Malware Analysis Report

2025-04-03 13:04

Sample ID 241109-1qt8hataqn
Target https://mega.nz/file/IUpxwB6D#HNyl628w17I5byJTAUBGQD2vOAXXf0_2tgcQK9Kcniw
Tags
discovery persistence privilege_escalation
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://mega.nz/file/IUpxwB6D#HNyl628w17I5byJTAUBGQD2vOAXXf0_2tgcQK9Kcniw was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence privilege_escalation

Loads dropped DLL

Executes dropped EXE

Event Triggered Execution: Component Object Model Hijacking

Checks computer location settings

Enumerates connected drives

Adds Run key to start application

Checks installed software on the system

Drops file in System32 directory

Drops file in Windows directory

System Network Configuration Discovery: Internet Connection Discovery

Browser Information Discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Uses Volume Shadow Copy service COM API

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Checks SCSI registry key(s)

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 21:51

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 21:51

Reported

2024-11-09 22:00

Platform

win10v2004-20241007-en

Max time kernel

523s

Max time network

524s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/IUpxwB6D#HNyl628w17I5byJTAUBGQD2vOAXXf0_2tgcQK9Kcniw

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Windows\Temp\{EAEF4C3B-5932-496E-AA84-AAB8BA8C2AF8}\.cr\VC_redist.x64.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation C:\Windows\Temp\{2BBA847E-F563-4CB6-AE5D-EC8877EC86D1}\.cr\VC_redist.x86.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\Engine\Extras\Redist\en-us\UEPrereqSetup_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\Engine\Extras\Redist\en-us\UEPrereqSetup_x64.exe N/A
N/A N/A C:\ProgramData\Package Cache\663399541A7D3BB1B5EA0E57A00C024E50D8506C\VC_redist.x86.exe N/A
N/A N/A C:\Windows\Temp\{2BBA847E-F563-4CB6-AE5D-EC8877EC86D1}\.cr\VC_redist.x86.exe N/A
N/A N/A C:\Windows\Temp\{52D26B1E-58F5-4B9C-8240-3516A7E74634}\.be\VC_redist.x86.exe N/A
N/A N/A C:\ProgramData\Package Cache\4DE9F6681F0F213B132DEF3AF88A3C68483F5F32\VC_redist.x64.exe N/A
N/A N/A C:\Windows\Temp\{EAEF4C3B-5932-496E-AA84-AAB8BA8C2AF8}\.cr\VC_redist.x64.exe N/A
N/A N/A C:\Windows\Temp\{BD5B1FFA-8B4B-49EE-91DE-1A4122ABB5DD}\.be\VC_redist.x64.exe N/A
N/A N/A C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\Engine\Extras\Redist\en-us\UEPrereqSetup_x64.exe N/A
N/A N/A C:\Windows\Temp\{2BBA847E-F563-4CB6-AE5D-EC8877EC86D1}\.cr\VC_redist.x86.exe N/A
N/A N/A C:\Windows\Temp\{EAEF4C3B-5932-496E-AA84-AAB8BA8C2AF8}\.cr\VC_redist.x64.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
N/A N/A C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
N/A N/A C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
N/A N/A C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
N/A N/A C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{2c4a7cc2-986f-41a8-a4d3-86c8177f87cf} = "\"C:\\ProgramData\\Package Cache\\{2c4a7cc2-986f-41a8-a4d3-86c8177f87cf}\\UEPrereqSetup_x64.exe\" /burn.log.append \"C:\\Users\\Admin\\AppData\\Local\\Temp\\UE_Prerequisites_(x64)_20241109215901.log\" /burn.runonce" C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\Engine\Extras\Redist\en-us\UEPrereqSetup_x64.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\mfc140u.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\SET5EC7.tmp C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\msvcp140_2.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\vcruntime140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140esn.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140fra.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\mfc140kor.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\vccorlib140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\SET5DED.tmp C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A
File created C:\Windows\system32\SET60BB.tmp C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\vcruntime140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SysWOW64\vccorlib140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SysWOW64\mfc140jpn.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\mfc140chs.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\SET5F54.tmp C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
File opened for modification C:\Windows\system32\d3dx11_43.dll C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\vcomp140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SysWOW64\mfc140u.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfcm140u.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\SET5F35.tmp C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A
File created C:\Windows\system32\mfcm140u.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\X3DAudio1_7.dll C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\SET5DED.tmp C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\SET5F83.tmp C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\msvcp140_2.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\mfc140cht.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\mfc140ita.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\vcruntime140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\SET6010.tmp C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\msvcp140_codecvt_ids.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\mfcm140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\SET6138.tmp C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\vcomp140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\msvcp140_codecvt_ids.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\vcomp100.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\SET602F.tmp C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
File opened for modification C:\Windows\SysWOW64\mfc140ita.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\vccorlib140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\D3DX9_43.dll C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A
File created C:\Windows\system32\mfc140cht.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\vcomp110.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\SET6010.tmp C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\msvcp140_1.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\vccorlib140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140u.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140deu.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140ita.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\SET5EC7.tmp C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\D3DCompiler_43.dll C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
File opened for modification C:\Windows\system32\D3DCompiler_43.dll C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\msvcp140_codecvt_ids.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\msvcp140_1.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\mfcm140u.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\vcruntime140_1.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SysWOW64\concrt140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\mfc140jpn.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140kor.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\mfc140enu.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\msvcp140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SysWOW64\mfc140deu.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\msvcp140_atomic_wait.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\SysWOW64\D3DX9_43.dll C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
File opened for modification C:\Windows\system32\XAPOFX1_5.dll C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI53B5.tmp-\Jun2010_XAudio_x86.cab C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Logs\DirectX.log C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A
File opened for modification C:\Windows\Installer\MSI3662.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{7DA37AE3-D8AE-49B1-9BDC-23CA0AB9FF22} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\405DFB096BCA9CF4B95A69F44ABC670C\1.0.18\F_CENTRAL_msvcp100_x86.DF495DFD_79F6_34DF_BB1E_E58DB5BDCF2C C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\405DFB096BCA9CF4B95A69F44ABC670C\1.0.18\F_CENTRAL_msvcp120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\405DFB096BCA9CF4B95A69F44ABC670C\1.0.18\F_CENTRAL_msvcr110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{90BFD504-ACB6-4FC9-9BA5-964FA4CB76C0}\Setup.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI53B5.tmp-\Jun2010_d3dx9_43_x86.cab C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Logs\DirectX.log C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
File created C:\Windows\Installer\SourceHash{080D8397-60F4-44B3-BB95-FBB950CB0B4E} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5e2e2b.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5e2e3e.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\405DFB096BCA9CF4B95A69F44ABC670C\1.0.18\F_CENTRAL_vccorlib120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI53B5.tmp-\dxupdate.cab C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI53B5.tmp-\Jun2010_d3dx9_43_x64.cab C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Logs\DirectX.log C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{8DE5B0D4-A6D8-4F72-B8EF-28776A2EE5D5} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3298.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\405DFB096BCA9CF4B95A69F44ABC670C\1.0.18\F_CENTRAL_vccorlib110_x64.4006A2C6_1BD5_3759_9C0C_17A8FFBF6E3C C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5e2e53.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\405DFB096BCA9CF4B95A69F44ABC670C\1.0.18\F_CENTRAL_msvcr120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5e2e03.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5e2e15.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5e2e2b.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\405DFB096BCA9CF4B95A69F44ABC670C\1.0.18\F_CENTRAL_msvcp100_x64.1C11561A_11CB_36A7_8A47_D7A042055FA7 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI53B5.tmp-\Jun2010_D3DCompiler_43_x86.cab C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI53B5.tmp-\Jun2010_XAudio_x64.cab C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI53B5.tmp-\DSETUP.dll C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Logs\DirectX.log C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A
File opened for modification C:\Windows\Installer\MSI30A3.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3886.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5e2e3e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\405DFB096BCA9CF4B95A69F44ABC670C\1.0.18\F_CENTRAL_msvcr110_x64.4006A2C6_1BD5_3759_9C0C_17A8FFBF6E3C C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\405DFB096BCA9CF4B95A69F44ABC670C\1.0.18\F_CENTRAL_msvcr120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\405DFB096BCA9CF4B95A69F44ABC670C\1.0.18\F_CENTRAL_vccorlib110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5e2e15.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\405DFB096BCA9CF4B95A69F44ABC670C\1.0.18\F_CENTRAL_msvcr100_x86.DF495DFD_79F6_34DF_BB1E_E58DB5BDCF2C C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI53B5.tmp-\dxdllreg_x86.cab C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI53B5.tmp-\Jun2010_d3dx10_43_x86.cab C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\DirectX.log C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A
File opened for modification C:\Windows\Logs\DirectX.log C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\405DFB096BCA9CF4B95A69F44ABC670C\1.0.18\F_CENTRAL_msvcp120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\405DFB096BCA9CF4B95A69F44ABC670C\1.0.18\F_CENTRAL_msvcr100_x64.1C11561A_11CB_36A7_8A47_D7A042055FA7 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\405DFB096BCA9CF4B95A69F44ABC670C\1.0.18\F_CENTRAL_msvcr110_x64.4006A2C6_1BD5_3759_9C0C_17A8FFBF6E3C C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI53B5.tmp-\APR2007_xinput_x64.cab C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI53B5.tmp-\Jun2010_d3dx10_43_x64.cab C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI53B5.tmp-\dsetup32.dll C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI53B5.tmp-\DXSETUP.exe C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{0AE39060-F209-4D05-ABC7-54B8F9CFA32E} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\405DFB096BCA9CF4B95A69F44ABC670C\1.0.18\F_CENTRAL_msvcp100_x64.1C11561A_11CB_36A7_8A47_D7A042055FA7 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\405DFB096BCA9CF4B95A69F44ABC670C\1.0.18\F_CENTRAL_vccorlib110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI53B5.tmp-\CustomAction.config C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI53B5.tmp-\APR2007_xinput_x86.cab C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI53B5.tmp-\Feb2010_X3DAudio_x64.cab C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI53B5.tmp-\Jun2010_d3dcsx_43_x64.cab C:\Windows\system32\rundll32.exe N/A
File opened for modification C:\Windows\Logs\DirectX.log C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A
File opened for modification C:\Windows\Logs\DirectX.log C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe N/A
File opened for modification C:\Windows\Installer\MSI53B5.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI4AB9.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI4D4A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\405DFB096BCA9CF4B95A69F44ABC670C C:\Windows\system32\msiexec.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Temp\{2BBA847E-F563-4CB6-AE5D-EC8877EC86D1}\.cr\VC_redist.x86.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Temp\{BD5B1FFA-8B4B-49EE-91DE-1A4122ABB5DD}\.be\VC_redist.x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\Engine\Extras\Redist\en-us\UEPrereqSetup_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Package Cache\663399541A7D3BB1B5EA0E57A00C024E50D8506C\VC_redist.x86.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Package Cache\4DE9F6681F0F213B132DEF3AF88A3C68483F5F32\VC_redist.x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Temp\{EAEF4C3B-5932-496E-AA84-AAB8BA8C2AF8}\.cr\VC_redist.x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\Engine\Extras\Redist\en-us\UEPrereqSetup_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Temp\{52D26B1E-58F5-4B9C-8240-3516A7E74634}\.be\VC_redist.x86.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000a47b29fbd6f9c3720000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000a47b29fb0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900a47b29fb000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1da47b29fb000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000a47b29fb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124 = "Document Encryption" C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2d C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e\52C64B7E C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e\52C64B7E C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28 C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Windows\system32\rundll32.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust" C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\TelemetrySalt = "4" C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133756627242121011" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7938D0804F063B44BB59BF9B05BCB0E4\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3EA73AD7EA8D1B94B9CD32ACA09BFF22\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{7DA37AE3-D8AE-49B1-9BDC-23CA0AB9FF22}v14.34.31938\\packages\\vcRuntimeAdditional_amd64\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32\ThreadingModel = "Both" C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32 C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14\Version = "14.34.31938" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\ = "XAudio2" C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\Dependents\{d92971ab-f030-43c8-8545-c66c818d0e05} C:\Windows\Temp\{BD5B1FFA-8B4B-49EE-91DE-1A4122ABB5DD}\.be\VC_redist.x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14\ = "{8DE5B0D4-A6D8-4F72-B8EF-28776A2EE5D5}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{2c4a7cc2-986f-41a8-a4d3-86c8177f87cf}\ = "{2c4a7cc2-986f-41a8-a4d3-86c8177f87cf}" C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\Engine\Extras\Redist\en-us\UEPrereqSetup_x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1\3EA73AD7EA8D1B94B9CD32ACA09BFF22 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_7.dll" C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\06093EA0902F50D4BA7C458B9FFC3AE2\Servicing_Key C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{90BFD504-ACB6-4FC9-9BA5-964FA4CB76C0}\Dependents C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\Engine\Extras\Redist\en-us\UEPrereqSetup_x64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3EA73AD7EA8D1B94B9CD32ACA09BFF22\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7938D0804F063B44BB59BF9B05BCB0E4\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14 C:\Windows\Temp\{52D26B1E-58F5-4B9C-8240-3516A7E74634}\.be\VC_redist.x86.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A86F63C932FD435BC8463B1035EC53\06093EA0902F50D4BA7C458B9FFC3AE2 C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\06093EA0902F50D4BA7C458B9FFC3AE2\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3EA73AD7EA8D1B94B9CD32ACA09BFF22\SourceList\PackageName = "vc_runtimeAdditional_x64.msi" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\Version = "14.34.31938" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\4D0B5ED88D6A27F48BFE8277A6E25E5D C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4D0B5ED88D6A27F48BFE8277A6E25E5D\PackageCode = "B25750CEDD1EF3F41AA8A708407C8972" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7938D0804F063B44BB59BF9B05BCB0E4 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.34,bundle\Dependents C:\Windows\Temp\{BD5B1FFA-8B4B-49EE-91DE-1A4122ABB5DD}\.be\VC_redist.x64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14 C:\Windows\Temp\{BD5B1FFA-8B4B-49EE-91DE-1A4122ABB5DD}\.be\VC_redist.x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14\DisplayName = "Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.34.31938" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7938D0804F063B44BB59BF9B05BCB0E4\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.34,bundle\Dependents\{d92971ab-f030-43c8-8545-c66c818d0e05} C:\Windows\Temp\{BD5B1FFA-8B4B-49EE-91DE-1A4122ABB5DD}\.be\VC_redist.x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\3EA73AD7EA8D1B94B9CD32ACA09BFF22\Servicing_Key C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3EA73AD7EA8D1B94B9CD32ACA09BFF22\PackageCode = "37C10DC7E1CFDF3449836C2066BBD732" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3EA73AD7EA8D1B94B9CD32ACA09BFF22\Version = "237141186" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\7938D0804F063B44BB59BF9B05BCB0E4\Provider C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\405DFB096BCA9CF4B95A69F44ABC670C\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57} C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_7.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\405DFB096BCA9CF4B95A69F44ABC670C\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4D0B5ED88D6A27F48BFE8277A6E25E5D C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\679E80FBE29B63345BF612177149674C\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7938D0804F063B44BB59BF9B05BCB0E4\ProductName = "Microsoft Visual C++ 2022 X86 Additional Runtime - 14.34.31938" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3EA73AD7EA8D1B94B9CD32ACA09BFF22\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{7DA37AE3-D8AE-49B1-9BDC-23CA0AB9FF22}v14.34.31938\\packages\\vcRuntimeAdditional_amd64\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.34,bundle\Version = "14.34.31938.0" C:\Windows\Temp\{52D26B1E-58F5-4B9C-8240-3516A7E74634}\.be\VC_redist.x86.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\405DFB096BCA9CF4B95A69F44ABC670C\ProductIcon = "C:\\Windows\\Installer\\{90BFD504-ACB6-4FC9-9BA5-964FA4CB76C0}\\Setup.ico" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\4D0B5ED88D6A27F48BFE8277A6E25E5D\VC_Runtime_Minimum C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\06093EA0902F50D4BA7C458B9FFC3AE2\VC_Runtime_Minimum C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3EA73AD7EA8D1B94B9CD32ACA09BFF22\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\06160A3C31624122A971135BA0D60E46 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\4D0B5ED88D6A27F48BFE8277A6E25E5D\Provider C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4D0B5ED88D6A27F48BFE8277A6E25E5D\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\ = "{0AE39060-F209-4D05-ABC7-54B8F9CFA32E}" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\405DFB096BCA9CF4B95A69F44ABC670C\Version = "16777234" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179} C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\4D0B5ED88D6A27F48BFE8277A6E25E5D\Servicing_Key C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14\Dependents\{4f84f2dc-3f70-433a-8f50-8293e0089b0f} C:\Windows\Temp\{52D26B1E-58F5-4B9C-8240-3516A7E74634}\.be\VC_redist.x86.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7938D0804F063B44BB59BF9B05BCB0E4\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8A567BD6FA501A947AD1F646E53EEC14 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\405DFB096BCA9CF4B95A69F44ABC670C\ProductName = "UE Prerequisites (x64)" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179} C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5040806F8AF9AAC49928419ED5A1D3CA C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\15E8B87C56C0E773581D82F286F95E50 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3EA73AD7EA8D1B94B9CD32ACA09BFF22 C:\Windows\system32\msiexec.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\Engine\Extras\Redist\en-us\UEPrereqSetup_x64.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3960 wrote to memory of 448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 3424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3960 wrote to memory of 844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/IUpxwB6D#HNyl628w17I5byJTAUBGQD2vOAXXf0_2tgcQK9Kcniw

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffce88bcc40,0x7ffce88bcc4c,0x7ffce88bcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,3219222628681555759,5098750724025413754,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1896 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,3219222628681555759,5098750724025413754,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,3219222628681555759,5098750724025413754,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2260 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,3219222628681555759,5098750724025413754,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,3219222628681555759,5098750724025413754,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3384 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4604,i,3219222628681555759,5098750724025413754,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4672 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3b8 0x3b4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4820,i,3219222628681555759,5098750724025413754,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4836 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1044,i,3219222628681555759,5098750724025413754,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=728 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5200,i,3219222628681555759,5098750724025413754,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4940 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\" -spe -an -ai#7zMap21533:112:7zEvent29835

C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol.exe

"C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol.exe"

C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\Engine\Extras\Redist\en-us\UEPrereqSetup_x64.exe

"C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\Engine\Extras\Redist\en-us\UEPrereqSetup_x64.exe"

C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\Engine\Extras\Redist\en-us\UEPrereqSetup_x64.exe

"C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\Engine\Extras\Redist\en-us\UEPrereqSetup_x64.exe" -burn.unelevated BurnPipe.{2DA0F099-F51F-4ADF-8F5F-8CDEF8668211} {5CE72D33-78CE-4191-B947-2D599E25D390} 2524

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\ProgramData\Package Cache\663399541A7D3BB1B5EA0E57A00C024E50D8506C\VC_redist.x86.exe

"C:\ProgramData\Package Cache\663399541A7D3BB1B5EA0E57A00C024E50D8506C\VC_redist.x86.exe" /quiet /norestart -burn.embedded BurnPipe.{7D1D7148-57E8-44BF-9DD2-28E754149D74} {12589AC4-EB60-4413-AF10-8859D74F3084} 2524

C:\Windows\Temp\{2BBA847E-F563-4CB6-AE5D-EC8877EC86D1}\.cr\VC_redist.x86.exe

"C:\Windows\Temp\{2BBA847E-F563-4CB6-AE5D-EC8877EC86D1}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\663399541A7D3BB1B5EA0E57A00C024E50D8506C\VC_redist.x86.exe" -burn.filehandle.attached=568 -burn.filehandle.self=676 /quiet /norestart -burn.embedded BurnPipe.{7D1D7148-57E8-44BF-9DD2-28E754149D74} {12589AC4-EB60-4413-AF10-8859D74F3084} 2524

C:\Windows\Temp\{52D26B1E-58F5-4B9C-8240-3516A7E74634}\.be\VC_redist.x86.exe

"C:\Windows\Temp\{52D26B1E-58F5-4B9C-8240-3516A7E74634}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{902D019F-2F66-4ECE-926D-84975E352C28} {B73F6C06-8C2F-4EB5-A800-B78276C9D5C7} 4072

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\ProgramData\Package Cache\4DE9F6681F0F213B132DEF3AF88A3C68483F5F32\VC_redist.x64.exe

"C:\ProgramData\Package Cache\4DE9F6681F0F213B132DEF3AF88A3C68483F5F32\VC_redist.x64.exe" /quiet /norestart -burn.embedded BurnPipe.{B504DAEB-9B93-4A44-B3BC-F5FD89523A8F} {07D548B2-CE43-42C3-BED5-A6A290A30130} 2524

C:\Windows\Temp\{EAEF4C3B-5932-496E-AA84-AAB8BA8C2AF8}\.cr\VC_redist.x64.exe

"C:\Windows\Temp\{EAEF4C3B-5932-496E-AA84-AAB8BA8C2AF8}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\4DE9F6681F0F213B132DEF3AF88A3C68483F5F32\VC_redist.x64.exe" -burn.filehandle.attached=568 -burn.filehandle.self=576 /quiet /norestart -burn.embedded BurnPipe.{B504DAEB-9B93-4A44-B3BC-F5FD89523A8F} {07D548B2-CE43-42C3-BED5-A6A290A30130} 2524

C:\Windows\Temp\{BD5B1FFA-8B4B-49EE-91DE-1A4122ABB5DD}\.be\VC_redist.x64.exe

"C:\Windows\Temp\{BD5B1FFA-8B4B-49EE-91DE-1A4122ABB5DD}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{611DAED2-8454-439B-A349-66A9589FE69E} {ABFBA8DD-86B1-4758-9445-CF07E65EA1F4} 4716

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 7680B0465C5C2A6EC37E3B90CC88882B E Global\MSI0000

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI53B5.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241063156 10 CustomAction!CustomAction.CustomActions.InstallDirectX

C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe

"C:\Windows\Installer\MSI53B5.tmp-\DXSetup.exe" /silent

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe xinput1_3_x64.inf, Install_Driver

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe X3DAudio1_7_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe D3DX9_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe d3dx10_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe d3dx11_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe d3dcsx_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe D3DCompiler_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe XAudio2_7_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_7.dll

C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe

"C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe" LockdownProtocol

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3b8 0x3b4

C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol.exe

"C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol.exe"

C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe

"C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe" LockdownProtocol

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService

C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol.exe

"C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol.exe"

C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe

"C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe" LockdownProtocol

C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol.exe

"C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol.exe"

C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe

"C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe" LockdownProtocol

C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe

"C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol\Binaries\Win64\LockdownProtocol-Win64-Shipping.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 mega.nz udp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 eu.static.mega.co.nz udp
LU 31.216.145.5:443 mega.nz tcp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
NL 66.203.127.13:443 eu.static.mega.co.nz tcp
NL 66.203.127.13:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 5.145.216.31.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 g.api.mega.co.nz udp
LU 66.203.125.15:443 g.api.mega.co.nz tcp
LU 66.203.125.15:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 13.127.203.66.in-addr.arpa udp
US 8.8.8.8:53 15.125.203.66.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
NL 66.203.127.13:443 eu.static.mega.co.nz tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 gfs206n458.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs208n204.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs204n307.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs270n458.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs214n197.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs240n122.userstorage.mega.co.nz udp
BE 94.24.37.126:443 gfs206n458.userstorage.mega.co.nz tcp
BE 94.24.37.126:443 gfs206n458.userstorage.mega.co.nz tcp
BE 94.24.37.126:443 gfs206n458.userstorage.mega.co.nz tcp
BE 94.24.37.126:443 gfs206n458.userstorage.mega.co.nz tcp
LU 31.216.148.41:443 gfs270n458.userstorage.mega.co.nz tcp
LU 31.216.148.41:443 gfs270n458.userstorage.mega.co.nz tcp
LU 31.216.148.41:443 gfs270n458.userstorage.mega.co.nz tcp
LU 31.216.148.41:443 gfs270n458.userstorage.mega.co.nz tcp
NL 185.206.24.152:443 gfs204n307.userstorage.mega.co.nz tcp
NL 185.206.24.152:443 gfs204n307.userstorage.mega.co.nz tcp
NL 185.206.24.152:443 gfs204n307.userstorage.mega.co.nz tcp
NL 185.206.24.152:443 gfs204n307.userstorage.mega.co.nz tcp
FR 185.206.26.134:443 gfs208n204.userstorage.mega.co.nz tcp
FR 185.206.26.134:443 gfs208n204.userstorage.mega.co.nz tcp
FR 185.206.26.134:443 gfs208n204.userstorage.mega.co.nz tcp
FR 185.206.26.134:443 gfs208n204.userstorage.mega.co.nz tcp
ES 185.206.27.109:443 gfs214n197.userstorage.mega.co.nz tcp
ES 185.206.27.109:443 gfs214n197.userstorage.mega.co.nz tcp
ES 185.206.27.109:443 gfs214n197.userstorage.mega.co.nz tcp
ES 185.206.27.109:443 gfs214n197.userstorage.mega.co.nz tcp
SE 69.30.89.32:443 gfs240n122.userstorage.mega.co.nz tcp
SE 69.30.89.32:443 gfs240n122.userstorage.mega.co.nz tcp
SE 69.30.89.32:443 gfs240n122.userstorage.mega.co.nz tcp
SE 69.30.89.32:443 gfs240n122.userstorage.mega.co.nz tcp
ES 185.206.27.109:443 gfs214n197.userstorage.mega.co.nz tcp
US 8.8.8.8:53 126.37.24.94.in-addr.arpa udp
US 8.8.8.8:53 152.24.206.185.in-addr.arpa udp
US 8.8.8.8:53 41.148.216.31.in-addr.arpa udp
US 8.8.8.8:53 134.26.206.185.in-addr.arpa udp
US 8.8.8.8:53 109.27.206.185.in-addr.arpa udp
US 8.8.8.8:53 32.89.30.69.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 104.209.201.84.in-addr.arpa udp
SE 69.30.89.32:443 gfs240n122.userstorage.mega.co.nz tcp
US 8.8.8.8:53 gfs206n458.userstorage.mega.co.nz udp
FR 185.206.26.134:443 gfs208n204.userstorage.mega.co.nz tcp
SE 69.30.89.32:443 gfs240n122.userstorage.mega.co.nz tcp
US 8.8.8.8:53 1.173.189.20.in-addr.arpa udp
NL 185.206.24.152:443 gfs204n307.userstorage.mega.co.nz tcp
NL 185.206.24.152:443 gfs204n307.userstorage.mega.co.nz tcp
LU 31.216.148.41:443 gfs270n458.userstorage.mega.co.nz tcp
BE 94.24.37.126:443 gfs206n458.userstorage.mega.co.nz tcp
NL 185.206.24.152:443 gfs204n307.userstorage.mega.co.nz tcp
LU 31.216.148.41:443 gfs270n458.userstorage.mega.co.nz tcp
SE 69.30.89.32:443 gfs240n122.userstorage.mega.co.nz tcp
ES 185.206.27.109:443 gfs214n197.userstorage.mega.co.nz tcp
FR 185.206.26.134:443 gfs208n204.userstorage.mega.co.nz tcp
FR 185.206.26.134:443 gfs208n204.userstorage.mega.co.nz tcp
FR 185.206.26.134:443 gfs208n204.userstorage.mega.co.nz tcp
NL 185.206.24.152:443 gfs204n307.userstorage.mega.co.nz tcp
LU 31.216.148.41:443 gfs270n458.userstorage.mega.co.nz tcp
US 8.8.8.8:53 g.api.mega.co.nz udp
US 8.8.8.8:53 167.205.23.2.in-addr.arpa udp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 docs.google.com udp
GB 172.217.169.78:443 docs.google.com tcp
US 8.8.8.8:53 doc-0g-60-sheets.googleusercontent.com udp
GB 216.58.213.1:443 doc-0g-60-sheets.googleusercontent.com tcp
N/A 127.0.0.1:65288 tcp
N/A 127.0.0.1:65291 tcp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 1.213.58.216.in-addr.arpa udp
GB 172.217.169.78:443 docs.google.com tcp
GB 216.58.213.1:443 doc-0g-60-sheets.googleusercontent.com tcp
N/A 127.0.0.1:65321 tcp
N/A 127.0.0.1:65324 tcp
US 8.8.8.8:53 cxcs.microsoft.net udp
GB 23.213.251.133:443 cxcs.microsoft.net tcp
GB 92.123.128.136:443 www.bing.com tcp
US 8.8.8.8:53 133.251.213.23.in-addr.arpa udp
US 8.8.8.8:53 136.128.123.92.in-addr.arpa udp
GB 172.217.169.78:443 docs.google.com tcp
GB 216.58.213.1:443 doc-0g-60-sheets.googleusercontent.com tcp
N/A 127.0.0.1:65358 tcp
N/A 127.0.0.1:65361 tcp
GB 172.217.169.78:443 docs.google.com tcp
GB 216.58.213.1:443 doc-0g-60-sheets.googleusercontent.com tcp
N/A 127.0.0.1:65391 tcp
N/A 127.0.0.1:65394 tcp
GB 172.217.169.78:443 docs.google.com tcp
GB 216.58.213.1:443 doc-0g-60-sheets.googleusercontent.com tcp
N/A 127.0.0.1:65424 tcp
N/A 127.0.0.1:65427 tcp

Files

\??\pipe\crashpad_3960_HADNWSPWQCKNVOZO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\00\00000000

MD5 b02a21a68dbb18e5f0722a7f8d1c671b
SHA1 f85ad618dcf10c3d1fef2259ddcb7c3b46293ef5
SHA256 8ecb66f5da1f2cc8e07fb7e514510f68a615d1c05567b7dcdbad8528d9bcebac
SHA512 c2294a6177928235a62ec8aec34d124b31bbb2e88d0603208f113931487f9e7a75467ad44e6f7f9fcc458d5833097c08d42d76d5a84200ee8c8863744833cb56

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 5e612ce2ba59caea8de3c2e6a52c3ed7
SHA1 a6a733d10ee188f8db864c12b0d34c8ae008632c
SHA256 5941ac96bbe1d4aa42734995dc467c26f52b2894b84e10fa1d37f0eec5b59bf4
SHA512 f2221d1c8de68761f36ca851d893fa651b6937ccf1fe1907c73a96244e33aca0cdea81194fae5bbe38382d58516327313d41210e65d4f16c814e9f0546cefefa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 53637a15bf8e3cbf738a9adc10df8506
SHA1 8575525e874d365f01c16ed4d0bc8e8933eac532
SHA256 5db34d61fde7ed83a1aa31fcb277c8e876a89b801c34736c78d7466ca2af7fb1
SHA512 225bdfc6264261a409f16aa7650006877847205d51f977a3c0fe0576c8097227fbbb7a14f871ef1ce25862523452325769f85748464f8c2f6201d450b183f520

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7e9c2034ceb0db78ca6d4f0b3c19fe9c
SHA1 084e2d1232d391d94189f367af201b7c88bca173
SHA256 8ec92188f31f58362942190ab4409e6f5a882baf9005b76298adb3bcad9f0ef4
SHA512 8fbd982ccd13167e78e310b147ab679ab9de80f300b10aa0006f9e6a55263647c5809f4fd8825ec700943898f23f70568f0524699d72de87b32328372fb9227f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c93a81603925c301fd0839944709060e
SHA1 1727b89fbeee19b6be7337c857bfc73aa63dbf71
SHA256 6c88e264a425591428310546300e2eda8e6740fa08d1eb567eff81b3b895d615
SHA512 dcdfa8ba85b97b7363d505b7d286653720a33f6f016fc2bbabb484893c36ef1b38bd760b40560cc4ac7c732ce93dcf45d65e2e851b6db7431ed9e044bdeccc7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 caf3cef93e46362d045e7ed52e953f75
SHA1 9b92ffbb3581ff7e14cda7be5ce9830fa6cb844c
SHA256 7bdb6839b0b242e71adbc2a0b02f283ff0a6f2bf5039148a218801463a3b5ffa
SHA512 884f976e959a8916eb8fb75e8a1b80d244141c58a7749489b19f0e95ab87e9694a55fba7b11f73d0fd290c777130b1d82c0987977e610f55803ec82bd478a20e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old~RFe57b863.TMP

MD5 3ca012c710b3779f62022e6e6a44aaf5
SHA1 202c9c0c333c04698f9eaf9e2bafb98989ba511c
SHA256 a5bb51836378a3859ea083fccfa4324df9af6ccfc12c0f3687492f016175a61c
SHA512 8f91ba3b047efb1bb8d47212a1716e714804bb969856b97e40af3f8f70a60fac41d7dc917bf21fa5b8f79831b8e96398af1def333187169367caf8fb1ec66462

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 068d1d8bb8de31909df2704054d1859f
SHA1 ec1e2fe7aef4f3e1c637570bf1cf37752815a8ab
SHA256 1ba7b4243ebde376b6e0ba87244eb33e2361e9e4bb60ba779937ab1a71b6b25e
SHA512 d326de7bce3ba1a0b6db42fca8a90cce52d9adb5e33ca5d7571204c3ac75fcd5800eb005e200fbc7580cca1e592c03229815e2633040d5da6bbb27f5fb523ab8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 f3dc287e37f72607ccf3f6388266d2dc
SHA1 f1c87feded10611ac8a54590ea4e9be3cf3176ff
SHA256 e3b5648b51a65ba4968f7c9a6720ae14ebe2da4ab03ac63ab022a60aed694b98
SHA512 4869c98c50e05611f72a2b4dfae692ffc635cd6ee12f23155fce84c3426bab5f73cf73b9afe34968e38ae891534c99ce1ca657c75622288684b62ca1b88e5ba0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 05ec803be840243f340bdcaf9d291159
SHA1 90774df2a85cef79f1dfde38a2ab36136d9cd1c8
SHA256 c238ec03e117b1f7e1d601df113317c2bfa71d28d1d969c9b7ae964c9c1e0198
SHA512 aa43687f285a82523b4f47f13a1587be4733ff6c6f927a483016d237530d6a50ef7000665bf600d6c441c8f015fa93e15ba2a63583404d0968b32ab1a1c6f3df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4c2302bd33d1bd8edd7affb40d9dc79f
SHA1 2d2e063770206728a8bd300a8345226262a75af7
SHA256 e3901180f387634f018b8373fc30051d2e6f32bbf586b19c46bcdd2ec2edb118
SHA512 708232fc1a41978e95cea7b15b461470e5ac26f604a21ff35ddd969343db18a7343af8cf7955f639da6b7c2777b7586fa5063ccc31885c7511046c9e5a5b91ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\000003.log

MD5 45c812ec1502937429cf4a209d3c7815
SHA1 23337e6d94393782de6beff5d9a755c1b454c60c
SHA256 547c617e494147d0fdf667ca32075c9c01a25bbb575aafec8256d9461e635582
SHA512 efe9f423d832b38aa0567c412d6877772cf9a37ca8a44e9bb11e336d87745c173f500bb3af910c7acf52a5346dfda80d47355787b421256feab678d4aa8b72d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 166592c9fafc95a3e25bfb42fc20c7dc
SHA1 22165bca776c697a02a6bd7a71d32184293e0e36
SHA256 c68178a1d7be927dfb579b0714dfa57bca3a70cc0b22930580ede4dc3c908455
SHA512 bcffc89678304bad141db081f81fbfee03d9d32e9e0dcbe380887e4e63c077197aa31a268d6e6580c02d968b0df7cac41adf52eccb775a839bcb55ff774420e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 c596b93d38149e0d3d149a2dfd2d488c
SHA1 f8b123f51cef2f5d5d44def63fdb8fb7ae504454
SHA256 b4842d7bfd1816b8b22f101d5e52baea3429f58e63b195e222c65981a641d475
SHA512 c24941c0c2c0f3e18d8735e82d9ecc05541b2c2c1e29f02758b82fc0a03721072ca3565e9264a108a55f4257b4abf9b532c6e05bbed4561a239f73cee568a58a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 3f68be318a5cd3bdc591380ce0c799a0
SHA1 918ba0bdbdafe18f4c3286539ff5b5be7ea690fd
SHA256 bd60a4ccf1186b8fa7d95e42419ddeecb4258c5f731ec1016336c87ce187a9b1
SHA512 f3a8a8ab05c7bd50a99ffed681fad8223f1ec3a48742c41637cb0de5d94e55129889794735aaaf2035555e561d33d17340fd3d302e8aeb2e28660c68822a8a9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 97c2871641762a8d7fbf5ff30ca12721
SHA1 08cc5a55049ae0b254e6321e203449295f0f7b08
SHA256 248316677ec92198b64d8d462bb4a5b416274ff3c1b0ee0eb1a683e8b9448237
SHA512 2702708847d5470e5c8935a7166e508a9546810ab2b58ecaa19d406bfd93e3b185fc1bb506689f7aef5e0d18ee535f10114c69ebd90d673e2ea3406fbfcd5643

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 41a044cefe6d9b026529995096e55a69
SHA1 d02f048d8a4e4437a1dd727a6aae7fe0c0542898
SHA256 43ee8be16f11aaa1cd46b98af3c8df863f887f7d0fd0c11d9f83b4fe3cdc3a96
SHA512 8ee66f010e8633b5317a6b7ccd38954a58e71b74a781929bf0c64bbda59749193b26728a29cdcd360c0863fe4cd53dadc91cb4a275ec8193d0bb03a4bed9f8ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 0ce36af8e770915ae452b1d523bbaf05
SHA1 68a0dba556bd3c8e6f404b5bbd76221bbb5055a2
SHA256 a83022219415363b3781d53e01097b6df07b0f6cc3c3f0641f5477f3efc8956c
SHA512 5d7ea6bb9460e2731a8f891d909b4be76d3043fd16dd0fb74f9f6cf55cddf97230e9dfa540559bc530464f745325092b844f2811f49ff19f8eba63e27757d22b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 2b49d49e4a02b912d8adf5a1eca31b54
SHA1 a2f0ecbbc9dfc1edc54275b4d4d4b44e8dcc414e
SHA256 601bc97ffcf6b8cb71faee502695bd04c381925e3ebb2398e8eca8ade48fffa5
SHA512 4aa4b53649a622a308b2f760cbf45014558cdea98765f0339fb0e31a6a3a5b8855b17fa234d68cb0763dce4beb9f74309824cbec594813b42b40db8f0e6bdcd8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 6c6369f8c9be650583c883171f4f75ec
SHA1 37ae986e3f222d11e6aa81aa0b69dac821abcfe3
SHA256 3cd3b32f63ac5e05f1599f60a9f401188a4165a2785e1f185c25e6186f9e34f5
SHA512 6711331f27915484690c8be72bd630a14d3d5162a7189ecfaa65ef9cd4044c18e21a7c10e2ae2f02f012a36bff6cf4c2f6cd30c969a55c15490184e984484d68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 d5be222c26d723dedaac8055bb23775f
SHA1 0b4b07096f3b015d2c5238132478ed6a90f12823
SHA256 8b35500e2dbcd4b5f8795e746c72ca8d95c341fc31e79db084a4dc6703685706
SHA512 5515f627a719b51e1c6137c0719ffd9763fa70d7b67f80419073ebc9660f11ed0475ab49e5c7ffe5aa0fc72e5655395393030423ae9dfd9eb42f43e305eec4c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c9925d06a2599e430ccbd5581b87cfa0
SHA1 e37f51323853ba63504c7ac5e2b73c993f07a31f
SHA256 af1a1593646dec675a220f02434cdc0bb28c2a32d239287d3189f2d9515fd879
SHA512 9a79ae98e4c3f86cda0cbb1c7a5901c7018a2b9ca03793fd7c2be8b45e5a123d99aa38c354cbafff9a1583dab89297a963378b9c3145be4e18ce752ad7d707ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 13da9821b3a2a6954a3afed5aefb8ef2
SHA1 65e14bdacff1e683b9d844073647759226da192d
SHA256 c56b801e7727122279bccd6796b86dfdf10c9bfacb2090681b5282f9d6a3cad4
SHA512 46ada7d4d952ee24cf220b711b10213f0deb4b4c6108844e3266b5c5c92f8ace6103cc71b4139b1463362b97ac758f86a4f7477780f2efc9a6ed98c9e50d7612

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4bb40d589da4d4d69e75fbee76183395
SHA1 ee34f0f6cc832b9ff58148b82243a995ceff2365
SHA256 20081d5cf501b227a8ab93c9dabcb99ec5da42d19c09711e8d8dd13e8473df24
SHA512 331a211f1476a794b998985d8bbb4198bc20eb848a29d8d8878169b60e3ca103072b7f34a5cea4a5e679052098c2562a2aa98f7974c4185265791f9320970795

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6e2b80424d27cb342895858e6ef55849
SHA1 12c5c41687cf40e49c032dc608f151c8715ce4a9
SHA256 febb50abd8adc3d7d18267505bc42f6b5753aa0d0b88421cc5c85ff5e499fabc
SHA512 0386dd80b74f13fedb0a8843a9fc9aaf0f031f772942cfe11b3c5962ecbfd51c55625d6cb9e354f722b4b2477fc12e34783c6ab8579f00c960ec6a895b4b0c4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 360139cf8a187a5c0bfb4569a10b2cfc
SHA1 0a62ae95a79c6494a231c7e0e0d022114b008758
SHA256 e46475d5e1bea07180f038608291f1b03f214e6d285e3db1801cb24e4f1ffc79
SHA512 a595561dd3793c20450614c2d61575ebcf24f090d55426d7fb9637362bf3619cdff23ad916cbfb228b1696a3b74c7599259ce12093c8578ee58a7cfda4591f5f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7f9b88ee8b63b4def7cd0a0327f44538
SHA1 6477a0fce3ded4446778453295f6771d268f22f9
SHA256 7ccacc7d7ffca7a1c4cc477d257b16db96c759a3da7b48effed150447118c69f
SHA512 3318465575cf86cf69d6145f4a7b80017c170798e9f102f580135f718243d04c9145f64673e591b9e4fc0311c8a55585d8f93a02204d90d5cb0b7d068fbdcd40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1cf2b80dc9651d100d05465ec34806e3
SHA1 a503031c28b322a853c964ad9e45826f7b75f9b7
SHA256 0482548a63cde5d13651654608855b27d9512c601a743044b5cee6c3b49fe78c
SHA512 761dd5f2e7f655cb370d3124dd8dab6d027f859f16170c5d79641ed33fc9b7ab5ee73f676ba45e47a16a60a18109f3442e4c480e829649a6247a7dea80db25fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b566868bddc77b38bd5db336a89b7554
SHA1 7eedc488048cd300f13e41b7e575d2c3965a84f7
SHA256 99f705a8050dcdb11ae3b6368c19a71eb7f8dd0d5f96ecf6141e67a9baffc352
SHA512 e4e9af11f9409d325caf00d420cdf9b36868f03390b959a2148aa1db09396e87c6fc6441449cb96c2be712b717fcc95549ae786d6ccb0e654cd383c2d6068f06

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 7e3961d8996fe0b720123cdfcb7d78a5
SHA1 d01a86130eb510d3a10c0a964739b9b3f146a7d8
SHA256 5589b7aea20ae5afff699516c7bb866cf97b65058c7e33e480ddcda758082d8e
SHA512 eed2fb31ee46992e9d0cd0530b7c3087ecd10d2da63accd8db882810aeb5d77f37002a39118e819d7023664215ce4ee95a102d483a8a230ebdf0064fec73f412

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 52ba9866b9924d45a5cd071f3c68dbaa
SHA1 44282d0eb6db1e406e344fa9d59f84d01b3c4225
SHA256 8a2ca54f943153b42628a393da85d4dfc7a131166f28342c532601dd5dc6c6a0
SHA512 db8e49863fb93be952875a0e0467e8f9acd877e9fa0a6e87402b3d7ed0ba2fcd084b946ac44529b660f2a34e637070eed7da5d684bdbbdaa25dc3df6023c9fb3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 54d4c03f142aac5200892593466f20f4
SHA1 24783a6cdcb174a5a196efdab8d0ece6b262562d
SHA256 eaf64b8b47bfed4623d043602fb70fe63b831a41c35287e37610aea345bc501a
SHA512 b6120936a56b7049f1b356aae4444eef8c07d401c40ad875b360bc254546ff89736cf1d00648e628744d636fd95881056d7da313eed2b17c35416139d4050614

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fd667db0deafc29aa1c88d3b2b233ebe
SHA1 92fe0f60b0d1bcad1b51a9e81daf4978f2b49f1d
SHA256 586dd7ea021d4e30b4895c45c92b674ea242f0c382fca1168fd5c0e5a9e93532
SHA512 4be430dd31357e5b4987d3d2c4523ad93b89cb0e8e1f9bb56caf6b95b904c1d06e892a8c265b02ddf4e6cb735e1730a880bb293981ab74cfee8eb6dd69e1c14e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d8b18acc67feaae74585c6bc0611714e
SHA1 c1137d52fa80d21c271e53f96dd9a7aebd2ab8cb
SHA256 c9b08021cc3cdb35d9346256fa4be62a0a7bbc5a3d9802ee47095e65b56b36e4
SHA512 8f480f2204134de4fb51eacbf5b4f19c5cc70e8a4855dced672ccb8dcba59d9680533b680d8726c6a759ad483ebdee908bcbf6380991cc88c64e2d0c90acc896

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3b4f26486913c71e9e2d3c350646e8a2
SHA1 2fd75856fd8b1584172ffe9b12b370c2e8d870d8
SHA256 a6f84c0b96b9215de67a7741a77dd39b1942e6334bdbdf7c546ce10d0ea31abe
SHA512 fd19e010ec3293fdff00830bf7967b152f28d5dc6af96f3c7a774f7e8bfc30121e916774f0858399430bc7f66d88cbd02188300d5a93cef916d0aeada03d4881

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 85084059d3c2eadb17ab866ecc322e29
SHA1 56d11066031ecf6edba33eae78be6a8be67c4b85
SHA256 e65b735249dcdb571b725092abd5bec7c1ee2e20299839952b1b1b263758a644
SHA512 4f36770790ca16b1084b6a1d063f83e19b27db97700362f76e9696e34a9825de8f9606e74b39f423ff339d86c5896ca96443a4957dcf050e0fe2caec412752aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 3b779e3c2fd9ce1bcd36591ca7eead28
SHA1 7bfe79a166cfe1da72f180a3468a267b5899cfaa
SHA256 ba7fa22502f7dda53aa8c908d0f7045acbeb95ac60719ac222303d57ec0c682a
SHA512 48cc12eec6ae7c76cdc1a6b06627f28e757fe3cba271a3dd0c5ecb4cdd2cbe3ae5d209ddd2a549fa0cbc76801c842d803bbca94fe74b6762c1ddf7378a376bdd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9c096618feddc2075a6fd7c0cd1e4070
SHA1 957afc9ced9cc75d5e034101bf0ca039db49f444
SHA256 29f150ba593889aa69518462bcaf0d02e44f435234a81d26b84590b9a776b2be
SHA512 df334caaab38df62c738366989aa60881f946fc23a076c20c509daed2384628320eff96f226e565cefd9776cf403de13d762ac9f5fb8cd684bab9d458a038ce1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a17c1a96754116ab2c77d6e23abb21d5
SHA1 e8178a4663e20bb2ff3cf25899510237e7c20fd0
SHA256 2c3bf9747240fca2a34583debea62608666090e55a54e1ae612f192dc8ad46d0
SHA512 2670ac06a02f5ad08a7699dad2255fc89c9c8d6b6b288b71788c9115ff24d9901fcd3668a0019ca1a8cae140d6fede76119e481ba55bab54107118adddf44c26

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 685c33ba74e9f5f5ebf3f822c3d1b20a
SHA1 7775c8b1b6da545cfbe7ec2e84d1eb3522a7a68e
SHA256 aaaec8565c700649c53de9fadbf6c30f7d002ddf3a1420fee5d73fa0cd6a0a74
SHA512 650bf6f4b5a525ba288036adfbc446bc3f39ee91b7deae0c9bba910c38aae70adf06c4b8ee3dfc79884c86db3acc6e0b82741e22e4a906d32b5e25abf29fb190

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cf5ae331dd8da744c25a7cf6ce691f06
SHA1 7bc3779d1beeb44828351e607d50096ea9bda9e9
SHA256 ac4cc55d0f5d57e5e1afe6260164b284c01674f7c261e69e69f82d8b76b2d2c4
SHA512 d89e5cdffa30b4a822b021b663601b4486e4e2a7542528e735352505885adacc17cf73182bf54224b43c9bb5ba0a2a903cfc157d7ec7ec57711bb91aae5a3f01

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 da7eeed7047938196834a7e6f0826003
SHA1 87882280fd4859c85296ff32b75e3ec3a4695e75
SHA256 ce104f52526300582fa23751295bb80674cb5a64c2eb5984d6bb76708ef22b00
SHA512 af6366e9a2a1dd71b183d17f64900eaefa8b6ac5930d026fb4d6b85899a24072f70dc63158452a155246312f702c5e93b65ae8861ea43ba8fc3378046a87732d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 e4d6fb35f120d8c663d48a79248d2b4d
SHA1 9e53a34b0850b6339ebf5abbab0f791210efd83b
SHA256 4af81a42ebbf3f3a8e89cb8656967c9f13ddd286413d2d0639c57cf2cd61a31a
SHA512 43ad21f67ba55e52cef17685a68e9e2ab88e6de69004efe5031173e031b4ba0965002317134c5d08781c4f71821362349d7a754f02266885c5b0c360aa3fe7b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\000004.log

MD5 0504902824c37d8e5de3c875acdae043
SHA1 76bf50e891562edc3b3234a6de0c49a85f512055
SHA256 67973d7256346d0e0670350bb5731dd7007bd43c29b6feafd39f908baf711609
SHA512 de7bf3e906a747cca652a22a84f774984b711d1ece11b19b88bf063cba85e37f2c78419c872ffc879ee3d7a27a1da56d091994c99393e45998f5ff3b20cddadf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

MD5 e3e8dc51b4a437978743682000842712
SHA1 5672c59a50f9dd7eba862ee5a9c1fa786b4a8f5c
SHA256 f0de9fb928ff1561f287538170abb10f48fae0e22db8c585c4ff45d889b4b3d9
SHA512 003dce3ac378391deb5eed02093d128e4c4bd79a1e37f288b4e38601468aff867210ccf7b8d63e19158a5944fa8bf945a3c1fc9b29cdb639704aea0a8c17ebcb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f22f4c8db0be5549f023518d32bff69a
SHA1 2869efcce4f4903886218185729e28c1ba30b67e
SHA256 3b66a5370002044c9beea076a2c02748b800ea6fc53a46f9c5fc47d57c9e9edc
SHA512 8c950d4e59f42957ccfc27fc71e0fb6a814402077be2ab9725e262d2309317b88e1db071aa55a0e58f485f7969c0e3dabf00855b55f4af77b42f4d2656051730

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 3e00b9dc79ffc6d5fe3635c66e11afc0
SHA1 763b4cc99fa894cfe1dd7a1e9430ff083d6d8514
SHA256 b7d6e7e9f9b59a2911e6c0953e4fb34bbe49109abf537a7bbcf78d3a1e5bd719
SHA512 e133443949b18595753351fc233376d3d911b4f7e64ee5715aa80f66e5cfb480c7084fb7282792ab98dda5fbdd97df1910a08e3310c9e289cd8094a99874f9d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\000005.ldb

MD5 e1a00fe8241e181343ee68133a45cf77
SHA1 cea644983d5a303043c2d56c376a2f77700304e4
SHA256 d8b030df5e2ebecc3762bff646aa80bfc6b9c9609607ae81a6d5712916518251
SHA512 0de9e428824cfa44c16eb70167b95b4388c622fc05929badc3b7ec5391c77271c7afae4a2a329a6fe0bcf25e7c6d2f26964ea0c3ef7789d0208531af1f3d2280

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 8f3b4e6d6fde5d138cbb679af2142d4b
SHA1 2de94831f2719e8d595676616d7d7cf889e88ba8
SHA256 805812702f3b0d0a56ce8461a5b16e678970f560ccffb61f6ade54de69b8fbbc
SHA512 74b7b6dd4fd96e3169fd228275978a4d5c48ea7003ef79aea5f69f3bd4badbb84e6b555e719a68afe041e0e8a81af9aeddedd359b63925e01f509721230d5ae7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 76b6f92aa83d0315da3a21967db4fcdc
SHA1 8d98b85391811e3bb34d3b569cdcf94d43dbe9ae
SHA256 41f7d4aec80c936c86712407b14839c24a846323771109c9fda6b556d1d77832
SHA512 262d900708e13a5348d2bf0542f6c8393eb7f217c77ebc601214626ad23e89e8ca9ed98d0da1684bffeb25c2743ceaeb963400cf34309b769ff9d226c6e153c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 69b0f2ffecbb10c1792275427d9d2e06
SHA1 6269d693d071527cf2fa4680853879166bb3b41f
SHA256 90da56856b5dcf0afd87667237d9a6dc06a88c90c8d148e0fb47b1c58e6b7519
SHA512 3ce9dacd9c759e71cc30670834a6ace0b628fcbebc665f57c3489c50988269580d19bed535cbc41984e7e276356f41ad87867e68947c0aaee9fd3654889e5a62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 6905cb3612a419a11786ecd164c62c87
SHA1 a13f41ca01b1d6f75c2728b9885f4e25415d8887
SHA256 b0456d0df014e7924ca8240e5bde4f986ca6033314adfb6c35e1ecf58e6a7ed0
SHA512 b71180549fb3656d4ab0e1a67f72cd6afe1d2980cdd231ec73429d0fac50a9439cdc1f472963e6708ef31151f65df1136bcd13c3670472de71782b7bd8943ec5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 4ffc570834a348347509456f8ef79179
SHA1 b6bec8e5530ff7095cdb9e76056a59c239f3252b
SHA256 4efa7f9977c3b29d0c45ce97f69806cc3e89d15b2f6fc0631c2de14f54dc2207
SHA512 f915b8d37936a61e3fcaa4a99ae3faab81733a2bfe5e28215c30f2c49be4385475b95bba90988bc6c0dc120298b0b038b3b690da8595ad9d9cf039722baeeec8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 e679d3354af8f743e28e87d666da372b
SHA1 3b8f92b76f771ec37d90286dd3ab2b8f24559259
SHA256 869bca31eab16f9b4a6085c67fcba6385e7d92f743e9be8f3940f369c7ad4c1a
SHA512 e9052d8bdf26967c4e27ba3337ac151a72d090533daddf1b9e929059fe7fd650fcee918c66935abf2d756808540478d8c84c6126d69ac3e9514c9ec0804066fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 160ab0992b9efaccb6824875ede1043e
SHA1 719dbe08e6cbafa8208baffcdf77ee4b646efb9a
SHA256 312dbeb006584b75b05dc22ee46fd67123f175d9c8a47be1ee97fa37fab9a9ac
SHA512 0cd3a97dbeb44f5337257291360a19befe553e827355d6d767256f5aeddfe596e0fb4b38195b793710ad80eafba999dd5ee7debe2b31ce4b3f0fa07e4db9754c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f63284c5a6eac0a2b050e396a6f39ad3
SHA1 7d11f98617308d2acaecc30d9cca8fb1798b53c9
SHA256 9b40f6bcde78685d3e5b06065b2742e6d979a2f79f98cee5bb90e2d3c1bf5573
SHA512 e87a0cb741345da367902531e2675be869a5a1fecbae007eaa102c0048373dd9c5754708d9bd7995c3814d01a2ea95950120cb5e71e9e5fdcdd3dd4b88dba41a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 be2fcc018404ed5bb51fc96ae9fd5412
SHA1 de1a0839e7d08c6bfe53201ef49b1801ff976d14
SHA256 39844281c1fb7625da97dfb0a318896160ed4822960d0cf1756da6bbb297bd68
SHA512 f50123538d6386cf7af0fa57675b076b49e60c21c0d0d778586029802659d70772adff2d32b4d02d00f7124b8c951944ce4cd512da852e6c2e4f702b032eba46

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 25461140e569b75ef1b1aaf4fb831b8d
SHA1 c77d7a56ed114157f983425bb2a84359162d9eb7
SHA256 3e1eef316ecd1e687f85d9597380047a0a8637f7e578c2df17b011ccad2cf3a2
SHA512 475077b21585e8f6f9ec9b8b47d08a4e7f908bc9e337e242abf7789c3f782239bce74a63fac4f7c4129a8ec42049e3b93a62e173d20ed2d491fb5fe935c550dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 836ee18532aa79e0ba609ed82945f81e
SHA1 e559aff9d318daa5c659dad50e0e5e77242f3160
SHA256 13e077578cee8093081002842fc0dfdccd26416b673bfeaa255daf858a8e017e
SHA512 1f78577a21116514acf0787e07cecd90194a25f7d90acaa020edf11233e4a3dee888da7de07856fc77e459b3f3de7b8de3ec8710c2157080b446509f6ca30939

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 4d393bec23dfba2e2ad7bef5cdc87d75
SHA1 23048038f20f460dfe383f134e5f9a72f9fd59d8
SHA256 5f0eb108dfa2562e753fbfffe1dc3762fbe7249bbf6729b1b021b0f000f59699
SHA512 18d6b23e55d76bb92a9f47a2e9d3ea008d20bb4e1d598a901c2bfb7acfb6da4a0749eade829ffd04725707aa4d0dca3bee93f7849bba83ae64f0278100a6ab91

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

MD5 b28a615c4fa85e89565cd5ee6c29dffd
SHA1 3027c592f6aa14bed46e5ea22441f195c5b4f736
SHA256 fca4192296934e91f081860a7386c4bc29932766410f12df4db3c79e3210c04a
SHA512 e5624b85167adbfdfcf6a0d42f583147ea8a683d2db302701cceb83e23a7dec18aea663bf2b4f10bb6742fa8cf63e473d0fe7770a542c3502f75448e1ddfa89d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fa60c2f5f0e163215629744febdb6af5
SHA1 806f7762478049bb99baaa8e343834fb83e64c58
SHA256 557a874234c86b1c5ea92c147e82ac3019e216858c84bd09b3199652e6c750fc
SHA512 df1d5134233f415790629a4dac3d3e09c408d235b100e2877f822aabb054cbedf2bcabeb8832f6abb541ec661d9c1fca1bf7dd389900f83b54e88ba0f2f49957

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3f99784360a3e4b10804f8a1b8e9cede
SHA1 1fe08e05c86e98458923d1f86715132bb9f7e992
SHA256 a1987ddbbfeebb8e4b25b383ef6004228b68b2e4830b804353ccc40f42ada131
SHA512 700e71fab4ea3824d7718b3afba2c430fce26578a4568178b637365b0f036bed8d37503909f63b3fd7355d4e77ea524b5da98478b0923621a057db01e5884fb3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fb6bb40e917616f5593fb0fe6ef821df
SHA1 13d2bf29f84293aed9840a0b720d64a7dda6c0ff
SHA256 b504654bb7c3662374936ad07bdafec2b011af65827931728aa90d733e3748a4
SHA512 d83020c96c4036e01b83fbd8f5ab7669692027bb35ea0d55b8a05fe843b09efb08a3fdfdfff780d3c4fdb45192cf32354acd3c919bcdd5a8b000d57f62e8b035

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 d33a5f6b6e0adf9c70e9c7492beda58a
SHA1 9965ed722799bedb37bdf380783d1120baaa34c3
SHA256 e1c7505aa2be125e2b8efb292821a3441ccf6593fbf248a87e720ff2de5a6de2
SHA512 ec2f0bf0f87b51831756b40ad4f0f840fc9c5ce025a8525ef26807c05f0b89e5c9425eb84d5505cdffe9dde8bdafb2d4fac10a8ff45f1d134aa1a0cb32dfb555

C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\LockdownProtocol.exe

MD5 ca60da99da0c7ee0e9ca3e4bbcb0eb34
SHA1 13a6b5b4dfd83e1d0e4108e8a2630cb1c5a54854
SHA256 5f1ca44db4c263c35375e83dc513602f00bc6baf161819598262ccca74ff51b6
SHA512 9a2e2913916630dda7c6c3a241a57f83160d813773d4d4c86a5520153fcb0455cae043104e30bbfcbd64691e8b61872999887bb03c650d8489b99aa6845f65bb

C:\Users\Admin\Downloads\LOCKDOWN.Protocol.v0.1.24\Engine\Extras\Redist\en-us\UEPrereqSetup_x64.exe

MD5 f6f6011b663b2ffbf174d050bdbb7790
SHA1 a3324e86d96e5781dbfea5ce30600d7e6f41cc0c
SHA256 ef1ac9b2347702667e6a2a280bf2bcd55462882444a7c6981be74ac34df971f0
SHA512 8f85738ed22ad4b1ac9bdf22d51a283ff44ddbfb5156f815d866e09dfc2392a8ed9851b973d7d660fd3ee1f721b32fe341bac3463aaf6ae40f7829472a559fd2

C:\Users\Admin\AppData\Local\Temp\{2c4a7cc2-986f-41a8-a4d3-86c8177f87cf}\.ba1\wixstdba.dll

MD5 36b53c5299a3b39e5c9cdbbd28a09506
SHA1 9f4c767ef7ea887a88a698bcd66e4ba691e1c17a
SHA256 97f1901e7c928b9231e503cd3a1315f0d8449356b9f25e7eb4c2cebeee72012a
SHA512 af4c7cea8bebe0f125b59eed11fa0053178dd546784f68ad7a642eb128ed0d05dd6ccfe685b912381b61becf9c336dcbbc8c4ce56884a511f3f0a69826d8de83

C:\Users\Admin\AppData\Local\Temp\{2c4a7cc2-986f-41a8-a4d3-86c8177f87cf}\.ba1\Banner.bmp

MD5 87300b4c1b1d79f75e3c406043d73acb
SHA1 de7ed5119f1caf8d11d30810c28031b37d1485aa
SHA256 b76bbf9f7b8da4ca886f3b97d7db00ab1d38a9bb3b9567f4e1c3e30203098add
SHA512 1d482404dcbcb3326e0efa4cdf46253be374f83d5c0f1051c15d4b1625b4e1e61adf017d037f8f4cc643e205be657cf5cc4edeb566f7eb44a89729ee050280da

C:\Users\Admin\AppData\Local\Temp\{2c4a7cc2-986f-41a8-a4d3-86c8177f87cf}\.ba1\LogoSide.png

MD5 702684ff196740ebaedb34beca30346f
SHA1 1f3af4bdac42b973b05dc121fc00c804aa3c28ec
SHA256 988c657d1cc77aceb4804c5217bf756eaa2b4defcb4d03f47aea83ccda3d3672
SHA512 ff4eec96f733ed32280123f5a6bff4a488eab4586a9740416125ceef1b4e1ce85dddb4524589111d1c6c57fb9d561a3586b637f8b17e8ff8dd2bf736b484b676

C:\Users\Admin\AppData\Local\Temp\{2c4a7cc2-986f-41a8-a4d3-86c8177f87cf}\.be\UEPrereqSetup_x64.exe

MD5 77724646624218868ea46702809de05a
SHA1 5b87c8435ff0752995f7f2b06bff1fc811949e3f
SHA256 50826adefa0e12a946bcc2b496c0d236fb9f21da79b465a367dd7bdd1f1eb172
SHA512 dce07388e2d1e314ee199668eed6062a7be70e559d5e768a407b1db4450720600f5a7767a1f0d4461b5f4c4864bd7b6798fced42f7dd2a82a010f9558fb50390

C:\Users\Admin\AppData\Local\Temp\{2c4a7cc2-986f-41a8-a4d3-86c8177f87cf}\VisualStudioRedist_X86

MD5 ca8c521c30f57c0c199d526b9a23fc4a
SHA1 663399541a7d3bb1b5ea0e57a00c024e50d8506c
SHA256 8ae59d82845159db3a70763f5cb1571e45ebf6a1adfecc47574ba17b019483a0
SHA512 28cf976fa51e4c7abb57fd8fcde6381f1e140407924ef265fde6e59546fb6fdeb803f388a5d1e9e74fb80d47ce5fd9f275aaf41258a09002fba27c2cbbc2df4d

C:\Users\Admin\AppData\Local\Temp\{2c4a7cc2-986f-41a8-a4d3-86c8177f87cf}\VisualStudioRedist_X64

MD5 119dde89a20674349a51893114eae5ed
SHA1 4de9f6681f0f213b132def3af88a3c68483f5f32
SHA256 26c2c72fba6438f5e29af8ebc4826a1e424581b3c446f8c735361f1db7beff72
SHA512 9be541f26b5d43cee1766239d8880ab7d30d18fea2f17e28d63a498b30b7dd0918f389805398cb56b0df0df17c8633cb73f9e46672c93b21be04b85bda7a2648

C:\Users\Admin\AppData\Local\Temp\{2c4a7cc2-986f-41a8-a4d3-86c8177f87cf}\PrereqSetup

MD5 77c572342eee30dfefc4fba59c89ccf1
SHA1 52435620397e7b2dd077c99f2f43934e53bbb988
SHA256 6fa7204b2dd47613606067db85e934898c40ef9a2e07be68ffcdf560342df271
SHA512 85fb5c3e141911d275461034c977c1198cf2d195b9ff7f5c8bfbe6d53f8aa314383994934c739ac3772305e70e254dd3f4213c89ac5b2c948d98b0d1206047be

C:\Windows\Temp\{2BBA847E-F563-4CB6-AE5D-EC8877EC86D1}\.cr\VC_redist.x86.exe

MD5 2389d29f633df11642dff1bf5f21eb35
SHA1 ce85460fd7cde25528142f4cdca4e6013bb4b1e8
SHA256 ab91fbaab09a94839ba839275338ac42fe2661781d371e517f9b2e4866e2cc55
SHA512 59d607112566d13d15a8de8e18be204e8bf0d2010310ebc9c8589ceb42fb8fce7800a6e58f30ffb92d4c1b3e0d17c1a2076a478de753e5334971465c52f8eeed

C:\Windows\Temp\{52D26B1E-58F5-4B9C-8240-3516A7E74634}\.ba\wixstdba.dll

MD5 eab9caf4277829abdf6223ec1efa0edd
SHA1 74862ecf349a9bedd32699f2a7a4e00b4727543d
SHA256 a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041
SHA512 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

C:\Windows\Temp\{52D26B1E-58F5-4B9C-8240-3516A7E74634}\.ba\logo.png

MD5 d6bd210f227442b3362493d046cea233
SHA1 ff286ac8370fc655aea0ef35e9cf0bfcb6d698de
SHA256 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef
SHA512 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

C:\ProgramData\Package Cache\{2c4a7cc2-986f-41a8-a4d3-86c8177f87cf}\state.rsm

MD5 4c5c9cdd9f9e94e95b7b9c424005970d
SHA1 2c16f1459aa88c1727bd6f2462f4f443b70e8bc7
SHA256 8a071e5ba693344191ac74103fa4a5be54a00de319be03df28dc060025148b1b
SHA512 0b264374ada667a6ecfad2b72c8108811dfde22fd83aec056ce4324282c75d8b4efefc9e99a379b97c868ab7cc00098063fbb71376feba1a3b9c96b31b824900

C:\Windows\Temp\{52D26B1E-58F5-4B9C-8240-3516A7E74634}\cab54A5CABBE7274D8A22EB58060AAB7623

MD5 b24bed7c6bb04880af91684d3280d3ac
SHA1 4e7089edd7a7f486f52d2c1d2b5966285c3fa5e1
SHA256 5699312b05d5d39f4cca630ff332a7bfd9c5ef280fdc8c2a4f0787f868bd18ee
SHA512 5f22602c05cf61b1cef3dbb3bb078e7ecccf509f70d202378da136ecc9a15a09af9a1530cb6e8c9dc9f32cf204a3fd44b373aded0daae328d8fa88b7a22c320d

C:\Windows\Temp\{52D26B1E-58F5-4B9C-8240-3516A7E74634}\vcRuntimeMinimum_x86

MD5 41d7231c971401af43de5e4f16974d04
SHA1 b92336facfc5c7311ce18e11a68548acd3ef91f0
SHA256 cb7e1fbe83913dab01fae8cb0cc7a49a4ade23546afbf7ddcc517a0ca97b5806
SHA512 b504eaddf4d95db00169c61a9293d195e8bb656e26b36eb0264bd0fc589707c7ace684e0f4941c8f10438969cb3598e1d8dae1a6b74537186a8e34fa028bc011

C:\Windows\Temp\{52D26B1E-58F5-4B9C-8240-3516A7E74634}\vcRuntimeAdditional_x86

MD5 4e619d5749da4952b2253c7ff62cca72
SHA1 da031ee9d98592ad8869e8d27c3bc91ad14825fb
SHA256 280ea94803ce23f77033001564f23d2ba5264d1d4a1e5b90a02f120856f2071f
SHA512 cabba39f330412e928c02f606f8aeb82125250fb5ff26f218a5090cd132ec5e1c708e1b8f6a899e939a888d48ec79035f335620bbb707c9b87c7bc912463e5c3

C:\Windows\Temp\{52D26B1E-58F5-4B9C-8240-3516A7E74634}\cabB3E1576D1FEFBB979E13B1A5379E0B16

MD5 34ee1fa98b3266ca5658d5e0124e0539
SHA1 e3dba578b14fd43cbc5b36bffe670740b2478585
SHA256 dd67df670e422f59422e6ccbfa4595dfad705c4c9465997bff300e1ee7f51b8e
SHA512 cfdb27c7770551bb802b409ad43cf7f19abe11318eee5febaa26b14f3240c967d60d76abe17255cb558c9c3e7c57e5f03e005eb598f1482c9ebbbb6024aa8d53

C:\Users\Admin\AppData\Local\Temp\dd_vcredist_x86_20241109215919_000_vcRuntimeMinimum_x86.log

MD5 0fcbac35ea52eb4cfc3f50e77e8fc21a
SHA1 fe857b4c51e1e946231517d3a3631eb7d5d501b9
SHA256 96b44d2ae81c1dd1e56ed08782ce1551a64edfce8131b4acc172f04f5a8c46dd
SHA512 df5e8fbdf34b85982cc58f929c6b015d86a215daa513a739c2e38b89010e519e12a48e3d6e6bcaaeff671be70f158fd7c69752cf7ae02913a8f94de81e3caeb2

C:\Config.Msi\e5e2e08.rbs

MD5 e1f01cf58c50d4683edd00cb4e123373
SHA1 c7d693998d316d804d96e219eebe3f5f9d74f9e2
SHA256 88192571529f2958a36a11d3e280c1e1bf29f1ca70d31a8911361980301cab5c
SHA512 01e58d28fdbd11350623c5c96b6197180bb576af82159b33aedca51c30f5cf82fba4a558193cf66d0205af00e7c38362d0b53db876d998f64ac3d7dabc629fe6

C:\Config.Msi\e5e2e0d.rbs

MD5 7cd9808a0bf87f67cee8c0936efed347
SHA1 5a757c7c3b59a53b6983e60854a18b45ad637d61
SHA256 ec93447093ef8485cecf94d60d5363f93623cd78da723db1e6cd411e2ac8f421
SHA512 6464600f78e487a21c5245cbaa4feb9fc8bb430208192ed87f3a088f3c5f5a62dcaac28556f9dab1028ec19ec51f236847957f5b3c3592fac1a1396d065bb8d8

C:\Users\Admin\AppData\Local\Temp\dd_vcredist_x86_20241109215919_001_vcRuntimeAdditional_x86.log

MD5 e842c91a192c17fd2e6261bd9f16545a
SHA1 e1981e5acbd026e99e6518b73a1d443db9f1fd1f
SHA256 96277ef479d4725167755e37dabd23c7116de8d92f8d205d50f31d1ee415f18f
SHA512 1d29de36ce182eb5b2ed3beee10d9535e186be3c9fbbd8f7411e7bc1d0667360757855666dd6adba80020b2274c2dcfc811ed4424fbce0321e3156e4ce2b2c69

C:\Config.Msi\e5e2e1a.rbs

MD5 85e897820196cf8bf1c1c0a0b09b4ce7
SHA1 008bc92efdbf1b42548aa325d1b272e99aa1ca7a
SHA256 e4dbb4547e9d74c756e6b9618c91fb06a36ace4c9881205ccb71e56bd6fc87c9
SHA512 799c1f9992f7cfa28ccceb10f729cb79a0a92e0cf4afe668ccf59f451ef1e851301a1bdd7a1a13d9acec74bbed662a01875df8ab3d7735230ea38aee491b46bc

C:\Config.Msi\e5e2e29.rbs

MD5 66b8a5eca0a2d099b42626bc651d9f1e
SHA1 5a8bf7654c21b61a51f925bd0b49d2e6bf803670
SHA256 afa42873193b7517f3649cd182755012fe46af676156221c62a909285df1918b
SHA512 cf9304fa6f202fecf70034d14273299cf58507848dfa8b46e29dffb357d109b1063eb39650741c8be71d2fa62523c7d7656eab0f1318c7ed81136a71e5a4d9d2

C:\Windows\Temp\{EAEF4C3B-5932-496E-AA84-AAB8BA8C2AF8}\.cr\VC_redist.x64.exe

MD5 7cf46d8dfb686998aaaf81e27b995e8c
SHA1 c5638a049787ce441c9720c92d3cd02aa3b02429
SHA256 120019a0ac9f54224fc9787afba241bd9faaecef489be5a660bb16e85df052e4
SHA512 66cf76324e373d3be6cbef39535b419eda486a8f43c305c38a8c01cfc05f9e4073aeade808db8dea306fd3251955e177e45ab578a57114bac1d2df54b4e95efe

C:\ProgramData\Package Cache\{4f84f2dc-3f70-433a-8f50-8293e0089b0f}\state.rsm

MD5 75553d701378db6c70fc101ef603156b
SHA1 16c6436b97dde6994e11389f7083dc77dd641294
SHA256 4fab294746e15b84888d5de9c075b57679a27b0c2fd0437df55fa321c44a6550
SHA512 3a9e45aecfc6878e5b9b761fee9095dbd3383d444be28775ae0bf753edcaf8dd0906cf98d807a87b7a6886488eb459ab08366ca5cdd8a0a2f963db561b080a96

C:\Windows\Temp\{BD5B1FFA-8B4B-49EE-91DE-1A4122ABB5DD}\vcRuntimeMinimum_x64

MD5 a16b7d2616657a5ca44c480a82dcdd74
SHA1 1da94c7ea9d2042e6d71e5b2cdbf2256b3956c2b
SHA256 293eba293c34aa7257abb89d7e6aa3dce218b28f565a664a3c531a64e46be379
SHA512 f8244892766553238c56618be1e96515e58cae2b8c3db60505034f4e44b8e3faf766d79839eb0ce0e57128e8a6af71163260a851016b9446ac997b6945e6fc7f

C:\Windows\Temp\{BD5B1FFA-8B4B-49EE-91DE-1A4122ABB5DD}\cab5046A8AB272BF37297BB7928664C9503

MD5 49d2d776f9d88979fff9041b021ebce6
SHA1 0e505bff7ccb0913a5e2e1c49b5b4cd86102541d
SHA256 5333dd41789fcb64b9da329e14b34544031b8cc4fc2b5f863a01d425064a7954
SHA512 555a9f091bc6cdbe4bc6f9ed40bb3f92129b1bf6db9108c65ea4d8cf837fdd7d47749b33ae9b8a4ae606247485f29968ae52d5c49a086e2522444b02f440c913

C:\Windows\Temp\{BD5B1FFA-8B4B-49EE-91DE-1A4122ABB5DD}\vcRuntimeAdditional_x64

MD5 5454587e1613092539742efe1183dd67
SHA1 3a26f9456051d342758732f66e5ed751d8afda70
SHA256 cfcdba2bff2f9933db7af33ed47c6a43f484fd8c8b844c246506fc3a5329b6f4
SHA512 c73b6cb8dfce6a52f82ea289f43cdaf198dfc0bfbc406afbd8edc74e5724e0b492850c56d9540e723b60ac0a43be3b4f5c5e6d471c4bc7e4191c04498e57de22

C:\Windows\Temp\{BD5B1FFA-8B4B-49EE-91DE-1A4122ABB5DD}\cab2C04DDC374BD96EB5C8EB8208F2C7C92

MD5 21742d42a69cd5caf3a8a2755fb0d472
SHA1 2f081e6a2e3f3f6bbf40e8645e2e85678f52a769
SHA256 51d43233a4a4726e4bf0cb65214dc54cf7b703a980f7b0a276f37bfd2bd7761b
SHA512 53b801763a891a7ac40fd198d91d700050272c9445b84445edfbbe797a4f4d28efbc793297ca45f43cb53db2d0710bf9cf45eba664d70cc414ef73545b834fae

C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20241109215924_000_vcRuntimeMinimum_x64.log

MD5 baa0faa20a18a5c149312f729c0f2b0c
SHA1 5b122b29c26acdf8c1cd729a637f0ba7adea147e
SHA256 91607c8a554971e05ca8038800d41d2ad02f22a81d2ce8cad56b29ef1adf2d61
SHA512 2915e2f31720570764012bd6f979b96c849620aa2b7182cb2c8b56fcfd52ae82c9d3966e24c186337a42505c671a29b74c0fe5854aab574732ac0ccaad2b2b6c

C:\Config.Msi\e5e2e30.rbs

MD5 f0dca9ca31bd2b46495beeb46067ab9e
SHA1 427861e7074dcf9ed2f1d48f101e247365461319
SHA256 9516d2561f3922f5abf7fb79427305fa982bb589ed769e77c6f417cd51ea488f
SHA512 4025a22167cd29932d5a091b71bc637e5758c89ffff5023fceaa3e0a2ce1391e09fce647c232fefbb1cd415afeb140dcf23ed414e70d81c0af5d3e5b87d8cc8f

C:\Config.Msi\e5e2e3c.rbs

MD5 3a9350c65ca6a241b37f1f55e5acba24
SHA1 79d629045319ae89429bdf6379649a9f864c077b
SHA256 fe6701b9bdbd0b4a4c1cd6345c8309aafb2d0afb1ceb741059ce7c360d56f222
SHA512 9415c90c1ac2ec8d5e376378688d96d1def8edfd75c8fd713c98217925db6a71e5122cf34156a43d825ff5841ddfc957f7d4c56c34db24c4fca32faf3d92bc08

C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20241109215924_001_vcRuntimeAdditional_x64.log

MD5 8670f70be66819472367e4fba4a5aa64
SHA1 a995cfe0eca66392cd8f8d27d9c4a206d1b704b7
SHA256 2c300602a83a7778ea6a2c054473997b551a2a6bf264ad362016ee34ca13bead
SHA512 fb0e31b6289015380ef234fab7c47e545ef04ee77dca37a065dd77ce4698c054c7feb63331c6b7e70bc84d127a9a6be3fd72573a5182f2798958a4a996cd127e

C:\Config.Msi\e5e2e43.rbs

MD5 7bcc8c42a9694f167d93d343d9e56b5c
SHA1 3629692d073304d4e45ef42df4bb4dbcf5188284
SHA256 3897690f811e15b220b531c44e29ba3f14d2d863df2c79bae470f45564c58f85
SHA512 3a8f9e7aadb4063e56d290dfcc331f103cba70ae194e13eac7a09027123c839b647bc4661d28689a8ec32316f24fe565403004d31bc17251c6d610c272149ae7

C:\Config.Msi\e5e2e52.rbs

MD5 cda152794e152c361af5edc56c24e8d7
SHA1 b67f748f47d9dd797ef069376e579c1edb013040
SHA256 aec587a3666187c14e9d09cf100c42d6e63307614481ef683d10ed2ac717649c
SHA512 eac2ac7d21a09d90d60f413c53491f9d8d792ba5cdb4e7e6830445baf91588b8b4ba92cc68a8d40c6a549eca149c74080eb70fd32b0551e80cf53cc9eccc96ad

C:\Users\Admin\AppData\Local\Temp\UE_Prerequisites_(x64)_20241109215901_2_PrereqSetup.log

MD5 76e552f665bf9b2eab56f0956c91455b
SHA1 64f00437eea812dbd899840e85c4d2ac3e6bca54
SHA256 75f3d49720f508f4089a8c5229bc5be7715abb304c92e39a649ac11be7e2e703
SHA512 354e94f5a43b4eb920e64005f21a87ab4a133be9fe06de584f0f68cc99a809baac26049a1e56efcd79623411afafa6a66b00bdb41a379a2723903140cd9d5a23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_9040490E275779DE86373A998E4711FB

MD5 66e227294596254f4959efd235034eaf
SHA1 f03e0a4accb265f15dcd82b1e6c60f7616e8b745
SHA256 7d34a483bed0b94011bec64879ba530d71b09ea61ed6f6ef601a405f95a1f1a4
SHA512 082f01015c3f65da9c02bae1b7929039de694017a6c368d36dee2d18b672d83bb665f55036a94ab7b3d34990a2a2146e70f70ca0ac44e49290f2bee1d4e71d70

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_9040490E275779DE86373A998E4711FB

MD5 1ad95162b91df7a9df0606d6570bd221
SHA1 df3015820da398749fd25d0429d2912102602ea6
SHA256 245d271a15cbae49c168067115c03e1dc8cdd36425ff76c9edcc38ed72e328f3
SHA512 e523cce7ebbf8fd47e35f86aef00b7c79a7f970bd0fff0df01010467682ea0b04a43ced592865f7854af6047a7457f41e55fd316a88ecd5c7b4ba5f43fe80a2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5

MD5 5d251ba9b8dede3cdd0dfff314ef6dcd
SHA1 448f1e04c2f8e4665227f001a6228a113a896f2c
SHA256 968ac451deb2f30a0de615250ac242524a2da8d66f6f881dd116f75ef5a75529
SHA512 a3fe32224678acd7f72d3a1e2b2f41dc326fd52e93716c5a43238aca94203146816aa914b8e4787f92ef7a43f002c151976e89438e37abebfebeaf6965791eca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5

MD5 c17e74c6235e1967ae347f06e3033772
SHA1 4996d7d007c2202db7c657cf77d443ebf363b234
SHA256 0d8980ad3a943f523faaf1c4a8e8093ddcc53c6b297b316bc6cab11a4412803d
SHA512 c02e99895cc199bd30e31f0651d91aad3506144e9a005e5ccde6c4f986c4974d5f3161212becb51f779467ca5949d6e6a6d882988bba08ff0777853fc04866fb

C:\Windows\Installer\MSI53B5.tmp

MD5 89cee251af1d87bcc72a81a2c93ef834
SHA1 575c10a24ce1f157ec1714bdabec8549ed3f7ed0
SHA256 116aa39bb2a1b9aa80a824abc16ba1af008ba4fb84c3f56c28159097852923b9
SHA512 507724472ea65628b1714548a6567ead80f1eb42a18484d4d2d44478462b42de49a7e7f8307eceb7d7e0a8164532e70927a7f02891d1a71ac13b35037f31c3cf

memory/2480-3656-0x000001C936A70000-0x000001C936AA0000-memory.dmp

C:\Windows\Installer\MSI53B5.tmp-\CustomAction.dll

MD5 f6dc16291b695100fcdc4c3762c3608b
SHA1 788609760f26e01370d901c2b0ed06c51dcd312d
SHA256 1685b2aa9559d5cb2484b5fe569b8629faf066d83a9a1c91a6c34f3623c11bcc
SHA512 71b39d05a8d91c3155e9a62e35310704fb35d879173622937cd220e1271b9a47c45dcd85ea360e99e1bf30428e58c6e3bac7cec9b7e53086485f6ea5dcbb1bc4

memory/2480-3660-0x000001C91E600000-0x000001C91E606000-memory.dmp

C:\Windows\Installer\MSI53B5.tmp-\DXSETUP.exe

MD5 ddce338bb173b32024679d61fb4f2ba6
SHA1 50e51f7c8802559dd9787b0aebc85f192b7e2563
SHA256 046041aba6ba77534c36bb0c2496408d23c6a09f930c46b392f1edc70dfd66de
SHA512 7a63925278332c8e7949555383b410d8848a7834b85f34d659e351ba78cbe4d2ec09caccb2178d801b9b68725c9cbae48a6a1f07f0804a0c41eb51df79b7eca4

C:\Windows\Installer\MSI53B5.tmp-\dsetup.dll

MD5 9e0711bed229b60a853bcc5d10deaafc
SHA1 2bea53988bd35c5df5c9edcef0bc234c37289477
SHA256 def6f245762be36cf18b435ba8b7ebc224b9c21d1a1db606a8e8fafdaa97bba0
SHA512 c0b31872e52c8f4270d991c70d1a1c9ef9a4bbee4807c54c05a449cd1607506ab16ff1e74b378651b36e3276322c86cd843565c8a1aa33a49c47322ef4df0185

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\dxupdate.inf

MD5 e6a74342f328afa559d5b0544e113571
SHA1 a08b053dfd061391942d359c70f9dd406a968b7d
SHA256 93f5589499ee4ee2812d73c0d8feacbbcfe8c47b6d98572486bc0eff3c5906ca
SHA512 1e35e5bdff1d551da6c1220a1a228c657a56a70dedf5be2d9273fc540f9c9f0bb73469595309ea1ff561be7480ee92d16f7acbbd597136f4fc5f9b8b65ecdfad

C:\Windows\Logs\DirectX.log

MD5 9e5c0224b2de8738a3557920bf59ff55
SHA1 7b4ca9ccde218c0eabf18f54b6db9a45d44348be
SHA256 750b902f7d4e8d1dd2172abc28dcfe0e78b3b62d90447cc74550233d2ac792f1
SHA512 cbdb3c840c0de0ea4b92ae743baa384657d81ec7cae020968fec273c45137bea05975f027c10df51e52b3316449fe7615bfaca41e8b0f141addcff1274217412

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\apr2007_xinput_x86.inf

MD5 e188f534500688cec2e894d3533997b4
SHA1 f073f8515b94cb23b703ab5cdb3a5cfcc10b3333
SHA256 1c798cb80e9e46ce03356ea7316e1eff5d3a88ccdd7cbfbfcdce73cded23b4e5
SHA512 332ccb25c5ed92ae48c5805a330534d985d6b41f9220af0844d407b2019396fcefea7076b409439f5ab8a9ca6819b65c07ada7bd3aa1222429966dc5a440d4f7

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\apr2007_xinput_x64.inf

MD5 94563a3b9affb41d2bfd41a94b81e08d
SHA1 17cad981ef428e132aa1d571e0c77091e750e0dd
SHA256 0d6e1c0e961d878b319ac30d3439056883448dcf26774003b73920f3377ecac8
SHA512 53cac179d7e11c74772e7b9bd7dd94ffbc810cfc25e28326e4d0844f3f59fd10d9089b44a88358ac6dbd09fb8b456a0937778f78ecc442645764f693ccd620b8

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\FEB2010_X3DAudio_x86.inf

MD5 e84adf38d499ae39090ad60fd76d76e3
SHA1 6af4d58bc04aac2723e8b97649f1b35fb1aca84c
SHA256 d4da3e530982812d1e2a31570b80af541fac1b13c72997d2aad7ea3bfeaf4a4a
SHA512 6714992e7aee7bd0798fbec68f92c97ee502127580e21e1b6693ed6737312b44dbc9fd9ef579fe552590e9e5a4904df94e4116334265a34699a04aa76ab87c24

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\FEB2010_X3DAudio_x64.inf

MD5 49460e9297b0faab5a5d73e7aa2caa67
SHA1 a7e211f3d4ae808f67a798924c4d3314183df873
SHA256 68351f03f4ef83e4b8c359e3e130441081690a1866b838a1b35d64674ef3abbf
SHA512 92c4c0751e9123e1eb09da312bc44041d13262e26cefb807dcd1b354c5bd12c0d7197f1d3d457ddef89714b77ffe45db9c717332963c6daa507ae02a6d5fc941

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\JUN2010_d3dx9_43_x86.inf

MD5 a11deb327119b65bacce49735edc4605
SHA1 0be2d7fa6254b138aa53d9146cda8fedbba93764
SHA256 6b33d32da02f664092d44b05237990f825b4062c105a063badcf978648b5e95b
SHA512 b0134a3d6f2d576e5fafb601014ab66fef91d661013acc8a7a9129940369a1d9ed5c0f228bb1666a4e891f09b4b18e83f0cb2080047aa84fa45ab663e5739a31

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\JUN2010_d3dx9_43_x64.inf

MD5 ce097963fc345e9baa1c3b42f4bfa449
SHA1 e7624afc3a7718b02533b44edfe4f90d1afda62a
SHA256 272650a2d9b1cfea17021f4bf941b21f2206791e279070d4e906ce0ce56ac16f
SHA512 f3c4f00eebd9d465bc2415d59c417bca0f5a07c8e13880b28704f770763609a653d4b06f53d98325b66c2c7094895190900c47980f81463215e919f00966ee7b

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\JUN2010_d3dx10_43_x86.inf

MD5 53a24faee760e18821ef0960c767ab04
SHA1 4548db4234dbacbfb726784b907d08d953496ff9
SHA256 4d4263cbb11858c727824c4a071f992909675719be3076b4a47852bf6affd862
SHA512 8371471624f54db0aca3ea051235937fc28575c0f533b89f7d2204c776814d4cd09ee1a37b41163239885e878fb193133ad397fe3c18232ad3469626af2d2ed1

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\JUN2010_d3dx10_43_x64.inf

MD5 13c1907a2cd55e31b7d8fb03f48027ec
SHA1 ca37872b9372543f1dbe09b8aa4e0e211a8e2303
SHA256 a65f370a741d62c2be0ca588758d089dd976092cb910bb6b1b7d008741e18377
SHA512 545aaf268d141e2aae6800e095a1ae4eafe6bfe492d95dfe03789ccb245cc3ef3f50f43b10a41a3b0efdc7f8c63621b437323e133ba881f90a3b940095b80208

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\JUN2010_d3dx11_43_x86.inf

MD5 fb5d27c88b52dcbdbc226f66f0537573
SHA1 2cbf1012fbdcbbd17643f7466f986ecd3ce2688a
SHA256 3925c924eb4ec4f5a643b2d14d2eda603341fbbd22118cdd8ae04aaa96f443c0
SHA512 8aa2200f91eca91d7ee3221bc7c8f2a9c8d913a5d633aa00835d5fb243d9cb8afa60fe34a4c3daa0731a21914bc52266d05d6b80bfc30b2a255d7acdf0d18eb5

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\JUN2010_d3dx11_43_x64.inf

MD5 590fe1ea1837b4bfb80dc8cb09e7815f
SHA1 792b5b0521c34c6b723a379dd6b3acf82f8afb1f
SHA256 2c4cf75b76203cba6378693668c8c00b564871c8bfd7fbda01e1e841477b2a3b
SHA512 80bee8f1ad5bfaba6b3ac5a39302a1427dbaa5919d76c89b279dc753170ec443924eadf454746ce331a6682ee729ab79bd390a5d3b55db8d08fd6f4869101f53

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\JUN2010_d3dcsx_43_x86.inf

MD5 cf70b3dd13a8c636db00bd4332996d1a
SHA1 48dd8fc6fa3dae23cb6ca8113bc7ad837b4570d7
SHA256 d5200b332caf4fff25eb3d224527a3944878c5c3849512779a2afcfeae4c3ca1
SHA512 ae31a9e20743a2052deec5d696a555460a03d400720679ed103759241b25d55e2fbc247170da3c0c0891f32b131ab6a6845de56c2d3387ad233aa11db970b313

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\JUN2010_d3dcsx_43_x64.inf

MD5 e1f150f570b3fc5208f3020c815474c8
SHA1 7c75fc0cf3e3c4fd5045a94b624171d4e0d3b25c
SHA256 5289b5ad22146d7cc0c35cdb2c9662742693550de8f013d1ec40e944288d155a
SHA512 a53618ed6ebcd50ef074b320eb3ebd38af4770a82caa808e47cba6a81982ced46cf954a1c5a383f171006e727d8211b4fce54c9faf27b4c14a770a45a09037b8

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\JUN2010_D3DCompiler_43_x86.inf

MD5 1a86443fc4e07e0945904da7efe2149d
SHA1 37a6627dbf3b43aca104eb55f9f37e14947838ce
SHA256 5dd568919e1b3cbcb23ab21d0f2d6c1a065070848aba5d2a896da39e55c6cbbf
SHA512 c9faa6bb9485b1a0f8356df42c1efe1711a77efa566eee3eb0c8031ece10ffa045d35adb63e5e8b2f79f26bf3596c54c0bd23fea1642faae11baf2e97b73cf5e

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\JUN2010_D3DCompiler_43_x64.inf

MD5 6494a3b568760c8248b42d2b6e4df657
SHA1 700f27ee4c74e9b9914f80b067079e09ec7c6a7f
SHA256 3e779533a273e3395109c7efac13ba1c804c01b3ddb16938406fbdf90d851216
SHA512 2bf68b123d7823ad7182e132d9e55f8de7580229e8e1b3b40030da50bb9bdeaf67bb9727ce2171fa83b7f804c24d9728ffabb44cb5017b16b771bb19e62b1b42

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\JUN2010_XAudio_x86.inf

MD5 31d8732ac2f0a5c053b279adc025619f
SHA1 c8d6d2e88b13581b6638002e6f7f0c3a165fff3c
SHA256 d786d06a709d5dc26067132b9735fc317763fcf8064442d6f77f65012ba179da
SHA512 abc37922307f081a1ffdc956ce59598c19ad1939ecfb6ea3280aa6aa7a99c3eba5462731586ca262f7d7257d7d2a74ff57a45abf6b93521eb6f1c9f22f8eb244

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\JUN2010_XAudio_x64.inf

MD5 dd987135dcbe7f21c973077787b1f4f8
SHA1 ed8c2426c46c4516e37b5f9aac30549916360f7e
SHA256 1a0f1b929724f8b71d5ce922f19b9d539d2d804c89af947d5927b049ef0fd3d8
SHA512 f0469c94219b4df99d7b9b693161a736fa8eec88a3f6c7f2cf92fab2ade048dfe61fcde3a4cf4f7a2aaf841d079a46b17259dea22cfb02831983f55bd7f61899

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\dxupdate.dll

MD5 94202f25810812f72953938552255fb8
SHA1 c1e88f196935d8affc1783ccf8b8954d7f2bfb62
SHA256 6dcad858cc3ff78d58c1dae5e93caf7d8bacb4f2fcf9e71bccb250bf32c7f564
SHA512 65b66d07ef68e0d1e79f236a4800c857e991ee3ff80ece4cfdd0b5f6083ea16f8a52d351c3af721cb05c06394ec91b4b5e3cfa4b0f0879f7549f3e3ed035e79e

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\xinput1_3.dll

MD5 77f595dee5ffacea72b135b1fce1312e
SHA1 d2a710b332de3ef7a576e0aed27b0ae66892b7e9
SHA256 8d540d484ea41e374fd0107d55d253f87ded4ce780d515d8fd59bbe8c98970a7
SHA512 a8683050d7758c248052c11ac6a46c9a0b3b3773902cca478c1961b6d9d2d57c75a8c925ba5af4499989c0f44b34eaf57abafafa26506c31e5e4769fb3439746

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\X3DAudio1_7.dll

MD5 c811e70c8804cfff719038250a43b464
SHA1 ec48da45888ccea388da1425d5322f5ee9285282
SHA256 288c701bdedf1d45c63dd0b7d424a752f8819f90feb5088c582f76bc98970ba3
SHA512 09f2f4d412485ef69aceacc90637c90fad25874f534433811c5ed88225285559db1d981a3ab7bc3a20336e96fb43b4801b4b48a3668c64c21436ee3ea3c32f45

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\d3dx9_43.dll

MD5 86e39e9161c3d930d93822f1563c280d
SHA1 f5944df4142983714a6d9955e6e393d9876c1e11
SHA256 0b28546be22c71834501f7d7185ede5d79742457331c7ee09efc14490dd64f5f
SHA512 0a3e311c4fd5c2194a8807469e47156af35502e10aeb8a3f64a01ff802cd8669c7e668cc87b593b182fd830a126d002b5d5d7b6c77991158bffdb0b5b997f6b3

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\d3dx10_43.dll

MD5 20c835843fcec4dedfcd7bffa3b91641
SHA1 5dd1d5b42a0b58d708d112694394a9a23691c283
SHA256 56fcd13650fd1f075743154e8c48465dd68a236ab8960667d75373139d2631bf
SHA512 561eb2bb3a7e562bab0de6372e824f65b310d96d840cdaa3c391969018af6afba225665d07139fc938dcff03f4f8dae7f19de61c9a0eae7c658a32800dc9d123

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\d3dx11_43.dll

MD5 8e0bb968ff41d80e5f2c747c04db79ae
SHA1 69b332d78020177a9b3f60cb672ec47578003c0d
SHA256 492e960cb3ccfc8c25fc83f7c464ba77c86a20411347a1a9b3e5d3e8c9180a8d
SHA512 7d71cb5411f239696e77fe57a272c675fe15d32456ce7befb0c2cf3fc567dce5d38a45f4b004577e3dec283904f42ae17a290105d8ab8ef6b70bad4e15c9d506

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\infinst.exe

MD5 a7ba8b723b327985ded1152113970819
SHA1 50be557a29f3d2d7300b71ab0ed4831669edd848
SHA256 8c62fe8466d9a24a0f1924de37b05d672a826454804086cddc7ed87c020e67ff
SHA512 60702f08fb621bf256b1032e572a842a141cf4219b22f98b27cb1da058b19b44cc37fb8386019463a7469961ca71f48a3347aaf1c74c3636e38d2aea3bca9967

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\d3dcsx_43.dll

MD5 83eba442f07aab8d6375d2eec945c46c
SHA1 c29c20da6bb30be7d9dda40241ca48f069123bd9
SHA256 b46a44b6fce8f141c9e02798645db2ee0da5c69ea71195e29f83a91a355fa2ca
SHA512 288906c8aa8eb4d62440fe84deaa25e7f362dc3644dafc1227e45a71f6d915acf885314531db4757a9bf2e6cb12eaf43b54e9ff0f6a7e3239cabb697b07c25ea

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\D3DCompiler_43.dll

MD5 1c9b45e87528b8bb8cfa884ea0099a85
SHA1 98be17e1d324790a5b206e1ea1cc4e64fbe21240
SHA256 2f23182ec6f4889397ac4bf03d62536136c5bdba825c7d2c4ef08c827f3a8a1c
SHA512 b76d780810e8617b80331b4ad56e9c753652af2e55b66795f7a7d67d6afcec5ef00d120d9b2c64126309076d8169239a721ae8b34784b639b3a3e2bf50d6ee34

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\XAPOFX1_5.dll

MD5 8a4cebf34370d689e198e6673c1f2c40
SHA1 b7e3d60f62d8655a68e2faf26c0c04394c214f20
SHA256 becfdcd6b16523573cb52df87aa7d993f1b345ba903d0618c3b36535c3800197
SHA512 d612e2d8a164408ab2d6b962f1b6d3531aed8a0b1aba73291fa5155a6022d078b353512fb3f6fff97ee369918b1802a6103b31316b03db4fa3010b1bf31f35fb

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\XAudio2_7.dll

MD5 81dfddfb401d663ba7e6ad1c80364216
SHA1 c32d682767df128cd8e819cb5571ed89ab734961
SHA256 d1690b602cb317f7f1e1e13e3fc5819ad8b5b38a92d812078afb1b408ccc4b69
SHA512 7267db764f23ad67e9f171cf07ff919c70681f3bf365331ae29d979164392c6bc6723441b04b98ab99c7724274b270557e75b814fb12c421188fb164b8ca837c

C:\Users\Admin\AppData\Local\Temp\DX5A05.tmp\dxdllreg_x86.inf

MD5 8272579b6d88f2ee435aeea19ec7603d
SHA1 6d141721b4b3a50612b4068670d9d10c1a08b4ac
SHA256 54e098294ef0ad3b14b9c77642838b5992fe4573099d8397a1ef566d9e36da40
SHA512 9f1311803db1607e079b037f49d8643daa43b59ce6eafb173b18d5a40239a5515091c92b244ffe9cfef2da20530fb15deb6cf5937633b434c3262e765d5a3b21

C:\Config.Msi\e5e2e57.rbs

MD5 d969d554751b0038a8b09b98fafe4b5c
SHA1 a43e298fd5f0beb9794416ec397e321e31df551d
SHA256 a981f298163bb2b84f4b57afd2570b570bd63cf371436b886a17f6c73a155ca9
SHA512 f4980340570868c254b39a1ece9ecebaaaf3d9a875bb9faedb3953e486b99ef4d882ec585b40125e6f9c5d9153fbd68b9266e5d992e3519054dd6196257a238d

memory/4876-5397-0x000001FB31EE0000-0x000001FB31EE1000-memory.dmp

memory/4876-5398-0x000001FB31EE0000-0x000001FB31EE1000-memory.dmp

memory/4876-5399-0x000001FB31EE0000-0x000001FB31EE1000-memory.dmp

memory/4876-5404-0x000001FB31EE0000-0x000001FB31EE1000-memory.dmp

memory/4876-5406-0x000001FB31EE0000-0x000001FB31EE1000-memory.dmp

memory/4876-5409-0x000001FB31EE0000-0x000001FB31EE1000-memory.dmp

memory/4876-5408-0x000001FB31EE0000-0x000001FB31EE1000-memory.dmp

memory/4876-5407-0x000001FB31EE0000-0x000001FB31EE1000-memory.dmp

memory/4876-5405-0x000001FB31EE0000-0x000001FB31EE1000-memory.dmp

memory/4876-5403-0x000001FB31EE0000-0x000001FB31EE1000-memory.dmp

C:\Users\Admin\AppData\Local\D3DSCache\7fd41981923887d3\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

memory/3680-5430-0x0000023B2BBB0000-0x0000023B2BBB1000-memory.dmp

memory/3680-5429-0x0000023B2BBB0000-0x0000023B2BBB1000-memory.dmp

memory/3680-5428-0x0000023B2BBB0000-0x0000023B2BBB1000-memory.dmp

memory/3680-5436-0x0000023B2BBB0000-0x0000023B2BBB1000-memory.dmp

memory/3680-5437-0x0000023B2BBB0000-0x0000023B2BBB1000-memory.dmp

memory/3680-5435-0x0000023B2BBB0000-0x0000023B2BBB1000-memory.dmp

memory/3680-5434-0x0000023B2BBB0000-0x0000023B2BBB1000-memory.dmp

memory/3680-5433-0x0000023B2BBB0000-0x0000023B2BBB1000-memory.dmp

memory/3680-5432-0x0000023B2BBB0000-0x0000023B2BBB1000-memory.dmp

C:\Users\Admin\AppData\Local\LockdownProtocol\Saved\Config\Windows\GameUserSettings.ini

MD5 81051bcc2cf1bedf378224b0a93e2877
SHA1 ba8ab5a0280b953aa97435ff8946cbcbb2755a27
SHA256 7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6
SHA512 1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d

memory/744-5459-0x000001EC60410000-0x000001EC60411000-memory.dmp

memory/744-5458-0x000001EC60410000-0x000001EC60411000-memory.dmp

memory/744-5457-0x000001EC60410000-0x000001EC60411000-memory.dmp

memory/744-5465-0x000001EC60410000-0x000001EC60411000-memory.dmp

memory/744-5466-0x000001EC60410000-0x000001EC60411000-memory.dmp

memory/744-5464-0x000001EC60410000-0x000001EC60411000-memory.dmp

memory/744-5463-0x000001EC60410000-0x000001EC60411000-memory.dmp

memory/744-5462-0x000001EC60410000-0x000001EC60411000-memory.dmp

memory/744-5461-0x000001EC60410000-0x000001EC60411000-memory.dmp

C:\Users\Admin\AppData\Local\LockdownProtocol\Saved\Config\CrashReportClient\UECC-Windows-AE62EE194F0E7A4499BD658A499DBA1D\CrashReportClient.ini

MD5 13f8815c6c6582cd5630bac6df8d1e7c
SHA1 fa7a70e0f89672e34f6dce3d55068cebc01f50db
SHA256 ffd2f515d5b546c4d9f3a65c58af871cfe2c11812ae3cbd7a5b3a15718906b65
SHA512 293a0f6ff5eaf11bce4d718b3e79c749364da0cf4914d7e1dbe3ff60c807a1b1355f46b876bafb92556c33f3097d423a345d58de4dd4ad3365d46a0efede3b86

C:\Users\Admin\AppData\Local\LockdownProtocol\Saved\Config\Windows\Engine.ini

MD5 ec5eb9751aff2d14660a4c91b4d843a4
SHA1 ba00d12cc3b021467505acc88d3ae804a16220d4
SHA256 1cae3bf3f45ac5d59a4e4dff43363ba93e8e3a26dda82fb5c2b046744191dcd7
SHA512 ac518edbbb12c1cdd4148835db1fb8ba7682ffe631f2cc3d64d2b19fdf44c9dbdeffb8e52946fee28f90c338c8de3d76b211509de937329427c00f852f36c2d9