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fd5b1d1ae743ee3c4ad2ceb6674507a2
SHA1 ed91bb9a2c562fcb3d1d4262790ef90d1e9300d8
SHA256 53c91bf17cba981cc1ed6699c3f1ec18758f1deea4bc9bf1d70f459498428ec7
SHA512 2450ebf757fa07430d24701cb175d250b17055e220a42c8e52a474acc83f1a0faa848a8274da278132b3cfb541a8d52b501fa06d79dccd73302e6de5dfe7f6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 60b9f4021d23387173ab0a7e11da5e61
SHA1 1cfffb45cbef5053020fef150c8770cd62f70f76
SHA256 0bc84f122f116e78c10c1bbc84d427394667737baa2ae55b8db39df1592fc089
SHA512 87c6bbe36e38c00e0b986f8d99171008a833abae178760155a48cff5023ce8f9404e0b0269b0f6a2b4b915ba7bbe50243024929e9ede3b138e0c4c031229ebc7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 09396057a60556fccacffc96ef943cab
SHA1 a136653c701c0235331512a15bfb8ce0776a03bd
SHA256 b58b620335990b277a1c88f7c0c56d004b2b6ee6d0c2d43fbff30d72feac88a8
SHA512 bfa34defa403a46ef587e1b1a41464b733e84d23ccfb78044624fcd50409b49f11daebe79295f6cc824d018aeef79de1d76b03ec1848c96216da884db2b54847

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 53a9e69bc1ca4a3cdb503a4a8b71750a
SHA1 cf99a969878b51b431cdd7c21b7413fb13ae6456
SHA256 4d3190639e3fd4d846c3ee23bcc66d3f95a9dcfec4f84e15bd1b66174618e705
SHA512 fcf38534600d36c4c044b2ec09cd16c88cd1feb88fbfa08845f0fddb9cbf4e54646421e5216db27b1d0f836090da415c0bcd4bf324bb3d3ea65d9055390e6c11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 36e4cbc436defe42fbd7009ff2c19dfb
SHA1 961248a0f7c293d7303c09cab8d4c1c020554c0f
SHA256 ed0102a046721823a127d73349a03f2b2bc3a1757d3c177da7ba4ec43d125d9d
SHA512 409fb2e8b4075d7093671e1acdb1b03743ffb2c73181f057879147c567542d0ea79fdb8e1a60081a93cf71ee0307f992c7d513497b09fe1ab10e845de987a532

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\69355178d22832fb_0

MD5 a9c3c999529114fa83bb5adcb4c526d0
SHA1 0d9cca24c359fdfa5980b9eae4cbd7f882d903df
SHA256 5e67ba32b7b26e9f3afe7f4cbf34ad3dfa81b3d136abc7e643a0ef369f67887f
SHA512 805eb3476d89b47f7cb7fe4c88357d5bc94af3c0be80aaa3d1534fbf001bed047127948ec191c8989efb1c51aea037aa7fbb812a34b4117eaa40bff98138ec3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 30c65b53d387687fb570bb3a470a95df
SHA1 64271bb1469772e42bef296909f4c901aa022558
SHA256 04f7949c0136062409d72a74fcb0ddbd2eaf8a245ab09574e74bd8af5b33b6ef
SHA512 4d15047a4ec14b13ec06d54793c3d64a40322b9fee9133d11bca5476a1a6a75ed144e1d59a3891f9959050a8a76308c9159eded59529a3132b563b7a0258b740

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 768d1349f59322e384d35835e45b7a72
SHA1 0b21d84ae9d8fe2e1085c895ca8f4bb691c16b09
SHA256 b423c7bbf51b922383ef7d559d035b4a9d20eee91710008c16f1070abdfb7e06
SHA512 b97ef3593aee9756d4c930a6acc63aa797cce305ef225d7a45af4cda2346a04b378610988711139d85673d0dfbac5c155fb44a07a53c34a1d1a83d0ef93ec621

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bc7706ec112bb61fdfe628300ddc3192
SHA1 3830f0efb735497b2903664e87158e5e53ef30b0
SHA256 6b419ae77e6e07ca4b3787c52a8ca6f9d6e4821516d0636cbb3c42a7e42173cf
SHA512 5794f072b218af1f65cd9b6ddb90582517fafd587aef3a2c7964883f1da07020580a3d87b998c70fa22d7adea987a954a0cba6a6e3edb995868893ede331936e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b521fd1f66623896ca9efebc74b3f064
SHA1 b4b3e5aa6c48c3a3dd63f9951ab1a730c26cf346
SHA256 d907b33f4a6c6f568abea7b286db26da127ea676a7bd6de0e74239da0159ff95
SHA512 b15502f9a3aeedd7a2aa86ee3db3ac66cadaf4cc54bf4d5e035581c0236de63f4bf2f80ca6b6def3c380c231efeedadda0f3913136ad249891c092d094800bdc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ab

MD5 fa6dec603465492da16070c7ea3d2907
SHA1 cf8876a90b539111aeffd408d15029f5239bd54b
SHA256 149bc49a69f6f50402b10c044d51d1925ae3666c0188f33a0a8de1eff903084a
SHA512 a513ffe85a6a881afee809f1c40e546cd44ba0dceb9e8e72af62b69a366613f65d8be4d40019783a7c7f19d8a8579340021cfd29d21c2fd57a4f9825162942b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a65ac9bba05da1e2746f11d4e3bab462
SHA1 5a24a33b1594239dff57e0fd47ee28bf5a127204
SHA256 37634140bf599c22446786144dce3f4bd4e8bbf7eda3b0ffed6aa825f1ce1bd3
SHA512 ea51fc936d94200325af4a8fd3c3061a65a4e0859f6a7e473ba258fdb8fad614541fff709e370991d22f44632df2e8281a6d96d1177abe3cee88ff6ca12459e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ac

MD5 7820201f0db0c706a0ea5bb7ce018ef2
SHA1 6d116650afbb3b25bfd6226c7d5ee00dd1fe4515
SHA256 04f262a5cce0399379de17e5635f1e1acaf4371afe981edaaf792625a682c44a
SHA512 bfecb88d8852c413525e1e1bdb3eb69c97a10e4ff67ae3ca5eb97fff5a2ee369a1b80a0d314440a375d0f9e950e0e970a6de6afed09062d8523ca28ac878946f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b1

MD5 89a574ff00e6b0ec61d995d059ce6e65
SHA1 aea09e96808ab77165ffa712eaa58b8f056d0bb6
SHA256 e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44
SHA512 30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000be

MD5 6fb26b39d8dcf2f09ef8aebb8a5ffe23
SHA1 578cac24c947a6d24bc05a6aa305756dd70e9ac3
SHA256 774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059
SHA512 c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a4

MD5 6169398735e663f3649d639e8400e9f4
SHA1 c375d467303025ede026085a9653e19822d4236b
SHA256 e481a6256086e84d612a7fe1fd4efc3abd2a7e544d9e81c84bce59ab8f677bc6
SHA512 26dc270bb0c7834862735c48be3b6c45e7357f6c7329ef7c72044f047d9be1bffba91d895d4462066c3b6e8bddf8a58aa36d090347a9254e7b3dd91d9c5ee597

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b7

MD5 a1a1f839449fef1babb91fd2ff6ba047
SHA1 4e470637f1a55a3e420363fafab8fe2619237d9b
SHA256 2f2448feedd5d31841f03c23a06979e24c730c2520a2122b3de9546e54023f6a
SHA512 97d1850c8a099c517278e2ec430cb44e543eeaf9edc121c356b3e83d3ddd7442b5bf5e252cf2de0b3abb88438d034d1ec95475c29d0fb039d95edca59e113640

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6d3868555d7a7dbe18580dd35fda6fc2
SHA1 3aa50aade278d1ad390ca8bfae0264d547cad777
SHA256 6257aac9b7c0c2a1cb965fddf056ae957b639490c70624cee7f8ea2fb6f6688a
SHA512 900418ec8d4295cb08a222d288f76384e7f53cac29d0a7715317ba082adde12dbe4ee6b0253a3b652ce19b9d3fd9993b5f9774dd1db7feb0150c8c64aacbb5af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9f726c0926c3b209_0

MD5 2eb52199e4e636059dc7d9de623850bd
SHA1 27aa906a48730ada3451475d7839c511582943db
SHA256 ad452276efdd4759093d702be6b633d16f2d4ad613d6cd62b3f1f8ca75cd863c
SHA512 20af47539aedaa8ca5c13a7e694eaba94e37d111ab081650906044be0e4fbc2f7c6a26cd1f1191b5079fb7a38c22121367d4775c5cc33c602429bd6582c56d41

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a5660e8242e76d05_0

MD5 fcb6dad6a4ab1ef868f47784e4a11f97
SHA1 004cc7080894d7946987efe1c94d798f4e0246af
SHA256 6e9b2b23e246ea74ddde270aa2302d5d28cdfd1d1a5730e0922f92454a0e63c9
SHA512 675b14384fa1ab978ff7e8ed09ba998740cc9ab4094b23385ce54f16211a412bde0bf298986a377462839c0bc0c37f54ec2cc4c2f426ff265e543a2b011d3069

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a8

MD5 06f6cadeb72f21fea2b6baafa80a7d3f
SHA1 6e702f40092ff9bb667015a5afa8d202c64fa107
SHA256 3930cb4778d56b24816847402cae4926ee8cd9a4a413d7113960f10f9731266c
SHA512 b68d09fcd7fbbac65983a0709fb570973837552c3e2579a2c1fb3ab3f2bcf4d58a60912a13a686806ddbd0dcea989905c547c3771f0efd239b0143f95e3df489

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\876e0ca6c7de4562_0

MD5 6763e131e788b94aff24d23ba3396a83
SHA1 e972f878379afdd434fc9219a209b5dfef44a9c6
SHA256 8f59428e0bcaaa6c87b319c18c7d894ec56d7ca49f19640edf2f1612e0796f7b
SHA512 da17255cb6a44f0e0b871ed7d01fe91d8e748091bfc801a6f709dd57b2bf4056531f9696188e5b21de0fb08789b1a1332f4e98fed9105651502817d6628a3d14

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\eacf11734247635b_0

MD5 f42b64e47d3629816f7a0f3c17d6eee5
SHA1 7a6450b9dec1e0a39ba585465e441676160e5ad8
SHA256 ec0eb1fd0b15dc60c96401b1b633a1d6d6e3cafbe7d296e1feea9e284d7fd2cf
SHA512 57caf87e984464567f72dfd842ddd96d8ee4aed5b6201504fac9f7ff139b301a6ab2a90a31c1e478253658a47d062d30dfc6324e947f63ccbf75fb64c481ec17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\41c09a3ac73e6014_0

MD5 785f67da2cd460d6adfe969d77e58a9c
SHA1 5afe5eb53095d86ec967438fd552abe09099fbad
SHA256 dc124a530a17233df45a147583a58078ac7c0587f1b653c6e1947c593836efa3
SHA512 288efe155c542f612a0fd14b9b555b04dae2e9179e671609bf0eceb96cba369769781746204d88b9c8afe9fea54e350859df2c2dde635119c0d8db5760ffc835

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\683e68c2f40357f4_0

MD5 62712628af3001ec124d39e7b280091c
SHA1 b89838a7e83a705277d9dfbf730c0d2647019119
SHA256 59eb3426972312a59738c492215ffc636e3bf3bf539a748f48c53fe4df4051bb
SHA512 44445138f886dc2049a4db9d50be3d48c54f7dfca14d7f51b39ec915692e869ccc9f1764563f70b08694dc30dcac913b0952e3eaa8ecc79b0e2159978a67be74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c0

MD5 9c6b5ce6b3452e98573e6409c34dd73c
SHA1 de607fadef62e36945a409a838eb8fc36d819b42
SHA256 cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
SHA512 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c1

MD5 eeeedd514b79ec1e786c85c744569984
SHA1 2a471a9388cc343eb15ebf24626cae2ee4c806f1
SHA256 5e588e71fa451932b8ada9372ccb56fbb4c18be2f9dffc47b979e7b5c99f27ed
SHA512 a3bb71a7a0d02cbda47e3d196a48691f7e95b02bf74644f4934c6b735a085c3183faf933b889973d9cda5ba14b3f2eda7f9485dbb5621b52aa38ccb3b7a6f90a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c6

MD5 4496a4adfcb2b23691e0c5d2144addc0
SHA1 fedde8fac19d2d7c77a0621677b79b9f448cc34f
SHA256 6267cbcbc8ff44d7c27d5ad6ddcf5e7e77cbcd5e6fe3cc7568fe9dfa19fde88d
SHA512 7f08f81ab3907de251e90b7b56dc7b837f19eceae4a9d6ce10524d07193e1146547a8d23e3dc4022d51c10f8cbfe0dd991b79532dce272b1c8f915a9e893eafc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 35701c919b099c412c15a56334a455bb
SHA1 5e50d1cfbe2a186db829d561d9de40321d68d1dd
SHA256 f571e36c36e8124715e7994114a5863f3333f047a748043a47cf62200e3c7282
SHA512 b46dc3c1edf41100bd409646bafd53c5d8b8209688396eda182cd9c0a2d80f8950ef4f0c16eb73dee05520d175e9bf80626ff28f758a04d58a48e67e17554a9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ff3c01c24b5eae08b6c403e3db47753d
SHA1 920183a6bd5bef77c389a2db7a4d61c2bc5c0a30
SHA256 43198df44ad439e4f90ff5907f6d1298dcdf03c4bbcccebaca95ffd6cd41b468
SHA512 665b7fcf0e4ab70c53bb65033f9dd7c20cc85fecd292235f7ed4e9f0de55e85ff2f363f0930aef7663a31ffbfc8c110b3628619ab2b5b8e401e026128d9e13e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9602801b9ef70e84_0

MD5 cca786b497a75865eb403c6631c22f93
SHA1 e99fc425c30187449619633f34010464cae0354b
SHA256 7395fb35e247892f0e7916f0046c01e933eb46bb4af96989a5541bbfaedfff1f
SHA512 8d4f6c400f60e01027d2284fc9cdb81b55d904d1091d0ddcc08d5b12ba43829cf37ec806952e9ad127e574d9d40c99be49e64cd2d9567cc3432c5c8bd28340b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9effad768acbdeb7_0

MD5 f763d8a8a13ce790b3e09652f33b9128
SHA1 c620c447f617f713f9be782badda9e03938e94ee
SHA256 81bf726d6e4e2c9814d7228b8c27bf4a7fb41de938dcf2f2cfcae1cdd8fbf5f4
SHA512 6dea8955b14cc86cda96e8394612f42c368df2d8305bbdd9aa5b277c34feaa1a5220e1e444dcc02d5a01a7b61cdd33feb595d865bbf2f0ad81bc3871e1410a13

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c43a6686f448f978_0

MD5 7168dd9bd856401b20617ff95292ad20
SHA1 d78b3e79ac2753ea0303aab35ef8a6a04ae59deb
SHA256 9be7e30674c2d52c253fbe7768946c9079a8dfa87021282f58dc09ffdf4f454f
SHA512 7bcd211b81a7c2e65011a1cf425af683a783a0a32ac9aceb196c6943756fde69b6de90e1f28294bc16eb687d0c5e35f5bc86eee02e642155e0d8e48f8466a70a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5101d0e3e761d285_0

MD5 eccd702d9f3cdb035dccc89632b348ab
SHA1 72c267c37240062933b4ad058739540f6bdf612a
SHA256 5285c4f6cfe6f93e8ca62cdee941b8e592eb3a0874549ffdd92ae99bd3b79c31
SHA512 6b1d0519c62c9e342fcef1d68be828a14fce773405c6ffa7220fba3577e062bf213bdd4162607953741a0f234c640456393e47473a54020b8a41447402a74a32

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9cbfb83987318adb_0

MD5 1244aacc8ef654006d8a9ba261e700b0
SHA1 a29c4fc6461652d83638550991870b576eac99f5
SHA256 6f633b9f4d016755cfde0924144d3eb42f166b949f99a369f977f1ac56bec250
SHA512 0b3ffb41d2a22d68de36386d21104be58c5e5514b4dbaba203a2ca6db885f2383d75a6f98513fbffb97001e0d5c4dc27a949a5272439815c96eb6f6c6f38910b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\364e827a81edc9f6_0

MD5 1bf950165303da6a6e0e6e12cfcc9d44
SHA1 8108de7afdefe5b488f56a667d09ae741e7719aa
SHA256 976566bd0193ec6af9dc28ac809bcee3bbeeaba64346a3ec7bcfea2749537e82
SHA512 3e4d8af6a0c27b0589d8b2edfbbf01224643a8de554127ecb9c90e1229177f968c13b75c3a03f75189f41cb065eea8c9b186a36035f7638d9bf950a618312fd6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\404cef15c446b9a5_0

MD5 67833755d72fe094eecb4ed87be73add
SHA1 503475588050c4cb7227c805966c9b71c35fb139
SHA256 48e2d08a0a973ae6d9d83f9777d0e935d21c8891b9d7704ec9db28adc4d64901
SHA512 f682b24e911fbf6d58f25f1f8a7b0abb2972ab31537c92173a76afdd7fd5f434e139808e282507b589d3e5dc57994fb30a6a1994dd10a80420532f1709647540

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a62da7c7a2128d0d_0

MD5 dd670ca6466621b2ec7a460a860f3856
SHA1 3a7998043c8a7fdc2c0702ff57f93e3124607472
SHA256 487c3a624324dbda0c9740f00509a8ebbf586d658e321bb773b5185c93851593
SHA512 e7a59af74abaf925fd54de246bcfeb146f6e063b45ebb56191c5bb422fe133ce1550b8b116b425f0389ea1bb4a719b5d69f234dd3e0ef2c992496e2a2ded2798

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\63fae8d57ed5d6e3_0

MD5 3ddc7bd0fb7bdbee3770726b1b0960c9
SHA1 895f420d28ddf42e4fa740cf31464eeb08b17b4f
SHA256 fc6bc309da9f6d33e95914dc9c7b2277236ad77fc97ea2167ce0b1d3b5910cf6
SHA512 827cc9297d736905448ec72821ec23fab9c2ad0069bfc6d73e19319fe4031b842105f929a8cc0bcc042d802a3768e08d35cddfdd4f308e6fba7f4b4c507ea1a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\08cc2d0e9fff97f2_0

MD5 9521b3aabe7de6e65a933c1c1453c41f
SHA1 24b64fef0bfa847bfe191eb1cee147d011d0f44e
SHA256 ef25cd1015eeccb1c101bb06742d3439d5cf6e5d356c9e7cd06f131969ec8145
SHA512 dc1b952c9434965a17b1cedb2d7e20db3467f104cae87690533ed2e040eee344fd77d6c399c932afdf8171543aa1c9a594f92c2f2aacca908fa4b531652cb033

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

MD5 d7272926843884316a0142acda87264f
SHA1 d331f01ee11941ffbc4b56c997f648a9e5b07cb4
SHA256 2c4a54ca703e086cc9b665de9d383cfc8be30d45cac97672211ac94f63bb5713
SHA512 3ec5c5956124e00d580694444e725a13937d3d0cf19df954fb118ef416811bd663e296d8fddfaa035e8b706f8a346db7e6d47375f001918d2197cf108c370303

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f1f463e27ac8feab20bb5dec1a4bf188
SHA1 d7aa688f51c2b662dd3fada1857358d888334e4b
SHA256 24e1793f4cb58a8fc37b8e964b64f1a130982d228718f12d7180f7e2612092be
SHA512 e1e3ab57fc95b573ffea603a9814a4ae42c1a2f1e976a0d5b51cef9f26d7c62422f4ce8317a8d682498db52452fae55fdba12d9ac66a5fb4291d34d835ea35bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

MD5 88fe00be1a53198e81563e8d370945b5
SHA1 8b60b3a51782e7b50a7edc6633def2368e06ede6
SHA256 530f259bce868d91408b51ef70872d52d2927f053802a5c00b62424ea55e6896
SHA512 082a5b31e55bdf6859944291e02c3587b563a553e311e5600cfaeaec2ffc0d5932a4a85b0d5b530b808394f723109ef4ae7009207fa055e9992fbe50ed546a4f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0176217bf8afdb6302e5791893376948
SHA1 9fd835801d2a520eeed6c670e8154ab5e1dd9aca
SHA256 7f378481c66b97d243207a59bf5a2608cae7b1bea52093dc98f65be06b8dbdaf
SHA512 826aca94944e58d8efc944ac61b18a7c47c05f5aed1733b6ac2510ae9b6009771bb01f79204060226fc9dba3015f3821cb0ea05fa679e419446559a246da1c3d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 796ffac67bf8fd09ba2b68557c2212b0
SHA1 c6266f9a32d09b807af8582dc408dc8c93467479
SHA256 69689a7a75060a4d2413004a08aa0d4a6889cb725d5df5c5dd427daeea497608
SHA512 ed3ddd26762d06b39fea8661fb3196664bec2d5946c7616ced6ca06c033f9f8de6adccccbbc444630766e7bb376716ba0817253f77cca1545fb475799795c8a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5a3742f2b053a0b73ee35e7709180ca5
SHA1 eb014e68cd2184a0aac9245c833667a6eb6fad13
SHA256 dc9e2732186b534356f443bff65fb209bfeb2d42c37ec4478e123aa7a50abb5a
SHA512 b97ba934dd2d61b22d8ff465659e5da04116a0735909ac012e14dd7a5ce19d5959874fa23d06d3cd4ada032d2c780d28dc40c4947446ff7f9ccdc7fb3d947fc2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

MD5 cfd2fdfedddc08d2932df2d665e36745
SHA1 b3ddd2ea3ff672a4f0babe49ed656b33800e79d0
SHA256 576cff014b4dea0ff3a0c7a4044503b758bceb6a30c2678a1177446f456a4536
SHA512 394c2f25b002b77fd5c12a4872fd669a0ef10c663b2803eb66e2cdaee48ca386e1f76fe552200535c30b05b7f21091a472a50271cd9620131dfb2317276dbe6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 181f197f9f2a0a2c0111573b0b4d1424
SHA1 f8b19056833fd6a4e785cd2226509c336a7d9292
SHA256 989970777a8c1f4291a0096ea6e6434c35d261336b000a8fb27f2ff782909396
SHA512 b770a79aa6f26d4cf017dbb58339ac58f044a8b68638e66bba4f0a2b17449936bb4b54cebdb962089daa2686090ae21927ce00aeb4470e1b1bdc5467c60f8881

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9c9cbb8fe178693c7bd27cad540e1133
SHA1 f1953c725774340f1af5223581815b43b3453043
SHA256 6fd7e6bcc28ec298254b6eb431581777d72c5fca7f55d245cfc806a3be95c14a
SHA512 07596f18bf0ca7a8d66f790c559b45e560255910600ecd6ab5c05690ebb9cd91d8a0243d238e9c0067b081e5d9fcc4ecaee2a9c582854cd49641b950acf62ec7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8269df3b02d9226fbf034d56e3d8571f
SHA1 278e5bec9e1ae7f2f3a24d3d7649dd4ef74f26d6
SHA256 3564bbecd2cb0cf14a8de6c6949d8f32a9fb4009f18764ff948f6b7d70777387
SHA512 73c789a808cd15580a139b93290c0748fcd86be23aa7ee2f65ff838b2dc447b29e5785b4ea26aa05e6e53ccb57a58cb0c03395e621940be5ea3d6b03d9a2b535

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3254dc12a5addbbf9ca453bd77d2ae1d
SHA1 524337f82b373dde2790680fe339af31565c103f
SHA256 3716584a071e5a91f318183448d556fe6d4c4f501f50299b62d00e4cbb5f42fd
SHA512 79e332a6377a721c8dd0c5a1fbcff5ad8efd1c8292ebbceed2dfaf498234287641039907301fb6a39b96bba95a1dcd45acaf38422dc0311a8e528810f6eb479a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ac75de9b04fa3e37d10c8682ac4716d9
SHA1 558e54203731bb8bb1be798ffc918058f4c42466
SHA256 0106c6be6769fd4d1576e5ec6c9f69960af16e99b9c060ce1079d5b20ee98a59
SHA512 e6c51793a1e352d0839200bf259cb0c557cf941acbb3f143226ec208db9c7c8abec99ae68ae42e7bee55f391a800674982ac84e48a90a4a32aa5947fd6f548fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b905afbea0fd52aff7cc9b4ce7de017f
SHA1 e6190074df3f022f1922dfd282f2c034d029d628
SHA256 cbdcb8757735df88cebec7fcc7ce2ee60ac80fef93ec8a2a7297f1a024184f25
SHA512 4299654989f6a85b37e8dcc2ea8a11201eabeaf769e6fd71eee86b7eefc681e9382f1084f9a61d19257ff4c1126c565a8c82ff60d9ad75ee8cb5f5b8e749c903

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ca2d95b02aeccbf3ac84ed5ef261b60e
SHA1 9e8c15539465bb3e58af0dd8286425ecf57e55e8
SHA256 0deeb1a6ac05731b2c4daa2a9e4f62c5f4d7e2ac6338187bf6ed953bd0686d35
SHA512 1fd0fb8e109251a6d4974ddf827d6f0e243eff285355b633ffa2ff9973a77474b832a77f40ffe8b3fb39921436f63d99cf6179dc360a478bfc087e055d3414a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ab3eb40d8a63583ffc0d784ff7774bec
SHA1 255f381f8452baea423cb5e2f8f926388876f785
SHA256 55d847ba873a61e4a2d5e6b638ca09fede3cfb234b377ee06fcdc4e9da9aff71
SHA512 0963e484c365f4f96889597a7e1cb5bc1efc343c8ef78a376faff2bc9c8bc95079c0180e5cc65f718030d5907d312b665d18781872325e1cd081323858c76db4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000de

MD5 6ee632ef6264b72530b38ed3414ef99f
SHA1 6ab0e4fae75eb253d9703baf52bae2021d60baaa
SHA256 49929e01b886e836bcc7b6cc628adf3767646eb529cdd93cba3ea5901111969a
SHA512 1a2e5c2727dff43824e7e983f2718c76d0796cfb018f66dd2153d9000f6524042e02f36e3f586c1b4f0c4e07b341757ecfd17914bbfe5354138e77e18342f337

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e2fe8ebd76126049070944ee489bb654
SHA1 e15997c59afca9d15fcfc77df2b1b78d573747b7
SHA256 db402f36ba8a85c13663ceeffd675ecf988118d048da334e5f665d713ffb32c4
SHA512 e70f21ab1a9a75a8ba495db54c15ae4c30e6a0c63fa90d4235ba9a7427e4c922cc869acab4b2d1582c8299f0409e2a4a682fb78c21018e01db1c4933b66b01cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 3d33be1bcae0290d5376d81510d8e907
SHA1 f1aeafaf4f4dffd7da50e4e51469a2dc14da4110
SHA256 adfdf8bf176b726a1268dcb7292c21d90e1309b4f3ffbf0c8f01cad5b1668eb7
SHA512 d4baefb61b27fd7cb65ce354bd3c5262b834b40fa82138af7c07b23c8c2c8cb6a17af18eadbd4586f97d50ff1a16560b291fd61bfbfff1d9f8af5235c3540e0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 6f3b77c84e0e74bc1c7174f9cddd1b60
SHA1 1a97d66a639f16b4642fd683dff02925cf3e98a1
SHA256 e92cad6a7be05a2d0de9ad2a85a77627a022e8d37053105da51ac07d111a9144
SHA512 9377fbb61f7aa5c4091e2b64f2b356939ee9e8eb4673f328affe8a1b3d08699fab950d03ad4d04a69e981ace4a05a53b7d70ca78ec5450c34be9e64960e53ddf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe60447f.TMP

MD5 07d6fb509e488757dc8dc2fb47aa86a8
SHA1 8a5cd25440fd72d56a8384dea41e54f48c6a4a83
SHA256 908d523b8348fae46ebc4f7c1e1ec5bb0c0a97a905a532aaeed2faa0d8c96d07
SHA512 8cd91603854ce7907a85af8dbbcaeca40eee072540992b288ed75d31b754d8883f04be0158abe2dae25013f2a66c50d5acea76acb5903fb8ba95b1fe71b9fa68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5012_69920670\Shortcuts Menu Icons\0\512.png

MD5 12a429f9782bcff446dc1089b68d44ee
SHA1 e41e5a1a4f2950a7f2da8be77ca26a66da7093b9
SHA256 e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37
SHA512 1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 7f57c509f12aaae2c269646db7fde6e8
SHA1 969d8c0e3d9140f843f36ccf2974b112ad7afc07
SHA256 1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f
SHA512 3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cfb42958-ae17-4d6f-a45d-6d3a55228bd1\index-dir\the-real-index

MD5 1baec190bb4d30066427664a8ad327c6
SHA1 82c169e2b064966f8e4979232e5c8e046534c719
SHA256 e983b95f2c7ed1351263fea095ac82b879a5c5f82d17f8aae173b4e7341bd7fd
SHA512 4260cf50f9fc0274dd2b919c4ef13ecae2b54703a3c83a052af2fbf13dffa709b313593c82066a42412a10b2dd552767175a503eda5cbac37310e3b503ae0daa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cfb42958-ae17-4d6f-a45d-6d3a55228bd1\index-dir\the-real-index~RFe605a1a.TMP

MD5 b24c055938a510029e0341018d093e00
SHA1 118dd6fb13e68c45deb381a67bee25037cb90b72
SHA256 3f5787b0b291b23d57f1ef72431012d888408f7481fb6b47dedd87c11bd54654
SHA512 7f9661ab4d9244583c9504fcb3152a864d8305a7544838774897fa090629d624e2ecd11319d6b2c2ab716dd5fed2afbf9fb5247cb4e61244f2680be33b3870f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e0

MD5 3dda883b89b1f31dd1e8e0be2d4250e9
SHA1 ff69000e8307afcb2b4db7d6117b47975f9de06a
SHA256 e60268695e6c66a62ad318850e45954bb22d21f2ae62fe9f0c5490dcb1e69f9b
SHA512 25176c5acc9cf658129508ccc1b7fc8e93777cc59a404caf06a0e0eeb7c10b5276923aa51d56a99ebfd45d9f05b16f598794fb31ea0aa39565770b3c3b8c8c43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 665fb27bce4d371a3fbcfc60002794dc
SHA1 5c11008557f6f7972cc9f92e3e5cbd6705ec6350
SHA256 3a4fc2698286ed410a503c39cd23df0ef665fe4e38099ee80ed0654c4cebdbe0
SHA512 b9098139d8947b5273179061ca0cecd44195880faa3f6af18e72957d2bf3e020d4d45f567041011e8fed1ab8aca8da765274cff7fa88a4c58e1bfce630c45be9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\707a8045-e4d0-4456-b668-53f18357cdf4\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 45044656ca708291e6a5250802c03770
SHA1 f1d6ea91ac31fabb181ad86984465fee615ff31b
SHA256 5a934cdb7e7d270ca20efe384e772a249ad38104d0350f1949273c766a2c4660
SHA512 7f8c8177291a0591d8528dcd72e423a3d738ccfab64fb0a919df016f56f1872eec906f6b72c6714e4afdd5494749aecebefc8b07031755162ebabcd95b7f7b22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ea

MD5 0e598b4e0838f1540edaaa0ebf6d1e68
SHA1 a69cc56bc59a19d8e0da1b74db64b0f6c319e095
SHA256 4ed8eeb9c3e8abd8a3ae9a6e4a0da56d3bb513938555795256d73cbd578bbe17
SHA512 4a00bd10f567a45b9a3332a50803002f4a089bc38b065657e2a921d505c0a10c4275add2d6c9b4c3ea6a5ba87ccff47140aad0222bef3fceac331de97cb1f273

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 67291f44c6d5cefde3102e4c37e841ac
SHA1 5a7539a5cfd7ba12f6b46f043e4c9c12c4a2731b
SHA256 7d7181c28343266b4dc8945dd0781ffdb9f2c0adbe0cb38db61dbd71e9a82228
SHA512 52ae9a1f94720f25317af85493b93ee97d1b97ada06553538a862bbbad3441118a1a50ae801e0468e26fcc66fe11909bf05f1943a0cc399aaf754b69d8363ac5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e1

MD5 c6dbcc0422f27944f253081832cf771d
SHA1 7b07daa1c6a885eb59f208f213a76a367e3fc6a2
SHA256 a6127ea5e3388c4addec8a8529720e9b951101240ec4c3dc9f19979c751c6618
SHA512 88bc43b7fd7273fa7717fe9e4cdf847e827f4f1aa2217bb3e78ba491c7814adc8ee3fbefcc71051b90f5301d8ab5f646977d6485f20081b5e6837a10d66619b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 afd9d736b73a142a2a8ead0b1b409a65
SHA1 7b181d57b2a2e2934e0c0e8c650b9194273e32ed
SHA256 374a7967f02130cf4a2e99483188dc5bd65215fe144c5c5b51a0ae4f0bd4b56d
SHA512 424535b2969b55d2b5974955268a351399b61c774e789dab18ccd0ee2eb4c1be09d9770bd203fb5983144ebc9bab511fcca50b17a6ecd0adf0caab029727e02b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e7

MD5 bc0357f63ec3897144287298696287be
SHA1 4b7f00f75e9aa603ffc9631a1fb1cfe86be4cf6e
SHA256 91d8faa9456e69908520f2675e0867046f01333ac4659d0e541def0c866f35d7
SHA512 e1c44a213d2efb09f3e7ce3ebc1ffc6b3dd170506c36a72f2d14a701d8fb331f7543fe6d3684e8a9eeb9a6e43bd26991e47e364482215cf228464773e94bc09d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b70821717b952a54c09ae678c552f975
SHA1 2cc46d220514dc670d1841e8054f4b011bee2364
SHA256 5b5dcfe2c5d2ddac202d363e270a7d7a0267fdcbf3d2cfe44b5e0aadf6401a8a
SHA512 c8c6c34fd3b431ba3e3390cd317cd5f0d81620ccb9f43861f58fbf7b16490cdaa8b84b46e9409facf47af3ec78c9c2fb17b68c4e4516f62b9b9b34d914158982

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e6

MD5 fc48cf248229ad8686eb77300a78daec
SHA1 296a0ca8f11e043acf0b005e8ade51656fb2af6e
SHA256 63bd216b1612653bcbd661cee187b56f2ec2f3587cba7e638793ffe6d48a1429
SHA512 3fa41693e2824711e981cbb0945ae7b99299689946bfe30b722bbc2a6e14701743dbd3801c1edd9a5f83da2f23a01b5f4c4de30e8b2f08cdad0d9d0ca666cf4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e8

MD5 20adea22eec53811cc6bb3e6fb9648a1
SHA1 89ccfb989609bb343bff0f260fbc28e78b0ae16a
SHA256 d1b7f4208210049da4739648765e40bb8d8f0a7fd4e942df1d736e803739f5ea
SHA512 24342b4e909b88faa4b028aba8428bf4b3fac6203a61e74890a4c3439817444826c6d4785f0cef484b73c6116a9913c2980be3c59abaf2b3711942e1e53e6b55

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\0c9472b5-9495-4cf5-b6c2-feb42eaf1590.tmp

MD5 28deff297495fae6c991a623fc1c2712
SHA1 218d00192be9f71697587ec0568fa2db03c8892e
SHA256 c1c582207f7a9e9d839798a8965b34578ea14d3080a7fd66121363d65bb9d9df
SHA512 36d8005cc7fbcdf24951b9b2582bf48de294624338e7c1a99c642e0760f433eb47b41870fd86268d59e1f6639b8fe3477c175ec2392697344078618d7763c5cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7b8eb6faa829d86562609805d2ede8ad
SHA1 2b3a6fde45ef1125e04c6e938ccc8f66c245f93d
SHA256 2ad92cefd6090b2fc7e36985664f1dcccad99ab815efc7808d38108d6830fd4e
SHA512 bafa126da6839bfd0c4e0c0e77aa28a88d0eadfa63d3c746428104328b5c5dde43bbd4f941d40052cad9d37e3669ee9f3dde311045d4266071fe467d2dae197f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 af86dc80d7cf44099d0aaf7890a7987d
SHA1 552d4bab1504e7bb8e466f45e53c827e090b5ef5
SHA256 bca6764d3f59acba5e6ecae1b8d81b69c739995c7c1d14f8ef3183353d02dcef
SHA512 574f83bfa1454d48eb31256552f064f9eaada6eabb297df2f3096702f2d07317f4047abdfdd521372cee67938824e4d76859f7957661bfc26d2853c3bc6e4a3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe60b7cb.TMP

MD5 a1e037df256bfd00251bbcdd521c21f4
SHA1 ef4cfbbfea0546c6b4e63cc6dc6afc88b5877be1
SHA256 2ea94709507c4f0231bae39c83783149b7729d3f73a7bc21baf9946e622158aa
SHA512 d0828d1c8ec8d111fb68337264952ec3bd5a614c0a316b1254592d3ac4579ca70eaeeebbbf7b210aa86e9f8ece437397d25a3ba56ce207806e0074118cf14b40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0cbfa1907541ae38b55360f2b9fa48ce
SHA1 d612a810b021afa09b08502433107092fa6aa66b
SHA256 5ed2fbd2188cd49a0fb9951f5a34c08667ac3ac5dc177cf9ea21b369c90f98d6
SHA512 da6f24f1d611adf90dfe2ae1b28c8afe36901e8d15c001537bc466a7082082b29dd17139a8ad9e6903051acc0a4c939531bec0eef19a4ac59446f4ff517fc821

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\86d7688c-bb30-4cda-ae3b-160d4af6b8b6\index-dir\the-real-index

MD5 a027bab93ee3b962eb8b8b2148079037
SHA1 b62636d2ab61f33704e78884bfa006fe4334d8bd
SHA256 0b3be3c4c06d0e20e7c6614b3e32afb4d2969abbc959f4e3bcee9e940a160a9a
SHA512 5c2aba12743e09ac49fb6f1c6483142cf1693d58810b25f24e57c3f0b16862a1cde607a44eb948a118108be67c55ac79d17b50930c20a86a45820824d20b103e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\86d7688c-bb30-4cda-ae3b-160d4af6b8b6\index-dir\the-real-index~RFe60c383.TMP

MD5 6b6e8f3c585ba7498df160fa5e94519a
SHA1 b207f34684587fefbf317ee91c36090cc88ecd3a
SHA256 775ebc852cfc9f6b46fe3e54751916c3b90e0d2ee9a32df072a8b340c53a3e42
SHA512 0df8ce2e1f1864bb9a5dc7820a430bbc616b04fefa59900e4ad5e6f66318eceba95978ca04c1d08f997416a58805ce0d4ebfa70ad3ac6c0f828852f4102a7b6f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 17c4e1029ceee19a79fb70bf317bd047
SHA1 fda54dd147e819e0d39a1d5921fbcb75eb371416
SHA256 f75f6db22711e84aaef457f218548d8106f8849f03245e388e29be5f928d68fa
SHA512 aa81e5eaa2411be8dcc08074fc3ad17558050ce95a8e643234bdc02bce3b8486a7c5e786196388185e23af336e4607793616bfbae6364f62168437f908468135

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7af8f177c0f22fd17d5f401402a2ea6f
SHA1 83712d916269f45c30e9060c3e950d93798ab611
SHA256 74357859cc042cf15789ef811a27b8b0d19080cd875bd56da58d75863db7dd39
SHA512 3393dee8c0b769e055bfd5dbe6298c8d9e02ee576c030728b86c989dbf2f8b1346e65fd8b583071c6f8285347a242aa49152568d651eb9741bbdc76e8644e7b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cfb42958-ae17-4d6f-a45d-6d3a55228bd1\index-dir\the-real-index

MD5 1dca40ca14ede1ebf2c5c048ce40ba8e
SHA1 cfb64a5729f4bb1a9b351c7d280053e2169dd643
SHA256 ebf9c0e670bd54e51c807597260c15f45bd5d364ef1f6013685f0dcca96c8edf
SHA512 a0b9a512ce3c8f4d36b1b9ee658ab2054eaa230f135fe722211f1f0efcec41d08c098a8b18ae9a337e662f873b915b6a77248849c1d6a7253bf6e1482656fbc6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2a728ba8c586674d7df76754cf981656
SHA1 6bbcebe58e86f8ff56892dd00921f40cccaf7ad1
SHA256 ee7c97329f60c267e735b036a9ceec7b8a27369c79c2cb225e2373c3c51ba3f3
SHA512 f1e985260fcc3f17ec11af0370ba6ebac2ee6a878a76889a4b52d133b423a54a2d8df05a30a5560e4e285203477ad5a585dc1cfa527343b0f395bf1b3fd217d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cfb42958-ae17-4d6f-a45d-6d3a55228bd1\index-dir\the-real-index

MD5 df78f1eabc025e51be608d9ef3979891
SHA1 4cfcb960b819410e62735191534ebf1c494647d1
SHA256 a975b5f5d7224754f2b57a52fa6a3c44c13fd37a01d9242b3ebbc6dd50120fcc
SHA512 e8c9507e2390a27c00e5279af57da41e65f6133f832806831a0471cfe41041b4a9c54dc41516f62f73ad06413109be97adab13e93528916fd1e6a262e6c0b0ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d8a44fbcab7dee51147fc37430a60fd3
SHA1 5bc0cb912c0b139046e20c2fcae321f8fbaf5533
SHA256 2b045dcaa3cfb88023ebd4a3fb56b5401831d9b01e9517a2a076e719287144dc
SHA512 c4bd8646321182917d2aef0f5d0f8040abf0af764dafd56b21d2c36b91247d485c17253d7f48c9f31f11c51d4fe6d0aced2abc15d7f05450370cbea99e14afdf

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-25 12:32

Reported

2024-06-25 12:34

Platform

win10-20240404-en

Max time kernel

65s

Max time network

66s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe"

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Xworm

trojan rat xworm

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Users\Admin\wininit N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Windows\CurrentVersion\Run\wininit = "C:\\Users\\Admin\\wininit" C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\ras\SSTPProxy\ProxyConfig.xml \??\c:\windows\system32\svchost.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\1601268389\715946058.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\INF\netsstpa.PNF C:\Windows\system32\svchost.exe N/A
File created C:\Windows\INF\netrasa.PNF \??\c:\windows\system32\svchost.exe N/A
File created C:\Windows\rescache\_merged\4183903823\2290032291.pri C:\Windows\system32\taskmgr.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Mfg C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\ C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\ C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Mfg C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A C:\Windows\system32\svchost.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache C:\Windows\system32\svchost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Windows\system32\taskmgr.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 34 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 35 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 36 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 34 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 35 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 36 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe N/A
N/A N/A C:\Windows\system32\LogonUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3080 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe
PID 3080 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe
PID 3080 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe C:\Windows\system32\cmd.exe
PID 3080 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe C:\Windows\system32\cmd.exe
PID 4228 wrote to memory of 2452 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\chcp.com
PID 4228 wrote to memory of 2452 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\chcp.com
PID 4228 wrote to memory of 2608 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\choice.exe
PID 4228 wrote to memory of 2608 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\choice.exe
PID 3936 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3936 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3936 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3936 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3936 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3936 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3936 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3936 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3936 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\schtasks.exe
PID 3936 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe C:\Windows\System32\schtasks.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe

"C:\Users\Admin\AppData\Local\Temp\Nursultan NextGen Crack.exe"

C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe

"C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\и.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\choice.exe

choice /c 12 /n /m "Enter your choice:"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Nursultan NextGen Crack.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\wininit'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'wininit'

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "wininit" /tr "C:\Users\Admin\wininit"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\wininit

C:\Users\Admin\wininit

C:\Windows\System32\SystemSettingsBroker.exe

C:\Windows\System32\SystemSettingsBroker.exe -Embedding

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localservice -s SstpSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s RasMan

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0 /state0:0xa3a9c855 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 seems-poet.gl.at.ply.gg udp
US 147.185.221.20:30996 seems-poet.gl.at.ply.gg tcp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 20.221.185.147.in-addr.arpa udp
US 8.8.8.8:53 215.169.36.23.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp

Files

memory/3080-0-0x00007FFA2E873000-0x00007FFA2E874000-memory.dmp

memory/3080-1-0x0000000000B70000-0x0000000000BAA000-memory.dmp

C:\Users\Admin\AppData\Roaming\Nursultan NextGen Crack.exe

MD5 a9aee64b701db5f8cfc3c963872403b4
SHA1 48079f6822d84ea354f301cdb97d2ecb59552e06
SHA256 f46d7ae8973b42a0cb892c6aa8d6a559b4cc1d0c67b1d5df3072c4f7f77b53fb
SHA512 696e745d488841c3b1a55a350d754b69a1d6b0d83fd9eac247229239951b12bfd98d8cbbcbfffd567966495a10950040edd77398702763071f6eeb50f13a3a1e

memory/3936-11-0x00000000006E0000-0x0000000000706000-memory.dmp

memory/3936-12-0x00007FFA2E870000-0x00007FFA2F25C000-memory.dmp

C:\Users\Admin\AppData\Roaming\и.bat

MD5 9885bc1f632421f329efe28818361344
SHA1 9d0838fa885728361703a6e2b36e2aa3603b05ce
SHA256 6a218880f23edb2a809ee20919f355f80ef4a0b545c3d79ffa8c848441eced7a
SHA512 ddb5252457e9e02a91073f58662cd2eb72d670827f5173e8705c9e41d55a4ba4efdab80f24371ff61573d250f7b8463ce05f9cec7c48085dcacd38cd21e65203

memory/1412-18-0x0000024B76CE0000-0x0000024B76D02000-memory.dmp

memory/1412-21-0x0000024B76E90000-0x0000024B76F06000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_tiwcg4sy.4nx.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 8592ba100a78835a6b94d5949e13dfc1
SHA1 63e901200ab9a57c7dd4c078d7f75dcd3b357020
SHA256 fdd7d9def6f9f0c0f2e60dbc8a2d1999071cd7d3095e9e087bb1cda7a614ac3c
SHA512 87f98e6cb61b2a2a7d65710c4d33881d89715eb7a06e00d492259f35c3902498baabffc5886be0ec5a14312ad4c262e3fc40cd3a5cb91701af0fb229726b88c3

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 12ce32cdb860ea27c099070bd8739917
SHA1 0316c3dcd8f5926dc125427a2220526e53b2b1c6
SHA256 cea8621365f1e4a19ccdbc46ef431635352d68753fc939f7412df3181080f6bd
SHA512 69da9c85c8068dfcef7267154215047aa3743a80724b60558f22c66237e04b24737d14dea19b7d8d8a7236da32d4fe9b4a48af04f22f61f54c5a69af1bc0ca95

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 fb6b64deea4445c121679e036fc13dee
SHA1 6593f0e9d74e2ae1f0ec77453c3dd87a477c5613
SHA256 6da7ec37fdf868840e54b50cceeaa04032f72edfccdb8529b81dc281c0b9f73c
SHA512 f40a76c8647415fcfe9a981f4df859f488c6c6efa322d83a88158e57858cd66e9aac9c1b1922272a9590fee20c8460f65f658279a3529997c34e6aa98ab7afdb

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 3bcbf6342024a05b802f3cb7cd7cd25c
SHA1 462acfb1ddab09bfd40a7380ab91c7b41b5f43b1
SHA256 2eaca320e58da69ba5c49f9aab231a29a7e27cf00c9026f5cd5fdc56aca5f31a
SHA512 b0a890ed73c861c8ce9680ccc43b80e67ce9e8f142506144c4e3018e16c6110d7e339cf1dcb4ab26fb59968b6fa7ea52cdbc9d1134140ff1f9301bf1e2b1bc1a

memory/3936-190-0x00007FFA2E870000-0x00007FFA2F25C000-memory.dmp

memory/3936-197-0x00007FFA2E870000-0x00007FFA2F25C000-memory.dmp

memory/3936-200-0x00007FFA2E870000-0x00007FFA2F25C000-memory.dmp

C:\Windows\System32\iv1hm7.exe

MD5 e79cbf4b8cef12fc28460c57083f1186
SHA1 3ef31989b8d2199edd8e01997656ce4e0dd5e18d
SHA256 d95c7b2e5cac794ad6116e26a9bd394164c2f29775cd8d419d57b513ab974bc2
SHA512 a43193ff935df9dc4ac0cd1c1d3f51a50d8a17f518af18a47ce67a825b0e6065a5b8cb05cd2d44e746c863bc4b5232facffd250d836a13ca7417ee4d50f4e06d

C:\Windows\INF\netsstpa.PNF

MD5 01e21456e8000bab92907eec3b3aeea9
SHA1 39b34fe438352f7b095e24c89968fca48b8ce11c
SHA256 35ad0403fdef3fce3ef5cd311c72fef2a95a317297a53c02735cda4bd6e0c74f
SHA512 9d5153450e8fe3f51f20472bae4a2ab2fed43fad61a89b04a70325559f6ffed935dd72212671cc6cfc0288458d359bc71567f0d9af8e5770d696adc5bdadd7ec

C:\Windows\INF\netrasa.PNF

MD5 80648b43d233468718d717d10187b68d
SHA1 a1736e8f0e408ce705722ce097d1adb24ebffc45
SHA256 8ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380
SHA512 eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9

memory/3936-213-0x00007FFA2E870000-0x00007FFA2F25C000-memory.dmp