Malware Analysis Report

2024-12-07 17:10

Sample ID 241112-yh6kfssrbn
Target Twixtor Pro v7.3.0.rar
SHA256 bc195af8ec6478465e1af23da51ef8487360ad09388d4b7e5260defd1ab49e33
Tags
credential_access defense_evasion discovery evasion persistence phishing privilege_escalation spyware stealer trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

bc195af8ec6478465e1af23da51ef8487360ad09388d4b7e5260defd1ab49e33

Threat Level: Likely malicious

The file Twixtor Pro v7.3.0.rar was found to be: Likely malicious.

Malicious Activity Summary

credential_access defense_evasion discovery evasion persistence phishing privilege_escalation spyware stealer trojan

Downloads MZ/PE file

Boot or Logon Autostart Execution: Active Setup

Executes dropped EXE

Event Triggered Execution: Component Object Model Hijacking

Credentials from Password Stores: Windows Credential Manager

A potential corporate email address has been identified in the URL: 5CSSS08123F5245AEE00A490D45@AdobeOrg

Loads dropped DLL

Reads user/profile data of web browsers

Checks installed software on the system

Adds Run key to start application

Checks for any installed AV software in registry

Enumerates connected drives

Checks whether UAC is enabled

Drops file in System32 directory

Drops file in Program Files directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Windows directory

Enumerates physical storage devices

Browser Information Discovery

Program crash

System Location Discovery: System Language Discovery

Checks processor information in registry

Modifies data under HKEY_USERS

Uses Volume Shadow Copy WMI provider

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of WriteProcessMemory

Uses Volume Shadow Copy service COM API

Checks SCSI registry key(s)

NTFS ADS

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: AddClipboardFormatListener

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: GetForegroundWindowSpam

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-12 19:48

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-12 19:48

Reported

2024-11-12 20:33

Platform

win11-20241007-en

Max time kernel

2699s

Max time network

1390s

Command Line

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Twixtor Pro v7.3.0.rar"

Signatures

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Downloads MZ/PE file

A potential corporate email address has been identified in the URL: 5CSSS08123F5245AEE00A490D45@AdobeOrg

phishing

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
N/A N/A C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
N/A N/A C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
N/A N/A C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
N/A N/A C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
N/A N/A C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
N/A N/A C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
N/A N/A C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
N/A N/A C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
N/A N/A C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
N/A N/A C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
N/A N/A C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
N/A N/A C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
N/A N/A C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
N/A N/A C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
N/A N/A C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
N/A N/A C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
N/A N/A C:\PROGRA~1\REVISI~1\TWIXTO~1\VCREDI~1.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{050d4fc8-5d48-4b8f-8972-47c82c46020f} = "\"C:\\ProgramData\\Package Cache\\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\\vcredist_x64.exe\" /burn.runonce" C:\PROGRA~1\REVISI~1\TWIXTO~1\VCREDI~1.EXE N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\AntiVir Server C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Premium Security Suite C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avira\AntiVir Desktop C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\a2AntiMalware C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\COMODO\CIS\Installer C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\AVAST Software\Avast C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast\Exchange C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\AntiVirService C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\AntiVir PersonalEdition Premium C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avira\Premium Security Suite C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Doctor Web\InstalledComponents C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avira\Antivirus C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\AntiVirService C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\SOFTWARE\K7 Computing\K7TotalSecurity C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\AntiVir PersonalEdition Classic C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avira C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\FRISK Software\F-PROT Antivirus for Windows C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\SOFTWARE\K7 Computing\K7TotalSecurity C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Doctor Web\InstalledComponents C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AhnLab\V3IS80 C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Eset\NOD C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avira\AntiVir PersonalEdition Classic C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVG\AV C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avira\Security C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Premium Security Suite C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast\Exchange C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Eset\NOD C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\AntiVir PersonalEdition Premium C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avira\Premium Security Suite C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Bitdefender\QuickScan C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avira\Security C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avira\AntiVir PersonalEdition Premium C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avira\AntiVir Server C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avast! Antivirus C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avira\Security C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\BAVSvc C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avira\AntiVir Server C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\AntiVir Server C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Eset\NOD C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avira C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\a2AntiMalware C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\KasperskyLab C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\COMODO\CIS\Installer C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast\Exchange C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Security C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Eset\NOD\CurrentVersion\Info C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AhnLab\V3IS80 C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast\Exchange C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avira\AntiVir PersonalEdition Premium C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\QHActiveDefense C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\AntiVir PersonalEdition Classic C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\QHActiveDefense C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\AntiVir PersonalEdition Classic C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Bitdefender\QuickScan C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Eset\NOD\CurrentVersion\Info C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\warvpk.exe C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\fg3MatteNot.jpg C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\dyn02_badtrk.jpg C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\WithoutSmartBlend.ogv C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVCcomblayersettings.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVDebugdetails10.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\SmartBlend1.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVPointTrackSourceWPt2.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\trackPointsHalfwayNoHelp.jpg C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\Adobe\Common\Plug-ins\7.0\MediaCore\Twixtor7AE\CreateMotionVectors_64.aex C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\combshowsplinecontrols.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVCAEmasks1.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVPointTrackSourceWPt1.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\backNoChoke.jpg C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\combtoolbar.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVDebugdiff100.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorProUsersManual.htm C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\hand.jpg C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVPointTrackSource1.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\LayersOrigFootage.mp4 C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\fg2Matte.jpg C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\combtoolbar.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\Adobe\Common\Plug-ins\CS6\MediaCore\Twixtor7AE\TwixtorPro_64.aex C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\Adobe\Common\Plug-ins\CS5.5\MediaCore\Twixtor7AE\TwixtorProVectorsIn_64.aex C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVBadTrackingLayers1.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\LayersOrigFootage.mp4 C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\TWVecInProbLayVecs.mp4 C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\comblayersettings.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVSource2.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\fg1Matte.jpg C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\combusesettings.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\dyn04_bettertrk.jpg C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\SmartBlend2.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\comblayersettings.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVBadTrackingLayers2.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\twixtorAEmasks4.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVDebugwarpOverSrc100.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\Adobe\Common\Plug-ins\CS6\MediaCore\Twixtor7AE\TwixtorProVectorsIn_64.aex C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\fillInBG.jpg C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\Adobe\Common\Plug-ins\CS6\MediaCore\Twixtor7AE\CreateMotionVectors_64.aex C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMotionVectors.htm C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\LayersOrigFootage.ogv C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\TwVecInSolLayVecs.ogv C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\source3Layers.jpg C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\trackPointMenu.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\Adobe\Common\Plug-ins\CS6\MediaCore\Twixtor7AE\CreateMotionVectors_64.aex C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\combscrubcontrol.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\combscrubcontrol.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVVectorRegions.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\WithSmartBlend.mp4 C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\twixorAEmasks2.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVCcomblayersettings.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVDebugwarpOverSrc100.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVSource1.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\Adobe\Common\Plug-ins\CS5.5\MediaCore\Twixtor7AE\TwixtorPro_64.aex C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\REVisionEffects\REVisionCheckUpdates.bat C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\twixorAEmasks2.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\source.jpg C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\Adobe\Common\Plug-ins\CS6\MediaCore\Twixtor7AE\Twixtor_64.aex C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\twixtorAEmasks1.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVCcombtoolbar.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\REVisionEffects\Twixtor7AE\vcredist_x64.exe C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVPointTrackBadTrack.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File created C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVPointTrackGoodTrack.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
File opened for modification C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVPointTrackSource2.gif C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\settings.dat C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\metadata C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\setupact.log C:\Windows\System32\oobe\UserOOBEBroker.exe N/A
File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml C:\Windows\System32\oobe\UserOOBEBroker.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\esetonlinescanner.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\PROGRA~1\REVISI~1\TWIXTO~1\VCREDI~1.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\PROGRA~1\REVISI~1\TWIXTO~1\VCREDI~1.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\esetonlinescanner.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\PROGRA~1\REVISI~1\TWIXTO~1\REVISI~1.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScannerBTS.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000fe04b3d77c703a960000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000fe04b3d70000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900fe04b3d7000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1dfe04b3d7000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000fe04b3d700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133759146279403360" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\WOW6432Node\CLSID\{23A5B06E-20BB-4E7E-A0AC-6982ED6A6041}\LocalServer32 C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\WOW6432Node\CLSID\{23A5B06E-20BB-4E7E-A0AC-6982ED6A6041}\LocalServer32\ = "\\Admin\\AppData\\Local\\ESET\\ESETOnlineScanner\\ESETOnlineScanner.exe" C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options" C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{f3130cdb-aa52-4c3a-ab32-85ffc23af9c1}\InprocServer32 C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0 = 0c0001008421de39050000000000 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)" C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32 C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\DisplayName = "Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501" C:\PROGRA~1\REVISI~1\TWIXTO~1\VCREDI~1.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed." C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Mode = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer." C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByDirection = "1" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000000000001000000ffffffff C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "29325" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1537126222-899333903-2037027349-1000\{1DC3199E-18CC-4E97-8479-E7D79C4E809A} C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings." C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656} C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\WOW6432Node\CLSID\{23A5B06E-20BB-4E7E-A0AC-6982ED6A6041}\LocalServer32 C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\MuiCache C:\Windows\system32\BackgroundTransferHost.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0 = 1e007180000000000000000000002f492640692fb846b9bf5654fc07e4230000 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\WOW6432Node\CLSID C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\NodeSlot = "5" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\system32\BackgroundTransferHost.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2" C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\ = "{050d4fc8-5d48-4b8f-8972-47c82c46020f}" C:\PROGRA~1\REVISI~1\TWIXTO~1\VCREDI~1.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0 = 68003100000000006c59379e10005245564953497e310000500009000400efbe6c59249e6c59379e2e00000064ab020000001f0000000000000000000000000000002506a6005200450056006900730069006f006e004500660066006500630074007300000018000000 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\ShowCmd = "1" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupView = "0" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\esetonlinescanner.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3080 wrote to memory of 1140 N/A C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe C:\PROGRA~1\REVISI~1\TWIXTO~1\REVISI~1.EXE
PID 3080 wrote to memory of 1140 N/A C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe C:\PROGRA~1\REVISI~1\TWIXTO~1\REVISI~1.EXE
PID 3080 wrote to memory of 1140 N/A C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe C:\PROGRA~1\REVISI~1\TWIXTO~1\REVISI~1.EXE
PID 3080 wrote to memory of 4876 N/A C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe C:\PROGRA~1\REVISI~1\TWIXTO~1\VCREDI~1.EXE
PID 3080 wrote to memory of 4876 N/A C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe C:\PROGRA~1\REVISI~1\TWIXTO~1\VCREDI~1.EXE
PID 3080 wrote to memory of 4876 N/A C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe C:\PROGRA~1\REVISI~1\TWIXTO~1\VCREDI~1.EXE
PID 4876 wrote to memory of 4260 N/A C:\PROGRA~1\REVISI~1\TWIXTO~1\VCREDI~1.EXE C:\PROGRA~1\REVISI~1\TWIXTO~1\VCREDI~1.EXE
PID 4876 wrote to memory of 4260 N/A C:\PROGRA~1\REVISI~1\TWIXTO~1\VCREDI~1.EXE C:\PROGRA~1\REVISI~1\TWIXTO~1\VCREDI~1.EXE
PID 4876 wrote to memory of 4260 N/A C:\PROGRA~1\REVISI~1\TWIXTO~1\VCREDI~1.EXE C:\PROGRA~1\REVISI~1\TWIXTO~1\VCREDI~1.EXE
PID 3080 wrote to memory of 4576 N/A C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe C:\Windows\explorer.exe
PID 3080 wrote to memory of 4576 N/A C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe C:\Windows\explorer.exe
PID 2692 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 3648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 3648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2692 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Twixtor Pro v7.3.0.rar"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe

"C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Revision FX Twixtor Pro v7.0.3.exe"

C:\PROGRA~1\REVISI~1\TWIXTO~1\REVISI~1.EXE

"C:\PROGRA~1\REVISI~1\TWIXTO~1\REVISI~1.EXE" Twixtor7AE

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Serial No.txt

C:\PROGRA~1\REVISI~1\TWIXTO~1\VCREDI~1.EXE

"C:\PROGRA~1\REVISI~1\TWIXTO~1\VCREDI~1.EXE" /install /passive /norestart

C:\PROGRA~1\REVISI~1\TWIXTO~1\VCREDI~1.EXE

"C:\PROGRA~1\REVISI~1\TWIXTO~1\VCREDI~1.EXE" /install /passive /norestart -burn.unelevated BurnPipe.{69D41F23-4A92-4FBF-941F-E91C3AB87B26} {DFFA8C15-BB50-454A-8D7B-C3BC73DE794D} 4876

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\explorer.exe

C:\Windows\explorer.exe "C:\Program Files\REVisionEffects\Twixtor7AE"

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcffb5cc40,0x7ffcffb5cc4c,0x7ffcffb5cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1984,i,13044217796314857151,17087129866752695327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1980 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1724,i,13044217796314857151,17087129866752695327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2016 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,13044217796314857151,17087129866752695327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2392 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,13044217796314857151,17087129866752695327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,13044217796314857151,17087129866752695327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3220 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4468,i,13044217796314857151,17087129866752695327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4488 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4680,i,13044217796314857151,17087129866752695327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4700 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4692,i,13044217796314857151,17087129866752695327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4844 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4848,i,13044217796314857151,17087129866752695327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4868 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5088,i,13044217796314857151,17087129866752695327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4700 /prefetch:8

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6b07f4698,0x7ff6b07f46a4,0x7ff6b07f46b0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4264,i,13044217796314857151,17087129866752695327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5076 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4640,i,13044217796314857151,17087129866752695327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5264 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5256,i,13044217796314857151,17087129866752695327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5228 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4868,i,13044217796314857151,17087129866752695327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4348,i,13044217796314857151,17087129866752695327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5216 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5396,i,13044217796314857151,17087129866752695327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3544 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5584,i,13044217796314857151,17087129866752695327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5648 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5452,i,13044217796314857151,17087129866752695327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5056 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5688,i,13044217796314857151,17087129866752695327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4612 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5768,i,13044217796314857151,17087129866752695327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5780 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5932,i,13044217796314857151,17087129866752695327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5052 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5436,i,13044217796314857151,17087129866752695327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5312 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5352,i,13044217796314857151,17087129866752695327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4968 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6132,i,13044217796314857151,17087129866752695327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3224 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3336,i,13044217796314857151,17087129866752695327,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5320 /prefetch:8

C:\Users\Admin\Downloads\esetonlinescanner.exe

"C:\Users\Admin\Downloads\esetonlinescanner.exe"

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScannerBTS.exe

"C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScannerBTS.exe" --bts-container 2104 "C:\Users\Admin\Downloads\esetonlinescanner.exe"

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe

ESETOnlineScanner.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1408 -ip 1408

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 1712

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe

"C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe"

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Windows\system32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Windows\System32\oobe\UserOOBEBroker.exe

C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0x84,0x108,0x7ffcffb5cc40,0x7ffcffb5cc4c,0x7ffcffb5cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,2667980240164398692,17847906983312388925,262144 --variations-seed-version=20241112-050116.977000 --mojo-platform-channel-handle=1920 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1752,i,2667980240164398692,17847906983312388925,262144 --variations-seed-version=20241112-050116.977000 --mojo-platform-channel-handle=2060 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,2667980240164398692,17847906983312388925,262144 --variations-seed-version=20241112-050116.977000 --mojo-platform-channel-handle=1684 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,2667980240164398692,17847906983312388925,262144 --variations-seed-version=20241112-050116.977000 --mojo-platform-channel-handle=3092 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,2667980240164398692,17847906983312388925,262144 --variations-seed-version=20241112-050116.977000 --mojo-platform-channel-handle=3124 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3076,i,2667980240164398692,17847906983312388925,262144 --variations-seed-version=20241112-050116.977000 --mojo-platform-channel-handle=4512 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4492,i,2667980240164398692,17847906983312388925,262144 --variations-seed-version=20241112-050116.977000 --mojo-platform-channel-handle=4468 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4372,i,2667980240164398692,17847906983312388925,262144 --variations-seed-version=20241112-050116.977000 --mojo-platform-channel-handle=4724 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4760,i,2667980240164398692,17847906983312388925,262144 --variations-seed-version=20241112-050116.977000 --mojo-platform-channel-handle=4936 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5100,i,2667980240164398692,17847906983312388925,262144 --variations-seed-version=20241112-050116.977000 --mojo-platform-channel-handle=5116 /prefetch:8

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4284 -ip 4284

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 2364

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe

"C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe"

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\explorer.exe

explorer.exe /LOADSAVEDWINDOWS

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

Network

Country Destination Domain Proto
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.178.10:443 content-autofill.googleapis.com tcp
GB 172.217.16.238:443 apis.google.com tcp
GB 142.250.178.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.178.14:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
GB 216.58.213.1:443 clients2.googleusercontent.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 216.58.212.202:443 content-autofill.googleapis.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.178.10:443 content-autofill.googleapis.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.200.14:443 play.google.com tcp
GB 172.217.16.238:443 consent.google.com tcp
GB 2.19.117.8:443 www.eset.com tcp
GB 2.19.117.8:443 www.eset.com tcp
GB 2.19.117.8:443 www.eset.com tcp
FR 3.165.113.120:443 widget.trustpilot.com tcp
NL 20.31.123.179:443 api.buy.eset.com tcp
FR 3.165.113.120:443 widget.trustpilot.com tcp
US 34.160.111.91:443 sgtmg.eset.com tcp
GB 2.19.117.8:443 www.eset.com tcp
NL 160.8.190.31:443 service.force.com tcp
US 8.8.8.8:53 91.111.160.34.in-addr.arpa udp
US 8.8.8.8:53 179.123.31.20.in-addr.arpa udp
NL 20.31.122.183:443 sgtm.eset.com tcp
NL 160.8.190.31:443 service.force.com tcp
US 8.8.8.8:53 d.la1-c2-fra.salesforceliveagent.com udp
GB 160.8.234.6:443 d.la1-c2-fra.salesforceliveagent.com tcp
GB 160.8.234.6:443 d.la1-c2-fra.salesforceliveagent.com tcp
US 8.8.8.8:53 31.190.8.160.in-addr.arpa udp
US 8.8.8.8:53 183.122.31.20.in-addr.arpa udp
US 8.8.8.8:53 d.la11-core1.sfdc-cehfhs.salesforceliveagent.com udp
SE 13.48.214.107:443 d.la11-core1.sfdc-cehfhs.salesforceliveagent.com tcp
SE 13.48.214.107:443 d.la11-core1.sfdc-cehfhs.salesforceliveagent.com tcp
US 8.8.8.8:53 6.234.8.160.in-addr.arpa udp
US 8.8.8.8:53 107.214.48.13.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 bat.bing.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 refer.eset.com udp
US 44.210.230.37:443 cookie.eset.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
NL 20.31.122.183:443 sgtm.eset.com tcp
US 150.171.27.10:443 bat.bing.com tcp
US 8.8.8.8:53 dpm.demdex.net udp
US 3.208.120.179:443 refer.eset.com tcp
FR 18.245.175.78:443 static.hotjar.com tcp
IE 54.229.166.30:443 dpm.demdex.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 20.31.122.183:443 sgtm.eset.com tcp
US 8.8.8.8:53 script.hotjar.com udp
GB 163.70.151.21:443 connect.facebook.net udp
US 8.8.8.8:53 www.clarity.ms udp
FR 18.164.52.73:443 script.hotjar.com tcp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.180.4:443 www.google.com udp
US 13.107.246.65:443 www.clarity.ms tcp
US 8.8.8.8:53 region1.analytics.google.com udp
GB 142.250.178.3:443 www.google.co.uk tcp
GB 142.250.178.3:443 www.google.co.uk tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 ssitecat.eset.com udp
IE 66.235.152.225:443 ssitecat.eset.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 ws.hotjar.com udp
GB 163.70.151.35:443 www.facebook.com tcp
IE 34.249.235.163:443 ws.hotjar.com tcp
IE 108.128.38.51:443 content.hotjar.io tcp
IE 13.74.129.1:443 c.clarity.ms tcp
US 8.8.8.8:53 b.clarity.ms udp
US 8.8.8.8:53 c.bing.com udp
US 4.153.129.168:443 b.clarity.ms tcp
US 13.107.21.237:443 c.bing.com tcp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 78.175.245.18.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 30.166.229.54.in-addr.arpa udp
US 8.8.8.8:53 37.230.210.44.in-addr.arpa udp
US 8.8.8.8:53 179.120.208.3.in-addr.arpa udp
US 8.8.8.8:53 73.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 65.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 225.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 163.235.249.34.in-addr.arpa udp
US 8.8.8.8:53 51.38.128.108.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 168.129.153.4.in-addr.arpa udp
US 8.8.8.8:53 download.eset.com udp
AT 91.228.167.190:443 download.eset.com tcp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 snap.licdn.com udp
US 34.160.111.91:443 sgtmg.eset.com udp
AT 91.228.167.190:443 download.eset.com tcp
GB 2.19.117.161:443 snap.licdn.com tcp
GB 2.19.117.161:443 snap.licdn.com tcp
GB 142.250.178.3:443 www.google.co.uk udp
US 8.8.8.8:53 190.167.228.91.in-addr.arpa udp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 8.8.8.8:53 161.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
US 4.153.129.168:443 b.clarity.ms tcp
US 8.8.8.8:53 www-eset-com.api.cspconsole.com udp
IE 4.245.167.235:443 www-eset-com.api.cspconsole.com tcp
IE 4.245.167.235:443 www-eset-com.api.cspconsole.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 235.167.245.4.in-addr.arpa udp
US 8.8.8.8:53 download.eset.com udp
US 8.8.8.8:53 go.eset.com udp
US 8.8.8.8:53 onlinescanner.eset.com udp
NL 20.31.122.183:443 go.eset.com tcp
NL 20.31.122.183:443 go.eset.com tcp
SK 91.228.166.154:80 download.eset.com tcp
SK 91.228.166.51:80 onlinescanner.eset.com tcp
SK 91.228.166.154:443 download.eset.com tcp
US 8.8.8.8:53 51.166.228.91.in-addr.arpa udp
SK 91.228.166.51:80 onlinescanner.eset.com tcp
US 8.8.8.8:53 banner.eset.com udp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
SK 91.228.166.154:443 download.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
US 8.8.8.8:53 30.167.228.91.in-addr.arpa udp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
US 4.153.129.168:443 b.clarity.ms tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
US 4.153.129.168:443 b.clarity.ms tcp
US 8.8.8.8:53 update.eset.com udp
SK 185.94.157.10:80 update.eset.com tcp
US 8.8.8.8:53 10.157.94.185.in-addr.arpa udp
US 8.8.8.8:53 d.la11-core1.sfdc-cehfhs.salesforceliveagent.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
US 4.153.129.168:443 b.clarity.ms tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 update.eset.com udp
SK 91.228.166.13:80 update.eset.com tcp
US 8.8.8.8:53 13.166.228.91.in-addr.arpa udp
US 4.153.129.168:443 b.clarity.ms tcp
US 8.8.8.8:53 update.eset.com udp
US 8.8.8.8:53 b.clarity.ms udp
US 4.153.129.168:443 b.clarity.ms tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 sgtm.eset.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
GB 2.18.66.88:443 tcp
GB 2.18.66.88:443 tcp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.187:443 r.bing.com tcp
GB 92.123.128.187:443 r.bing.com tcp
GB 92.123.128.187:443 r.bing.com tcp
GB 92.123.128.187:443 r.bing.com tcp
GB 92.123.128.187:443 r.bing.com tcp
GB 92.123.128.187:443 r.bing.com tcp
US 8.8.8.8:53 187.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 go.eset.com udp
US 8.8.8.8:53 download.eset.com udp
NL 20.31.122.183:443 go.eset.com tcp
NL 20.31.122.183:443 go.eset.com tcp
AT 91.228.167.190:80 download.eset.com tcp
US 8.8.8.8:53 onlinescanner.eset.com udp
US 38.90.227.25:80 onlinescanner.eset.com tcp
AT 91.228.167.190:443 download.eset.com tcp
AT 91.228.167.190:443 download.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
US 38.90.227.25:80 onlinescanner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
US 8.8.8.8:53 25.227.90.38.in-addr.arpa udp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
US 8.8.8.8:53 update.eset.com udp
AT 91.228.167.170:80 update.eset.com tcp
US 8.8.8.8:53 170.167.228.91.in-addr.arpa udp
US 8.8.8.8:53 browser.pipe.aria.microsoft.com udp
US 52.182.143.215:443 browser.pipe.aria.microsoft.com tcp
GB 92.123.128.166:443 www.bing.com tcp
US 8.8.8.8:53 222.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 215.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 166.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 ev2-ring.msedge.net udp
US 150.171.64.254:443 ev2-ring.msedge.net tcp
US 8.8.8.8:53 arc-ring.msedge.net udp
US 172.202.64.254:443 arc-ring.msedge.net tcp
US 8.8.8.8:53 static-ecst.licdn.com udp
US 8.8.8.8:53 254.64.202.172.in-addr.arpa udp
US 8.8.8.8:53 254.64.171.150.in-addr.arpa udp
FR 152.199.21.118:443 static-ecst.licdn.com tcp
US 8.8.8.8:53 118.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 mcr-ring.msedge.net udp
US 150.171.69.254:443 mcr-ring.msedge.net tcp
US 8.8.8.8:53 t-ring-fdv2.msedge.net udp
US 8.8.8.8:53 dual-s-ring.msedge.net udp
US 52.123.128.254:443 dual-s-ring.msedge.net tcp
US 8.8.8.8:53 254.69.171.150.in-addr.arpa udp
US 8.8.8.8:53 254.128.123.52.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 cxcs.microsoft.net udp
GB 23.213.251.133:443 cxcs.microsoft.net tcp
GB 92.123.128.147:443 www.bing.com tcp
US 8.8.8.8:53 133.251.213.23.in-addr.arpa udp
US 8.8.8.8:53 147.128.123.92.in-addr.arpa udp
US 150.171.64.254:443 ev2-ring.msedge.net tcp
US 8.8.8.8:53 176c1121bb4a1e2d6c4478375678d1b1.nrb.footprintdns.com udp
NL 52.98.213.2:443 176c1121bb4a1e2d6c4478375678d1b1.nrb.footprintdns.com tcp
US 8.8.8.8:53 update.eset.com udp
US 8.8.8.8:53 254.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 2.213.98.52.in-addr.arpa udp
US 8.8.8.8:53 update.eset.com udp
SK 91.228.166.15:80 update.eset.com tcp
US 8.8.8.8:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
GB 216.58.201.100:443 www.google.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 216.58.212.202:443 ogads-pa.googleapis.com udp
GB 216.58.212.202:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.178.14:443 clients2.google.com udp
US 8.8.8.8:53 t-ring-s2.msedge.net udp
US 13.107.213.254:443 t-ring-s2.msedge.net tcp
US 8.8.8.8:53 mel20prdapp01-canary.netmon.azure.com udp
AU 20.190.123.29:443 mel20prdapp01-canary.netmon.azure.com tcp
US 8.8.8.8:53 254.213.107.13.in-addr.arpa udp
US 8.8.8.8:53 29.123.190.20.in-addr.arpa udp
US 8.8.8.8:53 update.eset.com udp
US 8.8.8.8:53 download.eset.com udp
US 8.8.8.8:53 go.eset.com udp
SK 91.228.166.154:80 download.eset.com tcp
NL 20.31.122.183:443 go.eset.com tcp
NL 20.31.122.183:443 go.eset.com tcp
US 8.8.8.8:53 onlinescanner.eset.com udp
SK 91.228.166.154:443 download.eset.com tcp
SK 91.228.166.51:80 onlinescanner.eset.com tcp
SK 91.228.166.154:443 download.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
SK 91.228.166.51:80 onlinescanner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
AT 91.228.167.30:80 banner.eset.com tcp
US 8.8.8.8:53 update.eset.com udp
AT 91.228.167.21:80 update.eset.com tcp
US 8.8.8.8:53 21.167.228.91.in-addr.arpa udp
GB 92.123.128.145:443 www.bing.com tcp
GB 92.123.128.145:443 www.bing.com tcp
GB 92.123.128.145:443 www.bing.com tcp
US 8.8.8.8:53 145.128.123.92.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 e0b29eff301d927262947419c3cdc82a
SHA1 3f2532ff1db0851012848d55eb5484659ea91589
SHA256 dc08489a6b17c078b4eff24ce804778b153ad9a408833134887dadb531aa9de9
SHA512 3a89d86f5c8a00bdd4c06e4f39c67a0b1e831909862dc50984ad7b27921cf6e5515b806d0b5f2941225f3846a573f5f298e522c6ce48402ba23fb015baca2e0e

memory/4928-7-0x0000019E59930000-0x0000019E59931000-memory.dmp

memory/4928-9-0x0000019E59930000-0x0000019E59931000-memory.dmp

memory/4928-8-0x0000019E59930000-0x0000019E59931000-memory.dmp

memory/4928-18-0x0000019E59930000-0x0000019E59931000-memory.dmp

memory/4928-15-0x0000019E59930000-0x0000019E59931000-memory.dmp

memory/4928-19-0x0000019E59930000-0x0000019E59931000-memory.dmp

memory/4928-17-0x0000019E59930000-0x0000019E59931000-memory.dmp

memory/4928-16-0x0000019E59930000-0x0000019E59931000-memory.dmp

memory/4928-13-0x0000019E59930000-0x0000019E59931000-memory.dmp

memory/4928-14-0x0000019E59930000-0x0000019E59931000-memory.dmp

\??\c:\users\admin\desktop\twixtor_703_ae_win\revision fx twixtor pro v7.0.3.exe

MD5 a6387da43f6aca9efe0b3442c3e3f024
SHA1 17a865596668e465798e0c4d5950db0140c9ab57
SHA256 e33571f5301be454efc4b4fbd175a2e9e8b9684ad3b64052d802a08335bdb6a1
SHA512 9bccf82964870d03d2d7b5218bebb3e25113572f8403c3187118744b56bf44764ee227cf0d0c4334b8f4882d868f798a4de353a6b3ec0d4377ed104afd8f5589

C:\Users\Admin\AppData\Local\Temp\BR1316.tmp

MD5 043912c143bd6bc1a55fcd1acf8e368c
SHA1 042f241324989a21d1a61eee543e935ae1b9f163
SHA256 f7396330d3aef2201766cd94e90d7ada1bebc2092a3b177274b546488dd21955
SHA512 9dcdeade6e9e56e5763842b55f5d3258f7488098f964e1e882e9415dd490273bd2a44ac1cdbb2e352f1feea6aabf0b1a75f29441ad70ff898f636ee67b819156

C:\Users\Admin\AppData\Local\Temp\BR1374.tmp

MD5 a210f1ac135e5331c314ce5f394fb5a5
SHA1 355afc1c61e1f65834472b16a4ca718e61537dc2
SHA256 65b32ea2982078fb9a18e88feec238cb76ed2ae6c2bb4ddb0f6a9c4f57b1d62b
SHA512 e4e70ef75e2f7897837f6772b9a0dcaaf4515d8be4210b28509f12cdde9d85bd7bed604ad5a9ee587356971f75e6f79874dbdb974cec4996262295e255501cf4

C:\Users\Admin\AppData\Local\Temp\BR13E3.tmp

MD5 08ad4cd2a940379f1dcdbdb9884a1375
SHA1 c302b7589ba4f05c6429e7f89ad0cb84dd9dfbac
SHA256 78827e2b1ef0aad4f8b1b42d0964064819aa22bfcd537ebaacb30d817edc06d8
SHA512 f37bd071994c31b361090a149999e8b2d4a7839f19ea63e1d4563aada1371be37f2bfcc474e24de95ff77ca4124a39580c9f711e2fbe54265713ab76f631835a

C:\Users\Admin\AppData\Local\Temp\BR1403.tmp

MD5 1199bfa06b996be79b987c6506328a22
SHA1 e04d52d1d40bf161e7d64a5143b6908aac3be772
SHA256 481f2fa60cc99ba5784af304906acb4e356a704e440d6d141054d8226e73c56d
SHA512 354c977c63bbd8659969babb46f3a05b04396c91a8c1905fe76d45d2ab1d9b2d49e67630aed310921c3e3d64164424e2915c5a4868757e7c75758c655c085786

C:\Users\Admin\AppData\Local\Temp\BR1617.tmp

MD5 027491b39a7b16b116e780f55abc288e
SHA1 62c0ab7c3e374d5fc9920983ee62baa4421076b4
SHA256 eef69d005bf1c0b715c8d6205400d4755c261dd38ddfbbfe918e6ee91f21f1f0
SHA512 fe0ba835d9af2a2c297a545bb7e30d315b580273bb1f558f16d9cba59755200a4735f75b1672e5e5fbed449eb7a5abb6d905696674c181b742bf637028953194

C:\Users\Admin\AppData\Local\Temp\BR1638.tmp

MD5 c04970b55bcf614f24ca75b1de641ae2
SHA1 52b182caef513ed1c36f28eb45cedb257fa8ce40
SHA256 5ddee4aab3cf33e505f52199d64809125b26de04fb9970ca589cd8619c859d80
SHA512 a5f2660e336bf74a1936fb2e1c724220d862632907f5fd690b365009ac3e1bf35fa6689071f3da4049e495f340ff83f8438b79079ef1f248b9dcaedbdd5d3e40

memory/3080-63-0x0000000003F70000-0x0000000003FD5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\BR1A5F.tmp

MD5 924b90c3d9e645dfad53f61ea4e91942
SHA1 65d397199ff191e5078095036e49f08376f9ae4e
SHA256 41788435f245133ec5511111e2c5d52f7515e359876180067e0b5ba85c729322
SHA512 76833708828c8f3fad941abeea158317aff98cf0691b5d5dfa4bca15279cdad1cc23a771258e4de41cf12a58f7033a3ee08b0b5eb834d22be568ea98b183ccd9

C:\Users\Admin\AppData\Local\Temp\BR1A8F.tmp

MD5 cd326d958ad1eeb46b99b7aaccab5edb
SHA1 c424d750fa5c85cccb10ee42acf43e640e9ffc56
SHA256 b966b6e0cf704e65627b74d9f4e4b7af31a9ce5d9564d00cfef822af427ec88d
SHA512 5bf45cebdf56cb66cdfad4be14ab3a2db93098d90c753018e2a257aa1ab4cf033db2d23a18ef20ef0b20a19d3dde8d2b274fcbdd2d77dd6844ab48259212c01c

C:\Users\Admin\AppData\Local\Temp\BR1AAF.tmp

MD5 4cf27e0747e5719a5478aa2624f6b996
SHA1 13df901e34f77e5ea11f36c0afedda7f86a2c003
SHA256 e69a9d06f2c17cc021ebf9b62ca110548facdc147b67dea4846e09865043d2d9
SHA512 4b0ddcbd7321128f977e1dbbe18cc76c7e489d4ee84b7775989e99778b5a60daa683c6063c5b700794b7f2070ae381fef20b19b3cb35c1babef9be79ff264941

C:\Users\Admin\AppData\Local\Temp\BR1ADF.tmp

MD5 124e89d0fcc409ede3595a253b788708
SHA1 bc88e037c3edea02dd20aeff10818105be9f4033
SHA256 27ea1b57a3024aec4a03188e80fdb2aa301fa5179c19be9c8b0dfc2aac73a114
SHA512 7cd0ca268a5dbd2aa22dbce1f253a2d067ca30c5195e059c3f431d546a20d1811592f8bd8fe88b6ad9cb5c6fdd6a4666ff451b84a5e790a9d5058865d48790b1

C:\Users\Admin\AppData\Local\Temp\BR1AFF.tmp

MD5 606f13d4d580b1f322b3f3d3df423bba
SHA1 02cb375e13b415edc8b5360dffdba531e47827ed
SHA256 c71a16b1056e522cd0365449448116d06f37a3273d77694d170340064511dd25
SHA512 867a45dc15e99148f24fc528fbc9255582e5534bb4696700292b70163fddb15f35ddf2acd0536a9cd78b4d8f9d827bf7530d2303bfd7e428f11573b381a0986c

memory/3080-125-0x0000000002CE0000-0x0000000002CF9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\BR1B10.tmp

MD5 145d5c49fe34a44662beaffe641d58c7
SHA1 95d5e92523990b614125d66fa3fa395170a73bfe
SHA256 59182f092b59a3005ada6b2f2855c7e860e53e8adf6e41cd8cd515578ae7815a
SHA512 48cb0048f4fcf460e791a5b0beca40dbf2399b70f1784236b6d1f17835201d70dfa64c498814b872f57e527793c58a5959230fe40ddf5ebdcb0b1de57e9c53ef

memory/3080-137-0x0000000001130000-0x000000000113E000-memory.dmp

memory/3080-143-0x0000000066680000-0x000000006668E000-memory.dmp

memory/3080-146-0x0000000067E00000-0x0000000067E1B000-memory.dmp

memory/3080-145-0x0000000066C00000-0x0000000066C14000-memory.dmp

memory/3080-144-0x00000000710C0000-0x00000000710DF000-memory.dmp

memory/3080-141-0x0000000000030000-0x00000000002EE000-memory.dmp

memory/3080-142-0x0000000075230000-0x000000007523E000-memory.dmp

C:\Program Files\REVisionEffects\Twixtor7AE\REVisionLicenseInstaller.exe

MD5 6e07499cad78bcd040b23495c97b2579
SHA1 a38e64772486230df99ebb4b8d659fae92b556da
SHA256 d81d42e66473b589563210d7cb76dac3e5ec3cae66338c6966eb8b892837a915
SHA512 906bff980390f43cd473be54fde8e47909a0e5d94a2f54c628c8410e90f13da5d968d797f1eb235f75a47685d338feda424c456e6fdf0dcef8ba034abda9b664

C:\Users\Admin\Desktop\Twixtor_703_AE_Win\Serial No.txt

MD5 2281d34ffe1b3d2f7861c9f80182726f
SHA1 1f5707e354b6cb97f5cf97ac96045cba435858e7
SHA256 9d434caef5fc919289996fbf1e1ab4053cc392d4dd4849458766bd47c4e47c4c
SHA512 4bbd8c6bebf3638850632c976070151a6d37f3bb57fafb50855cd763ba6e03e0b6af3e5fc3b73e323b977adc4ab0445ed3358569a37c76045c71a62a47fbfb67

memory/3080-165-0x0000000066C00000-0x0000000066C14000-memory.dmp

memory/3080-161-0x0000000000030000-0x00000000002EE000-memory.dmp

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMotionVectors.htm

MD5 d9706592afcf15c7bf3debfe42cde3ba
SHA1 37cb5309fa01efdd50de4695dc5f3a41e98511e4
SHA256 b581655a601696e719f4eaf83a5ee080930a6f39ffe02c12693d6fee20905670
SHA512 f76f53cecdc43137ea4513610d5e206f8277777a0f32e519353df805dddfcac25fb3ff4b3104004292be6c891e013f795f35b3fb433b9bba4535da93be9608e4

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorUsersManual.htm

MD5 759cbd03d1f07f0becc84f3d291471ac
SHA1 fc5d4c2dcc29138b17e357a8c3918269de79c426
SHA256 92f367e6aad52ec0c779cf7fc4d2092f201c2890f4af25aab8b81da58661c6fb
SHA512 1a0a87737033f60bd9d64ae30f30dbb915220c2a1e0969c4df69b49c09e421b676f49d0df69ec72cea703518b6813a9556670cc2ad06d840720a67b995b6bbcf

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\comblayersettings.gif

MD5 3eca7a44745f91b64069698fdc838793
SHA1 afed1c2c90c30ab82a600bd751caccb09def953b
SHA256 531e7f3af7c7c2573d0407b0205af29fb7f35a1a910a71c38e0ed93cc539461d
SHA512 b2d04f8de73ccd2125b45b05c0bdc1d120338507ba81894d2be128209cf6a0394b9d4faab542f643f3c25a7e9136ed303b019f07d18ae57b8b39b7b19939a519

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\combshowsplinecontrols.gif

MD5 739767b38cbf653105769c5181d3d553
SHA1 b649fcc2b3dff59b57de15fc4eabee91c12584f4
SHA256 6ca27f5a74bac5d0c1dee51c9f8f23edba9cbfe03857fe36e722e4de587a2637
SHA512 2104dbbc11cd3c7a9c9c65c5d0ba81d0c1529a304d55f236412d094244591fd1c3edbdba0aaf5bc3ace2bf9f341d915be4818fb8e1c078915d36f6ec16f01154

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\combsplineguide1.gif

MD5 05d2ab6cb1e3dd7fe12ac1e2e24b6bba
SHA1 fa4f77f8a54e841283d24cdb02e3da969eeedf86
SHA256 73d7b6f36765747fa2d280d5f02bbc3b3e432e0e87378186b0cc44b4ae4c2a69
SHA512 325ed477ec3cdd80c21ab77b661a77275b9958f16b39a8d441b54fcbe7705660171d5a5bd14510cafbf9aab45cea9bc52cdbdca6d74434f8ada785bd2913964c

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVBadTrackingLayers2.gif

MD5 ba5b6bfe91cccb42fec0568410ee85ff
SHA1 be02672b85a36e387f153a730fdc965f2ed41172
SHA256 24d7eee4acc365c49b6bbc690b46ea0cb0301a0032bb0caf6878438b4e23defb
SHA512 43496a7486b29ce08dc66248b91798da76b4e835a04ae413030ff26827ac72655c4a51667de30402c881579d658e276e5f75910207d1fa372790788c487fbfb0

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVCAEmasks1.gif

MD5 138cc7ff6902030abc2ac1857fd13f6e
SHA1 2589a9f45154069281b17c26efdd1aabdb9cb9da
SHA256 a6e97ed23b136628b4b390d7591a0204ca7b5b434a582ed2570ac3089986a54f
SHA512 234943ccb4cc51a168045132c12748074fe2bad7b62ffdac8f471a01f54dc4865349cb12a8215b1e0be07c6663ff10d794615ca0dc79a33ec8ed1c93eae4b0c2

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVBadTrackingLayers1.gif

MD5 e1fd1380c6a23ed79043ee9058774dc0
SHA1 4471ee9f26bee810b9f8ebedfba9a7828ed2da17
SHA256 89f1a380e7c28b6b8eb70f0f15ba48598b7d11e919061c93215047199fe7a932
SHA512 e3c8953c9b46bae763787b69c1ee81a0ab1a51208f3d57d3f5d49757bc8f8f9e97c753e9b7beaece949781dd0e29790e6ff628f3c02537bca33bef749cff5450

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVCAEmasks3.gif

MD5 1044df3bdd3ec0f170dc00a40b39c6cc
SHA1 a6eb790d875b055ca238af20aeed7987122b4e0b
SHA256 dc57f7f17aab21feb3d7d8865088a7b86653ae14e7b37fdeb8629c5b55807f63
SHA512 8aa834b9d5ccdf760535f7c237afadf27d94c91a6133f24f7afafdb5ddae322f601ae3b88a473b5191acbb6c5a2474402031995a0b97e8464c15409e6302bb9f

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVCcomblayersettings.gif

MD5 b07c0bbf3bcf057017d472f1f4b22a40
SHA1 b2daa8806f63cd230c9bdca5d25fdb9d41310236
SHA256 22907fcb5a2cfc8c803eb1b3c5eda2c6f20865acc007ff715e885cfcd41b54df
SHA512 483b645d0d6bd3d4f3a180708d9e1950d66ff90c11c51bb82dd850ef3fd5cf89cb217968516377bb1574e7f8be362965a61d2927fef4ac91424cdd2b184311ce

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVCcombshowsplinecontrols.gif

MD5 493abc8b9644178d89a4be50a52f4f14
SHA1 2ba0f302358f63a2c97e1ac840d7dd74a5c0a099
SHA256 5a5f05cf778de02f8b81914d0710e3bf28c14a3ac3c3adeeb85e105a9cce102b
SHA512 a27fc6707adf52ab9ba8817750e474c7dd15c527a79175c1b0f73966887f8b7972c02933a86096a2ebb5cdd93029c20e668277d47a1943039286081fa17d9022

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVCcombsplineguide1.gif

MD5 05c891c8321674d6f14d097fe55b135f
SHA1 30b81e212502e6bc356ed7b3fec8388dc058abec
SHA256 785fb3f8ca02444459cec302d1d74cc1c187bb561f5176a03b6c67ed4dfc9e25
SHA512 f0ca76558d48bee9e6020daab909c21c58466c65002008d6eb6ddbe41c68cd4f376839aff0053c401d922f4965178f654e7865f4924eaa186d5e5a137b9682d7

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVPointTrackBadTrack.gif

MD5 e3e712143c0eb3c53ff38c54f3e4d27e
SHA1 bcfeb002c22e862805b5b1a053849370cc2a5c4e
SHA256 7fa50a7c04792d2a37b1860fe03d0af7ada0c3020de565b5195ed077f0cf901f
SHA512 47df588e547bde9423965cfbf1a7326720dfd008e0565c93524e299b65d0e1b60ef860be695067682e10942d6f83ff2b9d729ae2b8d2bc51c66d94e221fd96c6

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVPointTrackSource1.gif

MD5 0c0c361c12c014e67a91e8744161121d
SHA1 948f27097df2c489dd771d35dbe3f593eb5e6b9a
SHA256 fbd210488a6b7e34b10d97f55f0aedbfebc2c7832e21dbf60239f86505e89f66
SHA512 ea62320c656188418e19adc4cff2ffb02b752ef319d7cbea2c9041026bfaa77ddaa38e7dd034f60cb4f46f7f069f45500d3f8416f79e294e33470c4ce8c278b7

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVPointTrackGoodTrack.gif

MD5 d1238b63e3ef61692c7987b99df9b792
SHA1 4893740d2ec033d9485010578225153be06f29fc
SHA256 73ecabc55de8dfcfd622b34e1cfb2a62750359e6d42edff52daa0145a5ffed5d
SHA512 bc26bf05752ba6c18e7482e256d865ea4dfa43529def2fc23d94ea6de83532885158d415437f452177d825bb5e7fa6e5a6d853bd872cb5b498f062ae2688dfcb

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVPointTrackSource2.gif

MD5 70e0feb618288d2781b5be6a1d5d34bb
SHA1 bf361ea3f9fe26142cbd80a4a0d2357b3f9139f6
SHA256 b97d18ae28d27a57638b626b2a3de883526e0c7028ec566a6124f186e0d2d76b
SHA512 9722f7b25f5306c8464e3234cdd08529163ac380606fcb70c7350d06829c5c1bc8ecf116d2aa573a6096c75477c32eae6efc72b337926448f6c2b7d65f596382

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVPointTrackSourceWPt1.gif

MD5 aa99531e7ac2cdaae5b14fb28ee00e1a
SHA1 11392be446085872c8faf7cdc3d0bf53c9bd9626
SHA256 93d8bc51d03055e22474dbe03b5108814de999f0c77034037db54c4b2bc0824e
SHA512 5cb9c0149d63fc45dc9de928b6a956d3cb1c90eb8913bef96aa0ea46718a2fbe8720eedae9b70441cfb9bf5c1fc9c16900810b81da735fcdabdf1c64b5d3ee2e

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVSplineTrack1.gif

MD5 647aa04f5b3255ac7f495ae96ce565cf
SHA1 63bc8e6016e107baeefee6a6372821aae3b5d01b
SHA256 10bafb279e0405746f389f59b7c645d050a1203cd29427d2454da3a8f20aa9a1
SHA512 6569ee6d5cf5a5caa40418453f94fb04a17418c75613f3d1443bf530c81a7588e88af1ca6c1fd27a625808d3552b9e4effcd2a8b82ac74e66a0e51858a57998c

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\twixorAEmasks2.gif

MD5 e0b705390326d1e4c67bfc20915f50a2
SHA1 20468514fd3ca6b55ee741fe1638a8d853194e4c
SHA256 899affcf5f85b2c31673862d5b472a02f43b67c586b4a75efd7304802e1730b9
SHA512 e061d9c9d7dee640acb97ecd6c40a93c5814fc02900b384618b3540e9c1dc4f69f3350ad65c9934bb5ed03ea89a66de922d5048935193f0d10eeed269db95b4c

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\twixtorAEmasks1.gif

MD5 80d480306cea4729df3ae97a99e1b9e7
SHA1 1330b5b29ed555ee3930146694a2a034580ae774
SHA256 c63fcddcc2074794a17e77c8044f7266a128097f3e89fa64090867de745fce28
SHA512 41b89c26be9249ee9d9e3a51b7aa3af821fe9bd49c65328e085128b0077bd374dd93c2531368d802cda1e84d31e26bddeae2e2dfb297b50f6b644e40e2a3c0b8

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVSplineTrack2.gif

MD5 288fbf079611944fcf64a06c1eed17e8
SHA1 f88f0869a944d2c7b26952b0edf4389456184dce
SHA256 b7986c31192038cd071dbfbd3b622debb1ada426c5d92c5e4e8f7e58ea414b37
SHA512 1d459fa57d82ef89b56992a11f760e068e71db2038eea8e089d9113e6cc969639139f1d452d9fa9b431dde4d8f2e9ef852bc7d9dc624c4bf570163fc22d324bb

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVPointTrackSourceWPt2.gif

MD5 2644d7b928255f87c29792166ab87543
SHA1 6c21283077367993377beaa9c336e85fa50ab045
SHA256 fe70b184709f062844e45347b342480047e7004e12624fcc7d203073d3d749ce
SHA512 d3aef6192e11e9591813a08355face820cdb115aabd5c9cfe9625693af5e1736b2045998ca9229b3232e1199043d33ab60c45fadebb6c77dc227a299ff86ee9d

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\twixtorAEmasks3.gif

MD5 2eac41e0f14eb52e824e85ea2325e12c
SHA1 883d4cec1110db144dfe1a6ac1f929715150fa84
SHA256 98a8b6cc857ba58be4f7d23bfc9faef411e042847c656022c3bb6f9d13f251eb
SHA512 3169824c7d35c2bd7e0443152f86c6985a7d63096ad399c4f52baa3642b6f15fdbfd3031a5092c6c6e3abd8f37623fb06d1a7273305cb32f0ac8f968f7d5c9b5

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\twixtorAEmasks4.gif

MD5 6f1340a959abd8c1509756a4ee0bcd3e
SHA1 931476ecd42adada89177c1248a06c5529dc364c
SHA256 a8983e3c141421b9371483f0bc232c0498ede5106ed1f798b799920d3a046925
SHA512 ddd23f552931a8b8930a6fa34fbe1a2230b50a63911023094034126e2472cbb0a869808dd30c78adb279d5e86c42344f92d52428f78aada6bb10bada8d1d1031

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\LayeredVectors.mp4

MD5 71c73bcac51783694163297d9765af4c
SHA1 be9810a298864f5dfffb68d2ecd8ceba31cda983
SHA256 224a9ffcdd56bfc7b65c8b5d18452c415bfe4bc94ea37f087ce6cb3e0315b7fd
SHA512 9a493614be1f554905016c8abbb7eceafadb9578dfc5b836377fd71e816c54584ca7a8494eb15f82fc79a06cf0db3c602610044d14034b8d765d4dd51822b120

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\LayersFGMask.mp4

MD5 e47e636b196f5bb84400d20174c1b091
SHA1 aa59f4b00f6a5b69070422d7201a071813154667
SHA256 316dc727a9949b4e4fd82b3080fdb1b95190014bda7f031ec823ba42bfabd5ff
SHA512 ed9417f08c8857e54bb872e66230ffe4cbf52447827a5542dea67df8bb5e4ff1dbf87a2e594355ccd901cba901aaab738515ee1cf78595f3cefa2d08c843cc3e

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\LayersOrigFootage.ogv

MD5 56b777e08c0b630cf5d3bf997dff0eb4
SHA1 40d4ebcb4de848512ba499dd91155ff22bb192e8
SHA256 decf0b94251d89e09889179721543add3d070dc02ac3e1d650fca777e90ea20b
SHA512 4547624ae37de357f9f7ba583ea2b6e2aa863ec663189e296d00c3f001b506e39519d167f509d7df2b8c9510caeef45cbdc7611bafa2e345a3baaf99be885f73

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\TWVecInProbLayVecs.mp4

MD5 0d1bc10b6199ec7fa02290b43772a866
SHA1 59d8971785ff8ca0e887547f16f38a7f129dd6ef
SHA256 899e3bff8b14443d959b6a4e5b42c5a9e7cbbc2493c97d5ed714e87dd28b6f3e
SHA512 d64913b25cb8b12f295666f64acc3dc52dcf49e2f1a26a5b848c05ae828d592124ca71118433e336525eac55be733b6af9fcbd4c3f69f6148bc55d42cffa8268

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\TWVecInProbLayVecs.ogv

MD5 f4374bb06efde95fe8961e91d78d0b87
SHA1 e0a6f6f3a768ab222512abfe26524f796044a842
SHA256 575ef8373e82050a0bb4299279ac855acf4b1e8a421462117f18d40b91f1cfed
SHA512 6ac7247a07cc9324bf196dac0d24cacd69c6605f13fcc3c15f7a91f6f39418b98d51f5c1831d3803bf0f79901ca9d576120716961e448ad6964cc8a01f199e50

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\LayersOrigFootage.mp4

MD5 705f3950572e63a78551fdc680e35605
SHA1 2135bbd3e329b176fc18a1fc5631b37bcb393ec9
SHA256 464077f6176a160630813d42e40311f4077e5f6f2323080dfe2a65c52a3f0c98
SHA512 dcf4095c0ee8044654f292e08c3ec748b71a48521ec012244c01c0a923f90380acf5ff15dcf5dbcfb5cb48605bbcdb309993dae480a44e813e0a643c2eae18b6

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\WithoutSmartBlend.mp4

MD5 f281042347d40ad1a6139e5af52ed5aa
SHA1 e0135b501b3f9424305c77106b03551dc802863e
SHA256 280aa2cee4c67f29f9ac064d5b3ff8e3d356718f8b3f8a9bd7322dfe7d604c25
SHA512 a8039cb584b6c9a23be2655860d9447b8cb4db301b2e073c0cf7ec5c54498a4d7eac235fa0ac50392397514593993d3cdfb760db12ad53520a2dc792f4952a7b

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\TwVecInSolLayVecs.ogv

MD5 d16b056377cefb32f39b255c13c0ee58
SHA1 545309cce5153badf5d96c8c6abfdadba4e9091c
SHA256 feef5bdde9ab90bed8f184f0dc22fdb5b9fb38f996ffae762552999e1c7c5cdf
SHA512 df4cc45d392ccbff5c0559e08b4eb44da5aaccdde39a89a2c29ab2980466abcbfc13bbf323985fdf6499910b99b79ea80307542c9abfc37df37e51e1b64cdf95

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\WithSmartBlend.mp4

MD5 c0d49076d8a66d151aaf0361e9275813
SHA1 34f3339025349dad9517e5aa332de07c6d0efd72
SHA256 07da54b07fe80f042dd0e6b778fd1277cfdbcc4a42acfdadac446cabfa12ef8b
SHA512 b8ec54810a5060796f0fe412035dbdc4cd5951dbe36ec1f7ea1bc8b96e87402f4de00afc3fc952075ead38963763594912e7b026c1490b8d32e5f4d2d4e5c622

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVCcombtoolbar.gif

MD5 45f1ee17e12480f733377ff70e2dbaad
SHA1 8c0bcdb1021ce33e54296beeff31ce978b38f329
SHA256 f31f6f444d58071f46bb21965652323aa63b9140632a1d58d3d4e67ad1c4b3d5
SHA512 af542fc8dea7ce486b4db32c788815f58e25e6b5e4ae4d5798bde5d90197f52752ab8821c7261c1eca32d576d88a2892851c4828ebe2fdd04f54c19e011ba031

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVCreateOrigFrame10.gif

MD5 f5905e44bf09f754754ea57e23078af8
SHA1 fc604a7078bf61fa3f168b6e6b0aedcd70d9af00
SHA256 faca221574564d980a14e43dbe2989a482ee1b6cf1b0b20b7002bd16cf6cb447
SHA512 6ace8a89af77f50af78a6c6b37f50b3be76aeefb277a4e8240bd2a9fd13b3f6e195170a5083746b1fa2a90f39ae0a77926982601e3d8814040a4f0554a895703

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\combusesettings.gif

MD5 d7b3b70c7516040ed6fc9d36753fadae
SHA1 cefee6fa4458213d5fc3cd88e72fa12eaf5bd017
SHA256 f2cfaf05db599762645bc5f28bfbfe29f9ed8f1498b4a9e150021334d414faf0
SHA512 728d418d1c0883a55c581e2d7196a6986e3c913380b9f3d5e045a21d6d9d2cfc8402c02403eb2f3a57ff867cb332d2908f48dcedbbd271fa7bc34aee64d736ae

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVDebugblend100.gif

MD5 1eba86b237377dce8e793b7242b827c6
SHA1 6f6f06c04646bf4313c1f9bbf0f9d6555b3945d7
SHA256 078ddb7487676cca48a81be693a3a12c3f1efd4afc6cc56f027552937cb8e455
SHA512 df050768c091f5385abcddde23efea052887cd12004448c76106c27235f60fed0339d8f3d13291065ec974d68128a8c7f0e572e84671c3de04a7af2e8da1173e

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\combtoolbar.gif

MD5 970ab734a92769c28e0a79d782c82fb9
SHA1 efb62e6da93df51c5d834a51eefecae37cbb9305
SHA256 519c3e7763bebdafb7ca96cef456d07c3f2878fdc2e59598fe7cd6437fa9bd3c
SHA512 e00d63bf1ed204d1b013d41a7244000ea97633914c8ea5420413b0a15a82d30371c76c019312d6f31830046bae6037371784e6a74761c294a2c1df6acef0ee8e

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\combscrubcontrol.gif

MD5 2b4e4567ba8f3e2d5ef4dc1c4a16a9b3
SHA1 de09034f9b7541c968f99ee05fb9c72740ddbb79
SHA256 9323df1050c204268e39226d101b367f5db8d338f845bd62e3525798878e9736
SHA512 69ab13c7bc93b4a788ed30bb34dfbda95cd86d548679c9db7efef83be48ea26701a3c7968dc7d61c25087dca77dea82fa2f9193596ac741264474450abf513a0

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVDebugblend10.gif

MD5 cff6c8145ff254b817ec2819d7a06365
SHA1 75778246a5360b84b3072075196ff52636a7b601
SHA256 cb104eb9e00a93cf4cd96cbc0cfddcb50906aeb6967cfd908e16f82192114d82
SHA512 a65dce233cadb22cd7eb165dd5fc68e50b91bfdc9061a8b213519ae729ad387db899b6b3d90c3cd9340f1578dd95a1f41e55f69c2aac6b40cd00164ca42ef905

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVCreateOrigFrame11.gif

MD5 99f0616d02f169feb39db1c2e8136045
SHA1 7d2cd4aaf3d3793470e826401e297ca6cd8c3a50
SHA256 70e7a1aea7ad5fc81be7f46902ca140d6efab5de7a7df6f2945ab7f2196b669b
SHA512 9e13a2582bbc8f6810ae6384d1abe551081ab6c19ff97bd86013adc401debb4ea228677e536c2306c2947580080fe8b219f305d2f1667f38ffe5c9aafe778c2f

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\matchvertices2.gif

MD5 f4948aaf4970a50e152ab61ab6c13efc
SHA1 42f4d817b5f00315ba1628424193753dde067285
SHA256 2bdcc9dbb955e228ba95e90e2ed710d95af39e735f3e3eb4a3e38c9c624ac541
SHA512 9639c37ae35a9f8f0c9d5bd6fb4e1f481be81e05c92541d3b96ba197626ec3611df8989b9a81273c1cb84566e865359a76a15bdcfa72a2ad1eb409993ba9a07e

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVDebugdetails100.gif

MD5 358424ef37490f4f61a2d2b5f170d384
SHA1 3c8f7cdb014fb2422427b4e2c89ade1ff4786e58
SHA256 941d1530f907c2fcc7c4fd1c52827b1e8233eae221fffc248c3eb8361786a953
SHA512 ac43af956e41d580fa7dbf76c8f5eee74141bd7fab0ef0bc3787bc5fe033586a7b11191b9a790f28b4fd8f8ceb2bbcb53a120b0e947b3b9a02001b30c0f47baa

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVDebugdetails10.gif

MD5 10062753487db93a45a9ca3d2ad6f547
SHA1 36410814e0e15a477c8b8c559843f710438c0f22
SHA256 5078663f1dba48b975ccf91d05be41d8f213930fe674035204caed878b54bb4c
SHA512 b3d9d8778f408a3a6bf72270da425a39c82b36bbf6e86afc942644cafc963b2f7c58be12ccb244a3edd315d32bdab9ebdd52fb5ef4481797d53c09b19f3836cc

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVDebugdiff10.gif

MD5 b55129fc3c97eddaf0fbba50ce7bd8e9
SHA1 3af50284a66bcf3ee0a5fb7f5a521f80c588ff38
SHA256 072c7f4cad481471079b6aa155740c2dd24806115cd203b0e471447ebd58f5ca
SHA512 d8f5c729e5635e6985664ccf73bbcf3ebd515736120afb280c1bc898da1c7d3ad2a262518664362b40ef7b218bf8e9216a6c2f23f28a7808c1fd67ccb87a758d

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVDebugdiff100.gif

MD5 4d17a6090f3ea8af9a6ce6c4464f2cfb
SHA1 34167ee7a3bf93700a518104427d6c4d441472df
SHA256 1dc8d7fe032b6fe55cb31c10382bfecccc75c10ecd8551a7d75194c3b0b7c359
SHA512 fed68f4e72877f4ff05d5c018bfbd342d934c10b0946181c6c048e321f72aab9f18e4cd46a2b3e9bda5509f9189e039bb0331e0e8a8c329261ad4a23fd2446ec

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVDebugedge10.gif

MD5 288ba09b25c44f793b2ac1364fccc175
SHA1 972cbaddeac1b89c12741a1f7042b24ca134dd79
SHA256 2c7ea96b304010bc7c17770d17a4e0916990cfc728130d445dff18ae934cdd84
SHA512 639eeab453a4235e9708c3e9638103dff67763cec58082033a4ba48daa21974a9e35702f55b11225693f900f856a0ac20194d34e868c273c38405047f4c22ba7

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVDebugedge100.gif

MD5 70268aa4c54994a50078c2ed4671bfa9
SHA1 e7da7464fa46e60851ce19d12cf8f52ce0f784c7
SHA256 e695cbd84e40dedb4f3beed44951855aa87b3be7120629627a48264ce834c27e
SHA512 d7cd77e5121498862c37b7f9884870647d712cb601fb18972ce1e61fe86004deda03f747cbbfcc25b49e1a7219afed5a45be65848b58ffcbd63e94ad88cc16b2

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVDebugShowBadTime.gif

MD5 8a0b9778f272b13aba2f2b9beaf57855
SHA1 d8ba7d79c5f97c605b95ef001161e712aaa6c08d
SHA256 7b84225be941e758e0cbdf73fd23c268815f1c9f7a03ac7ac976b67ba598fa95
SHA512 72155218b5cb6134ce874acd0defc12e543a8c4912b5d49e2f32ca7a1301a027dbb668faa48ff0bd4bf8b274e1d29de4574997a8bac5522904b58ccafecf6282

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVDebugShowVectors.gif

MD5 944b20bde23db8ecbae79136fc462dd1
SHA1 38d55a0d5433e25628ae51add1f42f483b9eb65e
SHA256 98182c6bad7cc693a40d414a2e7c9e649e13d759688c32475fc0641b35dd009a
SHA512 2e8e1ad25154432b7ce131b509de47300119b53c52f37ee3fa990e52b2e33b9a70f2c479a615dc0371a91c7074f6bf1e3b78e09ea33d0bf2617db0ee4bddf84d

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVDebugwarpOverSrc10.gif

MD5 78b066d708f4c4a4471874cb42b1ca40
SHA1 8dfca9021220f341d1d40c0838904e61f53d683a
SHA256 628db918e5d24bd2efba7151f56befcdf6e6d1893261dca959c718da22f03f49
SHA512 d7b581bb0253e953592bdbeb6d8dd03d6a9cbb9e4cca598e963643e3da4bca90c05f4383eab6b148168a8b0f019552752fca4783474cbcada8ce1a5d4b1178be

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVDebugwarpOverSrc100.gif

MD5 039a56080f9888f9cc8d7c13377100f5
SHA1 0f1984a73597a9a2732de24ed833f3bbce90ec56
SHA256 f637a17d5b5445386265b2fedab9dc92f70aadddb4dadfa6b66e414ab1f66861
SHA512 149e3aa897ca077cd7cb72a7168f1104b53709205ee7b52a22f9d25906fdb3eeda6248f5775b9b96cfb816e51f94a0f8ab6824be83aab9a126ecfe05a120088f

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVMotionVectorOutput.gif

MD5 075cc0e07ee7e701fda13d4060707492
SHA1 59267f5fd2b6c10d9370e9e1bebe2c9cb8d1f2c6
SHA256 d55c4288a3cc1bf325ac02339db723c0b7ee4998e2f1da7d42385e361668da9e
SHA512 d1c39b71b3169e13387df58012c9b916503284dc0079eda93a4767978406ff8c41872d780475da88848649369a40e2b8a316d2c279dc7802b9026712f74f5902

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVSource2.gif

MD5 4dc311528771aff70c5aeacc40b58f73
SHA1 60475bae6f985a04455900c5db683d19b228120f
SHA256 828d65e29fe82893624858f78ba5dbfe584128dd7582c5d3073ac58f11101419
SHA512 98c4e23c969876bab64e01eaf71e48eac9cc2cf0bbe6b075e4a0f7986e4a4317913a2200faa1d885ea25ac7db699c349411f5c2d3c4617be519bd749ba849216

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVSource1.gif

MD5 6a7596c6598504888ba8333e816125b8
SHA1 6b66757c5e65f84abb9f363b1f25f574c32c6de7
SHA256 32bef070a1a6b6c65237c7905e29b41bda7550a0c8c6d8a1b7fbb521fc265458
SHA512 aa7b21d2d12d5cd75e9a455daead65895b7d0610f66bcf4304668fd8e6d8dbd13f8e0131cabc2073ef95f4a0ec5d61c6fbbc44fcb325683f9dbfb81171d79971

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVSourcesWithArrows.gif

MD5 54070ab36ef1c53e17db49a474c0ee6d
SHA1 2e00fe7d41dd86851ee6701bfc1cb4a872a44055
SHA256 d2648bce5a9031d71608d7177c50a2cf830da7eec798dea813503216b9bd3897
SHA512 cbf72183a1f22a760e20fa14909bbc6cd19aab735d00fa98060977c8f5c69b55380b83a4bedf4acb8a284ea683968defe5ff1f67b2b4beb27f2a2810a33bd171

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVTrackPointMenu.gif

MD5 89f728181be5cb334d3778aead5179f4
SHA1 0369c59be3263d3baab6e22fe98066620d33f440
SHA256 30e54a527b551ced907d6c1e7ba3677e1318e05a9bc9371b78f67c1b748c84ac
SHA512 54fa68a4cd1fbb5701a8731d2da9bc078cafc2320e3d034f70bd729fda1e3fd0aae8f9ad9e312a954c370a2b4a6f6bb8fd7a381145e2539e16352f75704ae8b3

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVVectorRegions.gif

MD5 d08b2d143157690011bc32863dd40149
SHA1 d77c3b518e52a010a2e6bf70e03b0a72f6c81cbe
SHA256 d22135c8271b8ea3f5d1600b2eeb1d651ac08f00e543b31df30f1645fe92b3c8
SHA512 9fb7cc5dc9ee387d49ae42455ad3c91062ce72422899af75e8e613aa4c874b7eee8fc6a45633ddc6b898cd93f7a36c5cc4dc3db3177006fc7dc4ca95218ea946

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\SmartBlend1.gif

MD5 b40d57cf35ed808a09f2e563565879f4
SHA1 c7129c214d4459c5ac8eda0fd64049a21e00530f
SHA256 1bed2de5809ddf505104a32d0395eb9ee9f8dc93698f42cd8b2440cc2aa4e03c
SHA512 d76664ba686f19d2961819cd88f86fee8308252ee03ed50807acaeab18ee62dcf7919f9e5294d43662097baf652b71f2343a7a1230f98ee67fa5c4ef102cb8a9

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorProVectorsIn.htm

MD5 f7bc00330f2028c45d2a28686b5b8b20
SHA1 7883d50a4ba537eeaef92494f1981274359e9672
SHA256 a75231d704464ed251963ffdc8adf42f1b87a1adbb9d455466b911de4a819519
SHA512 a4b7057a5a2c93e41b7d6b99881a92a1cc1d383111a01120b1265d17163efc60bc45bb27b82c8b01b84f6c8baba072cf9d13e44f6729929c0598c0712f668ed1

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\backNoChoke.jpg

MD5 f51ff417c2d7583e33f03c7e73dd465d
SHA1 71a9d90226a85fb9a97e2f742b9466cb044738da
SHA256 48d48d6be5de4cd1b80a7daa5fc669ccbe371a3317fda08cc6d01c531037dd1c
SHA512 b576597459c388c91ba6f836478f72d699957911e969884212b98f92916bc59578c7ebc6e488c2689b442e3a225e2f42aa52ccc05204e42ef5037ef3fb014142

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\fg1Matte.jpg

MD5 89203bf99280cbe1628263260e3c3511
SHA1 5b0775e3ede7363f7fb07900207a2c34bd9bb7bc
SHA256 ce64d27d04d63ffb79d7419df6511af6e51a6d7f08594506fce5a36f31888a6b
SHA512 ec8aaae2d1a82fc199b10280a382bb170e5c0cb65eeb30f20d3da447056f3f6c96bb87c28802b7438f2b83f281135bbfadb583cfac50bc482d0f4c8f12fd26e0

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\backWithChoke.jpg

MD5 c9462ca73f26c31f811a5038ccf3e3bf
SHA1 635615f0252434e494d5c448bd8dd1b2c0d631df
SHA256 1b4fab41f7319d573c7d3ebc54330f21afd0b690603d3355e9e09f301e063b13
SHA512 fa77bcdd07eb22867e5972f34c98f83eddba29da1c074fe4cf5589a723bc87070fb8c6d46b9d02ef1cf3735c8a3b2f274515030c19c457f38dc4f1638969ced7

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\alpha.jpg

MD5 e1e09d66bce85c465249c054047aefcc
SHA1 e172b66d2e88802d1eba3fde1b60e20b9dc5da53
SHA256 7f093cc0afc7cb3012077bc0edf4d9eebda34d4194925bcebe633c476db381bc
SHA512 c7438375128abb93be48d134dceb1f2b248f78e9927d4cd8ed075ac0f1ae63228f706be7cd3da6f3dc1bb601db08dbf06c88427b01a5d072700a5fb24604e59d

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorProUsersManual.htm

MD5 e8c2efa6e7a93d885233e00ce3537932
SHA1 34bf3e7a9a23d7acebfb94e324cacd9e8950ef84
SHA256 a1d5590a5faf864d4158fd5fe644555ce39f35b2e98f3b4fb3942c41137c9ed7
SHA512 76ebd204450bea9cacf5d95389e522c0f6dc75888c888a7c7bb0edf3f99326ea9300ea77e788ff72498fbd7d12ddeec525b49c2504002469978251fa72cf9f5a

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\fg2Matte.jpg

MD5 e9595902a0606fb701f8edc0a8efbbd3
SHA1 7ce77efcf4b1e3897ddf3affd7cfea0c0049f70b
SHA256 e10826fb29d76c9e5708eabae0e889f1a12f1d5d0f79804aede8897c3c85777a
SHA512 1a83cf2499dc83c05a8100533ed3e8eaaa4686d71c837fa14ac21901b477fb47e5b9976550f0372bfec09ffa3511813c2f67095aecba06cc8a009fa751d439aa

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\fg2MatteNot.jpg

MD5 2594298e1b7c01d2f86b7769454c048d
SHA1 71cdde907621d7b4c3fb5024c26f8aab07c98922
SHA256 9211e49c39b65f08cd441ea3b3b8a009c36bfcaed45dd98c392e1d910f6099c7
SHA512 cc20f571e0a8acd1b2a81191230c310198a89946a835243c2f41121700d75e2266ee5fe4fb7c068e008f05df58d25b0e2cb7f131d327944d86b47d9df7df9571

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\fg3Matte.jpg

MD5 e59867144c49913bef62af1a8aaf6127
SHA1 ab415830a46342d0cbefd4239b8ea64c1db1cc9b
SHA256 14eaf1f6224734a609ad94563727e1012d5900b6d6e59b102a28c92b11b5ac3a
SHA512 6ec51b50ac7abe782b0959b5bb7ee237f5624176022f1ee92568492cb294393351d0dea58f12730c0846eb1d23edf0231079e3d4dad6c6b53f880877eea72587

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\hand.jpg

MD5 4f0be83986aef1747336939a482cba1b
SHA1 e835a282e7f058787b5ff2c2f581b099b540da49
SHA256 4b968e7c36e64e1f91d85ceedbeb96c5c3a915beac3df688356169641a827c22
SHA512 bbd55a6a10bfccb937424f18e6a2780288d82405f0c8f13b988f46ad95594ba52f4ef63a92bce3282c2820ff2511a2c4a635f6c15c7250e0e99df0e021e5d87e

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVCreateUsersManAE.htm

MD5 9d4bbd618ed8c780b1f8920bff2a1409
SHA1 de328aac54c70b38cb0272c0b2606a225d26b07a
SHA256 25f747d7f52e30b534c68c474ce8f1639d0da391aa3bcbefa8d7192eb4d301f4
SHA512 a4b6b93dc914e5a4a015442273aea7b86c4197d1b03baa374903123761d3d86c799b95b68db5d3cab36779995e50b80a191a253c4a900861d3f9e297101fe295

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\trackPointsHalfwayHelp.jpg

MD5 91eca952e07f05abc968e7b9b7352d72
SHA1 f4e9cca48ca145cf68a724a75f4909d500c0f678
SHA256 5f5a92ee887b859ad75877d26fb088e1409a1dee060aa3461961dc5519fa23ba
SHA512 23bde35becb8ee09ded7415bf99ae21a4e48b4d4fb0d80578a740fb697725a90590b2948681069f8780933fde046306179a46812ae1cdf5f9a20eaeafa16fb11

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\source3Layers.jpg

MD5 e8e9946ca3d03ba5e6d5ac194c98764d
SHA1 d8d3cbeb1969a17077571edc1c6b2096de244e37
SHA256 7a86f0097335daf266b5ca7f0cc777e743a1d7815114e691250c1421f4e13aaa
SHA512 0e5bb734e89af56bc927560405b594617e74428f3ef6d8ddc4a2260d058aef726d505716e4e31bef62fb14e6db917b430e0e5eef7da032e439034965e81a055e

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\source.jpg

MD5 8d1247af40eaf769af8690e339d7264f
SHA1 e3f7e531bd7c15d014f437dd7c66f5fb88112886
SHA256 2558b4966f9f107febe4fc9c07e4da9d66e22a92a7f2b7063d0b820a88dfdc16
SHA512 383cf519e6f394ce8050b971b19981fcc6c8e772eb7c0be4244ad1d78e9c685ea86ec6e82cceafc1717e1f2bb4e5c52ea4854f840149c37bbf8ce03f9e13fe62

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\MVCreateUsersManComb.htm

MD5 62b939474b1fa978953ae35276f27142
SHA1 58f3350071031449fd6009ae00fec216c325e580
SHA256 2864bd376aecd82b61f81177e87fac923c22c1bf6af0a11289e44e75be217da4
SHA512 e623b3ccdda1c5d5a8aa21afc797a1c6d2db3e0b955719ae6f9fba730b22bf910043d94d2c2fd8822087f37cb2d04a72c5bfb62592bd955138ed88add70bb4b3

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\CreateMVManualSupportFiles\fg3MatteNot.jpg

MD5 528230e4a72696a5228fe2290e2c0d54
SHA1 476a1ff3061fc39d1e63908742f175ba9c2d635e
SHA256 86093176bf77679f4d69b4a96dbc4abdeea1a78c0ee97b4e5cef4e8e7eb0e1c9
SHA512 acdfab4eab9fb99cf570f714a1a5f297d416410526850fa377f8d7494dfefa0f1fa3f31cae9aba0dc4c7a0178d713a99649794610737f0be6ea8e330075838a0

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\dyn03_lift.jpg

MD5 db1f51b759fc8d1ddab4ceb3f936d65c
SHA1 2bc12f525627574c9536a444f375a92994c195ee
SHA256 50ffe9e8b47fd051c3f962b70e4e7c3400923a9cc1e583330aefebb534ab8a3b
SHA512 e590ab3ea1f04ec2a17162918f1ba4ac7dad0a79078d44a89031789decb37cd2eddc55a4fdc4364f9e8783707d8155e78ff01b18364e582d0519b7009830c8d8

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\fillInBG.jpg

MD5 7f01fd0c0fa873335edd28da28474919
SHA1 b28b456d40e8f2bef79115b0a511cc6b6ad2244d
SHA256 7bf0951bcad8b65e557e82ab99d0abfc6476c708e4d54719ca8870413633bab9
SHA512 266f07d02ac4ce25cd23605389c75a3a34095d413aedd55dd394bb5432e1748332807e8fa61545cdd3021c3c890b202256448dd4757885a9638a5ff52916068e

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\dyn04_bettertrk.jpg

MD5 8505ee07c746c093032b6574c6f60768
SHA1 69dd376b9f765e850b1a800f87ce3fb061eaf8e9
SHA256 030d4ea6bb18c3de5adad6dd3a00eda6e25ee56e53b51a975cd0fedb110aeac8
SHA512 9fa586a78ca705f61a5f2c8fa66db8865bc410ac27e53946f37c7509e905c2d04b80d2f55a9e11986a4aea6da2cba3a3db0181578b2f98037794e669f4ab1388

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\trackPoints2WithPoints.jpg

MD5 d2799f7809248ce3b69b2dc94384a2eb
SHA1 f3938845d8f4fd234496bd0649c1eed3c0aeecbc
SHA256 9b210d4cbb5118123037667bfda3839c51a4952710c66c3f3109444d1deafda8
SHA512 f6536aa83580995fd5dbb402a12300a792d655505daafbbd6cada668a41086e1a88edeba085b069b58641adb23fe0ad948d65038f7170a1fab17234e041ef980

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\SmartBlend2.gif

MD5 ce90225cb1a29252a1b06a2ea9e60292
SHA1 e62efc5f9965190ac0c5ae9b731133d0106adcec
SHA256 3b264651a7262cfe5aedb0f3103e1ae632524d9a3ba5e24a66701b339459d842
SHA512 3bcc4c9f6a19ccfd5bc5173f9c8ec9f11a3e04fd96f51b1f18bf1f012d85e977d17a309eede8fb3f0d0b6912487f5b39365c225627833a5380285afb248723c8

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\trackPoints1WithPoints.jpg

MD5 ff29b52471a6430c7622365337f1b847
SHA1 b3d7031d9b7bb9aa420d6669c04af76716738214
SHA256 d56ab76a5277fea3988fdf77f818580014e945c5da1d30ac235acc6d305d7652
SHA512 f618bfdb0d1b4b87a5924461401504ba2980e59427e0b0ffb249db326dfaac652b6fa375cf31ceb72b6b5e66ac71629d7948842c59dd703eb6687ada1c6b5fed

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\trackPointMenu.gif

MD5 db1f69db94700cba50f7750fd3c91eb6
SHA1 6543830d5a1215f303b176f18d4773938d1ca010
SHA256 3152dff7a6559f4e13c05e2d735a12ed8b90f55a9fc6942ec05c42e1b075777d
SHA512 a7d7baee864c728c81d5f888c3a08a76f4ca22cdf78719db0272dbc0a5e006b362a2ffcb0e4aedbcf3c3e76ed2916feb25b545235f229cd3cc01ca3e81590eab

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\T3ProUsersManAE.htm

MD5 2d3cf77e1cb78adbcc4a1c8d10b6be91
SHA1 7be61ac7dd0eef93e41b75a4f920ad7c8c7266c9
SHA256 5a01c6b2cdb3e21f9e407874a599651d95f5f81b321684f6bae66bee05cdc495
SHA512 d3c59aa32acae2ee111094957c4b918fcd87706d3f4ef0437a1dae650a5dd2676d9f39f6f7af96f49808be3b4d0db1bd938480bf75d156c6b72dafdcc5c305d3

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\dyn01_src.jpg

MD5 35666fef80eabe6f41d3b6c68b64d37f
SHA1 e277e522d189bc7b54258f42a3de7476533ca279
SHA256 565040418f50358e51c531f5822002f33ec14cfd753a8b7b2c999cd5cd429d3b
SHA512 474985905383a33e95d5a9136bef61e3b2be9aa9a8678a30655d0dde36d2537c6023ca1cba21af17bd87b858ac1a4a8feb27031ad922a42a6374c90a33e04674

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\dyn02_badtrk.jpg

MD5 7a64452a7fa33ac33ebcdb5a939d864b
SHA1 99dc8e22666d7264d08e738d2fdd6f36ed5c6058
SHA256 a32600d45459057ca7da4a84c6a81d837b2e2f9016de910b2124d119fdaedf48
SHA512 c8d56f969e6aefc9d20a82c5d0ec236d111027ae1602fa0dd575df494598be6ad6209e3eae90965e7517e3840964c0a2523d4ce8a51bcd051287e9e5733c072e

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\TwixtorProUsersManAE.htm

MD5 ca1804dde680a4a9ae73eb50c9e12224
SHA1 066be810ec1dd53f656c39d148ae97ee40f9b28c
SHA256 f480521920a04a9ad575bc6886fdd01e518e71ce1ed568f0787faf5a58f56235
SHA512 828e9f35bbd799bc9c98216400abd5d272d0680f46f1697352c45c06b7561b10dce7d04caca586b51d778bea83b22f42d13b4be23d8f44b1802d65f652f4234f

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\trackPointsHalfwayNoHelp.jpg

MD5 a93c2792a5e947713625f96facc95774
SHA1 412d32866c3451176c57b47fbc14fe7b2a2ce3c8
SHA256 22ac9bcd9c8c9cb0fe8d896ae8bc1f1618a7d06f6e67fb995336a95d8071fc37
SHA512 b2438ea5dd338969205a9566d90a161cb326dbcc2b7a8f67fdd1146113debfed9d1f170c600d31a406ac54311607c34c36660944c80204fee54d82f60af58208

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\LayeredVectors.ogv

MD5 d2dbb7ccab8c80a791d92e4684b0f453
SHA1 f1025f2cbe00c8e3833b4fd37437af6634de8ff4
SHA256 92a0cca667ae471a280d105a1427b9068df24c3414ffa96ac624c75b57fb550a
SHA512 5248950f1aa4854f2e1e5a1d1aad7995472a39f9d27017ad1ab970d41a9ab9e633edbf3a343c0b8b63abe2a5f896afc433523ad415922fc577755733ec4037c1

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\LayersFGMask.ogv

MD5 41238a26a86c2b01171fdbcf925a2f5b
SHA1 f081bf88fa3610b3f1119232567177083e9c3842
SHA256 b7251aac2e20f5208aa9f18ca9740e0d921a71153b39f2130dbd3a7b2959a136
SHA512 3b6a65ebe250160707be85ffb3f0a84b71f7470f4fda80d73bee291c3083ee1f5085cde05a2fab5b88d0e472387e3ac646999bfdd101a6397692cf5817dc5601

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\trackPointsSource1.jpg

MD5 7883c1a137e1cadadb3e066435079813
SHA1 1630871da1f0160b5b63e22d333e865644bd99ec
SHA256 fb6e23ebd76bf7b39e68169623470ffa7ca6a3d777ed092a1770d4a4a5851c7a
SHA512 158d0fbfff06064e6d77ab82abf8e7c7099662be40326bb36ad8a22c2cc45929d0f363bcd4233e28de338a90f36cd7e4839d3ef27ead97a6fa0e5353ac54628f

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\trackPointsSource2.jpg

MD5 b3af4053aa73b7734678178a88946090
SHA1 cab813325fe5838aa3f220c3d4ed5bb4bb797828
SHA256 dc010f9cf531ec596097a4ee8e19149e7e4cdae35db05aa7ca9f89f9ba394254
SHA512 234112b55f2f11b589bc5c511094b1e3199a2abd25e85dab34aef24ad4521f55302288c908b588598218ff7f28ddba41a2e162d7143954c1e1038ef23f0b084f

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\WithSmartBlend.ogv

MD5 4f4bc7c2e404fb42c5493083caa5bad1
SHA1 03dfa06a89fb6d2573796eb62edf79e8aa7e5c71
SHA256 87c7fec9e3ca668bb6c568506a9340dc9dcbf106fed3418ce6f4de195fcc6ca2
SHA512 13886ce464855748878e294a23cf2c817a9a6777190cb4eb26abe066f9036efaf5e4b9bf5ab6371c506a193c69b34296c3c00a1f7270cd2d4683076e2ebcea13

C:\Program Files\REVisionEffects\Twixtor7AE\Twixtor7AEManual\TwixtorManualSupportFiles\WithoutSmartBlend.ogv

MD5 8e5b3bac0718efd2976e4c2ed49cf5d8
SHA1 17aa533042c244eb791f5d17b3c39104e2d69fe2
SHA256 e6c3cf855bdcfc0a410c613d83e631391497a85ef22940f1b7a90656caa175db
SHA512 de8dafa7799fc5e87b7f884ac3f04740994fccc329025c940f49b0f2fd33828b23356c9b68452d725e05b11f039af46f94c1ed444e9fe22f09b7c543c812513e

C:\Program Files\Adobe\Common\Plug-ins\7.0\MediaCore\Twixtor7AE\CreateMotionVectors_64.aex

MD5 c570ef34439e9341e2ee9822de412d7c
SHA1 fba44d242d09571ee66bca8e15439a68528280f0
SHA256 c7a9ba66b5db7c5a8d5f0107db98f39566fd9020bcf99a19c19485d44b797db0
SHA512 b171db6e55954c132340f9bbc140612b80a39997609646d3f3dcfccb15913049b9e575002786ca8f8074e3515060f736288ebec1a0393725e181f7f3f238bab2

C:\Program Files\Adobe\Common\Plug-ins\7.0\MediaCore\Twixtor7AE\Twixtor_64.aex

MD5 92bc1ba46499222daf1d81e5cbff45f9
SHA1 9b44010a0bc7204353db8b1d7028eddc4ca569ba
SHA256 1a4e8d6de777a08ad0c9ab7d95894a271cb2131eb487967b983c2ff9f8daafd5
SHA512 3953aa64e64f627fab83e217dee5ee9b1a54c1c556ed0f4286d60d56a159e84ec50f2429f7fc234bf7c3b1bdc25c09411baee51ffa639e5552095dec366e928d

C:\Program Files\Adobe\Common\Plug-ins\7.0\MediaCore\Twixtor7AE\TwixtorPro_64.aex

MD5 588c1828d0d2fe2ab75c5a4559a27307
SHA1 4089389a72ba39a28e19f644de553044f72b7236
SHA256 79d90d68e48a5f96631e203ff12d11b6851ce5158b27b293c442804cb531218a
SHA512 c1ff3a3abb34a7f604e22eafabff225d99b783985d3d228d7d5279256c61ae2137cc1f81090e49ca3a096c2b1b6ac174cfd58356d19bf3a720b5bcf272093134

C:\Program Files\Adobe\Common\Plug-ins\7.0\MediaCore\Twixtor7AE\TwixtorProVectorsIn_64.aex

MD5 40d5d1219025b720de48a51b12e3bec2
SHA1 befeb8ba9b3b2523e6feb78d78446cafe5413014
SHA256 a7cdf26be4e1d43ece5ac10f462b07ffb127b36e432716926a6e34067f2fa9ae
SHA512 9bc9ab006176c0748649ce3c8abc5cf8130507b8ce91939c4cb4693a3df962594ef41c6bba59bb01e7ab7b7e81a1e406f793805c1dd66b05828771d560163644

C:\Program Files\REVisionEffects\Twixtor7AE\vcredist_x64.exe

MD5 96b61b8e069832e6b809f24ea74567ba
SHA1 8bf41ba9eef02d30635a10433817dbb6886da5a2
SHA256 e554425243e3e8ca1cd5fe550db41e6fa58a007c74fad400274b128452f38fb8
SHA512 3a55dce14bbd455808bd939a5008b67c9c7111cab61b1339528308022e587726954f8c55a597c6974dc543964bdb6532fe433556fbeeaf9f8cb4d95f2bbffc12

C:\Users\Admin\AppData\Local\Temp\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\.ba1\wixstdba.dll

MD5 a52e5220efb60813b31a82d101a97dcb
SHA1 56e16e4df0944cb07e73a01301886644f062d79b
SHA256 e7c8e7edd9112137895820e789baaaeca41626b01fb99fede82968ddb66d02cf
SHA512 d6565ba18b5b9795d6bde3ef94d8f7cd77bf8bb69ba3fe7adefb80fc7c5d888cdfdc79238d86a0839846aea4a1e51fc0caed3d62f7054885e8b15fad9f6c654e

C:\Users\Admin\AppData\Local\Temp\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\.ba1\logo.png

MD5 d6bd210f227442b3362493d046cea233
SHA1 ff286ac8370fc655aea0ef35e9cf0bfcb6d698de
SHA256 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef
SHA512 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

memory/3080-1424-0x0000000066C00000-0x0000000066C14000-memory.dmp

memory/3080-1420-0x0000000000030000-0x00000000002EE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\.be\vcredist_x64.exe

MD5 e16e6d68ce1949c9721656390f47ce07
SHA1 9009cca5dc05e22f4cf0d8529a473f19b363103b
SHA256 18e6d3d96fcd39ba069c0e6ebc108881ec5bb07e29a24b0177688ce391dac526
SHA512 63a179e4db0cb7954ddc9aee9e3c7aecae9e160154243b248b94647eb8defafb7041ee291f6f880dc3ca7f298dd548e4b3cf0b650e9a7e34f34d2d2f0dd36127

C:\Program Files\REVisionEffects\Twixtor7AE\.updater\REVisionUpdater.exe

MD5 75dd8952f0bb4bef5106a545118d7b49
SHA1 c6ae04b60bfc6752fd59d2fe30cdfa1145b0d85d
SHA256 270a0708d6e2954a600b04e16a2c32ece20d88e11d0dd8a7f16e5b906e894332
SHA512 9141220f4c0b8ee2892ad8236a7752227bc375b3892eccc17bfb52b89e004d5c2c8259659dc0f5ccbafc1c32490a3f7447323cbf2e7e9bdef675fafab31e00e0

C:\Program Files\REVisionEffects\REVisionCheckUpdates.bat

MD5 17f9d93a0c7594339ceae7dc3114c1ad
SHA1 f183e65d4062575978aa062c309f6fd19f5c3f78
SHA256 c78bf5d105a79ecc6442791e4e8982efe7ea26d59a688936233f59a9125eb9ed
SHA512 a5d6078fd46f788fcb9188c95e294916958f2f0b078651a90df16355e583925f06ee8802497c4b6053bcbdf710ffa94e16343d214dbe9a04c82b045a89b6b2f0

C:\Program Files\REVisionEffects\Twixtor7AE\uninstall\uninstbr.000

MD5 7f238bca68e7b9e509746dab0bd07741
SHA1 51614de706b8da15e0981c04a063db668734754b
SHA256 8e6474df4072d48e2c59c046971bae7843141c94ae8586e270c006096c413ddb
SHA512 2a867a6c3ee9f89adc85f0baaa55366cbdec830e02ba2fa94a1fff9937e04332f72ab96e7a7fa1fec9783da47e4933504317f9810ee96ba89fc31f67f54e6c3a

memory/3080-1469-0x0000000000030000-0x00000000002EE000-memory.dmp

memory/3080-1473-0x0000000066C00000-0x0000000066C14000-memory.dmp

memory/3080-1498-0x0000000000030000-0x00000000002EE000-memory.dmp

\??\pipe\crashpad_2692_OODSCORCVPPGIINY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Temp\scoped_dir2692_906445262\5798b0ef-bf76-4557-b61b-1e3fcda1e307.tmp

MD5 da75bb05d10acc967eecaac040d3d733
SHA1 95c08e067df713af8992db113f7e9aec84f17181
SHA256 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2
SHA512 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

C:\Users\Admin\AppData\Local\Temp\scoped_dir2692_906445262\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 61b308018f52b50b4f61a124d6f91d66
SHA1 6844b74cb50b3193db0148bb85f62e1dc3a180a8
SHA256 b353a70d4aee3551e6199e71798cce0b3d09f631d7c1b4dc59ac42725285b90d
SHA512 3ec6ab326d7742dcb262c36bf018f070beba9117612971f7ace0037e2bd06b69d3300f51b330179c0a500e10ec3cd93a7f064a5d72dfc2f62305803f4a959d86

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a47944411a5a82f4f2dfaa877d4dcbcb
SHA1 4a6d92236279633258933dd9d2149b09745f4576
SHA256 d1da49995af5d351ad2c57cdda9a362755971dc80d5ed60fb31ef5445fb47c0d
SHA512 4c7017a3dd89347796d8f118a7c94a25aca6cfd85c6afe1351763d2d249676ecd478e9d678387a640dfcef1ae34ddc43eb10bd8b19e824b9e5265cacce034232

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4498380e7a8419a5acede6d620284441
SHA1 de1ee93945e6170130228daa9c7d5a07fdf03482
SHA256 0b147ed603e42f66a91b3c3e832815cdabc16344e52e5dd461878da1b2d7eabc
SHA512 01cc6c680f6c04d5e50a1d7f13e40973f09dd549ab1554b6f7a3c642227d8c7232476cacc15a7eaa419df56d392bc89ed4c80196aa1a38ae4fc9f02b6f114f17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2de19da4bddfc1258f5b33335421a5a4
SHA1 516a9c14ba7a38d65c5c3a0d2e74be0a163da231
SHA256 4e351ac4d75a88ec8f4012ab3b86c9e98a52a4b8cf5cf87745f8f3dbabeb859d
SHA512 35825648176ff5c68172f2302b3c1b8acbb5aec28e2a6b219bfb43b7929a69c88b3c57df7efdd4bd340b60f769f2dfd14d608e18b34f9f7364cbf2813d8de832

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 5616b728c5def2455fdff541c818294c
SHA1 b3ac20b5d4d1618b16d81ba58e87bd20d3f45394
SHA256 d6173e49f90d3d06bd2dfa188e16aab2b0e9cb61d446042e2a8b608d86f2537d
SHA512 d02b0243e6cb0b6b7bbadd56cd4904ba298ec51dc90e04846a4d12cd72759e85cd5a32d20be7a5b4e979eb4f9635bdc82294297f0cf7ee8741469946e93e8906

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fee48867c0d0e003694cd05774fa5773
SHA1 b7f3fa3fea594e62e6ffcc19ddbfbabdb32fa806
SHA256 088c9bb3ac3683e3bedce4557c1fad2af1f5afbfdc1206209978b07f39cbfab5
SHA512 300127b0031856a8ce70b300851e39b4fad44e789f7466862658c05dfcb10efdbb5a0ee0077cc28372832bbae5248294020a66c4d8547b31a30bc36851ab18d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 34710380e5650f07bd0e01cfedb60a68
SHA1 b68cf66ece430ccd3a637fca3369942592e5f951
SHA256 269a2e944075612bcea534015051fff9a3fa47e7819009a786990650e31dde60
SHA512 2fc3d35ae52d9d8e5ae5ba572ff9ba6653fef7414102f3f695b7d05b2346839dda5b7c54d2d2ea159f9adb5a3aaeec74df37f8ddd337a4eeae0594667be4d4d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 33982516e50b4ff26045d225624927b5
SHA1 af7c5b2b15d1ecf54095fb203f3ef2082e95ab68
SHA256 cbf1780e47b5562d51e9cf599023a6edac98679dc5e28790be9e68628688306b
SHA512 837e4a613719ae0bfe4622b3804fc3309d0408d352fb887c6bc8c28e30ce9d32657ea3ebe42905ac3ebdfca93b6d2519856387f807f8937cf11ff5f91db6d9fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b04afb8f3d79b98ce806221bae38bcd9
SHA1 7875b358b08961e13a5f587cfffc1bd61b273ba8
SHA256 f5f4ffe39903af45a4bc4b5533e1ff3b18acc6a359ffec3774e651ccfe361f1e
SHA512 6273aefe53f50fb2625d8b40690c3e11b6bbeb9a2e5bfeb552a5da02e0324963ffc6fde7fd93cb5b9f426d291a472f2201328ebc915bfcbbe66f00d420bab577

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ddf34b8ab8c3b254137fef7c4d2301a3
SHA1 206f5f779433e66a5ffceb6a89815591bf4fa63c
SHA256 6f51db210d256a86feb7aef2e72274b472198cba7c354411d50168b5a903105e
SHA512 76e56efc3655aef17b6788a69e9b34a50806e874ebeb5a336dc92154a6459b020e65e20e26f9620add5bf4eb726170093e915d929cec8587246779fce137e422

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 694590798ea2bb066a129af5dfa736d3
SHA1 a08ce6b92710c1fc6ee0d39cfb7cbed09dae3ded
SHA256 28e92918547e9a7c60a354cf6d4c7f44c99205a795eebbfd559a5c7a942d07ec
SHA512 de720ba01a1e3ea1a80c22a218caf6b9aa6092dfb99f6ceeb2239d8f9127925d89cb6aab4ea02c1835664b9554b6b961e8cfd8092ba6d62e91347cb33b1c62d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 565173fcd28120be4af308f969f5356e
SHA1 f0e58d1e066db7dcb29c51216414203de3415df3
SHA256 341d611634de6d9286f19dcbde77c51377a5dc7a83e505b5c30b090c706821ea
SHA512 98b44e135eb71d2fb494b1629a4e53449f01d108f06d63265c2d6bf6d4179e17b9682088f9e9fd4eb96be31b61059ae70090477b55326f353fb759417362669e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d108e759d9528f5b5b4c1e5c37714759
SHA1 dba0255abefc40d28844cdead862467a5c81a9e9
SHA256 f32a976e9b3c858592339c7db95a2ecdc40b029e0ef1d37d9d20616aa1bc5878
SHA512 401a527ec389eb5cfeb7ffc1d794089705060bf97842ee4236f36c987c5865989173780943a9f3fe0b11d4db79b4055b03c6c8783c232c0c0402f6f8975d9239

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c300e935bd62583ec8a9d7671169f77b
SHA1 83ef7a47abea0cd7e519a2e7510e3ec07e61aa0f
SHA256 25acf192483d66b793ea2e500fa17a7bb58fd019466bdd2e90bbccb042cff83f
SHA512 ebe219d7c0b2333386c902aecc8407a05f87a3714766453f6a7dc9a197bec1bbcd1d7c726eb64885e81c038b2516813125cbb67e868e0618db75e4c50b4fdbce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 59b5d4d06d2158bd0a3c1d9fed0429b7
SHA1 68688abf50e8f27fef870a2e9a6c577c9b4def93
SHA256 5e9632c279da7f5fd92b3fd6186a7df08a502d306497c8300d42cfafec5a45a8
SHA512 c00a311dc5a7632d6900a477048322ab770afbd2ff3013b7ac389fda289e020d75cd1df8dea7d2af342cca1f3d784b5519d603f6001349066c1338301d0549a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a99d15b8ec7c4bf66bc4931297b9a663
SHA1 26570028be25cca42558b063b2595ef904a66fef
SHA256 26a4b66a0676d73a3c81cf4cb39f0dad65aed60eecc590eca4dee75c404285b0
SHA512 1cbf19f334c4c637772ac27e8dba815cdc901f791e8c6155f90128c7cbc27469851a957beb5c3f6cdc7da883d303093806ed9997bc917e9ec1f282313a3b9eb4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bee1d2a17e96bd1b865c39ed230ad031
SHA1 09d1bcfe13340e01b05b5ec47d0b41b595a6f59c
SHA256 df0ff6480bc1a0416285e68b57551d1750cb67e42fcd42a53cead73b718e7f25
SHA512 2842a909c069ece7e132d5aceeb32a6314eb4750e8f48a4879b5d117c78915290ba8faa64963f4e8f9ebbbb0cdca1a9942d4e41061934373b3ec35c5957cc5bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2389027218aa306b45e4a35def93fb57
SHA1 3fb9be4f5c24fbeb41b92b6011fc0509a0ce38a7
SHA256 7b106f3c4c6f1626fbb53ac1b8221a71f12836531164beab9cdf8899e8c57c34
SHA512 092870e0716286c6a82f6a1715066dc2ab2ec9b87e083fb567166c366197c7c97130e8f8ecea3830df2e112394cf569e0139820a8d6fef63ae9274198c747425

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2cc1242a65252364eb8ffd02b7e50b30
SHA1 02d73deecd00fd889975cc428efe591edbd194fb
SHA256 b3bb90ae5c6e792ce24e050bf6ae713fb36b280e77c70274e199c94bba6e73f7
SHA512 9218a58401ea0b83ef98bba78daf78b3ab15bd3df87bd539f5777d0b5467c9dec84431c809fe0d041040b22d2c5253a8bf1262875bed8cbbac1104b837d5d954

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 73f9fe4ccad39ecfc1dc63bdaecfe7d2
SHA1 1c5058e245ee662cbb1d2c370f2730721ed1cf90
SHA256 1b87081d729e4bdd401cb7881fe22eb3f86abe7ed2632c828c1f279340639833
SHA512 b8c4df15ebb14a4669b2b0d79fdeaa4af835b484df4606d1f739e19eeb8ff88eb8e89c9dccefd0f6faa61eb4bca4a864cf70399d9aef32aef9b1f357ff066ec2

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 a0951de55e9f0c881b72d42f1f52ed8c
SHA1 6bc8ddde4e4d4835fc7be7cc033fdfcdd609684b
SHA256 c92abdbc47b5481651416bf663d6b68e0dd4620fab1becd83f8d113033a6da61
SHA512 4bd7ecaa0546eb665b133a4f93a1c6cbc74f71676ce35b76edbdb9e7b755700533a755b333bdf3d7566ffceae6004184082df61aea5a541a75998ff7f45a9523

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 53bab06b52b796c24e77be4d7efb46c8
SHA1 5e19a26dc733fa7bba910f9bb63f9560f8fedd96
SHA256 ff1aa75b7a764aec456c7d1e10cef41fd6c31a11db0d9c7b1690cc3724dc412a
SHA512 ff459c93e053c54eb590ebdef12bfcc8d195ad588e6647848d6017548e634abae5f2dc7549e3f7a2159e5ce8cc740d2e18b432050b54583327a18da224a5562b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cae4f060492801c50c313e1cb8a8fb56
SHA1 bf988f5b5f0bdfb119f5af6f5bff165663ffae2e
SHA256 3088c46f300934b15517c95e037faef3379d19030a297d665541fc9ba529b201
SHA512 3d01412c56281d2939ada19b6d694f8df258b4e01c1b235fad2b29e14d51ec2e23af3a9f97909348bb5637fd47e5fe31616b4ce17cc632e2b54cd9779d84d8a8

C:\Users\Admin\Downloads\Unconfirmed 269181.crdownload

MD5 8181c5c8ff0e5d2b9598ee471a40d564
SHA1 db44dd92d07ff60858a566fc95dcc54819e13dba
SHA256 872391a8d69897f8cfdbec61ffb7629a7be12d510b465edf4c7c0ca795024dc0
SHA512 7ce20f1bd1ba3dac9e9a7e38d22b970434bddf5465154ff13b6874ea7d31668be5ef4270ab13f221c876a3e3c899982bd8600cdde1c987e1bc06e2b80937fdbc

C:\Users\Admin\Downloads\esetonlinescanner.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScannerBTS.exe

MD5 417a42cf22736839a09d4eb0d80e5433
SHA1 3338744a8e98294592d391cedfc07d28aed24e34
SHA256 fbb3d5aff4628761e83aeda81cb9d3465cbaefd9838024fce2aea454fe9856dc
SHA512 676bc42f753519ce9dc066a6faacc9d24b1bb729c9471cdd2281177ad9d2673358f3aec954df6883568e0579fe3e7fd73ddfa51a37b3deb8f9d3ecd98289045b

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe

MD5 4f9689e7c88f5f082a4ac6b6ac0eeb8c
SHA1 12f009f222dba1a57ae2d32bc031ce95c00d6827
SHA256 094b7ee60c4cd103aba2e86e19ace5d664ec95d07c0f10ff143e55e6e209d458
SHA512 d94d1ee2634dc2e2715634b38aad68d7fbe9740705feb7d0a01bdf3e2f5184085dd3d250dc26a6cc361b8d0852afa0ae38a145b0e9c7ee0537d510fe30d66d61

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\sciter-x.dll

MD5 60fb382ac6d6be9d19f404f1dcb1180f
SHA1 1ca5de5db080beb388d5ab66c01e8a23983547c2
SHA256 b7b00184a8bc068588d5044e2f84e3f1a6e5e033e6390284728f81170ad81b79
SHA512 d785cffb31c428aad07f8be50960e0cc0c2295b383f27af425e525aad79d16090fe0a5c1f03b3b1e5117f3fe5b014d1ad6e045ceca96fa420c8e14946ac33b51

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\esdkW.dll

MD5 dd8242e233f4fc374cb996c541391be8
SHA1 bb21aed8afa07f97f101e192dce37ab5b5dbc215
SHA256 36492c0186372f39846cedad1aa02f17a334f6f8aed015ff13a3c79437fbfdf3
SHA512 43f1d280a416a135e3be3986675f5a964774bee8ec9e9caac99b8938caf837848770f54b4750a99e32da914e4842721ccf77af64ea07ff6d4ae0e26bccb0cadb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a4c978baaaf65c23710bc59c05f66a14
SHA1 cb99c72f96b964b3134cebc4b18a3fddd1257e5c
SHA256 35cea1bc6777e0e7866685558a6ec45658b6d4377b8ad9fd3d15a5a9cb4bef7e
SHA512 70df13fb010457ffff3bffbc0c9fb79436de224e624dee52cb6481cafc8f2fd533bc24ae104ff993f07fa14f8c67009479209526bf3264f7a96e2d9aac0e4b0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 79c164238a0122b647d859a91f99d462
SHA1 3f409179d36b5406ed3cfd1ffc3ad8de06c5b6c3
SHA256 18a8b2c745e75bea18ecfce3b6c9c89d392fa070fb563436a56be4fb13997485
SHA512 d0658ac10ffae1cc83b6c4128fbf8d78e974fa56f511d2ec5a9fc01942a20fa07a8e2fd69bea550efca68a9fbc5b06f55c4081706339c45f79be2fdeab61a4c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 44ccebedc8b5085e15e3dd463a118a8a
SHA1 743cb40940e60294061fb981d0dce7af71123b77
SHA256 6752bbd29ed8126e5a49c4ab2f527d06526b2a202efa4888eeda74f09b3f9546
SHA512 e835163a301c0724e9c9bec907e0e49a9bd962cee46c2bac5f14408f8049f0de8c14475b37bef53bbd3d2ebce2cf72a536ff3e604afce9d1fb24baf2ae4207d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6a242a244afc2a7f2ea8075138fa4641
SHA1 969b97c33fa264d072a73e5c70fe7cc05f20a0c4
SHA256 53d79b8663843cac7d717040b286aebec0874a695fc0cb14d1791a9e0bbf7668
SHA512 84d77ffd77da301f12ba24fa1fd34f0ad60678cae5a3c13244668d6bc94cdb52da5abc68644b7b6e480649cd3754ec58685f9df8c7410c7d496be45585f0b3f6

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\update.eset.com\eset_upd\onlinescanner\dll\update.ver

MD5 458868ae586aadd408ab1d92031f0cbe
SHA1 0897669cb5fe8313669f81e3c1f4bc51cf4a3fd2
SHA256 2dc0b39b2f3e23b5a82d55e1bba394ec768613ecf853ec0d1573478ef475a5a1
SHA512 d2e5c5effea49d2eeb5434d933556e63d152855d39c771d036e378f86dd98591c9e324918e46bf65268070607c61be7ddd9c50c4e04faf6a67aa6c65e4c5aff3

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\Modules\data\esdk_update.cfg

MD5 f21e098eb7ea056bf0686949962ea171
SHA1 341148f7648f5fe09e4ca63c9699483b5b9814fa
SHA256 bf52ef5ae3bb8b5d5a67a68541cc068b15d0b62a3f909a82876c66212c414ee1
SHA512 fa7db722daa1160dbbb4def0fdc73d4d29b3aac38fed76f4dffe8a0dc86b3f65b672a896cc63e794e2a49bab291cb9fb78cd91d1d9a21ca9016d84505b648e96

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b1f30928e3dbf9292ccd42dcee1264ed
SHA1 15932037494acd36d7635d7c32bb8d7fca022e9e
SHA256 aaeb604c9b02db2ebd9d57d53eae5a42f8693b5cc0ef1f5bdda87fada3f09a2a
SHA512 5a8cb25e71b28ba26b29774ff2335aa7475d6e5f986a9d9be9c3e744b16b4d30ae349b8723785c4b39e933dae2bab1f04b3aeeaa5613c249bf8932fb0da10f81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 032d8c079e6636948672c2b571d0bdef
SHA1 efb9c6c6706a4812814c14bfa48fbf5423d46f5e
SHA256 bd183515e684bc411081e7fe664246360a5777e379ef79aea81d27e249e10fb5
SHA512 af78e32508cf513ce1c67609f3c36bb19bb6345acba539278c219b2a946548c7dd77a7f48d6ff189d3e8c8c1bfb6816175b749e30fc39cbd0a1956e7da28438c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1fca6cb356757da51f8ab6be6cd2dc24
SHA1 31b4519618d3d4be44ec8e08de31d3a363491445
SHA256 2ca14ed0301b0dc29a200384dfa46598e83b5b830a89abb1f30c0db32c894287
SHA512 5db51e83f8140f0feb41b99c72823389faee8957aab285593856c50868e0fc7037fb588482e44d471e7b8a5df6569e336c47c5c583e81c78597063732534dad2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a388494f26ae776fe4a26a76a5d7f630
SHA1 7a7eb5b2cc8904166d915d0d294113c8eed6e4a2
SHA256 a30cdbae40c0626e84cab637b70cfe0350d34450602521c44eef1d25c6f52ebc
SHA512 1057ed4a29f8c5b622b6c3d9e0e33c242c4c7ed3a4c4f31302b3f07c99b9321ca195a2ca24ea4e6f897d62ab275a5bee2c64deaaa28fcf9f163dfaf57b0a9198

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a5d173ce9305c5e133379bd640c663e1
SHA1 c9394ec14e14b43e3fe60d70507184d39154638a
SHA256 b44ddfef5f4b9e8a0f105e53a3dcd657091a8d316e36363ea2e278c00854cace
SHA512 75ce07cdbe60f1714514864ef57888729bb87aabe2df4ee773a45db352d21f7e88bdb0b0c60c577affb241627480e737cb60cb721905eae6eb015c9d872017ee

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\Modules\data\esdk_update.cfg

MD5 df974a801cb10058ab9ef8f083af23b2
SHA1 a925579b0538d818a55b6dbc24b95c5036469095
SHA256 8f8d740e5515daf18827a38b8c9210364184ec580d402838619e9d30ec7ba02a
SHA512 e33171e530e7ead1a166eca1df7e6d0bf967dbe0ec204973b2f5a5cdaa9cbb3550ecce9a94a302f1d766115f9bd5a65696dc87678c6e9783b39121cb5eba05cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7c5caec7e0f43ead1d0fe5c0b0702fab
SHA1 fcc79ce50dc1e2734d77c62e88830f7cc68778c6
SHA256 07bdd89acc951da58f7993e399613fd9f902ef3b7924e7a1775167050227b9de
SHA512 f6f4858420a5b8c5a438f3d3c33be2c800ed41720b08f7d103151971bf03019b18e43c4176c9cca3598c4c3dce23a57b229c053e0046d5d72c9c3555e4caa719

C:\Users\Admin\AppData\Local\Temp\NSF8A40.tmp

MD5 61a782d930a96503bfa5b690c75e8a4b
SHA1 c96ac180facf269a728c01923a128ca457bc13fc
SHA256 6dfaa6589a935e923051d2170ba90cd4308537cb2f7d9519920d657c19b8a153
SHA512 1f860602bd5fa48674036496a5cd156b208f636e2f91aa1d663e7ecccb55d0d097843712930648f0bb7943abf955a7fd0a32fac3dc17fd61afda31745c107058

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\Modules\em000_32\1113\new_4612\em000_32.dll

MD5 1902946c06bbf9d9345500a55610b7d1
SHA1 cd24cb1283ec9cefc722cb99e08e12643c27714b
SHA256 85892674170b59f2ad48597a6820c1bececd736f5a39aa72e158144ac8ebb895
SHA512 7babeac1496419cc0be711fdab0cacb1e60dda4da9429ed725dce96c5ef2270876c1d3a4a90d58963378f3ca013a6c8533ba1a9a65fad97a9c78087f3ad4c7a2

C:\Users\Admin\AppData\Local\Temp\NSF8A61.tmp

MD5 53d572b45e43f94f9ef99f592bad55fe
SHA1 6fc26a86b8934f642901295d78f06359688a099e
SHA256 df8297b6368306c412162f0393341e3e606ab440f5b259e0a5e64642985c5d76
SHA512 0c2874b31964b702e2db5e21ad4a9cc0387f0fd524189ef6d48c4fffb1118e1edadd3f97a91f101e852d2eb26d54d08fa59210fce0329420f6ad3a8154a7d8ee

C:\Users\Admin\AppData\Local\Temp\NSF8A63.tmp

MD5 d6b52c1954b5d762571ad21c66ed88e5
SHA1 018608865213cc4d9584dfad35aa6bb49553cdf0
SHA256 6b641b2bdba922836bdf9f231936dd8ae01be00d32522977261a568c80b507ef
SHA512 8d0b20a9afb47538f8163d87472b24b93208b4a0cb662f1d11f5addbdab02e4ab280e48154d202ba9d9534b6c34671c008eb2d4d39289c4aa139fbbb2c8c2d69

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\Modules\em005_32\1403\new_717A\em005_32.dll

MD5 2ceaebb602bef8a129af60cb631c693b
SHA1 cb3f7bc23ed2cd225703daf7fb1241876e2e1619
SHA256 370ad21aa6eb17375d117c95f9dce7328f932cef9adae0a478e7348467fef7ee
SHA512 66b5cc0b0312289137e0099ca1a0f436728ffe775664233dca0ab8e25c7cdcf3b4f56edb47fa3d5b4e23701286a6709bcf8b127fc41e40f1b6ba5a697ea06378

C:\Users\Admin\AppData\Local\Temp\NSF8A98.tmp

MD5 85843a523484d4eb48877148b7bc23ba
SHA1 7ec8a17cabc865a227d1953fcfd6549935cd9ba0
SHA256 34b0f784eb58a52eefc95b3e8eedfb7d2839a245424f14585ddcc21a094b8d49
SHA512 9cdf886691faaec4fcb35e232e59860cba7e6e6c894f1caebdcc383dfa6b609b8ba024602c15e731578e9e6eeb9cfed9b2f8769432e0736df09ec8ce611216f0

C:\Users\Admin\AppData\Local\Temp\NSF8A96.tmp

MD5 9c7b1a646c0eb807f48aa0c7549839ba
SHA1 67d66aff3d39d9bac0a3caa671aca8f96be128e4
SHA256 5bf898d40c7bc278bbc3c4746d156efee813361cca2a0c048e092c76825aba8b
SHA512 2e83d3599df281b42e9abd9120c310a757bf56b083a6a73502cb95a966fac12ed8d42386a75375cc855ecb107effbabf3f2a2b3e4079a280c1cfcf8dc26ab294

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\Modules\em001_32\2450\new_1819\em001_32.dll

MD5 6fa11e9cc3450eac92e216cc6324ab48
SHA1 5391ab94d6ec019fa69c2fa029d0e908cb52e663
SHA256 5f2da95046b37f44a22e6a41c099f8fdb27aef4fa58cb8a4bb0ac9fecd58fe16
SHA512 b6ac72eb7d35a67b138cb1f8df9036e91a32f9b09612cde9be828ec45f82c1ea91d7e4b6d19e6ada443836688462d08bd392b001f721c2b2be41d4e3790cfc69

C:\Users\Admin\AppData\Local\Temp\NSF8B76.tmp

MD5 63505c426c2ae7f20d7585139bd3c092
SHA1 965cc1271a0be4456bead21670e90c83c797c69f
SHA256 2b1d6d5a4d1b9640e8b2a62aef9320b4d84ab7b96c2fbcea562ac25f910d3ae5
SHA512 e62d914f897093bd607f85838e9f2ac11a28400cfe1d62724de69dd3f456735400e23b74ead33e763b94b9287ea44c6926b7aafd5f8a01386743409b5861458d

C:\Users\Admin\AppData\Local\Temp\NSF8DDA.tmp

MD5 fb9e6c7680e4e13e324e826b873f91ce
SHA1 ec3a276eaed60fd66252a4f52ad331f5ce6fbf93
SHA256 7c81605ecc8f33ef0cca6bea2a0b892ec3f5fc473063a429c3affb76ffceb527
SHA512 a27a1e35962a9218cebd98e4570e316295beb1ecd3a24c47db199ded6e9f4ed72b26f3b0668675b49e461321ef8151db282456dace48e6b220dc39f7ef25e4b2

C:\Users\Admin\AppData\Local\Temp\NSF8DFB.tmp

MD5 8d68ac4a0d22ccebba9bd757a9b99492
SHA1 c821dc0a92de6ca5526a8bd1889b499502731b50
SHA256 23a8198906e2c2cb63f366806b07003af7aa5ae5dfeba20f611e85a10638b84c
SHA512 eeaae7e7a702524de4d6c263eff59cf5b2e057bf3523d640a641e3640a28d2cd28e1d65dab622101513a8f6a49ec43f13ba3f8a2639fff9e876c80e6dd678a9c

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\Modules\em000_32\1113\new_4612\pptD3F8AA271ABD439A\postprocess.dll

MD5 bb2ebbed9b21bff8b6f84ec5654e95ea
SHA1 abf1bd6f85a98fca10aaba427cefaee73d7e1bee
SHA256 fb19db0356e040644a17cfac2f3f8cef44ec9e9787162b028a5ddca22095af8c
SHA512 703393969aabb7e0aa935762f7b5db0947f7912a69f00b9723d12e093acb482865dccb2a4ee8cca6e9fcfaf056efdcd40cd67ed7a2ca2779b61b208384f021ba

C:\Users\Admin\AppData\Local\Temp\NSF9E6B.tmp

MD5 de0223da8efcb77771586be0b8c8dd5f
SHA1 00abbeab55b51ea2cc0c7cf41b812c10185f0f46
SHA256 ac9e37be49b6d6d3a3c095dbe206e13bb6ad80d38c18bca7a4e90d4895c9eba7
SHA512 c51ff8fd0bfcdc4a479bca5affb67c7245854c2cb0e9efe1fc6d8414221a0d506ea5e6a74d258568cb66634e002b5063aba8cdc381a2733ebb1c1a641b9cfb27

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\Modules\em003_32\1571\new_7881\em003_32.dll

MD5 f491fb6a7098b849edf12b38163bf6a3
SHA1 2ffe8552dcf3d718554fea2bb4281988bf7be871
SHA256 b1a176dfb0ce836ca2f6b37276d581ae88d6e1fd5f6eea43959c978e9bfcb44d
SHA512 95af604f0a61be59496d999c8bcecdf6aeccbd35a4e3ee550b9be05ef5b1a60fa06c2c5c9dce6ee7515f0366d531d0f72968aeb143549b101ae65bcfe7e72e38

C:\Users\Admin\AppData\Local\Temp\NSF9EBC.tmp

MD5 30b9e4823d3d368bdbd6d8c442de3ae4
SHA1 14db4cec0d5b29e1f5c4496822753a9304163b78
SHA256 568bf98fa52270658d6b05cda1db1c089f7c2ab4cabb11dfed417452a482c330
SHA512 7a6952aee9da33081eb4471d1a312ac5f28acaa58f3bd3b41948856aaf06c466399d244981fb4fa4b4e8efb20e09c217b28cbbf921c5475ec2ebf5a95fdd3ee0

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\Modules\em004_32\1249\new_11BF\em004_32.dll

MD5 36fbd73eb7b286f313bc022bbfa3205c
SHA1 4c31ef38cfd38ea425623a06275ab097df831318
SHA256 4e0a16c9a06b959d35cfe99fa665b22d1d19cc9e8395aae3c09b2746d52c263d
SHA512 892431bb6a73e7de58ec5e56bd33a6c4f64952f0784097bc181258435ecb140b359f654c43ce1d2fce83806c85a1bd09068e9d01d0fc92fc60d23dbaa1790081

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b034154c4eb92d1b5fa4ae1acb9bae1b
SHA1 0b6c7ece983231765b1aebfe7e451c13c310dac0
SHA256 7f4659e164e8156db3170e2bfc3f8679f87f84b9222a1aae078fe8670e441e06
SHA512 d8847b916729ec5310dfa26b0680f2b09156ef1cd46356f07ed6ca7ea0749000b1c63d53843757865df9ef8b8221021c5a059ac13fc364f914ee86164263d7eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e24cfd6294a45617b2da315eb85b5f66
SHA1 6ec9001e8b9fa748da63b1b4606afce2603e2747
SHA256 97390f07ecaa21ef030b234db74115fd4a2bdb242f1fb109ad4c8c0c8644a7b8
SHA512 6e10325bc6f2823e7e2611b80d0a29420789ea62908a8064ce972abb5f836aef5c91fe5dde1798634adf3d4ee06034ec95d510599a18beb236ad87c61cd49163

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 91fb4bedaa0eba7c771522c028902583
SHA1 88452270c8958f51b0e38a4e3ef90c2756058361
SHA256 ae592157fe4313818fda5b8767625c1ccc32dab65155ca831eb427144dc11b80
SHA512 5653ad58a6298618f84a7482d1f5ecd01b7b82d6384f2311d05e2d4a77a259df84c6070e3ea95b591b3cc37ee2083a65bad9e32a9d38fe74d3564a6cf41c7ba5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 d2be317dfbf772e66a8c15c2f87ae24d
SHA1 bd590f174dc17f8ffa6f6901fe0457b8aeef1b57
SHA256 b48730220ed8397df609debc3a6c8c5db3cbce2e9815aeb7ecc1f62e5039814e
SHA512 4d7605d728e9a2a7998bd2581d14296e9367011eb1bc5fe7e6db769903c38523ddafb5e070c30f6ee2f542aa3d4608ec4902877d605217d4340f68bb139a242c

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\nod58E5.dll.nup

MD5 9815df1ec090183f8b23137dddea9ea0
SHA1 920c4d5dfcd12fa5929ad6e5c5f93a8c6534d2b9
SHA256 31735719bce344f548fe63d5f05fa80c3599bbcf2c09de0f941c27a9878bc75b
SHA512 b877f4181b1517b3b7e43779a82753ed3c6ac48ea0a666bb95b93e22dcb7b108f7de8455efe6cf664b732ceed45c9ba7dcfff8e0212be1c694362524ebb86371

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\nod3A07.dll.nup

MD5 7c4b4d9fa21f84c39a5f1c90e0ebc9d3
SHA1 067941bb945786d9b5cc5374870144a9033d0278
SHA256 08415e7bb44d5c7994fb006ec435ae347617c90cb5facdc07fcc370922a587e4
SHA512 c1e5d2de661ad0ac50fbe8a415976a58f75f05fefa79cf75e2e7e48ce23a1a25f77868bfa0904fddd6a7c675ae57e644ac5c3a833fbc2bd81becd0a0cd83fc86

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\nod120B.dll.nup

MD5 9faa0581e27057c67dfb96d91e2821b7
SHA1 065a64f5fac4ef7c18526724fe09288743781ab1
SHA256 3dff134f73a3688fcba8f8869a567265883b5a49dae903aba4136b7a4b44a3fe
SHA512 b1c165769ce01b8ecaecaa4a273b3b3cfa411fbe3c5af7d3f3eecdbc5d58e843f957599c862d9398d64745b323fcc315daddcefe884c0b94e8335b7b2535ac21

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\76c74b73-b6ec-4410-8a7b-aa642218955f.down_data

MD5 5683c0028832cae4ef93ca39c8ac5029
SHA1 248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512 aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 4fe0988b5035c51b296745e2ca89898f
SHA1 cc00e4b74e1f1ad188b9b14b04e3c6b33e7aeab0
SHA256 617c889d60b1204853bec67b7e90b1b50df89dcb2fc850f139377498184bf97a
SHA512 63cdc1f1e45c311fc39b216040d1388b0a1db07784f903386b72d5517e9bc6647a70ab7404467b42437f26e280b1c547e1812c060c79447b7200080a0850be54

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\nod44F2.dll.nup

MD5 84d48b750b66e8fa17623161aab9ea50
SHA1 259c6be6d2f003a223272fd05c50df10e3e38db0
SHA256 577e3e990a26ca16ac6def84b3eb9a3d70d390d8cb5ff5694e8df82e37b28889
SHA512 9bb433f86710a730e87c147cab05427f6bc8c2d63ad2ce649a43384829ccf5b764edef96157ae5642936e196667b54cf53359a3fdc1bfab5003d6cd0facea538

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\nod33D3.dll.nup

MD5 932e59c8701a06b8d2264df6b1dd7d7c
SHA1 3109c8d649d5d432ea6c89ed621a57c925f7a751
SHA256 c9ed95b4a05d56d55bf2cbd4d069eed8e2f2f60e3b92e60d15fbecef463fcd2c
SHA512 de5f9129201e816c6e365004df59f2652df48f66f02b5205955691397305148438eb9f9270374cdce2aae3513910ffdf54463096e3d494ef15bcc800b33f08d6

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\nod495D.dll.nup

MD5 3bb7673e2df8a6e32bb973d9f4fc41f2
SHA1 116e086d468619ef837ad94eb7d1dc5703eda933
SHA256 927d5b2af0ee6f19fb4d407fbcb496e9e4672385abfcb9b815224e6ef4b6f85a
SHA512 4196990c7c59ae20777438d352f72effe2be1ad1d1815d88eb038811c1cf043c454d4ef7154d110b4c02bde746f213811c28d0c53e170b9b08e5dbdb84a0deab

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\nod7A66.dll.nup

MD5 c4fc95d837189129656774cac4683205
SHA1 e9d0d87a3302374873a803f17c82d45a2e12a82f
SHA256 897278ac3c128869316d4b57f6a2d6d70779104f0d1cf9a75c5ae2c2aad054f2
SHA512 2c616708877f66b0c13967c376af3422888acc51cef7777ac733733ae0d76c308944fe903d746654802d1d0f72a28f3ddeb4622c060cf8dd6e1cec7bff883d8e

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\nod3B7D.dll.nup

MD5 cc0874ec0eb41944f029497bd552feda
SHA1 643addc1ffaad25cb64c0d0d769eea47089f01b5
SHA256 c57c2181727ff328cdc2e9d382a5b425395b63feb42cd3be4e2cfe1b75de9813
SHA512 095bccb68a7453cf2339f5d1ed6093be0be1b5f221e7bb049400b68450d0651abf76cd501bc9c726a76c557eec742ffc7e5c3fb5f0c2448dd6e2d3c4752bfab8

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\nod2958.dll.nup

MD5 826b25a4bfcea9f975c7e221351c8599
SHA1 6ce0bad67b1abf3ff5e05cffdca9a61d9d417fe0
SHA256 123b9a396e7cae61f97ef698cc65ba181843d535735b5d3a24a41831b200d7a9
SHA512 879073d3856a1737370e469e884ad32a3c8fd70a030ffb5ca3511437cae92efba6547e70c3c53c7c56e66e3eb8551b7794ed09fa902d495bca7900c73595bfb4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 e91ee655fc370fc76cae70be75eb4da7
SHA1 b1c2a36a252373b78768ff0b8c7c414975f8230d
SHA256 2119db0210675f0217218459520534d0442fb93f8d2ad66ba4b20c8d2a430ac2
SHA512 6295ce62fc97be1ee529b0c4dde9d8b806e7972d89378d527740c3865bae85e089883634ad2c3a72b0f0c63f0a0758645733e9e8d9092fb87bd7cc3e95d6c7f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\823130c5-2127-4360-8975-4ede89f3e7d6.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4decec0ab035f9b9a154407ad3c8ce49
SHA1 e60d73f1abeb3a6637912dc7068567ecc6dcfa5e
SHA256 e47a04eee7fc79dd6034023585141b14d2a91a17e44a481b0e24deb0f250feb8
SHA512 8bd70a69495abd2c38b0b34ec3c36286a63169975afd4d2d54425e8f4fc1078797845b430109b6b33321fda93782a4b1625787c5eab66eb4a15c6ec8cb021c8d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1288b3605595aac41cee8de5b99c06a6
SHA1 25db71d039a533ed2a82f5d54293b2d9f78126f2
SHA256 29662034e97a4a79a5de4ececebd967a9a8c30e65349569882b63862ed7e0dbd
SHA512 4c145d6d2f7929211509d960f24a8b8c3f5c99dce487c0f57de6d6e43e379e060bc19679709121e0129becc963af6fb1fabbcc2a78820c81ff8cafb4d73864e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e1fc8908d84c248f0a9cebeee38a32d9
SHA1 d5b79029f012261d54a7bc70303c46b578f3fb5a
SHA256 8a50b35bdf7d1abdef6336ab0e8c8ec8915fca19032849d5a3c5c33f89bc1d6a
SHA512 68b9cfc87e148550fbd485a4af7e0d74ab38f0ec518305403b368f57ffa31c55ec8f4bc2d4892e0458127b6a69af812a4452a09572f8fd13c5e4ded18ec1d4bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0bcd3cb3de676f4523106e4aed88f4f1
SHA1 2d5a138dca3e2a7eae17257933461e79e247da6c
SHA256 fc5fe1c6971f5a250ef2bd3d95953267cc4b7f62ca23ea4f34cbf3defffd0823
SHA512 528cd2955a76adc1260a4139c8a8120a5d48bf97494e837fe4f93a34340eac590128378627f7fe87696440b2b56719995963b6c4064b4681ae90d46b8a208fa9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3e78c30545e216188d0e9f78859f114b
SHA1 43b7b63c320ab6764af64d83f2ea6ec21f00cf7f
SHA256 aa57ce87695fc041ebb8f4bea289f0dbd32c713d683d7a16a5eaa4b9fbd49f85
SHA512 45e7667e3dd2447ba5201b1f5b48b7bac0eaa463d79418e4c41d8c39c1d9ebf800c6fdd087151a9bc3aa703101c8a377305965850d16c2f89b062bd3686fc516

C:\Users\Admin\AppData\Local\Temp\NUPCCA2.tmp

MD5 b7f61cd736c97883e82b73c4b5dd18be
SHA1 75e1cd2c42bbc07f9040a6da3eb950121f54ec99
SHA256 03da9a2700e9521fb0d04d2a583149d2e0b3f2824db7faf9ea12e3d36db2b4f4
SHA512 1afd7a9d24a1cf36edf70a3abf712a299a3c740b33c1d7b17f282d1020e0ab4d12b2c69b4d7a822cbc8ef220266a9bc7869266889068701017139cf0ecb94657

C:\Users\Admin\AppData\Local\Temp\NUPCCF6.tmp

MD5 57d52f4615ed0cf9b850c1388652eb52
SHA1 ab272922d9c6d56520ac4b61fd432e7df9150698
SHA256 d997ef4df7195256e4f8ab5910e7bb6225b80dcd774cc7d39fdc7da0d7d92301
SHA512 99a378a60d86a75615eef691a7667e1dbba8d9f086186e11316a8fc2d5273ca3885f643b1ffc304b8138df05e806e54db84d4f805dd531a5c9ba089e82b7413b

C:\Users\Admin\AppData\Local\Temp\NUPE201.tmp

MD5 5afe35600c7fea66051976fcd3261a2e
SHA1 fa57ef11171d3159aacbaae20b4cf522de667370
SHA256 2ba935bd84d9a0555c04303e7ae20986c1ef5de7c00c556add137a7c07d17c28
SHA512 db351e47bb1ff096d357f5b9f38dbaf05c1cdb3053b55a6481df8eee448f2ceabd074b5e3a9ad851d103e1cc6be9912ec62ef99d88d814fa70640918a29caf6b

C:\Users\Admin\AppData\Local\Temp\NUPE291.tmp

MD5 f997f2bc27080a51f9106c720cc1c451
SHA1 6502c6c54f9bc234d77d7d3e94be1d2b2ccb2724
SHA256 2bce6f39c4c058c201c2fc0c19fdde51bd7eabcfea5402c5153059b99d161ba4
SHA512 8c09a169c88338dd3338610b305a85cfd37b0881a65d8c3d427bc38da0d8b2fc8c3794594d8f90b6d5b5cc7d8c11666a86d9313a0132115d8fed4a56c233ed92

C:\Users\Admin\AppData\Local\Temp\NSFE38F.tmp

MD5 efa3a0cebf091f2304e4a6d3ac94c4e8
SHA1 53ee974f32602cf6f82d31a2425c0726ff47f8c5
SHA256 2c5fc56d07feb98ea21b2989da1374bbebfd70d9210792f849bc3015c3b001a6
SHA512 0aa594ab88d28f82aba704da30c42eed25acc1307889d72d0c45cb813ba05087ad17514484f4d7624a5d5ccd599d2804709e3aec7ff83e9e7c76af3959c2507a

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\Modules\em000_32\1113\new_1850\ppt4EA82C6A0B8949AB\postprocess.dll

MD5 6d3d4e8be91c60ba6db7c8808d73db44
SHA1 cdb00b79320d7e6a3e31db9cd157931e9ff20b3a
SHA256 c69a1308f5fd9c00102df9e22c7ab823eb3457cc862f740cf6d5dd37cc28fd5b
SHA512 93c0a6c6d65bef4e39ad3f295111577056dc8c62128f1afd291121d25595bf0691199f7dbc251b602d2b70553075ab3c01f42ccfba3b7f4e380a7517fca462ac

C:\Users\Admin\AppData\Local\Temp\NSFE527.tmp

MD5 6d7c3c4a787cdeaa6dce850e357dc202
SHA1 9dd2305593d7342a3a2056969728762f0349c786
SHA256 aabb551aba9485ef18ffbb85781f46f6e303c688f4a5179a81b926a6114ba546
SHA512 618d757090a62dbe9de55b50521f78f5f1027248b327ac3134960ba35ac9b36f2237f00c7255bbfb9e112e02d2bde994d62f2aca1ed10943e35642ff4064faf8

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\Modules\data\updfiles\nod25E5.dll.nup

MD5 0d7778a27ecb08d4d9640255a95399ca
SHA1 48f0a0c2b897fb76d75b0d04a95294b14b04c768
SHA256 20ac62f5610a4129998b699be6e326a8a78b04f0a028ad5264534d8b34442a96
SHA512 88b430ae825dfde43a37ec15bf9151e1822ee30a0322836953d0f11908851421f2eaa9cc7dde95b091017150e61f9f44dc2131ebf5e793d04ad8ab2e36758b04

C:\Users\Admin\AppData\Local\Temp\NUPE6.tmp

MD5 3b9e0642f67b09b33f57f163f8d9f998
SHA1 458710e005b33fbe9687d387ed8ca676a4e7694f
SHA256 eb0a8af7197401a7718b474c218aecf746bbdbea06338b0822839382de64d19f
SHA512 3f801e59e58b24cb2b757506c504860f890065739a895fc6388c3bc269f03944eabf92f64c40f770368f4b26f88b81156554ecb2f4d45dc759315d84b10977a3

C:\Users\Admin\AppData\Local\Temp\NUP128.tmp

MD5 ebb26504da2b6d5f5d82c8b921608934
SHA1 ef20ad2010632eaaffcc58dbf0b3d2bb55f9c3cb
SHA256 9ab80dc72990cf6056e6f3c9a743d89f2c95bec6021a308cc3dd9a76333dcd73
SHA512 afb0563b82ae58a72a7c273bfbb10c19b16886ea2240f06484607c706c25d94dcd5216c2a128fb5422ae6c69ca517af313deee4fe9ba6f38a329cead7ecd03ce

C:\Users\Admin\AppData\Local\Temp\NUP12A.tmp

MD5 ed774aa79f56bdf78b446072d63e5507
SHA1 df851bcacac1ab4cd78f2a1ba04d3ecc40c621e8
SHA256 41442d1263adea0401a6b8df296226132aea1b864b8e737b118d6f9af5175cdb
SHA512 30092fe2a3176018052ce1397d3a2b6b65c871819904a8e470e83a713614b30ad78ddfd5f949744810a5707b95af88eca7c5a676c2f54bef03f8a4c1aecc2d5f

C:\Users\Admin\AppData\Local\Temp\NUPE4.tmp

MD5 1d2b7dad4d7b44fa4d877468f820c096
SHA1 237186bf2810948707b982c50fdcfd544b3fc962
SHA256 3ee294af1ae7bdb3101b94e1d0a0762032308529cadd41302669be8680c7b05d
SHA512 cc7979a64c6f8150707ac26d15234fae40444112af60b9f14f4c6c5954ede4483ede59927e95b6f21c2a69e910e9e9515cd06a8459514fcc8a473ef256190b98

C:\Users\Admin\AppData\Local\Temp\NUP507.tmp

MD5 f524e554617cae56e6c27395096e7c3e
SHA1 d010821e5fb18cd7a4af31e0a71992ed3b0fabbd
SHA256 c340f97bf068712cee0c8515e8044f2163ee72c02ebc5f9fe817356d4b6e2c5e
SHA512 2f27a7522eec78909be4098a2bc1eb0b899b8ea484503bb882eee8728db03b54c8186f7a53e93ff6a04a06da50130f4383dba7dd705bb95a0e459fcc4d0f4a09

C:\Users\Admin\AppData\Local\Temp\NUP518.tmp

MD5 22204184477fdc233dc0f4cdb5a1aaf7
SHA1 7b296d0590c6ffcf68f9d959876ad9a903d3d0b0
SHA256 41cb8eca87ea10219f5bfb2dba411c97a52cd1c01338645a9f594c77ca431519
SHA512 aa6b6defba9e31503fc7e81aeffa06f1bf23bdf328f3aae71f9ffab6f0610a70431570f6a7855c964bfbd902555d929c50a0fa2deccd7f397397fbcd5dcd3bb6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8M6Q59YF\Banner[1].json

MD5 68e79a12b5e427ee200e3665030e2918
SHA1 758aea5d7fe07bc35e378cf8fba26e22682c7be9
SHA256 2b75f7770ca4041e3abff1e3f8ec9e9c69107a95075a92424841396cffd21d7c
SHA512 459e2da24eb3cb5866260bff18ad4864a9538b1055ab9a0076416a022d057bca895ecc9d7178b661c481063cd09cdc3e9e6db14e74a3ed69c178c81b60cff4ce

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8M6Q59YF\Banner[1].json

MD5 b30a3c1314c98d0b762ed71b5825d977
SHA1 67bc2fa0c16fc143670d725d89f6b8feff64c6b8
SHA256 cac95f037db5335b086e03a28f8251e5eb04f6142b709c97ae4a2e5d753cfb49
SHA512 7506856021ecfafa575609a1bdfaf94cf7bdeb3934868fdb8f549fbfd9477107e96a61edbb8bbb2fc1f4b0493c0dd3700cdda33f1d2de8f9f7f49c42ac5b29a9

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8M6Q59YF\Banner2[1].png

MD5 af499a804240ab56b31c50fed5a864c4
SHA1 982cbddf49ffc4a09c15a5550d70cb22bc15b1fe
SHA256 ffa77b5dc8754bc611ca4fbbc44d3fb3cfbf18fb6687b876d02c146a0dc5fe00
SHA512 066c7f9c02f841b37740daf85e3751aae1ac030d131e78b74a20b495b92ec2ec43f2efc1c41fe988c08b4b73b4bcc86b1f6a281f45a261d0adbb93a5c10e635f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8M6Q59YF\Background[2].png

MD5 8e606efa74619dd3179732866478e9fd
SHA1 ae786ba0e310497b2ece324c2b0413aa1002d1ec
SHA256 a3b7b5c28e034859f88f72e92893ad612e6ae2afb6f2b5040a310f94946be6be
SHA512 beef336aa340e3cc2a2e71fe7375785a88dd6cdac73c465876fcef6e0dd48f71a0177abc6959ae32004e6e3e107ec30028ce8e05104c66c09f9c154ea1c51389

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8M6Q59YF\Text_Home_1033_enu[1].htm

MD5 99f68657216600aff06543ea05d64ed0
SHA1 8da0dd4126925dad42d8f1ba9f9010fbb229ae0d
SHA256 381699f2e28c178bf85b9dc2f149adb821ac90f53f875c1ca478448c0eac8a52
SHA512 4cc2addfb1c94cf74ad771511a3df2840e35ac72bc374d1c9b778f8d6d9ab34bb70a9fea6f5b2396c79938963c039d541eeb64a605040d83c79e8e4c044d4dac

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8M6Q59YF\Text_1033_enu_b2[1].htm

MD5 ac9dd675cf8631e1f94458f9f42df1f1
SHA1 5870f8c2ae6d44c90888bdcaa25fde0e2877a99e
SHA256 df758f13ce38ee6a9ff041bcaafe582373c5dcf0139dc3494354372f5b5c5b1a
SHA512 94c54f4986655567ad9ffe672cc348406a3f0c4f228adfdc0b84be81088cba7353c651bda86d9b69838352a3a0259ccab7c00a29470c972e3f6f4991fc4dfdb1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8M6Q59YF\Banner3[1].png

MD5 015849a8ef0bf6e73e82ed2952f1c72a
SHA1 21d281b54448ea3b3447c229e91927da36980973
SHA256 e863590a454bdf2e6e6923bb7f5db80832392c46777ee57894fbb7fe3056da7c
SHA512 5e92c68342f9344428dfb8a6125015e63f6a3f521162e9aaba9e3919bea91781a20b0e6f7223e0ae7fdcf29d8e36282103b01ab462e1f90bbb78ad4a2f5cc9e1

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8M6Q59YF\Text_1033_enu_b3[1].htm

MD5 dc78f90cb894e82d66092e7c1e153bbf
SHA1 7e464afd96d48c4eb3c957d5697c4048960de014
SHA256 fb6d357e3f1fc26ec731db158430826d0f048fadd6a2ec23631fba793ae39cff
SHA512 2bb1f7b62e46f180969e28d96f9a938cd180022ac3718c53187a7dd70315c7f848c58fd41a22297e529c871436e4301e744e98bf1bcbba1c404c05dc33df3426

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8M6Q59YF\Banner4[2].png

MD5 9594de532fc383916abe75a697dbef37
SHA1 5bf526637659a8e9b5fa3469bcc3404b20e9aa63
SHA256 3635fbaad5815e18c258c8b4116c80eb5934804ea00facea153dfc3b26b7d196
SHA512 01ad8000a18236ccd4509850901091161ed926e88d06c68a0688253ce93577c62c95a8917d0a9cdbd6a142340980a59156c7481405deb27d2b375ed67189c1b4

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8M6Q59YF\Text_1033_enu_b4[1].htm

MD5 a0a5fcd2aec9f4d1cbccd03f3e323e5f
SHA1 063eba62236269188847911d5c8facc914d2b3cf
SHA256 3cd2e4e9877d11c57a50ba182afe632ed29f10328e075d2765e477248be9bf58
SHA512 1aa7d68e5ff35361c11e5680bab7be7e3860ca6950927aea063f1f9a322d30b8ba11ebbf5be8c7c64f871c500afdd787325153950352b914b2047490731a406d

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\Data\escdb.dat

MD5 32e356d5146fdd1085a6a21de46ddfb9
SHA1 8989374560fd029384a709d61ca2b5a3df8fc7b3
SHA256 c620f6d8a5a493e4bc0cf4ffa82b72a1d3571b88a5aee812b3750e016096ccdc
SHA512 7beae8501a2d40bc49f5979cadc9c4863575d80a5e77ee739ac3d59edce22f004239aa72c4f4dd0b63316abde2092147b99e24da97e7ca562edee994c057a8da

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\OldModules\data\esdk_update.cfg

MD5 882d8175bac99b6247671e8684d03efa
SHA1 8a5b8254c4d92f6b5ad5ac210904d398bc762c5f
SHA256 3e7f361d94d3dd2dc2b27625d43623c00be40b15d0bf13bcdf0f2acfff7436e9
SHA512 adf1ceec4ff36043d0af30edabf3079127901b5ab4655821ded0e5bc10c4df139b80d95e13f170f3dbda284a3ebcadd1a4d7e82a329a76b18f677240886da461

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\periodic_notify_scan.png

MD5 f01d082d8d177b5431decd5e11c463a7
SHA1 00e788cf0757924370b2ade0a2c942771560d2ac
SHA256 546811fec8d0172296a10701a24e00f20d08d89965d5ead2cd615c1f8e00ee69
SHA512 7afba20abb14c7d16c426bbe4e6cd87f16756e1b1d5bceded03b78157a24aa2868bffc91f5d80e5ca60e5c95bb0af472dd122bb4bb44a50d3280224e36552562

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\periodic_notify_upgrade.png

MD5 5a7c3261d766db7e9960d03912eb2ac9
SHA1 1a278432ba27786cd72b182f5cb43931c27680d6
SHA256 9c6a245b997b51fbaab7bf09e9c576fb814d5278f8d249c79e12f915ba5720d6
SHA512 014474f12c9d9604b5804b81a83cfdd59168eb4bd91495087baa7ac984fe24df516d71ad596145b1b3e66fddbbb1b817e3f97fbfdb17a1630d782fc3b8776b75

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk

MD5 fb30ad3268352e00f151886b369061e2
SHA1 f76ec5537c1c884b692d349befca03a5a38d10a8
SHA256 952c9280d3a2ddbd4601ff06a99fa3e7bde4ed5e98042ceb98f078267d9f5882
SHA512 e5edfb7f888bddfbdc7f974eb357c6f8f31d84f0a53af11a29f860e1975893e98284affb392a61dcb3d115722b5832e125f929a69f3feb684850eb3d81e18b52

C:\Users\Admin\Desktop\ESET Online Scanner.lnk

MD5 235b2b735dfd7c408c627ae256c7f247
SHA1 e455b3c3a24d23c53726385519023a311dfcb2b7
SHA256 4e04872e21fa80712a4a5878931e5587931e00eeb2be711122ea4e8f278f39ad
SHA512 8ceb2ade51fdd1a5aa65486825a260d85a402347e5e875faaa4a9801a2d930039d679e06ea6cbd78175b97ac4f431a17b441866e66de3852d51ca0d9746d5625

C:\Users\Admin\AppData\Local\ESET\ESETOnlineScanner\Quarantine\5FC9C6AB334DB1F875FBC59A03F5506C478C6C3E.NDF

MD5 96d0bb8529c282ab90b6d86323558240
SHA1 bb8fe145c4344b34db4cafd2ca0d66d38c69b990
SHA256 4f1299e12b539efdf9b0e32186b26edecd1f864350ee15a4f67e46635b8bcb33
SHA512 590cfae22d03696e236e0815696a8f53f75139b2293621f18724d529436e1f2284e1ce3d776e8268a05cd65daf52e4182402215ba8ca7101ff7d47857693c32a

memory/5512-4278-0x0000029BF31D0000-0x0000029BF32D0000-memory.dmp

memory/5512-4277-0x0000029BF3690000-0x0000029BF3790000-memory.dmp

memory/5512-4339-0x0000029BF5D30000-0x0000029BF5D50000-memory.dmp

memory/5512-4338-0x0000029BF6040000-0x0000029BF6140000-memory.dmp

memory/5512-4337-0x0000029BF5560000-0x0000029BF5580000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\MSL4LVZ8\www.bing[1].xml

MD5 6eaf0091c7a5a15ecffe9eac0729104f
SHA1 2fb4ccd2ba83e33c9a75f6aa274c360922295931
SHA256 f38698eaab0f76d1ef6ed58a102552537feea2d622b5e6afa9530e8373e267c8
SHA512 f0448c91abb6550e43145bcb52417db5cfa7746b79b8e3e9f4ff9d24aace5997e1fbe07f68e964fa6b50233707d8ec41279bb6f4f3a3b8e1f3d1e8bbf2eb96f1

memory/5512-4430-0x0000029BF9A80000-0x0000029BF9B80000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\MSL4LVZ8\www.bing[1].xml

MD5 4a1daefcb2c0752f41b7315a67437324
SHA1 04324f55d602baa154918c88b252b5d939c7c089
SHA256 8639994616de5191989dcc6070a732f6489ae77503142a622c5596030395f919
SHA512 f22ac89ce6e9ecfd07d6e3b4e868c9b5cdb7f75d113c680be997380e2dc7bac8a5a791b46b925c628a115e7d8b59e4f37254737fa71d8a08aa779b2b095f3201