Malware Analysis Report

2024-11-13 19:18

Sample ID 241109-abss1ssgnm
Target https://gridinsoft.com/antimalware
Tags
ffdroider bootkit discovery evasion execution motw persistence phishing privilege_escalation spyware stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://gridinsoft.com/antimalware was found to be: Known bad.

Malicious Activity Summary

ffdroider bootkit discovery evasion execution motw persistence phishing privilege_escalation spyware stealer trojan upx

Ffdroider family

FFDroider

Downloads MZ/PE file

Command and Scripting Interpreter: PowerShell

Drops file in Drivers directory

Reads user/profile data of local email clients

Loads dropped DLL

Modifies system executable filetype association

Checks computer location settings

Executes dropped EXE

Event Triggered Execution: Component Object Model Hijacking

Reads user/profile data of web browsers

A potential corporate email address has been identified in the URL: %./2678@CDFRabcdefghilmnoprstuvwy

Checks installed software on the system

Checks whether UAC is enabled

Writes to the Master Boot Record (MBR)

Adds Run key to start application

Enumerates connected drives

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Suspicious use of SetThreadContext

Suspicious use of NtSetInformationThreadHideFromDebugger

UPX packed file

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Browser Information Discovery

Event Triggered Execution: Netsh Helper DLL

System Location Discovery: System Language Discovery

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Suspicious behavior: LoadsDriver

Suspicious behavior: MapViewOfSection

Runs regedit.exe

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Modifies system certificate store

Modifies registry class

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Checks processor information in registry

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-09 00:02

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-09 00:02

Reported

2024-11-09 00:27

Platform

win10v2004-20241007-en

Max time kernel

1463s

Max time network

1501s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gridinsoft.com/antimalware

Signatures

FFDroider

stealer ffdroider

Ffdroider family

ffdroider

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\DRIVERS\gtkdrv.sys C:\Windows\system32\RUNDLL32.EXE N/A
File created C:\Windows\system32\DRIVERS\SET24A3.tmp C:\Windows\system32\RUNDLL32.EXE N/A
File opened for modification C:\Windows\system32\DRIVERS\gsInetSecurity.sys C:\Windows\system32\RUNDLL32.EXE N/A
File opened for modification C:\Windows\system32\DRIVERS\SET3880.tmp C:\Windows\system32\RUNDLL32.EXE N/A
File opened for modification C:\Windows\system32\DRIVERS\gtkdrv.sys C:\Windows\system32\RUNDLL32.EXE N/A
File opened for modification C:\Windows\system32\DRIVERS\SET2109.tmp C:\Windows\system32\RUNDLL32.EXE N/A
File created C:\Windows\system32\DRIVERS\SET2109.tmp C:\Windows\system32\RUNDLL32.EXE N/A
File opened for modification C:\Windows\system32\DRIVERS\SET24A3.tmp C:\Windows\system32\RUNDLL32.EXE N/A
File opened for modification C:\Windows\system32\DRIVERS\GSDriver64.sys C:\Windows\system32\RUNDLL32.EXE N/A
File opened for modification C:\Windows\System32\drivers\GSDriver64.sys C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\DRIVERS\SET3880.tmp C:\Windows\system32\RUNDLL32.EXE N/A
File opened for modification C:\Windows\system32\DRIVERS\gsInetSecurity.sys C:\Windows\system32\RUNDLL32.EXE N/A

A potential corporate email address has been identified in the URL: %./2678@CDFRabcdefghilmnoprstuvwy

phishing

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\gsam-en-install.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\gsam-en-install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\devcon64.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\devcon64.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\devcon64.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\devcon64.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\devcon64.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\devcon64.exe N/A
N/A N/A C:\Users\Admin\Downloads\Kerish_PC_Doctor_4.95.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\ProgramData\Kerish Products\Kerish Doctor\Database\KerishHardMon.exe N/A
N/A N/A C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\danc\FVKENGIMJOJFWB\nc.exe N/A
N/A N/A C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\danc\FVKENGIMJOJFWB\nc.exe N/A
N/A N/A \??\c:\program files (x86)\kerish pc doctor\kerishdoctor.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
N/A N/A C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
N/A N/A C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
N/A N/A C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
N/A N/A C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
N/A N/A C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
N/A N/A C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp N/A
N/A N/A C:\ProgramData\Kerish Products\Kerish Doctor\Database\KerishHardMon.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AutoIt3.exe N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\KDAppInfo\Icon = "c:\\program files (x86)\\kerish pc doctor\\kerishdoctor.exe,3" C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\KDAppInfo\command C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\KDAppInfo\command\ = "c:\\program files (x86)\\kerish pc doctor\\kerishdoctor.exe AppInfo=1 %L" C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\KDAppInfo C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\KDAppInfo\MUIVerb = "Application Detailed Information" C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A

Reads user/profile data of local email clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" C:\Windows\system32\RUNDLL32.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" C:\Windows\system32\RUNDLL32.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" C:\Windows\system32\RUNDLL32.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" C:\Windows\system32\RUNDLL32.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" C:\Windows\system32\RUNDLL32.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" C:\Windows\system32\RUNDLL32.EXE N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\r: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\l: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\x: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\q: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\h: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\o: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\e: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\r: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\a: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\v: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\b: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\g: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\u: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\q: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\i: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\n: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\u: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\w: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\a: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\b: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\m: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\m: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\o: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\x: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\t: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\u: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\i: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\m: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\q: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\x: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\a: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\b: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\i: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\z: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\a: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\k: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\v: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\g: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\n: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\s: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\t: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\n: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\t: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\q: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\p: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\b: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\s: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\b: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\h: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\n: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\z: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\k: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\u: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\p: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\v: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\r: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\g: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\o: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\j: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\z: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\e: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\o: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\s: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened (read-only) \??\v: C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\ProgramData\Kerish Products\Kerish Doctor\Database\KerishHardMon.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened for modification C:\Windows\System32\kernel32.pdb C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{87316085-fac6-9843-8170-23a8668df74c}\SET3350.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{87316085-fac6-9843-8170-23a8668df74c}\SET3360.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{87316085-fac6-9843-8170-23a8668df74c}\GSDriver.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{87316085-fac6-9843-8170-23a8668df74c}\SET3361.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\msvbvm60.dll C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp N/A
File opened for modification C:\Windows\SysWOW64\asycfilt.dll C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp N/A
File opened for modification C:\Windows\SysWOW64\olepro32.dll C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp N/A
File created C:\Windows\SysWOW64\GPUTemp.dll C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{87316085-fac6-9843-8170-23a8668df74c}\GSDriver.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{87316085-fac6-9843-8170-23a8668df74c}\SET3361.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{87316085-fac6-9843-8170-23a8668df74c}\GSDriver64.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SYSTEM32\ntdll.pdb C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\gsdriver.inf_amd64_962c12b9239e9729\GSDriver64.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\gsdriver.inf_amd64_962c12b9239e9729\GSDriver.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\oleaut32.dll C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp N/A
File created C:\Windows\system32\GPUTemp.dll C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\gsdriver.inf_amd64_962c12b9239e9729\GSDriver64.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\comcat.dll C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp N/A
File created C:\Windows\System32\DriverStore\Temp\{87316085-fac6-9843-8170-23a8668df74c}\SET3350.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{87316085-fac6-9843-8170-23a8668df74c}\SET3360.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\gsdriver.inf_amd64_962c12b9239e9729\GSDriver.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{87316085-fac6-9843-8170-23a8668df74c} C:\Windows\system32\DrvInst.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A \??\c:\program files (x86)\kerish pc doctor\kerishdoctor.exe N/A
N/A N/A \??\c:\program files (x86)\kerish pc doctor\kerishdoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Kerish PC Doctor\EULA\is-TPUSM.tmp C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp N/A
File created C:\Program Files\GridinSoft Anti-Malware\gsInetSecurity.dll C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
File opened for modification C:\Program Files\GridinSoft Anti-Malware\Driver\gsInetSecurity.inf C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
File created C:\Program Files\GridinSoft Anti-Malware\tmpCD45.tmp C:\Windows\SYSTEM32\cmd.exe N/A
File opened for modification C:\Program Files\GridinSoft Anti-Malware\NSS\nspr4.dll C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
File created C:\Program Files\GridinSoft Anti-Malware\Driver\gtkdrv.sys C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
File opened for modification C:\Program Files\GridinSoft Anti-Malware\tkcon.exe C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
File opened for modification C:\Program Files\GridinSoft Anti-Malware\offreg.dll C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
File opened for modification C:\Program Files\GridinSoft Anti-Malware\ssleay32.dll C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
File created C:\Program Files\GridinSoft Anti-Malware\Languages\korean.lng C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
File opened for modification C:\Program Files\GridinSoft Anti-Malware\libeay32.dll C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
File created C:\Program Files (x86)\Kerish PC Doctor\Uninstall\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp N/A
File opened for modification C:\Program Files\GridinSoft Anti-Malware\Languages\danish.lng C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
File created C:\Program Files (x86)\Kerish PC Doctor\EULA\is-752IA.tmp C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp N/A
File opened for modification C:\Program Files\GridinSoft Anti-Malware\shellext.dll C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
File opened for modification C:\Program Files\GridinSoft Anti-Malware\NSS\libplc4.dll C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
File opened for modification C:\Program Files\GridinSoft Anti-Malware\Languages\chinese (Simplified).lng C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
File created C:\Program Files\GridinSoft Anti-Malware\Languages\croatian.lng C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
File opened for modification C:\Program Files\GridinSoft Anti-Malware\NSS\nss3.dll C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
File created C:\Program Files\GridinSoft Anti-Malware\tmp13D5.tmp C:\Windows\SYSTEM32\cmd.exe N/A
File created C:\Program Files (x86)\Kerish PC Doctor\Uninstall\is-AQLL0.tmp C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp N/A
File created C:\Program Files\GridinSoft Anti-Malware\gsam.exe C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
File created C:\Program Files\GridinSoft Anti-Malware\NSS\libnspr4.dll C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
File created C:\Program Files\GridinSoft Anti-Malware\NSS\nssckbi.dll C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
File created C:\Program Files\GridinSoft Anti-Malware\tkcon.exe C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
File opened for modification C:\Program Files\GridinSoft Anti-Malware\libmem.dll C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
File created C:\Program Files (x86)\Kerish PC Doctor\is-THVU3.tmp C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp N/A
File created C:\Program Files\GridinSoft Anti-Malware\Languages\english.lng C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
File created C:\Program Files\GridinSoft Anti-Malware\Languages\vietnamese.lng C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
File opened for modification C:\Program Files\GridinSoft Anti-Malware\gsInetSecurity.dll C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
File opened for modification C:\Program Files\GridinSoft Anti-Malware\whatsnew.dat C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
File opened for modification C:\Program Files\GridinSoft Anti-Malware\Languages\thai.lng C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
File created C:\Program Files\GridinSoft Anti-Malware\sqlite3.dll C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
File created C:\Program Files\GridinSoft Anti-Malware\NSS\certutil.exe C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
File created C:\Program Files\GridinSoft Anti-Malware\NSS\libplc4.dll C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
File created C:\Program Files (x86)\Kerish PC Doctor\is-TFAS5.tmp C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp N/A
File created C:\Program Files (x86)\Kerish PC Doctor\Help\is-FFGMU.tmp C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp N/A
File opened for modification C:\Program Files (x86)\Kerish PC Doctor C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
File created C:\Program Files\GridinSoft Anti-Malware\NSS\softokn3.dll C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
File created C:\Program Files\GridinSoft Anti-Malware\Languages\serbian.lng C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
File opened for modification C:\Program Files\GridinSoft Anti-Malware\whatsnew.dat C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
File created C:\Program Files\GridinSoft Anti-Malware\Driver\gsInetSecurity.inf C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
File opened for modification C:\Program Files\GridinSoft Anti-Malware\Languages\slovenian.lng C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
File created C:\Program Files\GridinSoft Anti-Malware\Languages\dutch.lng C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
File created C:\Program Files\GridinSoft Anti-Malware\Languages\german.lng C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
File created C:\Program Files\GridinSoft Anti-Malware\Driver\GSDriver.inf C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
File opened for modification C:\Program Files\GridinSoft Anti-Malware\NSS\smime3.dll C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
File opened for modification C:\Program Files\GridinSoft Anti-Malware\Languages\dutch.lng C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
File created C:\Program Files (x86)\Kerish PC Doctor\is-M9244.tmp C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp N/A
File created C:\Program Files\GridinSoft Anti-Malware\libmem.dll C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
File created C:\Program Files\GridinSoft Anti-Malware\Languages\slovenian.lng C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
File opened for modification C:\Program Files\GridinSoft Anti-Malware\gtkmgmt.dll C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
File opened for modification C:\Program Files\GridinSoft Anti-Malware\NSS\softokn3.dll C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
File opened for modification C:\Program Files\GridinSoft Anti-Malware\Languages\hebrew.lng C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
File created C:\Program Files (x86)\Kerish PC Doctor\EULA\is-QCPIO.tmp C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp N/A
File created C:\Program Files\GridinSoft Anti-Malware\NSS\nss3.dll C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
File created C:\Program Files\GridinSoft Anti-Malware\Languages\latvian.lng C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
File opened for modification C:\Program Files\GridinSoft Anti-Malware\NSS\mozcrt19.dll C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
File created C:\Program Files\GridinSoft Anti-Malware\devcon64.exe C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
File opened for modification C:\Program Files\GridinSoft Anti-Malware\Languages\ukrainian.lng C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
File created C:\Program Files\GridinSoft Anti-Malware\tmp1462.tmp C:\Windows\SYSTEM32\cmd.exe N/A
File created C:\Program Files\GridinSoft Anti-Malware\ssleay32.dll C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
File created C:\Program Files\GridinSoft Anti-Malware\Languages\azerbaijani.lng C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
File opened for modification C:\Program Files\GridinSoft Anti-Malware\uninst.exe C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\RUNDLL32.EXE N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\regedit.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\regedit.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Kerish_PC_Doctor_4.95.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Kerish Products\Kerish Doctor\Database\KerishHardMon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\more.com N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\program files (x86)\kerish pc doctor\kerishdoctor.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\more.com N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\gsam-en-install.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\AutoIt3.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\ProgramData\Kerish Products\Kerish Doctor\Database\KerishHardMon.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\ProgramData\Kerish Products\Kerish Doctor\Database\KerishHardMon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\gsam-en-install.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\ProgramData\Kerish Products\Kerish Doctor\Database\KerishHardMon.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\ProgramData\Kerish Products\Kerish Doctor\Database\KerishHardMon.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\gsam-en-install.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{ADB880A6-D8FF-11CF-9377-00AA003B7A11} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\AlternateCLSID = "{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8}\AlternateCLSID = "{52A2AAAE-085D-4187-97EA-8C30DB990436}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133755841723247133" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{41A7D760-6018-11CF-9016-00AA0068841E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00020411-0000-0000-C000-000000000046}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A4C466B8-499F-101B-BB78-00AA00383CBB}\TypeLib\ = "{000204EF-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB41E8C2-4442-11D1-8906-00A0C9110049}\ = "_DDataSourceClass" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{52A2AAAE-085D-4187-97EA-8C30DB990436}\ToolboxBitmap32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F77F27A6-89F3-471A-AFA8-3B280940A10C}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7500A6BA-EB65-11D1-938D-0000F87557C9}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB41E8C2-4442-11D1-8906-00A0C9110049}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\CLSID C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BD1AE5E0-A6AE-11CE-BD37-504200C10000} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2CE46480-1A08-11CF-AD63-00AA00614F3E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{83C49FF0-B294-11D0-9488-00A0C91110ED}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ADB880A4-D8FF-11CF-9377-00AA003B7A11}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\KDAppInfo\command C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F77F27A6-89F3-471A-AFA8-3B280940A10C}\ProgID\ = "shellext.Gridinsoft Anti-Malware" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B28FA150-0FF0-11CF-A911-00AA0062BB4C}\ = "AmbientProperties" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{37D84F60-42CB-11CE-8135-00AA004BB851} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\HHCtrl.SystemSort.666 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CBB76011-C508-11D1-A3E3-00A0C90AEA82}\TypeLib\ = "{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3AF24290-0C96-11CE-A0CF-00AA00600AB8} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1C2056CC-5EF4-101B-8BC8-00AA003E3B29}\ProxyStubClsid32\ = "{B196B286-BAB4-101A-B69C-00AA00341D07}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Internet.HHCtrl.1\CLSID C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\KDAppInfo C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Gridinsoft Anti-Malware\ = "{F77F27A6-89F3-471A-AFA8-3B280940A10C}" C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\FOLDER\SHELLEX\CONTEXTMENUHANDLERS\GRIDINSOFT ANTI-MALWARE C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4D651F1-7697-11D1-A1E9-00A0C90F2731}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CBB76011-C508-11D1-A3E3-00A0C90AEA82}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B28FA150-0FF0-11CF-A911-00AA0062BB4C}\TypeLib\ = "{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{888A5A60-B283-11CF-8AD5-00A0C90AEA82}\ = "Hyperlink" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1C2056CC-5EF4-101B-8BC8-00AA003E3B29}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Internet.HHCtrl\CLSID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4D651F2-7697-11D1-A1E9-00A0C90F2731}\TypeLib\Version = "6.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\StdFont C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020425-0000-0000-C000-000000000046} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{894AD3B0-EF97-11CE-9BC9-00AA00608E01}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4D651F0-7697-11D1-A1E9-00A0C90F2731} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8284B8A2-A8A8-11D1-A3D2-00A0C90AEA82}\TypeLib\Version = "6.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B196B284-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{922EADA0-3424-11CF-B670-00AA004CD6D8}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{45046D60-08CA-11CF-A90F-00AA0062BB4C}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BE8F9800-2AAA-11CF-AD67-00AA00614F3E}\TypeLib\Version = "6.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{737361EC-467F-11D1-810F-0000F87557AA}\TypeLib\Version = "6.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ADB880A4-D8FF-11CF-9377-00AA003B7A11} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\KDEmptyFolders\command C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\shellext.Gridinsoft Anti-Malware\Clsid C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{41A7D761-6018-11CF-9016-00AA0068841E}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7FD52380-4E07-101B-AE2D-08002B2EC713}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3AF24292-0C96-11CE-A0CF-00AA00600AB8}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A4C466B8-499F-101B-BB78-00AA00383CBB}\ = "_ErrObject" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB41E8C2-4442-11D1-8906-00A0C9110049}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{737361EC-467F-11D1-810F-0000F87557AA}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B196B289-BAB4-101A-B69C-00AA00341D07}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\KDDuplicates\Icon = "c:\\program files (x86)\\kerish pc doctor\\kerishdoctor.exe,19" C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4D651F0-7697-11D1-A1E9-00A0C90F2731}\ = "EventParameter" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E43FD401-8715-11D1-98E7-00A0C9702442}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shell\KDDefragDrive\command\ = "c:\\program files (x86)\\kerish pc doctor\\kerishdoctor.exe DefragDrive=1" C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shell\KDDefragDrive\Icon = "c:\\program files (x86)\\kerish pc doctor\\kerishdoctor.exe,14" C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Gridinsoft Anti-Malware\ = "{F77F27A6-89F3-471A-AFA8-3B280940A10C}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4495AD01-C993-11D1-A3E4-00A0C90AEA82} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ADB880A4-D8FF-11CF-9377-00AA003B7A11}\ProgID C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\KDUnlocker C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A

Runs regedit.exe

Description Indicator Process Target
N/A N/A C:\Windows\regedit.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
N/A N/A C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
N/A N/A C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
N/A N/A C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
N/A N/A C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
N/A N/A C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
N/A N/A C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
N/A N/A C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
N/A N/A C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
N/A N/A C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\gsam-en-install.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\gsam-en-install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\gsam.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\devcon64.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\devcon64.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\devcon64.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\devcon64.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\devcon64.exe N/A
N/A N/A C:\Program Files\GridinSoft Anti-Malware\devcon64.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe N/A
N/A N/A \??\c:\program files (x86)\kerish pc doctor\kerishdoctor.exe N/A
N/A N/A \??\c:\program files (x86)\kerish pc doctor\kerishdoctor.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3324 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 1008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 1008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3324 wrote to memory of 3804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gridinsoft.com/antimalware

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd8759cc40,0x7ffd8759cc4c,0x7ffd8759cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1880 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2168 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2396 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4508,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4516 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4316,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4776 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5292,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5308 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5284,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5328 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5016,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4944 /prefetch:8

C:\Users\Admin\Downloads\gsam-en-install.exe

"C:\Users\Admin\Downloads\gsam-en-install.exe"

C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d

C:\Users\Admin\AppData\Local\Temp\sE5JQHwJ.H7d /S /I /D=C:\Program Files\GridinSoft Anti-Malware\

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s /u "C:\Program Files\GridinSoft Anti-Malware\shellext.dll"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -executionpolicy bypass -noprofile -command "Add-MpPreference -ControlledFolderAccessAllowedApplications ""C:\Program Files\GridinSoft Anti-Malware\gsam.exe"""

C:\Program Files\GridinSoft Anti-Malware\gsam.exe

"C:\Program Files\GridinSoft Anti-Malware\gsam.exe" -add-shortcut

C:\Windows\system32\RUNDLL32.EXE

C:\Windows\system32\RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultUninstall 128 C:\Program Files\GridinSoft Anti-Malware\Driver\GSDriver.inf

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\system32\RUNDLL32.EXE

C:\Windows\system32\RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultInstall 132 C:\Program Files\GridinSoft Anti-Malware\Driver\GSDriver.inf

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{6b2cc103-ab24-1242-a86d-ea5538e681fe}\GSDriver.inf" "9" "47dc9dfe7" "0000000000000148" "WinSta0\Default" "0000000000000160" "208" "C:\Program Files\GridinSoft Anti-Malware\Driver"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\gsdriver.inf_amd64_962c12b9239e9729\gsdriver.inf" "0" "47dc9dfe7" "0000000000000160" "WinSta0\Default"

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\system32\RUNDLL32.EXE

C:\Windows\system32\RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultInstall 132 C:\Program Files\GridinSoft Anti-Malware\Driver\gsInetSecurity.inf

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\GridinSoft Anti-Malware\shellext.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files\GridinSoft Anti-Malware\shellext.dll"

C:\Program Files\GridinSoft Anti-Malware\gsam.exe

"C:\Program Files\GridinSoft Anti-Malware\gsam.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3844,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=736 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5632,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5332 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5720,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5724 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5732,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5772 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5728,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5892 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5988,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6164 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4616,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3452 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5856,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6100 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5484,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=736 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6468,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1080 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6484,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6496 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6580,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6008,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6756 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6764,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3676 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6892,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5928 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7108,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7120 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7156,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7252 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7280,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7272 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7512,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7520 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7528,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7652 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7804,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7796 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=6116,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8016 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=8212,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7792 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=8332,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8356 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=8208,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8488 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=8524,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8536 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=8812,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8660 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=8784,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8852 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=8796,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9092 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=8236,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9232 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=9544,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9556 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=9048,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8816 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=9552,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4960 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=5288,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5412 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=8652,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8560 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=7124,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6984 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=7204,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7652 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=7184,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6684 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=9080,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9172 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=4900,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8888 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=8944,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6520 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=7596,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8884 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=8120,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8136 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=7852,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7508 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=7800,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8244 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=7212,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7460 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=7452,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7472 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=6524,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7252 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=8460,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9660 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=6532,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8276 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=9668,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8188 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=8404,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8416 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=6864,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4400 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=9372,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9364 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9836,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9828 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=9824,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9504 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=8744,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8736 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=8848,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8412 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=7964,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9280 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=5364,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://help.gridinsoft.com/am/on-run-protection/?lang=ENGLISH

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd8f3a46f8,0x7ffd8f3a4708,0x7ffd8f3a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,11838943639754456638,6735752421254365885,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,11838943639754456638,6735752421254365885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,11838943639754456638,6735752421254365885,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11838943639754456638,6735752421254365885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11838943639754456638,6735752421254365885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,11838943639754456638,6735752421254365885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,11838943639754456638,6735752421254365885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11838943639754456638,6735752421254365885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11838943639754456638,6735752421254365885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11838943639754456638,6735752421254365885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11838943639754456638,6735752421254365885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=9332,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9864 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5584,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8472 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6828,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9564 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6440,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6820 /prefetch:8

C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe

"C:\Users\Admin\Downloads\GridinSoft Anti-Malware-4.1.65.exe"

C:\Program Files\GridinSoft Anti-Malware\gsam.exe

"C:\Program Files\GridinSoft Anti-Malware\gsam.exe" -reinstall

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s /u "C:\Program Files\GridinSoft Anti-Malware\shellext.dll"

C:\Windows\system32\regsvr32.exe

/s /u "C:\Program Files\GridinSoft Anti-Malware\shellext.dll"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -executionpolicy bypass -noprofile -command "Add-MpPreference -ControlledFolderAccessAllowedApplications ""C:\Program Files\GridinSoft Anti-Malware\gsam.exe"""

C:\Program Files\GridinSoft Anti-Malware\gsam.exe

"C:\Program Files\GridinSoft Anti-Malware\gsam.exe" -add-shortcut

C:\Windows\system32\RUNDLL32.EXE

C:\Windows\system32\RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultUninstall 128 C:\Program Files\GridinSoft Anti-Malware\Driver\gtkdrv.inf

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\system32\RUNDLL32.EXE

C:\Windows\system32\RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultInstall 132 C:\Program Files\GridinSoft Anti-Malware\Driver\gtkdrv.inf

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\system32\RUNDLL32.EXE

C:\Windows\system32\RUNDLL32.EXE SETUPAPI.DLL,InstallHinfSection DefaultInstall 132 C:\Program Files\GridinSoft Anti-Malware\Driver\gsInetSecurity.inf

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\GridinSoft Anti-Malware\shellext.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files\GridinSoft Anti-Malware\shellext.dll"

C:\Program Files\GridinSoft Anti-Malware\gsam.exe

"C:\Program Files\GridinSoft Anti-Malware\gsam.exe" -foreground

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=7552,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6772 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=7420,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7508 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=7320,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6584 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=7956,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8824 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=5964,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6488 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=7768,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7836 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=6908,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7680 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --field-trial-handle=7520,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8836 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --field-trial-handle=7272,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8056 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --field-trial-handle=6708,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6916 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --field-trial-handle=7424,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9168 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=8312,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9220 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=7516,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6996 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --field-trial-handle=7220,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8288 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --field-trial-handle=5504,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9040 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --field-trial-handle=6312,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10236 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --field-trial-handle=6324,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7736 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --field-trial-handle=6336,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7496 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --field-trial-handle=7316,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6388 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --field-trial-handle=5984,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6696 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --field-trial-handle=10268,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9064 /prefetch:1

C:\Windows\SYSTEM32\cmd.exe

cmd.exe /c "C:\Program Files\GridinSoft Anti-Malware\devcon64.exe" find =camera >tmp2A1C.tmp

C:\Program Files\GridinSoft Anti-Malware\devcon64.exe

"C:\Program Files\GridinSoft Anti-Malware\devcon64.exe" find =camera

C:\Windows\SYSTEM32\cmd.exe

cmd.exe /c "C:\Program Files\GridinSoft Anti-Malware\devcon64.exe" find =image >tmp2A8B.tmp

C:\Program Files\GridinSoft Anti-Malware\devcon64.exe

"C:\Program Files\GridinSoft Anti-Malware\devcon64.exe" find =image

C:\Windows\SYSTEM32\cmd.exe

cmd.exe /c "C:\Program Files\GridinSoft Anti-Malware\devcon64.exe" find =camera >tmpCCD7.tmp

C:\Program Files\GridinSoft Anti-Malware\devcon64.exe

"C:\Program Files\GridinSoft Anti-Malware\devcon64.exe" find =camera

C:\Windows\SYSTEM32\cmd.exe

cmd.exe /c "C:\Program Files\GridinSoft Anti-Malware\devcon64.exe" find =image >tmpCD45.tmp

C:\Program Files\GridinSoft Anti-Malware\devcon64.exe

"C:\Program Files\GridinSoft Anti-Malware\devcon64.exe" find =image

C:\Windows\SYSTEM32\cmd.exe

cmd.exe /c "C:\Program Files\GridinSoft Anti-Malware\devcon64.exe" find =camera >tmp13D5.tmp

C:\Program Files\GridinSoft Anti-Malware\devcon64.exe

"C:\Program Files\GridinSoft Anti-Malware\devcon64.exe" find =camera

C:\Windows\SYSTEM32\cmd.exe

cmd.exe /c "C:\Program Files\GridinSoft Anti-Malware\devcon64.exe" find =image >tmp1462.tmp

C:\Program Files\GridinSoft Anti-Malware\devcon64.exe

"C:\Program Files\GridinSoft Anti-Malware\devcon64.exe" find =image

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --field-trial-handle=6076,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7380 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --field-trial-handle=6912,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8380 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --field-trial-handle=10672,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8516 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --field-trial-handle=8144,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8604 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --field-trial-handle=10972,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10980 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=10988,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11116 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=10960,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11140 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --field-trial-handle=11256,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11184 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --field-trial-handle=8432,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6940 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --field-trial-handle=11088,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11028 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --field-trial-handle=11016,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8776 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --field-trial-handle=10520,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9304 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --field-trial-handle=6816,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5808 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --field-trial-handle=5996,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6808 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --field-trial-handle=11064,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11216 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --field-trial-handle=9336,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8028 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --field-trial-handle=11144,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4488 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --field-trial-handle=7308,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6348 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --field-trial-handle=8228,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7788 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --field-trial-handle=4576,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8428 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --field-trial-handle=4452,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6844 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=10620,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6688 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=8412,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8328 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=9084,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11220 /prefetch:8

C:\Users\Admin\Downloads\Kerish_PC_Doctor_4.95.exe

"C:\Users\Admin\Downloads\Kerish_PC_Doctor_4.95.exe"

C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp

"C:\Users\Admin\AppData\Local\Temp\is-E8432.tmp\Kerish_PC_Doctor_4.95.tmp" /SL5="$D0526,48889883,887296,C:\Users\Admin\Downloads\Kerish_PC_Doctor_4.95.exe"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\asycfilt.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\comcat.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\msvbvm60.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\oleaut32.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\olepro32.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\hhctrl.ocx"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\wshom.ocx"

C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe

"C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe"

C:\ProgramData\Kerish Products\Kerish Doctor\Database\KerishHardMon.exe

"C:\ProgramData\Kerish Products\Kerish Doctor\Database\KerishHardMon.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3f0 0x324

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\regedit.exe

"C:\Windows\regedit.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --field-trial-handle=8716,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9840 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --field-trial-handle=7772,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10000 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10696,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10700 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4792,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10640 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --field-trial-handle=7944,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8464 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --field-trial-handle=7416,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7780 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --field-trial-handle=8248,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6768 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --field-trial-handle=6160,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1468 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --field-trial-handle=10360,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10380 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --field-trial-handle=6860,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8416 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --field-trial-handle=10496,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8644 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --field-trial-handle=10968,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10292 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=10800,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10564 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=11160,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10412 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --field-trial-handle=7940,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11184 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=8116,i,16765253189970605403,5312629960025667115,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10364 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap26232:138:7zEvent16453

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\" -an -ai#7zMap21885:210:7zEvent7194

C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\Setup.exe

"C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\Setup.exe"

C:\Users\Admin\AppData\Roaming\danc\FVKENGIMJOJFWB\nc.exe

C:\Users\Admin\AppData\Roaming\danc\FVKENGIMJOJFWB\nc.exe

C:\Windows\SysWOW64\more.com

C:\Windows\SysWOW64\more.com

C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\Setup.exe

"C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\Setup.exe"

C:\Users\Admin\AppData\Roaming\danc\FVKENGIMJOJFWB\nc.exe

C:\Users\Admin\AppData\Roaming\danc\FVKENGIMJOJFWB\nc.exe

\??\c:\program files (x86)\kerish pc doctor\kerishdoctor.exe

"c:\program files (x86)\kerish pc doctor\kerishdoctor.exe" AppInfo=1 C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\Setup.exe

C:\Windows\SysWOW64\more.com

C:\Windows\SysWOW64\more.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.virustotal.com/latest-scan/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd8f3a46f8,0x7ffd8f3a4708,0x7ffd8f3a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9694199062923508745,4330229087435857885,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,9694199062923508745,4330229087435857885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2548 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,9694199062923508745,4330229087435857885,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9694199062923508745,4330229087435857885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9694199062923508745,4330229087435857885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\AutoIt3.exe

C:\Users\Admin\AppData\Local\Temp\AutoIt3.exe

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9694199062923508745,4330229087435857885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3388 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9694199062923508745,4330229087435857885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3388 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9694199062923508745,4330229087435857885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9694199062923508745,4330229087435857885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9694199062923508745,4330229087435857885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9694199062923508745,4330229087435857885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\AutoIt3.exe

C:\Users\Admin\AppData\Local\Temp\AutoIt3.exe

C:\PROGRA~1\GRIDIN~1\gsam.exe

"C:\PROGRA~1\GRIDIN~1\gsam.exe" "C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\updater" "C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\x64" "C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\x86" "C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\AbRoot.dll" "C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\AdTree.dll" "C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\glib-2.0.dll" "C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\iconv.dll" "C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\intl.dll" "C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\myjcof" "C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\opengl64.dll" "C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\Setup.exe" "C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\vmtools.dll" "C:\Users\Admin\Downloads\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌b1!\➤⇌Δ†ε$†➤Sε†μρ➤P@$$ωrÐ➤((9192))-B1➤⇌\xlmyvd"

Network

Country Destination Domain Proto
US 8.8.8.8:53 gridinsoft.com udp
US 104.26.15.79:443 gridinsoft.com tcp
US 8.8.8.8:53 www.google.com udp
US 104.26.15.79:443 gridinsoft.com udp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 79.15.26.104.in-addr.arpa udp
US 8.8.8.8:53 228.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
GB 172.217.169.42:443 content-autofill.googleapis.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 142.250.179.228:443 www.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.187.195:443 www.google.co.uk tcp
GB 142.250.187.195:443 www.google.co.uk tcp
US 104.26.15.79:443 gridinsoft.com udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
GB 142.250.187.195:443 www.google.co.uk udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 bind.gridinsoft.com udp
US 142.93.183.102:443 bind.gridinsoft.com tcp
US 8.8.8.8:53 8a82d43e7382eb560508-db1e9047be4d687c9233d1b7230c4dbc.ssl.cf2.rackcdn.com udp
GB 23.64.26.130:443 8a82d43e7382eb560508-db1e9047be4d687c9233d1b7230c4dbc.ssl.cf2.rackcdn.com tcp
US 8.8.8.8:53 102.183.93.142.in-addr.arpa udp
US 8.8.8.8:53 130.26.64.23.in-addr.arpa udp
US 8.8.8.8:53 32.169.19.2.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 165.227.52.218:5000 s1.am.gridinsoft.com tcp
US 8.8.8.8:53 218.52.227.165.in-addr.arpa udp
US 8.8.8.8:53 bind2.gridinsoft.com udp
US 142.93.183.102:443 bind2.gridinsoft.com tcp
US 142.93.183.102:443 bind2.gridinsoft.com tcp
US 8.8.8.8:53 get.anti-malware.gridinsoft.com udp
US 137.184.213.225:443 get.anti-malware.gridinsoft.com tcp
US 142.93.183.102:443 bind2.gridinsoft.com tcp
US 137.184.213.225:443 get.anti-malware.gridinsoft.com tcp
US 137.184.213.225:443 get.anti-malware.gridinsoft.com tcp
US 137.184.213.225:443 get.anti-malware.gridinsoft.com tcp
US 8.8.8.8:53 225.213.184.137.in-addr.arpa udp
US 142.93.183.102:443 bind2.gridinsoft.com tcp
US 137.184.213.225:443 get.anti-malware.gridinsoft.com tcp
US 137.184.213.225:443 get.anti-malware.gridinsoft.com tcp
US 137.184.213.225:443 get.anti-malware.gridinsoft.com tcp
US 137.184.213.225:443 get.anti-malware.gridinsoft.com tcp
US 137.184.213.225:443 get.anti-malware.gridinsoft.com tcp
US 137.184.213.225:443 get.anti-malware.gridinsoft.com tcp
US 137.184.213.225:443 get.anti-malware.gridinsoft.com tcp
US 137.184.213.225:443 get.anti-malware.gridinsoft.com tcp
US 137.184.213.225:443 get.anti-malware.gridinsoft.com tcp
US 137.184.213.225:443 get.anti-malware.gridinsoft.com tcp
US 137.184.213.225:443 get.anti-malware.gridinsoft.com tcp
US 137.184.213.225:443 get.anti-malware.gridinsoft.com tcp
US 137.184.213.225:443 get.anti-malware.gridinsoft.com tcp
US 8.8.8.8:53 get.anti-malware.gridinsoft.com udp
US 137.184.213.225:80 get.anti-malware.gridinsoft.com tcp
US 137.184.213.225:80 get.anti-malware.gridinsoft.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 142.250.187.195:443 www.google.co.uk udp
GB 142.250.187.195:443 www.google.co.uk tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons5.gvt3.com udp
GB 172.217.169.35:443 beacons5.gvt3.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
GB 142.250.187.234:443 ogads-pa.googleapis.com tcp
GB 142.250.187.234:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 temp-mail.org udp
US 172.67.73.98:443 temp-mail.org tcp
US 172.67.73.98:443 temp-mail.org tcp
US 8.8.8.8:53 cdn.paddle.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 cdn4.buysellads.net udp
US 8.8.8.8:53 98.73.67.172.in-addr.arpa udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 172.66.40.60:443 cdn.paddle.com tcp
GB 159.65.211.77:443 cdn4.buysellads.net tcp
US 8.8.8.8:53 web2.temp-mail.org udp
US 104.26.6.95:443 web2.temp-mail.org tcp
GB 172.217.169.42:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 172.67.41.60:443 btloader.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
GB 159.65.211.77:443 cdn4.buysellads.net tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
FR 18.245.194.122:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 ad-delivery.net udp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 api.btloader.com udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 srv.buysellads.com udp
GB 159.65.211.77:443 srv.buysellads.com tcp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 ex.ingage.tech udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 104.26.9.169:443 script.4dex.io tcp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 prebid.media.net udp
US 172.64.146.150:443 ex.ingage.tech tcp
FR 18.244.28.121:443 hb.yellowblue.io tcp
US 34.120.63.153:443 prebid.media.net tcp
FR 18.245.194.122:443 c.amazon-adsystem.com tcp
US 172.64.153.78:443 mp.4dex.io tcp
NL 178.250.1.56:443 bidder.criteo.com tcp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 104.26.9.169:443 script.4dex.io tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 172.64.146.150:443 ex.ingage.tech tcp
US 8.8.8.8:53 exchange.cootlogix.com udp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 8.8.8.8:53 onetag-sys.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
DE 18.157.230.4:443 tlx.3lift.com tcp
NL 185.89.210.46:443 ib.adnxs.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 8.8.8.8:53 rt.marphezis.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
DE 51.89.9.254:443 onetag-sys.com tcp
US 8.8.8.8:53 pbjs.e-planning.net udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 142.93.194.152:443 exchange.cootlogix.com tcp
US 142.93.194.152:443 exchange.cootlogix.com tcp
US 142.93.194.152:443 exchange.cootlogix.com tcp
US 142.93.194.152:443 exchange.cootlogix.com tcp
US 8.8.8.8:53 77.211.65.159.in-addr.arpa udp
US 142.93.194.152:443 exchange.cootlogix.com tcp
US 142.93.194.152:443 exchange.cootlogix.com tcp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 95.6.26.104.in-addr.arpa udp
US 8.8.8.8:53 60.41.67.172.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 122.194.245.18.in-addr.arpa udp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 38.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 c.4dex.io udp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.241.34.106:443 c.4dex.io tcp
US 104.18.23.145:443 cadmus.script.ac tcp
GB 104.78.175.230:443 secure.cdn.fastclick.net tcp
FR 52.84.174.40:443 config.aps.amazon-adsystem.com tcp
NL 188.166.203.175:443 rt.marphezis.com tcp
FR 5.135.209.96:443 prg.smartadserver.com tcp
FR 5.135.209.96:443 prg.smartadserver.com tcp
FR 5.135.209.96:443 prg.smartadserver.com tcp
FR 5.135.209.96:443 prg.smartadserver.com tcp
FR 5.135.209.96:443 prg.smartadserver.com tcp
FR 5.135.209.96:443 prg.smartadserver.com tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
FR 3.165.113.38:443 tags.crwdcntrl.net tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
FR 3.162.36.191:443 aax.amazon-adsystem.com tcp
US 104.22.52.173:443 cdn.hadronid.net tcp
US 142.93.194.152:443 exchange.cootlogix.com tcp
US 142.93.194.152:443 exchange.cootlogix.com tcp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 104.22.5.69:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.179.225:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 45282570ee762eaf74dc729beebda915.safeframe.googlesyndication.com udp
GB 216.58.213.1:443 45282570ee762eaf74dc729beebda915.safeframe.googlesyndication.com tcp
US 35.241.34.106:443 c.4dex.io udp
GB 142.250.179.225:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 a.ad.gt udp
US 104.22.5.69:443 a.ad.gt tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 169.9.26.104.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 121.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 78.153.64.172.in-addr.arpa udp
US 8.8.8.8:53 56.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 150.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 150.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 4.230.157.18.in-addr.arpa udp
US 8.8.8.8:53 46.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 254.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 106.34.241.35.in-addr.arpa udp
US 8.8.8.8:53 230.175.78.104.in-addr.arpa udp
US 8.8.8.8:53 145.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 3.178.3.193.in-addr.arpa udp
US 8.8.8.8:53 175.203.166.188.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 38.113.165.3.in-addr.arpa udp
US 8.8.8.8:53 96.209.135.5.in-addr.arpa udp
US 8.8.8.8:53 173.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 191.36.162.3.in-addr.arpa udp
NL 185.89.210.90:443 secure.adnxs.com tcp
US 8.8.8.8:53 152.194.93.142.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 225.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.213.58.216.in-addr.arpa udp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 gum.criteo.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 static.criteo.net udp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 33.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 90.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 119.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
GB 142.250.179.225:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 cs.ingage.tech udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
DE 51.89.9.254:443 onetag-sys.com tcp
DE 51.89.9.254:443 onetag-sys.com tcp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 cm.adform.net udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 sync.cootlogix.com udp
US 8.8.8.8:53 sync.adkernel.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 hb.trustedstack.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
IE 52.208.154.107:443 ap.lijit.com tcp
US 23.192.21.141:443 eus.rubiconproject.com tcp
GB 2.19.117.32:443 hb.trustedstack.com tcp
GB 23.219.196.188:443 ads.pubmatic.com tcp
GB 23.219.196.188:443 ads.pubmatic.com tcp
GB 23.219.196.188:443 ads.pubmatic.com tcp
US 151.101.65.108:443 acdn.adnxs.com tcp
US 3.225.105.253:443 cs.ingage.tech tcp
US 3.225.105.253:443 cs.ingage.tech tcp
US 3.225.105.253:443 cs.ingage.tech tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
GB 92.123.240.21:443 contextual.media.net tcp
US 76.223.111.18:443 eb2.3lift.com tcp
DK 37.157.3.20:443 cm.adform.net tcp
US 35.244.159.8:443 u.openx.net tcp
US 161.35.51.100:443 sync.cootlogix.com tcp
NL 103.67.200.72:443 sync.adkernel.com tcp
US 3.225.105.253:443 cs.ingage.tech tcp
US 8.8.8.8:53 141.21.192.23.in-addr.arpa udp
US 8.8.8.8:53 107.154.208.52.in-addr.arpa udp
US 8.8.8.8:53 match.sharethrough.com udp
DE 51.89.9.254:443 onetag-sys.com udp
DE 18.184.119.72:443 match.sharethrough.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 token.rubiconproject.com udp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 bc-sync.com udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 eu-west-1-cs-rtb.openwebmp.com udp
NL 185.184.8.90:443 creativecdn.com tcp
US 8.2.108.175:443 bc-sync.com tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
US 70.42.32.31:443 b1sync.zemanta.com tcp
US 70.42.32.31:443 b1sync.zemanta.com tcp
DE 162.55.233.28:443 sync.richaudience.com tcp
US 3.33.220.150:443 match.adsrvr.org tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 44.217.81.132:443 api-2-0.spot.im tcp
FR 3.165.113.114:443 eu-west-1-cs-rtb.openwebmp.com tcp
US 8.8.8.8:53 32.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 188.196.219.23.in-addr.arpa udp
US 8.8.8.8:53 108.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 153.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 21.240.123.92.in-addr.arpa udp
US 8.8.8.8:53 72.200.67.103.in-addr.arpa udp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 20.3.157.37.in-addr.arpa udp
US 8.8.8.8:53 100.51.35.161.in-addr.arpa udp
US 8.8.8.8:53 253.105.225.3.in-addr.arpa udp
US 8.8.8.8:53 72.119.184.18.in-addr.arpa udp
US 8.8.8.8:53 190.239.215.23.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 gum.aidemsrv.com udp
US 8.8.8.8:53 csync.loopme.me udp
US 104.18.6.198:443 gum.aidemsrv.com tcp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
NL 35.214.251.135:443 csync.loopme.me tcp
US 54.88.211.52:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 sync.contextualadv.com udp
US 3.214.207.9:443 cs-server-s2s.yellowblue.io tcp
US 8.8.8.8:53 rtb.bid.com udp
US 8.8.8.8:53 sync-service.net udp
US 8.8.8.8:53 jadserve.postrelease.com udp
US 8.8.8.8:53 bttrack.com udp
US 204.62.12.209:443 sync-service.net tcp
IE 52.31.108.193:443 jadserve.postrelease.com tcp
US 8.2.108.175:443 bc-sync.com tcp
US 8.8.8.8:53 id.rlcdn.com udp
US 192.132.33.69:443 bttrack.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 player.aniview.com udp
US 67.202.105.23:443 ssc-cms.33across.com tcp
GB 2.23.210.26:443 player.aniview.com tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
NL 89.149.192.196:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 108.136.214.35.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 150.220.33.3.in-addr.arpa udp
US 8.8.8.8:53 28.233.55.162.in-addr.arpa udp
US 8.8.8.8:53 114.113.165.3.in-addr.arpa udp
US 8.8.8.8:53 31.32.42.70.in-addr.arpa udp
US 8.8.8.8:53 132.81.217.44.in-addr.arpa udp
US 8.8.8.8:53 198.6.18.104.in-addr.arpa udp
US 8.8.8.8:53 135.251.214.35.in-addr.arpa udp
US 8.8.8.8:53 52.211.88.54.in-addr.arpa udp
US 8.8.8.8:53 193.108.31.52.in-addr.arpa udp
US 8.8.8.8:53 sync.aniview.com udp
US 172.240.45.96:443 sync.aniview.com tcp
US 8.8.8.8:53 image6.pubmatic.com udp
NL 198.47.127.19:443 image6.pubmatic.com tcp
NL 35.214.136.108:443 x.bidswitch.net udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 9.207.214.3.in-addr.arpa udp
US 8.8.8.8:53 209.12.62.204.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 26.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 69.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 23.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 196.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 96.45.240.172.in-addr.arpa udp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 sync.crwdcntrl.net udp
IE 34.255.252.80:443 sync.crwdcntrl.net tcp
US 8.8.8.8:53 pixel.tapad.com udp
US 34.111.113.62:443 pixel.tapad.com tcp
US 8.8.8.8:53 19.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 80.252.255.34.in-addr.arpa udp
US 8.8.8.8:53 62.113.111.34.in-addr.arpa udp
GB 172.217.169.42:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 ac.antivirus-lab.com udp
US 142.93.183.102:443 ac.antivirus-lab.com tcp
US 142.93.183.102:443 ac.antivirus-lab.com tcp
GB 159.65.211.77:443 srv.buysellads.com tcp
DE 51.89.9.254:443 onetag-sys.com udp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
US 142.93.194.152:443 exchange.cootlogix.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
NL 185.89.210.46:443 secure.adnxs.com tcp
FR 5.135.209.96:443 prg.smartadserver.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 178.250.1.56:443 bidder.criteo.com tcp
US 34.120.63.153:443 prebid.media.net udp
US 35.241.34.106:443 c.4dex.io udp
DE 51.89.9.254:443 onetag-sys.com tcp
GB 159.65.211.77:443 srv.buysellads.com tcp
US 142.93.183.102:443 ac.antivirus-lab.com tcp
US 142.93.183.102:443 ac.antivirus-lab.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
GB 142.250.187.195:443 www.google.co.uk udp
US 142.93.183.102:443 ac.antivirus-lab.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 159.65.211.77:443 srv.buysellads.com tcp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 exchange.cootlogix.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
FR 5.135.209.96:443 prg.smartadserver.com tcp
US 34.120.63.153:443 prebid.media.net udp
NL 178.250.1.56:443 bidder.criteo.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
NL 185.89.211.84:443 ib.adnxs.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 35.241.34.106:443 c.4dex.io udp
US 8.8.8.8:53 84.211.89.185.in-addr.arpa udp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 23.173.189.20.in-addr.arpa udp
US 142.93.183.102:443 ac.antivirus-lab.com tcp
US 8.8.8.8:53 bind.trojan-killer.com udp
US 192.237.188.201:443 bind.trojan-killer.com tcp
US 8.8.8.8:53 update1.am.gridinsoft.com udp
US 8.8.8.8:53 update1.trojan-killer.com udp
US 8.8.8.8:53 trojan-killer.net udp
US 137.184.213.225:443 update1.am.gridinsoft.com tcp
US 8.8.8.8:53 201.188.237.192.in-addr.arpa udp
US 137.184.213.225:443 update1.am.gridinsoft.com tcp
US 137.184.213.225:443 update1.am.gridinsoft.com tcp
GB 159.65.211.77:443 srv.buysellads.com tcp
US 137.184.213.225:443 update1.am.gridinsoft.com tcp
DE 18.157.230.4:443 tlx.3lift.com tcp
FR 5.135.209.96:443 prg.smartadserver.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
NL 185.89.211.84:443 ib.adnxs.com tcp
US 34.120.63.153:443 prebid.media.net udp
NL 178.250.1.56:443 bidder.criteo.com tcp
DE 51.89.9.254:443 onetag-sys.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
US 137.184.213.225:443 update1.am.gridinsoft.com tcp
US 35.241.34.106:443 c.4dex.io udp
US 137.184.213.225:443 update1.am.gridinsoft.com tcp
US 137.184.213.225:443 update1.am.gridinsoft.com tcp
US 137.184.213.225:443 update1.am.gridinsoft.com tcp
US 137.184.213.225:443 update1.am.gridinsoft.com tcp
US 104.26.15.79:443 gridinsoft.com tcp
US 165.227.52.218:5000 s1.am.gridinsoft.com tcp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp
US 137.184.213.225:80 update1.am.gridinsoft.com tcp
US 137.184.213.225:80 update1.am.gridinsoft.com tcp
GB 159.65.211.77:443 srv.buysellads.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 34.120.63.153:443 prebid.media.net udp
NL 178.250.1.56:443 bidder.criteo.com tcp
US 8.8.8.8:53 prg.smartadserver.com udp
NL 185.89.211.84:443 ib.adnxs.com tcp
US 8.8.8.8:53 tlx.3lift.com udp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
FR 51.178.195.208:443 prg.smartadserver.com tcp
US 35.241.34.106:443 c.4dex.io udp
US 8.8.8.8:53 208.195.178.51.in-addr.arpa udp
GB 159.65.211.77:443 srv.buysellads.com tcp
FR 51.178.195.208:443 prg.smartadserver.com tcp
NL 185.89.211.84:443 ib.adnxs.com tcp
DE 51.89.9.254:443 onetag-sys.com tcp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 34.120.63.153:443 prebid.media.net udp
NL 178.250.1.56:443 bidder.criteo.com tcp
US 8.8.8.8:53 hb.yellowblue.io udp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 8.8.8.8:53 prod.tahoe-analytics.publishers.advertising.a2z.com udp
US 44.237.154.60:443 prod.tahoe-analytics.publishers.advertising.a2z.com tcp
US 209.38.48.20:443 exchange.cootlogix.com tcp
US 35.241.34.106:443 c.4dex.io udp
US 209.38.48.20:443 exchange.cootlogix.com tcp
US 209.38.48.20:443 exchange.cootlogix.com tcp
US 209.38.48.20:443 exchange.cootlogix.com tcp
US 8.8.8.8:53 20.48.38.209.in-addr.arpa udp
US 8.8.8.8:53 60.154.237.44.in-addr.arpa udp
US 142.93.183.102:443 ac.antivirus-lab.com tcp
GB 159.65.211.77:443 srv.buysellads.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 34.120.63.153:443 prebid.media.net udp
NL 178.250.1.56:443 bidder.criteo.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
FR 51.178.195.208:443 prg.smartadserver.com tcp
NL 185.89.211.84:443 ib.adnxs.com tcp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 35.241.34.106:443 c.4dex.io udp
GB 159.65.211.77:443 srv.buysellads.com tcp
US 34.120.63.153:443 prebid.media.net udp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 178.250.1.56:443 bidder.criteo.com tcp
FR 51.178.195.208:443 prg.smartadserver.com tcp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 tlx.3lift.com udp
NL 185.89.211.84:443 ib.adnxs.com tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 35.241.34.106:443 c.4dex.io udp
US 35.241.34.106:443 c.4dex.io udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 130.211.23.194:443 api.btloader.com udp
GB 159.65.211.77:443 srv.buysellads.com tcp
US 209.38.48.20:443 exchange.cootlogix.com tcp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
US 209.38.48.20:443 exchange.cootlogix.com tcp
US 209.38.48.20:443 exchange.cootlogix.com tcp
US 8.8.8.8:53 id.hadron.ad.gt udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 8.8.8.8:53 bfdb66931a4d4ad3cebd83c72169192c.safeframe.googlesyndication.com udp
GB 142.250.179.225:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 secure.adnxs.com udp
NL 185.89.210.122:443 secure.adnxs.com tcp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 122.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 ads.pubmatic.com udp
DE 51.89.9.254:443 onetag-sys.com tcp
US 8.8.8.8:53 sync.adkernel.com udp
US 8.8.8.8:53 cs.ingage.tech udp
US 8.8.8.8:53 ap.lijit.com udp
GB 23.219.196.188:443 ads.pubmatic.com tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
US 35.244.159.8:443 u.openx.net udp
DK 37.157.3.20:443 cm.adform.net tcp
US 3.225.105.253:443 cs.ingage.tech tcp
IE 34.252.246.23:443 ap.lijit.com tcp
NL 103.67.200.72:443 sync.adkernel.com tcp
US 161.35.51.100:443 sync.cootlogix.com tcp
US 8.8.8.8:53 image6.pubmatic.com udp
US 8.8.8.8:53 152.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 23.246.252.34.in-addr.arpa udp
US 8.8.8.8:53 bc-sync.com udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 creativecdn.com udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 sync.contextualadv.com udp
US 8.8.8.8:53 rtb.bid.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
IE 52.31.108.193:443 jadserve.postrelease.com tcp
US 3.33.220.150:443 match.adsrvr.org tcp
NL 35.214.251.135:443 csync.loopme.me tcp
US 204.62.12.209:443 sync-service.net tcp
US 8.8.8.8:53 id.rlcdn.com udp
US 192.132.33.69:443 bttrack.com tcp
US 8.2.108.175:443 bc-sync.com tcp
US 8.8.8.8:53 eu-west-1-cs-rtb.openwebmp.com udp
US 104.18.6.198:443 gum.aidemsrv.com udp
US 35.244.174.68:443 id.rlcdn.com udp
US 70.42.32.159:443 b1sync.zemanta.com tcp
US 70.42.32.159:443 b1sync.zemanta.com tcp
US 107.20.167.149:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 match.sharethrough.com udp
DE 18.195.234.25:443 match.sharethrough.com tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 67.202.105.24:443 ssc-cms.33across.com tcp
US 54.147.159.241:443 cs-server-s2s.yellowblue.io tcp
US 8.2.108.175:443 bc-sync.com tcp
FR 178.32.210.230:443 ssbsync.smartadserver.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 8.8.8.8:53 159.32.42.70.in-addr.arpa udp
US 8.8.8.8:53 149.167.20.107.in-addr.arpa udp
US 8.8.8.8:53 25.234.195.18.in-addr.arpa udp
US 8.8.8.8:53 24.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 230.210.32.178.in-addr.arpa udp
US 8.8.8.8:53 241.159.147.54.in-addr.arpa udp
DE 162.55.233.29:443 sync.richaudience.com tcp
US 8.8.8.8:53 29.233.55.162.in-addr.arpa udp
US 142.93.183.102:443 ac.antivirus-lab.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 www.google.com udp
GB 159.65.211.77:443 srv.buysellads.com tcp
GB 142.250.179.228:443 www.google.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
GB 142.250.187.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 157.34.239.216.in-addr.arpa udp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 dns-tunnel-check.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 winningpc.com udp
US 162.159.135.42:443 winningpc.com tcp
US 162.159.135.42:443 winningpc.com tcp
US 162.159.135.42:443 winningpc.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.169.33:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 images.dmca.com udp
GB 143.244.38.136:443 images.dmca.com tcp
US 8.8.8.8:53 42.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 help.gridinsoft.com udp
US 104.26.15.79:443 help.gridinsoft.com tcp
US 104.26.15.79:443 help.gridinsoft.com udp
US 8.8.8.8:53 stats.wp.com udp
US 192.0.76.3:443 stats.wp.com tcp
US 8.8.8.8:53 pixel.wp.com udp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 s.w.org udp
US 192.0.77.48:443 s.w.org tcp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
US 8.8.8.8:53 48.77.0.192.in-addr.arpa udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
GB 142.250.179.228:443 www.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 web2.temp-mail.org udp
US 162.159.135.42:443 winningpc.com udp
US 8.8.8.8:53 secure.gravatar.com udp
US 192.0.73.2:443 secure.gravatar.com tcp
US 192.0.73.2:443 secure.gravatar.com tcp
US 192.0.73.2:443 secure.gravatar.com tcp
US 192.0.73.2:443 secure.gravatar.com tcp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 2.73.0.192.in-addr.arpa udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 exchange.cootlogix.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 prg.smartadserver.com udp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
US 8.8.8.8:53 tlx.3lift.com udp
NL 178.250.1.56:443 bidder.criteo.com tcp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 ex.ingage.tech udp
US 8.8.8.8:53 ib.adnxs.com udp
DE 51.89.9.254:443 onetag-sys.com tcp
US 34.120.63.153:443 prebid.media.net udp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
NL 89.149.192.192:443 prg.smartadserver.com tcp
US 174.138.127.193:443 exchange.cootlogix.com tcp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
NL 188.166.203.175:443 rt.marphezis.com tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
NL 185.89.210.153:443 ib.adnxs.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 174.138.127.193:443 exchange.cootlogix.com tcp
US 174.138.127.193:443 exchange.cootlogix.com tcp
US 174.138.127.193:443 exchange.cootlogix.com tcp
US 8.8.8.8:53 c.4dex.io udp
US 35.241.34.106:443 c.4dex.io udp
GB 159.65.211.77:443 srv.buysellads.com tcp
US 8.8.8.8:53 192.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 153.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 193.127.138.174.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 185.89.210.122:443 ib.adnxs.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
GB 2.23.210.10:443 acdn.adnxs.com tcp
US 8.8.8.8:53 10.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 bind2.gridinsoft.com udp
US 142.93.183.102:443 bind2.gridinsoft.com tcp
GB 159.65.211.77:443 srv.buysellads.com tcp
US 142.93.183.102:443 bind2.gridinsoft.com tcp
DE 51.89.9.254:443 onetag-sys.com udp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 34.120.63.153:443 prebid.media.net udp
NL 89.149.192.192:443 prg.smartadserver.com tcp
NL 185.89.210.153:443 ams3-ib.adnxs.com tcp
NL 178.250.1.56:443 bidder.criteo.com tcp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 35.241.34.106:443 c.4dex.io udp
US 104.26.15.79:443 help.gridinsoft.com tcp
GB 159.65.211.77:443 srv.buysellads.com tcp
US 192.0.76.3:443 pixel.wp.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
NL 89.149.192.192:443 prg.smartadserver.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 34.120.63.153:443 prebid.media.net udp
NL 178.250.1.56:443 bidder.criteo.com tcp
NL 185.89.210.153:443 ams3-ib.adnxs.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
US 35.241.34.106:443 c.4dex.io udp
GB 159.65.211.77:443 srv.buysellads.com tcp
US 8.8.8.8:53 cloud.filezilla.io udp
US 172.67.129.183:443 cloud.filezilla.io tcp
US 172.67.129.183:443 cloud.filezilla.io tcp
US 8.8.8.8:53 183.129.67.172.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 s1.am.gridinsoft.com udp
US 165.227.52.218:80 s1.am.gridinsoft.com tcp
GB 159.65.211.77:443 srv.buysellads.com tcp
US 142.93.183.102:80 bind2.gridinsoft.com tcp
US 142.93.183.102:80 bind2.gridinsoft.com tcp
US 142.93.183.102:80 bind2.gridinsoft.com tcp
US 8.8.8.8:53 get.anti-malware.gridinsoft.com udp
US 137.184.213.225:80 get.anti-malware.gridinsoft.com tcp
US 137.184.213.225:80 get.anti-malware.gridinsoft.com tcp
US 137.184.213.225:80 get.anti-malware.gridinsoft.com tcp
US 137.184.213.225:80 get.anti-malware.gridinsoft.com tcp
US 137.184.213.225:80 get.anti-malware.gridinsoft.com tcp
US 137.184.213.225:80 get.anti-malware.gridinsoft.com tcp
US 137.184.213.225:80 get.anti-malware.gridinsoft.com tcp
US 142.93.183.102:443 bind2.gridinsoft.com tcp
US 137.184.213.225:80 get.anti-malware.gridinsoft.com tcp
US 137.184.213.225:80 get.anti-malware.gridinsoft.com tcp
US 137.184.213.225:80 get.anti-malware.gridinsoft.com tcp
US 137.184.213.225:80 get.anti-malware.gridinsoft.com tcp
US 137.184.213.225:80 get.anti-malware.gridinsoft.com tcp
US 137.184.213.225:80 get.anti-malware.gridinsoft.com tcp
US 8.8.8.8:53 gridinsoft.com udp
US 104.26.15.79:443 gridinsoft.com tcp
US 137.184.213.225:80 get.anti-malware.gridinsoft.com tcp
US 104.26.15.79:443 gridinsoft.com tcp
US 137.184.213.225:80 get.anti-malware.gridinsoft.com tcp
US 137.184.213.225:80 get.anti-malware.gridinsoft.com tcp
US 137.184.213.225:80 get.anti-malware.gridinsoft.com tcp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 tlx.3lift.com udp
NL 188.166.203.175:443 rt.marphezis.com tcp
US 34.120.63.153:443 prebid.media.net udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
NL 185.89.210.153:443 ams3-ib.adnxs.com tcp
DE 51.89.9.254:443 onetag-sys.com tcp
US 8.8.8.8:53 prg.smartadserver.com udp
NL 178.250.1.56:443 bidder.criteo.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 174.138.109.225:443 exchange.cootlogix.com tcp
NL 89.149.193.80:443 prg.smartadserver.com tcp
US 174.138.109.225:443 exchange.cootlogix.com tcp
US 174.138.109.225:443 exchange.cootlogix.com tcp
US 174.138.109.225:443 exchange.cootlogix.com tcp
US 35.241.34.106:443 c.4dex.io udp
US 8.8.8.8:53 225.109.138.174.in-addr.arpa udp
US 8.8.8.8:53 80.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 temp-mail.org udp
US 8.8.8.8:53 script.4dex.io udp
US 35.241.34.106:443 c.4dex.io udp
US 8.8.8.8:53 cdn.paddle.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 172.66.43.196:443 cdn.paddle.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
FR 18.245.194.122:443 c.amazon-adsystem.com tcp
GB 159.65.211.77:443 srv.buysellads.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 159.65.211.77:443 srv.buysellads.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 196.43.66.172.in-addr.arpa udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
GB 172.217.169.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
GB 159.65.211.77:443 srv.buysellads.com tcp
US 174.138.109.225:443 exchange.cootlogix.com tcp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 174.138.109.225:443 exchange.cootlogix.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 8.8.8.8:53 ssp-sync.criteo.com udp
US 130.211.23.194:443 api.btloader.com udp
GB 216.58.212.194:443 ep1.adtrafficquality.google udp
NL 178.250.1.57:443 ssp-sync.criteo.com tcp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
GB 142.250.179.225:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 194.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 57.1.250.178.in-addr.arpa udp
NL 35.214.136.108:443 x.bidswitch.net tcp
NL 35.214.136.108:443 x.bidswitch.net udp
US 8.8.8.8:53 dis.criteo.com udp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.8.8.8:53 b17226558c6868cea6559993ebe314b1.safeframe.googlesyndication.com udp
GB 216.58.213.1:443 b17226558c6868cea6559993ebe314b1.safeframe.googlesyndication.com tcp
NL 185.89.210.180:443 secure.adnxs.com tcp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 180.210.89.185.in-addr.arpa udp
GB 216.58.212.194:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 eb2.3lift.com udp
DE 51.89.9.254:443 onetag-sys.com tcp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 sync.adkernel.com udp
US 8.8.8.8:53 cs.ingage.tech udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 sync.cootlogix.com udp
US 8.8.8.8:53 cm.adform.net udp
US 8.8.8.8:53 ap.lijit.com udp
NL 103.67.200.72:443 sync.adkernel.com tcp
DK 37.157.5.141:443 cm.adform.net tcp
US 69.55.55.219:443 sync.cootlogix.com tcp
US 3.220.189.91:443 cs.ingage.tech tcp
GB 23.219.196.188:443 ads.pubmatic.com tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
US 35.244.159.8:443 u.openx.net udp
IE 52.30.130.161:443 ap.lijit.com tcp
US 8.8.8.8:53 match.sharethrough.com udp
DE 51.89.9.254:443 onetag-sys.com udp
US 8.8.8.8:53 token.rubiconproject.com udp
DE 18.184.206.66:443 match.sharethrough.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 8.8.8.8:53 bc-sync.com udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 sync.contextualadv.com udp
US 8.8.8.8:53 rtb.bid.com udp
US 8.8.8.8:53 jadserve.postrelease.com udp
US 8.8.8.8:53 eu-west-1-cs-rtb.openwebmp.com udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 sync.richaudience.com udp
US 3.33.220.150:443 match.adsrvr.org tcp
US 8.8.8.8:53 image8.pubmatic.com udp
NL 35.214.251.135:443 csync.loopme.me tcp
US 70.42.32.95:443 b1sync.zemanta.com tcp
US 70.42.32.95:443 b1sync.zemanta.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.2.108.175:443 bc-sync.com tcp
US 204.62.12.209:443 sync-service.net tcp
FR 3.165.113.57:443 eu-west-1-cs-rtb.openwebmp.com tcp
IE 52.31.108.193:443 jadserve.postrelease.com tcp
US 8.8.8.8:53 id.rlcdn.com udp
DE 162.55.236.224:443 sync.richaudience.com tcp
US 8.8.8.8:53 bttrack.com udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 gum.aidemsrv.com udp
US 35.244.174.68:443 id.rlcdn.com udp
US 104.18.7.198:443 gum.aidemsrv.com udp
US 192.132.33.68:443 bttrack.com tcp
US 52.70.166.220:443 cs-server-s2s.yellowblue.io tcp
US 34.239.13.157:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 67.202.105.24:443 ssc-cms.33across.com tcp
US 8.2.108.175:443 bc-sync.com tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 141.5.157.37.in-addr.arpa udp
US 8.8.8.8:53 219.55.55.69.in-addr.arpa udp
US 8.8.8.8:53 91.189.220.3.in-addr.arpa udp
US 8.8.8.8:53 161.130.30.52.in-addr.arpa udp
US 8.8.8.8:53 66.206.184.18.in-addr.arpa udp
US 8.8.8.8:53 57.113.165.3.in-addr.arpa udp
US 8.8.8.8:53 198.7.18.104.in-addr.arpa udp
US 8.8.8.8:53 224.236.55.162.in-addr.arpa udp
US 8.8.8.8:53 95.32.42.70.in-addr.arpa udp
US 8.8.8.8:53 68.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 157.13.239.34.in-addr.arpa udp
US 8.8.8.8:53 220.166.70.52.in-addr.arpa udp
FR 164.132.25.180:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 image6.pubmatic.com udp
US 8.8.8.8:53 180.25.132.164.in-addr.arpa udp
US 142.93.183.102:80 bind2.gridinsoft.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 159.65.211.77:443 srv.buysellads.com tcp
NL 89.149.193.80:443 prg.smartadserver.com tcp
NL 185.89.210.153:443 ams3-ib.adnxs.com tcp
US 174.138.109.225:443 exchange.cootlogix.com tcp
DE 51.89.9.254:443 onetag-sys.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
NL 178.250.1.56:443 bidder.criteo.com tcp
US 34.120.63.153:443 prebid.media.net udp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 35.241.34.106:443 c.4dex.io udp
NL 185.89.210.180:443 ams3-ib.adnxs.com tcp
US 8.8.8.8:53 acdn.adnxs-simple.com udp
US 151.101.65.108:443 acdn.adnxs-simple.com tcp
US 34.95.69.49:443 i.clean.gg tcp
US 8.8.8.8:53 49.69.95.34.in-addr.arpa udp
US 34.95.69.49:443 i.clean.gg udp
US 142.93.183.102:80 bind2.gridinsoft.com tcp
GB 159.65.211.77:443 srv.buysellads.com tcp
US 142.93.183.102:80 bind2.gridinsoft.com tcp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 tlx.3lift.com udp
NL 89.149.193.80:443 prg.smartadserver.com tcp
US 174.138.109.225:443 exchange.cootlogix.com tcp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
NL 178.250.1.56:443 bidder.criteo.com tcp
NL 185.89.210.153:443 ams3-ib.adnxs.com tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 34.120.63.153:443 prebid.media.net udp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
DE 51.89.9.254:443 onetag-sys.com tcp
US 174.138.109.225:443 exchange.cootlogix.com tcp
US 174.138.109.225:443 exchange.cootlogix.com tcp
NL 89.149.193.80:443 prg.smartadserver.com tcp
NL 185.89.210.153:443 ams3-ib.adnxs.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
NL 89.149.193.80:443 prg.smartadserver.com tcp
NL 89.149.193.80:443 prg.smartadserver.com tcp
NL 89.149.193.80:443 prg.smartadserver.com tcp
US 35.241.34.106:443 c.4dex.io udp
GB 159.65.211.77:443 srv.buysellads.com tcp
GB 159.65.211.77:443 srv.buysellads.com tcp
GB 159.65.211.77:443 srv.buysellads.com tcp
US 34.120.63.153:443 prebid.media.net udp
NL 89.149.193.80:443 prg.smartadserver.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
NL 178.250.1.56:443 bidder.criteo.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
NL 178.250.1.56:443 bidder.criteo.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 185.89.210.180:443 ams3-ib.adnxs.com tcp
NL 185.89.210.180:443 ams3-ib.adnxs.com tcp
NL 185.89.210.180:443 ams3-ib.adnxs.com tcp
GB 159.65.211.77:443 srv.buysellads.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.giveawayoftheday.com udp
US 208.94.233.109:443 www.giveawayoftheday.com tcp
US 208.94.233.109:443 www.giveawayoftheday.com tcp
US 208.94.233.109:443 www.giveawayoftheday.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 208.94.233.109:443 www.giveawayoftheday.com tcp
US 208.94.233.109:443 www.giveawayoftheday.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 216.58.213.10:443 ajax.googleapis.com tcp
US 8.8.8.8:53 109.233.94.208.in-addr.arpa udp
US 8.8.8.8:53 giveawayoftheday.com udp
US 208.94.233.109:443 giveawayoftheday.com tcp
US 208.94.233.109:443 giveawayoftheday.com tcp
US 208.94.233.109:443 giveawayoftheday.com tcp
US 208.94.233.109:443 giveawayoftheday.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.200.46:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
GB 172.217.169.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 download-basket.giveawayoftheday.com udp
US 208.94.233.112:443 download-basket.giveawayoftheday.com tcp
US 208.94.233.112:443 download-basket.giveawayoftheday.com tcp
US 208.94.233.112:443 download-basket.giveawayoftheday.com tcp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 iphone.giveawayoftheday.com udp
US 208.94.233.108:443 iphone.giveawayoftheday.com tcp
US 208.94.233.108:443 iphone.giveawayoftheday.com tcp
US 208.94.233.108:443 iphone.giveawayoftheday.com tcp
US 8.8.8.8:53 android.giveawayoftheday.com udp
US 208.94.233.108:443 android.giveawayoftheday.com tcp
US 208.94.233.108:443 android.giveawayoftheday.com tcp
US 208.94.233.108:443 android.giveawayoftheday.com tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.178.14:443 fundingchoicesmessages.google.com tcp
GB 163.70.151.21:443 connect.facebook.net udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 112.233.94.208.in-addr.arpa udp
US 8.8.8.8:53 108.233.94.208.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 142.250.178.14:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.213.1:443 lh3.googleusercontent.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.178.14:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 web2.temp-mail.org udp
US 8.8.8.8:53 idm-serial-number.com udp
US 172.67.190.166:443 idm-serial-number.com tcp
US 172.67.190.166:443 idm-serial-number.com tcp
US 172.67.190.166:443 idm-serial-number.com udp
US 8.8.8.8:53 166.190.67.172.in-addr.arpa udp
US 8.8.8.8:53 secure.gravatar.com udp
US 8.8.8.8:53 4bind.xyz udp
US 192.0.73.2:443 secure.gravatar.com tcp
GB 172.217.169.46:443 www.youtube.com tcp
US 104.21.93.55:443 4bind.xyz tcp
US 104.21.93.55:443 4bind.xyz udp
US 192.0.73.2:443 secure.gravatar.com udp
GB 172.217.169.46:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.201.118:443 i.ytimg.com tcp
US 192.0.76.3:443 pixel.wp.com tcp
GB 172.217.169.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.179.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.34:443 googleads.g.doubleclick.net tcp
GB 172.217.169.34:443 googleads.g.doubleclick.net tcp
GB 172.217.169.34:443 googleads.g.doubleclick.net tcp
GB 172.217.169.34:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 55.93.21.104.in-addr.arpa udp
US 8.8.8.8:53 118.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 230.179.250.142.in-addr.arpa udp
GB 142.250.187.226:443 ep1.adtrafficquality.google tcp
GB 142.250.179.225:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 172.217.16.238:443 play.google.com tcp
GB 172.217.16.238:443 play.google.com tcp
GB 142.250.187.225:443 yt3.ggpht.com tcp
GB 142.250.179.225:443 ep2.adtrafficquality.google tcp
GB 172.217.16.238:443 play.google.com udp
GB 172.217.169.34:443 googleads.g.doubleclick.net udp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 ad.turn.com udp
US 8.8.8.8:53 cms.quantserve.com udp
US 8.8.8.8:53 dclk-match.dotomi.com udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 a.tribalfusion.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.8.8.8:53 ads.travelaudience.com udp
GB 142.250.178.2:443 cm.g.doubleclick.net tcp
GB 142.250.178.2:443 cm.g.doubleclick.net tcp
DE 91.228.74.166:443 cms.quantserve.com tcp
DE 91.228.74.166:443 cms.quantserve.com tcp
US 8.8.8.8:53 match.prod.bidr.io udp
NL 89.207.16.204:443 dclk-match.dotomi.com tcp
NL 89.207.16.204:443 dclk-match.dotomi.com tcp
US 8.8.8.8:53 sync.teads.tv udp
US 35.190.0.66:443 ads.travelaudience.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
NL 185.184.8.90:443 creativecdn.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
DE 51.89.9.254:443 onetag-sys.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
US 104.18.37.193:443 a.tribalfusion.com tcp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
GB 2.17.149.102:443 sync.teads.tv tcp
IE 52.16.65.27:443 match.prod.bidr.io tcp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 dsp-cookie.adfarm1.adition.com udp
US 35.190.0.66:443 ads.travelaudience.com udp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
GB 142.250.178.2:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 c1.adform.net udp
DE 80.82.210.217:443 dsp-cookie.adfarm1.adition.com tcp
IE 34.251.118.136:443 pr-bh.ybp.yahoo.com tcp
US 8.8.8.8:53 r.turn.com udp
DK 37.157.3.26:443 c1.adform.net tcp
US 8.8.8.8:53 s.tribalfusion.com udp
GB 142.250.179.225:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 66.0.190.35.in-addr.arpa udp
US 8.8.8.8:53 193.37.18.104.in-addr.arpa udp
US 8.8.8.8:53 11.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 204.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 166.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 102.149.17.2.in-addr.arpa udp
US 8.8.8.8:53 27.65.16.52.in-addr.arpa udp
US 8.8.8.8:53 136.118.251.34.in-addr.arpa udp
US 8.8.8.8:53 217.210.82.80.in-addr.arpa udp
US 8.8.8.8:53 26.3.157.37.in-addr.arpa udp
GB 142.250.187.226:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 pm.w55c.net udp
DE 51.89.9.254:443 onetag-sys.com udp
US 3.33.220.150:443 match.adsrvr.org tcp
US 34.96.105.8:443 tr.blismedia.com tcp
IE 54.171.131.187:443 pm.w55c.net tcp
US 8.8.8.8:53 8.105.96.34.in-addr.arpa udp
US 8.8.8.8:53 187.131.171.54.in-addr.arpa udp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 google.com udp
GB 142.250.200.14:443 google.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 208.94.233.109:443 giveawayoftheday.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.169.33:443 tpc.googlesyndication.com udp
US 208.94.233.109:443 giveawayoftheday.com tcp
US 208.94.233.109:443 giveawayoftheday.com tcp
US 208.94.233.109:443 giveawayoftheday.com tcp
US 208.94.233.109:443 giveawayoftheday.com tcp
US 208.94.233.109:443 giveawayoftheday.com tcp
US 208.94.233.109:443 giveawayoftheday.com tcp
US 208.94.233.109:443 giveawayoftheday.com tcp
US 208.94.233.109:443 giveawayoftheday.com tcp
US 208.94.233.109:443 giveawayoftheday.com tcp
US 208.94.233.112:443 download-basket.giveawayoftheday.com tcp
US 208.94.233.112:443 download-basket.giveawayoftheday.com tcp
US 208.94.233.112:443 download-basket.giveawayoftheday.com tcp
US 208.94.233.112:443 download-basket.giveawayoftheday.com tcp
US 208.94.233.112:443 download-basket.giveawayoftheday.com tcp
US 208.94.233.112:443 download-basket.giveawayoftheday.com tcp
US 8.8.8.8:53 66.169.217.172.in-addr.arpa udp
GB 216.58.213.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 csi.gstatic.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
ZA 142.251.47.67:443 csi.gstatic.com tcp
ZA 142.251.47.67:443 csi.gstatic.com tcp
GB 142.250.178.14:443 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com udp
US 8.8.8.8:53 67.47.251.142.in-addr.arpa udp
US 8.8.8.8:53 s0.2mdn.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
GB 172.217.16.230:443 s0.2mdn.net tcp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 8.8.8.8:53 um.simpli.fi udp
US 8.8.8.8:53 gcm.ctnsnet.com udp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
DE 80.82.210.217:443 dsp-cookie.adfarm1.adition.com tcp
US 8.8.8.8:53 bh.contextweb.com udp
GB 142.250.178.2:443 cm.g.doubleclick.net udp
US 151.101.66.49:443 sync-tm.everesttech.net tcp
GB 172.217.16.230:443 s0.2mdn.net udp
IE 3.248.152.233:443 pr-bh.ybp.yahoo.com tcp
US 35.186.193.173:443 gcm.ctnsnet.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
NL 34.91.62.186:443 um.simpli.fi tcp
GB 142.250.187.226:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 c.bannerflow.net udp
US 104.17.46.71:443 c.bannerflow.net tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.179.225:443 ep2.adtrafficquality.google udp
US 104.17.46.71:443 c.bannerflow.net tcp
US 8.8.8.8:53 230.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 173.193.186.35.in-addr.arpa udp
US 8.8.8.8:53 49.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 233.152.248.3.in-addr.arpa udp
US 8.8.8.8:53 186.62.91.34.in-addr.arpa udp
US 8.8.8.8:53 71.46.17.104.in-addr.arpa udp
GB 142.250.187.226:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 172.217.169.66:443 ade.googlesyndication.com tcp
GB 172.217.169.66:443 ade.googlesyndication.com udp
GB 159.65.211.77:443 srv.buysellads.com tcp
GB 216.58.213.10:443 content-autofill.googleapis.com udp
US 208.94.233.108:443 android.giveawayoftheday.com tcp
US 208.94.233.108:443 android.giveawayoftheday.com tcp
US 208.94.233.108:443 android.giveawayoftheday.com tcp
US 208.94.233.108:443 android.giveawayoftheday.com tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:443 connect.facebook.net udp
GB 142.250.178.14:443 www.youtube.com udp
GB 142.250.180.4:443 www.google.com udp
GB 163.70.151.21:443 connect.facebook.net udp
GB 142.250.178.14:443 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.214.35:443 www.facebook.com udp
US 8.8.8.8:53 35.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 cms.quantserve.com udp
US 8.8.8.8:53 x.bidswitch.net udp
DE 91.228.74.244:443 cms.quantserve.com tcp
GB 172.217.169.66:443 ade.googlesyndication.com udp
NL 35.214.136.108:443 x.bidswitch.net tcp
GB 142.250.187.226:443 ep1.adtrafficquality.google udp
GB 142.250.178.2:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 pool.admedo.com udp
BE 35.206.140.87:443 pool.admedo.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
GB 142.250.179.225:443 ep2.adtrafficquality.google udp
BE 35.206.140.87:443 pool.admedo.com udp
NL 35.214.136.108:443 x.bidswitch.net udp
DK 37.157.3.26:443 c1.adform.net tcp
US 8.8.8.8:53 sync.teads.tv udp
GB 2.17.149.102:443 sync.teads.tv tcp
US 8.8.8.8:53 244.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 87.140.206.35.in-addr.arpa udp
GB 142.250.187.226:443 ep1.adtrafficquality.google udp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 172.217.169.66:443 ade.googlesyndication.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.46:443 www.youtube.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 id.google.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 142.250.200.10:443 ogads-pa.googleapis.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 208.94.233.112:443 download-basket.giveawayoftheday.com tcp
US 208.94.233.112:443 download-basket.giveawayoftheday.com tcp
US 208.94.233.112:443 download-basket.giveawayoftheday.com tcp
US 208.94.233.112:443 download-basket.giveawayoftheday.com tcp
US 208.94.233.112:443 download-basket.giveawayoftheday.com tcp
US 8.8.8.8:53 178.38.239.216.in-addr.arpa udp
GB 216.58.213.10:443 content-autofill.googleapis.com udp
US 208.94.233.109:443 giveawayoftheday.com tcp
US 208.94.233.109:443 giveawayoftheday.com tcp
US 208.94.233.109:443 giveawayoftheday.com tcp
US 208.94.233.109:443 giveawayoftheday.com tcp
GB 142.250.178.14:443 www.youtube.com udp
GB 142.250.178.14:443 www.youtube.com udp
US 8.8.8.8:53 dclk-match.dotomi.com udp
US 8.8.8.8:53 ads.travelaudience.com udp
US 34.96.105.8:443 tr.blismedia.com udp
IE 3.248.152.233:443 pr-bh.ybp.yahoo.com tcp
GB 142.250.178.2:443 cm.g.doubleclick.net udp
NL 64.158.223.137:443 dclk-match.dotomi.com tcp
US 35.190.0.66:443 ads.travelaudience.com udp
GB 172.217.169.66:443 ade.googlesyndication.com udp
GB 172.217.169.66:443 ade.googlesyndication.com udp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 creativecdn.com udp
GB 172.217.16.230:443 s0.2mdn.net udp
GB 142.250.187.226:443 ep1.adtrafficquality.google udp
IE 3.248.173.67:443 match.prod.bidr.io tcp
GB 142.250.179.225:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 137.223.158.64.in-addr.arpa udp
US 8.8.8.8:53 67.173.248.3.in-addr.arpa udp
GB 142.250.187.226:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 a.tribalfusion.com udp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 3.33.220.150:443 match.adsrvr.org tcp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 sync.teads.tv udp
US 8.8.8.8:53 pm.w55c.net udp
US 8.8.8.8:53 c1.adform.net udp
US 104.18.37.193:443 a.tribalfusion.com udp
IE 99.80.216.230:443 pm.w55c.net tcp
US 35.244.174.68:443 id.rlcdn.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 230.216.80.99.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
ZA 142.251.47.67:443 csi.gstatic.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.200.10:443 ogads-pa.googleapis.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.glarysoft.com udp
US 8.8.8.8:53 translate.google.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 172.67.221.27:443 www.glarysoft.com tcp
US 172.67.221.27:443 www.glarysoft.com tcp
US 172.67.221.27:443 www.glarysoft.com tcp
US 172.67.221.27:443 www.glarysoft.com tcp
US 172.67.221.27:443 www.glarysoft.com tcp
US 172.67.221.27:443 www.glarysoft.com tcp
GB 142.250.178.14:443 translate.google.com tcp
US 172.67.221.27:443 www.glarysoft.com udp
US 8.8.8.8:53 static.zdassets.com udp
US 8.8.8.8:53 platform-api.sharethis.com udp
US 8.8.8.8:53 translate.googleapis.com udp
US 8.8.8.8:53 connect.facebook.net udp
GB 142.250.200.42:443 translate.googleapis.com tcp
FR 52.222.169.67:443 platform-api.sharethis.com tcp
US 216.198.54.3:443 static.zdassets.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 163.70.151.21:443 connect.facebook.net udp
US 8.8.8.8:53 ekr.zdassets.com udp
US 216.198.54.3:443 ekr.zdassets.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 buttons-config.sharethis.com udp
US 8.8.8.8:53 l.sharethis.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
FR 3.165.136.55:443 buttons-config.sharethis.com tcp
IE 34.242.110.9:443 l.sharethis.com tcp
US 8.8.8.8:53 27.221.67.172.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.54.198.216.in-addr.arpa udp
US 8.8.8.8:53 67.169.222.52.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 9.110.242.34.in-addr.arpa udp
US 8.8.8.8:53 glarysoft.zendesk.com udp
US 216.198.53.1:443 glarysoft.zendesk.com tcp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 translate-pa.googleapis.com udp
GB 216.58.212.202:443 translate-pa.googleapis.com tcp
US 8.8.8.8:53 1.53.198.216.in-addr.arpa udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 cms.quantserve.com udp
IE 3.248.173.67:443 match.prod.bidr.io tcp
US 8.8.8.8:53 odr.mookie1.com udp
US 8.8.8.8:53 onetag-sys.com udp
NL 178.250.1.9:443 dis.criteo.com tcp
DE 51.38.120.206:443 onetag-sys.com tcp
US 34.160.236.64:443 odr.mookie1.com tcp
US 8.8.8.8:53 count-server.sharethis.com udp
US 8.8.8.8:53 platform-cdn.sharethis.com udp
US 3.165.232.89:443 platform-cdn.sharethis.com tcp
US 3.165.232.89:443 platform-cdn.sharethis.com tcp
IE 13.224.68.20:443 count-server.sharethis.com tcp
US 8.8.8.8:53 64.236.160.34.in-addr.arpa udp
US 8.8.8.8:53 20.68.224.13.in-addr.arpa udp
US 8.8.8.8:53 206.120.38.51.in-addr.arpa udp
US 8.8.8.8:53 89.232.165.3.in-addr.arpa udp
US 8.8.8.8:53 ads.creative-serving.com udp
NL 35.214.241.248:443 ads.creative-serving.com tcp
NL 35.214.241.248:443 ads.creative-serving.com tcp
NL 35.214.241.248:443 ads.creative-serving.com udp
US 8.8.8.8:53 248.241.214.35.in-addr.arpa udp
US 8.8.8.8:53 web2.temp-mail.org udp
GB 142.250.200.42:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 links.giveawayoftheday.com udp
US 52.204.36.16:80 links.giveawayoftheday.com tcp
US 8.8.8.8:53 16.36.204.52.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c29.gcp.gvt2.com udp
US 34.106.86.104:443 e2c29.gcp.gvt2.com tcp
US 52.204.36.16:80 links.giveawayoftheday.com tcp
US 52.204.36.16:443 links.giveawayoftheday.com tcp
US 8.8.8.8:53 104.86.106.34.in-addr.arpa udp
US 52.204.36.16:443 links.giveawayoftheday.com tcp
US 52.204.36.16:443 links.giveawayoftheday.com tcp
US 52.204.36.16:443 links.giveawayoftheday.com tcp
US 52.204.36.16:443 links.giveawayoftheday.com tcp
US 52.204.36.16:443 links.giveawayoftheday.com tcp
US 208.94.233.109:443 giveawayoftheday.com tcp
GB 172.217.169.35:443 beacons.gvt2.com tcp
US 208.94.233.109:443 giveawayoftheday.com tcp
US 208.94.233.109:443 giveawayoftheday.com tcp
US 208.94.233.109:443 giveawayoftheday.com tcp
US 208.94.233.109:443 giveawayoftheday.com tcp
US 8.8.8.8:53 s7.addthis.com udp
GB 23.44.66.45:443 s7.addthis.com tcp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 www.kerish.org udp
RU 87.250.251.119:443 mc.yandex.ru tcp
US 104.21.57.31:443 www.kerish.org tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 104.21.57.31:443 www.kerish.org udp
US 8.8.8.8:53 45.66.44.23.in-addr.arpa udp
US 8.8.8.8:53 31.57.21.104.in-addr.arpa udp
US 8.8.8.8:53 119.251.250.87.in-addr.arpa udp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 widget.trustpilot.com udp
US 8.8.8.8:53 apps.shareaholic.com udp
US 8.8.8.8:53 web.webformscr.com udp
FR 3.165.113.120:443 widget.trustpilot.com tcp
GB 54.230.10.126:443 apps.shareaholic.com tcp
FR 185.93.2.12:443 web.webformscr.com tcp
US 8.8.8.8:53 cdn.openshareweb.com udp
US 172.67.74.24:443 cdn.openshareweb.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 104.21.57.31:443 www.kerish.org tcp
GB 142.250.180.10:443 ajax.googleapis.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 gp.webformscr.com udp
DE 188.40.60.215:443 gp.webformscr.com tcp
US 8.8.8.8:53 120.113.165.3.in-addr.arpa udp
US 8.8.8.8:53 126.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 12.2.93.185.in-addr.arpa udp
US 8.8.8.8:53 24.74.67.172.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 215.60.40.188.in-addr.arpa udp
US 104.21.57.31:443 www.kerish.org tcp
US 8.8.8.8:53 bind.trojan-killer.com udp
US 192.237.188.201:80 bind.trojan-killer.com tcp
GB 159.65.211.77:443 srv.buysellads.com tcp
US 8.8.8.8:53 ex.ingage.tech udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 ib.adnxs.com udp
NL 178.250.1.56:443 bidder.criteo.com tcp
DE 51.38.120.206:443 onetag-sys.com tcp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
NL 188.166.203.175:443 rt.marphezis.com tcp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 exchange.cootlogix.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
DE 3.78.168.176:443 tlx.3lift.com tcp
US 34.120.63.153:443 prebid.media.net udp
US 172.64.146.150:443 ex.ingage.tech tcp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
NL 185.89.210.180:443 ib.adnxs.com tcp
NL 81.17.55.113:443 prg.smartadserver.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 167.99.22.253:443 exchange.cootlogix.com tcp
US 104.18.34.178:443 mp.4dex.io tcp
IE 3.162.140.23:443 hb.yellowblue.io tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
FR 3.164.164.156:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 c.4dex.io udp
US 35.241.34.106:443 c.4dex.io udp
US 167.99.22.253:443 exchange.cootlogix.com tcp
US 167.99.22.253:443 exchange.cootlogix.com tcp
US 167.99.22.253:443 exchange.cootlogix.com tcp
US 8.8.8.8:53 176.168.78.3.in-addr.arpa udp
US 8.8.8.8:53 113.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 178.34.18.104.in-addr.arpa udp
US 8.8.8.8:53 23.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 156.164.164.3.in-addr.arpa udp
US 8.8.8.8:53 253.22.99.167.in-addr.arpa udp
GB 159.65.211.77:443 srv.buysellads.com tcp
NL 178.250.1.56:443 bidder.criteo.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 81.17.55.113:443 prg.smartadserver.com tcp
DE 51.38.120.206:443 onetag-sys.com udp
US 34.120.63.153:443 prebid.media.net udp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
NL 185.89.210.180:443 ib.adnxs.com tcp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 35.241.34.106:443 c.4dex.io udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
GB 159.65.211.77:443 srv.buysellads.com tcp
US 34.120.63.153:443 prebid.media.net udp
NL 81.17.55.113:443 prg.smartadserver.com tcp
NL 178.250.1.56:443 bidder.criteo.com tcp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
NL 185.89.210.180:443 ib.adnxs.com tcp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 35.241.34.106:443 c.4dex.io udp
GB 159.65.211.77:443 srv.buysellads.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
NL 178.250.1.56:443 bidder.criteo.com tcp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 prebid.media.net udp
NL 81.17.55.113:443 prg.smartadserver.com tcp
NL 185.89.210.180:443 ib.adnxs.com tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 34.120.63.153:443 prebid.media.net udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 35.241.34.106:443 c.4dex.io udp
GB 159.65.211.77:443 srv.buysellads.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 34.120.63.153:443 prebid.media.net udp
NL 81.17.55.113:443 prg.smartadserver.com tcp
NL 185.89.210.180:443 ib.adnxs.com tcp
NL 178.250.1.56:443 bidder.criteo.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
US 35.241.34.106:443 c.4dex.io udp
US 8.8.8.8:53 www.kerish.org udp
US 104.21.57.31:80 www.kerish.org tcp
GB 159.65.211.77:443 srv.buysellads.com tcp
US 34.120.63.153:443 prebid.media.net udp
NL 185.89.210.180:443 ib.adnxs.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 178.250.1.56:443 bidder.criteo.com tcp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
FR 164.132.25.176:443 prg.smartadserver.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 35.241.34.106:443 c.4dex.io udp
US 8.8.8.8:53 176.25.132.164.in-addr.arpa udp
GB 159.65.211.77:443 srv.buysellads.com tcp
NL 178.250.1.56:443 bidder.criteo.com tcp
FR 164.132.25.176:443 prg.smartadserver.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 34.120.63.153:443 prebid.media.net udp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 185.89.211.84:443 ib.adnxs.com tcp
NL 193.3.178.3:443 pbjs.e-planning.net tcp
US 35.241.34.106:443 c.4dex.io udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 159.65.211.77:443 srv.buysellads.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 216.58.204.74:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
GB 142.250.187.206:443 play.google.com udp
GB 216.58.204.74:443 ogads-pa.googleapis.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 steamunlocked.com.de udp
US 172.67.129.199:443 steamunlocked.com.de tcp
US 172.67.129.199:443 steamunlocked.com.de tcp
US 172.67.129.199:443 steamunlocked.com.de udp
US 192.0.76.3:443 pixel.wp.com tcp
GB 216.58.212.202:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 199.129.67.172.in-addr.arpa udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 216.58.204.67:443 www.google.co.uk tcp
BE 66.102.1.155:443 stats.g.doubleclick.net tcp
GB 216.58.212.202:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 155.1.102.66.in-addr.arpa udp
US 192.0.76.3:443 pixel.wp.com udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 wq24-1.g-site.site udp
NL 37.48.90.246:443 wq24-1.g-site.site tcp
NL 37.48.90.246:443 wq24-1.g-site.site tcp
NL 37.48.90.246:443 wq24-1.g-site.site udp
US 8.8.8.8:53 246.90.48.37.in-addr.arpa udp
US 8.8.8.8:53 wq24-1.g-site.store udp
NL 37.48.90.246:443 wq24-1.g-site.store tcp
NL 37.48.90.246:443 wq24-1.g-site.store tcp
US 8.8.8.8:53 bestsoftingwork.online udp
NL 37.48.90.246:443 bestsoftingwork.online tcp
NL 37.48.90.246:443 bestsoftingwork.online tcp
US 8.8.8.8:53 bradpitt.cfd udp
US 104.21.42.103:443 bradpitt.cfd tcp
US 104.21.42.103:443 bradpitt.cfd udp
US 8.8.8.8:53 code.jquery.com udp
US 151.101.130.137:443 code.jquery.com tcp
GB 216.58.212.202:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 103.42.21.104.in-addr.arpa udp
US 8.8.8.8:53 137.130.101.151.in-addr.arpa udp
GB 216.58.204.74:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 mega.nz udp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 5.145.216.31.in-addr.arpa udp
GB 216.58.212.202:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 eu.static.mega.co.nz udp
LU 31.216.145.5:443 mega.nz tcp
NL 66.203.127.13:443 eu.static.mega.co.nz tcp
NL 66.203.127.13:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 g.api.mega.co.nz udp
LU 66.203.125.15:443 g.api.mega.co.nz tcp
LU 66.203.125.15:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 13.127.203.66.in-addr.arpa udp
NL 66.203.127.13:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 15.125.203.66.in-addr.arpa udp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
US 8.8.8.8:53 gfs208n203.userstorage.mega.co.nz udp
FR 185.206.26.133:443 gfs208n203.userstorage.mega.co.nz tcp
FR 185.206.26.133:443 gfs208n203.userstorage.mega.co.nz tcp
FR 185.206.26.133:443 gfs208n203.userstorage.mega.co.nz tcp
FR 185.206.26.133:443 gfs208n203.userstorage.mega.co.nz tcp
US 8.8.8.8:53 133.26.206.185.in-addr.arpa udp
FR 185.206.26.133:443 gfs208n203.userstorage.mega.co.nz tcp
FR 185.206.26.133:443 gfs208n203.userstorage.mega.co.nz tcp
US 8.8.8.8:53 web2.temp-mail.org udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 google.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
GB 142.250.200.14:443 google.com tcp
US 8.8.8.8:53 www.virustotal.com udp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.8.8:53 46.34.125.74.in-addr.arpa udp
US 8.8.8.8:53 intentiongi.cyou udp
US 172.67.185.182:443 intentiongi.cyou tcp
US 8.8.8.8:53 seallysl.site udp
US 8.8.8.8:53 opposezmny.site udp
US 8.8.8.8:53 goalyfeastz.site udp
US 8.8.8.8:53 contemteny.site udp
US 8.8.8.8:53 182.185.67.172.in-addr.arpa udp
US 8.8.8.8:53 dilemmadu.site udp
US 8.8.8.8:53 faulteyotk.site udp
US 8.8.8.8:53 authorisev.site udp
US 8.8.8.8:53 servicedny.site udp
US 8.8.8.8:53 steamcommunity.com udp
GB 104.82.234.109:443 steamcommunity.com tcp
US 8.8.8.8:53 marshal-zhukov.com udp
US 104.21.82.174:443 marshal-zhukov.com tcp
US 8.8.8.8:53 109.234.82.104.in-addr.arpa udp
US 8.8.8.8:53 174.82.21.104.in-addr.arpa udp
US 172.67.185.182:443 intentiongi.cyou tcp
US 8.8.8.8:53 seallysl.site udp
US 8.8.8.8:53 opposezmny.site udp
US 8.8.8.8:53 goalyfeastz.site udp
US 8.8.8.8:53 contemteny.site udp
US 8.8.8.8:53 dilemmadu.site udp
US 8.8.8.8:53 faulteyotk.site udp
US 8.8.8.8:53 authorisev.site udp
US 8.8.8.8:53 servicedny.site udp
GB 104.82.234.109:443 steamcommunity.com tcp
US 104.21.82.174:443 marshal-zhukov.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 142.250.200.14:443 google.com udp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp

Files

\??\pipe\crashpad_3324_QWEYLMDWNQKRNRUL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\Downloads\Unconfirmed 470693.crdownload

MD5 d4bc14d79adb65d8a03c1043f0c2ff07
SHA1 d454154fe8241eecf2a53f658aaeed805d25fecc
SHA256 de3e7309a038212864c3f1d717e29cbc3528390f1a8a99b5aee924f1fddc2508
SHA512 71f04ad3d96e5d83839cb9effb71ac826cb9ea6e4701c0e744b7d9f80fe029669f8ce06b6080e0c97a94abe1be44f81b09dbd0b57758cd11249ab1e39fc30a29

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 748ae9d19a76f6c1683096039cb3ec25
SHA1 351662fbc8d9691afd36b02e8275d0a38a6209d8
SHA256 61f7846ed166b2a41012af9cb60973c62952ec3fdfa0d1395ccdcdfd68fd8cd1
SHA512 c103cabc0a91141b9a5e213c027b40f8d778a306c9b6150c2e3ab105113d80a3049f26bc3fdaf51e1aa03e71a36e80137c39e3a0ef227b72e399b64976db9348

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 06eebc32861c6d85c3d2b0a8d0a907e7
SHA1 c1b662a1c433cd789cdb3924bc0054c71a0374dc
SHA256 0788b75b7f0da63ce2d726dc21cc886188464b9ea146fe8332f3be70b7ec48e9
SHA512 4bf5217202f2891cec912cb94e7bb35c6ea606d5a41024a380ca06d917d4d753d4645759dbf923d0c8fddb39436b8248f199a1c4c58b8ba05e45924f703486d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 54dce7120dde7157e4314d51b4813670
SHA1 681732f0e2f4368201afab4a9a71af42b9e0d4fc
SHA256 83e9ccc55d6e078b4b0281348aa9f58f6295ba6454832e390f71a386e577409a
SHA512 744d7857cf127b5f098fc7d0a8d75c2f208f6c61b82c9a8ac30d4d016b1e7b443e59e175f9419061ef352c90a3ec118621418b1ce942368dc23d066f3765771b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a6b47070300c4a20d66847a8521e7ccb
SHA1 aaa54c8ae881612284be7af29644189933044eb8
SHA256 cb48f584bd49aa242f5e2825ed964b4d532b31f1d53ab31851019c69ab2e3182
SHA512 3d125696a0a7c4405af999c8fa49eab3b51b260f09cf206c3087160980e26ce4e440e7a44f22e49fbf28cd036ade79a32e8fa97663c8742a3c6614c6338e794c

memory/556-123-0x0000000000400000-0x0000000000655000-memory.dmp

memory/556-125-0x00000000027A0000-0x00000000027A1000-memory.dmp

memory/556-132-0x0000000000400000-0x0000000000655000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 6cfc05258687b052fe24c86e2fefaabd
SHA1 a53766cf8c4352e65945ab774eae6504b6f857f9
SHA256 6388dc4503e66168e8aa4c0c6fe6ae0b05705157b4163ee107a8e44e0e36c2f2
SHA512 8ea60e945dced962b18a7f7c7c45953853b77fe5c6806eafccccc1ac82175bb7b092d6ae8c22aad14c4da12c9abcaca8c4c5866fb5e37cd38274d69513860ca6

memory/556-143-0x00000000027A0000-0x00000000027A1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7d784451a1f7ef3659c5a1e2c8468f0b
SHA1 fe309ea24416e9e1073469750a13934688189417
SHA256 dbfc69856e65dd0dec6f1a00f1d2a478730b2799718b0f94107462eb3cdd9282
SHA512 22211f915a930410e770c8fe9541e1248bf0f1a16d36ac9b8f8510e424cab34bc2d1af863fe5bd7e345ef33a3a8a8b63df68073a986f1aa4303b26ebcdab550b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c562f05afd764fb9544afc965d6fc24e
SHA1 03770f269fbff2d4e28475104a0611aa93602ca4
SHA256 6f2996467cc0dc19bc5671119fa5300304e5d4cca806d6986b597ea89a864be8
SHA512 1d77e106a23fca6e363994c0583234f428131faffaa536220c6dd772cd14e174767868427db6134bfd56ab9ea991129ff862528c3d6fd3bee4c3614e8dc90402

C:\Users\Admin\AppData\Local\Temp\nso357.tmp\System.dll

MD5 9625d5b1754bc4ff29281d415d27a0fd
SHA1 80e85afc5cccd4c0a3775edbb90595a1a59f5ce0
SHA256 c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448
SHA512 dce52b640897c2e8dbfd0a1472d5377fa91fb9cf1aeff62604d014bccbe5b56af1378f173132abeb0edd18c225b9f8f5e3d3e72434aed946661e036c779f165b

memory/556-166-0x0000000000400000-0x0000000000655000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nso357.tmp\nsExec.dll

MD5 35200be9cf105f3defe2ae0ee44cea12
SHA1 3f4a09eeb477d3f048cdfb848b95aa39b20d89dc
SHA256 0096ae873c75f4e4d802dc97eec9893acc0749a7346e63f25a8d52ba8e11c527
SHA512 f8f7d8a844d588c6e2d6dc54e0d4bcbb1c4229a6e8f4d110a5e3d47eb0b8b5e0860ff5d31762229a731e08d7b232468b2a78c29778a9f0c62a7381db89175833

memory/1492-289-0x0000000004DF0000-0x0000000004E26000-memory.dmp

memory/1492-290-0x0000000005460000-0x0000000005A88000-memory.dmp

memory/1492-291-0x0000000005B00000-0x0000000005B22000-memory.dmp

memory/1492-292-0x0000000005CA0000-0x0000000005D06000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_oqdreldb.tj0.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/1492-293-0x0000000005D10000-0x0000000005D76000-memory.dmp

memory/1492-303-0x0000000005D80000-0x00000000060D4000-memory.dmp

memory/1492-304-0x0000000006380000-0x000000000639E000-memory.dmp

memory/1492-305-0x00000000063B0000-0x00000000063FC000-memory.dmp

memory/1492-306-0x0000000006940000-0x0000000006972000-memory.dmp

memory/1492-317-0x0000000007550000-0x000000000756E000-memory.dmp

memory/1492-307-0x000000006F380000-0x000000006F3CC000-memory.dmp

memory/1492-318-0x0000000007570000-0x0000000007613000-memory.dmp

memory/1492-319-0x0000000007CF0000-0x000000000836A000-memory.dmp

memory/1492-320-0x00000000076A0000-0x00000000076BA000-memory.dmp

memory/1492-321-0x0000000007700000-0x000000000770A000-memory.dmp

memory/1492-322-0x0000000007930000-0x00000000079C6000-memory.dmp

memory/1492-323-0x00000000078A0000-0x00000000078B1000-memory.dmp

memory/1492-324-0x00000000078E0000-0x00000000078EE000-memory.dmp

memory/1492-325-0x00000000078F0000-0x0000000007904000-memory.dmp

memory/1492-326-0x00000000079D0000-0x00000000079EA000-memory.dmp

memory/1492-327-0x0000000007920000-0x0000000007928000-memory.dmp

C:\Program Files\GridinSoft Anti-Malware\gsam.exe

MD5 ef2d71217e8aea0f76791747886e7c15
SHA1 10bd30dfe364cf2872d6e47b78de934f84318c02
SHA256 10c94b6cc8f0c7f7bc894588b6a5f2b00fc6474343c66415c2a0124fb064ba77
SHA512 c30b48e2db2b93568c07fe7ef0eff1736501907fd71167a009d654be8c2b4f5c1a328234908559ca5066bb995983431dc50941c8d20f84ffa7b7499db0427b6b

C:\Program Files\GridinSoft Anti-Malware\libmem.dll

MD5 a91ad44260cb64a971e60ea210d0f9d6
SHA1 3683ff3248c65a19171e4503a13a278adfbc6288
SHA256 8193ef3964ca00c84811aa5baf0cec652e8c89eaaeeadfc5763b2b7922f8ef7f
SHA512 dae0c6e013d3bee715fa060c82afa9e4ececfb69e25ce6842ffc7e044a38605250d3f99aa824ea4c5f41bedd587e99829bd7f664f21f0efc9ab577c078be2460

C:\Program Files\GridinSoft Anti-Malware\offreg.dll

MD5 1eab65173f446a3e116556ce53c7717d
SHA1 3781bf5a8407d7adae6bda741322c13e4e124588
SHA256 54ce76e23156bdb9873014f9da22c023339ee3f1e5a3b7d70c1a9e1016865a50
SHA512 c98f92ac82ab90dd4121860a967a986d07ef848f8d9aa3a5c107857aa78bdb2c82fd62b4731e18dffd6b1267d0e9ddaa940273611158f28fb9aeca74d8b1c415

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bbc8bab5e078646210d5ab84698756dc
SHA1 c354143ee71650955841d1f43a35ebad8c683da2
SHA256 cb705be49d26778f976aff11c7541f91449b3655416d8a219e350baa42393084
SHA512 bf42661ab8e376149cecce8d42549cd2be45c306195899f5c2860fd53351ac497580b012cc7f9f79fc4870e4119f0caf233c7e57d9b9711c110d50f1d9d9dffb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5f4874fcf16758987637cfe3c2e8f40c
SHA1 21f6e19885b7b39710a7a3f8d902e598800c98e2
SHA256 47cc113b34091b78333d13a311e928535d8ccf5d72252b211fa722651c3fca4c
SHA512 e24e4487ad4bdfbc7ce7652cd6ae34d12f29d653fd21f0bd236c2fdde0bea7bc60b6ea3c36d58b4011be206578fc808ffa056a3febba0ecf81f125754423d8ce

memory/3704-356-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Program Files\GridinSoft Anti-Malware\Driver\GSDriver.inf

MD5 8735aa35328a538c3184bd14ee15426a
SHA1 3409029a5d4fda513eca0bd9950e9c11ed371024
SHA256 4d726efb201ea421b9a08b3a9bdad17fc2016084fb8ac4b2120cf81f62386848
SHA512 27b7cf0bf1692e4829eeadc8333c7e4c3c7d6e5b280bcfc44fa952550de4aec4c5f7ca4caf9732373275b39692afa206956f0cdc64728db7913b423c06b8be78

C:\PROGRA~1\GRIDIN~1\Driver\GSDriver.cat

MD5 ba975b5e4691509738a152f12a9f8809
SHA1 7579f77aaf9472399fd183c0044e6f26dece8c10
SHA256 a91c7259f7c152910246f17c3510243d8437553fdd6ac7692fd1bb49553c9da5
SHA512 f7d5c21c108873f56aa467b0bb88329b9460ff0d82096d2ae4d5ae0dcece7454c8bb5fca63d5f07990776b4a4c8181c87e8ca47dca1f567961a316696b1681e7

C:\PROGRA~1\GRIDIN~1\Driver\GSDriver64.sys

MD5 5b9839e88655fc22923952eefd14387b
SHA1 3a47805ddaa9bb6060a6be90ba3d8974e235dc6b
SHA256 06ef34bb12349cff3f2989f8f7e406d6723e6dfc5ce51a3d9c30f93d8a994453
SHA512 ec77d2771481f441a541d38aec143a1a67af771c6481e737661f42eb0dc5d004ed84ae1b3bfcb8f19688147797a28d5b726ec8794c6b5d30f5b712734ed01007

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl

MD5 c238e29d1cb83a8382f7996456b7cb26
SHA1 039e52c39a672e94beae72bfd004a3d590aec3d4
SHA256 708447b7f8deec060d1eac1f414dbea5e37c856f20925b898746f5259e1bcd0b
SHA512 84ac7973bd7257ec44455caef02bef912e82366dbbd7fc53806322fa07eed98238a761ef2750459b5ab468de3d8f800689e072a7c575b038e09186bde539feaa

C:\Program Files\GridinSoft Anti-Malware\Driver\gsInetSecurity.inf

MD5 88d3fdf585816a72d90ad1e2b78ef3a3
SHA1 18fe9c3d1e7916cc23f2638ee7327d44202a8464
SHA256 89173c7324696d2d38c3e425b3d5b36355be14ac4604dbad7fb4d6479db599f9
SHA512 9c4070bb42f5211b6aff85ecdaa2bd0f24002e0ddaa7958e76f9888e8cab61656b033ac7b32c442e6484cd58d45ca9b4185656749368d937e973b041082cf959

C:\PROGRA~1\GRIDIN~1\Driver\gsInetSecurity.sys

MD5 83dc3cea75f4e280beef4d79eaf7d21a
SHA1 2d812761674f2c8a99dcbfc447a0d8a863a91610
SHA256 12770f421d04122957d81739be60485f15dbd52a5b26106bd7891f090675f223
SHA512 5648c208f12a4530ce5eccb5477e406b51358ddcafd23a354d5d56710d61c1a711830e866879604720e95049fbb005e9d34c0861fbeda4403cdf2846d1e609a5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl

MD5 7bc3a348c8cac85e7d0d6801b7badf9b
SHA1 ad665721a8c228e04278d7caad8e844973885f3b
SHA256 cc63198147485e8c83416d48d71f436437a657fd5bcc0bf40f3c5c3652abc71e
SHA512 74be9f170d01c95cb2fd0b34495060aaa3b75cddf1f29ca98b5ae8eb632bab9d55568af3e8095c04aaa8d5aa88d51a5f10fcab3971f26685595ca4cf3fbb65bd

C:\Program Files\GridinSoft Anti-Malware\shellext.dll

MD5 0ef51e9144b9b7fcf4e0ff10eb2c7f3d
SHA1 0f9cdcf769b816d36f1ed850bf66197328826aaf
SHA256 2015fba67096ed00123242d85a9a12bc8fca86afa499cc2a2df822e385b3513b
SHA512 860923fc120a66617f7325094b3a31d56e371fad495a761abc7879c964966528752b8e64917f21199e3972f158f5d5fce38488c43d5233b9603b036a6711ae72

memory/556-441-0x0000000000400000-0x0000000000655000-memory.dmp

C:\ProgramData\GridinSoft\Anti-Malware\database\nfd.c

MD5 a72471c39261a372eb79fad1d5473983
SHA1 f7fe6bfb7c04a06683ab2e9f3e28ba026c32dee4
SHA256 7c667be6f9473162b2f27394f8c1c1aad395c89e497584729ece4125ef8f6ed6
SHA512 b306a5b8e26ab46e72842dd4d1d03ad120b85a24073f3ab65446accc9a319b93d8a542ea3c3cce6aff3c04aae2d7866dc7dcd6507cd30d827e57fe0619a4862b

C:\ProgramData\GridinSoft\Anti-Malware\database\upd003.c

MD5 f2d36069ac7de685a50fad684dc06352
SHA1 696e3780db95d27301e14f733d9a6ec0753719f4
SHA256 7d8e81ea11b691a508fff3fe04e31da51dd5263a5c434fce17c0a2a1e08e496a
SHA512 10d5ea07e254e70b708b0f8f8bb1db9a998381309efbdb02df8c6781b84c109515831e662b5004128a4c2f9e8df5f9e0ec62ba6088b56aa1496573db3fd868d8

C:\ProgramData\GridinSoft\Anti-Malware\database\upd10F.c

MD5 cca022b2081eacfd110320bdb5b532a5
SHA1 89ec339b1709ce2312557e8449ec546a4258e304
SHA256 caf5f7fb8fee4ce2cbc2866dccff6d4ad8c2070c8639f05c42b235111e06a87b
SHA512 5efa4b1c8e67fffa829e016ca906d38f7743d0a9ae701d156f7cfceb608a9023e7e04f34860fb4110517b9f1ad52865566afebe30f2990523e63d95c1603d68d

C:\ProgramData\GridinSoft\Anti-Malware\database\upd10B.c

MD5 2109a32cde9fba1d9ff1bc0a52bbf87e
SHA1 fc910147410b4d1fa4e44deaf9f6a42ef81593f3
SHA256 700e76ea81b05846c8f1c58b11a3d1649d1d23efaf760a6050f6a88bded741f0
SHA512 8431693854c9544b99c1cde8318c67ace809fe5b699f908260a5a068f345f9dcff8a5afffd41ac8fd404b54b0e97c6e521828d15fab18eb1d66746b09eb8a797

C:\ProgramData\GridinSoft\Anti-Malware\database\upd104.c

MD5 799e669078347c9166c240a83611a6af
SHA1 ee6591f7d2316a20ea06e12c92d58fe30c2834b7
SHA256 d6cae02075ab84795d06dea676e4718037ba04567c4ae856a37d2ce7d3ad86b6
SHA512 f30a96bbb2e147e041307832a91a1cdcbbae3c07f6293651abbbf2894f2bdc4613cb30a800061ae5ebd4d75600321379df232ee2713919a45eea8be9c2b47e6a

C:\ProgramData\GridinSoft\Anti-Malware\database\upd102.c

MD5 c4ee39d43e714481606e0d4c1d763680
SHA1 bef3b89a3ea41b11fda42a5194a3fa75b83cccde
SHA256 99966f6e24060d920300da0ed47e1307f423069ab92bf112593c72627fd5f647
SHA512 1da812940bf9802455790ba60831abfa85d71f318b433a15564e4c1ae41e248858dbcd43f53088c65c330ca5b9fa841f1a19e387b29fd07d50baca736565ab45

C:\ProgramData\GridinSoft\Anti-Malware\database\upd101.c

MD5 14a2e976c48bd709f63cd805d92587e8
SHA1 34ce749f10c2e44fc60fded1846a213e8f0329d4
SHA256 916fc0a4666e5391d65680ec993e98e82a295ba1e280498773cc55999438af78
SHA512 b7a68689fa1977d9b3f336933f600cb4e711f54553cc336e2955903962dd7d65a349b6a1f884ee820d858258d67b007bf2d99b26146c3f4fbcc496316200d299

C:\ProgramData\GridinSoft\Anti-Malware\database\upd015.c

MD5 e1ea734e8e300e81fbf77b058fa551d0
SHA1 20204e9594e1454e1ff6b43fd020cee2c82befaf
SHA256 123a3acde2c438c2b8afd0a2ed6d884cc50075e3eff37f8547d71d592749e9b5
SHA512 68a887a264157b0c456364c3bd02d21b875ad3efaa55d9694224e859dab9404ed70757b3e3cff8615f345eefc86ada525e693a9eb028032d5b5befe2d4b19d50

C:\ProgramData\GridinSoft\Anti-Malware\database\upd014.c

MD5 342bd8c50fa9b28915467db9563ef233
SHA1 4b111c64e5407a3524a1e78cc7dfb6dec5c82e2b
SHA256 8b4bea8a6b07998f757f4db68379141169bb6b03e617a254733b7ee2d3de13dc
SHA512 c55fcae2061bd9004221ba960d014cf820b88145e51092e140fb91383daadb5835eca5a2f31814107809654ecaf063ea308eadfd671b27dbb02eaf6d2c9ff216

C:\ProgramData\GridinSoft\Anti-Malware\database\upd013.c

MD5 fbfd2c04fc45f52608728d34299d05e4
SHA1 9ca1524e3a7fef7dfffa57281d1bbea2fa71dde6
SHA256 bb9cbd28bfdd4417656856dfbb7a192ebab4e146e0e4e3375c52e2cc2ca4bcd7
SHA512 4d40bfb473b9bc9c596ee08639f1aa7ec35139aeec789ec2d1c43239ae66ffb5aba9d4af6f8a5f2c45ec0c6b2449575aa6b45ecf83f88cd942513e6e926b78d8

C:\ProgramData\GridinSoft\Anti-Malware\database\upd011.c

MD5 b49765c67f5a65e5a77498730b8a80db
SHA1 3fafb031681f887b2cec9191e0128f9cbe45c1cc
SHA256 03ba1cb7d542f1ece1aeb8807535b3f3447654d78b15f8c94a5ec1af0359755d
SHA512 8097e5c31e1b96d9c668b704b5933e9873f11969ca35c202530125359f5560086f72eae2c2293ecf29b67190a864011564a1171c947fee867f05a87070cc8aed

C:\ProgramData\GridinSoft\Anti-Malware\database\upd010.c

MD5 7d6357efbb4f6f7916e838871423a4bb
SHA1 e401e1c9d150ae754f0f8a764eb643914fdc7b78
SHA256 5f6708eca9ea285695c64d5a849a1f8d77762cf16374590a20e2f813a672cf18
SHA512 e5ae4bafa8e446022f08d4b9fccbdc36f2e86f0cbedced5d89354664355848d2b39f6744e4c17fbb48141be50e45ddb58a682173ca83a3a92a5cb23ca49c8411

C:\ProgramData\GridinSoft\Anti-Malware\database\upd00F.c

MD5 2bcbc6b51959473184fdc7355a990052
SHA1 0b1a91b7b261342cd5da1ba1f59b9c5a03c8ac80
SHA256 4cb1d45cfebc62633e36d9d18ef6e69c57f18a571c173226f03c4646e1ced983
SHA512 22c128cea36238e4004373636d385057c83860c709a8fa54869c10b3c9a37c18c86c1b6af84de8d80966406e2f54f006909763218f865e5168928ef08b133f1e

C:\ProgramData\GridinSoft\Anti-Malware\database\upd00E.c

MD5 a9f5b8203b3b2fd8d212daf456972008
SHA1 be5373d063db1920728edd1d82b97654bf11932d
SHA256 7df292eb3b5b3015c51455feed0a57ac0dda3081fe8e90388b3ef8e0723c6def
SHA512 004e659ebcc14aec9e9e4b338d8cf0d82b69f6608ffdbf447a425e62dc4565f9e17fe2bf341f11b469a16005cee62072de2da9a6e9bdbc768620d1e4f8a1213d

C:\ProgramData\GridinSoft\Anti-Malware\database\upd00D.c

MD5 02e88abb04fd8ad91249984744170c2f
SHA1 86078f519886e0d5d6e5db5ef6e736c438c4c32d
SHA256 c17552bcd44c05889ffe4f41c207bfe5293c3008edc0ffc4778e7f9bf65409bd
SHA512 63d05ad80db0f9fe6b658185d0f496ab3d15416ecb32683b160c3997633d4e1ac12027e4cf8643000318a54d81d2fa979b580075163bbd2862ea5e29d7bb6dcd

C:\ProgramData\GridinSoft\Anti-Malware\database\upd00B.c

MD5 3701440c6cfec552b847452344b22ab7
SHA1 e0285a82e6f047eb24b458b54b7c63c3d41cb00b
SHA256 25f9f40d885adf367d866d52c5be0ab12d376feb680292e41f3a4a6dc1e7ea17
SHA512 54c5c34aa2607f35cde03c05295c65251d694029a6675ce60719a84f75ea2f38e4d2b0624f71897a7cd32469e3f934cd14eddb2bb0d8f03e4c019b471fe129a2

C:\ProgramData\GridinSoft\Anti-Malware\database\upd00A.c

MD5 c394a8c9a7bfb7ba56757c68a67a861a
SHA1 07460d3c66a7162b7c2a2d7d369eacb3ddf10722
SHA256 6fc2dc5d9e923f9f27f6a4214d2f781f78b9581ff7ed1430cdf50b1a8a3f5aad
SHA512 85d80cd5508ca7035662d08f5eebac15a6f70c84ff853bb1e38efcd9ac90b154735258cb590996477f8b7ea8aa51b941f5e3917a530fc51b11af0689788a4f0c

C:\ProgramData\GridinSoft\Anti-Malware\database\upd009.c

MD5 55f6425007a3b572bfd544fa6ffd272b
SHA1 5ad3b09a643635e31f8a50e534e3d7ac0b9d3347
SHA256 75755b7a566ea88833a6f425e8ae07167aece49b4d8e9b8579422a40a1566227
SHA512 0035b8f52f745490fc2af59c121f726ad00aaa8bdf43f64e0042c42ec3b7d1e73a38f5ff5b25d2b8ee7c174723749b10cbb7f1eba337c6a9a93495096c36a21e

C:\ProgramData\GridinSoft\Anti-Malware\database\upd008.c

MD5 a5ce34810362c6006f7628814af04f92
SHA1 707d77ff991c4038e63a060f679f9a9de6793095
SHA256 e2eb95566d2db8e5a84f7c637f7da7fa7e653d9142ba088fe61de102e30f6ec1
SHA512 a0455eda898a68004989a862d6a6b14128e6afec2bc44b2cb97d0ef9e0dd9176b6eb827f309cd7852d9fd69915401aaf953e2c23a07b47fe247fdb792576f9e8

C:\ProgramData\GridinSoft\Anti-Malware\database\upd007.c

MD5 7e2f2ae7f11c1ee34ed1e5209c2e92a0
SHA1 a723e6a6672000fa922073bb4700157edf6144d6
SHA256 75a6d54416ec5e94672a1b9e0890cdde565622475269c185eecba7fbe2bba093
SHA512 2f95d98e9a1d739ee319f10f65659e3f44d626e80d81195db2e4d5244511b9dfe1495d6ff45ae514c6a1f9e4ab77f8fb28a924b30caecbcf0a9860a8a2928755

C:\ProgramData\GridinSoft\Anti-Malware\database\upd006.c

MD5 fc0acf697471474950375ef09190c19b
SHA1 4f670c15b9d04d2f6c9b6c31dd06bc0f0b59306f
SHA256 7f767b4539fe27456b9267dbf1f2467d82cd88df64c686b9d42189e5b47caa11
SHA512 e2ffaa38e3f0d967ea6ba59cd5caf24e43d16cfb859c177d7ab17181a2e1668e79897e8591c5727b8e1313aacbb9d69530c7178020e68950618e80f3bae62eb1

C:\ProgramData\GridinSoft\Anti-Malware\database\upd002.c

MD5 402b1a89ccc6cd7e39c88b5dd0ffb8fe
SHA1 f423c952ddd3ff8d06d6bfc7266d3d5bda26a332
SHA256 63d4b5e266beb793dcdd6fb7f5379c9ba016cb33c7ad74239c3ad53f1e29e7a2
SHA512 1ceff95d2cfcd666f366f654cb3fa8897cbdf6ac1c6a1051638ac825b7f7e940500a1ab3632a4100f66a146ad18f020a24d27f3f48a5ee931cbe5fec39c67ca2

C:\ProgramData\GridinSoft\Anti-Malware\database\upd001.c

MD5 1b74219c4a5a1daeae747a03ac7eb924
SHA1 78bedc1f0bc9aade4dcc6636e5e1d794f3071d76
SHA256 f5e0c8b0e2f516ee43be613f83411ada329581d2adc97343e981e7b7a116db1f
SHA512 a88db236e87639d5170be99a1b305bb535707115fef75c14684deca497578d166d3cf1f5ce6febdb94b5539359f28804ad326832078a61894f1cf8e89dd10185

C:\ProgramData\GridinSoft\Anti-Malware\database\nfs.c

MD5 88cce3958ca536d1bbec6d9966cbac14
SHA1 4bbcc0961268881b60cd5a786234f310fb310da4
SHA256 ba74a7251fd1878c2c7daba3d38ef77f47e7cb09a3f46619a1b7571449331b8d
SHA512 a675fa6bc21c144f173d9d577277dbb4f3f16674d108d3ccf7b3ba6ef2c11c8e6d80c4de7ae1c8f6b37081cea9eeb830224f2830155e5cc9e277a3f1f5abcffa

memory/1212-472-0x0000000008DE0000-0x0000000008FF5000-memory.dmp

C:\ProgramData\GridinSoft\Anti-Malware\database\vs.c

MD5 ea05d188ca198b5e1eb25f72ca62657f
SHA1 87159155f9365793e1fa5a96c591cf0c7c3939aa
SHA256 5c8105c78e54887e89c0e31fdea99ea4e8dcb079d8205612f2251ed0548eb134
SHA512 66056755727b40d6ea8c43473a8d6ac0a9eabc92fe77b1917506c57530a86431faefffaaf9ecf3b1aee2632ac920ee04d76d102b1636cdf5dd853c07979f4c11

memory/1212-694-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2b1b415565545234b820eff4ed870a17
SHA1 bcdca4206e58c92e2b4de2d4080690411ff6aff0
SHA256 2da3fe2f59973ed2297688208a731df037217f99500be815051440ca38d62535
SHA512 86660e82c186b74a4d89084c3ba93225d74fdd0052bfe4c36d85f4a991c1493199ddf72e9da9c6092d56d0ff6f8400ec4ddd0da79cc632c06b59005f5521fa48

memory/1212-711-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 513fbd34e3c771c2918a04c7b5656e81
SHA1 d86f9ba4f3ddcf4951e92c7c2e020e1d54404ab7
SHA256 b1b856c62b36c1798f0e71673eec8566cf12551e4eb1d6dec1bb52f89ee48f5e
SHA512 94ae39eda500128974e60d750615b8dd17514a65537a07426a996b2785a2dfe7ddc8635343da8da1b5c8a49a552dd31db13b7ffbe31834fcd563bdc1676ae1c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 831d738aa36d6f04156ec1795e912618
SHA1 b9ef37428fde5163ce7b4e479f8ed29a96c5a2d5
SHA256 4b1445259017abbd0f482bc7fe5282c666aeefb43b413b2f08fb714582a1c1ff
SHA512 683f51ab824982ec853d1b7b602ed5db0b2db21e8a17b046d4bf05c467623928e83dd5002c96fae9a5a1bf0f0c3d10a544e7bde5cfaab0ce68f5040fc31467b8

memory/1212-748-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5d81b16d663202c5_0

MD5 87d4be79f1250f895f5addd0bf667627
SHA1 b6a73f6a81eef46ef5db48c922e9e1a6585b5582
SHA256 ef3566f0212495ef180fc09855730806923a40d8ed75c0ea37eaef675a424e0e
SHA512 b7b59881989fdfe4613f701c829ef2433512e7882f589a956c7feabcb57d8b8169baa2336024acc83d2ea162b0eb8c2dea0c5fe3456100b54cec99fe73150418

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1b708308e3cc8823a11f28277f2f5016
SHA1 77a12cbe34d33120feabcabea9ecdce5c753aae0
SHA256 339afd698d7f99fd9d2cd1e3507d49e900d639c33a33dbe909fd5105c5d7e3c7
SHA512 f57c7c51273e01f97ec65eb93c2b5dec841b645ebe83c5862c47b7e0185c9b8a773478bef54400006017813768d57345a22a7649acdb799ae31fbafe1dbdfe46

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9ab793d3e85a683646c43b2b69868088
SHA1 ff85c69caef136552dd7872fc0415a70fb85eb99
SHA256 d75c34c6b2939a520f6ae9d9d10479b5b7e0b03a18f736988c2fce4234e68f83
SHA512 c4683d9209fc2437193700d015530e0a376c35633a00fd5c8b8ea03f1663384095aebcd0ab7479f9cfda2e4f92950b7bd4ed3c2649b72b21832bd1eb1f282e19

memory/1212-904-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 08d1c6633941c222d9b0c5924bd0404b
SHA1 b74561ea07816ea80d363263ee1c7479875786e6
SHA256 662801e7524f3b32305d7cd36a4b6a437ef01cba8cdc92988a922c4408e3465b
SHA512 6b93a9a6ebc45b07d0465cfb2f94d2f3d63d7dd6e47dedfeef8f4a76f59c7095ddefc3d93c01ce176a296a60d27163b752a80f9adb03d001918e8d9c067ad05c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 20a3add0e5800e5b134893cf19b948c6
SHA1 382bc6d00b06e70c088d492912bcbfa689b64c26
SHA256 ec7ecd6effcae21e27adcfc10d717c02f943323df25b3c8f3f5d7450e553d9c0
SHA512 a569b733d5e5fdbefe087302d14280b07128902e17748430303b8038df9b7aa3db2b75ed63d49e41259281f634cda70f7191832fcabac36034643884f4043cdf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1e86b00d379098311cfc7c93ef23c2cb
SHA1 17d9bc161604d119695ed495944ca694e0f23481
SHA256 b43dd563bc89377f5a1078b4649cbe0a5520c708fdcaafbb3fed459ec086f658
SHA512 5dcedc4ca0fc9beb5b45268b94a6d70cd76bfcfaea004ad8716c06f051ab88dad92aa1b47692f189a4bc6276afba763612330313ff604531e864800328c299d8

memory/1212-946-0x0000000000400000-0x0000000001EB0000-memory.dmp

memory/1212-947-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d4953856e25ed0fac6f5279cd5b941bd
SHA1 0cce7840ecc48a372a70f88f7b1a03b766f092ab
SHA256 56e6957bf1682349a0a1d35348904355414fa1b7b44310c479d5f3718a5ba18e
SHA512 a20b81fbd89554c6e4fbaab89e910f49ec8139cfbe2eafa5e932fd386ffe273058088b74fcebe49e245644c1bdc0af2fe72ef85e14dacf7e0d91a34d883232fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1bc0b3e7579e4d3ec519a1556a37d9af
SHA1 b9efa08953560696fcd4088a4de8f8ea248e9f49
SHA256 c31ec215c9cfac18aa068c943af1d190f8143143170d69fb46cf139f45ab533b
SHA512 a844236e837cb2bda5e303c64867e6778e7429d72918f925df80220817f4b927e3269014c4277434158e25a16451c5faf16ed2bbd71ab7a71f101656245af657

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 81b77e39f092c9056b49556a83337afd
SHA1 c4ac9e44735bed7c9e05b94ff9bc5741420db5dc
SHA256 1cf5aeb531bc8e578a470aed8c21c376db3d498df53fc2457e0f0d685cb769d7
SHA512 2229286d0c8fa5f340624c6c3f79aaab08d94cb792defe80dc619e03c60ab6058d9e0142d01c5bd2ddfba8ce4aa531abadd414d053dd810fff99fa5b65df962c

memory/1212-977-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ea890c7cee7d0fe7e7e8b151c83a4767
SHA1 ee1706b260be9693a7a385f33230f97502592dc1
SHA256 d332007f0de10a57f5cbfac5ed2ed75209ebac1a7458902160a7b159ca82601d
SHA512 9b5774e02829af2c1cabd450107e4d58aa89262cf8ab41923fbebec23cd8f77a5112c9ab048f5a418d40a3a8c1a166b6774c3a4a638ff825643f54a8abc63653

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1f3e3fc6ff82e98cb36f604e078c6fd1
SHA1 6e71177b1b16eabf58501cce63de525cb1b08ad8
SHA256 0b3ff9d1288823718b646eebfcd984e0f18a39c36606150dc713fd6e3ffd82c2
SHA512 63cff4ff886fcbf6e3fa09452b116c0b2f5bc87844e51a81a13a56f4aff308da570f7c42238fcbfd2e1bb66edf48ab0f770bcecfa1cc31893480f890b08fcf2f

memory/1212-1006-0x0000000000400000-0x0000000001EB0000-memory.dmp

memory/1212-1007-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8be8f86c002dba56699ce153c78783d0
SHA1 d4da318279aa9d96c444bae3fa03df99ece11e92
SHA256 510967b00efd9e37a7dc6b118d72455a10fb31dde6dac72c3e738ff288b3b1ab
SHA512 2387e34f438138256fff1f0ed73a30dcbc1df01d948f37c67f6b38d6ea10e31758fac3a800c88d186d6873a57b9d20f715be7a187796aecaaae9972fbfbd3ffe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c3b7379eadd6e53945a9697023d8cbdc
SHA1 cda269ed0f413ae9fe80216bc865c69f89f2f2b0
SHA256 49f832c5184d2896c62f512821a89dca5c5d32643c9e4bdfdb028fac2836637f
SHA512 beef246bbfbae34f78f9ac0bfdb79d2e9f1636386a22fc586299356ae2d8b0660a9cf4a324ace3765b102f6a50bed5b7a9f891fd17f67b6920e9dbd2ce140c47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6b28e6c50c3305155851c7240d9cf83e
SHA1 e9fe3d3baeb0d96defab5ce39b40aeb14153a371
SHA256 cdcfabe0c7ee1a75c3c6dff565cd72e712481495fea33328b76d5de60761f47d
SHA512 b7f89219f058ab6c652cd86e689031a06f768265a45831107246ba3bca36255d18a1a691e53076246a5567ecffdd6cb0904bf0299370544d3bd6df99b8059c20

memory/1212-1035-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1493189e2ae92c23f512ac82237facbf
SHA1 5b1ce1ca63e07b93c118585d89bc19f3277735af
SHA256 279046639ef757d0aa5842ccae71726d0f02c42b9ba8cdce9949f2e75abda9f8
SHA512 2a1c5fe7ff74dbf831308bda5488b965edee760d1c4530e496c89a05353da5b1b8acd94ef2cd283cf73d8bd1efb8c92ad7a39fa14a24e9b4d67502d0bee7a89c

memory/1212-1046-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6837db68e3f87783461655ca6fef3d8e
SHA1 8d8825a3567d472892b7d971881e9a39047e4b94
SHA256 892e208cc41f536ed37e5402d942a090729ffc8f10bd1b0e9f81f5d0000c93c6
SHA512 08d6a5937f7d1e2f83a7830d50b91c83d1284e847465c4f5f86a3d02046329a725435e9275acb6888f45b1163fe818277967500aadbfd9f34af4511b405bf8a9

memory/1212-1059-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7c105bd0979b702a21d755c07ac33ad5
SHA1 710ae6b85a833b6310e09af3efeee4ec07b592b9
SHA256 c4907e20d6e6b9ca8e88b30d87d291f98aedd26bd16992b5c4c6188d268a69d9
SHA512 7f4c59c361cff840855e1ca7a30b2352fec9c9211c8b6a86603431c099d05db2617bd5d1d3f5792dbbf2efb79c738a3f2527d7486a17124e8106ac326424db2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1fdfa6ce94b3461f8ceb03f5aa061ccb
SHA1 681677593a43e2010f30c9729fa3a6ce74a240b4
SHA256 dbf7c67661bed5f735b0223d87c18f4de6c85073463eb4d7e17e808c0db4e375
SHA512 50bf13375b5482fb6df28f3262177ddde6da7d7a6b04df26b1edd2143d52401aa8bc53f5a0f08b79e23c969a300a140c5fc640cc49689d01b9f5ece6b35b1b4e

C:\ProgramData\GridinSoft\Anti-Malware\database\updates\nfd.c

MD5 ec7fe546efc0ae2fe89b48ea475d767d
SHA1 258f72385ac3da609b42bb466c60df19e1369869
SHA256 ccd079f366e9746ebf8ac511f5683817fae64a2ff55e8ae007ae314c01a55cd1
SHA512 396d2fc6af2287d477887483aa2a36fabb483fb3729eb60a22b0b50655cae10ebc9288dd7a5e11fa44db5644b2a6ce5ab91ac547738f80a1bc080b65452e9bb5

memory/1212-1101-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.AppAds.1.dbi

MD5 3c73bede6425032494daea9a76cbde73
SHA1 28037184741b7643363be97c376f7f04998584f0
SHA256 8a13985aafca0527d2ea1a8106d7d3eb42ae98a892df8a451ed7eacc2f30010b
SHA512 d62a419ad8034046927e34ad3f5bd0f58458cf2549afb01e0c91baf11729d49927682fd3e4518ee59fcd9815ac1f62cf991519eeb16582a6b8debf65e7f784e2

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Adware.4.dbi

MD5 d43980eadac153d600783121744c6ea6
SHA1 58769e88e7e2a8df5e62a97d2ea7a192edb8deee
SHA256 8c83003393126e0388c8a0865d08c991e65ce2158a87b82d65d169612e1d577f
SHA512 2b8cf855d85548c60ae0d6d4d065524338ab8092f5d913837af270e74ad16beb6446182b435de866e094288e8cdacf3ec7b398beff1449e04ef244b5840a9eed

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Adware.3.dbi

MD5 49ddc645e474b79ee4aacf6486d3672d
SHA1 1c7d7f210f28e5af78eb0276531f7e74d7b752a4
SHA256 bdf109c5eca490816594cfca4519bb99b9c2c1bbce300cea1a46c5fc93e21a09
SHA512 e21445691f8097178325a13bb191f027f4dfd5fed9a472c2d6c500b3d3812639a9eb1b1619e0f3646284ba629f0f12fe4877f3f712d945d0d38628cc51dd7b2c

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Adware.2.dbi

MD5 81ae66c23523166f9cc99d3100b91fef
SHA1 a27d7a7ca858e44b48b5f45675a59c523e05b1d6
SHA256 69bfb46f03806c777e2834406df112a6e78d860710c034ead1165ba5e5831830
SHA512 740f36c7b7c3c5c622d18d2d11f94db919848b764c3d988d38725b9e0370b8e4b821451c83638596596dd9ba00e1f4ba07403ec23bc448a59b744e2ae44d6edd

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Adware.1.dbi

MD5 58c22dccc87138f7ce3804d7e1f0daae
SHA1 7d770092b8cd2ef75a82e83d65c6547fad7d3558
SHA256 a8fe7ab1ba384e60c215a27f768223698512907568c1d91033c25021c5814a77
SHA512 463da51c2ce8d8c19fd480a2291e1f5b862b6675fbf95d92590dec0644a85d298a1047464f73033ff36194afeefc0df7fa8079702c310307da4cfe69ef81b18f

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Adult.2.dbi

MD5 be617f189bddfd82fb6d3605964ea7f8
SHA1 700c091d08b24030a568bceebb6abfad6dfd93c8
SHA256 a90747531a89ed9ea5a62a97a16c7ff3503b2fa62607790a7cfaf7902efa96e5
SHA512 3cca80a0b938a11ff329eaa7378c545f0c142989018e34cd1146a16e07f246d590d915a43844fbe299a2427cbf19e9c44b1a88226e2c216a475fecf84bd677c2

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Adult.1.dbi

MD5 821d5c8161881a82bfbe67a9c1287b6d
SHA1 239945d6017c9c9a2aeb878265af194800b6bf9e
SHA256 d93d4d5256e15160cd7000c1334a2f2bbfd3c8aac7492c3fdb3a0c7fdb67334d
SHA512 03410044ec1041344cf0d857c4a0f73928fd2af3904f291753c92a18156ad1c9260bbff2a248e9b763b432dcc4d2c880f9892f062b0d56cff50c65f8ad659d7d

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Young.3.dbi

MD5 ebaeb874c6bd0fdef9f356273b687bd1
SHA1 ed5518db8e58b7f63ef6de7dc7ef80a99fd27872
SHA256 3760dfe60a3df54eefd0ea18d0bfcaa3ba562bcf896a172d9387d1ddd4eb3a7e
SHA512 49fc21e56a3b1a68576a6a212ac3b2558aed750215f12f607f26f88e700d119fc33824cc0be69b5222469e3b3d5fabb00be1c19c7dd2f06477eda53a0c65eb8b

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Young.2.dbi

MD5 148bd637071ad6e96f584b49935ad781
SHA1 fdb4e6a5a504ed355c4dccecbc652acdcacba574
SHA256 0a621da073528119df1faa29b37aefc3e1ec69ead152186ba1b5a23d5319c92c
SHA512 a8879be9844b0955d3f712f0532eb2bb24c6b3f0e4d56e26c67c26ad0cad758afd00ce0cce017136dbb61d9511962a948d1bf43afb6499883587a5e49a519178

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Young.1.dbi

MD5 b6dcc06e705d32a0d8dd08417ced4a83
SHA1 b85b53b21bab01d02db4637a536fdf81c68738fa
SHA256 3dc2a43b3b87f0a3f69b7e9d42140e785b0c14592f181f523999d80c68ac23aa
SHA512 de776b825b42f02ea215435ce093d0fcb2755b293abaf8ada3788e6343a976ceb182ffeadec842c2509359cc6ab8855c0b48019226730f2748fbdd055da2c526

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.WhiteList.6.dbi

MD5 dddefeb3e1289b9f97a8df49e40bd8ac
SHA1 cf5d429b24da0969faf37a8adc17eec07e4962d0
SHA256 ec65977de3cabeacd7988c5931e3562e0aecc46d5dc31576c1299a769c570226
SHA512 dee924c2b784665b28a748f0f6da9c66e0fcf2855636e11161ff628dbf5527d99c71583a59d26bb4771c85e8ca2d946a3366c118ee6dcf158457ba43ce667325

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.WhiteList.5.dbi

MD5 969762afaf6169998b0b44ca187331a1
SHA1 959c395b65513a6d07b64b625229b58cbfa26480
SHA256 1424788ecb77ad0ca9685f2c5b48cb993839492c8f68e9dc1ccdf14bac3ce62d
SHA512 dfab6257435d46d069a94fc12b7e301c49b297737043d9766dae66f113f1d19aacb05590dbd01de58d00a8216d4db26983acaa3ea240c77de551eecebcd65dce

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.WhiteList.4.dbi

MD5 705887a9d781c96b89b7070106efe7cd
SHA1 5749fc919f4b4f4cbfa902f7cf9fbae263e7a5f9
SHA256 7f608783cd1eed98f9143a3902380e3393b50dee27219671a4c68585eb5f0612
SHA512 4b39ff8b561bda95111af5bceb7eeb892b26c597cb37e1850ffee822b4a27df6e91559852f95a8c1205db206e873d5d25360b329ab9465ea7790c31c5c20343a

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.WhiteList.3.dbi

MD5 4b4fb3da230c41ff3dd8928e059e39c9
SHA1 48da645fb6ca1184bdc0947be225d9740c3aac0c
SHA256 6a689af9385bf3d23671a12a9c5209f07883535599128403ff77625be6d8bcea
SHA512 c7d5ccaedd11705f194583470b7f23f2ab8d692626ba152bfe1909963f6eaaf14ad48fc7e78b164241176c2bb0b838a99ad13a58ed21c50a5383503de7ccf265

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.WhiteList.2.dbi

MD5 815ed282e9a96886f37b8f813a475c1c
SHA1 3c45c4d3d3f1da95d22478faefd18d7f925eb7c7
SHA256 4e34d84d5aa20ca5c8dd3a084d38a135227728fd724e9138d8089ebe7fca9792
SHA512 366219daddfe9919faf0b7797d518554adb119b5221a8fa1b1f5450e3b2a88a087f972385f66b1ad4116c560a4db3c5123f8ae90d77f1b92891b826ffa6fd994

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.WhiteList.1.dbi

MD5 758ce71d115c97d9ada2b180aea9bb51
SHA1 a7eafeb15af045a692ef7df52fe727c20a5c0cb3
SHA256 6e5499ae0eaebced5828f8df9ba41cba467a925a106eea7df0a9cda1862eacac
SHA512 b175bcb562d80f3dc980504a071c3a448643b893a34ed124a1196963b11b45b67616ebf4eaf936517dda5dc2d6c3ff8570d5e31664408498d6e3eff202c59745

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Violence.1.dbi

MD5 7916a55a3bfe712868870a2751288a13
SHA1 28dedf809fc9f5044be177fa112e281e3d72ac0d
SHA256 51584338cadfb885d032dbb4f7e84a30ad2a515753ec7e5c1e68ab7562df5134
SHA512 da1efb08b4a59be52291f589bae7cd9ee7eb63619bda1ceaef0029590657d1897f018373d9db0cf2397e03b51b5abb9f0fe878f5ce3f2218e0bf7f4809cc927a

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Torrents.3.dbi

MD5 dce5078111cd06c0aea2e8c84f90507b
SHA1 df91ac0a4a051ab187c882ab488dfe1d9a32f521
SHA256 fbefa881aa44548cb3a0421a5f35ec191cb7db42b17911914959fffe63f547da
SHA512 19d5cb7f223adbd34e448b0591ae31eb1144df4a2889d6236400dee6fefc20627555e8d9aef6ffe94a0302adaf9f501972dd30c37e51aaf049e3e735a2d89969

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Torrents.2.dbi

MD5 28231a0614d7334972cc4e37f5444fe1
SHA1 098d81146127dee9129bfe3cf3cdd48050db75bd
SHA256 56f987b8d7a029f576ddcfa4f1155e3154b5643aef8c8900c3a9bb9f55c4026c
SHA512 bd75f7672a7a1734dd5ed2851007adca96c152100a1741d99a466e61ddf92795a51a4af5c13eacd282d6cca57d309d92e49abbd2662b6388737227596bac356a

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Torrents.1.dbi

MD5 9fd26caadd69ba50cc65abdd5f21d201
SHA1 9a6580a489d6649a5679e5aea155c68ac0fedf20
SHA256 b740ca3f97cd6dce9e7c65ce1cd7946b6fd4e2b8f73d224b7186d30a365e09f6
SHA512 9f955e5eb2194a6e0cab1b89b5a2928b7dc26d24a1fd689836553e99be2118d1dab2661d80be6e5f5bfa4adc7895cf6fe092f17cbd81af0464a907b8f7dc2b52

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.SuspWebsite.9.dbi

MD5 0ee5c497eec81cfa62eb6a7b77d03ce8
SHA1 514d60d574a29e03e282e3cb0a7c2d9c12a3e3b5
SHA256 bcb74aea435885c370660bde59ecff8cb478200a9112db4aaf3f13d5f07ada4b
SHA512 46fe6837c486ea59e72fd611ac6950d1291790f06ba85c04a22b35ffdc4fe522f6161e31b6a966c71935ef83f91d5c7004c0f5b6ceabe660db8a775aacf1550a

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.SuspWebsite.7.dbi

MD5 9743c2cbbf2fd1bae5c34f601ec2a84e
SHA1 10b9bfa9b6c1f689be81e5d4c22081d208a2fa85
SHA256 c18057692f784dbfda5233a506d02b7250cb2d717526479b95eee446e89bc132
SHA512 257c59ae34c870309c6e31bdecff57da54c9dadcb23ba45b5fc3a8ab96648d7bfab0be94516252fea3423b2630cd88f011d6e2d9f651f5a5d14704dcea62f8b2

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.SuspWebsite.6.dbi

MD5 b0d60835da6b175efbbe076aec69b06f
SHA1 bba7aa609149fe7bbccde3dc30f4976e348be74e
SHA256 cc0f592c1ea311c88e0d24a5151abd35464afe02f3afaf1d005eddf437dfca2a
SHA512 413505311a826bab1f8cf926d138dc90b2880ed9e4b926a93633b4279364c43998a0eddbf6386a185ed815b7c5fcaf7a2df99e676fcd59a236a5a135508cad85

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.SuspWebsite.5.dbi

MD5 01b27efbf653cc269aeb02deaa9090e3
SHA1 dfe74e41381547abaacb96cc2c83b6e9f30ffdfa
SHA256 76c5a974f25f38e6bf8087a1310bd23e7ab594547633bd5af033fc8a6bbfc1b1
SHA512 bc87076bd7bd065be97c043107f1733f2d209ea087ea1dad042d032bca9836166c91ddc3b9eb98f2d8699a70af3696efca7782fb2058b3568072bc7975641768

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.SuspWebsite.4.dbi

MD5 f1aba75997965b9f3218fa861d826bfa
SHA1 5ac7e7da89f9bd384c63a2a123b8402e6e5b0a72
SHA256 9c2f7ec4c15eda6243d35716b6ba063402fa00e801d7ab0fcacff44a3d4677b8
SHA512 91ed277269be67457a9235323a74365d85ce2117d4b336588b5a3a8a0778c32a9c1d8199da8810ab7683b73f46e795fb27a3b582790c1c163a2c7d7bfa5dfc42

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.SuspWebsite.3.dbi

MD5 d4820456a7da487b006a75a4eed092e7
SHA1 20c06d1135188bf789fe62edd17c339d8eaa4194
SHA256 360fd131a7e5d0d445bc2f245839823892bca36efda2bd8b0662d38be1a6b404
SHA512 94201b5ea27c3bad0713a3d6d4fea4b4852ada3c89f023fe2a16ab8e9a519b5b0e237d83d84e83bca96e107de042353f71ae37e08b54500a16852d34aeb4f87b

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.SuspWebsite.2.dbi

MD5 af7f455972a0178fa2600755116f99ea
SHA1 559bc61ee64bd5a4d8fb876f87eb2c4ad7fcda02
SHA256 b477bb305e4601683b68eb008ca9722f5540b7db78fb24e8fd2f7c38aa113666
SHA512 c0a7bdb311ab46887c251d80adff141f9533e8cafbaf984125477418589851df4f73270c1e164fd68f868948ffece2230665f6e0869c807161c957cdcfbc81cf

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.SuspWebsite.1.dbi

MD5 7629da295444e4029e9a414994940ad6
SHA1 ba8bad8995587e2e58d96df0f7158d140fc0adc1
SHA256 23428d4ac8468822cf05f95309982de663ddab509956cc2fe6fb43260eb87614
SHA512 161b21030e5ab0b0b7834cbbc75f81777574c8e9318363e6a53af6f501aa136db9ccc4737aaecdedbab55ae889dd8db02ba89147340f695c8bf6b7e999e1e19f

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.SuspShop.4.dbi

MD5 eb0cce8bc6127fc84b0b37ff3559d3ba
SHA1 1b5a3ec872c4342213ada8b67937933f13984342
SHA256 745aaa7c63e87c05e5952e4a8ab8aa742eb9a38ccacb505654875b393a3c33d2
SHA512 1de0c37fb53d523da015a88470a5ad88bd5a93d0983796a8ef74fb24204a50b58d58adf8db23b3b41076c078ed4f0ad67a26d31b9ada0e5224effd748530df04

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.SuspShop.3.dbi

MD5 aa6fa28033b8a679682fb91e864cb25a
SHA1 96346d8c003ba31e3d2bbebaf8896ec4abcd2715
SHA256 7c557cc7ba917cc64713ac9721e830bcb3cc28dce29f12a9b89e1cafb3033f8a
SHA512 18eda8d319fe3b23e4e89f0bec29682a9db5ccc242a8b5f58982d02bf94ecbae811144c5dae0e0d0abb4ecd2378f70d3a13d9b07f5c894b3a6ec144ee40ee588

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.SuspShop.2.dbi

MD5 0a5bcafacf5b85d9a42bab8fa2ca187e
SHA1 4cecd636ea59b8adc4326391f4bbbbbcf62c8ba9
SHA256 16f8517965f2390f4a094eb11343f8472925754fc35fc38b92c0e6993ead8420
SHA512 6e661c6dc37406df502225ba0a1ad802fe12ed1a24200a744d93ad6b73e04befc670164ec7d00d04e90eaf2ce51aa796e14fed20dbbab65154fa0a6c77f63e43

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.SuspShop.1.dbi

MD5 b60135cf19bf1a07804dd3c6d7622419
SHA1 1bc5a453ab0fcf55e92838e176bde77051c3dbe1
SHA256 4afa1018ba2489b7e0bcb4fc214184285531be87e3239a3d73556fe3212f97fd
SHA512 7172fc153fbf8bc94be645d37c1b7b81bd0eb28068acb02318868262c833a6fe1bf3502e826f5592bb11b0018cf705761142490233898610a37058bbe97ddb64

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Scam.5.dbi

MD5 b4267b9308dd8f3a7bc5979f5a1a074f
SHA1 c4c70be885e2026c31248eca1abac8e420f3d310
SHA256 ee31cedb3962f14ed477b0c7bf06596787043653f36489af2c4f17c421049737
SHA512 ddb0babc6458f16de44e63ab20baeee740cc7ec604fad7c4dafbca75008188d17ab2174ab756049cac4e77acb090ef8540c411935111805f52d463391d8d1453

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Scam.4.dbi

MD5 5e96684bf0c3986d923556198fbf1c1a
SHA1 f2f938e3115e3064fab0347959978a4e79beac3a
SHA256 3128af81441a0cd0dceca08c32dc9522d40d600b4cb7c21fb5c11e0fdf1aa075
SHA512 7de5477258ba882adad370eedebd58b6d54676566e769645076a6329b9338f2e9d9d70f6eac42124b75233deb589337f1a55287789245f0bf4c0cfacae76f950

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Scam.3.dbi

MD5 69a7563fadaeb98204d71213348d617f
SHA1 ef0c51b582e69ae2c844074c761eca62f4da24a4
SHA256 f11e1fe184e102dc72b6a1eaeddf1d269262027a5cf4eadf68a141948edcf739
SHA512 94d317764c18af2bf087293365006a6e67b6645100cb07a65941d1cbe942ae53bebd86bffa029b605021c82b67f44930f818f8a8dda773edfc36b4c20df48ccb

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Scam.2.dbi

MD5 d144028aaaea8da3649ab0fdbe54813d
SHA1 f9698aaa89a42dfaf666743c1a60cd632097bab5
SHA256 8303a2dc53b200fa80bc7a2b14ee7c382234c837847b0c40c9e70c1b24275a6a
SHA512 d82dc3a4319608e901e2bb632aefb889f0b4a5bae44fcf53ffdf2f78b4068541d3c506e8fd59a11f60f624bc91374bf4601bcf6020cbb4285bdd011dcdcf3d75

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Scam.1.dbi

MD5 fdc39f6ead5eaac1b6d2a940343ada98
SHA1 30b52de37d0aee8814ad0c695eeb90dbf297c141
SHA256 8b0b330629e8abd1c94f0d9141fb9c2951e61376dd46d2fb4d58112f33b1d3bd
SHA512 9d01312ac13965f2188f0c91a72c857e4574a122d1ae0a90b6b6e2b2a5cfde8efa27e1d7a6745070de09c1d02c8a431facd7eb5ed5199fdd00cf9d96646bdf38

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.PUP.3.dbi

MD5 d8610a905c9855dcc4a0a3b517368e92
SHA1 9490d27bda36419c6a268aeb3305b625f688ac4a
SHA256 8cefddedf1baae278e35b28f61cb7e7a66152b5e0f60e6b38f524c1c1584c21a
SHA512 a74ce527e8124746e7e2d64f751d257c28a3754ea334586e43c6befe2e7eb4a8230e55d8843081102f442160b79ad6984ce8195ab75954d5b5166ce4107bd90b

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.PUP.2.dbi

MD5 01abfb49f4e49b8da7e46f04d7da4ccf
SHA1 32450d041247c4d1dfad53f5e56b819e270c3484
SHA256 6e9754423c8e76c35b373ed28b103ba7976a343fdd410e2e77dd2a911b65a667
SHA512 47e71854081d9fc493d83cf6efe4f95c68bb3a52e55224ead0eace6fc8f8ec22f07129ac0318b3a47cd5e3356fe2b3145f9718bf52efbbc2d37bd218a165be9d

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.PUP.1.dbi

MD5 3bdc1350050c9237be93706bbd2c9159
SHA1 3bd93957b2ce0143d1ecedb8322f86d5d414fe52
SHA256 0d1d6fa423469fde22e2f4f05d5a20de666d7bf4df6372414b00b6ff5bf4db02
SHA512 cc08a19f654fd8fde388dd5dad93e8752f6517fb1e5577aa7d86f420f971be78361efa8bbcfa4b3dab30fe2be0beb69925d1ea8ce54672e379ee68c8a7eac0e8

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Propaganda.2.dbi

MD5 58b3660a48fe9cd912a2213a1a03f3d5
SHA1 96119cd62046bbe0a6d1e44f7e3d2520e4a63f6c
SHA256 eb64a81e2c7397f232cda7886d2e70077adfca0066c3d8e8bbc4feeda6405900
SHA512 1fbc79be000cff07a85e08ae351de069cd474fe23cdc64703b40376c6b742dbdc3f5acb284f444ca3cafc0c08d84e1e1ad03f8a19f9a1d24b34fd97407edc34f

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Propaganda.1.dbi

MD5 7c96c394f7a4b332e47f58a533a2c100
SHA1 5af27c7fc52c6ebb8bf6367ea425c848c2f1ec42
SHA256 fbc9720822dfd2c524bedb890e7d55ed0e67cdc5bcee1b20d6aaa0293a13d570
SHA512 d44b5ada8bf3d64ed0755c97e88f29709d2a8182e39235aa00609396600c8b732620d6793ade014e7a7b844812d0a4880a2ef8ebac2e97c13b1a9a9583277cbb

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.9.dbi

MD5 9931de7d6d652e5a73845b8835857cf6
SHA1 4465025076578f66fc6cc3d9163ed6f6f75d5259
SHA256 014ebecc23b652e7a3d30898a54a0572acc2b47b4f553b24f0335d5a7cedc3ab
SHA512 3afe33fe98cf3d501d21c644199ce37d73fde0944ac9abbfcc844d57d6f61605354f6d7fbf14f1d4a05d0378cf643878d5962b542b47bce8c79f5960adeeb15f

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.8.dbi

MD5 ade50f78192d5d0b7d835e9de5fca88f
SHA1 20a49f5f0fb3e4c8411e9b24075522123476601b
SHA256 a13efc4340fc18f3cb2b2a5fc3e8cebb1e8297292ca90cea6e77b1a50c0dae0a
SHA512 d730a848c82518c79b901c14aec7a6c0dd94394e14b6c3c209c68e39afcf78082a2ae821b6cbb14b9387d9bb0dded832440fab32204547224ce89b0ac0d3d9a8

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.7.dbi

MD5 9bf43974c31275410caaf9fd79412788
SHA1 5666f2dac27e82cc3de9c1fb672194e6b8a15db5
SHA256 b9739256ee9b2fba4142c0bdcd6ef2800fde20a2867aa190cf1b2608a36ca6db
SHA512 f5ecf6a475c4a113f2255520e95d9e5129dbc31998055456d22e0a31eaaad8da678f8d2e930277f51ff5bfeda1b42df36983b3e116d3edf564da0ed32b551ca7

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.6.dbi

MD5 6acde318bf0f54f09037962796e58558
SHA1 ba85927c3052e3121e9a14f7f11991d36d1cb33b
SHA256 ef09c03be7b0037d596941e281461daef4edfcb3aae50254456071fa308f83d3
SHA512 2dcf3d8a628c1555b7e3c40e971fe2e66ad40f97ce3df817f5b5ab79dbafbb77eef95cc776352a61fd42a91f151f7eeb4d818cf92070d70dee10719ffa0fd057

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.5.dbi

MD5 627fb5360e861dc496ed92a59d514931
SHA1 de3d140e3e5f07d09e84e852bc4ca6a47614b0c1
SHA256 c503cd22ffc735eba22f76a71f96a3d5fae2344975e4d780638b452243c92ce6
SHA512 2558c565a37f201ea7f1ad7d408a9668dd04e016f4d53fff3274719a3e7bcdd5d4edff46e8054a77ad93eaaf8de2789f9cbdf149424b6c721f2f7a13bf579afa

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.4.dbi

MD5 998abfe0d66e65e0b9d98b873ea86f14
SHA1 8541905708e5b3cd374f26c719b5593de0e70ff4
SHA256 a99565898083ab8ad8deed130b470d57454728bfcc272843addc2e5f87a00197
SHA512 909c9877c2cb7b2f06803177b1ca130ba4f82fa58ffcaec026f6860fba1225da6a68ad8097d6796a3e3c763e1606686e8eb56af4121e498e030f187fba0982ac

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.3.dbi

MD5 201ac78269b7896723b41cb6356d8b58
SHA1 e8c9206384d6bfe13c5e25933cda98feb57dc1e3
SHA256 f55ffa116c55f4c32f26e2df1098e10961320af3bac2bb3aeb43d5734efe1bbf
SHA512 f061ea951e9419ac857dd1319baaebd8ce6665a1d63901db1b26b66b5b3fd2c2e1e5d9f41a3428a6853b879f53ac545d31bd411e6a5ea5a6e5a4fc70933448ad

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.20.dbi

MD5 8dfc2ce2e0c3d58b484ce0f9502848be
SHA1 0d4afc275824995f031ae82b008e0424cf84209b
SHA256 856cb6f2f8cf53228c0064e4291fdfa9b06c6a5cdb0e93a8903510ded3211a3c
SHA512 b7363ef0eecf358cc7fe6fa0c24d12a7285dbd3cedda4df6e502f1204650eba526fe4232cfeece759b03ca03bdafd3a79f72000bbca0a60faa36e411f79af817

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.2.dbi

MD5 9b940046083df526813e0ee294bddaca
SHA1 9fb6d67010dd7b33b2ce40aa86df1557a14e34c6
SHA256 bade5a4301216e4c43781adff8e340e598ababea9a2e8b1086aa0d4a470f957d
SHA512 f4a7687fefc6424c702d34ff110b79eb1247e36ba1fc2c551746f49d9d140020c14d3bcae638ce9d495a272bb042a349cc7d064aa6d9d0c238f8bef83bec8456

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.17.dbi

MD5 2b97ec8423ffdcd71ac02f30e5558566
SHA1 7982ad51b265e13ed062a539490a270f062d4cdb
SHA256 509632c60a899edcd6f6bb86b72b9080f9ccc3e17d69da37f14d07282ecf5b96
SHA512 30b112e1cd1ff71852fa0b297283b1cd0f2ed8583c3fec52159717f7cde9cd397a2a21a6f42a9b4286a04a252e56904722c9f606d511ca59104ab56a60a6dc8f

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.16.dbi

MD5 c953e423d795320b4e2e24878e377888
SHA1 05a36e46cae9e1ed3e24ee3a0dde2851408ccd9e
SHA256 bab8226abc5992f47041671a39a2f4897c5c1ab502a056e17f97559709f18449
SHA512 78e95bd47bc96dad2aa909352f19e690c5dc0a35d8b751e1b722c7ff4515279b46bd0ac6036e4fee01c16c7e6d4c85a4e9fefdf84001eee7836344b7fd527488

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.15.dbi

MD5 b77f9377b16c7068e779c59f3f511add
SHA1 49e3806bd2defade3ab3ceebbd315ad79dc14617
SHA256 4230c251a9f8428922a2be552d0fa4fa8e3d007022d42823108a3236b26f0e70
SHA512 0a728949756621b854b8edac3df1efb1a8647e91d37c5c3ae77ebb82f747607b68381c0a28bfa07f895a53e319c4eea5ea8a03c76b336cd0cb957bb0e1b1bd90

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.14.dbi

MD5 1a17e884ed0b8000f03cada7841ffbe7
SHA1 35c771d39c332bebbeba241f2a68c09c699ef62e
SHA256 fa1b1725ce4190faee9dd7c4504cf1d1e5e7c98eb841c8b15071559bf442637f
SHA512 e03ff02732e1692f8f8e04fa121ef2359b75bda601e49796b28f0016323f032f7491e74c4c812f23a5326d65c10839165c56bc032efa6b5dcabedc2a37077da4

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.13.dbi

MD5 4fcd70cb1dc52fff56853bc1801229cb
SHA1 87964110604e76a2db37e0c7dbd5e02603b926d2
SHA256 51baa2c1984c3ee4c03f0add56ab1c2022ed23b4452cc34f40fd2e0b77646486
SHA512 2413429ad65385c3f4935734540d36e7a6158b0d1c51481ab59f28b6c3f4d20f566b0b77bfdc3a3e8ece3944a024ff9e83084146e4cd6151896e080ac5253df9

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.12.dbi

MD5 7ef08e4d96c2e9b4657b474af2a5289e
SHA1 c9fb7bab4a2ee2ff5a60fde09e13f84167bfdfd1
SHA256 e60153b88f81b0b370e1a2ab48b26777d8e33e0a47f7421ddfbedec84a9a4835
SHA512 ad584cd317e08ce38a3484ed0c4237e85bb30cb3caca6cae1fd38ae164c10cb7081fa53db4244809dfb0acf377bb7e0215fa811fae2b8f755ffb8dde9dfe59e8

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.11.dbi

MD5 444f51b97e45183042df4984e28530a9
SHA1 c85196bae8617828008b2a5e098f323d85b7ec25
SHA256 311a3f74830c65cb4fe496a170f948d929e479e911f29556a2385cf4e3fdefa1
SHA512 6c41d35a06489d0fa0598880adf409f0aa26eaad93baccc1c56f0a7c12f42e7bfaa436790168a66466191f492a6cc5d65e97bc64a1168b6e966d4ae604de7522

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.10.dbi

MD5 d298bf28df0e4f66595acfa5ceda6937
SHA1 9f1ca0f858a74b6a1ef41b5cdecc9aacbe4a7def
SHA256 e0b2cd312808090e655eb51768ed77f78aa7cb64082add85dc2a08d36f0946b3
SHA512 dbbd1cf53e0847904d1e82ba8b9c355824ccd525cd12e1eb3cdac7ec5e91caeb73b13bdc5d5b7539f8efa141e0a5a88327995f17b1117ab6c50fa6895d5e70b6

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Phishing.1.dbi

MD5 f7ba5ee0d66433bfa611f39f7bbf95df
SHA1 a5d88d96ed8be17d2b5421403551a1f788958668
SHA256 16f64c10ca15e6da435c1712bcaf50489759e75cf0e6e02ac8555da844050d2f
SHA512 90439513ff78b0bc6903081c98087e18a8a9e37bf2ad98b61a50b4532c73104eeff3dd3db085388986651d35184be7afcd3f4adc5940c134964bb979f7d85fb4

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.OnlineDating.2.dbi

MD5 d12efb5720ad1fc295d18cecda5aa9c2
SHA1 8ad57d28552d00c1d07ec093442ec98bfc98391f
SHA256 c7f94d5934aefb476a6addfdf4d7db27b4582f2dd6c56d8e41797cbfae54d1a8
SHA512 9f583558774f0a5d42d8e2f21d22485c60607b61ff7594d305fad1365a706f3264ed28b628db763033d152296cf33ec8b9cd32c6f80905acaf4c8d1bf48bfda0

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.OnlineDating.1.dbi

MD5 08b2b4ed52f43a67f25e06cd8355e790
SHA1 91552adbd02962c45f8cb80107d2107e7d217b2f
SHA256 e8e2c5b57807008d4a59f93a58c5cd8eaa66b45aaed2c18d04e9f52549b8603b
SHA512 8ee9251616e5013b4a439d062613b6f92c97384f2f37eb6e0e97cde4e1089e0349168add41904e02297ba5e0a703e9db8b522e41a4d6bf2d43a319d9224ad396

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.MiningPools.3.dbi

MD5 4c060609ae9838939231087ee82576fd
SHA1 300d9c5ab625dcf2b92766376a0a218edc090bbe
SHA256 7fb949e2b22faa93845b030f45f91f0d73b6e095056ec8c5c58dfacbbbc2c9d1
SHA512 d77d9a47a212cdb93900e2c9efac5c4b30eb2f70fc21756d8ffe41a8399d9a190c87b3eca12af1b694f6167d7ce3c042dd68981b3ffb287838b1cdf90ea9a4b3

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.MiningPools.2.dbi

MD5 0893a8324b3bc703ddb2181047820bc4
SHA1 0848af54772dd6c6c8f3cc9ab395dc59c2f1438e
SHA256 090108031224995fba1d7065d2ab8cecbebb5cd27fb8c5a5d8420efab407c55f
SHA512 ccb190e6ed59db846200859e2938958ce11bd9af1ca4c0186c37de0abea0c0de4f45a6325a723bf4bf7ba3707da13bb57b28e900e327374501fed27b3ab29901

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.MiningPools.1.dbi

MD5 bd9f73c6c59729d601bc2f918d4f2c5b
SHA1 6da0e161d3ae5363fbb137a28d8a89e6eba43812
SHA256 b00c6dcf997c662728d682a70e813ef8e2db9415d861db7217b9573947fc0db6
SHA512 c145d04b6933a254d8fd8885108f7c0a6b2f7f8d3eb78cb6ca66ae8dc95325fed56974123d2597b0543e64d057122e9018f596df7415b34a5c4530d1e62823d7

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Malicious.9.dbi

MD5 0fa35dd87cf6047946d5f87be9e4d298
SHA1 49958fc1e156c038f8ec1fe88f84b0e9e54abf74
SHA256 07423ba5703d3c24a52974e33163ea771939be6b17beb13287402bff933372d2
SHA512 2987d451d85b16e186b8c93086b4107616de51402ab8df472d42ba707770c47225d40f5f81f443fae78259a30c3c85c261e35044a4175bae264a3240a408e3ec

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Malicious.8.dbi

MD5 4e27eb5b2628e3a755da7c6e65fb381c
SHA1 db4e237a71a8e5900c9d54ab87c3cfe5bf2e80c0
SHA256 780f82fa69b5239fa948efb289dffc072707d9c305ee299e056d8eda39dc2f39
SHA512 29627d195aa3148532973df704f92ba4133111b9704f510a85cf2cf923ca24c8ee64ccc594833f40edd5f8868c9a30f7d0ea91a7544ef94021df38b054e0d6aa

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Malicious.7.dbi

MD5 5263f49267a7b9e7dd05b9d70d83f5c5
SHA1 556f8bd2dbcfa42ef3780a35c252a05aaa8065d9
SHA256 22f826cd4a38b7038829736059dbecf1aec1e8b470fa1352cbb460f14fce1280
SHA512 990fe24b333c8dc3b978a60df53e8e08fb6ccb894e9753e86c997cf5f8dda4135896d411f6d8152bf22db6c13838b408c4aaaf67ff90acd71a5311052b56c94d

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Malicious.6.dbi

MD5 485aaa13f385c96dcb651630263af113
SHA1 66c36fdddbd81504c98edb8cdfd5767d47199144
SHA256 7f289955033d0c25bca835bf4d705f5e2efa94880862694ca10bde01f2fec109
SHA512 8a6f1695aba73f48b28bef6f49ce174692449186961f18dbd69415e2c475074261984fd5f21a23db8c986bdaf2661cfe3b48be79dfad63e5a8abc0dab705236e

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Malicious.5.dbi

MD5 a271be41f0260dc6b85e0f9f1a353041
SHA1 b8d2160302b0f119d0581d43a6f15406cdf42dca
SHA256 db7a1b4488957d2a3740da1e675ce5f04905173b7251af64c5df34427a43a5fb
SHA512 e770307eb815b68180a308cf75e10e49ac6c7163e5d61b8ad49f8eb409a33d3e615de686a6a073318639335a918ba46734dd61b8985204cfeed64bef5fa93b69

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Malicious.4.dbi

MD5 1b981a30d67efdf11856da2ca82c537d
SHA1 a8872b5000bc254c5776b9b44e3cbae448bc9d48
SHA256 4cae85e2c42689ad5af55cf67d5a4ecf80237010eafb1e566b170d4551222871
SHA512 9c0f2e0220f6de16bd35b50436902250fdb8c31a0c9af55241e31993410750dd046369ca7e4b905b307ebeb6c80318997be3213ddf304eab709819b987d0672c

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Malicious.3.dbi

MD5 6bca2216842ce8aa3a1ac6bf91ab2e88
SHA1 62b354e0e3963bdb1f9e880be793759dc35c49b8
SHA256 9df039a34afb48f8039c819ded40f7331703d328244bce06f7a9ca7999a0e955
SHA512 15ba8b45b03c780503aa6a031be8ffbc8ebef11491650b949c86cb3b9a984d6643c2eaf8e580cbf8e635de932ca1027f45aa742f44556024cfd4b98b22e4d7f2

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Malicious.2.dbi

MD5 88832340ca4bcb8e89d35dadc5f2b74b
SHA1 884473f56493b8618f714e471f430cea87f03dea
SHA256 9ce8fef51dfe3f5e753e8d0fc8e9c80fa85b60d48c25b2722dde19e123657e80
SHA512 6787d41dab1caa1c3d0fa1965dcfb8b979a6e0057952f04ad502206a19dac7e0fa35f292b3841d5f5b87b336e16906213e1e4ab30f1567ccf04eaf8265545b50

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Malicious.1.dbi

MD5 c18b2365331967cee810c1ca6a31339c
SHA1 685f5190e4dfaeab48dcc0053c50d1fd119ebbd9
SHA256 d45f47f09ffe847e9b6d2021a1cd754e71ce184a56130f417dd7690bc37fe87d
SHA512 e605cb0f1cc0a44edf8726e7210b0c3f43b7bf1e7edc0c80d8d095492675d8ede73fd47ff3e814c525389a650299a7f80218b029877e9597b2ab95289600f4e8

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.LowTrustCasino.4.dbi

MD5 8c39a5de7d7b009bccb5239565cb7988
SHA1 34104b9573fe0067373934b55fbd97aa9f96f5a8
SHA256 25de669aa8870e2a3afd1444bf38738d0e2fa63ee1f6fa4b01867741a40766c2
SHA512 6bb8365de68da00a1355c3b44a32ff43b0adb69de3c144cfc06560b9f6ea717ec1c5207b4c16e2a496c21c2cd945e636162e530143ce1dd3cf3dc8cfb9f6cbd4

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.LowTrustCasino.3.dbi

MD5 72d7ca99df7c7b127b3b6f6d17aef8bd
SHA1 72a73c71cdcff9f05327bb9f450df10be1492bf9
SHA256 2b3dd527c485bf35473dc059d169fa0c08061e5b741a9b3d3003b2991640f0a7
SHA512 88a5e45c02cb02e576ebda704dfd8b0d637099bc25821a40b80dc89a2d2a3c06edc61865e0fe6f2c9259146abccc14596ad14afcba656f36edb64939efd25c89

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.LowTrustCasino.2.dbi

MD5 aa367ed7c42f08fe9c139dc4612dbe06
SHA1 1f583ccf65bf0608e2ca3b35877036d3e8d2849a
SHA256 0695447bbf669659d9bbdd717af4f1f57fd273911b9996c164afa966bf8441e0
SHA512 5c35f37822c1f84ab484a28a87ae08b547a0db973df9bc0941e0a484c26dfaa3f5868bfe8420612e311dd2ebd5544fed96b09027c011006a6a28150e5ec99c9e

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.LowTrustCasino.1.dbi

MD5 ffcd7a82a9dbb5d7d4d263aff9d0f338
SHA1 829d510098243fd95f0d8c84369edf19f526c098
SHA256 c97cff6b7a1d663dd16470768c054c3b3922177be102979715f11e4836d2c40d
SHA512 a7821ca63c2e6857ae693b39de6fac8a2c60c7d9ae5958f6cd20f71e0569f4578df4ec18ae588ea2cacefc0a171c1fd96ca17781db5bce7d24fa09613d60d784

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Finance.3.dbi

MD5 6245054ccd62f95b04e25e935ed97a80
SHA1 9bc8f94a47791959fcef6a351920948bd5fe2941
SHA256 e33a7489ee6e5e6e473b232501d02e3cf232e4c2b31e0e01cb65461053bcc66a
SHA512 a66b563de9f172f7016e6bb0ce67cb847dbbbff981d8ac6ca3e0a6dad33b396e4832f9be33b9e45f477ab5e3b969fd68fe045f17c0f2e453259ed6d2b7c6ae5f

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Finance.2.dbi

MD5 ab43e61c8f020b36460bf985642b7c84
SHA1 bce7138d56a7f759add45b3f1599249334136610
SHA256 4a1c84e8edbeac1b5b7982f1bfcfb150fb12901933cd2558e87ead32a0a84820
SHA512 d0d654c5a3b03bcf75e1095c5f95ad16500742e7825f521eb8ec7bfd61c9f4f520a3fcfec652477c9e05497c390b2e829fa0311f5beaa013cec73b0b7e8b7b53

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.Finance.1.dbi

MD5 cd1216d8fae2f349b7abd0b273fd4caf
SHA1 6e3a2413b1cb90fa6377dc20ba9a6fc0efca81bd
SHA256 2d1860c4aa975e83ba631da13945098d033ec53199417563a39d769b50c6644c
SHA512 cef49a9a36aa4e2820649b988bf1e549cde17be523d2a2f84da429144062edba4f767ce6855b1b79caa6269722050ef35470c8178b3d13ce5037b4a1aa086789

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.FalseHiringScam.2.dbi

MD5 7dfa0761febeab81d5b61eed42a9df99
SHA1 c03dfd84435b1577de7cba594f274984382e6e02
SHA256 421675111589508ce3b7a88f66362aee5faae4e2ed25ce13016734a1e61092fb
SHA512 820dde84502011ae27e186f80917893e3bc3add28517182480a3bab3e21b228cf34e96f57a48eb00f3a87dd0d4975391ff6b9b50fc6b0717786e42a6ba314cec

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.FalseHiringScam.1.dbi

MD5 02328d1583891a499195a7e14297eb51
SHA1 f476e8c7563ad3cc579f997112159c8cc552141e
SHA256 538e6ebf349b64d0ce51899c63942aaa8daaa83c5d8bbb79d482c1aa821c047e
SHA512 ec8bbae11c83a89e7a15bdc14b666531da6c9cfe2e5d4547c96ee578fbc6daecb43e2484f986223c4c3f86bbd319ca8100e6acdeea7cd1de7491be27435ebb8f

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.FakePrizes.4.dbi

MD5 8389745dbef4fa42275e45ff2574c81f
SHA1 9f92a027887076d712b5b2e048c2f76ee783b9f4
SHA256 dca1127c7022e83967f1396237926bf472768b97c293eeaebcbb088c9caad49e
SHA512 f3d0839f5a892ea2ec20f6d8fa59e836a7fa62c4b17604dfa352ab23c2e176e3b70fdbfac27213309a385e25364ddbb8ef1b4bfda5df5d460a2f06983da38289

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.FakePrizes.2.dbi

MD5 f6f1ae62472f2e4e73fb57ea4d0b9940
SHA1 d8610abfe1f8ba04881f32441ec52ef0744589f4
SHA256 9bfceb3ba43f7b9ef5b6a49dbcab095dc2c7db6222018645bca88aa36b7cee31
SHA512 5597f82ce754ec650fdeced66b4f079a9175d496bee4d24054b67ade6562eb74a6c20314685716aa31bdc0f3a9e55066c039f67b1b439de140684d4dc1f00612

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.FakePrizes.1.dbi

MD5 5a40b2f55a736e913e1412ed5a67df6b
SHA1 d05a252ce088896a2503e59fb78cd5546b8388e0
SHA256 658715e243142a9e9f2a0e97a0da3d9d93acea6d672092a25f600e0a8646273b
SHA512 7bf84adb9f58261d5d611b6302462f31b2f8fd336ba7ff0acef47053f666968c9c7a76968dd3f4e359c361dab52211435fb77953b9a87cde6765a1a4e85fa7c7

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.FakeInvest.4.dbi

MD5 c4d032b49266de3c8f0b7c87ee352714
SHA1 d6a9de6a5670471f758170aafc280250aac8db34
SHA256 4cd39c908d9bec450aff2095242935b0843a3f32be7e041ede1f7985c0af2618
SHA512 16ffdad1dbd184bfd4661c5e378394833db2639fd81218a6a9e693cddd4fe1e8422fd57dc2ce94553dc589d9277dfa400acb7de3a1a6e3dcc70af9c4a99897f9

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.FakeInvest.3.dbi

MD5 4f83f353e85731f6c137371d18c48dab
SHA1 35208efb47a702e71956d55f1cb8a3e6208c0127
SHA256 b7d5e016c4a9111fb15d4b4305b93c7f7174b6303c8d785a8c3c65c581c194be
SHA512 78224bcb8e1e08996c6f1ca9d5a49b5a494e8b7805874a6a29b28ff6a8cadd177fc38173b548096fd967b0a9e18668179033b4d998a1f90a0d38b6582ea3951c

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.FakeInvest.2.dbi

MD5 b92f11b4b2eab045002f79949da06de9
SHA1 e3d226f8edb01cce2a36ea8b786470dde4a8a358
SHA256 e5525d5385edb7787340df6127ccbea3af59dc7dc922a036d163bfe392d26442
SHA512 36675bb04d68a7be14bcb07f591188898e1e7d826a8119e18d829a92eafc43dbfd3046b25aee317a6be2a01ad2402e70946d6648d22e529e9f6ffcfbdfb21d33

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.FakeInvest.1.dbi

MD5 b35af252e4956ae6fba03a178bb62e3d
SHA1 76292726b3837d3cc5d0adc529f4793d3ae5ccb4
SHA256 cb731e3a499ab1b91221909992c9e83fda746b657ee800edb080f4e8449eeffe
SHA512 bf5fc08b7bf4d37812028b14439e290e959daf2202a3429742fdf2d0cc4e7078666e4feb3221faa4bee9f6b959c7e5b504452b5c38c9f2132a2c73ec0caff457

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.BrowserNotifySpam.4.dbi

MD5 4a35e47216014e639a5d69f1c8cb5903
SHA1 72a0ab0f6e4ee26b00826507b0ed1cc2997a08fa
SHA256 1ee90be584c8e2665f95c2d12b16b5e2b97ece38489d515e208eabe49972a728
SHA512 7b4aec3992e33a72911effe6e01046d926ace9222d41a7a47f814431df5c48bf01822218c2045ab941602217406a53be013ae51fd9140a0ce4ab55d7189c055a

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.BrowserNotifySpam.3.dbi

MD5 74ab0f36053f1f1f570e7b0227cc8184
SHA1 f545d7249fed4625c2100a0e59220ec26ce1f5cf
SHA256 8c2b253ace06c83ed204df46e3a6f3bdd5fccc2b5ed9d71017ea979529ec365c
SHA512 4be7df2537c6385c0f16cf5385a5899c3a56d6a0e7bc4361ff4063f4231522b6f9e1f060b7e6962a4f427e9d2ddf63a44f2f1d75cf6ff179e8cf0fd379add14c

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.BrowserNotifySpam.2.dbi

MD5 edd2cde110eb5055c2868de3ceeef92b
SHA1 34c1862d3481baafd0d48f9c1790eac8c4cfb6f4
SHA256 f7a6872154e8b16eccd9c381590c3846f1c09de2e0031f128d7e014a9fc8fdc2
SHA512 4160d88166d5a0f6f70a56292b5eb8e34739245f20e671e31a7b2b0859ba10fab70fb53ba26cb9124ec03ba285b63fbb16f7da67854671dcbfdafd9fcf18d5bb

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.BrowserNotifySpam.1.dbi

MD5 c1427e1cf7058fb6857b801627770d68
SHA1 0d6a8b3cf5f1e35fa455fa4645ce9065657e4a9c
SHA256 79e19c7f6a29a271c89825b741dcbbdd4da18fa332f5f4758c8a9f94e308d7e2
SHA512 01e98ee74cf1974c25b0a9fbb7caa6564e52c59e48db90d20f719de22ed96c475864f3ff1ba52568ef22f8c395f0b54dc1d13d7e24af0874f372e9284fe5f361

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.BlockchainCDN.2.dbi

MD5 c9c3d0d8c7176ba8e6fb18201c7ec0c5
SHA1 3a427e1545bac11d7a4494a098b29a92614bfff3
SHA256 6f81e992356794dfbb5cfb46de0bc264db82f005360d88b5e4bcdfae96059ce1
SHA512 f3fa805a052dc90183a2d0ad90040c86ec0b8c2c1b9a91a2f83afa1b9675a35bfc9a8f96f42b7fa5542106f33c8d4a54c9f93b1e3b41631b2a8f4de9ba6d138c

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.AppAds.3.dbi

MD5 4670e0db3758907e17c7269d76d7b3a5
SHA1 668c0a10401e2cdd3b62abdb9773ddac496b6ce5
SHA256 da0ae6942b4d542603d1c12aaf2145583bda2b65a3e2f0d66ac64e06079285aa
SHA512 38b2a97c7317072dddc34cbea4a5a35113eddea7229ee348dda42c53c7ab6fe0738116217aa4a03c000484f14583d651bbe9d1b2a10c84112f24f64866388cd4

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.DN.AppAds.2.dbi

MD5 1ea9f5108a5706f79ae822ef2b2e3747
SHA1 b84bb17c0b4305b9ae3e675c2aea44a5f4af4147
SHA256 f1580df676fed1de6eef439dadd83c3246d7b92b4e5d0172818d04ac5bc87dc4
SHA512 3936a38cdc41726d0110c60af528ce149bcfd9468982f22b17f27a9ecb97130339f1b40c4dbdf38a2c6cc50ddd90e6206135a757bca53e4cc657ebbadf32cc00

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.IP.WhiteList.0.dbi

MD5 9770a5fc66fec1dfc4a761d62e6c5cc7
SHA1 21baa05738c9e2157e5efc2ad260469d12fdbb25
SHA256 8381ff5ac9e0dddfda8bb61f63c43e0d633e559d53112110d7f114b60c0de335
SHA512 3acc6f95cfcb5313b94dae03a7bfa2cda72e587ff6f239dd53ff6ca839074ac66c212a4f9abd6a29c34c8fd8a8d80049aefc56d96f7bf5e5dae6969d5988f337

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.IP.SuspWebsite.0.dbi

MD5 4941800e5ca46a550379b78f7ebb008d
SHA1 af92d7d82c29aba2df50111de90f0bb79f657bb3
SHA256 85ca0523b05738fcb24b9515ad01f75edd5d055475bc7f39f4bdd81468ca6605
SHA512 b28de3d18cb9c223958f33dd4d65792564d1a0466a2c7c4302063e5394534e84a642e4240f3f306ab9d35e57a0a60412518a67a9762c35247bfb8a959c1b714e

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.IP.SuspShop.0.dbi

MD5 1bd013246bdae055964e5176a1d84f4f
SHA1 e637d21c3a2b366a4e8e1dff833e8a8ec4178a93
SHA256 2bc4ba373ff2f9cf4d3d32c7e246dd97588398b294eeb303cc9b0883e57ed1c4
SHA512 48a58ac209b983bd59c5bcf506a958d191143b62f71f50b03ead40ac1b01931828668ccd52a78c564ff4277dbe6654b5e6dbcca0f293ab42ed99616f99ce9aa9

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.IP.Scam.0.dbi

MD5 a625c7236aac36d48d69498038816f8a
SHA1 451978cde724b6368524d3bf15e94bc2f2b02829
SHA256 997b7457f16553a81f05455e64b21809a24045bd85eb3da861b3aa2c56a18725
SHA512 712614a70c347097c63319d543ee7a9a5236ce9c8105386e85c8199d7a8ec975102951d921ac10a0e3e912b84dd1305ca0f72ab4aa3bbcc72919921498cb6f63

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.IP.PUP.0.dbi

MD5 7f38888fbd4cd6e59ec7d8016f537611
SHA1 704f0ba93c7ffdc972dcb75730356ceaa8b456cd
SHA256 185e5cd8e026adff7ebe1098bf7212e5f7722844b947f7a10495daf5d42e3734
SHA512 48d40bb04261b5467e7ecd3d80a7032cdb6f3442510958e9ba2b455f71338fbe77f27f3c94ffbb04c61fed7cd64590f6f40a0f4f0d6b7cc58e77c72fc82310ae

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.IP.Phishing.0.dbi

MD5 11eff8c5ec00d938fa5c91d8eb0fb28c
SHA1 c126e34a9eaffa4c92e5a20cb06824752df5fc18
SHA256 b8fb7702fea8fc9a432143c9e75e67f663e26b54418b6ed9f8fe206ad8744c79
SHA512 c0f1a5fc5e343aed56f18c4a3fca2978630c18d7b0d5a82988c90fe4348750c22d893efa5950defe419ea959e151bc12f449740c748cf9b44cbeaf55aa3da3e8

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.IP.MiningPools.0.dbi

MD5 2d5e15e4f95ee89a498884c9f1dc521a
SHA1 aab08e125dc62717434e1d1e063b09a8557ed145
SHA256 a95316e2ae1871a1535773705252962197f86a6f0549cbfc7195b18052c15346
SHA512 f8df2511186abb82f3a20f3d3601030df7add6781116b39d272ca4c4e238c253af4f1c7799e98ea815a084ddfb4ff2a5741d841dbe8f3701fa9a35833de01811

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.IP.Malicious.0.dbi

MD5 b84299dd20b313666219705e6cceb604
SHA1 ab883b4602c758d2d2c4827f496c95f61cc0415a
SHA256 6eb1c17ad9a9bf75acc7b3c98e40f80edb9340b2c7a1214142b61f1a3d6cc276
SHA512 c6034b17c67a20c96fec63e91578dd60ad99f4a7774621e1ba6b7e6453c44efac9686da2cd688dd5b3781e1e6bb7630286448e6b97879bf9c0acefc9447a7ee0

C:\ProgramData\GridinSoft\Anti-Malware\database\NF\NF.Active.IP.Adware.0.dbi

MD5 6520f0b612ffd01f2e37db3e30bb3421
SHA1 28713436cc10ab08ca3e897ebb14dd8d1a2463e6
SHA256 7aad94c95c3cb46dac10199772e22a5b466b39c2e3ea80f8556291e586b68667
SHA512 465acf32c6638725541ac0b8da6b6998e8d728d9f0bdd4496c2dc910d794dda10594996f1d117e50831faccd88f48f360687dce76480cc59cc6eef1f86db1bad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 00d8f3db096b28eb8b50d37aaf2981a1
SHA1 6eb0d64c715304840606b0c0d4e2e8b425269d4e
SHA256 98bbfd16d8b88aa5722c8d9ac3b3439af1b23d44a968781810368139f0de02ab
SHA512 7ce208a91c945eb305f5fdee269b65a1273bb6b6b40fc5836eb0e6fb8c82984c32dc856d63c855a0589d86cfc86c1cb8ca42cc3bd3035a07b126771d3c412654

memory/1212-1771-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e01c1e973292b9f72187a8d18281fe65
SHA1 2f4df5bc36c5f5b4ca31cb98bdae1e10149aee1e
SHA256 0fdf73d8fb44e4c27d619b69d2ec842f92160fb6dd16816c5ad20b0e05e4b955
SHA512 cfc9faad24d0c4d068fa917837ba9b66482598b192a507289a6f1248879ad3ec0a5057c9f624d97f5fa69415df019f09cf1b43f39c3c3bfa781dd188a4c32aa6

memory/1212-1785-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a65caeebd8a9852dd992ff02b14253aa
SHA1 e5300cd4672475842abfd5ab9e01d6143b709f10
SHA256 14bc3e993f83135cd272c1df5f3d1dfc067effa52463344dae4b80b491f4cb0a
SHA512 c425a6091846bb89104f854840df776ee309cfd905d812993450eb5098dbc3d7ea9915899ee55389aee7e602ca564f21b97f56dbd5c4b3bcc0793a9c5a5d1506

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7e40c09bdafff874b48bf4b02c7d2aeb
SHA1 931da885e56db0ba152a5a3ac138547e6082e582
SHA256 6801e73af9b63620ff9c3d7a6eec547d7f6d0a65d77d9a27e5d14ad5ebc0eed4
SHA512 935a73d8fe1c9542a66b601186c3406e152f83741bcfb3bb8abde6dea72b68e9f7a553766d38cd6556a1600ac566edebf8c868a838a19b2092753cb0a5f6a5ff

memory/1212-1804-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6de3ff71e919e86b8f3a89a79e2201c6
SHA1 484f3d82c8d8c5a4553bf340209a1abc166bfc83
SHA256 6e6aebed9ae22a9cf389502ef9614f09116037130ca0f3481b2794c2b7ea4ac1
SHA512 52f7e65913cc8f8d84cf8b310a76196526098bbceb21b854a57319324fe3ee3173f1e450ae2e4e9625cb647e2d8e73a83b4c6f300b0d8e6d6150b5c47954ad99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2baaf5a4e0e15051a2f79a32904776b1
SHA1 08a6a371bd58f19caf127c28292b209cbd03b0c8
SHA256 e6efda14df88a398587dac1d0c9b78ff8666df0d4e5121667dddde40e0be8499
SHA512 ae271ec10c63d6cfb5d233b91faa37f2165c912eb33b2f5914f5836dff3418a86eee75f6cd5ddf0a645d1715495ed7fff1f62b0d7dccfe6639b23c5937357026

memory/1212-1823-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 721ae80577511d9da237aa2e31a312cd
SHA1 7b16d2d1316aa4b00ecbe483197c525c97221e01
SHA256 b210d63566c003e687cd590e7bd9e90a14befb0e66bb32a39cf14047ee6c0147
SHA512 a6482d08bed82d4a81cc9ed4d9cc2e4aaf82f1709c847fb4dbfb19f9f2c3a3bba806044fbd9040c5d4929367c8144bb71dc622fa20fb048e3413d247c919a90c

memory/1212-1833-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 74fa62e5439faea6dfe43fa7ad14374c
SHA1 f0a04a5896c3af1d0c2e27bec72c49954ab20b84
SHA256 b32b4365e636167aaa19d110d316e3cf5ad0bdefee27a4280cb2cce8f5c4c73e
SHA512 1ab479df269b35e649d331787c91057a05b936d3467ad6fd125029fce7a07f771e400f92b4fef3214a83129281a5b0bac135c6b16203d224d68af15d4e6a6230

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b337bceb8b0ad9a8d6f94d0e2bedaba7
SHA1 b1dcc059866b35255669682d095d0abc286c03cf
SHA256 52990ae849ebee392b0d0ca09ea2c1d6e8c60ee4930228f9e94d3a4a195b69e6
SHA512 aa7d0122bc2803a2f901ef52f90a8a8d16bb42f6d29a61f0f2358f39e21ec154b7e212891d310c286d4b4c065631479647b07780089cf66a34b8ae50082b92ee

memory/1212-1852-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 76f5601a36f8e0afc04ac48100f1e224
SHA1 347624038c85c7dd0521639b468ca95fbd70b773
SHA256 b46a1b58e45654474e47b55e8c2ad9d0020599bbd4f3ca6b54126684d75debd0
SHA512 e5cee6695603a84aee0f9bae1929dffd6f48e7501b95c1625a0c4ba5d98b11553b579cd588743233fc277fb0e4f0b4ef6a723e871dc06ef4ff684cd521c022f3

memory/1212-1862-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0801160b73dba93472ebdf2b961be92a
SHA1 881cb2996cc5e0f6fc8bd0483caa14ca4eb98f61
SHA256 67e687a17359769474a8e489b08cc29db36d5a15ad5f2197e02198539607b583
SHA512 0901481532b62b203d3edb08727978a7a5c5088052d5c52f3287d02d7e494d04929f83dbfc65aa3a19d9c531d5385bb8933bddb6a4805f21a354c1b5c0528a04

memory/1212-1872-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 333e616cc85dc05d8ac16d64348a350d
SHA1 c8b4cffe249479d23d597d7a21e6a0c9b34604a9
SHA256 6e5c0ef444b4e6fa1e43b1ca0d7ca1f59f2b1eb6a300d332700608ac09d78573
SHA512 9dc7e1b78b8d183e9bfb8e59f7460de13df48cdab859c0ecdf5eaa29deca1fabc3fbd14ce26b9651d92ecdbdef15de7bfc7e0797944709769b49349ad1a34efe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e22115c91c267c18526eb0d347f8f411
SHA1 7ee3b12687a6ed0f7138e1236311ec8fdaf042ab
SHA256 38392d917183c263e4067fed2304a965f7ce880e152af870d1af565e001be488
SHA512 adadc3f12373e98dcf3066c6acc989ce9f96486b2ec4dc4d6eaafe880505a8ceb43cd89ae2af5b82ae11c9d202445a85719fd1ec0028f6b953ab098aa08ddc91

memory/1212-1891-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\2fbce73a-9411-43c8-8e07-80091414101e.tmp

MD5 772aca0a90c38fe803a8511dc828f358
SHA1 a9918f063a6044dbf6e7f9f051204418ea1fc024
SHA256 ab384cfbd95a2a7b594622e462d1e3e978ae01f5c456c325667a6c1bec485088
SHA512 613e94296958a718637cecd948d9514294be4202ef29f493a0a692b24ec53de45bd597bf6ac94b00ad148c5215d035dbe29736b8c521da7f86e2a536ab6187f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a8711062f0cc2677a4f8139ea6b0bd67
SHA1 56e6a9a63e396c27f80ef2202b01e2a81aced872
SHA256 ec5fd4dd6c6a7d9b6fbb4d3634830b40b6efd154c6b7a1b431fd0d7107c31121
SHA512 8bb7a305cd70b33637767ed4a5e80cb8c383f84173923538b1756cc776afac2e2a86817712441f33932094861e0806052d4bbb860615ee2a8366e250896d9efc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2e7e98abe17d026d1d2686be6947902a
SHA1 c31c1fcaad0fdf2c37c5e84e4aba4df42dbddb2b
SHA256 ddc31d36a31cc61a2709a87590a53c3ae2fffa205bf4e21920f4bd569a2543a6
SHA512 ed4466541a03008248681b50334256658807bb8c82ad8c1ceb1e5e3fe0496e84bc5c81df1621fea9696a47e1a2b9307511916a7f5abda63bb6ff3e0bc718f1f7

memory/1212-1919-0x0000000000400000-0x0000000001EB0000-memory.dmp

memory/1212-1920-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e42707d4de67890fdcd4c9a8d7698752
SHA1 1ccf7790e5bfe49e8c3a1d0f03afd62d6b047165
SHA256 469f20d8b52b41f8d7016e20fb3413dd0f4281886b4bc8532e770c2a5576dfd4
SHA512 7aea0097a16b6c93eed7cf0d567248814a0b540b88aca6e133803ab496d966a0e311c9795a62160be640c04bd7ed5c8f3155b66cb3ddde7436bec743c5a314d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 40351b17985047b3f6bed03f85f64cd5
SHA1 fe9e27a9c3da3794ca299950dcec5b8d34ed0699
SHA256 36371822bd596dfb7bd6fa0e13c951a7acdf010d2112a4cb2ca8ce1b5400d253
SHA512 9d7a79820827d36196371ef9cc0d6294c241d5b68b692000740d70096e1d58804ddbf8b3d9c06c8f972aa1f480df750aa9c90a61221cd7227037e903705e8b0d

memory/1212-1939-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5d81b16d663202c5_0

MD5 e54a435752b89b8e379240a22c96db3a
SHA1 5fb1a7cfe65a78250401d4fecd7e0497eaac9216
SHA256 9051cb86c4b13224214ba63c0a2e24f3f18bf29c092b6a7ef72d80364cd548bd
SHA512 3207ae8c344cd0efd62f0ec89820f252fb184ba589d00700d12e2f4a95300ce6a67b2a3d4117d462e0c22ccb155b8a19034d943916400c7efbd4917c7275afc3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

MD5 dee46781c0389eada0ac9faa177539b6
SHA1 d7641e3d25ac7ac66c2ea72ac7df77b242c909d3
SHA256 35f13cf2aef17a352007ab69222724397e0ec093871ff4bd162645f466425642
SHA512 049b3d8dcfb64510745c2d5f9e8046747337b1c19d4b2714835cc200dc4ba61acaa994fec7c3cd122ba99d688be6e08f97eb642745561d75b410a5589c304d7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fea9fc66c35ff756_0

MD5 7f13d220a2e0c505fa80bf8205fc9ac3
SHA1 2e7a5af29c7cc9173e77450a6874f8690fd1445b
SHA256 1ef2d3ed7dce7a0f8599a401c19338ab1dd31a948591a827678cbc31de48719c
SHA512 c63f3394648443c4f90e685f5007447704977db1b096e4d1a65c8fa1720bf0d514984308e4588f4c331c6b0dc8c7a19bba6aa6168bea47984d7347e347c5631b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5d81b16d663202c5_0

MD5 60aa8d12d1589191932d3e687f25a864
SHA1 94b2083abae816959004c38f66e350720e2e4130
SHA256 9fa5ef56a2274ee965458c097ff7f478d32d184f63cb54830d9f224bdd3834fe
SHA512 d9fcd9618a4b99ba66a94b91092fe6e3466ef70cdef5ba6745d9bdeb9040d5374d0813de276f4b22760b8a0fcbb6f00e86c595c3b62a4d22154883667bc5d68c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

MD5 6fb26b39d8dcf2f09ef8aebb8a5ffe23
SHA1 578cac24c947a6d24bc05a6aa305756dd70e9ac3
SHA256 774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059
SHA512 c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 17026748560c079338352a6739359e80
SHA1 8126406e3dda0e12e34289981a961ea6ecef9ec2
SHA256 2a8121c9d71ceb86cd22e2254ccbfa0949925f8fe9ef19eefaf9d1464b4dec5c
SHA512 513e35e3fbfe4053a26e53d50ca2377d17d58000885f471adf7a23640898a5ea6340ba55eb71e4ca1bdda5772cb7baf818257278bee111e8789646765f58bbe7

memory/1212-2153-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 06bc4e6d77bc8cb21d72167c04904283
SHA1 a98bdaddaa926499e6067c5d2a5d87824690739e
SHA256 ba9269088952ed0f7596cb610d057be76c6771547bcd50776f3124ebcdd407a3
SHA512 d87e378bedf2ee3c44069a4c9446b14623f5b2d8bed5a39c8cae7f429f64e609954e5469020dc9f5893b097b14fb80e56c3cff137e61aadef5089dc8604240e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a6dc7805f0018d1c1dee88a44cc532ca
SHA1 837ea80450cda9651391e716185b0011b94e11a5
SHA256 0a4022bcf614f4376dde63290b14089886a2deee1e325fb726d48bdf3f83a324
SHA512 085f816c1db9bafb4272b7cbfddfe546b4993a21fa34a9af45f8c7efe6267fee0a935112f4fda73470f355718410309a24887423d52b3ac1ee5e1170ff1f7d48

memory/1212-2172-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2628f4f1163abe11d524b26bd1a05c93
SHA1 bfede2c8b180f6c4864c38aafaa692deb415bfe9
SHA256 81f8f67b9c91a9946870baac7bd448161f48d2a8bbaf8881039502eaaf333150
SHA512 1442c2a0f833d69251dcf4fbfc6ebd50eb801867d760aefd9083372b1bf8773e504f551d4fdd16568a13558966c9f619b46ed4f8f2b12c2bc6a9bbe195e45062

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4878014960f899b47fd8bde5f395a38a
SHA1 3b1ac42c78f771fffe8d8271a96dfcef59a67027
SHA256 bd28c2635ce9743117887bda6ee37ef6df8f1891c7215aa110d0bbec4c0da9c1
SHA512 a006ac32000b7e227182b11a51f5e99a684231df28de5389189085f56fd677bf019e57d47a5a320afc5b88128188b8c9ae68cafa54d431b0e0eacdaa1b92b0b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 989edeb195b0dca06dd8746b7f2c9a51
SHA1 4ba92417a0028f025da1cf46714a779c7be34efd
SHA256 f0d539bfce8ce0b18517caf3facee973ad2295a4ddd1583cd640e10512d80561
SHA512 2cd95f850da5f18da448004ef5841fa8b6f26558cff28e5a670f2a48c1e5e95de8c248097a7ca3dee3354e68a53259e942d4a269b55230f05c58985fc1489e1c

memory/1212-2209-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 961ba763f78328236d99f3763003c7b5
SHA1 c5c181a943970111961acb4661ae5b4388e14454
SHA256 7e4aa6f3cd8f79a7627e137c1de99340b3300f9635707a949c208548fab163c6
SHA512 330b73feefdf59039f79d8c02e5a7c2fb22cf082259ce2c9ea7bbfc530974438f46e93b16820854973c81865a32ee10d5be39632a0c48ae3a7a5c8b739d80947

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1496cfcc84e5cb12ee534f4e09ee1343
SHA1 890572e4df2b2db96d0fe4b141e96489bfe330dd
SHA256 2cb99d65145dd8316b10d3cecdc86cb56743a8bffe15ac9120035ef3a10c3c2e
SHA512 e2666be6260814199b04e50f0b892f3c54ce4b7449bf41b8acea1248751459b2868e40e7cfbd8f02b046511087cf286273e1af8832de1f74f8de5fa251eb30ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1c682d1df1e7a6cb4a4ce7da48500e37
SHA1 0e118e79722311851e0d0569fdd9e3ad41140d34
SHA256 27481997444131976979ca987209cf4ecffcb872b488b37ccaeaa4a99a76bdfa
SHA512 c20968760b6e0917cf2e8c46044149065616e60009ee8451056089b7b3a5c5762158106abb0e79ee6b1ab8200b167a3ec4b1181546a0be1dea844448e748fd05

memory/1212-2279-0x0000000000400000-0x0000000001EB0000-memory.dmp

memory/1212-2325-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 30abb7056303008a8f342e38f47d868d
SHA1 287c996f00198ad17768a0307488ac074391bcb0
SHA256 b690a403de5d9497b7ae3382f480879fac17274ac97795fa2670c22620c631d4
SHA512 766f03c7e96f3e2c8dd48540e25afc39b63242f6fc85f61026a19f6d4b98472f04b300bdefcd86bd519fa3745f4054d588e2febea5a453c2361839b32046111b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 404de4beac1bc93756050a78cec68ac3
SHA1 49ba4d6891ea2e402263c896df8720a83a6d02ea
SHA256 f5fe48b812a80929db13f7f821106f9bb43345004ca3b67bc595544544720bfb
SHA512 5a5862f15f335fe1493985e25a3904dd312615dff263dbb45cf6030b17c8c13b0b8046e0f2a9a7213d4e626b24d59c8972b65e8ca90da3b217e0a428fcdde228

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3f0bbc30df110ae5210a89e378a4856d
SHA1 8543cbe82b85edb737d818d1bf9583f179e8350b
SHA256 804d840ee0310e9c0c16113fb76d7c6d88ddd35b7805c6334f4df94a1fcedf9e
SHA512 848dfd3cf71a5c310d383b89d1d05f947960aa528a79bbc74579f4b4d1e2c2b7a735a7763292fec20910ed250ebe869adcc15740118a45d6024a2ad0358f8c4c

memory/1212-2369-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c18038090236ba85c4b878c9125e2155
SHA1 0888cb032036b55b4a44f191b1260f2621af9932
SHA256 9d85a90073d8edfd286fc1d04bf5166f80b797d7e3609ef61f2023cad9f09f3e
SHA512 a90bb715df79ddd86e336136b6ebb21c50403456a999cd90628b9166099bfaa54d60e19f944da5a3f2293c77bb47a942d4e40f3b1cb9a88650165214d26e7ebd

memory/1212-2383-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 20a406f361e73a5076c64f5449337bde
SHA1 2059eab0b81b2ab9ef52ed1be593e0962425505f
SHA256 4477e212eb7ce1593df6ccc159200b63885f61f3083b4011d95da392664c80e2
SHA512 efde01378d2e3286716c825131d01a3e541120e8900e572dcd7be2abf2251a3122165ab8fab39a7e7088b8d5d147f7035336df42f03b1aa5992687c28641da7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4a5b4fdb0036f12c6a94c4784d0898d3
SHA1 3214e90f42d949deeef81756e098ab3ba73e5bc0
SHA256 ae704c9c0a641e45ba1a161c3897aeeed72d5847758863124a12bc1eeb82b8cf
SHA512 0ecfbf6859e7d78f28deab009f6311c28a00821fc1b35110ff2a88d36184b82a86cf59510765e97f6b6b1787075fb86b2c9aa8828da1bef9b490a943f791c0d8

memory/1212-2404-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6092bd8327c7c1567253009a49deb383
SHA1 c3a3cd3f871095013cc734c0904668470d6e95e1
SHA256 c4c430bf62edf94de364743add511d0a838277394e3e783c7c3c8acc8b21d6b5
SHA512 986d137ec6d98dbc72cec30a300667ab25666b69a6ea8c17266067f81c0f04d9037100659371c84ae52b321b7353307d5624a6601d61846919962afd85c07bba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e3d92d9ed9d49ece186708473cc7a9c2
SHA1 c66b678d786c4777e874ed38197327bba24dda53
SHA256 ae09d1f728fb798cadd02bb09bcda13e9c52b591c51eedd708428372f7245754
SHA512 8a53cb4bc000aa50eff607165057623dfd6185f70b95a8783185485ddc707b476c0de9c5853005e0e8a89b013f250e198e4df8282bd23b6fb7bff09575d8eb46

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 32fcf0110c86b1094aa5da681b3efb58
SHA1 56bdec3f89e35660c57c0dc00b526d272ac46f1a
SHA256 fe99b91a9b8da773c255a55d30a9f29caea3e5f6d458b18777791c5c77f564af
SHA512 0ab2e587d9dd9300908712ea8626b002a3a388d40ca40e2217f9d3bf03a91fa1af5c5eacc4737d6bf3c34c56aacc906036dee4dea7f1f7f5ff5927daea5988f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8811772bb8c2b23b06654e825183f938
SHA1 a272e693a7ae849470412c53bdf34c69528c027c
SHA256 a9575dd0799155dc7066f2ab20d0cafc61239957597730a99dee8dd91da43009
SHA512 298c81c7e079df48976c0f3a645fd9344e004bdc24b9e9006267739464abf182c3ec8a88f5099a8be5e85009b03c8141bbbf477c2b632ef2df243b9424487fcf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ac0fae29bb873ecbb12ad86b240df264
SHA1 4025b144157e8a98ffee44f8b96cb2bce8bf5469
SHA256 33267efa7fe93c6fe2f50f9a95af63fa211b61c43d68ff5bc775382d52baed04
SHA512 bf1357eab10f6e66ec66256667ea120d293f1de3c5b39f38ca0e93794bafe744428dcc3c955e8a278595b6a5e8418b27a594479ab2a347bc078dd06049fd1acf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 06057775ef63050089d38485fc6acf3b
SHA1 feef95afdc7532e189345869f65f8cbb162dba0a
SHA256 d93656bc1ef29f9b0c8dfc8c166648e41618abf69310805c2f2005aa18901abc
SHA512 334d131d30bb1e02ad0e85696a551825746bb947e2b4d19858014f94f9855c22148fc27173410d828a89cc7e5a3bf0ccf509ecebff7e6b2093a6367268b8755e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1ae0375c49849bc3b3af6b9e62914b9e
SHA1 e31b4370c89a738950c4ac97fbba2563425f621b
SHA256 988e1e92114ee728f47d4474ec3fc68e080e5eb368af56cf80e68a609616264e
SHA512 3dc805361a68316efb28d3637b5db52b3823ac1f4db2d4698a3a6eebdde9f66089bf5a4c33bb914bcb50946d7f5cf8bb16b4233ce8d4b1a987ffba7d710c7e40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3dc44d4e7d6098ecfa7f20af6cadf9e9
SHA1 930716aa46da49221f081a8a68ea154355596315
SHA256 7087de379ae4d6c067196e0f7031f8dea010ff22d10957e739e2ec883d991efd
SHA512 1ddf4560c3c0229dd6de98c5d6fab0cfb70bd81e8f7a48bb05c1dbe260a8db6572f13b719f632af0c2d0b767e087a9146de6efd0d50fb97a83d8ce50665303fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2651455795c54053567ea4466770d06b
SHA1 5f5613e15bd2c8d67529d7ba2f71934831a15089
SHA256 a8a82b6e385707afa0fbe242b082e751b472b24d75c11e00dec96fd4fabe39d5
SHA512 db43c1012af18ab1524019793486d9a67b595ba5947978a3b7b2b8e58f2b27fa06209dbc4cec1cdc9f82f084dc4fabfc7ca20c6927ffea1af003e0beb90d2eef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000056

MD5 9c6b5ce6b3452e98573e6409c34dd73c
SHA1 de607fadef62e36945a409a838eb8fc36d819b42
SHA256 cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
SHA512 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fbab0db8cbacca86fc3d8d06b36c1a17
SHA1 661c641afc9129af7814e37bcec0a0294f0b8edd
SHA256 7a905eadeb148526c96854cb9cc0016f3b4431329e9d3c519461c086f647bcc8
SHA512 a61b7082621e7a1bc842df6dfeb993d6972edda610d25acedd8c349db8210fc387159dc99482c3cd8daea60f2a80cbba3ea7329efeb32a183462e43b9d69b518

memory/1212-2589-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 422cec0e6847acb414313eef80efa8bd
SHA1 6a94f31293c56114e6faab68ef55a3a6b4885e21
SHA256 9a77d7b742c8ccfe7754c86755e0ac1f8a6f482848675f1948e6d1c74ff27a83
SHA512 72c8f5d91e2ce100c3937c329fc898ccaea747616c2ed0938cb6aa3ec90e19b0f57ccbb702fa248529e59517fcf7d00b1db0fda64efffcd3e7f5d24bb4db682b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 91602d5b0db8b4b9d61f1c62c06613a6
SHA1 3f85c86043e2dd9472cfdce7e40438205157850b
SHA256 28cc367d8a336255e912be5ea8d59675dda48fa2cb5c58ada9fe7d813fc7d51c
SHA512 25de8464debf03471edae05e75bb45de3b51fb68167f3b591e036c62ee95d72d06b4323ec564cc34b1851980457ebfa0607c870f6a0188b814c89faa915a1306

memory/1212-2608-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5acab8e9cc36618c630de3616d84c474
SHA1 c6cf27e4feb5a9a75b5b036ed0ac9e52d41581a0
SHA256 38ff5f030774bdb7e031c777637ae97da5372f368014e4adb2ea8787cd6c1ec9
SHA512 4a851f2660985a64562073ec6d7947e7adbb5c9eab972a51a17fe2b8845984de96f4b7ae15c41ad55adc762ff1e6854d77bc9ed9126d2750fcae9dfd99dbe37b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2ef2e4cf8232dd8e90f7fdd9a8b03a39
SHA1 da0e7f92b6e4345dec254cdf2e8d3d86cb82ae64
SHA256 135b2ca13da26e100dbda008626a9cd1050f2c65a30abd1b250056a509b8ab23
SHA512 1e47204bdb64acb9fd00ec09e654795df5d6ab10a230c933e56e230225924947da17f08f739a41a9013ea98238b903b5e9ff907394c9dcc7f34a34c7e36cb615

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d8dbff7a1603444a26d4ba30193993d5
SHA1 c2c096bcb78887ea9870b15d4091fb3594394d35
SHA256 c463f2bcb3a6f5eb1ae3b778ed476f4aa6e8a81dd8c6176044bfcc35263966d0
SHA512 95b7fabd7eedf493d76dd79d2a57d91b2d361d57c0813e0e7190ee47e2ecb5baaa553ae77103081fa933e8752b51d48e46597fe3c9452f662ad192774ede28ee

memory/1212-2636-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 05d14d2c1f11d0e4747f46d74e70b838
SHA1 1fb1215d277ec41130b47fefa7b1121495fdd5e0
SHA256 b2acbd9e706ae3c70367baf7a36c6a4b5b870772c8bf2252ee99edca1a5c0d27
SHA512 a7e35c880ca92d31b6219677e79c63ccb00abe3ee0103d68a672ff5cb21dad33039b79d46d666030ea3406c4d649ce17da465a1a5ffa19e14f308d6d246de617

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e443ee4336fcf13c698b8ab5f3c173d0
SHA1 9bf70b16f03820cbe3158e1f1396b07b8ac9d75a
SHA256 79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b
SHA512 cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56a4f78e21616a6e19da57228569489b
SHA1 21bfabbfc294d5f2aa1da825c5590d760483bc76
SHA256 d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb
SHA512 c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 13cc9d7e650a63add1f57ea2fd564e19
SHA1 d57ff6f4d10e515bf98b8b15198ba20825b69c35
SHA256 734874b6e33fe01a99470ce6865ff3d0afbc13f90733b0d1e8b0a08bddb8ed51
SHA512 95dc8ce0ad55f1674a44dde312cbfc1fcdf072cda495c18bbfec48e32b44fcdc2e83f7491db0a5139633bffb5aae50fd1e8ca69447f9b9b4b541a3abb212c224

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 58b1ee713cbc496bf8863b40ac08e195
SHA1 f2aefcb2e8125d1fe3dfad9db58304785e1c4cde
SHA256 795d36687b010efa539e08e94c2128fe502c18ef938f730a329e7fa6523d0c38
SHA512 ce3637b33b5c3aa1406f6a21017f6a28e25df5a50baf8ef71096afb98ff62f99264de202a0a04b22fa61b9e44e7e16960d79506b9d70c4674f5cca15736497f7

memory/1212-2692-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0baff9bd64a366e583e8a473c9bd7f37
SHA1 e038c320d273482e97953c60056307eb5b5d42a2
SHA256 7f8da44cfd19a16a125f6e3c9b52a93cde6b149337edbb15ffdd6092d20d48f4
SHA512 ef90be0073efb7e3ea2b6232446719fa590fc1d78a4c19085ccd209c63b21fdbb9129c0c65935797c6bd65848688fd33100e414f89143b2ed2582c29f0dc15a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 90f48371677612956b59c2c8ad0f0a85
SHA1 e98772556263d7db4c237af5d269728a3bb2fc39
SHA256 a5ac3bc6c3c66a2cc084211719b3576cb01092429cd52ea3df1dc8f22ce7c17d
SHA512 e7eddd5ebb422e3de12724391e1b7d81b51531296249873c4caa9ef5e9a4b115249232d55dd11983e5456bf9674daf5ea85d5d8ad2d95ecefd4fb1f0de5451ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a2ecd297-25f6-4c34-b04c-afdfd063e052.tmp

MD5 d6ca06257d2222d6fabdcd7b032368f6
SHA1 d598e799d3ad62a4c675c61cda792f3fb025ca58
SHA256 8f0cf327e8ea989350597c380c8ea75df2bddf3aa78ee9735a521f95dc522ef1
SHA512 258cb7b20607d1f29cf05a82d798b40c05c7935a88c208984f95e3cb97fbe65df86df8464b36f9becf4c63f9a68244c8c2b89524a19c6841f977c7802d4097be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 72129d720aa3766a31e3afc8dca24bed
SHA1 1150a1d3109c28f87592646dc5bde7b13d45d808
SHA256 f7333a62196b4bed211db808ba993082f4f0f61dc737f920406b5db19caae338
SHA512 b5d50e7548911a9646c5ccdc978ca921aa34663318e8a3cf0569198297e95cecff0714e78544d1421bfbea6e50e1b4b8ec91322328834f1bb328fc2023169e11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 868065e7e23c1ca67212e1977244b286
SHA1 74fe773e6e1aab1c03b8256f513b1f32320fe53f
SHA256 09a196de19a6b5b6f123dd19c978d26cf9ac0fe31ab8d881ac639c00f257af8b
SHA512 30c78c36ac7b4947f3a77e9d9d1cb5ceeae3254d242cf6d5bf75d7d3644c7fcfcbc027235162e9787618e6c548e08589c1113c517f0e469d2da1c3eab6770fac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 db470d9d604222017435f02179309e25
SHA1 0567420fbd036e70e6643ea1e60ca4daf0d66025
SHA256 42b14cfbf35fba5f231db848e5f0b88cf54c4c96c851273da39a67115f80c91c
SHA512 185fa634f0168200f1b4b2877bd2d0a0e341ed395d55c464cd692a56ec6bf319e8d9db58304affd48746becc7a47cdb26cd6841b5f97ed68be629a11bc606928

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c8f1345160b6ef0c557d98ce1ae23fc0
SHA1 7f78bb2b70d0a0e5bdd4b0bf2b7c4b9ed24ff2a1
SHA256 8093609b92790fd76abe8465e7034dcf042bf29a7dce3793580d56d9d7dc2566
SHA512 2c73b84302c23303cf65883427dc0b9f9cf814de7a2cc9b16874b7e687baeeaa51af0fa482a3bc4385d2e3d13d587a32d5ec712e6ecbe761366e118e5c2be252

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cadefd9e0423d9ea13355110c57664fa
SHA1 6cc485f8b344db53c732771e97e85ef9d6b13747
SHA256 81bc25fe628846ee6646d1796a8cebd901a669caa2af9c9aa0932fbdf7fbd4a9
SHA512 d54613158a699ba9b8071668084403d116b2be02da3ce2f5428b198d658208f7691f9096057a04b678a060d542901342e59872e3bedf5ff31ea61707b11d7f0c

memory/1212-2846-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3c66c3cd4da7329781f29fa582587600
SHA1 7eaf7f83b3b77d74e1bc8faf74d31a05c63ae178
SHA256 caa273f7ce61a76efc698e5e35f10d31128dd74dab144371e14d35d28a23d2df
SHA512 44f17db5120e48df5a4d35110b7cbfbeed32dbcd3e4f221c99d50df95c5056723d446ab8d7ba59b4a013c04a88c8d5db463ff4f14706c93d32ce5d7905cf8967

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 77cc065e293f9304495abde776c85bb0
SHA1 bbc3eb43d6402b8c60317b599007f5e1d0c39d1b
SHA256 1084301af3602ad4a3fea549acac1a0541fdf50cd7367aead47d26086aef46af
SHA512 cfca8aee261e77bed1797c76a36eb30e806d8737547c1dd2d2f37972dff0303da3b3ec5d5a1e367260c438ce34e78634ce952f7f318b707e66b382325e531744

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fc228351acd55fb8e3a315366c2070f8
SHA1 51db7f148d0bdef950e64c31ef96f7b399d5de43
SHA256 0fd35a5d572637e161d1ec8af073bd32738b0a7660fdd4fd9cb291b367b24c96
SHA512 1b08e9427c67253592e124d698189fc58d49be3b6bda856ce62f88729a2fc8762c141f422e7ee41e4abdc3c65210748269e55b16de3ac227cf7b48ce84f8ae27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 994529f554b8145b5d95362bb6fb9739
SHA1 722e61fc62a0c90833c25c0a751f8a1cdb6683b2
SHA256 6b4150845bcc756b5790b87e2a76a9387d8192364465703e580cc48a7a68cd0a
SHA512 38edf37aeafd59b3d654331cfd4137be5f0229ec7297e6d0f4b2fc6c571da4785f71d9e25613cec0b7d68c6bc01bcb9330d649ac49b8783b9d5cd7666fe64098

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 4840674b48e9d22b941b7a19313f43f5
SHA1 f36a605e07855180e1068cbdb7335f3634d6e01a
SHA256 77010dfe7c5c61934b5b7a6cce56a03c092754ff99b183c34f05192fa1d12640
SHA512 4f06d70de7a5dee778558076b38e394f491bf221483f32529d7b5e000bdb5efe4b7333a04f16d03b85406acc56e355407c3ce6f43a7bd0b5ba953c6da961b85d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 71c5d93a1274cd0aaa11f7822b761999
SHA1 6dca477110b976e517e118fc594aa9f5c7eca761
SHA256 9aa5895039b8f4a897ab25081d9d6ac76102cd739dbe11d66462f39a48571bd1
SHA512 c59991a6c89040f75b4cf1ab9a39f97fff43b32121506c6b7ab3b4a57479e0505e35aaafadef86e27075934e2442fb341ec9deb43b20c68ab0c3b7cd5cec6d18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 684eed6071201ddda442308d2c0473d0
SHA1 574069a56c6d8ed79874aa4355eb27f511b3f955
SHA256 9da8d3ab9a3a3465c60cfc5ee74ff73277934daf0657ef7bb984095a69b10dcf
SHA512 8d3a929e5ee0163288c5a9bd0a0353a4ec57c16d6d6fa19bd1bfa6e0f87b69b39f91194635fe770630c8f9e1f6a0a44e1c88a4b86f55f7a6373dba495254c226

C:\Users\Admin\AppData\Local\Temp\nszA65D.tmp\LangDLL.dll

MD5 30b091668111ab1d6c19f16586a9eee5
SHA1 aea49d81cf9972eaf1604793c04d13ddffe2c475
SHA256 331ca4b3a311324b463167ec43851146e57a2d90500ac3fd57a7683f6b777ffb
SHA512 6dd592af085b2e28c54d7f525916112dbf5cfe134393b0b97f8f1f64739cf90962273c51f02e8ce2c623cf6aa8355eacda5db0b0256d8f05a77ccf0f99d11648

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 89c0bbdb4aa705ac400b4dd83b5913bc
SHA1 44d3d1095ae1f59f4dd9adaae79b8c1da69866f2
SHA256 030e7427849fc12b15a16be9fd7c3a88a3125b7fb00931cfb76d89f3bb22ba9e
SHA512 c7b9a2ab08d62eac541626381b365f18e0307b33ec53360fc559b8b4f7750507b25fd73946f982615f3e9bc9b9af8735036c21f1e03164ad74a997e7cabe09ee

C:\Users\Admin\AppData\Local\Temp\nszA65D.tmp\nsProcess.dll

MD5 f0438a894f3a7e01a4aae8d1b5dd0289
SHA1 b058e3fcfb7b550041da16bf10d8837024c38bf6
SHA256 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
SHA512 f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

memory/4312-2961-0x0000000000400000-0x0000000001EB0000-memory.dmp

memory/1212-2965-0x0000000000400000-0x0000000001EB0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nszA65D.tmp\nsDialogs.dll

MD5 d2e45dd852a659e11897df573832f381
SHA1 19990ee627c95b6c18d3b5c5f0ec5c24791d0af5
SHA256 86c8ee210e6611383a634dcb8c60455063ddae3d7adccbeacf3adf7bf2a46676
SHA512 93c9fa1767f3e861fe5765f2940aaba9eee6396d069c443ac6cbaccc88441b2bfc3c3af50a8044161f96bb7eb81af1bc6c1fa754d89740d0a2a8d591fef11073

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 225209825171021aea006d1e9c9ca95d
SHA1 f0c1c20515e5542818c086a596eb6f38e21175c3
SHA256 c6189799fc3f651cdd3497eaefb545aaf2d856faee454862db1dd539463c7761
SHA512 3a13c12105c48a404a0f5f47dee150d1aac14eb4d0a4e642e5302494ef91e6b32ad1aa2ba3e2532579c527d83b93c1c5b5156f40abe7d467febec1b1c10970f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e348e232991806ab3f6ac0e00925bf42
SHA1 1cca635852d4d6df3141c5876bc53c5108ad60bb
SHA256 ed4029fc27b99f48c121bbc005362fad2886c2382f16c37f346c709eec2b8003
SHA512 209e6baa4e33530c6bbd376786edd1cc2e929733aea92bcabcef7576168f08a76d2ce0824dca5e6ee1aec6815e41f68dd4f765db103b0a3d290f3897726d044f

memory/7924-3100-0x0000000006430000-0x0000000006784000-memory.dmp

memory/7924-3101-0x0000000006AD0000-0x0000000006B1C000-memory.dmp

memory/7924-3102-0x000000006FEC0000-0x000000006FF0C000-memory.dmp

memory/7924-3112-0x0000000007C70000-0x0000000007D13000-memory.dmp

memory/7924-3113-0x0000000007FB0000-0x0000000007FC1000-memory.dmp

memory/7924-3114-0x0000000007FF0000-0x0000000008004000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5de9192cadccf40ed5bb52394ea4f0b6
SHA1 0ba9cd574c4638396ee79cee37fb1fbc3077d556
SHA256 365d71216deadc735ad236b0133ac553de2a6caa7c731770804edec4d221a45b
SHA512 232963a485c6510dca7923fc16c6b706835cf0277b9ef95abdaaabcacb72c5235e77229ea836593b0a7fad6a1a0cd3ea87d41ee452cfa91c43b7ad1fd830476d

memory/6544-3127-0x0000000000400000-0x0000000001B06000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bba1116989d5fe4b68eec85382eace5b
SHA1 7eb5f724d12738b4a28af2f565892a595583b864
SHA256 1d6e2d1f23dd4c5f322fb6ca8387b7dc3300cd710739c32cff9421c847e147a0
SHA512 b6c5d74e074b30416d3ea98c412089b7ff349c1c275386f3c05eb5fc9dbd754f517569e85168b439b8a539d17c54a0eac27cb89a97e62b2ecbb8b40f10aa4ee4

C:\Users\Admin\AppData\Local\Temp\nszA65D.tmp\modern-wizard.bmp

MD5 ab77032ea45b543cc14282c0e88fa690
SHA1 81a25f971a1a10181c2c7fa40ba67ea352a76da3
SHA256 53e274a9fd8a547920f5e174be334f5df14a71f3241a225ac0833dc353701e68
SHA512 7b4d0faf05f97375804f56a5a3f66bc94c8679c5d0147591a6b173136aeae30c2be905e24ba8e8aeb4d129be87873085afffcbd53bdb7f2ff4feeceb77e42ae7

memory/5144-3167-0x0000000007960000-0x0000000007CF9000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b2587a6c4ba3b471a19f72b17a0b7a1d
SHA1 63379330842a59beb1de1faab80e47a50328e8ac
SHA256 b309c880251fed4202d66970154a28539b5705688a28c2e7b30e7742e17e6ca1
SHA512 380924e1fb6362d2f466e43daa593369e177e976be11ce267ffd81b545d3fedc445e0dff2c1fb9a46388e208b4d20ba0de5b31b1cbc4ffeecf2d18398180f27e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5319cc5e84e534418ccf7faf736213a4
SHA1 fa4f44f9d2d9e1de5dd01a7fa4472e79cc525a7d
SHA256 0e3288a2521bfd4e3c358e42cb4866950e06306289e973153b5e026df879ae62
SHA512 b1abb51de3af435fc99dc6df39166d31d7f9868eaced5ef031e30860793e1ac580d46386bb70dfd13d84c3354cf26fed4705737c2717cbeed537c8818db19253

memory/5144-3286-0x0000000000400000-0x0000000001B06000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5f5510bb8ebb76c718f87539dc24199b
SHA1 bb846c24b15dd0e1caa9a6253ce56d5d4ac1f35c
SHA256 5405bc1230dfe0e9a6b33ae15522609b12814dbca4497cf96e97fba16cd432be
SHA512 8b0ca2991320cd5c7efb1b7b83c299323724bdff9715e99a21c015643b90876116b5ec4f57d63054650a789217fd90b535ca4c0f871bf19892bb0e4115ace985

memory/5144-3306-0x0000000000400000-0x0000000001B06000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3ed80cb31bf6c93e0af0f7b9e288ed81
SHA1 725af86e224a5a452b3f03e3f3d70af283a1b94e
SHA256 2a548625e086b219581fac03f8104dfe48032e7c25d063397af3f322422c1c4e
SHA512 c49efc6e0afedeec258e9be2421b4e98753907a0e6b66b7da20bf61d8930a652e62d54635c692fdc276754ea7052fcddf014e23f9f86c042f177afd397524358

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

MD5 a553882170ab70510c97711f5d45ce1d
SHA1 5149ece2768aaf2a7f6c3ca73a4e800be72922fb
SHA256 426e56777d38dea80c3fd6f4a536320d9fc2786d749d3d88c7c695cfd503abf0
SHA512 786708288d679202a887d235ebb0a00f275c632bc07f35ff19def683e1d814e8524130cce404a83f060d236438349470efae3b36654d7bc59ca95ae00ac8c3a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

MD5 a87df15f1820cca4a2034685234f96a8
SHA1 e4e120ade0e859855e61e482d0a46766df652f62
SHA256 105e0c48c552b51d7b0d604b3c4c1e171e50b100517a2c5586ed290ab22b17c3
SHA512 f527de2f9f9fa70487aae6b50fea32eb2e4b684d01f938b1acdaa3f3b44c5dbc067efe5158140e6623a0ca4958807fbccc56b5ca25f888e709fdce444e0bc7dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 5a2fe0a7ef21cdbfa97687e75139f8cb
SHA1 75f4b06938d1fa92d2721f96cb934f0d0e3656ab
SHA256 aaeddf295c46b8ddb2d178a3fcdcf33b5a0cb37655ffc7227b72b230caaa4368
SHA512 1a588b7e6fcb85555b2b05f272f9ccf9b3cc052cc4877c0d9bc35684bad3af6802dc7c4b0207e1684ac8331ad082a2256fc70178e3784eb5f21f0a85e6e0c6c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 525d558e154c5057e6ff209b10198d34
SHA1 aa92ec08fa09e45644e7c9eb4c41040c4b437f84
SHA256 914a6ff11b1b55f91e6041a279e5f98e0061a9e8e52c1eb92c14323d234bc738
SHA512 d4227e2e855f00878aedbcd960338fa301243fb159016432c4811de70b9d337383e668384064d6524fea733ebe053d4aaee3f4279ba621b34bb208d9cb29ebaa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000058

MD5 e7a2eddda51a0b6ebc8536c194e98730
SHA1 547c6dd8d63f26446c9940b842fb653aeb1c0439
SHA256 7689f80ed4c558089bfa9509c42a04d6dd43b8b72aad04702b923eb85fe75540
SHA512 65da67dbcce76e1f8f1f28dc8f7b2880a77b08ba29eafa9c488702fc9bd6ead21c64492d260e261b4a8d2f6be51a0f59689e423bd8ebf28c7bd641d4d0a54b52

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 2cdaa404bb70e8f8f54442ad46682881
SHA1 a15a0daedfd425cd7fa39b85364fa323f3534d32
SHA256 e06315ed6128f4cbc48cba8212fd591a57d9df4e67a90ce231d87b6ee17e213c
SHA512 9bea577f74f9ec70ecdd8598bfb985b2b42cbe1755b6f5c0bc6f516d7bb2d3ee89d74f1963deb89c9d3b01a54d7057199a959c04f794277a77ce12be4931432d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 b611615d8e22f743beb27a36f4b07ee4
SHA1 f2fa0794dcad5bd70ea43a979ae38c60c62d88bb
SHA256 58442f0815e963f6d1f8786e90f76b81afdccd06754531d4cc04a28823d4ae2c
SHA512 4f3ddaad04ca861f69e819526a57c6d04d6cd8814d09ba0ccf7319d10d6e021b3883f28c86559345a1c98782c6b2c50307367c3d45e37a0f0681761731fc694a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

MD5 6460fd935df4eadea7b00a78f2e6174a
SHA1 d2b293f9b6c03c4e78746374d9fadc8002c1f38e
SHA256 61797f020bdb77fcedaf517990c2f279cd36f94b1b4ac50e44acb475bed05405
SHA512 e7b9e0cd6ba5c6e0b41285af649cbfd0935680cde1ef527afb81ce88804d47cac6d8ebfbc2d5cbd9853e4b48bbcc0110b2d5c4da7f7f6ed2181a9e87c53d545c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 d8199221568d9012bac13e4a90e667e8
SHA1 4b3e1524dfd0fadfe8aee71f0b546d0d4fdc1e87
SHA256 bbad36639da8b96105cf7d7acd225fc5eedc04d2930541b43f08146efcddf8f0
SHA512 b29bab80b811a3cc25d5418d6a798cb8b1d87814b96bd6c79969cb40954c6cf66b317fbd41bcc18c40ed49bda8e94c852bf90d2474c81fe0d26710c094e06af0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

MD5 32ed3a28e684abc027d4dd2ea50309df
SHA1 51c5daecd690d9d02d7f1eec8b8b7bfb9910429e
SHA256 90c2228f536563d853b9aa25a86641eed8233af0f5ff0983604b63ba6a04245e
SHA512 7cfc78d3f25da587b4a2f7601cd08b7630b8e438023ef532bb57c2b44714a23aedd48924b63fa866e511bfb3616e0c390fbfe3c50f939ebc8ac7faa37f1834ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

MD5 89a574ff00e6b0ec61d995d059ce6e65
SHA1 aea09e96808ab77165ffa712eaa58b8f056d0bb6
SHA256 e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44
SHA512 30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

MD5 88811a163face77de7537ed95663e1bd
SHA1 b3d8183327b062d233af1c8705d2b7de46d89245
SHA256 826d8ba935aadb481767f87caf7779ec7602d51addaae44112aa754d88b47ef1
SHA512 7f164bda81c3089a511e2027b27125cd43ac2edeb1376f972f2e766c6f226041fd3bf2faca6beee49db10ce9b23a0a16c9675bf98b6419f03d90c6050f97e194

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 d3d71879529d7499ff1c58ab448640bf
SHA1 6a5190136344c0d18f40e7aa66f743345acf2a08
SHA256 f2b28dd3bf823579341040436d5543e261d70fc4d1ef2c28ce9e281c545b3ff0
SHA512 3bf45c5058223cbbbc6d9e4013450dafe5802948695df5831c317740c2c382a564d9163b9f4b599930b81f0626e30c6dc318aa0fdee49b89cce47300d27a1bf9

memory/5144-3372-0x0000000000400000-0x0000000001B06000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b3650d6fc2c55bcf620d9bdad5f2b4e5
SHA1 1903c491cc66d21b0314bf8f66b0622374635eb1
SHA256 42678e7d386d2bf7562f504161897d6e0c01443ee949f18011fe76bbe8e6ebde
SHA512 0be92d7a16c7caad28292bba9fedfc4b65819bfea3c78bef6f6a5e3ecd53754a435b59003d0c12b8fc4348690020f31f22dd89902053550ce386470198beb84d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

MD5 2abd079be1223e68fdd6f520afe8fab7
SHA1 0f52ef825e632aa99b80724e2fc419fe1413ff39
SHA256 fc998bd9e644618ab3ece7ba644b58e43e6503e49b8ea2d19c6ee725c4676c75
SHA512 41d1bcc91961d70146f3434857c2265d2c1ec8cb81d388ddd187de5096e580bda69da20cf4ed56d72aac3d4e731f177b99daeec128e0ecd68dd37beedf4b3f70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\91523c486422ff16_0

MD5 cdb192fddcf7fd75903430a8ea938a44
SHA1 f37c3b60c2ee9067245f37a4506f83a1d935784c
SHA256 8decda6b3b82ec5ddaf611737eeb04a88c355b2102b056bb22ef7c43d1cf4e3f
SHA512 89e51db65680354f53b037069a74112ac5a23b759708db3013e98f82100903d51108d0e1416b550e2fca1711e70251f21b6b83651f461f60a2e782e82a89aedf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fea9fc66c35ff756_0

MD5 b15984382d372152614bf12cacfba017
SHA1 c13cf65e29344076dbcadce6d8197b8f6b586410
SHA256 972aa4f944aa4f601114d90669f69a5fb91bf867c9186cd6745ff7c1de6c43b6
SHA512 4ac2c4fbb4c4064f69034aa77d09397a40f2fdd2ab1e019e3fdf5e01d1a20ee9daca30eab8a29d6d62e521d56076c965b4973a36d24a201c081807cd43361961

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\336a68eaaf209f48_0

MD5 efc38715da0f720fff87dd2f0fea7813
SHA1 3e23defb2bd3fde79fb0ff01fc28ebfae1a7570a
SHA256 813af1c3abe953bd730436177ef528e210a12e1c47262e5babf7f0d67959620b
SHA512 b16c7b935d8163937720cd3199e6a7fcce1091e801f9ad1c90ea942825d51a2fabaefc76e87ca40274f94fe04e80355f5b8f96302327add7517625680e70d24d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1e37115d82a07f49_0

MD5 2c49291f14e7bbe66cf8f1384e30854a
SHA1 364866172631a932d6e91266288e6f4536e34383
SHA256 3ace245bb27f6d78c37945748bce088b326a7dae027da3e8f611b97360f406ca
SHA512 bb6957dc062eb4767219e16c2e610c8f86d7a08f6f1d6f5e741e2712b989642a85b96955ba7f019851118864e9107dff5a8c3978f16ca89314f379dd896cc946

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\135a9e73b7a29232_0

MD5 469e55f1487a9eabd1e41dbaba55b20d
SHA1 34784d7a5331b971d5ab4580ec14cc5ff2549c8b
SHA256 5f5578f64690484ce2694b8dac3d588cd6bf7cb90c004356661268e1eb4010bb
SHA512 112b763f6619c4a5771f19b9ad5c96e697624850ddcfd47cdd9460a831d433689b0f4c1f36f7cec9fbf92bf60372ea1d61fbacaa26b11f7fc60dc35719925e13

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 65ad3fef55b4996c6d78969bfc9bec34
SHA1 5c95933ab2f796bd52eee10eb65f019743ed42bb
SHA256 74092d0549937a5c2d6f06ed8800017f6e6eb49f9e51462026b596d594813357
SHA512 91e9f00c62087442584b25ab16ff7feb603cab020ff40cc3c1ab2001c2a8c9bc5580a8e8475516776c40395dd056cb6ba2059764dc58cac9f1a5b1779e095fc0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1ed96c7419038c29fa67c19dc28f1e85
SHA1 8fbf47132cdbd6303c04628c55f23dec90239dc1
SHA256 cc6088f48f500e3fa3d72ebdb518fc6d0620f0c92a4bec3707b2fd91e01139f7
SHA512 9514c9d32b69b3c70f12d8d3c46d57e16650a057041ca3c801a9eab6747020c7880754fe0059043e97e3bc6f7e0c87ddc41a457470d6844c5a0409b4f9a803a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b892eb16ca25c8bb205be4757f4343cb
SHA1 6af579e7c47a757a2e16e860ed060979600e67a9
SHA256 a27620495d1dc10adb2c5b54b811e1e82df3fa95623ff12022b591f510cced0a
SHA512 924eaccbce7a31c6c452880b7aa94977155b6a1f79ccefd2e478009b37548b0b09c9347afde3a6841376d52ba70be252b6a4e7bd6bcab550ab5823414d1bb2a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5bbf854d86904c91e991618fb862ddd1
SHA1 4a1a6140b432e2cad428c108c83015f78a8eee0b
SHA256 0e84f7267aea0a9a570a806de7acc579f118f9066ed5248c126e2cb74e5453ca
SHA512 f115bf758ec81d8dc1aef3e3e7d096c8d899c30a01d819b1e1e80530b041cebf1816109c5ffb51f56d742c4b9519be9fd7add9bb0b09da765abb5a06a686c154

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e725f01b82deffb1925dae9024f8bb36
SHA1 afd121d75a5561d34c4255539b86c8c0c9390806
SHA256 657a5f37b2ba95403873d9e62200a50084dd781623f082f01a83adc1490d3a14
SHA512 7ae96ae34660bb762b3e499543fbe6b7dcc6dabd63727f90947679ba8c77ecfa5c652740a28046881e72e93ecbe0718c4a6ebd77c61ea4c8825bb9f726129946

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d4ba3ce3459cf8b4e6d56dca3a7bbee8
SHA1 acf57bc9ab417fe27fed485f1fc47e2608c32a5c
SHA256 2c8566ced689c451950ab24affa6651644a12f905b1c032ef4377fcba383bbd1
SHA512 232dc87ea107cb8b39ace08bdd793669b9c048ff8a4102737e1c8ec34cfa6eb93e6bfe5628ac6bde4dda81e059a62f4ceb2c04e5f002758f82bb843004528652

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 99acbc684724bfb64e2042de061f0d07
SHA1 535c29f214f44c7613e04b4ddebac678c6fc8ca8
SHA256 6ef0678881a466eb6964c87afbbbd8ccbf46dda66c3830c89a776cca530cc99c
SHA512 88f5d08b12fbe9bd11e2cb43656b819df687f35ad9ef2c0980f4bd52dfd22c672592d122c6afe1317f7f40024dd1f86688c756d8ea52dd2d4ca0e441ef10b501

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5b75aaaa034bdc2bad2eff6774199b13
SHA1 49e28a4ec4d8287705b5815f05d85df839bc6825
SHA256 4c177807df8f369a9d25f276f9f6d2f6df5c95f369d32088ca676d7b2f1f60ef
SHA512 156928038283f67466b5b2b8bf62ea168ad35641ea77e650099c0cac710c27156a932da113eb2b361e06f5eb49e1855ff29af0b1a8af68fbd12012a50c8b4382

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cb32fead1e41a2a7bb632301b7d108ed
SHA1 93868d9ce54eb24854ee1c39366afc5564e8a658
SHA256 17cd7a5d78938dcd9b391baf070f9072ef89828454a1a5f01100f825263d443a
SHA512 6250f658d0f90b174c8e66096fc2f223b040fb4af3d8fda9a97be42a249be0b5f0346cb7026014903517bb440c6de45f9f06391187f2723c4ef696af7d92e451

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bbe1c971ed9b832ec880e82282f395e2
SHA1 fb3e10f47b13890e7c36595d68cc980d46a7eb8e
SHA256 240302c70306c24985fa5180e297003fe00267aa229e8cfdff222eb1671fae05
SHA512 72badcb187e3c050f0254bbe4c4e522525663983e5d2ce1e17c817c5a4a8616d5b1310099109efb2079b51cd9ca9d1bb9536494b5f6cceba6cc80635b67b89d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 cef17d4a35336df38f31d9fa09ccad02
SHA1 729fc48728c37d2e8ea6a63e031d12c0780e07c8
SHA256 88711234df103af87bd34ec12d5ac657ddd102b9ac1101f4262d33c32236944c
SHA512 e540c703c52ef30a6feeada8510c7f37950d10259249138295fe17225b96e728a8f5c9575b7d001267e2a125360bfe197679bea3c3c43b0a2aff7cb1811bb791

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2e11067c5318cee0fc3c1659a1fb4453
SHA1 d43d9c71317bba258432d1438b793897da69952e
SHA256 271cc6e618e2b7ac7a47ae7ada8d89aeb517cf8dda38eabbdbb2dd645eb9b580
SHA512 4c19f5c9ac182c1eccb2c919d1b555f42262552e5521ba5a49f09174f38535ebbdc9fd4f76d357147968a004e3676edc65d302a91f842a5a7e2a1481159c6d69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6d2f2727787b58cd11903caada2263b2
SHA1 4aa40b7f6b40e89f73d26a495f44a7bb13c84beb
SHA256 04b6aa5b42cf25355515468288e2ec5d84aa8cd49a2855c37a4760575fe360f2
SHA512 cb2fb0670422a48a9266ec6fbeea859eed8ac19469f7d7daabc0330ce83b59a68ba67604810debc3cd5e2c5c7684da96f3521f2ab0a08dbabcbd1a6d57226ab7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d649de5ca60776d721b6a4855f709cab
SHA1 b91c71be8c23131baab8947f442160012a423f8d
SHA256 f75a04342289d5e8521048546b515ab40deed11f8b51d3af571743458f3bcd33
SHA512 72a37efa8187fbbd89613a9c1b65b83d3f5d65806df001ca68f6c393209fd2528ff68e252fd899f2b672c24903e18c96a4c1c0dabbe9bdbe533ca7de3623a342

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 516fb875f6c83437b75f12aaaea92208
SHA1 4e83d341ec9c0d6b1a51d007a3eb90463d4e2053
SHA256 8c74c9050a1564c26a22de4efa34a292b978bd3ed6256747b43d9885e7516cec
SHA512 630e422a10d070903f678bbc3e9c65376a8fd27211c8eec9d8697973f5a925b85726fd344d2dcbfa760a446d78eaa0da9f059946070ce664635e04b3309f317f

C:\Program Files\GridinSoft Anti-Malware\tmp13D5.tmp

MD5 48ce8e3f9468c39b1d10930f4628e07e
SHA1 6bef2abf071ddae715ae56f892a0a1b62bc8ec4d
SHA256 615af4beefa129045ae9732f13aea0dadf4130e4363511b0dbda4786b5865a90
SHA512 6adbdbd98ca5687a44f52235fc6ddc8613b0b41d2b1a751a1a89363721acccc5cdc893d67a8b87eaa0f221e2f5f22b95c49af5e738f106e79ac0ef596d1bc7d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3906e1ef5a4254db038d225cefbf70a4
SHA1 2f55b3e6d09b299304b26ccaa6140cec07e3cd58
SHA256 0d7728e145a77b4b7fec81c7541b31ede065420cefd646be0821a8594b761867
SHA512 b52c4afccb22101e90e33f17cb7ab5c8a32e5c51b4a1df99b34e2cbf0b6c5da7cd8e6fd58c188d2cda4116eca1ddde9d5991309a1fb6a5f0bb244df11fdc2e40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3bdebfc3441788cba5e59390c3722b40
SHA1 6c966b7606cc1d8cdf7adbddf02b1b7e8601acf1
SHA256 cd1a042931c8da7db95e7552f5f4fd4b92ee5e4fb5f7d28f5a4fff8c17c93fd8
SHA512 de4383510f6c430cd657e56b186b6f0da7c9f2d06924cff5a01fb0a1f7ea1539ab6def4c835f77e0bc64d0cdef1168b27c484d07d23e0743356c3ded8c862e5a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c4f6911827575bb3d2f74e1b2f79d13a
SHA1 9446edeaa860a45c51369acdbc41aca441b64107
SHA256 1e990ae09570d99750d36e2de7a176b6620745772b2339c9ac530a667223452f
SHA512 37a8bd95ea0c670eb0a599a86c49da8745e2358890c12c8e518408dbf0f2fc5d22b39d08af1c486ee62543c36bd82c26e476b3fb798a13b10b2e1fb26b7a3796

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 db53d364e63dbaac711178b3fb024d76
SHA1 734cd6c0a971ee4f04ea026ac3c3e0bc2cba7fb8
SHA256 bc8a126620ed0214ff3e5f324c36b6c7a2c482fa69942f15b02176758fb36730
SHA512 62215ba01b34b6b2ad23a96bd33db4a6de7d77ad341e42d918b96329273b08359e9d23ec413d04d00ad3fad33815dba2242dd89b4179f08c18470938ad6b940f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ba6490d88011fbf96ce437ac0197af79
SHA1 fa05e9dc6cb152eb9914d56828406f1b54110b01
SHA256 24bc092e31608fb8865d1c0f2ba9d2672e6a505389ac34bb003ea6ab45e084d5
SHA512 9e82525a115ba7b92982c7fb29fe85f11c4cd2b81f67b4dfc87f7fceec723af9ac297922ecc452249aef7949b94c47292cd4ec30e783050987383521d351f939

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000074

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 998587b941b6154b2f9f2318ff14eb79
SHA1 5e72cfd9bd44483bd739a6f76724a05b62ed61f5
SHA256 17e6871cb496f2a6b8e5ff0d5dde4f61970139976cd34c922b843751b0f2191d
SHA512 0e4a5700f06b7103e5adc22a16b4fdf5b59302f05e24b8ef51d6610594e4659b302ac8fc7b5c2a9db6918d22d82c7c4eb6cbb3dc7bcd3426db836d33b454a407

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d5e9d2989675fff45a13408327714a73
SHA1 d3d6c8b86e973adc5e98dffd3483b5aa54aadb1b
SHA256 363633fddb5f07803ac88e013592a9d23a07ccb9d618d80e9ecaec62b712b8fa
SHA512 9dc953d11547967a2a7b3902ceb6570fcefe5e8e16c83dbf7f67d2ad2dc2942c387c247701c7eca6d68ba5865db50862466cc18201142425a72e59cb7db05caf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8d343b2ad6205379f31ffea06a37a63c
SHA1 3e877a73507d71b03ada6c96161b40d5baebada1
SHA256 c94f189fb499ffbeba4e77dc7f6079616c2eec7668396f2cb7c88e228a2f6bfc
SHA512 6ecf4b84edc3377cb2c71238c2802825c9eb37cfa6f34d99d83fd5172bea77beb1d1ad3495c303364cd7f0428951bd08771ce021c05a6fd39bcfffa49957258f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\CacheStorage\index.txt

MD5 aff0058b034c39b40b7f6913e1c733e4
SHA1 a772d30722b9365f59ee0a088ae79d6011539864
SHA256 d79a3d82cde670a8a2c97c7e52f01ddfbddccef4a67220c0fb4173a27bbbf900
SHA512 74ccb89bf348b9cebf684c7c5d814d9348ea3f4a8d6bc63f11e29afbef506ecac4c1a97ef4c6d4745b77f773863c459cb6f8702114eab72c74f6cad38d46494f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\CacheStorage\index.txt~RFe62b64a.TMP

MD5 36d7d4b50e6e3cdaa80535f51a7d7e1a
SHA1 a44a70bf8b7cbadcf9a22f260457a15a4804aa83
SHA256 cd00db5107fff4cc06de699e1584d2ffef8b427753e7b38fc9a2f5f02775e67b
SHA512 40699a8de91ffe0895c454ace98a28a2f51bfbcf1458a7736ad49ccb2aa868cc602191065a0875b9bd44a9fc8fe453ae077ee1f34ad3131171b3031802abb6d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c8b2eb23ac87ade6eb24f63115f317d9
SHA1 8a4cecf599175b97020c32383b033cd90731a2f4
SHA256 1a419da399afe71b0687e80e9fd4ea8097afd2345b3c5704c336936e078a9639
SHA512 78e46951fbcbf5803bc93f4e16f42afcb61fc98bbeebbcf8a130bcef9f92d102474645f922accb12b5c63b9b273f17c85ed2f594a5180732f2aa71bde0acd118

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ad81573176068671df6d440694af2ab1
SHA1 2759e613b748f4528a2c53d556c060eb36bf1c0e
SHA256 e89b40a335f21859f6708b272e34470dd133195773de85121352446ef0991bf5
SHA512 2b375e03b027cc604727ff61a4ecd0a2b42ffb551dfde18f6eb59efad9055b573affd23d1e9478c412c5d716efa3eec956ad0564c65bb9c7482564ed3456662b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6f6b97cacdd9cf37c146834406a5228d
SHA1 452897c7670d0fbd01ff4c8a190f234aa56d1b00
SHA256 d07ef823f9ee04be6793ec8f52788135e30f4b5b11329248246aaef9b19d24ce
SHA512 1a274231a3a3595505466bbfe5b55ad1f4bfdf5f2bbf7b8e3319619e99b24680e8438ceac234e098573cbfd498c05176c15e7164fec57f58bc374a7e21b9270a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 49d1cc5b5a1881a936c823137ebdf806
SHA1 a34f53283afdf1873c540178a9452ed733cd0cbc
SHA256 c3eeba11c09f74d8a13c9ad1d9b10cc209dcdb056e690226e80a9bc8b44474c0
SHA512 82ee575e143c79c15b63909bf31ac8c2a77c609524f0e84898b9f464cf184e57d314a22110fdd27f82bce1b6eb3ccd3164f942062164a0e886bdfc58b43da027

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a3b55e195bf7c8bae1c323090698058e
SHA1 cb3e9fd0fc9595a4607085371a88bf50546f4294
SHA256 fd156235269ce04e8523ab4272282ff615913ef7ee4749c2483feb0a29104980
SHA512 1d66822ca51f9c5b8acc4321a101a24775460c78e81243da4f8773dc317c21f25669132a8ead7757a57eb98ebdb26c09523bf33765d6bcd5fb70ad2223c6b907

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 819d659f96f0b2689594e3771d86a44b
SHA1 397064746d117e031acce2ba3cd2664afc2621fd
SHA256 12af46216265253008399b5aa3bb6bd9bb365fd48eb874f805c2709f4012724b
SHA512 376e353aec47754df6a8057d1ebd22cbff1742ec9135aa56380c3aeb1256fe4290acfe2fc4623f061dc47b05de34f2878299b5a13ba48bfec271591d8b98f333

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2d72e998f581b11b2e6ef1b3a4309f26
SHA1 d0e07464c4e9714f369c26f5cce4bfa940d05bb6
SHA256 eb0063c08c7c33ed5396eae479b60ff975cba27fa10ed169c4e85a6e79ee6d98
SHA512 87809c30d6d2a3d4521eab04e93910706fed233d8ea97a22f01bd1c15b76b798333a7585234ae8f7bf864f618f7125706c521105f175bd37285ce8afcce25b22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 88769f68f95936ceab4f90ba7e716a1e
SHA1 da1169f4a3c002b7f3cf0cbb6e1889de6eb9e166
SHA256 8c819cadc6ffb0e93c037af282a0e722ef901365c62f1f05721ff6dc2b78352d
SHA512 903fdbdab2634acb3325736f94c339e63b4eaadd8a0ce3297bff44d1988c9ca523b2ed314d215a4f8a82d230d7bf928ec3a0711ed8055caf5fc3f2635dc6f352

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 574d6b1a14e7a2ad8ca1956eaea2e8d5
SHA1 568002d39e2c5d5a8488d991bf4550629c39ec0d
SHA256 6536c7f0f7aeae9d155479edb587cd9b206571654eb0aca8fb4b7734a8e7d2e4
SHA512 8b6c441f4378019a228e6aa20c464b0cfb2139a57465359398bdaffaa72c142d799353a9a645536448d8abeac2148bf91aaff77be1182503e56a1f734833266e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e9e98fa1e3f544044933cafefae8aed7
SHA1 e2bfaa321e37ed4e1cb120842dda600a24901d8d
SHA256 0e92b8b83eb38b7a94d905da2c7da216077f78136d9a1afb690ab3c39c27c473
SHA512 1a3864a797208d2d52dcd178097b48fbc52b50b8ecb46e6ed31db091976f27566e75d1b6943446be32ffb83364fc26ce10b16b7e7611ba8793938493c9ecd18e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 434ac4b3bd6e609271ed9d52e2a597a4
SHA1 c07067841cf4c4e949afc1cffa1fe6364d3f3056
SHA256 8412f675c7ddd0d3411417ed241533702d2c998cb4be3e18075792a73f533188
SHA512 46e09ae912633c48a7875f626d1daceb12a81ecbcc4deeda633355a4ad898356274d02d2e3b7b77cdbc797234c819c3e531ec132577359029476b9273d55b743

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5ea821b2c75e06415cec1e0e28274a5a
SHA1 d301d25e635e8ff0b1f4290789688068bbe98271
SHA256 bb9e7f7a0793ca40c6391233d265df38005ca103db1a706ac9168add1a896702
SHA512 ea72c67813d5da4a61dc233fcdaf9a0b976f486b148796d1d2879b404558ede6049be78c6f164432fc2cff25ff7272bf2ca11886761f58540d8c505e67324960

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 860cda298221f1d9e19f1a5c2f77c77c
SHA1 bd7d6108c2beda8bc18e5517f004335df526f2c9
SHA256 bd6163335cf83c8d0305208cfe35ebc98a2b606ca0b846fe759e701b35c70560
SHA512 74a879757feb2ce3ed88c4ea516401220e0e216cdae9827cd646acbd3bd3a25c36060bf29c8753287d169058873ca396c68da93dc40ca5214e7af48b03a4a33d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d75fdd060fa77bddcf3d95a93e186e09
SHA1 30a304c012e5ea1f19c4188c2bd6aaf7d5d800a2
SHA256 eb647b459eeac36d0f4b5b6c62dd0ecea9718054b3d62483b3f1631e1b615b14
SHA512 b9cecd7ec4e04dcc62169f774273cbc6137dfd08361a839f8febbdfe65d4c240ce2380783ae4da8ecc9e323719a33405f133dd1e6ced601114f5047b288352f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a6dd10646ccab6b9f4dd567d79f6c24e
SHA1 d700ab41d766f147c97261ee733a6217098b6992
SHA256 d8f4b4c1b0541a95fe8a0df4d038d4ee4a88d437f20f3b06cd0a0cfac7800d8c
SHA512 8b176bd09d361f9ca9061a062ccaa88106acc22a99a1c7683d21c35a1d81250f01b0a3f6fa140b832eb9ed78edeb74e4a1b6335f046771a398376df64e174cfc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6afc9415295310a57d4a639e0ef15390
SHA1 025ccdf16a2a245457f2bcab04c42bac62e8371c
SHA256 2c9552599625fc0b6a62b94ed859cb9f8c07157d335c9d0541e43d501185ec3b
SHA512 c2038702ddce87e038e385e9b8fedf867b2cb7a35cfd01046551a5d0eeb291430523ca2fde5aff65d98a8f6412e31efe2ad07b845c7db18e00591415c3943bd0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1f8b44f76c98963f0b1e59fa34005966
SHA1 c995a1588a8844ad964c95212241f6c0ed800940
SHA256 5aac6f5fdb528541f95d0c252a0bad76d484e87867f6ea99768b6cce1c6e7e1e
SHA512 d1d52d4fc27785971129a5af7ab177d9ffee7e710ba0206a127350bde099cc62e74e1d54b1e8ff75dac1ed07bb53039d14109737f95f49cc0d81879570017539

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 88bbee0f1c53276dadfbaf3802adf37b
SHA1 44346ce59f0717c8a85ff3ec183fd4f3609f4659
SHA256 395837d86fc24e8f64b29c2a4e39fefd865b0ce7d05d57b85c49e1b62b82a073
SHA512 724011208066a60295329b417aec91915703b1a8e795cf58984a21b005384a753e14d6021b7261db2afd0f79a911999c6314191fecbd323dd421b58b82ceab45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a5e6249607dc4ecaebb4516847abb444
SHA1 7876b864f93dc8b3b9b9c933d01709a23994f3b7
SHA256 2d12638d678cfadecac8d94269f0acc97be50409fb0b2f906e6dff4ad74bbb19
SHA512 0628c18c0a8c59d5b41f31a6eabaa2ecbf8701cca12ece4fd611d3766227d3e6ec8a88197d212683f0bbdaf403278c51689c821077ab3a9dd87bcfdc9e665901

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d58ef1bf77ecbfebc2022e2da2ac21e3
SHA1 30a4e583d697a9377ed01205faf472f690d509c0
SHA256 c53302fb0df5bbae8fdceb9461316be27e4921467e9b8a5607904e16604f5fc8
SHA512 724dd18ae494f19d8ec00c54b7c0a247b9343f510bb95ca8e3c6a6023bb78b869ec9cdcb15ab3310b46da5d4b79e0bc6c4ccacf272cea35a0e5f48682edddc1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006c

MD5 f55fa25522f657dfc5bc62b9d2084b95
SHA1 b818979001dfbcc882f0889ee659798298ccbb69
SHA256 5b54a58fa55de5cf01fc7644b048498e2dacbfb3cb779059b106e23ee7f8382a
SHA512 f9235f901cbd8f23d5f4796209ee5f20312b0da3c1c1aecadb4d31d9d8e00bc10074e3e0338f69689ca040958ac1ffc30d777403350027e5f8509586194c3883

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005d

MD5 bbb22c17446ef4296fca50d9adda9d76
SHA1 f2580d28230c17409ec60ad9f333c393b05af321
SHA256 62ff16362fb43b15a3cdfcfe7863a164b9fcf9490dfc630b902654be5459749b
SHA512 446f57812496c9cf543d706e5662209ea4ee57a76ac4f6901d0e36cf76f8a6b3a8499d0d8d0dac42ccd632f6844c12a61c9c2da30da781a67da2c274142cd034

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7f17c900e97a78993bc314f0b154d3a3
SHA1 e25ddd734c9bc2b06ed51057af1911fcf6721f72
SHA256 548d34d5330447a2d6d1414716a1db03abb0c7e09ae58b3313420a7731cdc3d0
SHA512 b6e8bc43a5abfb0984be4438f519d17f2b921fd20dba4643636beb94abf8244bc46bf8bd89210e70ac14747a237ba8fcd85c19b4cd2fef2e25c57e89ecd65ee6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 48ea9a5a99650bc9cad91adf42ac0bc7
SHA1 bc4000ee84b9baa57f987c2a4e1ddb72b44be584
SHA256 c057d48b465261cda1c3cb680e001c17450a4fc1cb1a1e4a52db582271ffc622
SHA512 d6a24f3eaa92f7b7a48f3b07013c7557855c9b84de8ecd87821b01438118542d3efcad871179193de3e994d4d082380712afcd5f014fc20034cb02a40f7cf0c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1d467f92f600e249753471f1c7c2634c
SHA1 27156cb774d93151723543fc8a0b311cbff86f6c
SHA256 d34a7a5c0532d44cc3dd0c375c61ba8efe313f0226c258cf9449f307aa1386f9
SHA512 6758277ab04cbc55fe21cc335a279305c6df6eb9b16ab374c9afbf1baa7c97a4f9c770709fb445cb065e5a481c53485986c08ccaf4d7501bf13920f9d1dbfb45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ead99db0ed003e0f9fc39287045813c2
SHA1 06780ad1acacd55cc998443b12a6c504fd5dfc2f
SHA256 58d1b88a359dff7d7bf66f687a18a6fbead5855de4548a44b5084b5cce86d40a
SHA512 c0ff46a7f1cdf48fddff8ec3fd0bd16beb0658b828624b5e56a07bae80dcd656314a21c8206637f0252f48498cb8945cb38a5506a69e22679758d6c3edf91e22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6ac5eb8c182c2d6e4a7ae5967eef6feb
SHA1 75a5117266cabf06e95cc637861dcc11b91ef780
SHA256 c08366172f7b74b028a55910e5069d3b4ad15a938a1df5358ec9dfb31dbc3987
SHA512 dded47bc6283124f12986e862e8dab1d6db8d1efc3739db0be42f1ab3ade6e420d58fa7bed0c6b1a5da2e3da6b8a429d20334a3a83c3e1d4e3960490892dde4f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 839f6740e45f6f5cc2f03724a567eebc
SHA1 9410afdfd4ed141a0d515f0df49aadc781fd2a12
SHA256 c441fa0554679c3183e8d5bb020038953a4688fa27834813148adafbaf86e504
SHA512 e18af9f7d013ce1bf9206cc07c885ded79cacc1ae520626c79c03030e932d147c04518f48515152c0a36a46829d0fe8cbe5355a6cde3a1fa18e310fa58c2bdb2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005f

MD5 341eb844a1f3ae8d929b752b2d183896
SHA1 95e0de8fed5f241ae4bf0cff77d013184ce7fb1b
SHA256 7e7f0b0f1048c0cd8b64560f629a0a198d7eedf5009e034ee680c4573ee6a815
SHA512 c26a1e812b5e6859d1f64119f3d2ad976513ad1a3facb41b7cc9746be83f2f124c97d7e5525729f1f15600c3a52a8fca29e6a59676c927a81949d00bdaa196b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000061

MD5 49404d96b938671fbcd9a0dcee3a4c33
SHA1 b9a8eaacffd608ff768a7135c100c8324623b2f9
SHA256 78b643b695e51acc4c2f71a2f3950d11dc6c291edf3f1a60130f95c5a132241f
SHA512 a6eff736ef2761b94d0fcf44842a3e290e0fe1dc3e22ab4fdeb3ba9f1bf8eb9532abf742cbde002300226bea59633de96787a51cda963ec49aa9e9eb2200f27d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000060

MD5 324209a26c5c29b1aaee889b46bc2cce
SHA1 a4db7288f6b4ae9598a9e2b2b5f75919198d673a
SHA256 79007a40144b521278398d64a2bb61ec370a7d7869b52b3704e7865f8b6b872d
SHA512 3c55942d1006addb96fa5a5c820d5d35922728079ab8bef4ba19665780ac94641dfbd5991dfca118406c6ff5d9071be101de65426deda8ec060ef8419abfe78e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a6

MD5 e8ec52ea5446d48e4fb99c445d981214
SHA1 39dda776ee52ab392f31800083f8e7accd0ef7b2
SHA256 76deaa52044c23556094eedbfe0286122ac035b6dc1fee529a6d53e01a50e51e
SHA512 c71627b27ddb71799a9ba64100cf9dcc60ed8a2238d80c8e06b45f95a16a48710fe9faf5053b49c3bf4bb15ce07ddf391b4300f2f7d771906328ed557345b1af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a3

MD5 da5d5e473cc9214a9af3a077d358d1f0
SHA1 a74c501fcaab89385bd1950393a882e8ed3d0c33
SHA256 567d4cd481d92ec40413967d4d00fa7a1e29520745612c18bd32eb1bcd901d1f
SHA512 3ff7cc29c5fa25c65aaec72fa5eb118eb59463b4002d8e00d96f4a16afe515404dbe40fccb46ca11c727069ce1d5a2f04348d4e340bd0bfcec5e015799a70833

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063

MD5 8eff0b8045fd1959e117f85654ae7770
SHA1 227fee13ceb7c410b5c0bb8000258b6643cb6255
SHA256 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
SHA512 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000067

MD5 c83e4437a53d7f849f9d32df3d6b68f3
SHA1 fabea5ad92ed3e2431659b02e7624df30d0c6bbc
SHA256 d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb
SHA512 c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006e

MD5 8ad86dcc6a438fd564890040236e5578
SHA1 8d7eea182a9333a7a841451cd596fe71bc89ceaa
SHA256 7ae62cd96f319e7c056f1e9268a4e80e39c407f7be158ff538945fc78f920dbd
SHA512 00be041f53a55840008f4789c313f2549044a8421ccfbe8e66135f3932d43f22ab3cae1bbd675eef4dbd744f4498514ae52156ad68cc37cadad08d0e8d28bd70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006f

MD5 cfd42b910489b505ac56fc293edc8905
SHA1 a98ea1b30c266c129702a335e6c15ac0cd2c38e6
SHA256 8ef7490e98e66aafe41142d568f27ffa43ec52320be5de55004d95b2da8d3f92
SHA512 fc8a5750655b308cd203103ea7547b8b00a5ffb8e42b7a36b79fbb02f3a42a2a1122413bfe68145b94bb618ba5bbb0357d690e11c027562b2aa78cf4df7e3f95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000070

MD5 9c1769239d3d28dbde6815d7b7a42cb6
SHA1 04d3ea691c216887692215a76cf5dfc0ab631fb1
SHA256 e1a0383df1dd6807a2dfc35e60acc039166a1fb7a3ff6d1c1f0457cfc61869bb
SHA512 0544a904a0b6d23cd6a3efb094a2f3308695dc658caed2cd7f59b0c4d8463ef6a6cdc2c39368d983b775abe28c4b22a50f9e140e04f34ced2faf5bd0fdfc7b84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000073

MD5 503766d5e5838b4fcadf8c3f72e43605
SHA1 6c8b2fa17150d77929b7dc183d8363f12ff81f59
SHA256 c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9
SHA512 5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\493c497c6b4acb58_0

MD5 1cec39eea473a5277c32dcd3b1732bcb
SHA1 28ce68b388f65cb87ebb256c066d17629365965d
SHA256 0e99dbd3ae6ddb5c8647b6b84cba66d0ba856e0f48627b35f2c8be47001de034
SHA512 0e78d2b77cee087c1e78e2c293194fa66c9db5c6cc35490922fba00e3bae5405aee0a98e3b29726a6e2c0a56994bd51466ef7985fc8a193ccd57c4c29122bed6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d637ae513e9ed236ed789f3702f357a5
SHA1 741239de3324eb9b9e399383a4a572f62d8cb60e
SHA256 86263355238fc1cdc835b3f1a16b9c2063334ea583fd6ab75f33377ab4ced054
SHA512 37ae6925dbb5ab8fa9bfc8a84af65da4f3181af97577458f6eabf28bdf8f0fa5fac29bf107fca77d80d284098a1ab57f2a4621c1fe37e9a6e68df856643aa66a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 20b0c3ca519c5d216aeaf0581a2aa810
SHA1 ea6d25f31421982472d9d61d62ca96e037baad23
SHA256 989c49ce706906c35613221ac90875e43038d99ba0e7d976471cf58fccd6850c
SHA512 d71b498ba5af2e2d1f73fc1c73e3c0d62b2c34f60473eebef5151c1341248d401e0ebee094eaf5a2db6b53ed9314bfbb075c6f2f1c44fb23c5809325c7225483

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 410d4e9c5e8f1fd7192bf85258250d30
SHA1 410a6ce2712938091ce6fd10ccb8f9a9cf1c22b4
SHA256 683c02c4726d941d8005abad0498695f751f00aa6dd3f9fce6dd5cab624e381d
SHA512 2c46abd986d1840f75ecb3c666502f21a8e1753fa25c3f4cb216d4a0095bf6cb6bdf87196f8ce9e5e705efdfec388083de2342aa77d2fd16659930bdded7f58f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 39d8cd7de9c7363f45fdc1a0d9a489c5
SHA1 ecdac2e2e97b82313a356c63903c08c3a4c19b59
SHA256 382ee475967099919546e2a2539dc108850862eadf11882ddc71953039d7dad4
SHA512 cb0d6fed9cc4beed47ee4dc01951e352e9fd235eed45342fd085f82807c5b4f257ba2f9b39e648b40bfd2b1b4493ce0c7011f73e0bf36ea8a5f7e87e7df66ea1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5f60c3449f476c66d70350516511d8ed
SHA1 d66e4435c97d3aeb15b7409b19cd4888d0c5705f
SHA256 41bbb9b067ae87cda5819afe2a9a498491083036523523fc7d2659e2eccddd92
SHA512 7568b26d5c43a53e6c35cb802b7e44ad14e188f3583bac8a9bea5257f53c75d0da6e765b30ed3c7a7fccf8048f46cc59187be9ac5d0f61947bc9f44957bd859a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c5f47b7aa8b02c570bf49689ea2ce8d5
SHA1 76c77d43d3668ea99de537d288bdfa22dd2bb12a
SHA256 7e34074f9d78ad460a3ef7111b3f36328920171a085c47fb09a8ed583ba8fcb5
SHA512 c3e2adce16a1a62f6b57f6f9a487e54cb9a5f0fba33e262fc40b3dfb49779b1dabe7c6113eca0007cc75833ea40c377342c737d24c7de53b402a46967475a5eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 253fb78cc9d00e5e08082ecf329ba378
SHA1 b9a9dcb0fa144c60cb94977038d5d29a169ee972
SHA256 b145f1c535ca3dff3b3b0373580b6a8e61408dbb13be6f95f9669807e2193263
SHA512 246ed6a097064ff44a70585d441d3b83ebef1014c3d126197df2f899882a8b516633735d2e41c267c0d506a0aca5dbae5f3e6c9079cf08b8d0646b1465b349b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d166dcb0368007eca3285d9736c45f6b
SHA1 edf10d0279865c9223de2c53d70fe83f551c2ce2
SHA256 1884d2eebee39092a186fb0bb6af0301ad4aaaa3a7f4cbb1895404beb19dea83
SHA512 400d5468eb3ba606fce3350b576718b9d4caca0c68a453795646b55976ab4ddbf172cee699048596b61dac556df85d0025c6749dc2259b83e057f60cb959b2c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\23307b8d87a1fa82_0

MD5 74c14a62e8fb9c6bcaaae25f34e23844
SHA1 ddf99289fd6b6f85a2fd232e8c0f7ab6b9ed203f
SHA256 a652d9d8be09750755b2bb9e464e7b2def02d751d3298d4f52d17b1eac63bcfc
SHA512 d3b6f6ae3dee72820ee86e1bc605c89b36121d8c075fe6bfc3f4d24f3a0bf50d501688d1db141a3a75519116f06410653ae7d3ead2a1f2b0d2c4ae834df72c4d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5a97a0927c36761c_0

MD5 942508f406dc46dab5049ba630f1ef90
SHA1 bc22ab187b9ca1fffa42280c58d4797a8db7dd29
SHA256 ac1885ec4a5333628ba0e1e4c894cb890cb6ba457177681134b63ccb763d84cc
SHA512 806760558a9ff1c48904fb48e8fcfe3e930f2a477a0d5c4e304fd409c0073e77abc174ccbf198bc12d9e9c7e4bf65696e970e8b6d22561fb29ddcd51d3ce85ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009b

MD5 ef8b09f2df1c04901dfd8f5e5f326633
SHA1 57c877f6c01f8f41aafd8a0e4b5a7444e3890d02
SHA256 f3e517f718fdbfc155538067dd9550d19f9ca91fea4ae69330a5f2c638964bcf
SHA512 c0334d4906be1620c68f9b6e74d5235d4bfec252582b6f00430ef5b8e484867848c7ccaad269d2e14adc35d603d3b6d028ddb6c2a2b98b2032c937b7d67dde6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3702599e0b50e308_0

MD5 ecad0a79c2d110f14010ed16a6ad24fc
SHA1 bde09460aa071c7828fd16b51241bf252ed3c9be
SHA256 5fa91139b3cdb1432a06e13f0d0b25a917457c3e8462ec27d83ba5f12ef88aa6
SHA512 00c8d04ee5b1ae51b5394f3c7f6da180dfc1ddc895b9c7eb1ad985099f3d2d284a20f212d742ed5d9fbbfe042be977d61714e8a723c98c369c8d3a24f31e3132

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f8d8ccd20bdf1693_0

MD5 1c834b9407a3a9e22f7e77ce166041d6
SHA1 f4280035787e5f495fd0f494bcc5a7ab92a26149
SHA256 5e3366d44cfbf735c26f8af0da234343415e778b910e79aa264bb2d8ba10db68
SHA512 3980317a0ae16a7c17702a6b9a8a489f2e1c91dc59f2a6470f74d8195622bb80d24d7446010d1335c33b30934f8e2fc1e4d7d867e4b201dd618f2ca0288b1b83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a4fb16b82935ffb7_0

MD5 622df972958f210632e743b471dae42d
SHA1 460d8a7ba194e20027b241e721784e506c0206cf
SHA256 96531562501e348b43b5c9f5f969768cf018b037e56366fa731962de2eba28e4
SHA512 078099d61495705d98d0271156d45a922854fc0107cebc01ab340e95d2e9865ceaf16c1d911d90a43f223fcf4d3640043a9bf559d4dba5d905a400ee8d8500a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0a7a96140e24a7995b084de5dd608a23
SHA1 ceb9dcfd36000803341f065d468c71caca21816c
SHA256 9ca4ea4d3a273a807477c4f7c4159a8ca48c53644e2dc3fffb0b9a826e11bbde
SHA512 1605ba28cb55affedde62e768f6067eb1d22467173a797211e64c8c24319f97982a809dc307317e9f65be2206a4f0b9ae6afcfa88dafd86827bc4d71ee1e79a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7dad6eb763eb9116fd811c672c09796a
SHA1 1076cba14a3608acb2eeb48df79b33cf34cb9412
SHA256 7e39f5984275f80df8991a26ab1adadcc9d6890d685d063789baf42c1660fe58
SHA512 e40014946b4874fdf3d9c31cce12be2c430bdfa5cede21d39c9e2b9c483af131951d29464114a0e50aaf3c2777abb3eca2b847a69ae6a58e1c6200ec63bbe8e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\75292ccc-fbdf-4519-a189-cbf7a69b5894.tmp

MD5 c12f4b2dbde10e6592519524fc2132f4
SHA1 d3110badd08a7c67586f5628c209c784811bf51e
SHA256 dbc6ef52d55165034424ef7744d12e8ea77c0c97acc09bc0b49224a2b9eadb38
SHA512 99a114c7742c17dc8211e7562b22279ca52c9b0ef3368c5abdf6c574ca2c358e56d7228ac09370b5ccd708e73d92bfa866c86057455118f6c2d76fd5d2ac285d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009a

MD5 8c9cb2a916bc8b2d9faf75b9d941c944
SHA1 8e5f460e9d827d4f3650d64188ea487be68c380a
SHA256 8fa7af3e2dccc7728e7ccc990f7a141042f5f15c6e610bab7e23607d6f023cb8
SHA512 f0faa5d78d892066ec8745544effc6b03624e2e6434980a3ef823d53bd9b72ea79a2c9afdfc1df763fba9307c3753c79200b0646d8c96647f6d8ad5ef570fc0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000096

MD5 3a8ad551ebf9122274a160d7a22100ac
SHA1 1bd2fcd6b86c37a717b387186e510de5c8a2ef2c
SHA256 4c1ee3e726da9b0dd3dae0c2ba58824daaf0e132d9ede9721a8c7dc190a4c099
SHA512 7d6f1986a535b21a45399d13024f28298fd74c4e0e08737b47df6050fdee324ebd7f86b912615287a4cf6d71597ac78805b3aed16c1da0f561c724648ed9e98e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\030691a37a9fcae4_0

MD5 6e08275a3fb7c98aeb09dcfe04ef115c
SHA1 c710f897d9d3455d1645c9f71b1f5fce45aefcca
SHA256 c7f735255147c27f8b721863bd0fb6e90ebdae091636e30969040953f214bb34
SHA512 656174e91d918c809dde4829b0c05dbce37f4382c5c25130d6351282999c663c275f4310033bb38c7f9a13c4a1871e70cb967b37e45dfef38d68223eee8932a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bd45ff8efa7a94b1_0

MD5 1d62b15e8cc7c19f1dfc5287f0cf4d70
SHA1 da194f9beb6408a22b2ad5ab7e407cb9de377fd1
SHA256 77ff3ccd9992bb5ad271bc5b1950dff6c123f4b16f3f96f011b347ece3edb9c9
SHA512 574a31aa0271284b38a064b5fbeaab691d2a63359547a1a57ba9f2eee6d8d0183b6cd3bcd8dcbc6681133454b662fafdb3a5b0a7d000e0c397335243c74b36c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5c90501c-8b46-4d4f-912a-18ba685471f1.tmp

MD5 2d27dc48b4d4eb32ba0b2d15b039c43a
SHA1 ef7f8c99582461a8f021cd731b8650b76510561a
SHA256 ba27e747030b169cdb32e8e2825194fe234c293737a6665fe36bf2daa7ff8706
SHA512 3d1229a00db90e75758429d96697baf02cc190c524e523b20b50c0fbc2e74f9f20d01f3c394c74348b7b94fb7220865898306495689798af550584807d409cd2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ad70d6b34b13c4f30478876ece8bd310
SHA1 4b359b848e7f6fc3e46cc317e12fbd7937c64c53
SHA256 d3d5f45dae61446d403b9e86d7e1adea9b671599e9d726b20c6c7187fb038dc9
SHA512 d4430328333d180138b72e39e2cba91d13e92af2ff41041d934b766b0de68e7cc28f74b542d103ae186fa7bd9c8a61449876798c5025e3ebb9d7ec6dab9f4c78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

MD5 87c2b09a983584b04a63f3ff44064d64
SHA1 8796d5ef1ad1196309ef582cecef3ab95db27043
SHA256 d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512 df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

MD5 6e16a0e00a70defc9c40ae9ece97c9e5
SHA1 9772b4012ee94ed05356c98ba7e27e71283211d7
SHA256 82c83658c88de47b8e7da9904ca19299fc174763fcee974dd3c087b80b9bd532
SHA512 5e3984a7985a21d5644f5b579f32f408b28bfcb4de59764f403e4e10e08085e7b3f099748fa6e22180b6097edb4d8c20b676de182999155b13fdec4fae93367d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

MD5 1943229bf9ee1877474ae725aa6a5c4e
SHA1 3f18841b95db537e77db969f3f3f4e546fbdce26
SHA256 b70da697e9ade0c5cd1a21e3fd5e7e167924c4a780f5b0788e93ef87872cc6b6
SHA512 929c22b464c4cac0cbe79a10450f7bae7f1302945d578c5fc94209944f97669129aa60b8a5586cc101db42d647a4bf2c9cdbce4c45bd1c6801dc3d3c9effff10

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ba

MD5 35ee84b13ced61786d60e8518ac93b46
SHA1 b09abd7c872206ac6efd9c6ab66bddaa2c5a4147
SHA256 e73175833d47b3f021a6153a31ce2f7a1e0765836550b975ddf1c9c1511f4c54
SHA512 1a04e6b6b9c9518e21d1935a89c9f00106894a5a45ddad850c10c6d60da0fea854e3bd9f86a35662dc61d685de2ac2166de366f5d3fa125fb6a0a673aa201049

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f1

MD5 015c126a3520c9a8f6a27979d0266e96
SHA1 2acf956561d44434a6d84204670cf849d3215d5f
SHA256 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
SHA512 02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b4978174a6b65d22_0

MD5 5db6cd8d4d39cf6854236e9ffa15448e
SHA1 865a40e8798d3736990e065993d7d1368d176ab4
SHA256 6bd57366b3e757e63c7b484b84d89f8b5c215bc81dc0e12616cccd1f467b1017
SHA512 5289ccaabdcc1d9628311bf2e9c329536171ef5980bc9f4e01d5e156edda1aa9cb61324f52bac53c59c9df538945a479d8be8dcfa5808d2772bae64d714b58d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a97a52383b688be4_0

MD5 69c77ca3a152a8e500ab4a6778ade723
SHA1 2b4bf8720d565c931bf6b6ec9516395236d97d65
SHA256 9090c2051c40e2374343ef8bdbddbae0fb2e9db582bf7b067083718b4eb4a72e
SHA512 d770c554c7beb041719d6c95e563019a3b3c226c86129c3578af8b9cf29fb0659327d486eaee21dadb93aa98d6b30be7e825782d6ea049b94bcb21f5089858b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c090bb0104933c28_0

MD5 ab49f2ebe40dc1b20b322db12d919af2
SHA1 f6c6807b971f549c556fe5e166c643a5293f7c38
SHA256 4f54378944c1ba063163fed4e616d8123595b381c74eddb87a371e244f8be615
SHA512 575d33267b255c9d97c37fefa14965c21e3c120d2bdeb3c54ccf619c6f07c15e6bca6ae5313aee1d64ada5dfa9019bec3599ed968b398ac300c10e101b6f6b13

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 43037fa27e1defaf00afac9651900f44
SHA1 35d10db132442e1d16cb4b23d75640c9591f7fba
SHA256 a39faa7fecb48b49a6aa4cb6b3f39901eec61c1c4ac5c9c90fc923e5a3e2d5d2
SHA512 04af5438657cc67d8e1c1824ced230592c15fe8d5acce96616d07b944106b54d16bc1beda75414e25a58dce923124ee9e35b0c4f510db57d62923711b824ee70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3205ba90076102e68d1f017c153f5574
SHA1 0a72de186ae3b2ab69a18702c6ed4cae23958b2f
SHA256 375cc5e0f764a7ddd131f256ab8aacc50ba03f58ce09378616ea1222120a720c
SHA512 ae7516e39f83838ec686d259bbc58eee483fcbfcae0cb5d7b05faa59d0d116d6acf0c21d8a443d6227c3cbc6f84b9a469efde9c65679e320a0b6e806b5514740

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 746abfe0f8df7caf9db3de2c3e1fc44c
SHA1 9f5db9b446814e0b983ad19cd5fed59708ce117f
SHA256 86c68143434444acaa1e642bd0e02fd67cf509a009abe1f5c07eca6f5df8bcff
SHA512 8cf73f5675abf5838b6d2cd41418a8ae96139c965421053d65a37e251dac7bd1a5be966cbd749c07321286790f4e20d212958bcb45bfc2a83bdbab89a3942e49

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 119990615d171b8e375cb66bd51dd1f7
SHA1 53e7c73dfb9bce2da4444a7dd8a532d818737ddd
SHA256 97d7e523bd15104dcf4fd6eadcb12968438548fff1b0f1557653083d5171ba89
SHA512 ec1f58361d7dbd8d8b6eb818551c20140e95fefedf2b4ceddba3e036ab3634ff26f3b2a9ebfa50ae35d495339b790ec587e6170d769bf2ed60d4f150cf9926f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b2a549f30b936a665dc6182b5582a4ec
SHA1 0374c31f97efbbd71a467b7b7a1ad31c24c3d108
SHA256 8a2e092c2af6070be7f7a2250640b080dfd1e441ef9dcc5e3f789491f7cb5a39
SHA512 daf509ee3ccf3452f402347e0d3c839de52adb20d0bd4126f0978c9b24805da49f5503792978a9991159e156666c7a5abe66c407ae7e0e52e98c4a2e6cac0125

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ad9f1abc0bd97c51150450d285aafc9f
SHA1 2478e6281c57c6aeeb1af1798e48aea72019f661
SHA256 cffcad39ec7e2e4ed6bb3fc62de01ea4dfde2833f105cb971fcda9ee8116825c
SHA512 a0f3c656b40f015c9754a259891d80ffa34dde891c0ed3d90f47577b7dc20743ec7973aad216b4ee4db54513611d2809398ca6ae8bfd0f03169dbc5dfff1b9c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bb221913acee2e468488699f1660a7dc
SHA1 b5ccda46ac678958136e8c51fd89d18857cc0968
SHA256 5c92e194e06129eb13c2a2b20bb8a7b90d459a53b02b09e18dca81cdc73dadad
SHA512 94b0a6af6b15554088d2f1abdce8958e456da349d1f4a07e49541962512e93a406d83c772c83186e84ff0cedad06fab481739bad22697911dfc0be41937f8602

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 554ec94548bb2ecc7b501465b99fdafe
SHA1 4dd0a43f7f7a01b955ae995d7aabbdf24b38c07f
SHA256 a8c77a36957d0925cfb97daf628862f6ed404983de4f48db8b4cea3344987023
SHA512 31fa1879d376089d357a36b403d9cec3ff7685ec9492ba74ade7281e4c35f4f0981f7f8acad8dc1d436d39a352788e7790dcdf6f720f4024d331209778b02275

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 61cd8252208b7095f607cdf9d68597d2
SHA1 45a6c991619bc2a0807cbbead61c75d74daaa330
SHA256 06ec524ae3d4134c237f23ec743e637a4b31d7c9cc0ab0649d086013a83f5dd8
SHA512 c998e3172ce083d8f39008a8e1fea3606744f650d6dbc122d76dc3f8bfe32ddadb7521d9e54502db63c02d149c1fddc8cbe7aef48d79c92b4b717e681e24043c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9076c39ecc74e3a1dd8ac1bacbdf689a
SHA1 2abbb3df8e8ca5c887cfa27bf8879ccd149c5099
SHA256 38cbdf618e31f38846c6ed72ebd946d8b2eceefe68e01e79b9765ed96c75b167
SHA512 0e79ea900149c4e92fa0e37adc251ffbd31be116087c45eea34ee160c93da81161ec9e4e350a66a2a1f205fe09cfc5e0052bc6d0e60b54eaa47f0653516cd03d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 573833735d4d7e1d603d1c5d46dd8e35
SHA1 900b2f5ddf855f7222b0e22a2a3ff63d522eb22b
SHA256 8838d75140212ed1be4d74c2f4032efacbacd742ee7c8be33bf6ad347bd205e4
SHA512 ce90f119439e654e937b1fee6299bceeabc0651bdd178168713fe2d33ac5840b3a0b0096bf63d74327e314f1e2255d977d67fd60080a74b72ecab5e18a1bc95e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8229dc3cee02ecf7b9687b1f6d7b45dc
SHA1 9aec328ea808baddc9c1687ff0dbf9f499b1706a
SHA256 d34fe1f50b2501569b983c9760edd4f10c388a22c6a12265048779765bc79258
SHA512 5373bdf657dd64d37eed20203498f8b2a20383923e71fcfbdb7325550e6cbc90f75fbe50288f4e9d533367c40b8172b283a8ec4d0b0978b633ef26ca08ed649d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 14024bd87677ce6874e53a74dadc107a
SHA1 4493c0349810d990ac6eade0dc1ff062b008bdf9
SHA256 a25379956b4ddc7daf0cf317325bd31b649d3184bcfb0c4b3333459a4cbb6c62
SHA512 cf0e0c332cc0628642f460eb078deec01d5f1d45570d547b48b84eb2eed95144534cadabe04ac914d561ade1ec81dc54d013e699d97bf85da626ca3e7277d0ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000062

MD5 7fda4c62c1bdeae7a08e6fd438104bac
SHA1 b1f626e78f5f6d7be993303a49eb81f0fa4ce57c
SHA256 4dbd328e347e890a801d51f9a5f8d38a3efd51ec34c0aa22cc83d0a95d6d9d71
SHA512 c4a36a3c1ff23023533dff103a108844b7cfe4e793aba0b1b5576431e77dd6e9edf29fad68132577ad6ad55ca7a011a38723da2fa15d9071d2c6ba4e02d1dadc

C:\Users\Admin\Downloads\Kerish_PC_Doctor_4.95.exe

MD5 28678573f38d467efdac80094ecab68a
SHA1 0e98c000e496584be109b3d5d1ae6b66e2df0621
SHA256 63ac82d68e955d40f8e568ed3f49dfac5f7f145b8794175023cbe59b5262c2e1
SHA512 ebdcd798f60342c2246d63e00886394bd64f5192a33882f82aadc72d9f46fd99bcc5770e9ff94a0f4d44dc06cce871b68ad76cde26db34884ad8668629759558

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3e7e08a05a489846456bee873256eb4b
SHA1 ca1143216a5a79025b323cf72b603720b578f63f
SHA256 532e6e0fb2ab8fb829a12525be488d05ae03716446dd3d0b838654e9b24c092c
SHA512 6d94fe287314d2a6eb18581b44adc4571c37aafb39af0ce281500513bb149ea4809fd3b9c95b5c779af33ddb36141f48c10244e5185887ff15bb9c8b8fccb0a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 5b627dc1c36d3c1fcdbf0ffd000ada27
SHA1 a64555cf51c79595bca02dd1bca51e1ca25034d0
SHA256 f36a08338123cb46365930e2a612349d7dea984dd6731e98bbee3d94e2b9643d
SHA512 e279e650bf7a7b4c7e6c91745e10eb97eb03acdde0b42eedb7a846ff951bb6ecc5f163aea34561e2a504d95c129192593f222efc1b0789e188f8b296125452f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 28767c8b993d7595ad0960491412f3e7
SHA1 72e0cec7e3b2667b4c114fb263bf55fd6c844442
SHA256 731402c553fffb5079e36a6848a9a0df1b6aa915790e38db8f95613ab288993d
SHA512 2aee74e150463d41756dfe66047c9d578dd5ba4ca676dfb2b8b6ae894481db40d314cd616a8d8052cbf7cf41fe60b42396dc5a7e944aa10e6d046119859bb40b

C:\Program Files (x86)\Kerish PC Doctor\Uninstall\is-AQLL0.tmp

MD5 86a1311d51c00b278cb7f27796ea442e
SHA1 ac08ac9d08f8f5380e2a9a65f4117862aa861a19
SHA256 e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d
SHA512 129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec

C:\ProgramData\Kerish Products\Kerish Doctor\Resources\is-48A64.tmp

MD5 a692caa881052965bbb2da1c27046161
SHA1 4361d1dad79d88fd8da004d50a52a42754b9f3da
SHA256 e0260c66163fa7adcd79ee0d0fdb732ef412e1aefe44715680c6049eb4a0cb0c
SHA512 1b908f04b9cd3d06d981bcadaf11b74d0576f1cb57daebf6b77202427fc25a9272d23f9174400ad88cbaeebeb491ae69674ca1e20ca24f4df390269ca34ead09

C:\ProgramData\Kerish Products\Kerish Doctor\Resources\is-R4AM1.tmp

MD5 9ff289eebc77de74ae9bda7cb5ebb0ab
SHA1 6e7c4672135ebacdaf4885fe96bf4a9282f3664d
SHA256 0cf7e6c0f6ffc82dd82fc4ea918ebd1f11037ef5d0498dfa6721395e2a23e103
SHA512 6b4ceb0739813bbde9bc6de56b19a094ff624306f1680025b0b059975e93604ef0de8603171460f39cef34529c41072f81501cefe6aeb515ac966d4ec86933f3

C:\ProgramData\Kerish Products\Kerish Doctor\Resources\is-LRCQR.tmp

MD5 b4e236ad29dfb393b38fed961d95986f
SHA1 88cfc2bba8b2a54b0b2c7d65877f9ea4045beaf9
SHA256 71e894416c6830c08ce91d5f74aa692b767269cb0cb0cc0b7b3718b87d511404
SHA512 d386060b4788af77b3b172bd4dc42d87e1a82d42554112a6b4c53218889001e92dee8c4f223e711c790a14f4a431070a8aac9023042b4cae2c3e2f8bcac6fdb4

C:\ProgramData\Kerish Products\Kerish Doctor\Resources\is-IBI4S.tmp

MD5 5479774fc8262e466a150cc5d621d691
SHA1 00857b1a318181bffc7fbe4bfd68aebc376b2033
SHA256 27d3f2ceda557583112c3030da8a69d8ca0251988b1daae04f1769f430905124
SHA512 6e3a11da052651900d5d6ef30f2bb3cb3c0b56aeaa2e9be478c732b59f47942d3424660f2000846b7a0e04fb20238e34d32ab9ec89f5ef0823dbf1300297517c

C:\ProgramData\Kerish Products\Kerish Doctor\Resources\is-PDRE8.tmp

MD5 207721fc5b278940dd40c69702155c7c
SHA1 fe06daf578ebedb014567fc85950d0ba08877ff2
SHA256 e7a3cfab2e80afc4d801ba851cc21ddbde1a99411d24cb941f1426f215442c0d
SHA512 0654ac81f13f767bb714e0a1665a9fc80942e8a59db4cebc039556f1721189f590431758855903b1f0cfd739957827ce20fb5f9a2d8e4f56667f444641fc6474

C:\ProgramData\Kerish Products\Kerish Doctor\Resources\is-4SMH1.tmp

MD5 0169a8364c7afdc44fa8255c083e41dd
SHA1 13ba38f36585ce4746f0898c3de982ebab13b078
SHA256 bdc7190ba4b81fff1bd3c1da6f9ea9bbbd87685ece4a92417bf103719ff4bc2e
SHA512 0a1304b170a9e716358c5b35d10686e4ad9b98cf4da9c01370d72432a0f096f90328771f11b3f67cd5c3bb750a96ab3bd84ea36de2152a4f8522b08395e825c3

C:\ProgramData\Kerish Products\Kerish Doctor\Resources\Azerbaijan\is-FVOD5.tmp

MD5 687fe13395ed03f1f5b3d5c60776da82
SHA1 c9e912504251adb4a215a17685b5a377d66cb447
SHA256 084c56c24208dd6824af6699b150d029c072228083edcfd1204fa818bdece283
SHA512 a601a95b217ecb81baba393668a80292bb00caf46208e2fd33885de765c5e884e74c557b8d737eb18fe63d20f972ddea697e92ee53056c7fc011f7dec1a9c276

C:\ProgramData\Kerish Products\Kerish Doctor\Resources\Azerbaijan\is-RIJ6L.tmp

MD5 84869099ef212fb881bda3639c384340
SHA1 d6772b7e3029736f5fe50d1a3767d742d33ead02
SHA256 1127fb0d0399d3d89f49dff3285adeeee4ef65e25799281f973f647354769672
SHA512 ce3a226393e7cf1cd10b202bbb7b520e6e1a0c2d378811eadc63e24c688d51d2c1e964b7cccce9bae08518dd1106909c3ac6acce547004a4a7fcb4503ab14fdb

C:\ProgramData\Kerish Products\Kerish Doctor\Resources\Bulgarian\is-K3UIJ.tmp

MD5 6fe8a931107e9410a0c37924f09a882e
SHA1 0891890487867afe813daea6a23b77e92d8e2f7e
SHA256 cf088ad4707c6786f0bc75dd1765ea56bc8b7d35aeba9fd24e0ab7b8fa64bc86
SHA512 f921abea1c2b67339bcd3df7ca906d7b883ada7a3c8f788d41acca2780be6d139feb0caffc45183dd7277c8160defedffbbd3d30082ea82731c2c39b45a93f84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a963741842eb73d4c9f986783e94caa2
SHA1 ffd7e24afe95b4ff4acf7acbf7d1484a47c4836c
SHA256 a99b4fef890f7d9870571c001195988890a9dc3547ab51a50a5a39445084e9bb
SHA512 354629cdd58b2521c9fbc57986598414f9abfbe82f72613c1025d118aa573ade29524cbcc92b05cee4ace8b834c6f2bf56d204234eb9f494fdfcfba7ea6df70e

C:\ProgramData\Kerish Products\Kerish Doctor\Resources\Skins\Dark\is-S7UBJ.tmp

MD5 863e60cbbbc07ff84fa4553a39411456
SHA1 632a31e8e4616b0baa76ac2f280665098c7d0982
SHA256 a536b1687ec43d0a04715e56a2c442c5ed2bcaa35a4712bc33c9afbe5a417477
SHA512 b02e500e2022ee0d5d3d893c054470f33f80d60141b3558f0089c607e092b6fd4be77f1f3edb66cfee9402e6bda31fcc3bc26f2d3f6dd766079a2f1d78fa5369

C:\ProgramData\Kerish Products\Kerish Doctor\Resources\Skins\Evening\is-M728I.tmp

MD5 25a1505eed04845cff74cfeba38dd66c
SHA1 f32ef8065f8c7b5fd9f9786d5dabec51dda3048d
SHA256 87ce05e439ba2c9de2ace2743b614b8f991f7f5c11cb2082d6f263c00e49cefc
SHA512 d1784735f17deda8b3df908740638a23435010e510a3b69a8b4a4690d656673ff446190a65b7225531802a3f8c4185282935a851d8c8997a31a819384728534b

C:\ProgramData\Kerish Products\Kerish Doctor\Resources\Skins\Evening\is-742I0.tmp

MD5 4dba20374ddce5b0e71e7ade422f36c9
SHA1 32474ede3ed9f5ff4b4ac5b6bf0ea0c2ab69782a
SHA256 5ee059f7a41093a4b7bfbe92443d901fa892a5627bfee01c9299d909339cc1a2
SHA512 5580a4f05b9acfa7239b79b0d26d6ff10982740bd12a2e0eefa5c0a30def04234af4e5402035a798a8a9a46adefa1af62e1f56bb25b1f5f9054b6ab48b6dd98c

C:\ProgramData\Kerish Products\Kerish Doctor\Resources\Skins\Evening\is-7511T.tmp

MD5 f9f0635336499bc1b101d8573135d9aa
SHA1 3e89d58b8d29d1343d90913d88330846c0f506f2
SHA256 716d214e0219552d76e98956310dc6f4a1441678c0a2cadec0a5f8a65e4be659
SHA512 fdae9a224ba7bd34b28d7230fb731ec176b758e1f7ef68954f4f891c8f03d1d095135f296cc86778f103b688afc13b0af5d57284033ffd7ddfcdf26424185594

C:\ProgramData\Kerish Products\Kerish Doctor\Resources\Skins\Evening\is-J8U5K.tmp

MD5 ccab975435f3c9aa56f50a457a70ae6f
SHA1 8969d8fb3d7d1872243369b68a37a8c6f5037796
SHA256 cde565e032526a260c957ed1b86a8e2de7f18a1e34e7f64e0f92c33289301e03
SHA512 ea636e12a41c1b3eda31a8338b227f773e98e4427a0ea585581ce2aa77bfd15b5293a2e23799c61b5cd37e453bc3cd060b04277f70a8e04dea0472f343555f01

C:\ProgramData\Kerish Products\Kerish Doctor\Resources\Skins\Evening\is-MSQK5.tmp

MD5 0636de76cb6bf5ba2684df50196c5822
SHA1 74f335679e1bcdd0b30942a72fefa37e74b5583c
SHA256 e5a5ab64fcf0f63d651cdc735d07433f23befbc5f18eac9caf518f2d97efb36e
SHA512 e56ab7f8af9d4e2f14a5ab35b5515b53d1ff2cdc1370762b8c6d77612d56fac37b2748ef3399c87bd79609818d27416cc48ef3e4134c8cf6d1cf44b1eeb31a5a

C:\ProgramData\Kerish Products\Kerish Doctor\Resources\Skins\Evening\is-N6AIO.tmp

MD5 d541c0e83c086c117482ad06f78490b6
SHA1 c989a0dff768318253f7ba33ffc8065a68b17713
SHA256 7e49f53c78fb72ce5904964ec1814d640aca1bb31d79ea5241faafb5a18231d3
SHA512 189b2c74e52f7c796d47348656a4e1633874e0e4049048b000888ed4a7b7a1c13608cae89e2a6e6ed5956c63871060564ffea5eec62fb3ccefd07d17defeb1d1

C:\ProgramData\Kerish Products\Kerish Doctor\Resources\Skins\Evening\is-D1K45.tmp

MD5 fbf342e8020c02349a348c81346a77c7
SHA1 43df7ba885c1b0d0e0d42d2554de1b17e105eff6
SHA256 d8805e47b8f4cc4fe19eeef6f16b4d6980c15716a7a1240a1115b29a89826c46
SHA512 d52e7ee3b6511a3a9d5fa75b1a527f99015d8c00a256d0153797ece6bd2e4728a8e69d639631adb0d1d5a550010d4a8a7cd00d9686a943430b46f000ed9c30fb

C:\ProgramData\Kerish Products\Kerish Doctor\Resources\Skins\Gray\is-1DSF4.tmp

MD5 09d53c774c5f049562154ee8f73a9ed5
SHA1 63eb41807410cf7df7a036565fef996af15ad3da
SHA256 ff248ee3d1394836aaaafd1cadc0fd07fb97e505f1b104be9c75a83dced0b4cd
SHA512 f55988b0a03684d416d1a46212272b112426b036cee6f737a08180224aefe19e9d120b86e03fa8fc8ef6ba4b3bdab57b2264f91d9a582c26ab7e0e8ee471682e

C:\ProgramData\Kerish Products\Kerish Doctor\Resources\Skins\Gray\is-O8U01.tmp

MD5 6cca519705c6bf20d05272686a002e4e
SHA1 430db33061fb765c271391f500be723260091b43
SHA256 073e1c24a320a62be81af658b8a192488abd88dcf493718bd7a7b9db988bfde3
SHA512 af5756c0c06491baa8e4beb43aeb453df08c4db0727f4a64e6783bed1a5e124025574cccf00cc443e8bebb14c9baeb40e47515483939ff3f8d87b181b05eeb08

C:\ProgramData\Kerish Products\Kerish Doctor\Resources\Skins\Gray\is-BRV5Q.tmp

MD5 f652e601e2ef3e1e43a6490d99223824
SHA1 006d9505ceee7f5ac04bd84d66b168784fa7ee88
SHA256 98d8e4244d36fa19c1208613845610e2fe95c37bdef2f85f3617bf8431a676e9
SHA512 79373f734298782530b7bfc396defaeb15425f9b227b6a5de40289ea78932d472a794cdbff9ae2a5c5d77f717282bed223c02fab287b03e554c6992d0c85d210

C:\ProgramData\Kerish Products\Kerish Doctor\Resources\Skins\Gray\is-OBCHI.tmp

MD5 a0f4b42b335f30a8daf06d4186bdd9ab
SHA1 715f7c209f640c2186887f36cf3f8edfcd75dba1
SHA256 945eb6bdf442054e9d6e393ef56dd257d10de356e9c9bc6761ba5f7de7b93a04
SHA512 1d0c4c4bfdf9a5676e646713bb12c3bead03b35a8c2233d820c1842d188b09d6326bcfb941a378dff064e04a6f1d6951d5b93ef62bb1cd45c571c2c04f67cffe

C:\ProgramData\Kerish Products\Kerish Doctor\Help\WhatsNew.txt

MD5 00a7d1e10a68375015ab43d6b72b81ab
SHA1 034c72ed85ff0a06079170cf6abcf7c58c04bc1a
SHA256 97b9003f3a679ee990c568c4fb0df762b9114ada93d94b35359733ba407be1a6
SHA512 cd373b391cf8d1ee1ecd8adf00069617e62496c644efe7aef6f3b7d8fd84e7a967678faf535b83f836ab7e98d2a6b0aad0c9e20b6d3df9fad03a61943e5bf9f9

C:\ProgramData\Kerish Products\Kerish Doctor\Help\Readme.txt

MD5 e8d759656e697608d82d8dc2d065a647
SHA1 c670e2ee15d904993c6cc02158f209a00260c7aa
SHA256 a08423240bf25ff4b6839e6fdb68f0b951db885516ccc8e7cd91166011c89402
SHA512 de8b0ed7eb31eb45f8c7a57c7c3a8afb2b94eeaebfe3bf03df66ea780e015782b89f413f68b975e4f453c07af9926979f0510e31c13b9a45e28ae6473f810ce5

C:\ProgramData\Kerish Products\Kerish Doctor\Help\English.chm

MD5 926a437b2db098101cb5a34905c839e6
SHA1 174fa3861a52432218c81fdaf1827e6cee4f4626
SHA256 2492f1ff4c57a3283947ebbaf0e28f84b885f182c339f56a7b2f4d43fa477ab1
SHA512 ed47272d928d508b2ba7fb35e7dc49d8c5316cc433ce328a7c4ab101af94234e8bfcd7214c7e04dbcb6a244424fa62c0c68625317e278cff45143be78c6c521c

C:\Program Files (x86)\Kerish PC Doctor\KerishDoctor.exe

MD5 8fc53308f2cf679304c7bd987566de20
SHA1 a59da88bcc935b7c9dfe90c3ad2e211dfc6c8c03
SHA256 dd85ca87e4c1ee3daa8c5366b07931378c467aa10f678aa5092eb6703097e4d4
SHA512 0cbac0a54de2d61448083e361618be5ef3d5b3604f0733598f06fb358079872055109b0390e6c17e1fd3a5c3a52d0b82c22ce9a9c1cbe558b99fc1793b49b57c

C:\Program Files (x86)\Kerish PC Doctor\Uninstall\unins000.exe

MD5 83720cf07774bf0740eca730c8070dd5
SHA1 d03d207455e8a91a57408e116142aedea921ce6e
SHA256 bcb8169cd70466be756ad0bf65da97f046e540684562771b1f8bdc8411a79b69
SHA512 3fce1e7a0f0fe42ba729bd743d7a3e1dda44d28d79d6e15160a3d615fa87d11af70d480cd1b8edf1efc42ae0eb911e4763c64a1d757ff84000d642eaf0701fd2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 00c6ecb6f03381c3cd9dffe57e4f0363
SHA1 4084afd97780088dcb90777971a68743b01fa81b
SHA256 fe9bcd98775ea55340f2ccac3bf84bda395a8ee6447025716bf1e727eb505b45
SHA512 e0521c56e6b54e2a623986da3c23ac87fb9e4dd3adbc0225b14f6824238fc920044bb391712835850b9952035f049aa37d625063570e9792c6e9d46349b017ad

memory/6524-8056-0x0000000000400000-0x000000000149E000-memory.dmp

C:\ProgramData\Kerish Products\Kerish Doctor\Database\KerishHardMon.exe

MD5 247748d2f117066fb5faa1ffb445399f
SHA1 9ab74a6b2a409b6408f5a948fa5d249e169bd993
SHA256 b5af758c04f8f641ad86990d56c43aa761ed977a8f31a8da77e375a2ab2862b4
SHA512 c70dfa91fa4679680316eaff97da3143e939a3b4a5e2ad4ea63502ce923db2037f2c8d1f47c1fae32993cc2d7c4803a7fbfb09ec731f1c17aeefad1cf90c919c

memory/5520-8355-0x0000000000A90000-0x0000000000AB6000-memory.dmp

memory/5520-8356-0x0000000005310000-0x00000000053AC000-memory.dmp

memory/5520-8357-0x0000000005A10000-0x0000000005FB4000-memory.dmp

memory/5520-8358-0x0000000005460000-0x00000000054F2000-memory.dmp

memory/5520-8359-0x0000000005420000-0x000000000542A000-memory.dmp

memory/5520-8360-0x0000000005650000-0x00000000056A6000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 eb9c09deec7511baf2e75c8586a81a0f
SHA1 2e8dbfef27f844f99dd8bcc3ae89d2a5dfb9a111
SHA256 d9d05effee512a79223952c5fea5aad6fe3f42671dd93b112d180323388c5e51
SHA512 d14363896b6f48cf973b7704a5c923b4b0699e512c51fe8c9c32e2a1a6588b11c93a99235bcd0ab84eeebbda578b516cd0a481728b46f7e7152f0cb3ac0cb7ad

memory/6524-8375-0x0000000000400000-0x000000000149E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5c50a00280423165d64992817fb23f1d
SHA1 07efd5e6ec06acf623269002d9695f87619abd0a
SHA256 af74415f062bb06221c5382e6f1b5fa15243f2fafedf05688bc32425e1b692a0
SHA512 d590899f58cfb92306c80e7569d3e186b02c97a41fed7fa85a990d9e1b3c7713144fc10b16ab903bf4d101e6d88a9515b560aecbfa0d045702fef859a12dd60f

C:\Windows\System32\GPUTemp.dll

MD5 f4299f4f96439be15bb5f04be77627a0
SHA1 1359406af8ed2f3693f34eea21321b324ff7d41c
SHA256 c71671e66be014641ca24ed856fa361dd16ef802c760ba8e0eede81caace35c0
SHA512 a89d1b9291a12d137dfea0e889b9d9752bb81c8fb2fc26b523100f90a92cf1a6b6dc888a9553692269eb8f8511f50ed2f0cea7f42943e4f2a87fc3b9bbfcdb57

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ca387502583dc0f7f62ccd42ecc835f1
SHA1 9cee77aef84bf616bedce10bdc6396233cd544aa
SHA256 d6d568d8b03cc5b66f83fd4e9a1665feabdb56aac87118cf3131b674059b4f4f
SHA512 7fa81297d78f587cf4f26a0f92f9dd6308712eb3bc154b3d0ef357f703faf97fc9f0c6f330936d93f9b3dd66561871a1527b891546b94df8cc2022a36f1d9494

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ef2ad39099419f76bea4c35345e02dd3
SHA1 6e6d847daa480984a1add392b21eb604c90120a5
SHA256 250d04923cf2a2641130a21bf6a5c0bf4ebd209871a33b1642f0dcf5f99d0a08
SHA512 91f10e9c219a1d09bbe5a8f07e35f3824a24706c413e84892004084280b35e6b637ab1e3a2bd884af0347bb9024d460bfd8779d9e5d6cb0ca416c899f9bb6b71

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c0647489d8df23edcf1965c507b72339
SHA1 42eba28eb708807cf630d008e79904a497034ee4
SHA256 99fc3d362a1e81d3e0833b400219e75d0b5f248a203ae26fd1b159770bc700d1
SHA512 1e694afc0a7bf18dc8cb8f7d282054c3c1ec85796b8284f221f6682ffd2ad38fcf1fef43717d632a1184d7530723fe5deb369428957ff7f4fb187f914175be23

C:\Users\Public\Desktop\Kerish PC Doctor.lnk

MD5 4bccebcd4ad3248253058d7472383700
SHA1 531f009a347fb3dfa6da64ab9c5eca43eae4b64e
SHA256 e47c2680ef24a142ea9bb35359e2e5901282b956fb68dede492732876c5d36e4
SHA512 ea8480782ac9c1aecf65ff9d90936a3197a9ea6530b02279989c245cccc09e14f02212a97e00d458dbc0c503b21285e5de3d77f2e1721ff76bc2e030319c9d53

C:\ProgramData\Kerish Products\Kerish Doctor\Reports\11092024.rdb

MD5 414b1a3a048890a680a6440035647a2b
SHA1 b55e1e5808401165523553aa7cd7dce79444c0dd
SHA256 b55244775928e6bce1223e8646b27763888437df8f0bf058d9a389e1bde433a3
SHA512 932b85c2d498bd4ed085e9d9838386070acae17bfcd11fd1004d74a41c0d452caa76597f52c9c80f100e86227b5862fd8966bbb0f229bdaa59092957c9a7281b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 908f00c7deb28d2338d66558b5b4ce24
SHA1 33d41e3296a8d024e8dd0ccee3abaf0aaa99963e
SHA256 d8b32e8f3f9a7a3d001e0e328fa145efd305007b4177071b441fe0f2425725f1
SHA512 5412305d31d514ac52767693cb0a6f5c461bc54ee409772797cbe167b24cb7c63782a3732f878c4af7a2bd88a428f2c4dbad0af3c19b514287866cd866909d7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 51665255b476401f8d941ecb737c9915
SHA1 7562d8aadf466406394c04a105c5d47522dcbc9e
SHA256 09758da619a5532c33cc770246aa98d9d65369ba2ed31a394f846dbcfcafe2f4
SHA512 e72127408cb3bf21c7afbbf4687b14d0c845909ceaf5cab3d309e2a30e4cd290fab27e2366b54854e82b56cd3b6d295547dd7f7e6335686294ef1c105d94040b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 145a22d437913363aa8d6b5a6a636215
SHA1 f823618dd3b3d9dfc576adcc12cc2038848ee962
SHA256 1d8360d810038461f9c9f2314b1ab965f44c2c28028cdd716893e60ad9d16d12
SHA512 3762d27c7cb3ac291aa0ded8faf8e851e50de5c4d26288b5f993f1c629e312660b72c8f4b72dfb8261b38e5273b5c1a5cfdc46bda5dc8c269d22e0d4fb05b145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b4afcd585bbb63e369bb75489dcef757
SHA1 475637df3e509ea19143b4fca21ac872e94d5c86
SHA256 47fd244b33e7eebede19af95a74d19ad8d78537c20e48cea4d71c9f5c59469b5
SHA512 89585cb333cab79f4dbbf919a55795fa0ca6cb05a4f6a9bc22684cf3e27fd04cbc62bcecda13464cec50ff5bafe3fc414686d73ecf2a7e1385fce6289f192b20

C:\ProgramData\Kerish Products\Kerish Doctor\Reports\11092024.rdb

MD5 193d7fa8ea3eb37b4e9b2ebfa4424984
SHA1 977118039de88cc291334cf54f84b9b3056b860a
SHA256 0a008dc1e4a0558e4e061172944f6c15a5b2470e79f2b1ad0758f64f28d07c52
SHA512 9d862e6a2c1a1c4c06888b8c7ff73ccff5c6564faa30b2055013ac3c50e95ae09af6993b51756c8a6586b1c16c623f9f0ec9386559ef8670df5548461aa9a35f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c7face5b8bc1c530dcde439301111baa
SHA1 7162183f1b566f646639556c5ed6d6960dab3fc7
SHA256 11f0515b4c3f3774ebb61456c9abd7ce7bdd9d3990ecccbff1a0c34f4e6936d1
SHA512 92fb13cac4f15574b29eac9e020dac7ebfe536aa3ebb0115c67057187f5955cf93b979a921336f1b316e718b6860f64fcf87ffd9fff9d28bd54130a4f6570a4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5d8626c07e2ec7160dcd012ff599e0f0
SHA1 6ba6cb1abdb9bf4bf92ebb09f0bb1eb08db670a6
SHA256 ef6baacb0419d4502694e50c4681eecf5e43afafb55587eac7b06a5f9679de5e
SHA512 ee24cc3f232603ef19877240f002fa7c075543acc918cb056321cef3020e49c7b0255213e9cad020de47fbb70550f014a8b66a62df92426622ad66d5b480b540

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 25340d70adae6780c3e249f7c2c91d5b
SHA1 0312792b31d4821a239b1c414b605d36302279dc
SHA256 9b799f392120abe66c45e94df0fd5bb9a8b19b68d42fd009b81c77cbe950e50a
SHA512 659bf816fbd50a90a8aefa9a424f94ebfd85d83859d9386d8910ca1024fad17814380ddd380b3c746784d42a5f25912ae8a2c8de0de99e88050a3b72f37f0159

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9bd10a3afe46713ac0f1553b0c4a69a3
SHA1 c87c1ac3f52d00e8c94b4f3f58d5ade607242042
SHA256 c300923e2be0c4fe1172e0a08f35212d937830b2f0afb045a1d2e8ae00478bcd
SHA512 380e5adcc3d8fa6acb214a090927b4fab74dbe9e3e990e4d4ccaa68515d33d6e5c9ea1464bf4df36a90304cb97ba6caa5f8e7a966199ff74e23eacf5ff436946

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 197ff2aecdc3e1aa8a8285207841e604
SHA1 68235a75967f2ff1b3685d68ae8420c09efee241
SHA256 ac6a3fd8f68b573570e170e98d446ca50db8fd4149d0e40efe51c9a4458d4b94
SHA512 c8c487198e9fa889ddcacd77784351405863979c4153dca4992b1803b5d424fcdec9622a3b4492b5fe1a9fb0dd3ff519696245388f21695f857bf8acff8c0859

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c3ab2aef8ec88722dfb0119971d8d283
SHA1 08b6003009e812e642f2902d32f00565bcc36e55
SHA256 77c0da33dd901791fc7d1dde2a04e296c0ea03ce2c7b00d8e35b914e01e2633e
SHA512 3d4271688cb9b3ec6e6ceb4a48995deab52a2a09a188e36f1516178c36e218f1645ee5ff6a46a686a96221eb5c1786220dc0abe9bf8eb7e4f249b755cbf91b5f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b64919afe647aad60776a5d9bf716c6f
SHA1 9b265193a66ef7f878aa1cf3b8dc131f213220e2
SHA256 0f000da07b15c1faa8377bf284d2be78b32d831d383dfd5e7c5579cd142d47e7
SHA512 68ec41b1e825a6e4c8826bd09603939ba1ecf4f8afe196d2498f3fcbc23fa44b170ad7ef455dfafe0002bcb6aee78763deccc46df246b4691a08bdc79f874b93

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 47d7e73fe6e65a0f9d3cd19b747c431a
SHA1 3d99f16a53fc70bff55c7f368bebd1592ee536a8
SHA256 bffff1ad0adaf1daba3e8d4b15118a0b60db5cf6c953d793e6cb9766ef28aa06
SHA512 fae43347037a206a29a4aaeaddb6d4baf6f98d9504091830deba3894b4e4bb1030db879ab5d0baea0ef7b86b9d3f0b286505423eda2e1946bdfd0901c1212e51

C:\ProgramData\Kerish Products\Kerish Doctor\Update\English.txt

MD5 2fa152f3b0c4d30ab0bf77f0fff86f23
SHA1 6794968f42f96e244eae95b3d8683b233cf88e8f
SHA256 3e8ee97f16c9487242287d9abd8796e3ed135cef5cbd8b0c28ad1a152e220762
SHA512 844efdc3b844f1404a0d644c109f9a6ad38f837ca8a90d4bf4bd5e5affc5e0dc31504f1c5e8ef5247f4f3f743adacdc25fe156de9171b9bae4da4f6123a3af91

C:\ProgramData\Kerish Products\Kerish Doctor\Update\Update.udb

MD5 d0260488bfbab18bc1b4d7dec72828be
SHA1 00e9f52988c9a45b7408a7aa16523035fd9e034f
SHA256 f9a3908ed10155333fa66a74924c66c30eba417255db986ad068c37af450b916
SHA512 814e4c2372d77c676e9b00cdb2a204c491c01d4c754d902b2afc41fd28f4b8128e41d30a29dd1224574b935b476912322dbb1db40bda3141984c069d3431a41c

C:\ProgramData\Kerish Products\Kerish Doctor\Update\Daily.adb

MD5 a5ddb93f260294f3f24d11f0b3316e91
SHA1 1b8adb598dc13065d9396e8bae725fa07b6a47ea
SHA256 e8dfea954fed431ba7aa5ea0adf72d79f28fa2d007ffcf5e55307c14bf10a4f4
SHA512 53aadaf23c352403e74a2bdf7b98657a88e81b4497367993e953a822494e00a302cf2ca5e04c33357341c730be4b8b8c8d4aa9861330bdb448932a46bf9c9f4b

C:\ProgramData\Kerish Products\Kerish Doctor\Update\Heuristics.hdb

MD5 6312a26774aea69b2e5384340475f8c6
SHA1 baa30cb720334b3c0f3db0b871393ea2054df0ac
SHA256 9814f35351413b9181935338919a76445f88ee4767697ee802337d9913fb63e8
SHA512 1a24ddf04edf38c0c5ebee3b7715c7c4817a32c0ddcab5a3aea7d6517fecd1d315e4f54e785b292abc0d3ffdf1ed516688f4e73d77d3ef638d6329f5c47895ad

C:\ProgramData\Kerish Products\Kerish Doctor\Update\Keys.ldb

MD5 ed78d35b54b80089891dbb7bc48928cb
SHA1 42bd4a31e88d518fd0704d0cf4330898cebc08f4
SHA256 3ade7ec4bf8d6b23dc93e5464f162a1d8fda5e65dcfa93b24633fbadda477aea
SHA512 77ff45c79aaade8dc872df222419b9ec6409f0de0a6ead0fe0e6a8c3fb6008e35d6f5e25e1b2763d422ea559cd942a01f5e35da06d80bd1142826d6347fde2d1

C:\ProgramData\Kerish Products\Kerish Doctor\Update\Deblocker.wav

MD5 7226a443f98ce8ec2082cabf469c624a
SHA1 1684d76b2d33959be701136566839dc43c002efc
SHA256 6115da1635227faf74b2385e5fc130d4de6c3e200f5a8adba41835055e9c892c
SHA512 cc430aa7e33e8464cec4847086deb357d8091a6967fa0e6bcd32d73a4aa073919fbf1585bfff7ddb15ef9e41f8002e779fa0537d87a89568cce25951002e41f0

C:\ProgramData\Kerish Products\Kerish Doctor\Update\DeblockerSystem.wav

MD5 fb8c2d1e6e64d305ddcb59464a8bffbf
SHA1 28d2bd3159e2b7e5d4b5a45685fc63120014e11a
SHA256 8697d52dddc59deee836ff3269ddc62ff3f7c3562d476a09d2fab6b894e948ad
SHA512 93303e878f6b66f2daaab456886b827e85bac4bc679f768711f3eda82e609e7507e0e646e7cec95fa04e5f66b67c2bb9a45f0332b8401f9019a9deee09374b25

C:\ProgramData\Kerish Products\Kerish Doctor\Update\FileRestore.wav

MD5 e171580b343055451f12cac3b55df081
SHA1 e90753b2f23c89a2c1579efe6cb15cd611203483
SHA256 8020cde4fff94157e4c5b8117fdd8450a1de0550d823a1cf90f6d22b0d9ba17e
SHA512 6eaf6461015165e67e1e23483a9bba041ebdf9055259af3d109c0692795b3abc388dc068f709de6a7b8cff53a6b39fa9f261ca520a65c6b31f37c309ab26f833

C:\ProgramData\Kerish Products\Kerish Doctor\Update\Registration.wav

MD5 e4d0e94b47c255138a6472089962cd50
SHA1 5ec9e085ccbeb088ce204cd2fa9c37d809434e1d
SHA256 9c4b236815cd75489ec566150ae8fd773bdfcc111cde197ee10eea63288bf15d
SHA512 cd9fd6bbaef30e5ec8900eca404cfb3b13ad092e784421b71ba9f28d286a1a270ff94706b3c2ef7615f7842d716e7f2e12573976c75e703c5c26ba59098b061c

C:\ProgramData\Kerish Products\Kerish Doctor\Update\ScanComplete.wav

MD5 f6df8d6fa7f19b70b9e3e16594fd5f57
SHA1 30db41156c72771293bf033f5fe2993227510abb
SHA256 455353adb662054bb1b118c1222c54efd92d86f58a736aab642ab0e7c2dec545
SHA512 271824ee045a1390f92faf14ef4d5610052655b4763616d25bc0eca5fa57500cbb080a37b6570f9430485942d9c02f6b87eb76d44f3d318616cf7186b667e2ff

C:\ProgramData\Kerish Products\Kerish Doctor\Update\StartupChange.wav

MD5 3fbde2eda66c69da4e556aed05cd0e32
SHA1 60043bcaa7d9da948aa74ed9d22210ea86c29ab5
SHA256 2374ed171d7383b4fbe8458420499cde90e2da90361c93044aeef8db6752e611
SHA512 a603861c3202413105d239e3a71ca11b43fbac2003c09636eac68138c8f50cfd26f3cf943832c91ebf2ca5ad6c3af07b58c6fb02851d9764dfae189f861ab3c4

C:\ProgramData\Kerish Products\Kerish Doctor\Update\SystemRestore.wav

MD5 45ae9e0112b755774de046d0dbbba158
SHA1 7f4bd4ff200d70faf70b51975e48aaa5788a3ea3
SHA256 528348aa32fbad14ddcd350d42ffc3f603f8e83cff2adb7e02fd34f7e3de7664
SHA512 c83852c1d02cab11934fa4b04629bf534f1fd077caaca3bacf6af90816dbc1df4cd0ba2fa84c71986276cbdade7433cf4208d1ecf61903ab71743cd4d1d83dde

C:\ProgramData\Kerish Products\Kerish Doctor\Update\UpdateComplete.wav

MD5 0fa770e47a8a16f2613b1c34f2fa68c4
SHA1 4d2b52c9afdd5bd692c2ce73213f376f3d1ddd6f
SHA256 e4f3b4cdfbbba4cf8b194ea3e0fbccb58c08330b497dcb273f592cf0dec9dc64
SHA512 49093e27566f14950cd8ebc38cbf1e61eca9eaf94bf2e4df8af46bcdcbc38bf450dc2f7aa2ff1b4185fae1df58339401c389ef20dd7024c162ce8c2e42fde4be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1c1908cb26b3f03c9b4bf8ae9ff900a3
SHA1 5513cd0f72aea5d32b63ac4b016c97d9f2ebef63
SHA256 37622d2f4ccc0d5e120d030fd8cfc087b653aaf80eb940eb2c73352c511a47ba
SHA512 58836eef50dc2ead5d3873f6acfe27ef66d390231b5d1969b580b1b97710dd3ca949e8920a156c5c98571acab36fc149c6a8eba832bde8b96c372c336b52a463

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d6abbb01795c18db7cb0fb73e100e412
SHA1 f19b6bacbc6ae607f8f3b6bc6e431b5877d64b18
SHA256 ed76a0b454623419736ba0386c7e8f9f0815b85779f8228d04e90df8200c43e8
SHA512 9b88a114d866bb6c35d543466321f1310f27500fc7df07ee0b01071be66500c342ecfe1d8d953feb5f633ed1b621a5f6afc8c8f29d99c20497df1451f1c4e921

C:\ProgramData\Kerish Products\Kerish Doctor\Database\KerishDefrag.exe

MD5 a628c707cf5edb0a95d6155ee305f3f2
SHA1 bb2f859d7754f740e366187526d217234df96bdd
SHA256 4fd8130f35ebbeadab79e758d39f7087a9d61c9a1bc482aeacc5d7f8bfbf53ad
SHA512 2b867b3396ba3f4bf2a0700c94895b57b3a2744ae5284120fa741d9be642008f1ccc2d047732be69571750499755291da39b394bf177c5c9054a5bc3b1d92bcd

C:\ProgramData\Kerish Products\Kerish Doctor\Reports\ReportList.lst

MD5 99dd9cfd257c435715fc16fdc67f3b37
SHA1 bae1b16564e87a40edf9ab234b7ed3669a646a4c
SHA256 6be68b326403915661eba0413eab6d76a20aa5c38817f4a4a7238fe1e2af7fd5
SHA512 a3aed8d9a8e1b3fe09b99b4d88b62705ddb8969bf46c9cd72cd2f6613f312f3794f705eb210f922f1253341c10dc8d64cfbb92b6cde9c025279bf41132dbc9cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d585b21457db7a62043b21acf9ac82bb
SHA1 614a74daf980760d54dc1270d90d595d472b1500
SHA256 1c8e4958fe3283f2a8d66f277b2c17029a34a52f11bb8a30cc266265a3404bb9
SHA512 84e86b2f292db1b5fd660e08204554949d150059a9caafacab7018e3b363ec6bc88c1141c183b2475ef6683d343a657cdeecc5f1c16bb4e5e75662b5178428e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e8700824eefa000ce6a8956bbc9beed4
SHA1 1f4c8768d6da4c7d0b518e3d6ba170c1158bc780
SHA256 7e62030ac1b1c6445ccfff4e7827da22cd69c2f63a877e4a7a7802bac5a568f6
SHA512 d6c237e415b29f806983ed1e6baaafc9363ac4275c158351f1309b656cfe3a352e90c7e571d60efafb3635c714009e76c4805d51f32e31eef916b7ae44d127d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ffbbe4b1650803bdf47d3f617d61d114
SHA1 9dfb0cb5ecf2c9ece52f81b309086c527e85cef0
SHA256 71c143e8438ac5ea49b9a1e1871a31d26424828f9b3461bd9ccbcf687f49cfe0
SHA512 19b63758eca35ebd5af54c2b0b08ae3b70daf7ed6b3cb932287ea15723835b1c88a4be3c9fef294fd3513c23e0603b40de83d61ba1878c3f34e063450f619eb6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c7263c60dbca0a276867b010600e4635
SHA1 94052d24dfbe9d65e2f8e8704002325417f79838
SHA256 c940f7143ce9407668462b46aa62a523569f041c594114ab9563382c5030e951
SHA512 c2e2f09a2e64467d4e1a15d1972c7348ce20a608f55950264e0c411e2e1629f9c7029be1abc988870a4b383fd924debe8ecf50bde55370fd63c59b33be3f77c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 be4e2727680294d1c7328cdbeba3af7f
SHA1 7a8888ed7f96e6013d2ae45a82dcd86f34fd7db5
SHA256 904016e4f8da8555bf3c69c8cb18af17307a5e6e77e74b4afdf3288267df0444
SHA512 93770715be7f2394d6b2578e6ffabceab86152fe0794519962f7f46df854dc75028c525465054a331647ce7418f9dfdaa38941640644b2e39fe14d73024db157

C:\ProgramData\Kerish Products\Kerish Doctor\Database\ScannedFiles.sdb

MD5 412362ac6e54e9f82b70397a7fe61d6f
SHA1 89d0fabaefaf7c70bd7f4d7b2d9215f695b85841
SHA256 691be58c5b844376e7a31003cee7c681132b5117e578608d0c8830f3856619d2
SHA512 37ee63bd1be451ae51014b2f1207f9f10bc842d8634c5a08bec898bd04e124a6bed12ae2d0932355a7c64031d3b48cb6f8ca9a6c8cde949c311569353fcd28ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 122a7fb8b286fd2cddefe4e7c392ce41
SHA1 a900da3de74a28b064c6c179282a20c16d447fd0
SHA256 b62992f7c82d2619376eda5eafe4450770a915cf7046fe5889d161036be0ff4f
SHA512 d9b26b53f504a56f9a0102f7a4c0c49674c9ee25d97abc79011a9182ef4c63faa813601500c72a75c0fd21f5624a20e635bb1fd3e232788a11343c690e62c10c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3f5a458f3692947059fcb055095779bf
SHA1 cb985a4165744c8edfb854036406bf8383f7e1f9
SHA256 535d6e86a9fe507531db5f3071ec51e82bc84c3e2442c99368f1798d97e58659
SHA512 0981df8d07430d8cd1f5acd24cfd8f5c41a5e706f004e8d75db7c72453eeb534ddce82b95dcfabaf97d906c0ea47c09f4bad8df9eb1e845dcaaee5776009fd89

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 24393e2ccc4e7a164f062df993d27335
SHA1 c8f960244677439e72295d499440f295ae5be7c5
SHA256 3ecbdf289749ebf07b749a91eb3db3d1f8fc338e5cae2dae22730fb893736130
SHA512 a675af57b19197f17a1be1351c3cee6a291f23dc2614081bd7bd71adbe5eb0d191c4d50b295d43b3a002d48454a24ef9e4dc52510f2db54dcfe0c8e71948d10c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 d4586933fabd5754ef925c6e940472f4
SHA1 a77f36a596ef86e1ad10444b2679e1531995b553
SHA256 6e1c3edffec71a01e11e30aa359952213ac2f297c5014f36027f308a18df75d2
SHA512 6ce33a8da7730035fb6b67ed59f32029c3a94b0a5d7dc5aa58c9583820bb01ef59dd55c1c142f392e02da86c8699b2294aff2d7c0e4c3a59fce5f792c749c5ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f81fd21f47fe844327723d45f283c877
SHA1 f52ca01a83a1ba7b9caebfab6d8734ccfce16d43
SHA256 fd546c65b5cad756ff70c9f0f79cc4339ebcd313811b32d37fafc5aa0651a493
SHA512 f92d2fd9b1b4853429ad6dcd51ced79a73c4161c3988d07f5a9db846f5b2c6f57dcb4f3d1d2a4205c822963921310c169443245ac50eabbb179e0dd9cda33ca6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f17a51458797ae67b6ac7f423ebd18fb
SHA1 fcedebda50815a07cdc3a1b0cb6a08e49a434ad7
SHA256 ae748a888efe60a4155645c3a74da9278e3c6d98010dcaaf3d43af6636de688b
SHA512 8c82cfa1c83c3de70d3cb6317475458b631b235f3c3bccc2d6340ea9b6311717ebc749c96e7e56a4cd3abfc1b5007d6d395c32f85ced9bd99ddefcea54a2871d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ae0ebb1ffd772acb089231364e3bacba
SHA1 2a8937a897975b9ae5013657865bd71bb1d93ce3
SHA256 54402fcf81fc5e05f6cea7b9db07f4b823049d2b16d88b5e18dedf72bd72fb9a
SHA512 87a1c4f15e9e8ab688ab1408d999193648f6c872cbaf951b9a852c6486dde899ea0a9d9fed06cba0a2916242c702209c4be3db186d182bacda8c702ac2d3949d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 94c8c84e93722ca52685799c2160be72
SHA1 6d31aac1704380c2d5c74ea13b937f8cddff1d2b
SHA256 ce910b1750ecca286825e69d8d7bd7defe1d2ff1c5d0909da7c50ccfdbf594e8
SHA512 3227d739fe7415e66377f464bf0e9187a8772b3a1979bc0d5dbf678d69924ada5f0731c7c3003a94c28518fa9a4793f3dbf38c28867efd4fdef84b7d31059642

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000126

MD5 e52bcd6d476713e2e8eb983fd9bb7fb2
SHA1 9da4c310228c5c5fcb56bec7002cc5b1d0907fb8
SHA256 01db604b833e1769e5dfbdb1970b7c7ca7bc2baa3b2bb32f5e357f01c383b6cd
SHA512 e19184c5f6b6e9493da6039ed1840d00ba6b3b341dedf4212fea1b5bb1770ba3385076db5c8bb6107b517b071745c7531c8edf8298e131b8187622917e698d84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9cfd7b9db73eefc762954a164a2cc321
SHA1 dd7fafd0dbac45512b2388166b14738f50e2ec6e
SHA256 8e1444689700344c3231b2a099450f0ac035eb60f4da27a208fbd7023cf9e86a
SHA512 b882bcdcb8e01b165f3c44adc55e779956aab5272cbca6c08bcc7b761c1fec60c206ddb960bd1a0adb73528fc6815d0f266c96e95ae6f9643d4d477ee35cf0ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e19b618ba5d7b57da2f6e6778192506c
SHA1 11b37a4fea3f8e8a3e9b32ba78491df5a053971d
SHA256 9002a697637f49adaf181b3d2b32b9ba658041973e700228f0a4bd4f0f4ff834
SHA512 0b5e555015d26f06582dd9deb2f857afdccac96bd0face074ed41275852497a9dd2768cc1894406167e2c91bbe73d6b4e216a5e56bfd9586a4c40e0d2db3c8d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0cf99fb43c4c6a89c1d1d3a78749477d
SHA1 22c19c4b9502a09034ad004332defb22ed03b4eb
SHA256 ddb27c5a5aca75ef95842fcf6b3c223a89c423b6fdb4efe220678d2db2ef4d40
SHA512 ec7a527368f08596cc4125997d6c9d1a12d7a8d9b7649ab141bc187fe30cc8b83ee43365dd3aec7088eeb964d33d881bad5f3c9744375749094636938ed72f07

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bf93cd38121d2632a900163ed1092b87
SHA1 665bd4243e6866023cfed4e842c361b96cd6214b
SHA256 86b32c5890f2824702fa9475d7fefe04b3687992e1163138ef2b6b97dc362677
SHA512 8dd11c7c35dc54836a2edf8b3b7be2f9c7c8ca479b1262aa923ea92211d53dde7c613a45f0adea550f6b5dc7728e7ac6e8489e15c8af5ef74f8bc6a9b272e39b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8cd67a39a8be40cdf9d13e28bf9b338e
SHA1 87482a913647ebba3d737a2fffa23c73bc30054a
SHA256 ce684373aca28e4bf7d58ed335fba3c615aa0cc6ee5dd0a369dd50d7b89c1bf6
SHA512 e80aa209555599f149e8cacc685f85e1d7f64425b58e6d113005d06b3f32fdbb83bb62442369c20e689ec7dbc30bcee1568a2f5f64ed6ed9d5b03328c63f827b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bb162ae7ea1eaf1cdf968bf347263baa
SHA1 0dc71faceeedce12b3a584144532e33a3666437f
SHA256 6f8831d297dc7a65a16e6678507b539f83c3afdf536b142acb15c1a6c98456bd
SHA512 33490b9f13382dfc06969073e160b45acd23ad70a839d9ef2bf1aa0cb5159796008aa1c2c38f2a0e9dcf06797c230625018c24614c9dec69ec5fd7853d62ebb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 16a3f8190e3dcf8ea95c24b8690356cc
SHA1 86f0dff7caa3e30040aab3ccb5916c5254ae97b9
SHA256 9cf2213c441b583b57fd9d64866100364cee98b2377ded26fca0e477c7fef455
SHA512 fb18946f655dfe6e206ba66998b159f46bf9009a040532313faf8197016d1cfbc80d4215704d7a7f4001d19e94e12de22eb4833a0bfa579a5cdfbf5469f43aed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 afdcd90ac7c260bee25ad058a351e825
SHA1 63b4f7dbbc0c887f179f0759c885ebd8db6b715a
SHA256 7bf9900e38bf149d2c2b2fc9b0dbbef88d37f769fa9a3e587a610a30cfccd0f6
SHA512 f7834de14c8ff126c0c36f801bbb44d71ecd006a18f9c163d32459f2eb87eb9dcb37885cefd703f4942ce7db71971880a27b943c91bbced3baa5e596a31a73e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 5757116b69b30ba70fafcbece68dd658
SHA1 7150ff9c4bc51a1b6d43387626369ebaea96a163
SHA256 98122a139a058925b6beccecf7865f916897e818839bad9607c1900a79c2e853
SHA512 430594d277b921d19911fc127b3db4422f24a37d67bde532615af4b7775567ec06c282e81619cd935f61c10ad7b6d060f4dad03da1a61b59212af7b48585ee92

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0b3d25edac78f0cb6cbff348a29eb8a0
SHA1 066e47efa2daed533e4f07d7dca3ed7a0f763f9d
SHA256 01153b20d6df0b767e05d6919fefd1a3201a0882210fd22290f6a5961b291f70
SHA512 5b56605a83cfb10725eb10b270e5b5f8bef8a09a372e1a3fd7c3f2a9c3de126070afa1ef61d61b244ca0dd1a11a472c82284f7f83d9297355e467a379e154969

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b8f5e6292801612e92e187d21dc00871
SHA1 027f9b0bda55ab9c07ac89564b42b38caf932020
SHA256 0ee208a7d1e101a1b3dc3a3b52a3513acdbb5cd09f39f2d6801b6c99d1eb2603
SHA512 86e1127b0fa3a6197432d8e786f2a365dcbcb17e94127e3107f9ce419981b9f121086902b86c6466f7c99c3ab3e48516b3345c690813a8402069696e91bbd4e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a1c751abf65f33deb2d8e009957ebf02
SHA1 1f0b1378e1609d59c1f755f29e69c38eedb3efd9
SHA256 da93c2d5e1440523b89607efc1fb65b42bfdc39917bf77c414c6c997426cae58
SHA512 cce89acdf09b21c73b11265bb356b321f550c5122f90e9612c4cb974cd9e4bd15bef96dc7de9020ec0b27964e87093904c403dcc42d7ab1438bb7c31cec20f5a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a3c403d843d6dd5846743bba34ac9211
SHA1 8b4d483123f88338427447f06a1fd66ee0366406
SHA256 7e854409c6e54ca810c41c568d4777e8aeff59b6b567097f4bdd2659167af2a0
SHA512 b92b4d86e49ce95fcc1fa12c7675ca5b1389fd50721e3ab3c2be7920992f7d2b10687582d64a3bc4b6f9356ef97c457cf46a342b5cd36aa4932b631802f89681

memory/5576-9808-0x0000000000400000-0x000000000149E000-memory.dmp

memory/5576-9812-0x0000000000400000-0x000000000149E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c47e1b8f01b27596811e02e739ea6f0a
SHA1 9593b1b9e0898024808b22f33cb7bfa24acdd5c7
SHA256 4eb6cb61a01fc5930201339806876ce642940c86c072c50da5b4f138fe803058
SHA512 c5e2dbb532b640147697d3ae50b0abfa7735dc3bef7969868470fa2e906d35ba737fd2c126d68f2dbb6fda68b32b3848131e97bd0ca479d670ca3b4c9230f41e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c6974bcf6eda558ed06e7b37af41f6e5
SHA1 37ea8e0dcca3bc15a0205a82ae6538270ca9bb43
SHA256 a30728377962e289338b7d5cbaf68c6f0c18f4209a331b752de1cdaa15154900
SHA512 ab58a40e6e46169fb3e1b88522eb1be84d9ead9c5de188df20f8e1b140ea0ac2be568a30c76ada48ba13971d4e1b2e860a6b7c92e7e6eb40606f8659cde7da88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b19a0839-6b7e-4f57-bc97-59e3fbdf1628.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 237a33ad5493f01260f411b6f260ab34
SHA1 cc79a4c489eedc49615c61431f2ee4a6d4881da6
SHA256 d37f434144ea5034400d6e9ac928278b2a517c3fdb070559b0b7c7092ec23381
SHA512 9f5ac339dd6f40fc0474984a06e9d67f61c5fe5910eeeb3209b57cb080ef785e2303e20ad7ce4cc239c620539c8d82746dd9f0b970a194c8a10e2fcfb10f2357

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0fca4ced430653f1e0b3e6aa04a53c59
SHA1 f0e5512b3acf9102fb6ae202cdf13d0400e02396
SHA256 2005e0454589330b0eb8af13c411334bb66ad9ad8d7f353a51d6fadc0274ed80
SHA512 5eab4e255a5fb9d4c504ae996ebb6195320d9b72e1f9b47130afff0bfb30ae3f6019eea65a66fa58e6c1be60839dca6ad1df8063fa751031e8ada889eacad74c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9affe5e482b54fcc8dd60e264a7424b7
SHA1 18384789325d316876bee776b8fe826fb3a8ea4b
SHA256 1d884ba99c6bc99f880aededc18f435ac67e11526b6ad07f80be97007c62adf8
SHA512 12da1e2e7c6f07d48aad3de98811d597b2d55f52aa5998802315f4da3054775bdb60899cb5d235502408afd834e158c7c3be3af37914e5558c30e49bded28ab5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5782e17d7900fc915439c9534518b40d
SHA1 9295a574715333d92e1021821e24da9f3b0edbdf
SHA256 a4203a5502ac7c3949712e4939bfd2e59d492144fc1feddd909afdb4bb2a9f40
SHA512 bc1f083cdb5bacb932dff4bb241fa00cc7e95a7787ebc12469a810bf4b660e0e0c139f6059ef46d076d5cc36e8c78205d5cf8d85e364284ec6aadb7d542a5048

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0e391db880734595a47dd961c4019cb0
SHA1 ad45d0ea78b5cad9d9a929465b9edcab696c2b2e
SHA256 704b4fe256e73887f0a325ac50261e38732f6b8d5be28b1a0bc9308b00e7ab6f
SHA512 aa4a23859bc1a8dbd933d250804f4ac31ffb94948116475d0aaec17b69e42fc386cc83dc295debdcf85a8471a28f7d52be8a795f757a7cbb1190943f6115303d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fc136ba0bef2e248af3aa4352cd893ae
SHA1 d041cea045e20f1380a4e32329ccbf916b835b41
SHA256 69a335d2adfdeeab22dc18bd9514032ff8e49898b01e522c0aa4df4648c486f8
SHA512 af1d651cae57f06cfe2954b0e0aba3ec3520a05107f2643cc65c03cf28ca726627d5ed502578c0acbffbfe3a3696083243f1c6cbd604e25a0dff1e5c0fae6693

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ba20b358a53c829c75b9b2fbc6c5515c
SHA1 48d89b3a0123f0d24cba3fad7689270faf23f573
SHA256 6b64249033e01e718efc5ee5cbccb937b78031c60ff54d0bcae3846d6fa455c6
SHA512 9eb0205e1daee55668a4defb646ebde63ae33e0415f2058aed4b7c4936660db641a4fd65d79bc3c6dbcac5879adb09638870752d8b8141e466eea462f5059cbc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e40bf60c116eb05d1a189996d4bb4d61
SHA1 23c12600218b315df089aeca966fc452a2b58e8a
SHA256 e1535aa352cd6a6b9d69cd779eb389f26524caf3ce66af15c9d5d679e6e1b81b
SHA512 65076c21682c0c7c4f605e3c8007b6cd8426f814e6ed565d16e87ff6880e4a8e29503699a9a7a727830fb7b2e29501fb513f3b3ed3f9c502e92bff5cb39689fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3d9a030b8841484bd30ba8732dc230eb
SHA1 8824c976714f68f856c49a9269e5714fab4f9795
SHA256 6c7f17b44bf5df299e0ced161c6b13bca1ea25ff5ec9cb000bc6de647d739a81
SHA512 c6f78177b7251c9b1677b3a9314fd87d96c979d223158b345c8f97593e041c696b36252255b88048bedcf2671320b5501211f628724ba4a79d209020e48f820b