Analysis Overview
SHA256
31059e634e330fecb9b150d890da81e2f9d9c308b0259d3b376a9f0e118d4249
Threat Level: Likely malicious
The file profile-autologin-juzo.ovpn was found to be: Likely malicious.
Malicious Activity Summary
Drops file in Drivers directory
Loads dropped DLL
Executes dropped EXE
Enumerates connected drives
Mark of the Web detected: This indicates that the page was originally saved or cloned.
Blocklisted process makes network request
Probable phishing domain
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
Browser Information Discovery
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Checks SCSI registry key(s)
Suspicious behavior: LoadsDriver
Modifies data under HKEY_USERS
Uses Volume Shadow Copy service COM API
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-24 21:21
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-24 21:21
Reported
2024-08-24 21:41
Platform
win10v2004-20240802-en
Max time kernel
1188s
Max time network
1156s
Command Line
Signatures
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\drivers\SET5C2C.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\ovpn-dco.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\SET57D7.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\drivers\SET57D7.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\tap_ovpnconnect.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\SET5C2C.tmp | C:\Windows\system32\DrvInst.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| N/A | N/A | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| N/A | N/A | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| N/A | N/A | C:\Program Files\OpenVPN Connect\agent_ovpnconnect.exe | N/A |
| N/A | N/A | C:\Program Files\OpenVPN Connect\agent_ovpnconnect.exe | N/A |
| N/A | N/A | C:\Program Files\OpenVPN Connect\ovpnhelper_service.exe | N/A |
| N/A | N/A | C:\Program Files\OpenVPN Connect\ovpnhelper_service.exe | N/A |
| N/A | N/A | C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe | N/A |
| N/A | N/A | C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe | N/A |
| N/A | N/A | C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe | N/A |
| N/A | N/A | C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe | N/A |
| N/A | N/A | C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe | N/A |
Loads dropped DLL
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\System32\msiexec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | https://try.abtasty.com/cross-domain-iframe.html | N/A | N/A |
| N/A | https://try.abtasty.com/cross-domain-iframe.html | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{ee0fd940-5048-ab42-ba1f-f3fe2ced0fd5}\SET573B.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{ee0fd940-5048-ab42-ba1f-f3fe2ced0fd5}\oemvista.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_16532ca9ffa9dc28\tap_ovpnconnect.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_16532ca9ffa9dc28\oemvista.PNF | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{ecfb010d-f9e5-0f4d-90fc-7528412a21f4}\ovpn-dco.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{ee0fd940-5048-ab42-ba1f-f3fe2ced0fd5}\SET573C.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_16532ca9ffa9dc28\tap_ovpnconnect.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{ecfb010d-f9e5-0f4d-90fc-7528412a21f4}\SET53DF.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{ecfb010d-f9e5-0f4d-90fc-7528412a21f4}\SET53E1.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{ecfb010d-f9e5-0f4d-90fc-7528412a21f4}\SET53E1.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_16532ca9ffa9dc28\oemvista.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\ovpn-dco.inf_amd64_b737bb7e846ccda6\ovpn-dco.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{ecfb010d-f9e5-0f4d-90fc-7528412a21f4}\SET53E0.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{ecfb010d-f9e5-0f4d-90fc-7528412a21f4}\ovpn-dco.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{ee0fd940-5048-ab42-ba1f-f3fe2ced0fd5}\tap_ovpnconnect.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{ee0fd940-5048-ab42-ba1f-f3fe2ced0fd5}\SET574C.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{ecfb010d-f9e5-0f4d-90fc-7528412a21f4}\ovpn-dco.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\ovpn-dco.inf_amd64_b737bb7e846ccda6\ovpn-dco.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{ee0fd940-5048-ab42-ba1f-f3fe2ced0fd5}\tap_ovpnconnect.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{ecfb010d-f9e5-0f4d-90fc-7528412a21f4}\SET53DF.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{ecfb010d-f9e5-0f4d-90fc-7528412a21f4}\SET53E0.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\ovpn-dco.inf_amd64_b737bb7e846ccda6\ovpn-dco.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{ecfb010d-f9e5-0f4d-90fc-7528412a21f4} | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{ee0fd940-5048-ab42-ba1f-f3fe2ced0fd5}\SET573B.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{ee0fd940-5048-ab42-ba1f-f3fe2ced0fd5}\SET573C.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{ee0fd940-5048-ab42-ba1f-f3fe2ced0fd5}\SET574C.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\ovpn-dco.inf_amd64_b737bb7e846ccda6\ovpn-dco.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{ee0fd940-5048-ab42-ba1f-f3fe2ced0fd5} | C:\Windows\system32\DrvInst.exe | N/A |
Probable phishing domain
| Description | Indicator | Process | Target |
| HTTP URL | https://openvpn.net/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8b866b28ac9cd16c | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\OpenVPN Connect\LICENSES.chromium.html | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\nb.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\zh-CN.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\am.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\resources\app.asar.unpacked\black_connected.ico | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\resources\app.asar.unpacked\black_disconnected.ico | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\sl.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\es-419.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\lv.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\resources\app.asar.unpacked\white_connecting.ico | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\drivers\tap\arm64\win10\tap_ovpnconnect.sys | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\resources\app.asar.unpacked\Connected.ico | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\hi.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\hr.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\agent_ovpnconnect.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\ar.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\bg.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\sr.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\sw.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\uk.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\ovpn-dco\Win10\ovpn-dco.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\icudtl.dat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\zh-TW.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\resources\app.asar.unpacked\keytar.node | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\pt-BR.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\ovpnconnector.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Common Files\ovpn-dco\Win10\ovpn-dco.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\pt-PT.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\d3dcompiler_47.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\drivers\tap\x86\win10\OemVista.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\resources\app.asar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\ca.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\cs.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\id.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\ovpnhelper_service.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\drivers\tap\arm64\win10\tap_ovpnconnect.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\bn.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\resources\app.asar.unpacked\Connecting.ico | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\kn.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\drivers\tap\x86\win10\tap_ovpnconnect.sys | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\resources\app.asar.unpacked\black_connecting.ico | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\resources\app.asar.unpacked\Disconnected.ico | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\ml.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\resources\app.asar.unpacked\pkcs11.node | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\version | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\fr.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\he.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\libGLESv2.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tap_ovpnconnect.sys | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\v8_context_snapshot.bin | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tap_ovpnconnect.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\et.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\ffmpeg.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\it.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\ru.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\OemVista.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\gu.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\lt.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\chrome_200_percent.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\da.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\fil.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\el.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\OpenVPN Connect\locales\en-US.pak | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSI486C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI594D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6160.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5d3f00.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI423D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI42CB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI484C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI58BD.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI593D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5B14.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI429B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\{476194D5-A162-4677-A53F-1DE4ED5F27CF}\icon.ico | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI592B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI59CB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5d3f00.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI533B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem4.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI592C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5d3f02.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6140.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI557F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{476194D5-A162-4677-A53F-1DE4ED5F27CF}\icon.ico | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4190.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{476194D5-A162-4677-A53F-1DE4ED5F27CF} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4957.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI567A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\INF\oem3.PNF | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4618.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| File opened for modification | C:\Windows\inf\oem4.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\System32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\System32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\System32\netsh.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service | C:\Windows\system32\DrvInst.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\LowerFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\LowerFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Filters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Windows\System32\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\System32\MsiExec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\RAS AutoDial | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133690081145306729" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\SourceList\Media\2 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\OpenVPNConnect.exe | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\OpenVPNConnect.exe\SupportedTypes | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\OVPNProfileAssociation\shell\reg_OVPNProfileAssociation | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5D491674261A77645AF3D14EDEF572FC\MainApplication | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\ProductName = "OpenVPN Connect" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{5F7D5998-E5FB-4D24-968C-C3033EBB10AB} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\EBDB63A7D2D217748A9FF082FAF7A8D2 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\OVPNProfileAssociation\shell\reg_OVPNProfileAssociation | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\OpenVPNConnect.exe\shell\open | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\SourceList\Media\3 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\OVPNProfileAssociation\shell\reg_OVPNProfileAssociation\command\ = "\"C:\\Program Files\\OpenVPN Connect\\OpenVPNConnect.exe\" --open-association=\"%1\"" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\OVPNProfileAssociation\shell\reg_OVPNProfileAssociation\command | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5D491674261A77645AF3D14EDEF572FC | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\ProductIcon = "C:\\Windows\\Installer\\{476194D5-A162-4677-A53F-1DE4ED5F27CF}\\icon.ico" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.ovpn | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\OVPNProfileAssociation | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\PackageCode = "B966E93183B82874DA243E16CCB1CE16" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\OVPNProfileAssociation | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.ovpn\ = "OVPNProfileAssociation" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\OVPNProfileAssociation\shell | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\OpenVPNConnect.exe\SupportedTypes\ovpn | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\OpenVPNConnect.exe\shell | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\OVPNProfileAssociation\ = "OVPN Profile" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5D491674261A77645AF3D14EDEF572FC\TAPDriverFeature = "MainApplication" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.ovpn\Content Type = "application/x-openvpn-profile" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\SourceList\PackageName = "openvpn-connect-3.5.0.3818_signed.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5D491674261A77645AF3D14EDEF572FC\DCODriverFeature = "MainApplication" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\Version = "50659328" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5D491674261A77645AF3D14EDEF572FC\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\EBDB63A7D2D217748A9FF082FAF7A8D2\5D491674261A77645AF3D14EDEF572FC | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\OpenVPNConnect.exe\shell\open\FriendlyAppName = "OpenVPN Connect" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\OVPNProfileAssociation\shell\reg_OVPNProfileAssociation\ = "Open" | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\System32\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\profile-autologin-juzo.ovpn
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xdc,0x104,0x7ffa9214cc40,0x7ffa9214cc4c,0x7ffa9214cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1608,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1604 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2388 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3144 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4516,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4580 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4736,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4564 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3148,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4944 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4968,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4488 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4352,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4976 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4748,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5128 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5360,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4868 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5476,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5392 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5036,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5436,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5288 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5412,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5092 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5160,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5736 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5592,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5432 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5904,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5940 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6104,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5896 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6348,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5952 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5504,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5536 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6156,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5524 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5900,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5988,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6292 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6404,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6096 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=4540,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5148 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=4800,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3660 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=1216,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4940 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=3244,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4372 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=5356,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5912 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=5432,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6288 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6044,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4612 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=5248,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4676 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6696,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6752 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7000,i,4089342095063044202,11133952238132859096,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5516 /prefetch:8
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\openvpn-connect-3.5.0.3818_signed.msi"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 3BABE2FA0BDD81CCEDC4FAF213EE07E9 C
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 484F88B543BF80714FC1A8E74486CD57
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding AB046E54FABA7ACD885866F35383DA5C E Global\MSI0000
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files\Common Files\ovpn-dco\Win10\ovpn-dco.inf" "9" "4e1f3ffd3" "0000000000000100" "WinSta0\Default" "0000000000000150" "208" "C:\Program Files\Common Files\ovpn-dco\Win10"
C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe
"C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe" drivernodes tap_ovpnconnect
C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe
"C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe" remove "C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\OemVista.inf" tap_ovpnconnect
C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe
"C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\tapinstall.exe" install "C:\Program Files\OpenVPN Connect\drivers\tap\amd64\win10\OemVista.inf" tap_ovpnconnect
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "c:\program files\openvpn connect\drivers\tap\amd64\win10\oemvista.inf" "9" "4ecbb43a3" "0000000000000154" "WinSta0\Default" "0000000000000160" "208" "c:\program files\openvpn connect\drivers\tap\amd64\win10"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem4.inf" "oem4.inf:3beb73aff103cc24:tap_ovpnconnect.ndi:9.27.0.0:tap_ovpnconnect," "4ecbb43a3" "0000000000000178"
C:\Program Files\OpenVPN Connect\agent_ovpnconnect.exe
"C:\Program Files\OpenVPN Connect\agent_ovpnconnect.exe" install
C:\Program Files\OpenVPN Connect\agent_ovpnconnect.exe
"C:\Program Files\OpenVPN Connect\agent_ovpnconnect.exe"
C:\Program Files\OpenVPN Connect\ovpnhelper_service.exe
"C:\Program Files\OpenVPN Connect\ovpnhelper_service.exe" install
C:\Program Files\OpenVPN Connect\ovpnhelper_service.exe
"C:\Program Files\OpenVPN Connect\ovpnhelper_service.exe"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "2" "11" "ROOT\NET\0001" "C:\Windows\INF\oem3.inf" "oem3.inf:c695c3de07ba2b5d:ovpn-dco_Device:1.2.1.0:ovpn-dco," "433338203" "000000000000018C"
C:\Windows\System32\netsh.exe
netsh interface set interface name="Local Area Connection 2" newname="OpenVPN Connect DCO Adapter"
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman
C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe
"C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe" --minimized --opened-at-setup
C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe
"C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe"
C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe
"C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe"
C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe
"C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe"
C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe
"C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | chrome.google.com | udp |
| FR | 172.217.20.206:443 | chrome.google.com | tcp |
| US | 8.8.8.8:53 | 227.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 206.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| FR | 172.217.20.170:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 172.217.18.206:443 | clients2.google.com | udp |
| FR | 172.217.18.206:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 206.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| FR | 216.58.214.78:443 | encrypted-tbn2.gstatic.com | tcp |
| US | 8.8.8.8:53 | dns-tunnel-check.googlezip.net | udp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | 66.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.214.58.216.in-addr.arpa | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 142.250.75.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 157.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| FR | 142.250.201.174:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| FR | 172.217.20.170:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | openvpn.net | udp |
| US | 8.8.8.8:53 | try.abtasty.com | udp |
| US | 8.8.8.8:53 | cmp.osano.com | udp |
| US | 8.8.8.8:53 | fastly.jsdelivr.net | udp |
| US | 104.19.190.106:443 | openvpn.net | tcp |
| US | 104.19.190.106:443 | openvpn.net | tcp |
| US | 104.19.190.106:443 | openvpn.net | tcp |
| US | 104.19.190.106:443 | openvpn.net | tcp |
| US | 104.19.190.106:443 | openvpn.net | tcp |
| US | 104.19.190.106:443 | openvpn.net | tcp |
| GB | 108.138.217.76:443 | try.abtasty.com | tcp |
| GB | 108.156.39.5:443 | cmp.osano.com | tcp |
| US | 151.101.1.229:443 | fastly.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | 174.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.190.19.104.in-addr.arpa | udp |
| GB | 108.138.217.76:443 | try.abtasty.com | udp |
| US | 151.101.1.229:443 | fastly.jsdelivr.net | udp |
| US | 8.8.8.8:53 | player.vimeo.com | udp |
| US | 8.8.8.8:53 | js.hs-scripts.com | udp |
| US | 8.8.8.8:53 | static.zdassets.com | udp |
| US | 8.8.8.8:53 | metrics-gen2.openvpn.net | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 162.159.138.60:443 | player.vimeo.com | tcp |
| US | 104.16.137.209:443 | js.hs-scripts.com | tcp |
| US | 104.18.72.113:443 | static.zdassets.com | tcp |
| FR | 142.250.201.179:443 | metrics-gen2.openvpn.net | tcp |
| DE | 157.240.27.27:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | status.openvpn.com | udp |
| US | 104.18.21.80:443 | status.openvpn.com | tcp |
| GB | 108.138.217.76:443 | try.abtasty.com | udp |
| US | 104.19.190.106:1234 | openvpn.net | tcp |
| US | 8.8.8.8:53 | ekr.zdassets.com | udp |
| US | 8.8.8.8:53 | js.hs-analytics.net | udp |
| US | 8.8.8.8:53 | js.hs-banner.com | udp |
| US | 8.8.8.8:53 | js.hsadspixel.net | udp |
| US | 104.18.72.113:443 | ekr.zdassets.com | tcp |
| US | 104.17.128.172:443 | js.hsadspixel.net | tcp |
| US | 104.17.175.201:443 | js.hs-analytics.net | tcp |
| US | 104.18.40.240:443 | js.hs-banner.com | tcp |
| FR | 172.217.20.170:443 | content-autofill.googleapis.com | tcp |
| DE | 157.240.27.27:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | extend.vimeocdn.com | udp |
| GB | 146.75.74.109:443 | extend.vimeocdn.com | tcp |
| GB | 108.138.217.76:443 | try.abtasty.com | tcp |
| US | 8.8.8.8:53 | api.hubapi.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | tracking.g2crowd.com | udp |
| US | 104.18.244.108:443 | api.hubapi.com | tcp |
| US | 8.8.8.8:53 | 76.217.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.137.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.72.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.138.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.27.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.128.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.175.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.40.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.74.75.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 104.18.30.176:443 | tracking.g2crowd.com | tcp |
| US | 104.18.30.176:443 | tracking.g2crowd.com | tcp |
| US | 104.18.30.176:443 | tracking.g2crowd.com | tcp |
| US | 104.18.30.176:443 | tracking.g2crowd.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 104.18.30.176:443 | tracking.g2crowd.com | tcp |
| US | 8.8.8.8:53 | openvpn.zendesk.com | udp |
| US | 104.16.51.111:443 | openvpn.zendesk.com | tcp |
| US | 104.16.51.111:443 | openvpn.zendesk.com | tcp |
| US | 8.8.8.8:53 | track.hubspot.com | udp |
| US | 104.16.117.116:443 | track.hubspot.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 108.244.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.30.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.51.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.117.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.hubspot.com | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| US | 8.8.8.8:53 | consent.api.osano.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 104.16.117.116:443 | js.hubspot.com | tcp |
| GB | 13.224.245.27:443 | static.hotjar.com | tcp |
| GB | 173.222.211.50:443 | snap.licdn.com | tcp |
| GB | 143.204.68.98:443 | consent.api.osano.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 8.8.8.8:53 | cta-service-cms2.hubspot.com | udp |
| GB | 18.245.253.79:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | perf-na1.hsforms.com | udp |
| US | 8.8.8.8:53 | vc.hotjar.io | udp |
| US | 104.19.175.188:443 | perf-na1.hsforms.com | tcp |
| US | 8.8.8.8:53 | 27.245.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.68.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.253.245.18.in-addr.arpa | udp |
| GB | 18.245.218.17:443 | vc.hotjar.io | tcp |
| GB | 108.156.39.5:443 | cmp.osano.com | udp |
| US | 8.8.8.8:53 | 188.175.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.218.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 104.19.190.106:1234 | openvpn.net | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 104.19.175.188:443 | perf-na1.hsforms.com | udp |
| GB | 108.138.217.76:443 | try.abtasty.com | udp |
| US | 8.8.8.8:53 | e2c39.gcp.gvt2.com | udp |
| FI | 35.217.17.196:443 | e2c39.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | dcinfos-cache.abtasty.com | udp |
| US | 34.36.178.232:443 | dcinfos-cache.abtasty.com | tcp |
| US | 34.36.178.232:443 | dcinfos-cache.abtasty.com | tcp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | widgets.abtasty.com | udp |
| FR | 142.250.179.99:443 | beacons.gvt2.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| IE | 52.17.161.168:443 | widgets.abtasty.com | tcp |
| US | 8.8.8.8:53 | 196.17.217.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.178.36.34.in-addr.arpa | udp |
| FR | 142.250.179.99:443 | beacons.gvt2.com | tcp |
| US | 8.8.8.8:53 | ariane.abtasty.com | udp |
| US | 34.36.178.232:443 | ariane.abtasty.com | tcp |
| US | 8.8.8.8:53 | 168.161.17.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | myaccount.openvpn.com | udp |
| US | 104.18.20.80:443 | myaccount.openvpn.com | tcp |
| US | 104.18.20.80:443 | myaccount.openvpn.com | tcp |
| US | 8.8.8.8:53 | 80.20.18.104.in-addr.arpa | udp |
| GB | 108.138.217.76:443 | try.abtasty.com | tcp |
| US | 104.18.72.113:443 | ekr.zdassets.com | tcp |
| US | 104.16.137.209:443 | js.hs-scripts.com | tcp |
| GB | 108.156.39.5:443 | cmp.osano.com | tcp |
| FR | 142.250.201.179:443 | metrics-gen2.openvpn.net | tcp |
| GB | 108.138.217.76:443 | try.abtasty.com | udp |
| GB | 108.138.217.76:443 | try.abtasty.com | udp |
| US | 104.18.72.113:443 | ekr.zdassets.com | tcp |
| US | 104.17.175.201:443 | js.hs-analytics.net | tcp |
| US | 104.16.117.116:443 | cta-service-cms2.hubspot.com | tcp |
| US | 104.18.40.240:443 | js.hs-banner.com | tcp |
| US | 104.17.128.172:443 | js.hsadspixel.net | tcp |
| GB | 108.138.217.76:443 | try.abtasty.com | tcp |
| GB | 146.75.74.109:443 | extend.vimeocdn.com | tcp |
| US | 104.18.20.80:443 | myaccount.openvpn.com | tcp |
| US | 104.18.244.108:443 | api.hubapi.com | tcp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 104.19.175.188:443 | perf-na1.hsforms.com | tcp |
| US | 104.16.51.111:443 | openvpn.zendesk.com | tcp |
| US | 104.16.51.111:443 | openvpn.zendesk.com | tcp |
| US | 8.8.8.8:53 | sentry-proxy.openvpn.net | udp |
| US | 8.8.8.8:53 | 229.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.179.250.142.in-addr.arpa | udp |
| US | 13.56.143.88:443 | sentry-proxy.openvpn.net | tcp |
| US | 104.16.117.116:443 | cta-service-cms2.hubspot.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| FR | 172.217.20.170:443 | content-autofill.googleapis.com | tcp |
| DE | 157.240.27.27:443 | connect.facebook.net | tcp |
| DE | 157.240.27.27:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | 88.143.56.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.249.124.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| DE | 157.240.27.35:443 | www.facebook.com | tcp |
| DE | 157.240.27.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 35.27.240.157.in-addr.arpa | udp |
| DE | 157.240.27.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 13.224.245.27:443 | static.hotjar.com | tcp |
| GB | 173.222.211.50:443 | snap.licdn.com | tcp |
| GB | 143.204.68.98:443 | consent.api.osano.com | tcp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 18.245.253.79:443 | script.hotjar.com | tcp |
| US | 104.19.191.106:1234 | openvpn.net | tcp |
| US | 34.36.178.232:443 | ariane.abtasty.com | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tattle.api.osano.com | udp |
| US | 52.1.135.59:443 | tattle.api.osano.com | tcp |
| US | 8.8.8.8:53 | 59.135.1.52.in-addr.arpa | udp |
| US | 52.1.135.59:443 | tattle.api.osano.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | sso-backend.openvpn.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| FR | 142.250.179.99:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| DE | 157.240.27.35:443 | www.facebook.com | udp |
| IE | 74.125.193.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 84.193.125.74.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| FR | 172.217.20.170:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| FR | 172.217.20.206:443 | accounts.youtube.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 142.250.75.238:443 | play.google.com | udp |
| FR | 142.250.75.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 95.16.208.104.in-addr.arpa | udp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | 226.75.250.142.in-addr.arpa | udp |
| IE | 74.125.193.84:443 | accounts.google.com | udp |
| FR | 142.250.179.99:443 | beacons.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | signaler-pa.googleapis.com | udp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| IE | 74.125.193.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 202.20.217.172.in-addr.arpa | udp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| FR | 172.217.20.206:443 | accounts.youtube.com | tcp |
| US | 8.8.8.8:53 | accounts.google.co.uk | udp |
| IE | 209.85.202.94:443 | accounts.google.co.uk | tcp |
| US | 8.8.8.8:53 | accounts.google.fr | udp |
| IE | 209.85.202.94:443 | accounts.google.fr | tcp |
| US | 8.8.8.8:53 | 94.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| FR | 142.250.178.129:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 129.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | extend.vimeocdn.com | udp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 104.19.175.188:443 | perf-na1.hsforms.com | udp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 8.8.8.8:53 | try.abtasty.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 108.138.217.10:443 | try.abtasty.com | udp |
| GB | 108.138.217.10:443 | try.abtasty.com | udp |
| US | 8.8.8.8:53 | 10.217.138.108.in-addr.arpa | udp |
| US | 34.36.178.232:443 | ariane.abtasty.com | tcp |
| US | 34.36.178.232:443 | ariane.abtasty.com | tcp |
| US | 8.8.8.8:53 | sentry-proxy.openvpn.net | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 13.56.143.88:443 | sentry-proxy.openvpn.net | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | udp |
| US | 34.36.178.232:443 | ariane.abtasty.com | tcp |
| US | 34.36.178.232:443 | ariane.abtasty.com | udp |
| US | 8.8.8.8:53 | fastly.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cmp.osano.com | udp |
| GB | 108.138.217.10:443 | try.abtasty.com | udp |
| US | 151.101.65.229:443 | fastly.jsdelivr.net | udp |
| GB | 108.156.39.5:443 | cmp.osano.com | udp |
| US | 104.16.117.116:443 | cta-service-cms2.hubspot.com | tcp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 229.65.101.151.in-addr.arpa | udp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | tcp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | tcp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | udp |
| US | 8.8.8.8:53 | 41.94.18.104.in-addr.arpa | udp |
| US | 104.19.190.106:1234 | openvpn.net | tcp |
| GB | 108.138.217.10:443 | try.abtasty.com | udp |
| GB | 108.138.217.10:443 | try.abtasty.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | udp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 104.19.175.188:443 | perf-na1.hsforms.com | udp |
| US | 8.8.8.8:53 | widgets.abtasty.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| IE | 52.30.148.144:443 | widgets.abtasty.com | tcp |
| US | 34.36.178.232:443 | ariane.abtasty.com | udp |
| US | 8.8.8.8:53 | 144.148.30.52.in-addr.arpa | udp |
| US | 34.36.178.232:443 | ariane.abtasty.com | udp |
| IE | 52.30.148.144:443 | widgets.abtasty.com | tcp |
| US | 34.36.178.232:443 | ariane.abtasty.com | tcp |
| US | 104.19.190.106:1234 | openvpn.net | tcp |
| GB | 108.138.217.10:443 | try.abtasty.com | udp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| IE | 74.125.193.84:443 | accounts.google.com | udp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | cloud.openvpn.com | udp |
| US | 104.19.175.188:443 | perf-na1.hsforms.com | udp |
| GB | 108.138.217.10:443 | try.abtasty.com | udp |
| GB | 108.138.217.10:443 | try.abtasty.com | udp |
| US | 8.8.8.8:53 | ekr.zdassets.com | udp |
| US | 8.8.8.8:53 | general-billing.openvpn.com | udp |
| US | 8.8.8.8:53 | cloud-main.openvpn.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | udp |
| US | 34.36.178.232:443 | ariane.abtasty.com | udp |
| US | 34.36.178.232:443 | ariane.abtasty.com | udp |
| US | 8.8.8.8:53 | condorssd.openvpn.com | udp |
| US | 34.36.178.232:443 | ariane.abtasty.com | tcp |
| US | 8.8.8.8:53 | billing-backend.openvpn.com | udp |
| US | 8.8.8.8:53 | cv.openvpn.com | udp |
| US | 8.8.8.8:53 | ls.openvpn.com | udp |
| US | 8.8.8.8:53 | cloud-user.openvpn.com | udp |
| US | 8.8.8.8:53 | publishing.openvpn.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | google.co.uk | udp |
| FR | 142.250.201.163:443 | google.co.uk | tcp |
| US | 8.8.8.8:53 | google.fr | udp |
| FR | 216.58.214.67:443 | google.fr | tcp |
| US | 8.8.8.8:53 | 163.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 8.8.8.8:53 | tattle.api.osano.com | udp |
| US | 8.8.8.8:53 | sentry-proxy.openvpn.net | udp |
| US | 52.53.110.157:443 | sentry-proxy.openvpn.net | tcp |
| US | 8.8.8.8:53 | 157.110.53.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| FR | 172.217.20.163:443 | beacons3.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| FR | 172.217.20.163:443 | beacons3.gvt2.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | lh3.google.com | udp |
| FR | 216.58.214.78:443 | lh3.google.com | tcp |
| FR | 142.250.178.129:443 | lh3.googleusercontent.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FR | 142.250.179.86:443 | i.ytimg.com | tcp |
| FR | 142.250.179.86:443 | i.ytimg.com | tcp |
| FR | 142.250.179.86:443 | i.ytimg.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 86.179.250.142.in-addr.arpa | udp |
| FR | 142.250.201.174:443 | www.youtube.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| FR | 142.250.201.174:443 | www.youtube.com | udp |
| FR | 142.250.179.86:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 142.250.75.238:443 | play.google.com | udp |
| FR | 142.250.75.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| FR | 216.58.214.166:443 | static.doubleclick.net | tcp |
| FR | 172.217.20.170:443 | jnn-pa.googleapis.com | tcp |
| FR | 172.217.20.170:443 | jnn-pa.googleapis.com | udp |
| FR | 142.250.75.238:443 | play.google.com | tcp |
| FR | 142.250.75.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 166.214.58.216.in-addr.arpa | udp |
| FR | 142.250.75.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| FR | 172.217.20.206:443 | ogs.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| FR | 142.250.179.110:443 | encrypted-vtbn0.gstatic.com | tcp |
| FR | 142.250.179.110:443 | encrypted-vtbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | widgets.abtasty.com | udp |
| US | 8.8.8.8:53 | try.abtasty.com | udp |
| US | 8.8.8.8:53 | fastly.jsdelivr.net | udp |
| IE | 52.30.148.144:443 | widgets.abtasty.com | tcp |
| US | 8.8.8.8:53 | cmp.osano.com | udp |
| US | 151.101.193.229:443 | fastly.jsdelivr.net | udp |
| GB | 108.138.217.95:443 | try.abtasty.com | udp |
| GB | 108.156.39.49:443 | cmp.osano.com | udp |
| US | 104.19.190.106:1234 | openvpn.net | tcp |
| GB | 108.138.217.95:443 | try.abtasty.com | udp |
| GB | 108.138.217.95:443 | try.abtasty.com | udp |
| US | 8.8.8.8:53 | 229.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.217.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | extend.vimeocdn.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| DE | 157.240.27.35:443 | www.facebook.com | udp |
| FR | 142.250.179.106:443 | content-autofill.googleapis.com | udp |
| US | 104.19.175.188:443 | perf-na1.hsforms.com | udp |
| US | 34.36.178.232:443 | ariane.abtasty.com | udp |
| US | 8.8.8.8:53 | 106.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | swupdate.openvpn.net | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| FR | 142.250.201.163:443 | google.co.uk | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 104.19.191.106:1234 | swupdate.openvpn.net | tcp |
| FR | 216.58.214.67:443 | google.fr | udp |
| US | 8.8.8.8:53 | tattle.api.osano.com | udp |
| US | 8.8.8.8:53 | 57.166.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| FR | 142.250.179.99:443 | beacons.gvt2.com | tcp |
| FR | 172.217.18.206:443 | clients2.google.com | tcp |
| FR | 142.250.179.99:443 | beacons.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | metrics-gen2.openvpn.net | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| FR | 142.250.201.179:443 | metrics-gen2.openvpn.net | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| FR | 142.250.201.179:443 | metrics-gen2.openvpn.net | tcp |
Files
\??\pipe\crashpad_4212_KSBCPMRIJGORDBEJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 2257803a7e34c3abd90ec6d41fd76a5a |
| SHA1 | f7a32e6635d8513f74bd225f55d867ea56ae4803 |
| SHA256 | af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174 |
| SHA512 | e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | d9ae456eff941ae5dcaa0b496d4a357a |
| SHA1 | ddec1232b3e97b28e72c47f21c483955b4612064 |
| SHA256 | 48769bfbf84983ab59aee502ef249067a14f50c1f1c5617c5e2f59adc72a672f |
| SHA512 | b85c17f2bf9c5c16179e307bad8bf759462e2f2956b27cc11dd8999b59902502fab3afad022b3a2ad6a854be2458b8d4269b432e3c6d1de3dd6f2670187c5859 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 45ed841928680bed4adc3590f6da5e9f |
| SHA1 | 5ee0b6e770822f89e55f72beb8d4687b316f7da5 |
| SHA256 | 1677847c4e9692766251cea9994856afaa5dd8f89b09488c065a3737d7acc8b3 |
| SHA512 | 879fe5fa703d509bf6a4306f6695c8a656830a9570496e09832fad8481e36faef8e2b2b6b579fdab4ab2229cb1ea21232a9be68a9ed8906012640ef0b3853c8e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 46d0d71911392ce19729a8276101f3d0 |
| SHA1 | c4d3b8528c5bbad59b9858295cc5fade06a971a7 |
| SHA256 | 5bc66e3187cae8278524292d8a377a3d26053d857491638d48d0423e74b9cdf6 |
| SHA512 | 1e2f5b2e20f78b65c9352a85d669ad8f37df58ca1b7cc3fa81fe8e6fb05697bccd46a3860dcaef1f3cc466af6b0a7552de9af84f7e7b383404e6fe108b2ae0a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 08977f97c3588127c963e953ab57efa1 |
| SHA1 | 50fc370da52b15172b367e07c49de1b20ca914f5 |
| SHA256 | b81433600275729d66aeead759dcca2ef727cdc1ab2dbdecc1337a3fe7424fa9 |
| SHA512 | ce134e8c0c8a449a6f5002abb579d71b78a5a9ac24f1c496b40423c82cf9bfd10f16be3b06c1ed8f3f95619167d418d1cce21d3563b268f0370e3913d4140dae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 433b39558c6daf846644299061ce1b0a |
| SHA1 | 11835399b0f417ddb70c7e2e7434eb2392c4a440 |
| SHA256 | 78b77f5b02c6fa80c65b824b363b902f7fc06d98e8db0221f17d3f094de08835 |
| SHA512 | 043aa8b043f5fac8b99fbda4242fbd86408dd41c340a4258ed81ea63d2ce4f6986f1715ca8be561cae8fe321aa92b043c59de9047891beec7526668d52ae3a5d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6237267f740a80d25810a9cf0e976563 |
| SHA1 | 901e366a54862bf93db4f5a0a85a3f0dd25ec215 |
| SHA256 | feac9fde73fd9845055a0421d2c1ebe0b49acbc0a0a125f67fc9086cc70d6f01 |
| SHA512 | c5970d87ae347e3d01ad713b0ff110b3ef0cd274b0fc415891fda94dd7870c73be99e57fe166e4fcca7e25f0951312c4812e5bd1470093f29560320f8adb7046 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f0f9886eb899ee74ab2d52b016a38964 |
| SHA1 | 8313726b106c7db87b4b69d16303ffbc97826bac |
| SHA256 | 48cc12b90ddebbeda67d38429b99c3a370678dc559ebca300a03f1eec2ecddf3 |
| SHA512 | e4f7596c9451dce2c47a4f342ce1a1632dea81d0f840883c1fc455c908de79e11563e648889c04685198f3ecd36bd6b2bce30d7d2342c4529939606c1f1bd5ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2547ce44338e62e71e8c0aeb1d00ef7d |
| SHA1 | 61744cdb41162360ff89fc96c63e53175cf0537f |
| SHA256 | 75d3a366726c961409ea7892fb9bc39d65720ddb2402d09db0f8478e7e88e9bc |
| SHA512 | 39c48ae92e4fddb3efce5ce657ff291cf60c145c1a96e8ed498e0c365380da411d2905d1effa91f1415d35feb9d052e9adc7a55dfc772a9f68931cf4667b853c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8c8b47e483a72106da43eba19dc288e7 |
| SHA1 | c31f849a746b3dbf521a069e4730ee464f456f03 |
| SHA256 | 37fa5d47180cc7547386009f9bb982905585d56e63fef1043088a74846b362f5 |
| SHA512 | 24fbdcec0c889f007a650a6fb0f8d7ba1cd178723f327d2c28e091e471f8772d974a3756e72b869cda35d321dc504e56a704b1b4775219b76dc69c9e63ed40a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0487e0319eb9b680d709e8f0cc85b1b4 |
| SHA1 | 7ff1f32fd9c334aef96ccafbf0fb3195643b75c1 |
| SHA256 | bc4662172fb694835baf32c0cb2bd5ec00d8c6d3299729bfafabdfee72c1f39a |
| SHA512 | cad35800e870c6248557d478f292c669b2b5b0c59400e8714aa938191bd9f4e31349d0fe8be2722d30fcd6f94c097cd1424b0e2bd8c8406e2496f8abf8c8a23f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 674ff7936bc7b1538a2225cff37220e8 |
| SHA1 | 3007017324772fcc3666f8cfc33f7d413b6095b7 |
| SHA256 | f9cee3cb3f1f5092aedaefacb5958ed9396ee96cbff4e39d4be925930f4a59df |
| SHA512 | 0d235121df2c7c33a81fe9e6a2241264b2529cd60767199b078a1bc441824318c4e6efafaf77f385a0ff766d6f3289dc246ec4dfb01b800c89f1695dc1597e39 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\c873a2463adba20c0ca18252925970bdb41c9325\6da2343c-4f96-485f-8cb4-447541cde19c\index-dir\the-real-index
| MD5 | 3101f0ca197fb96c5d2152fccfe241ae |
| SHA1 | 5216464dc3ce8216ab0e427cd2d54995d0b909ce |
| SHA256 | 0c316c0abd0ba87999e6237ef9e53655775261b5ccad44e269c66d6a55437a46 |
| SHA512 | 0e0b7dec2e9273144e118585e9622b63975547f59cca2015f068a29fb157bf3362256f8f1c4b2f0a62df6d8959c16631f8d8fd2e3341948944476b4d43510f18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\c873a2463adba20c0ca18252925970bdb41c9325\6da2343c-4f96-485f-8cb4-447541cde19c\index-dir\the-real-index~RFe588846.TMP
| MD5 | 6af4ea49e719780144a68a3de4225623 |
| SHA1 | 0a243b0e75396835ae6bb8341466233f6202ba65 |
| SHA256 | 70cdd95d77374a66e422e68ee2349fbcbb421ea30b4c437b9136b49927fe8847 |
| SHA512 | 329110cc1a7c9dba7eb203a6555366ee67c1df183a83c85ed1d521f80e57e4a4f135de0a3ec67ee5714dd1316bc13e438e178786bbd0adae9ffcfcceb57329e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 513b9a0bd6a75078caaa24a06c46f5f4 |
| SHA1 | f5436e4d55928cb0a1625e8afeea9df74ecbacfd |
| SHA256 | 87c874afc4572512a056e6b221f3c51d40dcc7e85956998f67513858ec8e1190 |
| SHA512 | fc00accd525af3fc24bbd0f6a3b04cedf3dcc278718f2a32ac83e26bdd51e78d4085c3f7ce529994ed7ee85b869d787c6cc93767b5cf282c46dee87b7b9cb430 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | fef45a1faace4af5fb000c2e214d98bd |
| SHA1 | 76fb7e4d6e15f91b54a97adbfe65f1a0361c3219 |
| SHA256 | f2b59b5eebb52ffd6161cf0fdaa57bd4c3834e836fa249fa3731b2255bf07d70 |
| SHA512 | 3d0850ee7f4a78e3e2e3cd8da9669e11160650b8f450d73eb62d3dac3daac7ba2489bcb619162bcfb802fe4984067f35ac9020a684f20f71f5840d39aaa24444 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\576e1629a7b3157749e39c77919733b59c33a464\c3e4a4cb-3be7-4f1b-b4f5-b0f3c92aaa44\79be68a228ac061b_0
| MD5 | d0295c2c4209ef5afee78b9671edaa8a |
| SHA1 | 3418d470a679838bc65a7da30a0506ab3e78a963 |
| SHA256 | 7a53abf3cc6948b61cf336b9c35eb607662a879bb794a0026c0566f15e5d5ae0 |
| SHA512 | b65a711b1c6953cfd947612ed05696e66230b62804067fd00b712e82ebeb6976beddced87b93861b81d816a11b5f0c426a52c3f0bfb9f3c152a9b85265dcf7e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034
| MD5 | c5519496aabfe20a3fb5dac25a1d7d09 |
| SHA1 | b6c06d59ea2afdda10fd890e1c1cc1f7f1ca8bca |
| SHA256 | 916e76b8908bad9a1b9c83134e754358a97fb7edd0468e226bfd49a11982fe7f |
| SHA512 | ff2527b1369654cf9f87fc6a1d1fb3ae9c97c85673509e8b404954976ef34359f1c8c4fb1b13b7576c2a89011beed38768388c72c621cda4ba6970aa589ea4a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038
| MD5 | 24f2844ffb7ec0232cf43c33c58e7a0b |
| SHA1 | 4673879bbf42eaba904ee685f48958e93afcff7b |
| SHA256 | 3ae51c748eec4bba7a81d614f235ac8b5cab6617ef49e232d6866af3996efa7f |
| SHA512 | eb2bce5c4c57633680cf1cb36a6120a48ed9b41dbf4fa4a9e45f8327d5f155b7a8fe9811f1b93c8ea297631985c81513f18ba556ba2f99a2cdc7bae80663a2ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039
| MD5 | 8f26a69ee4714d9327afb0116c9a66c5 |
| SHA1 | c205e5c3e53725357cc4b56f11f0b876217e4692 |
| SHA256 | e365475ef8b86e1139d5d859e663cba9af5b817fed33162ce3ac149aabbdf739 |
| SHA512 | 4d087de4649a2a4615c2bf478eb8620f74b79b782d9484df3f9634bb22027118bc82d5f9a334c3af85a16e6439ad8fdf1c35c5e598a9545244f826f84e27a7fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a
| MD5 | 0e00b102f51884302e7da43673e7cc81 |
| SHA1 | ff2573e30409e220f25ecdcccde06ec3934977b0 |
| SHA256 | ad782b31f1fd0f4c76994c67d33ccdc981b32773cf455fe742a213a12bca28b6 |
| SHA512 | 9ceefdd0f73124fd0dc1083b1f6fd5d2f5bd8faf1990e44fcea1dc9b0af3486389ee0a269b3bcf2587525a7803c520f092c154d2b43aaeba6e3457a42ee1d254 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b
| MD5 | 1a4bfcb88a941178bcfa086353a1a437 |
| SHA1 | fb47467b882418a96617eec05b7f868d6660d965 |
| SHA256 | d9f906d6e3f9e55538733cc9600db193a6fb5c8c83a3a65258037125d4a9f743 |
| SHA512 | c86c12dd76ef6d51dd019c6fd0f0e9690db1dc012aa03148346ec65ac7fdcf4c55b321f145628745eb6ef2f5661c944a6522ea0c75eacd624094ce8b8d26d96d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e
| MD5 | d047c018a59660619d29ff8720b61476 |
| SHA1 | f1150b1e4371314aaf0c23228a88b324f276c5e2 |
| SHA256 | 5e307383ec80e5449a4fb649f14ce51fe400646929fd8cdb44bb7ce04814d130 |
| SHA512 | 63f4715e6fe5dffc7a3887630455d47373252798e2881a2acf9613f5057fc2ac5792f5445d4f8c52e77de8914213a079368978d11eb022e982f1e31a65a3a844 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b52be29a4993fd50321d690444b84323 |
| SHA1 | 848e5efbc7ca8716172cb96f923fd37b544995fa |
| SHA256 | df4f22e992c72c06dc043bae5c27d96897836da815ab0e353c910e7528a9c0fc |
| SHA512 | 57f0297489c9f1fc1a0f0ae7cf6aeb69798c5c66b57ab2f8bf22f7e611c6b111375c48e0d6af0dbce4b3c134f73e5293a27d6111f38ec54f9e2332487822034d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040
| MD5 | c7499ca185afb8a4b149196d729b7d1a |
| SHA1 | 515a63fde84030ddad31b84390f9ab655637705a |
| SHA256 | 517f12733d8c3f36f4acf51221bba37f77af472a283b7e65e9c6fa6ec8615ead |
| SHA512 | 4737416dae70e637999ec218c38d176ce2571cfe892b704bcb3a68cfe4c0a8a2deea50f9e1cfc2f70da05126d748df73747e19d72f983eb335ddd350068e23e4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d6e5e4725a810852b831cf409a21a6fc |
| SHA1 | 25584fb2cb40f746e487a4824a977afd179267f2 |
| SHA256 | 31f21f93a8874d28e96e85ce5e34ed58c46c1aff5ffc7d7a12a774771529ecb5 |
| SHA512 | 17acace470d596b5191ad922a64bf6696880f297b87aedb358ad5dd2f96c902ad22331a2e4b8266f31ea7d6b17ce0f9e478dd5549813402b82714f5f4e3147bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041
| MD5 | 0728625a147ca79276a1790b9cf3175d |
| SHA1 | 60d4d776f49c7e1627a935314230dce18fb3b382 |
| SHA256 | a9a1ce7d77f651dd85dbbbda3c151024e47c5c85569801c994cca98c52e3da71 |
| SHA512 | 647fa86e7a24bad9b8e4664dfdde280fb2df9c0b58cda936a1671d4bc3a4cc314f0ae231bd26fcacffad0a428b9891cd04df63c6631e2aa6d18d8cbde5b654b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\c873a2463adba20c0ca18252925970bdb41c9325\index.txt~RFe58b800.TMP
| MD5 | 491e38d1e8ff514f9582433a7cf836b9 |
| SHA1 | a87fd9978dffff743a193fe87be084d4d4fd694a |
| SHA256 | 3e8ca66cb0e6ed20860e7ce85d873982433065c5896b1bd967052a9a76e53666 |
| SHA512 | 668cdca7d9cfd555db918894e303a4aad446b70e157200b0118d354ca140d421e694cd550a782c8826ab03d6ea428d1ab7def733ee2308c6c73a558edfea07ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\c873a2463adba20c0ca18252925970bdb41c9325\index.txt
| MD5 | 4def4664e9f3ef566faf626e819c18ca |
| SHA1 | 28dcaacc12201ae9613a04f59c75421c07ae9fac |
| SHA256 | 680c06334dddf0441eb7076d029397586aabf8528d62c8e7bf6ad070673c00f1 |
| SHA512 | f9cbf4ab907e417eb72a6e66b2d0d3c27e40429f12856b8a1c9c6c86b6113c1e57bdcc7a30323d7d67a2633164c39ae522176ec5146407740f127d60abfb77af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 588388734f39b3be2d393cc1801ad11b |
| SHA1 | afddfaaf84029e9d3a534bf33d55e4d5dce8b68c |
| SHA256 | c4b54e81e8eff7681c365f69475f81c3b6751cd02e6d9d1387b28f4303f2e838 |
| SHA512 | ccbf91cf5a35a4dd195531ec72a6232824d1f7bb540b533a8c868ddd394d474074d57b21193612e38fe7512499ebd9d380bb003fb74cda60009932f1adabfc12 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 059f96dd97c4528670ba158f61a57cf2 |
| SHA1 | 9461d59732b9e60cb48a425726f380e585d4bec7 |
| SHA256 | c9d22b1bfa82e3ec7e65d13ccaccde28c5a038c8565f5ff3ef067e9b6d9afa9a |
| SHA512 | 0ad4c8e20b654358190201b8d5ded6f5a819bcda39a7226ee1c3fbee048f662b3b4c8f8428068ed69a9d5516d600af09d5afd3674431552d16f3a64938e722c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\576e1629a7b3157749e39c77919733b59c33a464\c3e4a4cb-3be7-4f1b-b4f5-b0f3c92aaa44\index-dir\the-real-index~RFe58ef2d.TMP
| MD5 | 5491a435006717016f5a3e78feed6292 |
| SHA1 | 45ec5ee40674b575f7f1f311833de7969746e0c8 |
| SHA256 | 6ad8f422ea48fe298674e9c01cf9b286c3c4a738c998b95d1cda38dab39a6792 |
| SHA512 | bc06388b01e0b18f780dc37fd17c8a3555dc5b288e37c1b684054a04557e626aa3554bac69212842152e2b859a18d9db1630feb65bf72e8f85304ec830f645c6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\576e1629a7b3157749e39c77919733b59c33a464\c3e4a4cb-3be7-4f1b-b4f5-b0f3c92aaa44\index-dir\the-real-index
| MD5 | 92a1608d0665bb5a20848eeb62f881b2 |
| SHA1 | 0cc2453d1347fc7179ec167a2fedf6eb16cf9a38 |
| SHA256 | d4f70cc1ca640bdd73115401e48189c335f1f29a109db1227b1178d55f9bd827 |
| SHA512 | 2dc0e6104a3cda3bedbc94a96213848c5694f6c02d70cfe3fa8535fd8affe93855ec04bc7dcd6d2d7e0a483895a076bc7fcfac47655d78f46474743468ee45b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\576e1629a7b3157749e39c77919733b59c33a464\index.txt
| MD5 | 0028c3fd4d160066ffb8f605d8da1109 |
| SHA1 | adcf4ce41944e8c7533be557b79c542c796538db |
| SHA256 | dc383554745c172f2b2cbde24bc408e273739accf9ae5389bfbf1d12758b2f54 |
| SHA512 | 011c50b2b7d861c5918117826eb5a5b7063e1b82dce5228362c72defdfb8fce992434cd711c901f4e3982bcdb8f8adb176b2caf2a3e3e9c1daaa3e6cbd95557f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\576e1629a7b3157749e39c77919733b59c33a464\index.txt~RFe58ef5c.TMP
| MD5 | 930558b50c7436a69388702a6885b6c5 |
| SHA1 | 90716c6d9f818b220f9a4687451bed118f75a936 |
| SHA256 | 3761f2d5a7802dd4fc722afedaea171fcf5e6f09f50befc47656eb8bc59edd38 |
| SHA512 | 91279b4b716e144fc38a364b338bbc3410970846aef556959154fd9219ddbb6e09001b6ba07973f939573bc424b6ec394856821f0bf49338da084a65765a01e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b4eebf6bff8f98dafd7ef0cc4ead491e |
| SHA1 | 36e2fe713bc9d7ee351ec3b022eddd1735b5ad60 |
| SHA256 | f4d028627a66a30b7501d2e5ffb0568c389e005e910070cd31973538c8d8da6f |
| SHA512 | 400dd5a469040e370e87bfbccc985ea0ee5d154f17e9d01f179ff066a816156204ffcf97b5d13b7020ea6f907e4f2d9f7d17a88b663119ff0c9e31fa71ebd0b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 532c66648caea588ea4059007a69ca52 |
| SHA1 | 3668aee55aa3aa5cd93c080748764fb854336206 |
| SHA256 | a56dca98f1a3f891633c130309201b408b6660ced6a5a99183281e1c05e8030c |
| SHA512 | 8659d598b61f7cfecd540cf87885246b8a012c87b0d485c2509429871b23b8a650fc0ac742034e9054d85bdd8b6293f7a7ccf49bc42b406c35aee01977022150 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9219fa2ac44c4d15449bfb9a43f6936e |
| SHA1 | 917a34775cc0121a1bbc5182f4cb14f00c16a4d3 |
| SHA256 | a7edbb95e6c1720b2a98f76904bdfdbc13c323131feb4ae9b3caabcf058ef56e |
| SHA512 | 10327b4eaef89be206f2a7a750a57b751fe707f10ef34aef39ffb607f814ba59870a009d67aa76b7e658959044bc48b18e5aef391ba07e5d7bc011a5cda14779 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1c1a34f8a332db54b362839b79cc6ec0 |
| SHA1 | e109f452460154739ab75012a3d6eb288ebf2138 |
| SHA256 | f8f312dcdc89fc29b38390ef81837bcfcbdea88d0ad27a96eafb4e391fc5c952 |
| SHA512 | 99265721919967abbb2f93a88f35a9729323e2f097201c422a409280b13aa783d59c9304701ad2c146cf1e858b9f012c45b1e76f408afa810d5641d7faef95eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d9c4f1ef2e968efc6dc83f61693c7569 |
| SHA1 | 105c758af8cc0b12e18c83fc5d918d628000d36b |
| SHA256 | 2be03e0f369ec3693649d5cc1c1ab73f72c458b9792157494a6b6bd75beb46c4 |
| SHA512 | db9b6f4128a7f74bd9e94db55b21b7e4b7ed0cad00c202456e294564c6e6ca1b0f708b51f828215aaaa49d9459fad98662b3badec71b9e8356d1d9c9cda72da5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 87d76f390e3a7e88bc995fd2693db085 |
| SHA1 | 805452804876973a73f965171abeca3d66d6eea0 |
| SHA256 | 0f655c592e35e8e09cedde55bf3c3d007caef424e8bed8920e37f4e44612ea80 |
| SHA512 | 355c4a4f55da8d46eaf3e3f3d73d8e9f12b4f1e0966248601baafab6d1ec4908d7c7e11227426ef7b291ffcc92dc0086e899cf7b5a8d554b3c11fd948a31f8ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 904f68c8a198176599dc64b2b904c16c |
| SHA1 | 1d9469e6917d5535b72cb7dfebfa4cb1f680f026 |
| SHA256 | fa9b781b4b7160fd92aa7d33cf41b358bd0d9e3d2616e6d6a0c5c14d28ad6198 |
| SHA512 | eb2aae2b261a954372b3c06e41776a08b8a0cb7418e06ca57537a2bcf7f076f5b0dbe38596f6353254ed45eaefde87337fa11107c0a068dfb7acf963f82646c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e1866aee155de42c90da4e910addebbe |
| SHA1 | 5eb5279bc6333dabe1f0af82b3132709789fd559 |
| SHA256 | 858d492b9a50e9507f9c6816bd9a2945ae2b6d02e8990d7f9daf80386ae18f85 |
| SHA512 | 9a861f5b78f60f63d51f5f67c465fb2b208cb15cfb7c8f7f77e939c82acd71ffd569af207ce464a3de8b05d2cb071c047e6dc1f522c25b1c777f73c34709a779 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f7e3da7a59228c8a03e39c804f9be56f |
| SHA1 | 34e285adfac2a3faf92f7a573e7d867142b27852 |
| SHA256 | fedffeb8aa201c1da31fbb796e15281488421f7bead497c0666297351c4a4567 |
| SHA512 | 8eafc8b83914127a0a21619d43ca995c29bac17f1b83cb8f35edda442b38be1ee09d2d6e8dccf4d09f579c1682cf809fa9d3a631ebdccd2cb76f4ec659561d35 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 94d99d34472ec89f5b41c19461745ffc |
| SHA1 | 1906a62eaa49ba9f35d9c8a970449fc662032735 |
| SHA256 | ede39f1399e29a9668bd3e48e7f14d9efe4d25b1158646b9420e47d09a9ab7f2 |
| SHA512 | d699869d843148fc3616e54b248a653b75a1ee9f18f679c6b86cee6093941fd7015f1f35e36f831117fce7e0ef833d42642b570dbf364ce000bd99c2c354cb2e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cc38b956515f28ead944f7ce8d128e8e |
| SHA1 | d313f6142902d2360e18726b97ad9e4aae36f3a9 |
| SHA256 | 2d4fce09f064f08c5b04b10c4a92e4ef06571928060d711d69e1979e10c6bbff |
| SHA512 | 611818a36ca7ac54d14a0b8156364c7fcd23189102ec95ea88d04a8c698fea43f4061d263732fb2547307781e19707c791a1d176fbdde6fe31565edb85c4b083 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a61b10461e2888777d54f1c0d367748d |
| SHA1 | e60d17355db1e33c1419a7923374e235f547ab88 |
| SHA256 | 7991f9456a4999a4b12dddc2f26477d4bc8100f820a3243a4a6c2cd982fe4bd5 |
| SHA512 | a8e374f7bb52b2fbca269e16de07ff811704a982f9ee6a073cd1a075ccaa50d5c0df65f58cec0a7bd3e9f1572aadd1c5e0dcc3c2c6fc2ed2fc8527b4ee273ff5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 224aec19d28d813a692ce79df77da42f |
| SHA1 | 69cd9be93ee79b4e824205b22cf1df3485c8e289 |
| SHA256 | 3ab657ab84a46d1487af2e370ed79fbf45ea920806125c0641f438c83aa0590a |
| SHA512 | d19683c89625726fb60a1bbc96f378763fe00c1b01b90e616682e4a7778968aab0b30dc4b4e95c837b39a9cc8822b21633ba5dff26344646af0f029029d21429 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 21297a6e08eb1500ead4e17836a98a34 |
| SHA1 | 6a9822a1a83c72fa48f193ab194ce3c84799605a |
| SHA256 | 4af8edd29ed22e9dcb567553f0dde9754850b47cabc2b602f5a3fef6ce12347e |
| SHA512 | 30ce193264339b492a9dccbc0e24619863f0693f31591a30e4a41df2cedc9d4f88624d75405572355abb3ab0d45009fb15ae6a46f0f0c9b6768fa659f4f5afea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f31d7928cbbf437184ac0643d84dd011 |
| SHA1 | 397c65bb28409a463ca4a7b269bd7e47fd96c21d |
| SHA256 | a68e22265711c5ebeca0e2ce85dfa5899a99b9cd728bfa49e09547cc1b8cea74 |
| SHA512 | 806c19f7ec5bf81db3dd82977c38b65be7b938c6ed45736fbd68cd3c5ac5f8986634d32fb655820de8428c00349405b94dd881925b6c6bf97ffd9de568ee48c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 23a7e6b8b3fcdf0816e0f9e232b58690 |
| SHA1 | 170c2b0581602ddc61f9e60227ba8a2c133791ed |
| SHA256 | b30038ea18e77a2d2e81d564f55a8e719c18df97a4750ba466df244549962334 |
| SHA512 | 6e9b8917baf70552bb46b1e5009f97178a23977e117ea96d91d0dac9d6e835db211852c67a1cd695b2e9fd26410e44939f0b80d6c8774894665c34061b143723 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9bf39a3145253b4e3193d07a2816efb4 |
| SHA1 | 07d9996ba1a84f72abb8d3103b163e3dde5d1514 |
| SHA256 | cbddf06b26c2d65fe7f17552ebd3e67c6cb13c62cb12d46d616174db8a4d1ccf |
| SHA512 | dca6738396df09c1109a8ece598fe62f595a1932c64e90f3d72118a8d9dae993654bb26d5d01ca47a24bc9ed7a6da2c56376ffd4296105167e7af053b297c5e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ff9ea38d48ce52b00c7659753728e4d2 |
| SHA1 | 4ac3c15f599337284a9a43dffe2f8b51320145bc |
| SHA256 | fcc6b6bb0a263157703c88ced5ccb892af6c548eb2556a3da557a3a86f230823 |
| SHA512 | 63c2100ea313e6f7f761fcb0960cd3d965f5132d2d8aa42a3c52a6e5cb74577d3722359daa55dcb5aa298ea654cdce2874177607f102b7b472b29e0ca8a2db13 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ee460e5724e7fb805f7c7c8358480cb4 |
| SHA1 | 309ec948aa6603a5d1b44382ffa5d6c83d41bd9d |
| SHA256 | 729a0c5520ed32a17d6aff9b78ec1e709b046cf88970afba47005f4eae9a8a72 |
| SHA512 | 43397eb80cfe5332e52e86c652a2e96aa73af730ef5e0e90eb92ab73d63c1e15e1fb31173f57b4357f38362c9adc440a5fc2196796eb8370ef53b35dca46dacc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0a28154ec4cf5c696658066e24851deb |
| SHA1 | c9f647d8b14faf9fb18b6e509ae1c62e272e5057 |
| SHA256 | 2a72e610c2cc0a1db9807fb59c528d6c8010f3781f3bfdb2cf65083cf32aa8a7 |
| SHA512 | e2c3f4e52c5ea7fcd14b5dd65668fa0a0ac7700f712bd01c3c1ccf175c1215e681f0b51605a68cdccea4852b4e8db2df17abb9e677d7cd6f07ba6869d59c8d7f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ffe5e0c405766b7ec33eb146299f9b03 |
| SHA1 | fecf1ef1d09bf216d837eb8d8cb0a458759c2590 |
| SHA256 | 1bb6362bcabdd4acedef0b46699c879abab0dc3a54998a6a01c71578633fb23d |
| SHA512 | 068f1bad118fa459e706c9c92abced9bd9e97f9d250964b0cb984e8d901ee8209515450becd62ab1148debb55ae20a75c2b1c99aa6b02ccf36319fbaf1d905ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 08b86d32eecf410747ec6e09df3cd25c |
| SHA1 | 1244cd40c552fc8d977d95ad35b230fe24efbd74 |
| SHA256 | 3ef40b88e1d160aaa5cb012d00c6a024a236ba968c9363cdc5f827d1a2f6348f |
| SHA512 | 3fb884a30c6ce820c2407c37e577f6ae2681fc0b1aed27519049c988b28ec6be6f9b0bad144ce12eb0c730c393b6e507e162a1702c71212212a86ea6e063b77f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037
| MD5 | 97cad6e82305d8ea4fc1421b68d27a80 |
| SHA1 | 68c53afed1710c797203c633f53c8b410420af94 |
| SHA256 | 557ae8d90c827c612e6a23e3f1174053647f757577cb121c3fa42f9400849035 |
| SHA512 | dd3391d9ffd54fcab9647f5290bac330276b651ca77ab4d0820bbdaf43ebe4ace780d534bb35e723764dfe1f27d770eca8b3a0b0a264f041ba7f02f8b26f73b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c
| MD5 | 8e433c0592f77beb6dc527d7b90be120 |
| SHA1 | d7402416753ae1bb4cbd4b10d33a0c10517838bd |
| SHA256 | f052ee44c3728dfd23aba8a4567150bc314d23903026fbb6ad089422c2df56af |
| SHA512 | 5e90f48b923bb95aeb49691d03dade8825c119b2fa28977ea170c41548900f4e0165e2869f97c7a9380d7ff8ff331a1da855500e5f7b0dfd2b9abd77a386bbf3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d
| MD5 | 8dfa6923218130170936311261c0d2c3 |
| SHA1 | 01ce7ff90ab665e7361c15dcf04c5bd296751e06 |
| SHA256 | 5c8542e78bc8062d0ee49401e52d7ad8c35f6fdd64a710614972f28b4c90c8bb |
| SHA512 | 145e91903ae93a12aaaa4397c48327b87ec383791aa1630c8d9c36956afae8a9d744694e8c5e6d268172c2010d572a3490b2212f08c9e3e7fdcd744483f3d760 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f
| MD5 | ff676551a049647fe7af2a92f4bcdcf1 |
| SHA1 | 7b597b526941dab86d1c8d180706773805a6d058 |
| SHA256 | ed4f747c420ba66f5286982a82350aad0fa37d9b6597ba843a9581728546d63e |
| SHA512 | 523103f64e6284fe88cb1b9e83ff0af340ceed729233d85f257bebef6d5972073bd10765dc9a4d2aa0ada829930ebd49504ca556a7f32e6a3947ce17cc2b23c5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3781a36c1267a3a3e0aa7a49b8a2a1fe |
| SHA1 | f1f5147c7b3835f5114ddd55830b197a30d854f8 |
| SHA256 | bfa1792a1f73e96c3730c0e4876d67c617279dd71be4fa49d018d824124e1204 |
| SHA512 | 38f19da450bafc327a96dad977efafffc2ce11e1fde2d93d69d7168b04754f788bf8b53d95e3dbd74bc8e98b859d8b53426fa25208fb9bfcb1f6cf4f9c95b800 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a9fbd8f1f7b8823bf8bf234b260e988c |
| SHA1 | b65028983f203404a7244c8491badd132d069f66 |
| SHA256 | 7aaa7dc56e3f81350994381b5097d44f1e92922b52ca4c4f8856b08171545b4a |
| SHA512 | 02d64b992e24f1a3730ddf62d7916b86fb7be57efc1368d5b9aa634d975897f65d489c52bcb4a6df9360447d65c0331724f5a0d6106e71f46cd57346d6976036 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
| MD5 | 42ed01611b8374a8b9bc376b0d7df863 |
| SHA1 | d32239bcebf18664618077c2f9ecdb0eb3ac2261 |
| SHA256 | 5c7057fbb1ba0c8b65e75133b04d6a93493d65b6212b0ccab24aadbcec6e1542 |
| SHA512 | 7127629a3c93d4cb667d88afd09471205211a109b46ffc8a6c1839726a7a2c66e6b075c19fa2049866d5e46bdf5baaddfee14b81404cbb9b58225778d4cbf437 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\c873a2463adba20c0ca18252925970bdb41c9325\6da2343c-4f96-485f-8cb4-447541cde19c\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
| MD5 | c880060d6641b880a26dc37ef0af7a2f |
| SHA1 | b54922551ab6603dd2038b3e035499b66a72266b |
| SHA256 | 63803c32e891ffb4643d59e24128bdbd9b9a8a074a5f5d8dd1a2eb81bf368bcc |
| SHA512 | 7f0056d0bd1589c10663c290bf50339c6e5b0515561db12d5b21263049615e20c9a36536db53a4da3fb964b59dd311316f0024885695716dd102cc630927b866 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b
| MD5 | 1c52601e6c40f3edbf4abba050ac0e42 |
| SHA1 | 09c95f0b0d85bd24b475723e7980e2a62c2eb1f9 |
| SHA256 | 770f8ed77bbe2ba25048cf07ab837df59c9811c4f38e6e4511be9135faea9b9f |
| SHA512 | 2122680d052b5fdbc4b2d393a3a76c9c3ff4a52d4938ec6a0820d01dcfcfc348ff35765ae589ebfd73200710e1fdd7534287e81791fe5085a8a18c6d311fa1ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029
| MD5 | f5dc51258f18f012edfba088a8f88b35 |
| SHA1 | 2af17ba03474aa5d596ce633d7c5b9ccacde785b |
| SHA256 | 548ed6463a4c4c4adabdb24576d91b4c0fe87722ba68265d08604025257686b8 |
| SHA512 | 471124e808c25b769050acfc9a1321566930b93664b4403b5a75b06d627d67272b59a7ea59ecfd4fcd0acd8663a98f15d55efd4d42e3b4ab11203a151c242c77 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f9928dba00b1fc33_0
| MD5 | 4760af580def9e0e90dd291ab1376cd4 |
| SHA1 | bedac1d358b94187c18eca564ed8d8570788feb2 |
| SHA256 | c234e646c9b46b3774dd1d46b134043ac3644849680a21a28b529fca91244495 |
| SHA512 | 0c770cda2c729efa784a1dbd24e710cdb6e92064488314fc9eda7b5c0534c3437497d8a6bb6f20f0b2b2223f433ed6c9f397c729f639f6241d2c7a74454d0e36 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f9928dba00b1fc33_0
| MD5 | 156da0785e8e307852a5631b8938a5d5 |
| SHA1 | 3b5d294fafebde01f815a9ef3c28a77429d7333e |
| SHA256 | cbfb2d662420699b36e2a9f3cd0f095f49f801bef99e92b2c917470fcc3013ec |
| SHA512 | f1031f2db19478edaff274dacbcf91bb3822cde4418f97aac64fcb841013e971e324eb16f3aff7cb133129ff0605a3da380a8b504cefb237d4eee04ada218529 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 435ebbf25ccb21847510cc0d33c65805 |
| SHA1 | dc68398cc6de6e1a0f5ea6dc7a0336a01639f7e1 |
| SHA256 | f4fba35c8a006fa80141393b584ef167f3ff5241c216526d41122f1c4352791c |
| SHA512 | 7919647400572827b34da6c3d2a5c9a0c6230f2237d91d67a7ab06578cf6e778240dc73ca93a797edbc12f119a93c855fd3d1d5937e67d2176428d4849e00026 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 43171869c43f4ab5d7b295f8e7b76dce |
| SHA1 | 622063978204c287596825ae007af4737b159235 |
| SHA256 | ed7721021d1c591bd0cef472159ede48f19a2f650d654c9a7423b1a81448ea6a |
| SHA512 | 03740377b395433a412007d87ab4fec8e75b934f10ea32cdf1d13ea0f78dab6adbc1ddab4da191b3978aa3272c35ea2fbc71646a255b02a172252748737d7677 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036
| MD5 | f65761d6f5c2dc112c8c6e0b3a6772de |
| SHA1 | 2eb657e94e7804884a50e2a7aa1106246fefa47b |
| SHA256 | 87c9f94d8cf4df87e3951a5e1842e4385625713ebe8e3e6f46b832c1bbd52f49 |
| SHA512 | 2d066a866b05c5dbf218a3f78804bdff1e665e2db3a748d6dfe027dc62c0fbcd8f15860310fc310559ae109fc36f6a1bd7ff4b74a4d67cae52a226fabf4aac0b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035
| MD5 | ba081c64f358da8a5355e8f9e59b2ab5 |
| SHA1 | 23c69d7dd95dc2e5e0fb08b7873cc3c0a660a37d |
| SHA256 | 6d996f7e8e017a3cb4bc443872b50c522763e17718b42ffc6adb86b4571229ac |
| SHA512 | a7403a56bec818544d5bf623f6e6ca474e7fa7a789189682a07e28fa3da852a1869c9fc51392f704d01145ee451b569772615534fb8c48ffe89694e38b8b3169 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033
| MD5 | db5943b694e69d7c29460175ebe885bc |
| SHA1 | fb33cbb12d50297cf2aafb3d7156df41c360887a |
| SHA256 | 302174ab7e1f1dd126659b6ff22ce1ae9be08f991e3483c587f9cc05d96753d6 |
| SHA512 | 0b5907bf9bfe59dccd9239f2fa4b617f98179ab47ecab0698562801e5be8d771a607d53bb37968098251553a3c1574e83e38bf320ad765a3b79e6528ee957e46 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 354ecefef5f9db0a80721a9ee241e34f |
| SHA1 | a707cab02cacae0471df00b22a7414852b124127 |
| SHA256 | cffec7c73181119eee4ba3fba3f2b9409c75b95deadfdc33587af5614fd01432 |
| SHA512 | df9c4d55ca70dc079d3e2ecbdbbcd424326118f30b463a359a25e41bd2101afc69b9e815d63ecec5f103215277bcead449db8d2f27908fa5810c2fc21ee28b8d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 2b2321b1b8487f3daa5cdc4c8b4ba744 |
| SHA1 | afd551058c19ddac5a739d32adbb488f024e43dc |
| SHA256 | d6fbfd857dbe3ebf841240eef893102cfb3f691ca8a2264db57a16196fe24699 |
| SHA512 | 0a2337389b0878ff019ac4c44c94dbc07ff1ec4006faa5fb3f0945043bd2bbb54cf3c5cded0e4e073979de14e95c616098754bde8072938022da9c5aa4b01648 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6b8e994b5e420599682334deee0fab57 |
| SHA1 | 4ec6e0114726997f64ec5a3278a91d0d4a01f41c |
| SHA256 | e9418e6bad0b90b5be865e8dfa975c44810088e8daede2436b27030ee6c8ff89 |
| SHA512 | 2624cec25f71ef99734999c6b9c65bae712a7b95762cb87f695134bc2c85a2d1a1448b0397d513d952ffb56e974fe4cf432178a568e7e4a95075307b38dba742 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 41c462be45b5088b5eb424eb5fa6bee8 |
| SHA1 | df64e9f68762d374bf5eaa50bbed648f562313ea |
| SHA256 | cd0c979ff1f55ae2c3094f02e8c62285f3691c32970bc9d6091e568194e88ef5 |
| SHA512 | e0a0b8d4b86fb3b6f5c35a65bcc2536265243c891a6ecc2e637ee59544834cf2e58f41a0c86c24f32404614d7fd7f8764bb3e87f99d9443d15c471699493e124 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 34a074c4ebbf3e24e6f7026fce412a0a |
| SHA1 | 49f4598354a8b51da2930d00dd0e63e0f3b0d1a0 |
| SHA256 | 70364c9343b60b1345ae15c6d060b86985286872da766e4edfb52c7d213af2ef |
| SHA512 | 0db257db711f5d5f8ec58f810ca18add8fb50a6bf1c9976a874928c66e5002e729eb57cf90f215468f775efa0b8e0841b751e79f6b6f2c8425b4480f1d9e6c7f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3b8d28fc69232ee0_0
| MD5 | 0c4f83257a8df61d0fdaa80c500c056f |
| SHA1 | 6153f3294050194a5e5e9ce72339aa54e4a67842 |
| SHA256 | 085b9166f8828f3bb5b49b2ebdcec7ee21efbfa4a45e7308d15adb9e9eee74ae |
| SHA512 | 195e276d1d2a9ecb3a8b16374eae5c53db579614def37caddf8f71a34c216ec126a99b4642038405bb1c39d005a5b5b99ddf0a00ab4a6badb5979d41220ca068 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\39ebed97bb69cf42_0
| MD5 | 4d88ed2b67731e9ffe601a3e27c71539 |
| SHA1 | f03166b270ff0bed38705a20999314c5dd84382c |
| SHA256 | bac8b12ad1baf0caadc1fdbca48f8768be20360f6c1102e00455832e5b21a2be |
| SHA512 | e0c7b9f5405f1ec0af6da383c5423df854159224fcde8eae8b2468cb4533e6fb8d319a89ae6c4ca68977b4d69ac928d695d7eafa19c7cf4816602bbe5767e557 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9a2214f71e491597_0
| MD5 | 1da7bb59b2f741e9cca745c0ec7fb635 |
| SHA1 | 0b7fdad6aac877691e141db21fc4e060ea788dfe |
| SHA256 | 4ec73abee9c6c9b36f0da56a95cf08c00cd3d40dea25ae9345aa6bcb1b2f090c |
| SHA512 | 4f608fb34bd91f94c2e7bc49a9e8dde2eca3f55c998d2fbffe385074a3460e98433a843c338138bccc3d193cdf6662dce84a5d2881c69c67029b512656cd82d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\dba41aef64d06cd3_0
| MD5 | 850c28c134970170b04cbc21e444e8fe |
| SHA1 | 939002ca6db1ab49a6df642f4f80f4252160fcb6 |
| SHA256 | 25d1f3856c3da9f0ce4aa92277ea4814409bfcf3bca2c0c70548352290d1cc46 |
| SHA512 | d7c4828059a50e3d9f10384a5cad4ce8ff31e210ff8bbe79089415f76de54f4b7dfee5dc18d311a5a829d2e1b34b2ca72f3ee2f44b6aad68c1f7776b8c2b4071 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d3ac1f282841aa4e_0
| MD5 | e19b2b8bffc2a173c04d2ed709090a3f |
| SHA1 | 09e1d99925e4c773fcd39f1c248fa037008c2f6f |
| SHA256 | d62c05387412a4f7361658b12905479d08cac533ebeb501caaf97c17780e5ca5 |
| SHA512 | 9c29ce4abebae806e15e4d943fc2a516681cdda85bcb9510406f928894d925173a489929407e35b7536e6e5061e6cec41866324c6855210a5fcb20d82da12018 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\189d28dc156dd177_0
| MD5 | 82f0c76948d0db9f3f3c73884702f29d |
| SHA1 | dbc58bbadd36bc81a7d92718663233a0bb2c6243 |
| SHA256 | 9533f4e09a68aecc86e8b323d603582b011d77415a11312cc5c84c15b3e4bedc |
| SHA512 | 96f0c1f43661ba3d997cbbb91d81b133a86bcef4fbac73d3877c4b4d3b61b24bef59b4b1769aea7824b124bd9a92587951a7283448ad0f6f83ee2e0a2268a54c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\885ca62307922087_0
| MD5 | 8b8a7564abbecb554a8e5f3fb991d477 |
| SHA1 | 7b038d8ef0d79e14bd7310f265e5514876eb62b4 |
| SHA256 | db5b94183e06aa47a0b4a3492edd8335a2e0f623ac97bdac75636695103ffcad |
| SHA512 | 9345fd440cb346154236fa9bcac2278a5ac1dae686c094c0efe46ddfad79580b2997fb4489d15096e5efbb4247075a57f24ec8bd12ba80fc39211854474dd439 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b4dd533ea5dbc822_0
| MD5 | 5d416991a42f34982208696a6b624003 |
| SHA1 | b1bf6e73ed50c0b1788d6c25e652a07683ecd731 |
| SHA256 | 32ec30e6385559d589d39515a27b523b500cb91e30d6e7da1b13fe54993a5ca6 |
| SHA512 | 16e361ac1b2b6935386d03a05e1746d319df37e6291b950cffd24308fb3101350f664338ebc8be4fdaec924c9411508d9447dc21ac2569896ad210056a7ebc0d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cee075df350404c8_0
| MD5 | 1d2ab6fba9f4c4504715dd66af829fe2 |
| SHA1 | 1a2df492a4a6a2593a0a7868423c0e3cad0e212b |
| SHA256 | e6b7a851e6b14463de10a4a7257bdf2521c0d7a1cec09bbfbd682458f5e621c4 |
| SHA512 | 6b30dccad8093bed64fb4993e1a319e965312b3baca9e60ed319073d737e9695604b8477d2192bbf35c56c10faa583cd0f16b0b649a99d5aa78ae88f63722b4c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fd898057b794d827_0
| MD5 | d6006db5c1abd6e096ba121b7e0d6cab |
| SHA1 | b7bee4321fac5e962d65aa41edb05ae8d52904c6 |
| SHA256 | 6e3cb5e4eb47e5382a61ad9b4ee6deca8f90e502c4d95bc3eee4d6e33fb854ad |
| SHA512 | 8435c9b4c6349c3ade9031fe2c4131cb94cb57463b0db692c4d6705ed0396f725f73bd1edc207fd5704bbe2a9af5cd73ed3bd5594106e06f92596792ea29fa8a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\714558f579934a22_0
| MD5 | 7b7136bd34c3e4dbbb9452479af275ca |
| SHA1 | bfaba8f422b049315dc939887b72d5d422972f36 |
| SHA256 | 25910ea8893f07e19a1520f27d3452f95607da18045c7d43bd080d1c8328cde5 |
| SHA512 | ca7f99297200056cc3438e786fb5a65c1321c25caa29cd0cbcd871628177cecf49db8b07742cd8036f4c3a71dffef9f1f384802fcb4ea774b6c7a832df2a31ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bfd7253954bb19ea_0
| MD5 | 44a056829270d503a7a8e44c1f0d9ef5 |
| SHA1 | a8e2ef10bbc647ec0ade62cdf54281cc053b299c |
| SHA256 | c93a45fad81cb30a88fb3cfeac06b07c3fef85052a1d312ad7911078560502f4 |
| SHA512 | 1416c27ad31195d77e99993b5b321eddaec5112c62150ca1ead940390abc2496c70125052fcbda2a7c8d4867c6d71c39a309c7efe4f186aa3e624e14dbfd520f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ecc08170be66572b_0
| MD5 | 5ddce7cffd9a77046172e0126684f8fb |
| SHA1 | 0529eabc39a9f5ee86cbaf76d9fb1942befe3b8f |
| SHA256 | f7813b06fffc846eb15d7ad1e2eba0339e8832ac707ec97c9f83d687bba84c45 |
| SHA512 | 5ab11ad9a19357d38ce75abe0cdd0fe07e4a825f0daeb1f4464bcbf86dbf1dd03626fd6e4e8051b572e13fbbb8b53884be68c3af1e6a53891b1465b648eedbcc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\aea9d91e4ced41c0_0
| MD5 | d59316f6ef54f79d66e05636b3e59219 |
| SHA1 | 50000eb62b5f418661b5501d22c479bd56d976fe |
| SHA256 | 62a63eca8c82699e75f4541cde32707500c713ede34a5c8b03690a5b2dde4151 |
| SHA512 | cc9629382a3dc2a347f52a5330608d6326ad2eefa38fe1c224e0f12fa701e367968dbae9128182c9d3f420e3ff73351fa6397e053846846364dafedd5be54ce3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\021d469406bdb18c_0
| MD5 | 9b22c54e79fb6f02dc90461709a06d5c |
| SHA1 | 9856d691f2ac029b34ecec6d21b49fa9551aec49 |
| SHA256 | a621736fdb513a90a7029b7472a89c11a36ba16aa32c6ef4ff844345c96f762b |
| SHA512 | 9c31b876fbe5e5611d2f5e377bea9922c0f8e050d5d320f58f40592d9778226347457a6ebe944ecbf92e22ebd6431f6d5546a1009443f36f81b090cbbf6271ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5519fee4d7cd20b0_0
| MD5 | 18dff8f7ba5b479a1fbfb497d75858ae |
| SHA1 | f879c567ef400d45b8e1ccad99ca28bcfb52bc94 |
| SHA256 | b231fb8476570976d268d00b54cc218d69f3cd542bb0e0c12b53a70971b5e21c |
| SHA512 | 1348afc3e0bde2172d7ea77dda9a13b041486c21df1baa5b893ce41da7e574e637e95351412dccd8a6bfb68783199e38d5d1ee25977d1807f1062dd1ee878fd1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8a72740387fa158f_0
| MD5 | af73841b3c990265cbd018dd7ad66aab |
| SHA1 | dd147113d8dfe1afa665e9c30231e6e97990da4a |
| SHA256 | bc9fbf4fa02019e49f6c13c5bff57f441ee0d8e0569a3f66bad57a95506850d0 |
| SHA512 | 31f5cbaccb8505dafc014338428aaa53589287dfe2ebffade27f44de114eb5031d3609de30912bbe280b781631fb55ae0d1e28d47647cd6d0fe0c23e10cc8711 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e2737d34cf6325c6_0
| MD5 | 60af83bd36c55f0f7e166fa92d54dfff |
| SHA1 | b8226b70f0dac01e642c68714714c6a8f762999b |
| SHA256 | abaa87fd7742a70e391b137055c87dddb40a90cf3f34b254f574ad88dc20e063 |
| SHA512 | 45e4558955574005efce92e860eeb7543a2b70b37316798ebb8a67cb6cd16212b1a2614050341bb51214940a74ec14f15ebd2d11d4abee142d040b5c90d03b97 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\74c02836196e8660_0
| MD5 | 0b74ebe3be6ade2caa8af8e35f46f7a3 |
| SHA1 | 321123fc9afea0cf47c72a8733f6774e0d4d6b30 |
| SHA256 | 4e76bf1955ac2a7e6861cd0a8842c2f78e05ec07ab929ff16b034210f5ded4d7 |
| SHA512 | 4722e26464e469ef2a8b04e26679493ca528bf88691284f9d3603cb620d7871c96503801affc4e739a1ca8273e18e649ded1829d186f41f682463640c76c3e1a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0a38fed47949b85a_0
| MD5 | d0e20bab65db9baa8b86ffaa6266ceeb |
| SHA1 | ebd95d53d9b62eebc1bb9f4793f0fc291c2d6884 |
| SHA256 | 2ca9e674c32ef281fdb943a565b6c98e92518ee09cebfb89fe0fe7f4096a2f12 |
| SHA512 | 098b07a716e196754ccf941d369451f709e1c4bdf8524245abc6b45b1408539b8d9d53215fd69195ced3c549a8ef3015acbb688928b4ab7e6e5a94f25cca0def |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b7f1e98bc946c127_0
| MD5 | b1262b78fa0d37c6a8ff8521b2dcdbd7 |
| SHA1 | ed2935b447111ec5ca70e7ac77d8c1be6f61f1a3 |
| SHA256 | ffba1f3ef9b5d0737fb1ad3efe5d12ba88683cd0dee7370b1c81950231b459f9 |
| SHA512 | 3cf671c779a397d7dfae6936ffe345fc97baa82a8c3a6668acf78cf127f87416ae766e1d6c4a0dc45257e716b7f88e03e3ec918d3ba4267afbb0a6bbb518f0b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c6a45231797a0b48_0
| MD5 | ff4b1c6faeb49e243f5fc8647e0bc50f |
| SHA1 | 2102a8f2f72e23d67d3f549e904ba49fe2a45e33 |
| SHA256 | baf9f8b4a1598a4d4b6cb661192e90c3994f83365e8a9dd466d653c8c4fa151a |
| SHA512 | d156ab8ded1d1d195f282d7331bd95c9188ed2f110c80ec49bd70188a9290ae1f88f08a5b3fc1249be9e0ea1a36f52deca4281ec1263bb94ec0fed32427d1b4c |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | f57924ad12ad77a3ce6200268b0e0ad3 |
| SHA1 | faf35063e3524fe59f2274a759d1f7dcba170637 |
| SHA256 | 53274a91d0686cde173c51e777183e8447d1c91e585e772ec639feb8036f8464 |
| SHA512 | 6f4ed37dfe3dd2eefd82a9178b4f2b8a689911719b3bcf4b9f7dcbec6118c5f30672545c6592a6c97246e36feec4a468d7ce27c8b69eced6c36c8ac8ef63cb74 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | e5870ac694caafacedf0bdc23cb40d9c |
| SHA1 | 509ec33dd190abdcef4933215b47911c67c54713 |
| SHA256 | 17705464cdacf5b1ccdb360d32d8d4c1365b9e0149bdf287c25d686b8181720a |
| SHA512 | f185b20974bc0600471103be993911f38d790908d8c4745f0b19c569d87b051a93232ec52a10acbf0a2ed6084055c96d2b63388a05e4c5892afdbddbd8d7d16b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1243fe737cf20a2e1b207207208258f8 |
| SHA1 | 3244d7dfc7d790234c2eb624e0cccbf903697b44 |
| SHA256 | a7ab44caa5bb545cdde403fa7c775eeb30406c899dbec81c384ae06d154b017b |
| SHA512 | 8cfb2315bd4ed75c867a776cb1dd1e23d3e8bd9db94cf2135be6e7152d6c0cd8337ef69ff7944b61bf92051b93f26b07108c2bcbbdcfba9ec5e27c2286df2e79 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ec61f7cb6bf4b634d09e658c82615e2a |
| SHA1 | 0ed9f66e09e8b0888bc4531bde54ab6371fc0fbd |
| SHA256 | bae633e7249e4dbeeb57157ef9a9974cd90aca19cd325b65d3065c643e302035 |
| SHA512 | 46f45816e75077d97a4bb7162d7b5051ab9229bdf5c6bb6d569e70bac3c94aa6a513a000ed9e38e38c22fa979638cd8bbf23dd16b6435ab745ba1077d978d124 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1a953642c7969e2675425fa996cd63c7 |
| SHA1 | e0fc471c913723aac8aa575454f68ed17b116fea |
| SHA256 | f630b6e1d0395f65ed4603c3bd7aa6ae0f0856386dee69cfa766d243888b494a |
| SHA512 | 2326bb3e754abe7f29c766a9818febd5be15e24fff3f4307fa4314e8106ae448793fb7e6f45819b5a01866fd8b7c8f474abd37936d8eb3f65bea92e6a7b7a1f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a1f0c98525c6ae90afd924912f0db5b7 |
| SHA1 | c0d918ca9c359d4a5545105d08b6a44c74940fc3 |
| SHA256 | 6ceec4c9eb5288091c5ff82eb024d6b8cf25dd1612d4a2ee8f714ee15fd82043 |
| SHA512 | d5a08b56049fe51d0fcb68abfbdfbc53368fad2ed85d5ad0fc3ff9dfc025ae12ef66118a5eff1375c3f2677be3ff52519b5a8a7d1756fc71e453940d7d511613 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 61ed9415dc062398a5a13d9aef1c2c55 |
| SHA1 | 5b2b8712f68c3d4104045b9dabb56e12dc1b71a0 |
| SHA256 | f49cd31bd805aab833a27c4e0f59476992f7a00554f0d7f2f030906f3dae46e7 |
| SHA512 | 09973d6017c064b062d38a52ca81950c9418a9ab6ae86b3d5b88e0df23c21cca7abfe0669e14c57927d9f5c20275d6467b5fd80b052246157d91d48b1c42e6b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055
| MD5 | 276ad97410cf0786dc77094d8522e1a0 |
| SHA1 | 7f50b5c7a6f5adb071bb6a095fd20d4258b29bd8 |
| SHA256 | 2fb69ca33c66e227126fbeb27083bf5dc44eef67234df87196591f6ac03cd054 |
| SHA512 | 151bfef2a24421408e0b8acaad85b0447c8e5b3a2a6c649a2e54244d9d9fdad56e9d22c0a45748d7a913d2ba4986232fde397ba49d2dd49e4fd13bb3711cc841 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000056
| MD5 | 3440accce2b09ec8c0d8847a895c8007 |
| SHA1 | 88815a58bf2730e8ef626f926fe5a2a24a7d57ab |
| SHA256 | cb7f899c815be6df247d9b26847f333d0d7607ccec56aab919a8ecc2a4db265e |
| SHA512 | 2a44365e01a3c86fe7fbc14f8d82ec9e046a87ff135ff487f69c4b2092f30780d58645282cecc15d06d8094dbcd1299cf1cb2a3795cc0e68ab834de3d8df0c55 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000059
| MD5 | 286b70a35a01fc11300974fe79d41807 |
| SHA1 | 31c7025dbcee10faba2d0c79692743a45648f933 |
| SHA256 | 6c2d4d49340c1dcb5c225c0eaf9f3c21957ea4d332784e3428ed26a99a708d4d |
| SHA512 | b508e53b181a79f58dd088130b2030e170797da8ec10d5df6f7b7e4b6da0ef6349a1d2fd55971ebf327887be298a1c45b77aa76d892a58ea4dcbecd8cd9b06c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000058
| MD5 | b312a0e9a20d6bc5a4c82bfb8dc78ef8 |
| SHA1 | dfddf9726d5376e3aebc34b48abeeb6f2b4cca26 |
| SHA256 | 0c411b72ddafca42677efea8e34907deaf7ee305a51f9dd6030f65c7728f1c2e |
| SHA512 | 796655d7464d69b4ae4927d6531ebca2f15ad162383a2d8353698da8d2b8bec956141c27063474115c5108504efa906d2c05de838d892cb3e2b3a5dc20d04b15 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ead5f71f6f708e8a2ff9866e1116c93a |
| SHA1 | 6ccdb554444f873bf31409268a068076fe7b294f |
| SHA256 | cb8c1c231d7582b53da4d54edab3906530d7deb2a909dcf03a81fadd644e7625 |
| SHA512 | d24c05efa74ccfdbd023a27a8d09917ffe1e92150bc862d2bf8291037f21833f62f67fbad1686caf673c14de01bef1f87ef0fea73d22743233e7c09179ab6ea0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4158fb3522baec3eaf0a63efe4c349ff |
| SHA1 | 3842408cf4833a5d1a68734650c066096355d510 |
| SHA256 | 064d81c9d14985d6f14c0eba45c4b5a5ea842b3cbedc2a10413c6509e530fbb5 |
| SHA512 | 1df24a12f79133ac637b5d100b3ef4311d361df0416c2538508e12f156716d530dc297cd1b5ae8e0ffaf031dd15e00893bcd31190c83f0f358b8dd56182aa524 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
| MD5 | 87c2b09a983584b04a63f3ff44064d64 |
| SHA1 | 8796d5ef1ad1196309ef582cecef3ab95db27043 |
| SHA256 | d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0 |
| SHA512 | df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063
| MD5 | 94190b66095c1b564bf4af7d5b87c1bd |
| SHA1 | 67bc6275d634a98b096a9be31595671d5195c1ee |
| SHA256 | 068312a5eda90f97a0b9baf42d3f95480ea1c35ae25cd7bee6628b720d67ff96 |
| SHA512 | 94e34397a55abdb4698d36fc2bd1e176560b284fb6e18c89bb7e5b25bafc2e75cd43bb3ceed15b8022d57b94f6437e583d460a01ce3d5c5b696e8aa35ac2e63b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\CacheStorage\index.txt
| MD5 | 568e7e61523398473af556dae2918fb7 |
| SHA1 | 4091b1e52408b3ab3d34683f0b442fa35e661f9c |
| SHA256 | 5a4c156e40caf101ec0a0cc726e631af8baee8c05a74c2822d16a4d9d824f541 |
| SHA512 | e58b30b6b81c7992eb7754974941b789b465e9caced2cb4fc27709c77da9eb0ec6375f1f4294ed2d3419abb7d13224dbb96bb93008ef94308670f2daa580cbb5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\CacheStorage\index.txt~RFe5c9a63.TMP
| MD5 | 589d10dace22340e30b3c4fe918cc378 |
| SHA1 | b04b55fcd967faf4a38a00237292d9836cef0e27 |
| SHA256 | ebc6ba4146044f019e17b85b191ce387061c0243e1c4a52d1447846d41bc6a8b |
| SHA512 | 648a2210bea945ea120a53f8ae1321ffd2c6b40dbc92709080f1cd6ca343b345ac0b09e688b85987cbd47d9ec3057a89f79cc0eeaad4e6351021f2fdfa43cd5d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 4c5cc324c8643d0938d5fe62ab4343d6 |
| SHA1 | 8fedc99c3b4981bea48dd5e77c79ce520d9dad39 |
| SHA256 | cd67aa386a74ef80be35ba67871458b2f510f379e143abe570673cf1faf1ca5a |
| SHA512 | 31da458b6b412b8103e2f7063f0099d47ed94cc7793d3bcb83a979ef5e85b0999a0bdb088d9c1bb1429abafcc019e74c92d4656bb984d044f611f0b57d21bc44 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 47ba7bd50f10fba7e92cd9cc86b4a5b0 |
| SHA1 | 10a3a591e1f1a8cc27b71bf4e0f6f2d6fbfbf1f1 |
| SHA256 | ecf6b22ba435a0bbe7cbcaa060db42397b7c97f373c9863db1fb8038163dfa22 |
| SHA512 | dbabd663203c3d8f77f81cc65ffcfc75d841f4c4aa32c578863f47d09fe015914e00c87ffb772225c46c9f7cbd85d076d223025a45d6bc9ae3796da3c2d410d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 44dc68755106630ebb207323e5450ef7 |
| SHA1 | d435e05a69f711af7d6c1495aa8a88b771bf310c |
| SHA256 | 83f8d0037eda6b9be10788f264f4487b0653f251acede12e60f3e0bbe19436d2 |
| SHA512 | 553dbdd11e93b4ddb5092578e7cc06a3b50a4e9fc62fca1cc03d4f41b0ef9fe6ccd7fcce39596f13343682394fd556a1690a3c2408ddff0033e564a1f3c7c79b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 876eaedd9088f8a8a54587a36f8feb45 |
| SHA1 | eb1f1c3cf378d5e1d3d5a044c084f6b5242a32e1 |
| SHA256 | ac5e2618f1e2e4165d3370d1c81470543f0918545ab147b47d6611889c0a7525 |
| SHA512 | d564d7e6d705160fa30cfc5cb672013fe7b4d8fa8c8344f64bbe8f7429527bc63f20530cdbe03d30db5f672833bf1c98aa22136a9c17fad1c6fb51dbc5ac5e68 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019
| MD5 | 8b7377d5bde83566d93df2b7e4a50a54 |
| SHA1 | b99117f90e150d0a41aa0e98f419271a5648f9d8 |
| SHA256 | cea28bc8a12f87c98bac2862b906acd57091663531fec2a67d770ef5cac77421 |
| SHA512 | 7ef9b0fd769396f761e63807ff353e386fee058b610c38cf851bf360262d6822504ed74967cdb5daf142cbdb901719ca8f00fe91180b1fb1226ecfe63eb78eb2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d
| MD5 | b25b94c822d4017bafc74bc24219f753 |
| SHA1 | f980cb8c15270372d52c5dae4936658218c0f59b |
| SHA256 | 7b17de320fdc670ec5363a310f7185086179bb60a612b605403ea55bf0ff09f2 |
| SHA512 | baa1db18bfa148897b0469b7ef3d0c7409f0624696bb5ab550e030d6b09ddd329f11982459750533e12eb715a4ccf694483d402ba06e0941a1de9148d93bd552 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\c873a2463adba20c0ca18252925970bdb41c9325\6da2343c-4f96-485f-8cb4-447541cde19c\e56bfee714ac26bf_0
| MD5 | 900c79be3f4796593ec84f9edfba99e8 |
| SHA1 | 99fb7605489e220eca878901f65606fc3aab3347 |
| SHA256 | c95d7d21d82383789cdbfa428a0854c78c49511a51f03fce687992829982477d |
| SHA512 | fcce9b87008ca6fdb66e44e5391df4faca4f365576cd2c27e434c3729a14338fe9e56db91775e23be8eab44298a9621e466b169293fbe31f0c85d18395b28558 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021
| MD5 | 2c0bbb1f6a2f1102146c68042f776bb5 |
| SHA1 | 936d0a24868a2bcc2f689d65edad267167955fc6 |
| SHA256 | 9dc4dda81c1bc047692b3d531e084f4ac2bd536b43787da43dd7f2412b254f0f |
| SHA512 | 0a71e91df95cabf87b4eede418d913dd9481dce5e17185805daadc54307b77d796492f0afa6d6c047b065686a01eefac3a40da4d0d2d2451dbb57794a545c372 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\c873a2463adba20c0ca18252925970bdb41c9325\6da2343c-4f96-485f-8cb4-447541cde19c\655cf2eec3594ab6_0
| MD5 | 7b2b3d7d8fb2f8a2ab3516a749e5eab9 |
| SHA1 | 0f5e0bde0a5a10179b322f9d7122016c9992a28f |
| SHA256 | 4d38277d188c85c49bc875ad5b5737b223aca5042cb85a71f2163b408065af5e |
| SHA512 | c6a80946cb59119415aee64300e11f8ea7ac794ddc21cb441990df33bbc70e1dfefe82b7f92e346927ee10bc5cf84f8b0862e4158bb15db664ba5ea80ab43664 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 251f7abe58f5aa2cb532e39666facf7b |
| SHA1 | 2a32d4164242a110badde98ab6091f8c37352b15 |
| SHA256 | 537698d1fa07a5cbdfb5d763af01f263892a93dddfa13329d11852bad92c2dc2 |
| SHA512 | a28365247f779266bd386c94ddf5369eb651c215d6ec56f14707205140ae8b78aca02e49ab2695a3214b612b68793d59af47bc0393b510316c6c2710777998ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3251e2207556f0349850b68dc474ce32 |
| SHA1 | 0a272fd511394920eaad40970d663deb816eea54 |
| SHA256 | 55a22d08c17a56d9cce3068c514e6874deb3765105aef04ce110a06f5fae3b2f |
| SHA512 | 299b4424fe75cf66338f19425073b634cdd118c55eaa87913aaf1a11332487781ca505a01370136547ac52ce53cc37cdd01c403736d4684ae61978326c7175fd |
C:\Users\Admin\AppData\Local\Temp\MSIFBEC.tmp
| MD5 | 1d4c829ecfe2a6bf3affd69d8dd2b831 |
| SHA1 | bc0c45523a7fa89fa879f0f1c980279ec5b5f53d |
| SHA256 | f9d6ad677ae0ed164cee0f92271b943a6f0a992f0b17e7a2c95079f1cc4656c4 |
| SHA512 | 8d28a1692958a52caf6372c3744d794f14dab980e606130be514328cfb75624b970b2bc4f876fbe4d8fdf96c3bec8b99de18fd97903096847defabf07ffc34d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 95ce4f737ee984f12461c809d06fa4a0 |
| SHA1 | 46e3043f9838d48b8ecaa02168547ff673156330 |
| SHA256 | e2e5491f755395ccd99ec0706d68eb9d62ae780593945f331cd3c2af4a56904e |
| SHA512 | 613c437fff98d5805b7685540d86544b96c21fdd250e12f222fb0772b244c5e1766a418c00ce04e46fe005fbe5de5123b325e261b8c9fd86a662b480aab99723 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f5ba8d721090a0e438ea2739333b950d |
| SHA1 | 4a011140e36c4b97cb0496abe12b3b325fab1b80 |
| SHA256 | bec7ed5de090b25345b14f3213374964be981ca3cb03884416aa9f5dcccdd23b |
| SHA512 | a29d8056ba333c9523bc8f3ee1163e7434a58691e39610716d27b4decf3be9b7c68ec98faffb796aaee2b7acf3bbcc369581ebdcac11ed435b2e36ddb606412a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_7B203B6D727D329460F535EDAD0AEA41
| MD5 | f9fa78f30110546849e52a8dbd32a20b |
| SHA1 | 51334290a564eb9e73efa2283edf8d683cc8f861 |
| SHA256 | 0fcb3660b3e2c554eca7118ebb1a02337377589b608c578402de96dd1415e7e8 |
| SHA512 | e181229462b33fb3af0013ef272c993b91d8564708cfb8fc75e46097f50671644d58f19423db63180dab67fe53954d9a3c9bb8d64c5077469e3a961c5656eb6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_7B203B6D727D329460F535EDAD0AEA41
| MD5 | db73638ffc9e90804401daf8c7bde055 |
| SHA1 | bd895b4d78c2c6e83478dbcfb370a8f369f53930 |
| SHA256 | b172b3a1d32668f2b5bccbe995d24e18215a770fbbdde2c7966756f11e464fe2 |
| SHA512 | 9816d78b026d5e640d56340772e2c59f93b6c3aac862bd88268d0275c8ec7da3b10f6d270b20f188564f28bf04816492e841c07492f4abe6d2c6b6b9208802a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
| MD5 | 797a8eb37512e7ede4c75ce7c4377ec5 |
| SHA1 | b53b230c59bdfe9f0c87792d6549c74201d43edc |
| SHA256 | d16c9ea5dd145be23ff803ca228a9225960d6169435227a2b502e7dbb0a68018 |
| SHA512 | 3fe05ee9169449d006ce4d3e0c6d726dff90d982cde51d7714659c857a6f82d19103b87e0b814aaaf5067b47077e2a0c58bf9948bd7dc7b80bf37f5830222e2f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
| MD5 | 6f1db9c54345d2ef424c7ecb4031cef7 |
| SHA1 | 0d71e6fd1a07694b85aea5e03a38807ed75294d2 |
| SHA256 | 27575abc9a83250a5069a8b7d77f54baa644d0243bfa52c147d8abf482f74b76 |
| SHA512 | 6b049920fc1863747c395c7aae29522dbb3b7bfe20cbc8eaa3a75203e5ee6eaf13764690bd83d0f5c1dff8f788af01b560a0ff0bf5ca763ff2e4b75ef05335a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
| MD5 | b15e66e3a4fedbd76d9e879df51c6bde |
| SHA1 | 818c08d8c6b26ad78cc6928e12720b61007750e6 |
| SHA256 | 894633ca5538dba8b866a5d012af5e08c5a5e19e4f4107d83b116190e0411485 |
| SHA512 | b99acba5261740a9f84a5a4ff3781085371149f3315ff856b8aa4f9b538fce84fbcea0891be324d0305a496784a73bf2b62cc77c42ad24aeca118d60a1b82e41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
| MD5 | d88c82b9ae2c4e40db1fbb7eecf33eab |
| SHA1 | e535d933091713a16b5bd0280c48eef4ed2837ff |
| SHA256 | d9b20b532d4479bbd72c006e7b028ddc4a5b7d21ffe00e06deb211c783252f6a |
| SHA512 | 6c2ad7d47e59d9998c09052f1bebe7cd66134357bffc82e3bcec10551c4dcfbdc2ca265d893db7241cb547a18c1428fc49b68f8d0f35bae1fcc29d3be40a822a |
\??\Volume{848480a2-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{0a93dfa3-6e47-48dd-8bd2-d5c7db6996e4}_OnDiskSnapshotProp
| MD5 | 0dd2fea984b243d64fbb87347dc1a9b1 |
| SHA1 | d934809b26a9d5e8b971994af04fd5542059274d |
| SHA256 | 5c9d8ba60437b7218e580edb8522b4c4aaacf59ffa056a51de1a735e30bc9b10 |
| SHA512 | 61f15739698bf6a614f5407c99e13b2f33732d43ad06e988ad05b85893018b3949f65b2c7fbbd821815d7eaca12e1ab88f575718bfc2a0d3ef848bb178ac743f |
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
| MD5 | c8fbccbb1a95a2719b97add465c68a74 |
| SHA1 | ea1cd17578105cd52c64150e94d9fc379422ffce |
| SHA256 | 188b35e1d8ee37afd4d73e0a118ea0374f5d03e673db52034290daa6ce92cfc4 |
| SHA512 | a83cb393dbf65bc56c19bb206bc8a865f9a4275836d728d9587005f55f37e8c518792fe012892ed0e5e9b1d42c9b426951f11541eb4c3306750e84d00947c9e9 |
C:\Windows\Installer\MSI484C.tmp
| MD5 | 84a1cc9540d5cdad74bc54f8090dd27a |
| SHA1 | c6f82d1491015457785ae0d365e7196d693d9a6b |
| SHA256 | 2738720da0b6ce474ca6eb51a92372d047eca2d713c256f0cd6c147ac3a0db21 |
| SHA512 | 9c25d6e7331844d01d732ac923e99c68f305749d92407c873cd09b451e59a8864001e308864fda319fa4a2bcae9dbe50682201c67901dce14272291dedecd2c8 |
C:\Program Files\Common Files\ovpn-dco\Win10\ovpn-dco.inf
| MD5 | 77da079a3665afc84d05c3d07bcaa0d0 |
| SHA1 | 3fbfafe2c08100f5b46b792398c2ecb9157760e9 |
| SHA256 | 1f6c35bc11d910f91c32ea54894d0fddb0094876bdd526d04a9287d04d636242 |
| SHA512 | 10fcd8464c6aab386bf2f675175598764e0b784a898b7b450fef3d055ecf902c7a57ac0aef2725b9e6899146e4e9230c8677bfd2a8f18489b642fa6beca25507 |
C:\Windows\System32\DriverStore\Temp\{ecfb010d-f9e5-0f4d-90fc-7528412a21f4}\ovpn-dco.cat
| MD5 | 5551203f3f1095335ff00421b16fd7e2 |
| SHA1 | 0d14402407d60952f631dffe35240de3a1f910cb |
| SHA256 | 26c54ce26cb43407855ba24d10fbb30a87e5a1a0a35536025a02cb003fe474f4 |
| SHA512 | 3c31b8f60bb59e4ac3c0cda8335af1918927c51b203c8b68f2601b390ad0bc0228cb9d5566dedef05ff38cabfce46eb3d54c52cd59c828bc17dcf0b1c24a8b08 |
C:\Windows\System32\DriverStore\Temp\{ecfb010d-f9e5-0f4d-90fc-7528412a21f4}\ovpn-dco.sys
| MD5 | 5e69b6c42467b2673101e592a2b28638 |
| SHA1 | 16d076f57b3cbdbe945c6666676823871f5c90d1 |
| SHA256 | 2357e4d2007f346a3d2b3bf05115caeaf3eb069a70be654ce472be71e6f7fc75 |
| SHA512 | 232e9441db8da52cd5e6f29baf5340b0540125074a7ccc9d4754762c56460b72327f89d6583a8afde71ed400433eb850e1eb2b9d5fc536d8f9c18992b83fa587 |
C:\Windows\System32\DriverStore\Temp\{ee0fd940-5048-ab42-ba1f-f3fe2ced0fd5}\oemvista.inf
| MD5 | 3a19e9927b63450a6b16774d8e1abcae |
| SHA1 | fbb16b73f05bc20fdcfc2abfda6f24a6ed23e3d8 |
| SHA256 | a2fd9f924089422f9a1a8cad472cee61a97d5c8d1f6ba2c18526c62bbfbc3f0d |
| SHA512 | 4fcf34b37d4b051661c22b22c65127d0e752d6745944b3b3fe453cb87aaa5e72fd7ad62899a33c06fd333a704bc5844f13f22d4cf02a91bf04e494878f9ebd18 |
C:\Windows\System32\DriverStore\Temp\{ee0fd940-5048-ab42-ba1f-f3fe2ced0fd5}\tap_ovpnconnect.cat
| MD5 | eca2487569ba2709bb39d809348962c1 |
| SHA1 | f2fda52b0204eb7f1d024a23d50efe8346fe5028 |
| SHA256 | 97565b31ab4b455ad21dc6c0fd6572b4fefa21296ac8a57fcec91965e24f177a |
| SHA512 | fa3fb5ea537ccf3fd2c63b01fcb00f827b82c8b01d77e2e73a4b8fff68346d67168ccbcd5201ff48052584a5361ff7a1e680fad16255f1f94d635c399d9223e9 |
C:\Windows\System32\DriverStore\Temp\{ee0fd940-5048-ab42-ba1f-f3fe2ced0fd5}\tap_ovpnconnect.sys
| MD5 | 14e5497d69daeda3fe01df9d43670b0e |
| SHA1 | c60905cffd21bf9230c6e30b8b09715526e12e0b |
| SHA256 | 652c6d5832d2e47b6e7a990643ef21a677ea1876665f933a06b277e1bce0bdfd |
| SHA512 | 3bf7f58685bed6de16b1db8aec823e6219f042e0cd7fa61aa3c9569f9de45cc1436ac077ee859895d59f648f31ef2c8263abb8d491e295763c42263664883096 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN Connect\OpenVPN Connect.lnk~RFe5d5a96.TMP
| MD5 | 6030496fb3eb3afb0b269fcf0dda8934 |
| SHA1 | 592f647e0dcfbffdc9db6176cb57df6e9af21293 |
| SHA256 | c517b65bba09ebc38adf39c859c5cdd5a7558ecdf9626cf71f0929a83f3681be |
| SHA512 | f02ed87330656290655a2bbf9a1e9256010194e3356e06219a1a3e02f69306d9957b8c44219d431ed3f2b2f56fcb0da4b1c64ceafe7459b772ff98fa0915e4b4 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN Connect\OpenVPN Connect.lnk
| MD5 | 7e0f983275f9a90c4d61f6e1c6e3dcc8 |
| SHA1 | 2cdf61e9ca75fad2b501856072ce12531c62718d |
| SHA256 | b751354c0493281d47bbc4b8c8c9c9bd5168efd71be36d62795de61a77c6e1ed |
| SHA512 | 033e8468fc37c9869e6890f0de073b282a1cf5c1de80c190074e5f79be218b3fbce11ba0bb7ab007acee5d272220a2031372941bfdd13ceb0e71e2a65dcd2002 |
C:\Users\Public\Desktop\OpenVPN Connect.lnk~RFe5d5ab5.TMP
| MD5 | 369f768a8d7b361b4181820b7b4863dd |
| SHA1 | e7a65c7214bea1359000b6c933ac7a9b844c26fc |
| SHA256 | 9dc10a62076fbece4db237769ba280d8706698b08b009ceb5ab641e42d75e7cb |
| SHA512 | 7f322bfeb90d206113ec96c411f76afec438a8d37b32841e91bd7e6fb0538bb2f06776e95f99bcb27e47d743d884d0013b42ba98ae50c9c9eda6dfc42fed599f |
C:\Users\Public\Desktop\OpenVPN Connect.lnk
| MD5 | 82750f7fcda5ea6610bbe77f1d35a5b9 |
| SHA1 | f3092a3cdb16ff8d5a5b4f892ab2b183044a2a18 |
| SHA256 | c565090488ab5fd6b57d7191793108a9c02c1b444d319023f885bc4c2c22eaba |
| SHA512 | 65e9c49a612d230054ea64774a797c3d2da6718b777b4caa2387ea2365c22a673d16723929a910291b6f16932ed5e75b91ea45e1344e7a1c3e411e5fff9d12e8 |
C:\Config.Msi\e5d3f01.rbs
| MD5 | 3e401f53c3ab462cb25583af9488e9a9 |
| SHA1 | 96dd3171adb66a621d4da467b11e05ac5231565c |
| SHA256 | d2acfed6f3764a212df0018bc2cb61e833a2feaa02b7382ba67ee41408aa82e1 |
| SHA512 | 7403c1412eb20917cd731b87a8dab56e9fb8e4d3010558ce8219ed0700d493af9458da03cdea1ca02b4e66168cb423241f88362f308e772a7c3f8af55c7dc2ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e4d6f739d4afab04173a69ab431232ff |
| SHA1 | 8343595af81137a8b763cf4f68c43391e9e755e5 |
| SHA256 | 980f6722f9ce6e652f4a8862f64a885727f4c8159c42c0bcb06bae711e81c385 |
| SHA512 | eaf3b87acdb37d4b787590badb05147babe93ad24b3ffdae6a2e7f0b4777943abf816d51bc7d0bef1b1992a9754093073b02abb58d93617cea064bcf51964ee7 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | f44687219acaf267ce10013e745de94a |
| SHA1 | 731fbad0096db52015d6a77e4f07b6be22449add |
| SHA256 | 80777a3891d36c93e065678dc04c68eb1c7a4044f33f9167d8b08d44aec8821c |
| SHA512 | a8fd940c9d9436700cf9cf8c6e3176c3b6eaef0eca1680a23c5a2ad5b0757ac8c325c803ddafa09ba582ee1a7e52f582796150ff20cab65290d63841e20e6e18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 4f842e9a63289dfda1cb71bb07196289 |
| SHA1 | bb1e5d0c72210cf1effe1cfe757a6f556f45b886 |
| SHA256 | 157755709a18cdee96c4425f1e202a46ae91f1e0ce6842e6b16fbee2d9a14953 |
| SHA512 | 0fb424d55a47b3fda20c40fa47659649be43fd792ee7d2522b22286e38c3c4cef5488e06d067209eea4d008612df641f6fa3d9bea087cea6f1fd05d165f2c1c6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c06e527374e84b5b7ea79e6cc6990e78 |
| SHA1 | f2a6260ba7c4c879da1ab61eff0659b50c9dc354 |
| SHA256 | 3db7b94c8cc54c2cfd9bbd7a1ecf20c93f2662a3d240e923e55da4dd51d1d779 |
| SHA512 | 693eb98fceddee74d599961accd5568247064eaa435bf2913b5d272ffa67fab7b16a0d8d8ddc418a268de03962c6310befca099e5c72611524e840c6373a2ad4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4cfd66da6056ee6efa82f2b98baad9c5 |
| SHA1 | 78356199c27e9e07d7d7f50e7e94419d9259e9cc |
| SHA256 | adf957584c5397d75e2d5eb4881e1a316cf55350521c554bb4e65128bd5a6951 |
| SHA512 | d727bb22d0c6a9b8f2f8efeae285d1caf237075090ef5c6874b937be575cf0c29752371897b64a46c8c9d95557f301681e9aebfe427795615dd9890e1c1d2b24 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5160a277a2f360843f66e72a8d7f8dc2 |
| SHA1 | c96af5b8ff60fccfd6eab74757a4d338583f05e8 |
| SHA256 | 0926d8902ebc866ed43af1da5f84fa311f3cff216489ba90c4df8e59b0937278 |
| SHA512 | 75e670e2cb9eb027b1247b9664de50c9ec0a1d06b13cdcacbbe1136ed51982e02a71cad24dc2f727a110431f797a2db698d5f353ebb382a0a67d3b4358d44cd1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9521a8bf22e287bbc1707a3d4f09b7dd |
| SHA1 | 243a02791d825fa7e51068d5857178367eed9f97 |
| SHA256 | f3a0043ba4418fabb3fb73801f09828c9986e14cc1029ac4f9a2c15bca16b843 |
| SHA512 | 81d8ed14d0647bccf775e822cb93e3a3364af0ba2d1eb26002b66de45e8c2de0814678d821fd4d175dd60d128b473ef2f18a16609f56b2432ab01a047f77214e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4f0d3c677262e3d002b1a3a4f9ed049e |
| SHA1 | df2b020ab9377ffc68c94dd8857682287daadd63 |
| SHA256 | 6c26e2983042af1a0db8c56cf7e0db3574662a495925bffc1d99c874f17bcadf |
| SHA512 | c1f4cbdd1bb28b56a8a1f5a7929cbe36ac077e3ac698a1d654313f12720e1accc87e864c3e8f0dbbb550a6a888861c05cc42c9beebd292cfd2a0d11a589ac473 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | e924c0ca6059eef72cfc4957cdece506 |
| SHA1 | 13f8b080e7337a79cb19a13c172ce0c4c5614968 |
| SHA256 | 0e100db2f27976d1351158399d72ce4b359568b3816cf0567217ee13a7c432f0 |
| SHA512 | e3cb3b9467afbc82189b9493bb7a420d6ae9bd8310f82ad1eb664a72111bdb57cfbd681a1ae6aee411bed52963209dc1c11c358df10d0cbf4095a95d2185d960 |