Malware Analysis Report

2025-03-15 04:00

Sample ID 240824-z7ecyasbmp
Target profile-autologin-juzo.ovpn
SHA256 31059e634e330fecb9b150d890da81e2f9d9c308b0259d3b376a9f0e118d4249
Tags
discovery motw persistence phishing privilege_escalation
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

31059e634e330fecb9b150d890da81e2f9d9c308b0259d3b376a9f0e118d4249

Threat Level: Likely malicious

The file profile-autologin-juzo.ovpn was found to be: Likely malicious.

Malicious Activity Summary

discovery motw persistence phishing privilege_escalation

Drops file in Drivers directory

Loads dropped DLL

Executes dropped EXE

Enumerates connected drives

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Blocklisted process makes network request

Probable phishing domain

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

Browser Information Discovery

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Checks SCSI registry key(s)

Suspicious behavior: LoadsDriver

Modifies data under HKEY_USERS

Uses Volume Shadow Copy service COM API

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-24 21:21

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-24 21:21

Reported

2024-08-24 21:41

Platform

win10v2004-20240802-en

Max time kernel

1188s

Max time network

1156s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\profile-autologin-juzo.ovpn

Signatures

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\System32\drivers\SET5C2C.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\drivers\ovpn-dco.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\drivers\SET57D7.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\drivers\SET57D7.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\drivers\tap_ovpnconnect.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\drivers\SET5C2C.tmp C:\Windows\system32\DrvInst.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe N/A
N/A N/A C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe N/A
N/A N/A C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe N/A
N/A N/A C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe N/A
N/A N/A C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe N/A
N/A N/A C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe N/A
N/A N/A C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe N/A
N/A N/A C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe N/A
N/A N/A C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe N/A
N/A N/A C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\msiexec.exe N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://try.abtasty.com/cross-domain-iframe.html N/A N/A
N/A https://try.abtasty.com/cross-domain-iframe.html N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\DriverStore\Temp\{ee0fd940-5048-ab42-ba1f-f3fe2ced0fd5}\SET573B.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ee0fd940-5048-ab42-ba1f-f3fe2ced0fd5}\oemvista.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_16532ca9ffa9dc28\tap_ovpnconnect.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_16532ca9ffa9dc28\oemvista.PNF C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ecfb010d-f9e5-0f4d-90fc-7528412a21f4}\ovpn-dco.sys C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{ee0fd940-5048-ab42-ba1f-f3fe2ced0fd5}\SET573C.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_16532ca9ffa9dc28\tap_ovpnconnect.cat C:\Windows\system32\DrvInst.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{ecfb010d-f9e5-0f4d-90fc-7528412a21f4}\SET53DF.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ecfb010d-f9e5-0f4d-90fc-7528412a21f4}\SET53E1.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{ecfb010d-f9e5-0f4d-90fc-7528412a21f4}\SET53E1.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_16532ca9ffa9dc28\oemvista.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ovpn-dco.inf_amd64_b737bb7e846ccda6\ovpn-dco.PNF C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ecfb010d-f9e5-0f4d-90fc-7528412a21f4}\SET53E0.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ecfb010d-f9e5-0f4d-90fc-7528412a21f4}\ovpn-dco.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ee0fd940-5048-ab42-ba1f-f3fe2ced0fd5}\tap_ovpnconnect.sys C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ee0fd940-5048-ab42-ba1f-f3fe2ced0fd5}\SET574C.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ecfb010d-f9e5-0f4d-90fc-7528412a21f4}\ovpn-dco.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\ovpn-dco.inf_amd64_b737bb7e846ccda6\ovpn-dco.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ee0fd940-5048-ab42-ba1f-f3fe2ced0fd5}\tap_ovpnconnect.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ecfb010d-f9e5-0f4d-90fc-7528412a21f4}\SET53DF.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{ecfb010d-f9e5-0f4d-90fc-7528412a21f4}\SET53E0.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\ovpn-dco.inf_amd64_b737bb7e846ccda6\ovpn-dco.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ecfb010d-f9e5-0f4d-90fc-7528412a21f4} C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{ee0fd940-5048-ab42-ba1f-f3fe2ced0fd5}\SET573B.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ee0fd940-5048-ab42-ba1f-f3fe2ced0fd5}\SET573C.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{ee0fd940-5048-ab42-ba1f-f3fe2ced0fd5}\SET574C.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\ovpn-dco.inf_amd64_b737bb7e846ccda6\ovpn-dco.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ee0fd940-5048-ab42-ba1f-f3fe2ced0fd5} C:\Windows\system32\DrvInst.exe N/A

Probable phishing domain

Description Indicator Process Target
HTTP URL https://openvpn.net/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8b866b28ac9cd16c N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\OpenVPN Connect\LICENSES.chromium.html C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\nb.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\zh-CN.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\am.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\resources\app.asar.unpacked\black_connected.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\resources\app.asar.unpacked\black_disconnected.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\sl.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\es-419.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\lv.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\resources\app.asar.unpacked\white_connecting.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\drivers\tap\arm64\win10\tap_ovpnconnect.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\resources\app.asar.unpacked\Connected.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\hi.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\hr.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\agent_ovpnconnect.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\ar.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\bg.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\sr.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\sw.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\uk.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\ovpn-dco\Win10\ovpn-dco.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\icudtl.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\zh-TW.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\resources\app.asar.unpacked\keytar.node C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\pt-BR.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\ovpnconnector.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Common Files\ovpn-dco\Win10\ovpn-dco.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\pt-PT.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\d3dcompiler_47.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\drivers\tap\x86\win10\OemVista.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\resources\app.asar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\ca.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\cs.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\id.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\ovpnhelper_service.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\drivers\tap\arm64\win10\tap_ovpnconnect.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\bn.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\resources\app.asar.unpacked\Connecting.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\kn.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\drivers\tap\x86\win10\tap_ovpnconnect.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\resources\app.asar.unpacked\black_connecting.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\resources\app.asar.unpacked\Disconnected.ico C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\ml.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\resources\app.asar.unpacked\pkcs11.node C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\version C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\fr.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\he.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\libGLESv2.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tap_ovpnconnect.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\v8_context_snapshot.bin C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tap_ovpnconnect.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\et.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\ffmpeg.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\it.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\ru.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\OemVista.inf C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\gu.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\lt.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\chrome_200_percent.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\da.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\fil.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\el.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\OpenVPN Connect\locales\en-US.pak C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI486C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSI594D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6160.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5d3f00.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI423D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI42CB.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI484C.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI58BD.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI593D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5B14.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI429B.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\{476194D5-A162-4677-A53F-1DE4ED5F27CF}\icon.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI592B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI59CB.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\e5d3f00.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI533B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem4.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSI592C.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5d3f02.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6140.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI557F.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{476194D5-A162-4677-A53F-1DE4ED5F27CF}\icon.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI4190.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{476194D5-A162-4677-A53F-1DE4ED5F27CF} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI4957.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\Installer\MSI567A.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\oem3.PNF C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI4618.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
File opened for modification C:\Windows\inf\oem4.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\System32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\System32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\System32\netsh.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service C:\Windows\system32\DrvInst.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\LowerFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\System32\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\System32\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\System32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\LowerFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Filters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Windows\System32\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\System32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\System32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\System32\MsiExec.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\RAS AutoDial C:\Windows\System32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133690081145306729" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\SourceList\Media\2 = ";" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\OpenVPNConnect.exe C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\OpenVPNConnect.exe\SupportedTypes C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OVPNProfileAssociation\shell\reg_OVPNProfileAssociation C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5D491674261A77645AF3D14EDEF572FC\MainApplication C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\ProductName = "OpenVPN Connect" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{5F7D5998-E5FB-4D24-968C-C3033EBB10AB} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\EBDB63A7D2D217748A9FF082FAF7A8D2 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\OVPNProfileAssociation\shell\reg_OVPNProfileAssociation C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\OpenVPNConnect.exe\shell\open C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\SourceList\Media\3 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\OVPNProfileAssociation\shell\reg_OVPNProfileAssociation\command\ = "\"C:\\Program Files\\OpenVPN Connect\\OpenVPNConnect.exe\" --open-association=\"%1\"" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\OVPNProfileAssociation\shell\reg_OVPNProfileAssociation\command C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5D491674261A77645AF3D14EDEF572FC C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\ProductIcon = "C:\\Windows\\Installer\\{476194D5-A162-4677-A53F-1DE4ED5F27CF}\\icon.ico" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.ovpn C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Applications C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\OVPNProfileAssociation C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\PackageCode = "B966E93183B82874DA243E16CCB1CE16" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OVPNProfileAssociation C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.ovpn\ = "OVPNProfileAssociation" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OVPNProfileAssociation\shell C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\OpenVPNConnect.exe\SupportedTypes\ovpn C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\OpenVPNConnect.exe\shell C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\OVPNProfileAssociation\ = "OVPN Profile" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5D491674261A77645AF3D14EDEF572FC\TAPDriverFeature = "MainApplication" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.ovpn\Content Type = "application/x-openvpn-profile" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\SourceList\PackageName = "openvpn-connect-3.5.0.3818_signed.msi" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5D491674261A77645AF3D14EDEF572FC\DCODriverFeature = "MainApplication" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\Version = "50659328" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\EBDB63A7D2D217748A9FF082FAF7A8D2\5D491674261A77645AF3D14EDEF572FC C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\OpenVPNConnect.exe\shell\open\FriendlyAppName = "OpenVPN Connect" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\OVPNProfileAssociation\shell\reg_OVPNProfileAssociation\ = "Open" C:\Windows\system32\msiexec.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4212 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 3608 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 3680 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2604 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\profile-autologin-juzo.ovpn

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xdc,0x104,0x7ffa9214cc40,0x7ffa9214cc4c,0x7ffa9214cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1608,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1604 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2388 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3144 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3192 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4516,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4580 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4736,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4564 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3148,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4944 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4968,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4488 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4352,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4976 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4748,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5360,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4868 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5476,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5392 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5036,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5468 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5436,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5288 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5412,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5092 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5160,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5736 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5592,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5432 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5904,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5940 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6104,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5896 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6348,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5952 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5504,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5536 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6156,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5524 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5900,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5212 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5988,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6292 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6404,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6096 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=4540,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5148 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=4800,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3660 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=1216,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4940 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=3244,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4372 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=5356,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5912 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=5432,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6288 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6044,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4612 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=5248,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4676 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6696,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6752 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7000,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5516 /prefetch:8

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\openvpn-connect-3.5.0.3818_signed.msi"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 3BABE2FA0BDD81CCEDC4FAF213EE07E9 C

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 484F88B543BF80714FC1A8E74486CD57

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding AB046E54FABA7ACD885866F35383DA5C E Global\MSI0000

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "C:\Program Files\Common Files\ovpn-dco\Win10\ovpn-dco.inf" "9" "4e1f3ffd3" "0000000000000100" "WinSta0\Default" "0000000000000150" "208" "C:\Program Files\Common Files\ovpn-dco\Win10"

C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe

"C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe" drivernodes tap_ovpnconnect

C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe

"C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe" remove "C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\OemVista.inf" tap_ovpnconnect

C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe

"C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe" install "C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\OemVista.inf" tap_ovpnconnect

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "c:\program files\openvpn connect\drivers\tap\amd64\win10\oemvista.inf" "9" "4ecbb43a3" "0000000000000154" "WinSta0\Default" "0000000000000160" "208" "c:\program files\openvpn connect\drivers\tap\amd64\win10"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem4.inf" "oem4.inf:3beb73aff103cc24:tap_ovpnconnect.ndi:9.27.0.0:tap_ovpnconnect," "4ecbb43a3" "0000000000000178"

C:\Program Files\OpenVPN Connect\agent_ovpnconnect.exe

"C:\Program Files\OpenVPN Connect\agent_ovpnconnect.exe" install

C:\Program Files\OpenVPN Connect\agent_ovpnconnect.exe

"C:\Program Files\OpenVPN Connect\agent_ovpnconnect.exe"

C:\Program Files\OpenVPN Connect\ovpnhelper_service.exe

"C:\Program Files\OpenVPN Connect\ovpnhelper_service.exe" install

C:\Program Files\OpenVPN Connect\ovpnhelper_service.exe

"C:\Program Files\OpenVPN Connect\ovpnhelper_service.exe"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "2" "11" "ROOT\NET\0001" "C:\Windows\INF\oem3.inf" "oem3.inf:c695c3de07ba2b5d:ovpn-dco_Device:1.2.1.0:ovpn-dco," "433338203" "000000000000018C"

C:\Windows\System32\netsh.exe

netsh interface set interface name="Local Area Connection 2" newname="OpenVPN Connect DCO Adapter"

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman

C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe

"C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe" --minimized --opened-at-setup

C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe

"C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe"

C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe

"C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe"

C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe

"C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe"

C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe

"C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.179.68:443 www.google.com tcp
US 8.8.8.8:53 chrome.google.com udp
FR 172.217.20.206:443 chrome.google.com tcp
US 8.8.8.8:53 227.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
FR 142.250.179.68:443 www.google.com udp
US 8.8.8.8:53 206.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
FR 172.217.20.170:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 170.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 131.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
N/A 224.0.0.251:5353 udp
FR 172.217.18.206:443 clients2.google.com udp
FR 172.217.18.206:443 clients2.google.com tcp
US 8.8.8.8:53 206.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
FR 216.58.214.78:443 encrypted-tbn2.gstatic.com tcp
US 8.8.8.8:53 dns-tunnel-check.googlezip.net udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 66.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 78.214.58.216.in-addr.arpa udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 play.google.com udp
FR 142.250.75.238:443 play.google.com tcp
US 8.8.8.8:53 157.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
FR 142.250.201.174:443 consent.google.com tcp
US 8.8.8.8:53 238.75.250.142.in-addr.arpa udp
FR 172.217.20.170:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 openvpn.net udp
US 8.8.8.8:53 try.abtasty.com udp
US 8.8.8.8:53 cmp.osano.com udp
US 8.8.8.8:53 fastly.jsdelivr.net udp
US 104.19.190.106:443 openvpn.net tcp
US 104.19.190.106:443 openvpn.net tcp
US 104.19.190.106:443 openvpn.net tcp
US 104.19.190.106:443 openvpn.net tcp
US 104.19.190.106:443 openvpn.net tcp
US 104.19.190.106:443 openvpn.net tcp
GB 108.138.217.76:443 try.abtasty.com tcp
GB 108.156.39.5:443 cmp.osano.com tcp
US 151.101.1.229:443 fastly.jsdelivr.net tcp
US 8.8.8.8:53 174.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.190.19.104.in-addr.arpa udp
GB 108.138.217.76:443 try.abtasty.com udp
US 151.101.1.229:443 fastly.jsdelivr.net udp
US 8.8.8.8:53 player.vimeo.com udp
US 8.8.8.8:53 js.hs-scripts.com udp
US 8.8.8.8:53 static.zdassets.com udp
US 8.8.8.8:53 metrics-gen2.openvpn.net udp
US 8.8.8.8:53 connect.facebook.net udp
US 162.159.138.60:443 player.vimeo.com tcp
US 104.16.137.209:443 js.hs-scripts.com tcp
US 104.18.72.113:443 static.zdassets.com tcp
FR 142.250.201.179:443 metrics-gen2.openvpn.net tcp
DE 157.240.27.27:443 connect.facebook.net tcp
US 8.8.8.8:53 status.openvpn.com udp
US 104.18.21.80:443 status.openvpn.com tcp
GB 108.138.217.76:443 try.abtasty.com udp
US 104.19.190.106:1234 openvpn.net tcp
US 8.8.8.8:53 ekr.zdassets.com udp
US 8.8.8.8:53 js.hs-analytics.net udp
US 8.8.8.8:53 js.hs-banner.com udp
US 8.8.8.8:53 js.hsadspixel.net udp
US 104.18.72.113:443 ekr.zdassets.com tcp
US 104.17.128.172:443 js.hsadspixel.net tcp
US 104.17.175.201:443 js.hs-analytics.net tcp
US 104.18.40.240:443 js.hs-banner.com tcp
FR 172.217.20.170:443 content-autofill.googleapis.com tcp
DE 157.240.27.27:443 connect.facebook.net udp
US 8.8.8.8:53 extend.vimeocdn.com udp
GB 146.75.74.109:443 extend.vimeocdn.com tcp
GB 108.138.217.76:443 try.abtasty.com tcp
US 8.8.8.8:53 api.hubapi.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 tracking.g2crowd.com udp
US 104.18.244.108:443 api.hubapi.com tcp
US 8.8.8.8:53 76.217.138.108.in-addr.arpa udp
US 8.8.8.8:53 5.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 209.137.16.104.in-addr.arpa udp
US 8.8.8.8:53 113.72.18.104.in-addr.arpa udp
US 8.8.8.8:53 60.138.159.162.in-addr.arpa udp
US 8.8.8.8:53 200.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 27.27.240.157.in-addr.arpa udp
US 8.8.8.8:53 80.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 172.128.17.104.in-addr.arpa udp
US 8.8.8.8:53 201.175.17.104.in-addr.arpa udp
US 8.8.8.8:53 240.40.18.104.in-addr.arpa udp
US 8.8.8.8:53 130.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 109.74.75.146.in-addr.arpa udp
US 8.8.8.8:53 179.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 104.18.30.176:443 tracking.g2crowd.com tcp
US 104.18.30.176:443 tracking.g2crowd.com tcp
US 104.18.30.176:443 tracking.g2crowd.com tcp
US 104.18.30.176:443 tracking.g2crowd.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 104.18.30.176:443 tracking.g2crowd.com tcp
US 8.8.8.8:53 openvpn.zendesk.com udp
US 104.16.51.111:443 openvpn.zendesk.com tcp
US 104.16.51.111:443 openvpn.zendesk.com tcp
US 8.8.8.8:53 track.hubspot.com udp
US 104.16.117.116:443 track.hubspot.com tcp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 108.244.18.104.in-addr.arpa udp
US 8.8.8.8:53 176.30.18.104.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 111.51.16.104.in-addr.arpa udp
US 8.8.8.8:53 116.117.16.104.in-addr.arpa udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 js.hubspot.com udp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 consent.api.osano.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 104.16.117.116:443 js.hubspot.com tcp
GB 13.224.245.27:443 static.hotjar.com tcp
GB 173.222.211.50:443 snap.licdn.com tcp
GB 143.204.68.98:443 consent.api.osano.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 8.8.8.8:53 script.hotjar.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 8.8.8.8:53 cta-service-cms2.hubspot.com udp
GB 18.245.253.79:443 script.hotjar.com tcp
US 8.8.8.8:53 perf-na1.hsforms.com udp
US 8.8.8.8:53 vc.hotjar.io udp
US 104.19.175.188:443 perf-na1.hsforms.com tcp
US 8.8.8.8:53 27.245.224.13.in-addr.arpa udp
US 8.8.8.8:53 50.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 98.68.204.143.in-addr.arpa udp
US 8.8.8.8:53 35.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 79.253.245.18.in-addr.arpa udp
GB 18.245.218.17:443 vc.hotjar.io tcp
GB 108.156.39.5:443 cmp.osano.com udp
US 8.8.8.8:53 188.175.19.104.in-addr.arpa udp
US 8.8.8.8:53 17.218.245.18.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 104.19.190.106:1234 openvpn.net tcp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 104.19.175.188:443 perf-na1.hsforms.com udp
GB 108.138.217.76:443 try.abtasty.com udp
US 8.8.8.8:53 e2c39.gcp.gvt2.com udp
FI 35.217.17.196:443 e2c39.gcp.gvt2.com tcp
US 8.8.8.8:53 dcinfos-cache.abtasty.com udp
US 34.36.178.232:443 dcinfos-cache.abtasty.com tcp
US 34.36.178.232:443 dcinfos-cache.abtasty.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 widgets.abtasty.com udp
FR 142.250.179.99:443 beacons.gvt2.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
IE 52.17.161.168:443 widgets.abtasty.com tcp
US 8.8.8.8:53 196.17.217.35.in-addr.arpa udp
US 8.8.8.8:53 232.178.36.34.in-addr.arpa udp
FR 142.250.179.99:443 beacons.gvt2.com tcp
US 8.8.8.8:53 ariane.abtasty.com udp
US 34.36.178.232:443 ariane.abtasty.com tcp
US 8.8.8.8:53 168.161.17.52.in-addr.arpa udp
US 8.8.8.8:53 99.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 myaccount.openvpn.com udp
US 104.18.20.80:443 myaccount.openvpn.com tcp
US 104.18.20.80:443 myaccount.openvpn.com tcp
US 8.8.8.8:53 80.20.18.104.in-addr.arpa udp
GB 108.138.217.76:443 try.abtasty.com tcp
US 104.18.72.113:443 ekr.zdassets.com tcp
US 104.16.137.209:443 js.hs-scripts.com tcp
GB 108.156.39.5:443 cmp.osano.com tcp
FR 142.250.201.179:443 metrics-gen2.openvpn.net tcp
GB 108.138.217.76:443 try.abtasty.com udp
GB 108.138.217.76:443 try.abtasty.com udp
US 104.18.72.113:443 ekr.zdassets.com tcp
US 104.17.175.201:443 js.hs-analytics.net tcp
US 104.16.117.116:443 cta-service-cms2.hubspot.com tcp
US 104.18.40.240:443 js.hs-banner.com tcp
US 104.17.128.172:443 js.hsadspixel.net tcp
GB 108.138.217.76:443 try.abtasty.com tcp
GB 146.75.74.109:443 extend.vimeocdn.com tcp
US 104.18.20.80:443 myaccount.openvpn.com tcp
US 104.18.244.108:443 api.hubapi.com tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 104.19.175.188:443 perf-na1.hsforms.com tcp
US 104.16.51.111:443 openvpn.zendesk.com tcp
US 104.16.51.111:443 openvpn.zendesk.com tcp
US 8.8.8.8:53 sentry-proxy.openvpn.net udp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 98.179.250.142.in-addr.arpa udp
US 13.56.143.88:443 sentry-proxy.openvpn.net tcp
US 104.16.117.116:443 cta-service-cms2.hubspot.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
FR 172.217.20.170:443 content-autofill.googleapis.com tcp
DE 157.240.27.27:443 connect.facebook.net tcp
DE 157.240.27.27:443 connect.facebook.net udp
US 8.8.8.8:53 88.143.56.13.in-addr.arpa udp
US 8.8.8.8:53 31.249.124.192.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
DE 157.240.27.35:443 www.facebook.com tcp
DE 157.240.27.35:443 www.facebook.com tcp
US 8.8.8.8:53 35.27.240.157.in-addr.arpa udp
DE 157.240.27.35:443 www.facebook.com udp
US 8.8.8.8:53 www.google.com udp
GB 13.224.245.27:443 static.hotjar.com tcp
GB 173.222.211.50:443 snap.licdn.com tcp
GB 143.204.68.98:443 consent.api.osano.com tcp
FR 142.250.179.68:443 www.google.com tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 18.245.253.79:443 script.hotjar.com tcp
US 104.19.191.106:1234 openvpn.net tcp
US 34.36.178.232:443 ariane.abtasty.com udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tattle.api.osano.com udp
US 52.1.135.59:443 tattle.api.osano.com tcp
US 8.8.8.8:53 59.135.1.52.in-addr.arpa udp
US 52.1.135.59:443 tattle.api.osano.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 sso-backend.openvpn.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
FR 142.250.179.99:443 beacons.gvt2.com udp
US 8.8.8.8:53 accounts.google.com udp
DE 157.240.27.35:443 www.facebook.com udp
IE 74.125.193.84:443 accounts.google.com udp
US 8.8.8.8:53 84.193.125.74.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
FR 172.217.20.170:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 accounts.youtube.com udp
FR 172.217.20.206:443 accounts.youtube.com tcp
US 8.8.8.8:53 play.google.com udp
FR 142.250.75.238:443 play.google.com udp
FR 142.250.75.238:443 play.google.com udp
US 8.8.8.8:53 95.16.208.104.in-addr.arpa udp
FR 142.250.179.68:443 www.google.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 226.75.250.142.in-addr.arpa udp
IE 74.125.193.84:443 accounts.google.com udp
FR 142.250.179.99:443 beacons.gvt2.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 signaler-pa.googleapis.com udp
FR 142.250.179.68:443 www.google.com udp
IE 74.125.193.84:443 accounts.google.com udp
US 8.8.8.8:53 202.20.217.172.in-addr.arpa udp
IE 74.125.193.84:443 accounts.google.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
FR 172.217.20.206:443 accounts.youtube.com tcp
US 8.8.8.8:53 accounts.google.co.uk udp
IE 209.85.202.94:443 accounts.google.co.uk tcp
US 8.8.8.8:53 accounts.google.fr udp
IE 209.85.202.94:443 accounts.google.fr tcp
US 8.8.8.8:53 94.202.85.209.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 extend.vimeocdn.com udp
FR 142.250.179.68:443 www.google.com udp
US 8.8.8.8:53 static.hotjar.com udp
US 104.19.175.188:443 perf-na1.hsforms.com udp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 8.8.8.8:53 try.abtasty.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 108.138.217.10:443 try.abtasty.com udp
GB 108.138.217.10:443 try.abtasty.com udp
US 8.8.8.8:53 10.217.138.108.in-addr.arpa udp
US 34.36.178.232:443 ariane.abtasty.com tcp
US 34.36.178.232:443 ariane.abtasty.com tcp
US 8.8.8.8:53 sentry-proxy.openvpn.net udp
US 8.8.8.8:53 www.facebook.com udp
US 13.56.143.88:443 sentry-proxy.openvpn.net tcp
GB 157.240.221.35:443 www.facebook.com udp
US 34.36.178.232:443 ariane.abtasty.com tcp
US 34.36.178.232:443 ariane.abtasty.com udp
US 8.8.8.8:53 fastly.jsdelivr.net udp
US 8.8.8.8:53 cmp.osano.com udp
GB 108.138.217.10:443 try.abtasty.com udp
US 151.101.65.229:443 fastly.jsdelivr.net udp
GB 108.156.39.5:443 cmp.osano.com udp
US 104.16.117.116:443 cta-service-cms2.hubspot.com tcp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 8.8.8.8:53 229.65.101.151.in-addr.arpa udp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 104.18.94.41:443 challenges.cloudflare.com udp
US 8.8.8.8:53 41.94.18.104.in-addr.arpa udp
US 104.19.190.106:1234 openvpn.net tcp
GB 108.138.217.10:443 try.abtasty.com udp
GB 108.138.217.10:443 try.abtasty.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 104.19.175.188:443 perf-na1.hsforms.com udp
US 8.8.8.8:53 widgets.abtasty.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 script.hotjar.com udp
IE 52.30.148.144:443 widgets.abtasty.com tcp
US 34.36.178.232:443 ariane.abtasty.com udp
US 8.8.8.8:53 144.148.30.52.in-addr.arpa udp
US 34.36.178.232:443 ariane.abtasty.com udp
IE 52.30.148.144:443 widgets.abtasty.com tcp
US 34.36.178.232:443 ariane.abtasty.com tcp
US 104.19.190.106:1234 openvpn.net tcp
GB 108.138.217.10:443 try.abtasty.com udp
IE 74.125.193.84:443 accounts.google.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
IE 74.125.193.84:443 accounts.google.com udp
FR 142.250.179.68:443 www.google.com udp
US 8.8.8.8:53 cloud.openvpn.com udp
US 104.19.175.188:443 perf-na1.hsforms.com udp
GB 108.138.217.10:443 try.abtasty.com udp
GB 108.138.217.10:443 try.abtasty.com udp
US 8.8.8.8:53 ekr.zdassets.com udp
US 8.8.8.8:53 general-billing.openvpn.com udp
US 8.8.8.8:53 cloud-main.openvpn.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 34.36.178.232:443 ariane.abtasty.com udp
US 34.36.178.232:443 ariane.abtasty.com udp
US 8.8.8.8:53 condorssd.openvpn.com udp
US 34.36.178.232:443 ariane.abtasty.com tcp
US 8.8.8.8:53 billing-backend.openvpn.com udp
US 8.8.8.8:53 cv.openvpn.com udp
US 8.8.8.8:53 ls.openvpn.com udp
US 8.8.8.8:53 cloud-user.openvpn.com udp
US 8.8.8.8:53 publishing.openvpn.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 google.co.uk udp
FR 142.250.201.163:443 google.co.uk tcp
US 8.8.8.8:53 google.fr udp
FR 216.58.214.67:443 google.fr tcp
US 8.8.8.8:53 163.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 8.8.8.8:53 tattle.api.osano.com udp
US 8.8.8.8:53 sentry-proxy.openvpn.net udp
US 52.53.110.157:443 sentry-proxy.openvpn.net tcp
US 8.8.8.8:53 157.110.53.52.in-addr.arpa udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
FR 172.217.20.163:443 beacons3.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
FR 172.217.20.163:443 beacons3.gvt2.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 163.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 216.239.32.116:443 beacons4.gvt2.com udp
FR 142.250.179.68:443 www.google.com udp
US 8.8.8.8:53 lh3.google.com udp
FR 216.58.214.78:443 lh3.google.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 i.ytimg.com udp
FR 142.250.179.86:443 i.ytimg.com tcp
FR 142.250.179.86:443 i.ytimg.com tcp
FR 142.250.179.86:443 i.ytimg.com tcp
IE 74.125.193.84:443 accounts.google.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 86.179.250.142.in-addr.arpa udp
FR 142.250.201.174:443 www.youtube.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
FR 142.250.201.174:443 www.youtube.com udp
FR 142.250.179.86:443 i.ytimg.com tcp
US 8.8.8.8:53 play.google.com udp
FR 142.250.75.238:443 play.google.com udp
FR 142.250.75.238:443 play.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
FR 216.58.214.166:443 static.doubleclick.net tcp
FR 172.217.20.170:443 jnn-pa.googleapis.com tcp
FR 172.217.20.170:443 jnn-pa.googleapis.com udp
FR 142.250.75.238:443 play.google.com tcp
FR 142.250.75.238:443 play.google.com tcp
US 8.8.8.8:53 166.214.58.216.in-addr.arpa udp
FR 142.250.75.238:443 play.google.com udp
US 8.8.8.8:53 ogs.google.com udp
FR 172.217.20.206:443 ogs.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
FR 142.250.179.110:443 encrypted-vtbn0.gstatic.com tcp
FR 142.250.179.110:443 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 widgets.abtasty.com udp
US 8.8.8.8:53 try.abtasty.com udp
US 8.8.8.8:53 fastly.jsdelivr.net udp
IE 52.30.148.144:443 widgets.abtasty.com tcp
US 8.8.8.8:53 cmp.osano.com udp
US 151.101.193.229:443 fastly.jsdelivr.net udp
GB 108.138.217.95:443 try.abtasty.com udp
GB 108.156.39.49:443 cmp.osano.com udp
US 104.19.190.106:1234 openvpn.net tcp
GB 108.138.217.95:443 try.abtasty.com udp
GB 108.138.217.95:443 try.abtasty.com udp
US 8.8.8.8:53 229.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 95.217.138.108.in-addr.arpa udp
US 8.8.8.8:53 49.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 extend.vimeocdn.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 static.hotjar.com udp
DE 157.240.27.35:443 www.facebook.com udp
FR 142.250.179.106:443 content-autofill.googleapis.com udp
US 104.19.175.188:443 perf-na1.hsforms.com udp
US 34.36.178.232:443 ariane.abtasty.com udp
US 8.8.8.8:53 106.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 swupdate.openvpn.net udp
US 216.239.34.36:443 region1.google-analytics.com udp
FR 142.250.201.163:443 google.co.uk udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
US 104.19.191.106:1234 swupdate.openvpn.net tcp
FR 216.58.214.67:443 google.fr udp
US 8.8.8.8:53 tattle.api.osano.com udp
US 8.8.8.8:53 57.166.221.88.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
FR 142.250.179.99:443 beacons.gvt2.com tcp
FR 172.217.18.206:443 clients2.google.com tcp
FR 142.250.179.99:443 beacons.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com udp
FR 216.58.215.35:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 metrics-gen2.openvpn.net udp
US 216.239.32.36:443 region1.google-analytics.com udp
FR 142.250.201.179:443 metrics-gen2.openvpn.net tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
FR 142.250.201.179:443 metrics-gen2.openvpn.net tcp

Files

\??\pipe\crashpad_4212_KSBCPMRIJGORDBEJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 2257803a7e34c3abd90ec6d41fd76a5a
SHA1 f7a32e6635d8513f74bd225f55d867ea56ae4803
SHA256 af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174
SHA512 e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 d9ae456eff941ae5dcaa0b496d4a357a
SHA1 ddec1232b3e97b28e72c47f21c483955b4612064
SHA256 48769bfbf84983ab59aee502ef249067a14f50c1f1c5617c5e2f59adc72a672f
SHA512 b85c17f2bf9c5c16179e307bad8bf759462e2f2956b27cc11dd8999b59902502fab3afad022b3a2ad6a854be2458b8d4269b432e3c6d1de3dd6f2670187c5859

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 45ed841928680bed4adc3590f6da5e9f
SHA1 5ee0b6e770822f89e55f72beb8d4687b316f7da5
SHA256 1677847c4e9692766251cea9994856afaa5dd8f89b09488c065a3737d7acc8b3
SHA512 879fe5fa703d509bf6a4306f6695c8a656830a9570496e09832fad8481e36faef8e2b2b6b579fdab4ab2229cb1ea21232a9be68a9ed8906012640ef0b3853c8e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 46d0d71911392ce19729a8276101f3d0
SHA1 c4d3b8528c5bbad59b9858295cc5fade06a971a7
SHA256 5bc66e3187cae8278524292d8a377a3d26053d857491638d48d0423e74b9cdf6
SHA512 1e2f5b2e20f78b65c9352a85d669ad8f37df58ca1b7cc3fa81fe8e6fb05697bccd46a3860dcaef1f3cc466af6b0a7552de9af84f7e7b383404e6fe108b2ae0a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 08977f97c3588127c963e953ab57efa1
SHA1 50fc370da52b15172b367e07c49de1b20ca914f5
SHA256 b81433600275729d66aeead759dcca2ef727cdc1ab2dbdecc1337a3fe7424fa9
SHA512 ce134e8c0c8a449a6f5002abb579d71b78a5a9ac24f1c496b40423c82cf9bfd10f16be3b06c1ed8f3f95619167d418d1cce21d3563b268f0370e3913d4140dae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 433b39558c6daf846644299061ce1b0a
SHA1 11835399b0f417ddb70c7e2e7434eb2392c4a440
SHA256 78b77f5b02c6fa80c65b824b363b902f7fc06d98e8db0221f17d3f094de08835
SHA512 043aa8b043f5fac8b99fbda4242fbd86408dd41c340a4258ed81ea63d2ce4f6986f1715ca8be561cae8fe321aa92b043c59de9047891beec7526668d52ae3a5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6237267f740a80d25810a9cf0e976563
SHA1 901e366a54862bf93db4f5a0a85a3f0dd25ec215
SHA256 feac9fde73fd9845055a0421d2c1ebe0b49acbc0a0a125f67fc9086cc70d6f01
SHA512 c5970d87ae347e3d01ad713b0ff110b3ef0cd274b0fc415891fda94dd7870c73be99e57fe166e4fcca7e25f0951312c4812e5bd1470093f29560320f8adb7046

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f0f9886eb899ee74ab2d52b016a38964
SHA1 8313726b106c7db87b4b69d16303ffbc97826bac
SHA256 48cc12b90ddebbeda67d38429b99c3a370678dc559ebca300a03f1eec2ecddf3
SHA512 e4f7596c9451dce2c47a4f342ce1a1632dea81d0f840883c1fc455c908de79e11563e648889c04685198f3ecd36bd6b2bce30d7d2342c4529939606c1f1bd5ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2547ce44338e62e71e8c0aeb1d00ef7d
SHA1 61744cdb41162360ff89fc96c63e53175cf0537f
SHA256 75d3a366726c961409ea7892fb9bc39d65720ddb2402d09db0f8478e7e88e9bc
SHA512 39c48ae92e4fddb3efce5ce657ff291cf60c145c1a96e8ed498e0c365380da411d2905d1effa91f1415d35feb9d052e9adc7a55dfc772a9f68931cf4667b853c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8c8b47e483a72106da43eba19dc288e7
SHA1 c31f849a746b3dbf521a069e4730ee464f456f03
SHA256 37fa5d47180cc7547386009f9bb982905585d56e63fef1043088a74846b362f5
SHA512 24fbdcec0c889f007a650a6fb0f8d7ba1cd178723f327d2c28e091e471f8772d974a3756e72b869cda35d321dc504e56a704b1b4775219b76dc69c9e63ed40a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0487e0319eb9b680d709e8f0cc85b1b4
SHA1 7ff1f32fd9c334aef96ccafbf0fb3195643b75c1
SHA256 bc4662172fb694835baf32c0cb2bd5ec00d8c6d3299729bfafabdfee72c1f39a
SHA512 cad35800e870c6248557d478f292c669b2b5b0c59400e8714aa938191bd9f4e31349d0fe8be2722d30fcd6f94c097cd1424b0e2bd8c8406e2496f8abf8c8a23f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 674ff7936bc7b1538a2225cff37220e8
SHA1 3007017324772fcc3666f8cfc33f7d413b6095b7
SHA256 f9cee3cb3f1f5092aedaefacb5958ed9396ee96cbff4e39d4be925930f4a59df
SHA512 0d235121df2c7c33a81fe9e6a2241264b2529cd60767199b078a1bc441824318c4e6efafaf77f385a0ff766d6f3289dc246ec4dfb01b800c89f1695dc1597e39

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\c873a2463adba20c0ca18252925970bdb41c9325\6da2343c-4f96-485f-8cb4-447541cde19c\index-dir\the-real-index

MD5 3101f0ca197fb96c5d2152fccfe241ae
SHA1 5216464dc3ce8216ab0e427cd2d54995d0b909ce
SHA256 0c316c0abd0ba87999e6237ef9e53655775261b5ccad44e269c66d6a55437a46
SHA512 0e0b7dec2e9273144e118585e9622b63975547f59cca2015f068a29fb157bf3362256f8f1c4b2f0a62df6d8959c16631f8d8fd2e3341948944476b4d43510f18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\c873a2463adba20c0ca18252925970bdb41c9325\6da2343c-4f96-485f-8cb4-447541cde19c\index-dir\the-real-index~RFe588846.TMP

MD5 6af4ea49e719780144a68a3de4225623
SHA1 0a243b0e75396835ae6bb8341466233f6202ba65
SHA256 70cdd95d77374a66e422e68ee2349fbcbb421ea30b4c437b9136b49927fe8847
SHA512 329110cc1a7c9dba7eb203a6555366ee67c1df183a83c85ed1d521f80e57e4a4f135de0a3ec67ee5714dd1316bc13e438e178786bbd0adae9ffcfcceb57329e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 513b9a0bd6a75078caaa24a06c46f5f4
SHA1 f5436e4d55928cb0a1625e8afeea9df74ecbacfd
SHA256 87c874afc4572512a056e6b221f3c51d40dcc7e85956998f67513858ec8e1190
SHA512 fc00accd525af3fc24bbd0f6a3b04cedf3dcc278718f2a32ac83e26bdd51e78d4085c3f7ce529994ed7ee85b869d787c6cc93767b5cf282c46dee87b7b9cb430

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fef45a1faace4af5fb000c2e214d98bd
SHA1 76fb7e4d6e15f91b54a97adbfe65f1a0361c3219
SHA256 f2b59b5eebb52ffd6161cf0fdaa57bd4c3834e836fa249fa3731b2255bf07d70
SHA512 3d0850ee7f4a78e3e2e3cd8da9669e11160650b8f450d73eb62d3dac3daac7ba2489bcb619162bcfb802fe4984067f35ac9020a684f20f71f5840d39aaa24444

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\576e1629a7b3157749e39c77919733b59c33a464\c3e4a4cb-3be7-4f1b-b4f5-b0f3c92aaa44\79be68a228ac061b_0

MD5 d0295c2c4209ef5afee78b9671edaa8a
SHA1 3418d470a679838bc65a7da30a0506ab3e78a963
SHA256 7a53abf3cc6948b61cf336b9c35eb607662a879bb794a0026c0566f15e5d5ae0
SHA512 b65a711b1c6953cfd947612ed05696e66230b62804067fd00b712e82ebeb6976beddced87b93861b81d816a11b5f0c426a52c3f0bfb9f3c152a9b85265dcf7e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

MD5 c5519496aabfe20a3fb5dac25a1d7d09
SHA1 b6c06d59ea2afdda10fd890e1c1cc1f7f1ca8bca
SHA256 916e76b8908bad9a1b9c83134e754358a97fb7edd0468e226bfd49a11982fe7f
SHA512 ff2527b1369654cf9f87fc6a1d1fb3ae9c97c85673509e8b404954976ef34359f1c8c4fb1b13b7576c2a89011beed38768388c72c621cda4ba6970aa589ea4a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

MD5 24f2844ffb7ec0232cf43c33c58e7a0b
SHA1 4673879bbf42eaba904ee685f48958e93afcff7b
SHA256 3ae51c748eec4bba7a81d614f235ac8b5cab6617ef49e232d6866af3996efa7f
SHA512 eb2bce5c4c57633680cf1cb36a6120a48ed9b41dbf4fa4a9e45f8327d5f155b7a8fe9811f1b93c8ea297631985c81513f18ba556ba2f99a2cdc7bae80663a2ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

MD5 8f26a69ee4714d9327afb0116c9a66c5
SHA1 c205e5c3e53725357cc4b56f11f0b876217e4692
SHA256 e365475ef8b86e1139d5d859e663cba9af5b817fed33162ce3ac149aabbdf739
SHA512 4d087de4649a2a4615c2bf478eb8620f74b79b782d9484df3f9634bb22027118bc82d5f9a334c3af85a16e6439ad8fdf1c35c5e598a9545244f826f84e27a7fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

MD5 0e00b102f51884302e7da43673e7cc81
SHA1 ff2573e30409e220f25ecdcccde06ec3934977b0
SHA256 ad782b31f1fd0f4c76994c67d33ccdc981b32773cf455fe742a213a12bca28b6
SHA512 9ceefdd0f73124fd0dc1083b1f6fd5d2f5bd8faf1990e44fcea1dc9b0af3486389ee0a269b3bcf2587525a7803c520f092c154d2b43aaeba6e3457a42ee1d254

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

MD5 1a4bfcb88a941178bcfa086353a1a437
SHA1 fb47467b882418a96617eec05b7f868d6660d965
SHA256 d9f906d6e3f9e55538733cc9600db193a6fb5c8c83a3a65258037125d4a9f743
SHA512 c86c12dd76ef6d51dd019c6fd0f0e9690db1dc012aa03148346ec65ac7fdcf4c55b321f145628745eb6ef2f5661c944a6522ea0c75eacd624094ce8b8d26d96d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

MD5 d047c018a59660619d29ff8720b61476
SHA1 f1150b1e4371314aaf0c23228a88b324f276c5e2
SHA256 5e307383ec80e5449a4fb649f14ce51fe400646929fd8cdb44bb7ce04814d130
SHA512 63f4715e6fe5dffc7a3887630455d47373252798e2881a2acf9613f5057fc2ac5792f5445d4f8c52e77de8914213a079368978d11eb022e982f1e31a65a3a844

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b52be29a4993fd50321d690444b84323
SHA1 848e5efbc7ca8716172cb96f923fd37b544995fa
SHA256 df4f22e992c72c06dc043bae5c27d96897836da815ab0e353c910e7528a9c0fc
SHA512 57f0297489c9f1fc1a0f0ae7cf6aeb69798c5c66b57ab2f8bf22f7e611c6b111375c48e0d6af0dbce4b3c134f73e5293a27d6111f38ec54f9e2332487822034d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

MD5 c7499ca185afb8a4b149196d729b7d1a
SHA1 515a63fde84030ddad31b84390f9ab655637705a
SHA256 517f12733d8c3f36f4acf51221bba37f77af472a283b7e65e9c6fa6ec8615ead
SHA512 4737416dae70e637999ec218c38d176ce2571cfe892b704bcb3a68cfe4c0a8a2deea50f9e1cfc2f70da05126d748df73747e19d72f983eb335ddd350068e23e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d6e5e4725a810852b831cf409a21a6fc
SHA1 25584fb2cb40f746e487a4824a977afd179267f2
SHA256 31f21f93a8874d28e96e85ce5e34ed58c46c1aff5ffc7d7a12a774771529ecb5
SHA512 17acace470d596b5191ad922a64bf6696880f297b87aedb358ad5dd2f96c902ad22331a2e4b8266f31ea7d6b17ce0f9e478dd5549813402b82714f5f4e3147bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

MD5 0728625a147ca79276a1790b9cf3175d
SHA1 60d4d776f49c7e1627a935314230dce18fb3b382
SHA256 a9a1ce7d77f651dd85dbbbda3c151024e47c5c85569801c994cca98c52e3da71
SHA512 647fa86e7a24bad9b8e4664dfdde280fb2df9c0b58cda936a1671d4bc3a4cc314f0ae231bd26fcacffad0a428b9891cd04df63c6631e2aa6d18d8cbde5b654b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\c873a2463adba20c0ca18252925970bdb41c9325\index.txt~RFe58b800.TMP

MD5 491e38d1e8ff514f9582433a7cf836b9
SHA1 a87fd9978dffff743a193fe87be084d4d4fd694a
SHA256 3e8ca66cb0e6ed20860e7ce85d873982433065c5896b1bd967052a9a76e53666
SHA512 668cdca7d9cfd555db918894e303a4aad446b70e157200b0118d354ca140d421e694cd550a782c8826ab03d6ea428d1ab7def733ee2308c6c73a558edfea07ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\c873a2463adba20c0ca18252925970bdb41c9325\index.txt

MD5 4def4664e9f3ef566faf626e819c18ca
SHA1 28dcaacc12201ae9613a04f59c75421c07ae9fac
SHA256 680c06334dddf0441eb7076d029397586aabf8528d62c8e7bf6ad070673c00f1
SHA512 f9cbf4ab907e417eb72a6e66b2d0d3c27e40429f12856b8a1c9c6c86b6113c1e57bdcc7a30323d7d67a2633164c39ae522176ec5146407740f127d60abfb77af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 588388734f39b3be2d393cc1801ad11b
SHA1 afddfaaf84029e9d3a534bf33d55e4d5dce8b68c
SHA256 c4b54e81e8eff7681c365f69475f81c3b6751cd02e6d9d1387b28f4303f2e838
SHA512 ccbf91cf5a35a4dd195531ec72a6232824d1f7bb540b533a8c868ddd394d474074d57b21193612e38fe7512499ebd9d380bb003fb74cda60009932f1adabfc12

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 059f96dd97c4528670ba158f61a57cf2
SHA1 9461d59732b9e60cb48a425726f380e585d4bec7
SHA256 c9d22b1bfa82e3ec7e65d13ccaccde28c5a038c8565f5ff3ef067e9b6d9afa9a
SHA512 0ad4c8e20b654358190201b8d5ded6f5a819bcda39a7226ee1c3fbee048f662b3b4c8f8428068ed69a9d5516d600af09d5afd3674431552d16f3a64938e722c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\576e1629a7b3157749e39c77919733b59c33a464\c3e4a4cb-3be7-4f1b-b4f5-b0f3c92aaa44\index-dir\the-real-index~RFe58ef2d.TMP

MD5 5491a435006717016f5a3e78feed6292
SHA1 45ec5ee40674b575f7f1f311833de7969746e0c8
SHA256 6ad8f422ea48fe298674e9c01cf9b286c3c4a738c998b95d1cda38dab39a6792
SHA512 bc06388b01e0b18f780dc37fd17c8a3555dc5b288e37c1b684054a04557e626aa3554bac69212842152e2b859a18d9db1630feb65bf72e8f85304ec830f645c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\576e1629a7b3157749e39c77919733b59c33a464\c3e4a4cb-3be7-4f1b-b4f5-b0f3c92aaa44\index-dir\the-real-index

MD5 92a1608d0665bb5a20848eeb62f881b2
SHA1 0cc2453d1347fc7179ec167a2fedf6eb16cf9a38
SHA256 d4f70cc1ca640bdd73115401e48189c335f1f29a109db1227b1178d55f9bd827
SHA512 2dc0e6104a3cda3bedbc94a96213848c5694f6c02d70cfe3fa8535fd8affe93855ec04bc7dcd6d2d7e0a483895a076bc7fcfac47655d78f46474743468ee45b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\576e1629a7b3157749e39c77919733b59c33a464\index.txt

MD5 0028c3fd4d160066ffb8f605d8da1109
SHA1 adcf4ce41944e8c7533be557b79c542c796538db
SHA256 dc383554745c172f2b2cbde24bc408e273739accf9ae5389bfbf1d12758b2f54
SHA512 011c50b2b7d861c5918117826eb5a5b7063e1b82dce5228362c72defdfb8fce992434cd711c901f4e3982bcdb8f8adb176b2caf2a3e3e9c1daaa3e6cbd95557f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\576e1629a7b3157749e39c77919733b59c33a464\index.txt~RFe58ef5c.TMP

MD5 930558b50c7436a69388702a6885b6c5
SHA1 90716c6d9f818b220f9a4687451bed118f75a936
SHA256 3761f2d5a7802dd4fc722afedaea171fcf5e6f09f50befc47656eb8bc59edd38
SHA512 91279b4b716e144fc38a364b338bbc3410970846aef556959154fd9219ddbb6e09001b6ba07973f939573bc424b6ec394856821f0bf49338da084a65765a01e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b4eebf6bff8f98dafd7ef0cc4ead491e
SHA1 36e2fe713bc9d7ee351ec3b022eddd1735b5ad60
SHA256 f4d028627a66a30b7501d2e5ffb0568c389e005e910070cd31973538c8d8da6f
SHA512 400dd5a469040e370e87bfbccc985ea0ee5d154f17e9d01f179ff066a816156204ffcf97b5d13b7020ea6f907e4f2d9f7d17a88b663119ff0c9e31fa71ebd0b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 532c66648caea588ea4059007a69ca52
SHA1 3668aee55aa3aa5cd93c080748764fb854336206
SHA256 a56dca98f1a3f891633c130309201b408b6660ced6a5a99183281e1c05e8030c
SHA512 8659d598b61f7cfecd540cf87885246b8a012c87b0d485c2509429871b23b8a650fc0ac742034e9054d85bdd8b6293f7a7ccf49bc42b406c35aee01977022150

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9219fa2ac44c4d15449bfb9a43f6936e
SHA1 917a34775cc0121a1bbc5182f4cb14f00c16a4d3
SHA256 a7edbb95e6c1720b2a98f76904bdfdbc13c323131feb4ae9b3caabcf058ef56e
SHA512 10327b4eaef89be206f2a7a750a57b751fe707f10ef34aef39ffb607f814ba59870a009d67aa76b7e658959044bc48b18e5aef391ba07e5d7bc011a5cda14779

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1c1a34f8a332db54b362839b79cc6ec0
SHA1 e109f452460154739ab75012a3d6eb288ebf2138
SHA256 f8f312dcdc89fc29b38390ef81837bcfcbdea88d0ad27a96eafb4e391fc5c952
SHA512 99265721919967abbb2f93a88f35a9729323e2f097201c422a409280b13aa783d59c9304701ad2c146cf1e858b9f012c45b1e76f408afa810d5641d7faef95eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d9c4f1ef2e968efc6dc83f61693c7569
SHA1 105c758af8cc0b12e18c83fc5d918d628000d36b
SHA256 2be03e0f369ec3693649d5cc1c1ab73f72c458b9792157494a6b6bd75beb46c4
SHA512 db9b6f4128a7f74bd9e94db55b21b7e4b7ed0cad00c202456e294564c6e6ca1b0f708b51f828215aaaa49d9459fad98662b3badec71b9e8356d1d9c9cda72da5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 87d76f390e3a7e88bc995fd2693db085
SHA1 805452804876973a73f965171abeca3d66d6eea0
SHA256 0f655c592e35e8e09cedde55bf3c3d007caef424e8bed8920e37f4e44612ea80
SHA512 355c4a4f55da8d46eaf3e3f3d73d8e9f12b4f1e0966248601baafab6d1ec4908d7c7e11227426ef7b291ffcc92dc0086e899cf7b5a8d554b3c11fd948a31f8ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 904f68c8a198176599dc64b2b904c16c
SHA1 1d9469e6917d5535b72cb7dfebfa4cb1f680f026
SHA256 fa9b781b4b7160fd92aa7d33cf41b358bd0d9e3d2616e6d6a0c5c14d28ad6198
SHA512 eb2aae2b261a954372b3c06e41776a08b8a0cb7418e06ca57537a2bcf7f076f5b0dbe38596f6353254ed45eaefde87337fa11107c0a068dfb7acf963f82646c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e1866aee155de42c90da4e910addebbe
SHA1 5eb5279bc6333dabe1f0af82b3132709789fd559
SHA256 858d492b9a50e9507f9c6816bd9a2945ae2b6d02e8990d7f9daf80386ae18f85
SHA512 9a861f5b78f60f63d51f5f67c465fb2b208cb15cfb7c8f7f77e939c82acd71ffd569af207ce464a3de8b05d2cb071c047e6dc1f522c25b1c777f73c34709a779

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f7e3da7a59228c8a03e39c804f9be56f
SHA1 34e285adfac2a3faf92f7a573e7d867142b27852
SHA256 fedffeb8aa201c1da31fbb796e15281488421f7bead497c0666297351c4a4567
SHA512 8eafc8b83914127a0a21619d43ca995c29bac17f1b83cb8f35edda442b38be1ee09d2d6e8dccf4d09f579c1682cf809fa9d3a631ebdccd2cb76f4ec659561d35

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 94d99d34472ec89f5b41c19461745ffc
SHA1 1906a62eaa49ba9f35d9c8a970449fc662032735
SHA256 ede39f1399e29a9668bd3e48e7f14d9efe4d25b1158646b9420e47d09a9ab7f2
SHA512 d699869d843148fc3616e54b248a653b75a1ee9f18f679c6b86cee6093941fd7015f1f35e36f831117fce7e0ef833d42642b570dbf364ce000bd99c2c354cb2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cc38b956515f28ead944f7ce8d128e8e
SHA1 d313f6142902d2360e18726b97ad9e4aae36f3a9
SHA256 2d4fce09f064f08c5b04b10c4a92e4ef06571928060d711d69e1979e10c6bbff
SHA512 611818a36ca7ac54d14a0b8156364c7fcd23189102ec95ea88d04a8c698fea43f4061d263732fb2547307781e19707c791a1d176fbdde6fe31565edb85c4b083

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a61b10461e2888777d54f1c0d367748d
SHA1 e60d17355db1e33c1419a7923374e235f547ab88
SHA256 7991f9456a4999a4b12dddc2f26477d4bc8100f820a3243a4a6c2cd982fe4bd5
SHA512 a8e374f7bb52b2fbca269e16de07ff811704a982f9ee6a073cd1a075ccaa50d5c0df65f58cec0a7bd3e9f1572aadd1c5e0dcc3c2c6fc2ed2fc8527b4ee273ff5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 224aec19d28d813a692ce79df77da42f
SHA1 69cd9be93ee79b4e824205b22cf1df3485c8e289
SHA256 3ab657ab84a46d1487af2e370ed79fbf45ea920806125c0641f438c83aa0590a
SHA512 d19683c89625726fb60a1bbc96f378763fe00c1b01b90e616682e4a7778968aab0b30dc4b4e95c837b39a9cc8822b21633ba5dff26344646af0f029029d21429

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 21297a6e08eb1500ead4e17836a98a34
SHA1 6a9822a1a83c72fa48f193ab194ce3c84799605a
SHA256 4af8edd29ed22e9dcb567553f0dde9754850b47cabc2b602f5a3fef6ce12347e
SHA512 30ce193264339b492a9dccbc0e24619863f0693f31591a30e4a41df2cedc9d4f88624d75405572355abb3ab0d45009fb15ae6a46f0f0c9b6768fa659f4f5afea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f31d7928cbbf437184ac0643d84dd011
SHA1 397c65bb28409a463ca4a7b269bd7e47fd96c21d
SHA256 a68e22265711c5ebeca0e2ce85dfa5899a99b9cd728bfa49e09547cc1b8cea74
SHA512 806c19f7ec5bf81db3dd82977c38b65be7b938c6ed45736fbd68cd3c5ac5f8986634d32fb655820de8428c00349405b94dd881925b6c6bf97ffd9de568ee48c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 23a7e6b8b3fcdf0816e0f9e232b58690
SHA1 170c2b0581602ddc61f9e60227ba8a2c133791ed
SHA256 b30038ea18e77a2d2e81d564f55a8e719c18df97a4750ba466df244549962334
SHA512 6e9b8917baf70552bb46b1e5009f97178a23977e117ea96d91d0dac9d6e835db211852c67a1cd695b2e9fd26410e44939f0b80d6c8774894665c34061b143723

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9bf39a3145253b4e3193d07a2816efb4
SHA1 07d9996ba1a84f72abb8d3103b163e3dde5d1514
SHA256 cbddf06b26c2d65fe7f17552ebd3e67c6cb13c62cb12d46d616174db8a4d1ccf
SHA512 dca6738396df09c1109a8ece598fe62f595a1932c64e90f3d72118a8d9dae993654bb26d5d01ca47a24bc9ed7a6da2c56376ffd4296105167e7af053b297c5e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ff9ea38d48ce52b00c7659753728e4d2
SHA1 4ac3c15f599337284a9a43dffe2f8b51320145bc
SHA256 fcc6b6bb0a263157703c88ced5ccb892af6c548eb2556a3da557a3a86f230823
SHA512 63c2100ea313e6f7f761fcb0960cd3d965f5132d2d8aa42a3c52a6e5cb74577d3722359daa55dcb5aa298ea654cdce2874177607f102b7b472b29e0ca8a2db13

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ee460e5724e7fb805f7c7c8358480cb4
SHA1 309ec948aa6603a5d1b44382ffa5d6c83d41bd9d
SHA256 729a0c5520ed32a17d6aff9b78ec1e709b046cf88970afba47005f4eae9a8a72
SHA512 43397eb80cfe5332e52e86c652a2e96aa73af730ef5e0e90eb92ab73d63c1e15e1fb31173f57b4357f38362c9adc440a5fc2196796eb8370ef53b35dca46dacc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0a28154ec4cf5c696658066e24851deb
SHA1 c9f647d8b14faf9fb18b6e509ae1c62e272e5057
SHA256 2a72e610c2cc0a1db9807fb59c528d6c8010f3781f3bfdb2cf65083cf32aa8a7
SHA512 e2c3f4e52c5ea7fcd14b5dd65668fa0a0ac7700f712bd01c3c1ccf175c1215e681f0b51605a68cdccea4852b4e8db2df17abb9e677d7cd6f07ba6869d59c8d7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ffe5e0c405766b7ec33eb146299f9b03
SHA1 fecf1ef1d09bf216d837eb8d8cb0a458759c2590
SHA256 1bb6362bcabdd4acedef0b46699c879abab0dc3a54998a6a01c71578633fb23d
SHA512 068f1bad118fa459e706c9c92abced9bd9e97f9d250964b0cb984e8d901ee8209515450becd62ab1148debb55ae20a75c2b1c99aa6b02ccf36319fbaf1d905ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 08b86d32eecf410747ec6e09df3cd25c
SHA1 1244cd40c552fc8d977d95ad35b230fe24efbd74
SHA256 3ef40b88e1d160aaa5cb012d00c6a024a236ba968c9363cdc5f827d1a2f6348f
SHA512 3fb884a30c6ce820c2407c37e577f6ae2681fc0b1aed27519049c988b28ec6be6f9b0bad144ce12eb0c730c393b6e507e162a1702c71212212a86ea6e063b77f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

MD5 97cad6e82305d8ea4fc1421b68d27a80
SHA1 68c53afed1710c797203c633f53c8b410420af94
SHA256 557ae8d90c827c612e6a23e3f1174053647f757577cb121c3fa42f9400849035
SHA512 dd3391d9ffd54fcab9647f5290bac330276b651ca77ab4d0820bbdaf43ebe4ace780d534bb35e723764dfe1f27d770eca8b3a0b0a264f041ba7f02f8b26f73b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

MD5 8e433c0592f77beb6dc527d7b90be120
SHA1 d7402416753ae1bb4cbd4b10d33a0c10517838bd
SHA256 f052ee44c3728dfd23aba8a4567150bc314d23903026fbb6ad089422c2df56af
SHA512 5e90f48b923bb95aeb49691d03dade8825c119b2fa28977ea170c41548900f4e0165e2869f97c7a9380d7ff8ff331a1da855500e5f7b0dfd2b9abd77a386bbf3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

MD5 8dfa6923218130170936311261c0d2c3
SHA1 01ce7ff90ab665e7361c15dcf04c5bd296751e06
SHA256 5c8542e78bc8062d0ee49401e52d7ad8c35f6fdd64a710614972f28b4c90c8bb
SHA512 145e91903ae93a12aaaa4397c48327b87ec383791aa1630c8d9c36956afae8a9d744694e8c5e6d268172c2010d572a3490b2212f08c9e3e7fdcd744483f3d760

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

MD5 ff676551a049647fe7af2a92f4bcdcf1
SHA1 7b597b526941dab86d1c8d180706773805a6d058
SHA256 ed4f747c420ba66f5286982a82350aad0fa37d9b6597ba843a9581728546d63e
SHA512 523103f64e6284fe88cb1b9e83ff0af340ceed729233d85f257bebef6d5972073bd10765dc9a4d2aa0ada829930ebd49504ca556a7f32e6a3947ce17cc2b23c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3781a36c1267a3a3e0aa7a49b8a2a1fe
SHA1 f1f5147c7b3835f5114ddd55830b197a30d854f8
SHA256 bfa1792a1f73e96c3730c0e4876d67c617279dd71be4fa49d018d824124e1204
SHA512 38f19da450bafc327a96dad977efafffc2ce11e1fde2d93d69d7168b04754f788bf8b53d95e3dbd74bc8e98b859d8b53426fa25208fb9bfcb1f6cf4f9c95b800

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a9fbd8f1f7b8823bf8bf234b260e988c
SHA1 b65028983f203404a7244c8491badd132d069f66
SHA256 7aaa7dc56e3f81350994381b5097d44f1e92922b52ca4c4f8856b08171545b4a
SHA512 02d64b992e24f1a3730ddf62d7916b86fb7be57efc1368d5b9aa634d975897f65d489c52bcb4a6df9360447d65c0331724f5a0d6106e71f46cd57346d6976036

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 42ed01611b8374a8b9bc376b0d7df863
SHA1 d32239bcebf18664618077c2f9ecdb0eb3ac2261
SHA256 5c7057fbb1ba0c8b65e75133b04d6a93493d65b6212b0ccab24aadbcec6e1542
SHA512 7127629a3c93d4cb667d88afd09471205211a109b46ffc8a6c1839726a7a2c66e6b075c19fa2049866d5e46bdf5baaddfee14b81404cbb9b58225778d4cbf437

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\c873a2463adba20c0ca18252925970bdb41c9325\6da2343c-4f96-485f-8cb4-447541cde19c\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 c880060d6641b880a26dc37ef0af7a2f
SHA1 b54922551ab6603dd2038b3e035499b66a72266b
SHA256 63803c32e891ffb4643d59e24128bdbd9b9a8a074a5f5d8dd1a2eb81bf368bcc
SHA512 7f0056d0bd1589c10663c290bf50339c6e5b0515561db12d5b21263049615e20c9a36536db53a4da3fb964b59dd311316f0024885695716dd102cc630927b866

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 1c52601e6c40f3edbf4abba050ac0e42
SHA1 09c95f0b0d85bd24b475723e7980e2a62c2eb1f9
SHA256 770f8ed77bbe2ba25048cf07ab837df59c9811c4f38e6e4511be9135faea9b9f
SHA512 2122680d052b5fdbc4b2d393a3a76c9c3ff4a52d4938ec6a0820d01dcfcfc348ff35765ae589ebfd73200710e1fdd7534287e81791fe5085a8a18c6d311fa1ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 f5dc51258f18f012edfba088a8f88b35
SHA1 2af17ba03474aa5d596ce633d7c5b9ccacde785b
SHA256 548ed6463a4c4c4adabdb24576d91b4c0fe87722ba68265d08604025257686b8
SHA512 471124e808c25b769050acfc9a1321566930b93664b4403b5a75b06d627d67272b59a7ea59ecfd4fcd0acd8663a98f15d55efd4d42e3b4ab11203a151c242c77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f9928dba00b1fc33_0

MD5 4760af580def9e0e90dd291ab1376cd4
SHA1 bedac1d358b94187c18eca564ed8d8570788feb2
SHA256 c234e646c9b46b3774dd1d46b134043ac3644849680a21a28b529fca91244495
SHA512 0c770cda2c729efa784a1dbd24e710cdb6e92064488314fc9eda7b5c0534c3437497d8a6bb6f20f0b2b2223f433ed6c9f397c729f639f6241d2c7a74454d0e36

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f9928dba00b1fc33_0

MD5 156da0785e8e307852a5631b8938a5d5
SHA1 3b5d294fafebde01f815a9ef3c28a77429d7333e
SHA256 cbfb2d662420699b36e2a9f3cd0f095f49f801bef99e92b2c917470fcc3013ec
SHA512 f1031f2db19478edaff274dacbcf91bb3822cde4418f97aac64fcb841013e971e324eb16f3aff7cb133129ff0605a3da380a8b504cefb237d4eee04ada218529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 435ebbf25ccb21847510cc0d33c65805
SHA1 dc68398cc6de6e1a0f5ea6dc7a0336a01639f7e1
SHA256 f4fba35c8a006fa80141393b584ef167f3ff5241c216526d41122f1c4352791c
SHA512 7919647400572827b34da6c3d2a5c9a0c6230f2237d91d67a7ab06578cf6e778240dc73ca93a797edbc12f119a93c855fd3d1d5937e67d2176428d4849e00026

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 43171869c43f4ab5d7b295f8e7b76dce
SHA1 622063978204c287596825ae007af4737b159235
SHA256 ed7721021d1c591bd0cef472159ede48f19a2f650d654c9a7423b1a81448ea6a
SHA512 03740377b395433a412007d87ab4fec8e75b934f10ea32cdf1d13ea0f78dab6adbc1ddab4da191b3978aa3272c35ea2fbc71646a255b02a172252748737d7677

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

MD5 f65761d6f5c2dc112c8c6e0b3a6772de
SHA1 2eb657e94e7804884a50e2a7aa1106246fefa47b
SHA256 87c9f94d8cf4df87e3951a5e1842e4385625713ebe8e3e6f46b832c1bbd52f49
SHA512 2d066a866b05c5dbf218a3f78804bdff1e665e2db3a748d6dfe027dc62c0fbcd8f15860310fc310559ae109fc36f6a1bd7ff4b74a4d67cae52a226fabf4aac0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

MD5 ba081c64f358da8a5355e8f9e59b2ab5
SHA1 23c69d7dd95dc2e5e0fb08b7873cc3c0a660a37d
SHA256 6d996f7e8e017a3cb4bc443872b50c522763e17718b42ffc6adb86b4571229ac
SHA512 a7403a56bec818544d5bf623f6e6ca474e7fa7a789189682a07e28fa3da852a1869c9fc51392f704d01145ee451b569772615534fb8c48ffe89694e38b8b3169

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

MD5 db5943b694e69d7c29460175ebe885bc
SHA1 fb33cbb12d50297cf2aafb3d7156df41c360887a
SHA256 302174ab7e1f1dd126659b6ff22ce1ae9be08f991e3483c587f9cc05d96753d6
SHA512 0b5907bf9bfe59dccd9239f2fa4b617f98179ab47ecab0698562801e5be8d771a607d53bb37968098251553a3c1574e83e38bf320ad765a3b79e6528ee957e46

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 354ecefef5f9db0a80721a9ee241e34f
SHA1 a707cab02cacae0471df00b22a7414852b124127
SHA256 cffec7c73181119eee4ba3fba3f2b9409c75b95deadfdc33587af5614fd01432
SHA512 df9c4d55ca70dc079d3e2ecbdbbcd424326118f30b463a359a25e41bd2101afc69b9e815d63ecec5f103215277bcead449db8d2f27908fa5810c2fc21ee28b8d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2b2321b1b8487f3daa5cdc4c8b4ba744
SHA1 afd551058c19ddac5a739d32adbb488f024e43dc
SHA256 d6fbfd857dbe3ebf841240eef893102cfb3f691ca8a2264db57a16196fe24699
SHA512 0a2337389b0878ff019ac4c44c94dbc07ff1ec4006faa5fb3f0945043bd2bbb54cf3c5cded0e4e073979de14e95c616098754bde8072938022da9c5aa4b01648

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6b8e994b5e420599682334deee0fab57
SHA1 4ec6e0114726997f64ec5a3278a91d0d4a01f41c
SHA256 e9418e6bad0b90b5be865e8dfa975c44810088e8daede2436b27030ee6c8ff89
SHA512 2624cec25f71ef99734999c6b9c65bae712a7b95762cb87f695134bc2c85a2d1a1448b0397d513d952ffb56e974fe4cf432178a568e7e4a95075307b38dba742

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 41c462be45b5088b5eb424eb5fa6bee8
SHA1 df64e9f68762d374bf5eaa50bbed648f562313ea
SHA256 cd0c979ff1f55ae2c3094f02e8c62285f3691c32970bc9d6091e568194e88ef5
SHA512 e0a0b8d4b86fb3b6f5c35a65bcc2536265243c891a6ecc2e637ee59544834cf2e58f41a0c86c24f32404614d7fd7f8764bb3e87f99d9443d15c471699493e124

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 34a074c4ebbf3e24e6f7026fce412a0a
SHA1 49f4598354a8b51da2930d00dd0e63e0f3b0d1a0
SHA256 70364c9343b60b1345ae15c6d060b86985286872da766e4edfb52c7d213af2ef
SHA512 0db257db711f5d5f8ec58f810ca18add8fb50a6bf1c9976a874928c66e5002e729eb57cf90f215468f775efa0b8e0841b751e79f6b6f2c8425b4480f1d9e6c7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3b8d28fc69232ee0_0

MD5 0c4f83257a8df61d0fdaa80c500c056f
SHA1 6153f3294050194a5e5e9ce72339aa54e4a67842
SHA256 085b9166f8828f3bb5b49b2ebdcec7ee21efbfa4a45e7308d15adb9e9eee74ae
SHA512 195e276d1d2a9ecb3a8b16374eae5c53db579614def37caddf8f71a34c216ec126a99b4642038405bb1c39d005a5b5b99ddf0a00ab4a6badb5979d41220ca068

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\39ebed97bb69cf42_0

MD5 4d88ed2b67731e9ffe601a3e27c71539
SHA1 f03166b270ff0bed38705a20999314c5dd84382c
SHA256 bac8b12ad1baf0caadc1fdbca48f8768be20360f6c1102e00455832e5b21a2be
SHA512 e0c7b9f5405f1ec0af6da383c5423df854159224fcde8eae8b2468cb4533e6fb8d319a89ae6c4ca68977b4d69ac928d695d7eafa19c7cf4816602bbe5767e557

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9a2214f71e491597_0

MD5 1da7bb59b2f741e9cca745c0ec7fb635
SHA1 0b7fdad6aac877691e141db21fc4e060ea788dfe
SHA256 4ec73abee9c6c9b36f0da56a95cf08c00cd3d40dea25ae9345aa6bcb1b2f090c
SHA512 4f608fb34bd91f94c2e7bc49a9e8dde2eca3f55c998d2fbffe385074a3460e98433a843c338138bccc3d193cdf6662dce84a5d2881c69c67029b512656cd82d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\dba41aef64d06cd3_0

MD5 850c28c134970170b04cbc21e444e8fe
SHA1 939002ca6db1ab49a6df642f4f80f4252160fcb6
SHA256 25d1f3856c3da9f0ce4aa92277ea4814409bfcf3bca2c0c70548352290d1cc46
SHA512 d7c4828059a50e3d9f10384a5cad4ce8ff31e210ff8bbe79089415f76de54f4b7dfee5dc18d311a5a829d2e1b34b2ca72f3ee2f44b6aad68c1f7776b8c2b4071

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d3ac1f282841aa4e_0

MD5 e19b2b8bffc2a173c04d2ed709090a3f
SHA1 09e1d99925e4c773fcd39f1c248fa037008c2f6f
SHA256 d62c05387412a4f7361658b12905479d08cac533ebeb501caaf97c17780e5ca5
SHA512 9c29ce4abebae806e15e4d943fc2a516681cdda85bcb9510406f928894d925173a489929407e35b7536e6e5061e6cec41866324c6855210a5fcb20d82da12018

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\189d28dc156dd177_0

MD5 82f0c76948d0db9f3f3c73884702f29d
SHA1 dbc58bbadd36bc81a7d92718663233a0bb2c6243
SHA256 9533f4e09a68aecc86e8b323d603582b011d77415a11312cc5c84c15b3e4bedc
SHA512 96f0c1f43661ba3d997cbbb91d81b133a86bcef4fbac73d3877c4b4d3b61b24bef59b4b1769aea7824b124bd9a92587951a7283448ad0f6f83ee2e0a2268a54c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\885ca62307922087_0

MD5 8b8a7564abbecb554a8e5f3fb991d477
SHA1 7b038d8ef0d79e14bd7310f265e5514876eb62b4
SHA256 db5b94183e06aa47a0b4a3492edd8335a2e0f623ac97bdac75636695103ffcad
SHA512 9345fd440cb346154236fa9bcac2278a5ac1dae686c094c0efe46ddfad79580b2997fb4489d15096e5efbb4247075a57f24ec8bd12ba80fc39211854474dd439

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b4dd533ea5dbc822_0

MD5 5d416991a42f34982208696a6b624003
SHA1 b1bf6e73ed50c0b1788d6c25e652a07683ecd731
SHA256 32ec30e6385559d589d39515a27b523b500cb91e30d6e7da1b13fe54993a5ca6
SHA512 16e361ac1b2b6935386d03a05e1746d319df37e6291b950cffd24308fb3101350f664338ebc8be4fdaec924c9411508d9447dc21ac2569896ad210056a7ebc0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cee075df350404c8_0

MD5 1d2ab6fba9f4c4504715dd66af829fe2
SHA1 1a2df492a4a6a2593a0a7868423c0e3cad0e212b
SHA256 e6b7a851e6b14463de10a4a7257bdf2521c0d7a1cec09bbfbd682458f5e621c4
SHA512 6b30dccad8093bed64fb4993e1a319e965312b3baca9e60ed319073d737e9695604b8477d2192bbf35c56c10faa583cd0f16b0b649a99d5aa78ae88f63722b4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fd898057b794d827_0

MD5 d6006db5c1abd6e096ba121b7e0d6cab
SHA1 b7bee4321fac5e962d65aa41edb05ae8d52904c6
SHA256 6e3cb5e4eb47e5382a61ad9b4ee6deca8f90e502c4d95bc3eee4d6e33fb854ad
SHA512 8435c9b4c6349c3ade9031fe2c4131cb94cb57463b0db692c4d6705ed0396f725f73bd1edc207fd5704bbe2a9af5cd73ed3bd5594106e06f92596792ea29fa8a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\714558f579934a22_0

MD5 7b7136bd34c3e4dbbb9452479af275ca
SHA1 bfaba8f422b049315dc939887b72d5d422972f36
SHA256 25910ea8893f07e19a1520f27d3452f95607da18045c7d43bd080d1c8328cde5
SHA512 ca7f99297200056cc3438e786fb5a65c1321c25caa29cd0cbcd871628177cecf49db8b07742cd8036f4c3a71dffef9f1f384802fcb4ea774b6c7a832df2a31ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bfd7253954bb19ea_0

MD5 44a056829270d503a7a8e44c1f0d9ef5
SHA1 a8e2ef10bbc647ec0ade62cdf54281cc053b299c
SHA256 c93a45fad81cb30a88fb3cfeac06b07c3fef85052a1d312ad7911078560502f4
SHA512 1416c27ad31195d77e99993b5b321eddaec5112c62150ca1ead940390abc2496c70125052fcbda2a7c8d4867c6d71c39a309c7efe4f186aa3e624e14dbfd520f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ecc08170be66572b_0

MD5 5ddce7cffd9a77046172e0126684f8fb
SHA1 0529eabc39a9f5ee86cbaf76d9fb1942befe3b8f
SHA256 f7813b06fffc846eb15d7ad1e2eba0339e8832ac707ec97c9f83d687bba84c45
SHA512 5ab11ad9a19357d38ce75abe0cdd0fe07e4a825f0daeb1f4464bcbf86dbf1dd03626fd6e4e8051b572e13fbbb8b53884be68c3af1e6a53891b1465b648eedbcc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\aea9d91e4ced41c0_0

MD5 d59316f6ef54f79d66e05636b3e59219
SHA1 50000eb62b5f418661b5501d22c479bd56d976fe
SHA256 62a63eca8c82699e75f4541cde32707500c713ede34a5c8b03690a5b2dde4151
SHA512 cc9629382a3dc2a347f52a5330608d6326ad2eefa38fe1c224e0f12fa701e367968dbae9128182c9d3f420e3ff73351fa6397e053846846364dafedd5be54ce3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\021d469406bdb18c_0

MD5 9b22c54e79fb6f02dc90461709a06d5c
SHA1 9856d691f2ac029b34ecec6d21b49fa9551aec49
SHA256 a621736fdb513a90a7029b7472a89c11a36ba16aa32c6ef4ff844345c96f762b
SHA512 9c31b876fbe5e5611d2f5e377bea9922c0f8e050d5d320f58f40592d9778226347457a6ebe944ecbf92e22ebd6431f6d5546a1009443f36f81b090cbbf6271ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5519fee4d7cd20b0_0

MD5 18dff8f7ba5b479a1fbfb497d75858ae
SHA1 f879c567ef400d45b8e1ccad99ca28bcfb52bc94
SHA256 b231fb8476570976d268d00b54cc218d69f3cd542bb0e0c12b53a70971b5e21c
SHA512 1348afc3e0bde2172d7ea77dda9a13b041486c21df1baa5b893ce41da7e574e637e95351412dccd8a6bfb68783199e38d5d1ee25977d1807f1062dd1ee878fd1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8a72740387fa158f_0

MD5 af73841b3c990265cbd018dd7ad66aab
SHA1 dd147113d8dfe1afa665e9c30231e6e97990da4a
SHA256 bc9fbf4fa02019e49f6c13c5bff57f441ee0d8e0569a3f66bad57a95506850d0
SHA512 31f5cbaccb8505dafc014338428aaa53589287dfe2ebffade27f44de114eb5031d3609de30912bbe280b781631fb55ae0d1e28d47647cd6d0fe0c23e10cc8711

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e2737d34cf6325c6_0

MD5 60af83bd36c55f0f7e166fa92d54dfff
SHA1 b8226b70f0dac01e642c68714714c6a8f762999b
SHA256 abaa87fd7742a70e391b137055c87dddb40a90cf3f34b254f574ad88dc20e063
SHA512 45e4558955574005efce92e860eeb7543a2b70b37316798ebb8a67cb6cd16212b1a2614050341bb51214940a74ec14f15ebd2d11d4abee142d040b5c90d03b97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\74c02836196e8660_0

MD5 0b74ebe3be6ade2caa8af8e35f46f7a3
SHA1 321123fc9afea0cf47c72a8733f6774e0d4d6b30
SHA256 4e76bf1955ac2a7e6861cd0a8842c2f78e05ec07ab929ff16b034210f5ded4d7
SHA512 4722e26464e469ef2a8b04e26679493ca528bf88691284f9d3603cb620d7871c96503801affc4e739a1ca8273e18e649ded1829d186f41f682463640c76c3e1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0a38fed47949b85a_0

MD5 d0e20bab65db9baa8b86ffaa6266ceeb
SHA1 ebd95d53d9b62eebc1bb9f4793f0fc291c2d6884
SHA256 2ca9e674c32ef281fdb943a565b6c98e92518ee09cebfb89fe0fe7f4096a2f12
SHA512 098b07a716e196754ccf941d369451f709e1c4bdf8524245abc6b45b1408539b8d9d53215fd69195ced3c549a8ef3015acbb688928b4ab7e6e5a94f25cca0def

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b7f1e98bc946c127_0

MD5 b1262b78fa0d37c6a8ff8521b2dcdbd7
SHA1 ed2935b447111ec5ca70e7ac77d8c1be6f61f1a3
SHA256 ffba1f3ef9b5d0737fb1ad3efe5d12ba88683cd0dee7370b1c81950231b459f9
SHA512 3cf671c779a397d7dfae6936ffe345fc97baa82a8c3a6668acf78cf127f87416ae766e1d6c4a0dc45257e716b7f88e03e3ec918d3ba4267afbb0a6bbb518f0b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c6a45231797a0b48_0

MD5 ff4b1c6faeb49e243f5fc8647e0bc50f
SHA1 2102a8f2f72e23d67d3f549e904ba49fe2a45e33
SHA256 baf9f8b4a1598a4d4b6cb661192e90c3994f83365e8a9dd466d653c8c4fa151a
SHA512 d156ab8ded1d1d195f282d7331bd95c9188ed2f110c80ec49bd70188a9290ae1f88f08a5b3fc1249be9e0ea1a36f52deca4281ec1263bb94ec0fed32427d1b4c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 f57924ad12ad77a3ce6200268b0e0ad3
SHA1 faf35063e3524fe59f2274a759d1f7dcba170637
SHA256 53274a91d0686cde173c51e777183e8447d1c91e585e772ec639feb8036f8464
SHA512 6f4ed37dfe3dd2eefd82a9178b4f2b8a689911719b3bcf4b9f7dcbec6118c5f30672545c6592a6c97246e36feec4a468d7ce27c8b69eced6c36c8ac8ef63cb74

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 e5870ac694caafacedf0bdc23cb40d9c
SHA1 509ec33dd190abdcef4933215b47911c67c54713
SHA256 17705464cdacf5b1ccdb360d32d8d4c1365b9e0149bdf287c25d686b8181720a
SHA512 f185b20974bc0600471103be993911f38d790908d8c4745f0b19c569d87b051a93232ec52a10acbf0a2ed6084055c96d2b63388a05e4c5892afdbddbd8d7d16b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1243fe737cf20a2e1b207207208258f8
SHA1 3244d7dfc7d790234c2eb624e0cccbf903697b44
SHA256 a7ab44caa5bb545cdde403fa7c775eeb30406c899dbec81c384ae06d154b017b
SHA512 8cfb2315bd4ed75c867a776cb1dd1e23d3e8bd9db94cf2135be6e7152d6c0cd8337ef69ff7944b61bf92051b93f26b07108c2bcbbdcfba9ec5e27c2286df2e79

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ec61f7cb6bf4b634d09e658c82615e2a
SHA1 0ed9f66e09e8b0888bc4531bde54ab6371fc0fbd
SHA256 bae633e7249e4dbeeb57157ef9a9974cd90aca19cd325b65d3065c643e302035
SHA512 46f45816e75077d97a4bb7162d7b5051ab9229bdf5c6bb6d569e70bac3c94aa6a513a000ed9e38e38c22fa979638cd8bbf23dd16b6435ab745ba1077d978d124

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1a953642c7969e2675425fa996cd63c7
SHA1 e0fc471c913723aac8aa575454f68ed17b116fea
SHA256 f630b6e1d0395f65ed4603c3bd7aa6ae0f0856386dee69cfa766d243888b494a
SHA512 2326bb3e754abe7f29c766a9818febd5be15e24fff3f4307fa4314e8106ae448793fb7e6f45819b5a01866fd8b7c8f474abd37936d8eb3f65bea92e6a7b7a1f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a1f0c98525c6ae90afd924912f0db5b7
SHA1 c0d918ca9c359d4a5545105d08b6a44c74940fc3
SHA256 6ceec4c9eb5288091c5ff82eb024d6b8cf25dd1612d4a2ee8f714ee15fd82043
SHA512 d5a08b56049fe51d0fcb68abfbdfbc53368fad2ed85d5ad0fc3ff9dfc025ae12ef66118a5eff1375c3f2677be3ff52519b5a8a7d1756fc71e453940d7d511613

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 61ed9415dc062398a5a13d9aef1c2c55
SHA1 5b2b8712f68c3d4104045b9dabb56e12dc1b71a0
SHA256 f49cd31bd805aab833a27c4e0f59476992f7a00554f0d7f2f030906f3dae46e7
SHA512 09973d6017c064b062d38a52ca81950c9418a9ab6ae86b3d5b88e0df23c21cca7abfe0669e14c57927d9f5c20275d6467b5fd80b052246157d91d48b1c42e6b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055

MD5 276ad97410cf0786dc77094d8522e1a0
SHA1 7f50b5c7a6f5adb071bb6a095fd20d4258b29bd8
SHA256 2fb69ca33c66e227126fbeb27083bf5dc44eef67234df87196591f6ac03cd054
SHA512 151bfef2a24421408e0b8acaad85b0447c8e5b3a2a6c649a2e54244d9d9fdad56e9d22c0a45748d7a913d2ba4986232fde397ba49d2dd49e4fd13bb3711cc841

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000056

MD5 3440accce2b09ec8c0d8847a895c8007
SHA1 88815a58bf2730e8ef626f926fe5a2a24a7d57ab
SHA256 cb7f899c815be6df247d9b26847f333d0d7607ccec56aab919a8ecc2a4db265e
SHA512 2a44365e01a3c86fe7fbc14f8d82ec9e046a87ff135ff487f69c4b2092f30780d58645282cecc15d06d8094dbcd1299cf1cb2a3795cc0e68ab834de3d8df0c55

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000059

MD5 286b70a35a01fc11300974fe79d41807
SHA1 31c7025dbcee10faba2d0c79692743a45648f933
SHA256 6c2d4d49340c1dcb5c225c0eaf9f3c21957ea4d332784e3428ed26a99a708d4d
SHA512 b508e53b181a79f58dd088130b2030e170797da8ec10d5df6f7b7e4b6da0ef6349a1d2fd55971ebf327887be298a1c45b77aa76d892a58ea4dcbecd8cd9b06c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000058

MD5 b312a0e9a20d6bc5a4c82bfb8dc78ef8
SHA1 dfddf9726d5376e3aebc34b48abeeb6f2b4cca26
SHA256 0c411b72ddafca42677efea8e34907deaf7ee305a51f9dd6030f65c7728f1c2e
SHA512 796655d7464d69b4ae4927d6531ebca2f15ad162383a2d8353698da8d2b8bec956141c27063474115c5108504efa906d2c05de838d892cb3e2b3a5dc20d04b15

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ead5f71f6f708e8a2ff9866e1116c93a
SHA1 6ccdb554444f873bf31409268a068076fe7b294f
SHA256 cb8c1c231d7582b53da4d54edab3906530d7deb2a909dcf03a81fadd644e7625
SHA512 d24c05efa74ccfdbd023a27a8d09917ffe1e92150bc862d2bf8291037f21833f62f67fbad1686caf673c14de01bef1f87ef0fea73d22743233e7c09179ab6ea0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4158fb3522baec3eaf0a63efe4c349ff
SHA1 3842408cf4833a5d1a68734650c066096355d510
SHA256 064d81c9d14985d6f14c0eba45c4b5a5ea842b3cbedc2a10413c6509e530fbb5
SHA512 1df24a12f79133ac637b5d100b3ef4311d361df0416c2538508e12f156716d530dc297cd1b5ae8e0ffaf031dd15e00893bcd31190c83f0f358b8dd56182aa524

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 87c2b09a983584b04a63f3ff44064d64
SHA1 8796d5ef1ad1196309ef582cecef3ab95db27043
SHA256 d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512 df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063

MD5 94190b66095c1b564bf4af7d5b87c1bd
SHA1 67bc6275d634a98b096a9be31595671d5195c1ee
SHA256 068312a5eda90f97a0b9baf42d3f95480ea1c35ae25cd7bee6628b720d67ff96
SHA512 94e34397a55abdb4698d36fc2bd1e176560b284fb6e18c89bb7e5b25bafc2e75cd43bb3ceed15b8022d57b94f6437e583d460a01ce3d5c5b696e8aa35ac2e63b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\CacheStorage\index.txt

MD5 568e7e61523398473af556dae2918fb7
SHA1 4091b1e52408b3ab3d34683f0b442fa35e661f9c
SHA256 5a4c156e40caf101ec0a0cc726e631af8baee8c05a74c2822d16a4d9d824f541
SHA512 e58b30b6b81c7992eb7754974941b789b465e9caced2cb4fc27709c77da9eb0ec6375f1f4294ed2d3419abb7d13224dbb96bb93008ef94308670f2daa580cbb5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\CacheStorage\index.txt~RFe5c9a63.TMP

MD5 589d10dace22340e30b3c4fe918cc378
SHA1 b04b55fcd967faf4a38a00237292d9836cef0e27
SHA256 ebc6ba4146044f019e17b85b191ce387061c0243e1c4a52d1447846d41bc6a8b
SHA512 648a2210bea945ea120a53f8ae1321ffd2c6b40dbc92709080f1cd6ca343b345ac0b09e688b85987cbd47d9ec3057a89f79cc0eeaad4e6351021f2fdfa43cd5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 4c5cc324c8643d0938d5fe62ab4343d6
SHA1 8fedc99c3b4981bea48dd5e77c79ce520d9dad39
SHA256 cd67aa386a74ef80be35ba67871458b2f510f379e143abe570673cf1faf1ca5a
SHA512 31da458b6b412b8103e2f7063f0099d47ed94cc7793d3bcb83a979ef5e85b0999a0bdb088d9c1bb1429abafcc019e74c92d4656bb984d044f611f0b57d21bc44

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 47ba7bd50f10fba7e92cd9cc86b4a5b0
SHA1 10a3a591e1f1a8cc27b71bf4e0f6f2d6fbfbf1f1
SHA256 ecf6b22ba435a0bbe7cbcaa060db42397b7c97f373c9863db1fb8038163dfa22
SHA512 dbabd663203c3d8f77f81cc65ffcfc75d841f4c4aa32c578863f47d09fe015914e00c87ffb772225c46c9f7cbd85d076d223025a45d6bc9ae3796da3c2d410d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 44dc68755106630ebb207323e5450ef7
SHA1 d435e05a69f711af7d6c1495aa8a88b771bf310c
SHA256 83f8d0037eda6b9be10788f264f4487b0653f251acede12e60f3e0bbe19436d2
SHA512 553dbdd11e93b4ddb5092578e7cc06a3b50a4e9fc62fca1cc03d4f41b0ef9fe6ccd7fcce39596f13343682394fd556a1690a3c2408ddff0033e564a1f3c7c79b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 876eaedd9088f8a8a54587a36f8feb45
SHA1 eb1f1c3cf378d5e1d3d5a044c084f6b5242a32e1
SHA256 ac5e2618f1e2e4165d3370d1c81470543f0918545ab147b47d6611889c0a7525
SHA512 d564d7e6d705160fa30cfc5cb672013fe7b4d8fa8c8344f64bbe8f7429527bc63f20530cdbe03d30db5f672833bf1c98aa22136a9c17fad1c6fb51dbc5ac5e68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 8b7377d5bde83566d93df2b7e4a50a54
SHA1 b99117f90e150d0a41aa0e98f419271a5648f9d8
SHA256 cea28bc8a12f87c98bac2862b906acd57091663531fec2a67d770ef5cac77421
SHA512 7ef9b0fd769396f761e63807ff353e386fee058b610c38cf851bf360262d6822504ed74967cdb5daf142cbdb901719ca8f00fe91180b1fb1226ecfe63eb78eb2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 b25b94c822d4017bafc74bc24219f753
SHA1 f980cb8c15270372d52c5dae4936658218c0f59b
SHA256 7b17de320fdc670ec5363a310f7185086179bb60a612b605403ea55bf0ff09f2
SHA512 baa1db18bfa148897b0469b7ef3d0c7409f0624696bb5ab550e030d6b09ddd329f11982459750533e12eb715a4ccf694483d402ba06e0941a1de9148d93bd552

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\c873a2463adba20c0ca18252925970bdb41c9325\6da2343c-4f96-485f-8cb4-447541cde19c\e56bfee714ac26bf_0

MD5 900c79be3f4796593ec84f9edfba99e8
SHA1 99fb7605489e220eca878901f65606fc3aab3347
SHA256 c95d7d21d82383789cdbfa428a0854c78c49511a51f03fce687992829982477d
SHA512 fcce9b87008ca6fdb66e44e5391df4faca4f365576cd2c27e434c3729a14338fe9e56db91775e23be8eab44298a9621e466b169293fbe31f0c85d18395b28558

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 2c0bbb1f6a2f1102146c68042f776bb5
SHA1 936d0a24868a2bcc2f689d65edad267167955fc6
SHA256 9dc4dda81c1bc047692b3d531e084f4ac2bd536b43787da43dd7f2412b254f0f
SHA512 0a71e91df95cabf87b4eede418d913dd9481dce5e17185805daadc54307b77d796492f0afa6d6c047b065686a01eefac3a40da4d0d2d2451dbb57794a545c372

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\c873a2463adba20c0ca18252925970bdb41c9325\6da2343c-4f96-485f-8cb4-447541cde19c\655cf2eec3594ab6_0

MD5 7b2b3d7d8fb2f8a2ab3516a749e5eab9
SHA1 0f5e0bde0a5a10179b322f9d7122016c9992a28f
SHA256 4d38277d188c85c49bc875ad5b5737b223aca5042cb85a71f2163b408065af5e
SHA512 c6a80946cb59119415aee64300e11f8ea7ac794ddc21cb441990df33bbc70e1dfefe82b7f92e346927ee10bc5cf84f8b0862e4158bb15db664ba5ea80ab43664

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 251f7abe58f5aa2cb532e39666facf7b
SHA1 2a32d4164242a110badde98ab6091f8c37352b15
SHA256 537698d1fa07a5cbdfb5d763af01f263892a93dddfa13329d11852bad92c2dc2
SHA512 a28365247f779266bd386c94ddf5369eb651c215d6ec56f14707205140ae8b78aca02e49ab2695a3214b612b68793d59af47bc0393b510316c6c2710777998ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3251e2207556f0349850b68dc474ce32
SHA1 0a272fd511394920eaad40970d663deb816eea54
SHA256 55a22d08c17a56d9cce3068c514e6874deb3765105aef04ce110a06f5fae3b2f
SHA512 299b4424fe75cf66338f19425073b634cdd118c55eaa87913aaf1a11332487781ca505a01370136547ac52ce53cc37cdd01c403736d4684ae61978326c7175fd

C:\Users\Admin\AppData\Local\Temp\MSIFBEC.tmp

MD5 1d4c829ecfe2a6bf3affd69d8dd2b831
SHA1 bc0c45523a7fa89fa879f0f1c980279ec5b5f53d
SHA256 f9d6ad677ae0ed164cee0f92271b943a6f0a992f0b17e7a2c95079f1cc4656c4
SHA512 8d28a1692958a52caf6372c3744d794f14dab980e606130be514328cfb75624b970b2bc4f876fbe4d8fdf96c3bec8b99de18fd97903096847defabf07ffc34d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 95ce4f737ee984f12461c809d06fa4a0
SHA1 46e3043f9838d48b8ecaa02168547ff673156330
SHA256 e2e5491f755395ccd99ec0706d68eb9d62ae780593945f331cd3c2af4a56904e
SHA512 613c437fff98d5805b7685540d86544b96c21fdd250e12f222fb0772b244c5e1766a418c00ce04e46fe005fbe5de5123b325e261b8c9fd86a662b480aab99723

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f5ba8d721090a0e438ea2739333b950d
SHA1 4a011140e36c4b97cb0496abe12b3b325fab1b80
SHA256 bec7ed5de090b25345b14f3213374964be981ca3cb03884416aa9f5dcccdd23b
SHA512 a29d8056ba333c9523bc8f3ee1163e7434a58691e39610716d27b4decf3be9b7c68ec98faffb796aaee2b7acf3bbcc369581ebdcac11ed435b2e36ddb606412a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_7B203B6D727D329460F535EDAD0AEA41

MD5 f9fa78f30110546849e52a8dbd32a20b
SHA1 51334290a564eb9e73efa2283edf8d683cc8f861
SHA256 0fcb3660b3e2c554eca7118ebb1a02337377589b608c578402de96dd1415e7e8
SHA512 e181229462b33fb3af0013ef272c993b91d8564708cfb8fc75e46097f50671644d58f19423db63180dab67fe53954d9a3c9bb8d64c5077469e3a961c5656eb6c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_7B203B6D727D329460F535EDAD0AEA41

MD5 db73638ffc9e90804401daf8c7bde055
SHA1 bd895b4d78c2c6e83478dbcfb370a8f369f53930
SHA256 b172b3a1d32668f2b5bccbe995d24e18215a770fbbdde2c7966756f11e464fe2
SHA512 9816d78b026d5e640d56340772e2c59f93b6c3aac862bd88268d0275c8ec7da3b10f6d270b20f188564f28bf04816492e841c07492f4abe6d2c6b6b9208802a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

MD5 797a8eb37512e7ede4c75ce7c4377ec5
SHA1 b53b230c59bdfe9f0c87792d6549c74201d43edc
SHA256 d16c9ea5dd145be23ff803ca228a9225960d6169435227a2b502e7dbb0a68018
SHA512 3fe05ee9169449d006ce4d3e0c6d726dff90d982cde51d7714659c857a6f82d19103b87e0b814aaaf5067b47077e2a0c58bf9948bd7dc7b80bf37f5830222e2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

MD5 6f1db9c54345d2ef424c7ecb4031cef7
SHA1 0d71e6fd1a07694b85aea5e03a38807ed75294d2
SHA256 27575abc9a83250a5069a8b7d77f54baa644d0243bfa52c147d8abf482f74b76
SHA512 6b049920fc1863747c395c7aae29522dbb3b7bfe20cbc8eaa3a75203e5ee6eaf13764690bd83d0f5c1dff8f788af01b560a0ff0bf5ca763ff2e4b75ef05335a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 b15e66e3a4fedbd76d9e879df51c6bde
SHA1 818c08d8c6b26ad78cc6928e12720b61007750e6
SHA256 894633ca5538dba8b866a5d012af5e08c5a5e19e4f4107d83b116190e0411485
SHA512 b99acba5261740a9f84a5a4ff3781085371149f3315ff856b8aa4f9b538fce84fbcea0891be324d0305a496784a73bf2b62cc77c42ad24aeca118d60a1b82e41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

MD5 d88c82b9ae2c4e40db1fbb7eecf33eab
SHA1 e535d933091713a16b5bd0280c48eef4ed2837ff
SHA256 d9b20b532d4479bbd72c006e7b028ddc4a5b7d21ffe00e06deb211c783252f6a
SHA512 6c2ad7d47e59d9998c09052f1bebe7cd66134357bffc82e3bcec10551c4dcfbdc2ca265d893db7241cb547a18c1428fc49b68f8d0f35bae1fcc29d3be40a822a

\??\Volume{848480a2-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{0a93dfa3-6e47-48dd-8bd2-d5c7db6996e4}_OnDiskSnapshotProp

MD5 0dd2fea984b243d64fbb87347dc1a9b1
SHA1 d934809b26a9d5e8b971994af04fd5542059274d
SHA256 5c9d8ba60437b7218e580edb8522b4c4aaacf59ffa056a51de1a735e30bc9b10
SHA512 61f15739698bf6a614f5407c99e13b2f33732d43ad06e988ad05b85893018b3949f65b2c7fbbd821815d7eaca12e1ab88f575718bfc2a0d3ef848bb178ac743f

\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5 c8fbccbb1a95a2719b97add465c68a74
SHA1 ea1cd17578105cd52c64150e94d9fc379422ffce
SHA256 188b35e1d8ee37afd4d73e0a118ea0374f5d03e673db52034290daa6ce92cfc4
SHA512 a83cb393dbf65bc56c19bb206bc8a865f9a4275836d728d9587005f55f37e8c518792fe012892ed0e5e9b1d42c9b426951f11541eb4c3306750e84d00947c9e9

C:\Windows\Installer\MSI484C.tmp

MD5 84a1cc9540d5cdad74bc54f8090dd27a
SHA1 c6f82d1491015457785ae0d365e7196d693d9a6b
SHA256 2738720da0b6ce474ca6eb51a92372d047eca2d713c256f0cd6c147ac3a0db21
SHA512 9c25d6e7331844d01d732ac923e99c68f305749d92407c873cd09b451e59a8864001e308864fda319fa4a2bcae9dbe50682201c67901dce14272291dedecd2c8

C:\Program Files\Common Files\ovpn-dco\Win10\ovpn-dco.inf

MD5 77da079a3665afc84d05c3d07bcaa0d0
SHA1 3fbfafe2c08100f5b46b792398c2ecb9157760e9
SHA256 1f6c35bc11d910f91c32ea54894d0fddb0094876bdd526d04a9287d04d636242
SHA512 10fcd8464c6aab386bf2f675175598764e0b784a898b7b450fef3d055ecf902c7a57ac0aef2725b9e6899146e4e9230c8677bfd2a8f18489b642fa6beca25507

C:\Windows\System32\DriverStore\Temp\{ecfb010d-f9e5-0f4d-90fc-7528412a21f4}\ovpn-dco.cat

MD5 5551203f3f1095335ff00421b16fd7e2
SHA1 0d14402407d60952f631dffe35240de3a1f910cb
SHA256 26c54ce26cb43407855ba24d10fbb30a87e5a1a0a35536025a02cb003fe474f4
SHA512 3c31b8f60bb59e4ac3c0cda8335af1918927c51b203c8b68f2601b390ad0bc0228cb9d5566dedef05ff38cabfce46eb3d54c52cd59c828bc17dcf0b1c24a8b08

C:\Windows\System32\DriverStore\Temp\{ecfb010d-f9e5-0f4d-90fc-7528412a21f4}\ovpn-dco.sys

MD5 5e69b6c42467b2673101e592a2b28638
SHA1 16d076f57b3cbdbe945c6666676823871f5c90d1
SHA256 2357e4d2007f346a3d2b3bf05115caeaf3eb069a70be654ce472be71e6f7fc75
SHA512 232e9441db8da52cd5e6f29baf5340b0540125074a7ccc9d4754762c56460b72327f89d6583a8afde71ed400433eb850e1eb2b9d5fc536d8f9c18992b83fa587

C:\Windows\System32\DriverStore\Temp\{ee0fd940-5048-ab42-ba1f-f3fe2ced0fd5}\oemvista.inf

MD5 3a19e9927b63450a6b16774d8e1abcae
SHA1 fbb16b73f05bc20fdcfc2abfda6f24a6ed23e3d8
SHA256 a2fd9f924089422f9a1a8cad472cee61a97d5c8d1f6ba2c18526c62bbfbc3f0d
SHA512 4fcf34b37d4b051661c22b22c65127d0e752d6745944b3b3fe453cb87aaa5e72fd7ad62899a33c06fd333a704bc5844f13f22d4cf02a91bf04e494878f9ebd18

C:\Windows\System32\DriverStore\Temp\{ee0fd940-5048-ab42-ba1f-f3fe2ced0fd5}\tap_ovpnconnect.cat

MD5 eca2487569ba2709bb39d809348962c1
SHA1 f2fda52b0204eb7f1d024a23d50efe8346fe5028
SHA256 97565b31ab4b455ad21dc6c0fd6572b4fefa21296ac8a57fcec91965e24f177a
SHA512 fa3fb5ea537ccf3fd2c63b01fcb00f827b82c8b01d77e2e73a4b8fff68346d67168ccbcd5201ff48052584a5361ff7a1e680fad16255f1f94d635c399d9223e9

C:\Windows\System32\DriverStore\Temp\{ee0fd940-5048-ab42-ba1f-f3fe2ced0fd5}\tap_ovpnconnect.sys

MD5 14e5497d69daeda3fe01df9d43670b0e
SHA1 c60905cffd21bf9230c6e30b8b09715526e12e0b
SHA256 652c6d5832d2e47b6e7a990643ef21a677ea1876665f933a06b277e1bce0bdfd
SHA512 3bf7f58685bed6de16b1db8aec823e6219f042e0cd7fa61aa3c9569f9de45cc1436ac077ee859895d59f648f31ef2c8263abb8d491e295763c42263664883096

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN Connect\OpenVPN Connect.lnk~RFe5d5a96.TMP

MD5 6030496fb3eb3afb0b269fcf0dda8934
SHA1 592f647e0dcfbffdc9db6176cb57df6e9af21293
SHA256 c517b65bba09ebc38adf39c859c5cdd5a7558ecdf9626cf71f0929a83f3681be
SHA512 f02ed87330656290655a2bbf9a1e9256010194e3356e06219a1a3e02f69306d9957b8c44219d431ed3f2b2f56fcb0da4b1c64ceafe7459b772ff98fa0915e4b4

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN Connect\OpenVPN Connect.lnk

MD5 7e0f983275f9a90c4d61f6e1c6e3dcc8
SHA1 2cdf61e9ca75fad2b501856072ce12531c62718d
SHA256 b751354c0493281d47bbc4b8c8c9c9bd5168efd71be36d62795de61a77c6e1ed
SHA512 033e8468fc37c9869e6890f0de073b282a1cf5c1de80c190074e5f79be218b3fbce11ba0bb7ab007acee5d272220a2031372941bfdd13ceb0e71e2a65dcd2002

C:\Users\Public\Desktop\OpenVPN Connect.lnk~RFe5d5ab5.TMP

MD5 369f768a8d7b361b4181820b7b4863dd
SHA1 e7a65c7214bea1359000b6c933ac7a9b844c26fc
SHA256 9dc10a62076fbece4db237769ba280d8706698b08b009ceb5ab641e42d75e7cb
SHA512 7f322bfeb90d206113ec96c411f76afec438a8d37b32841e91bd7e6fb0538bb2f06776e95f99bcb27e47d743d884d0013b42ba98ae50c9c9eda6dfc42fed599f

C:\Users\Public\Desktop\OpenVPN Connect.lnk

MD5 82750f7fcda5ea6610bbe77f1d35a5b9
SHA1 f3092a3cdb16ff8d5a5b4f892ab2b183044a2a18
SHA256 c565090488ab5fd6b57d7191793108a9c02c1b444d319023f885bc4c2c22eaba
SHA512 65e9c49a612d230054ea64774a797c3d2da6718b777b4caa2387ea2365c22a673d16723929a910291b6f16932ed5e75b91ea45e1344e7a1c3e411e5fff9d12e8

C:\Config.Msi\e5d3f01.rbs

MD5 3e401f53c3ab462cb25583af9488e9a9
SHA1 96dd3171adb66a621d4da467b11e05ac5231565c
SHA256 d2acfed6f3764a212df0018bc2cb61e833a2feaa02b7382ba67ee41408aa82e1
SHA512 7403c1412eb20917cd731b87a8dab56e9fb8e4d3010558ce8219ed0700d493af9458da03cdea1ca02b4e66168cb423241f88362f308e772a7c3f8af55c7dc2ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e4d6f739d4afab04173a69ab431232ff
SHA1 8343595af81137a8b763cf4f68c43391e9e755e5
SHA256 980f6722f9ce6e652f4a8862f64a885727f4c8159c42c0bcb06bae711e81c385
SHA512 eaf3b87acdb37d4b787590badb05147babe93ad24b3ffdae6a2e7f0b4777943abf816d51bc7d0bef1b1992a9754093073b02abb58d93617cea064bcf51964ee7

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 f44687219acaf267ce10013e745de94a
SHA1 731fbad0096db52015d6a77e4f07b6be22449add
SHA256 80777a3891d36c93e065678dc04c68eb1c7a4044f33f9167d8b08d44aec8821c
SHA512 a8fd940c9d9436700cf9cf8c6e3176c3b6eaef0eca1680a23c5a2ad5b0757ac8c325c803ddafa09ba582ee1a7e52f582796150ff20cab65290d63841e20e6e18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 4f842e9a63289dfda1cb71bb07196289
SHA1 bb1e5d0c72210cf1effe1cfe757a6f556f45b886
SHA256 157755709a18cdee96c4425f1e202a46ae91f1e0ce6842e6b16fbee2d9a14953
SHA512 0fb424d55a47b3fda20c40fa47659649be43fd792ee7d2522b22286e38c3c4cef5488e06d067209eea4d008612df641f6fa3d9bea087cea6f1fd05d165f2c1c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c06e527374e84b5b7ea79e6cc6990e78
SHA1 f2a6260ba7c4c879da1ab61eff0659b50c9dc354
SHA256 3db7b94c8cc54c2cfd9bbd7a1ecf20c93f2662a3d240e923e55da4dd51d1d779
SHA512 693eb98fceddee74d599961accd5568247064eaa435bf2913b5d272ffa67fab7b16a0d8d8ddc418a268de03962c6310befca099e5c72611524e840c6373a2ad4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4cfd66da6056ee6efa82f2b98baad9c5
SHA1 78356199c27e9e07d7d7f50e7e94419d9259e9cc
SHA256 adf957584c5397d75e2d5eb4881e1a316cf55350521c554bb4e65128bd5a6951
SHA512 d727bb22d0c6a9b8f2f8efeae285d1caf237075090ef5c6874b937be575cf0c29752371897b64a46c8c9d95557f301681e9aebfe427795615dd9890e1c1d2b24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5160a277a2f360843f66e72a8d7f8dc2
SHA1 c96af5b8ff60fccfd6eab74757a4d338583f05e8
SHA256 0926d8902ebc866ed43af1da5f84fa311f3cff216489ba90c4df8e59b0937278
SHA512 75e670e2cb9eb027b1247b9664de50c9ec0a1d06b13cdcacbbe1136ed51982e02a71cad24dc2f727a110431f797a2db698d5f353ebb382a0a67d3b4358d44cd1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9521a8bf22e287bbc1707a3d4f09b7dd
SHA1 243a02791d825fa7e51068d5857178367eed9f97
SHA256 f3a0043ba4418fabb3fb73801f09828c9986e14cc1029ac4f9a2c15bca16b843
SHA512 81d8ed14d0647bccf775e822cb93e3a3364af0ba2d1eb26002b66de45e8c2de0814678d821fd4d175dd60d128b473ef2f18a16609f56b2432ab01a047f77214e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4f0d3c677262e3d002b1a3a4f9ed049e
SHA1 df2b020ab9377ffc68c94dd8857682287daadd63
SHA256 6c26e2983042af1a0db8c56cf7e0db3574662a495925bffc1d99c874f17bcadf
SHA512 c1f4cbdd1bb28b56a8a1f5a7929cbe36ac077e3ac698a1d654313f12720e1accc87e864c3e8f0dbbb550a6a888861c05cc42c9beebd292cfd2a0d11a589ac473

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 e924c0ca6059eef72cfc4957cdece506
SHA1 13f8b080e7337a79cb19a13c172ce0c4c5614968
SHA256 0e100db2f27976d1351158399d72ce4b359568b3816cf0567217ee13a7c432f0
SHA512 e3cb3b9467afbc82189b9493bb7a420d6ae9bd8310f82ad1eb664a72111bdb57cfbd681a1ae6aee411bed52963209dc1c11c358df10d0cbf4095a95d2185d960