Automated Malware Analysis Management Report for PLAY.mal_.exe

Overview

General Information

Sample Name:	PLAY.mal_.exe
Analysis ID:	695797
MD5:	223eff1610b432a1f1aa06c60bd7b9a6
SHA1:	14177730443c65aefeeda3162b324fdedf9cf9e0
SHA256:	006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55
Tags:	exePLAYransomware
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Writes many files with high entropy

Tries to harvest and steal browser information (history, passwords, etc)

Creates a DirectInput object (often for capturing keystrokes)

Uses 32bit PE files

Installs a raw input device (often for capturing keystrokes)

Sample file is different than original file name gathered from version info

Tries to load missing DLLs

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to read the PEB

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

Sample execution stops while process was sleeping (likely an evasion)

Yara detected Keylogger Generic

Checks for available system drives (often done to infect USB drives)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains functionality to query network adapater information

Abnormal high CPU Usage

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: PLAY.mal_.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: PLAY.mal_.exe	ReversingLabs: Detection: 80%
Source: PLAY.mal_.exe	Virustotal: Detection: 71%	Perma Link
Source: PLAY.mal_.exe	Metadefender: Detection: 45%	Perma Link

Uses 32bit PE files

Source: PLAY.mal_.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: A:\ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: B:\ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\ReadMe.txt	Jump to behavior

Source: PLAY.mal_.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: netutils.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.380967509.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wkernel32.pdb source: PLAY.mal_.exe, 00000000.00000003.380378382.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: bcrypt.pdb source: PLAY.mal_.exe, 00000000.00000003.380946454.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdb source: PLAY.mal_.exe, 00000000.00000003.381007395.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: msvcrt.pdb source: PLAY.mal_.exe, 00000000.00000003.392615104.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wrpcrt4.pdb source: PLAY.mal_.exe, 00000000.00000003.381337074.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: PLAY.mal_.exe, 00000000.00000003.380084663.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: shcore.pdb source: PLAY.mal_.exe, 00000000.00000003.393091382.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wwin32u.pdbGCTL source: PLAY.mal_.exe, 00000000.00000003.402134952.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: bcryptprimitives.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.381571826.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wgdi32.pdb source: PLAY.mal_.exe, 00000000.00000003.398338084.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: advapi32.pdb source: PLAY.mal_.exe, 00000000.00000003.397854199.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: fltLib.pdb source: PLAY.mal_.exe, 00000000.00000003.402653498.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wsspicli.pdb source: PLAY.mal_.exe, 00000000.00000003.381518459.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: cfgmgr32.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.392986515.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: shell32.pdb source: PLAY.mal_.exe, 00000000.00000003.382779971.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wrpcrt4.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.381337074.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: msvcp_win.pdb source: PLAY.mal_.exe, 00000000.00000003.399573219.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wgdi32.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.398338084.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wimm32.pdb source: PLAY.mal_.exe, 00000000.00000003.402719687.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wkernelbase.pdb source: PLAY.mal_.exe, 00000000.00000003.380476408.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: shlwapi.pdb source: PLAY.mal_.exe, 00000000.00000003.398164138.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: mpr.pdb source: PLAY.mal_.exe, 00000000.00000003.402907884.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: shlwapi.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.398164138.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wwin32u.pdb source: PLAY.mal_.exe, 00000000.00000003.402134952.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wsspicli.pdbGCTL source: PLAY.mal_.exe, 00000000.00000003.381518459.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: combase.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.393364039.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.381007395.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: srvcli.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.381294989.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wkernelbase.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.380476408.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: cryptbase.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.381549375.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wuser32.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.400002647.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: shell32.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.382779971.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: srvcli.pdb source: PLAY.mal_.exe, 00000000.00000003.381294989.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wimm32.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.402719687.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: fltLib.pdbGCTL source: PLAY.mal_.exe, 00000000.00000003.402653498.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: profapi.pdb source: PLAY.mal_.exe, 00000000.00000003.402283247.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wgdi32full.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.398793778.000000000317B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ws2_32.pdb source: PLAY.mal_.exe, 00000000.00000003.382187348.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: iphlpapi.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.381918022.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wgdi32full.pdb source: PLAY.mal_.exe, 00000000.00000003.398793778.000000000317B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: shcore.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.393091382.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: mpr.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.402907884.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: sechost.pdb source: PLAY.mal_.exe, 00000000.00000003.381665426.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: iphlpapi.pdb source: PLAY.mal_.exe, 00000000.00000003.381918022.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: XAMLHostHwndvolumelabelmasteredudfhelpJOLIETUDFData\Program Files\$Windows.~BT\Windows\ProgramData\Program Files (x86)\Program Files\Data\Windows\Data\ProgramData\Data\Program Files (x86)\.cer.cdxml.cat.automaticdestinations-ms.appxpackage.appxbundle.appxWindows.old\.fon.etl.efi.dsft.dmp.customdestinations-ms.cookie.msm.msip.mpb.mp.p12.p10.otf.ost.olb.ocx.nst.mui.pdb.partial.p7x.p7s.p7r.p7m.p7c.p7b.psf.psd1.pfx.pfm.pem.ttc.sys.sst.spkg.spc.sft.rll.winmd.wim.wfs.vsix.vsi.vmrs.vmcxWININET.xap%s (%d).%s\shellIfExecBrowserFlagsft%06dNeverShowExtAlwaysShowExtTopicL source: PLAY.mal_.exe, 00000000.00000003.382779971.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.380084663.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: powrprof.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.402395094.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: powrprof.pdb source: PLAY.mal_.exe, 00000000.00000003.402395094.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: Windows.Storage.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.394554162.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: apphelp.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.380856909.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: Kernel.Appcore.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.402226498.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wkernel32.pdbGCTL source: PLAY.mal_.exe, 00000000.00000003.380378382.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: sechost.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.381665426.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: Kernel.Appcore.pdb source: PLAY.mal_.exe, 00000000.00000003.402226498.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: bcrypt.pdbGCTL source: PLAY.mal_.exe, 00000000.00000003.380946454.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: msvcp_win.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.399573219.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: advapi32.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.397854199.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: cryptbase.pdb source: PLAY.mal_.exe, 00000000.00000003.381549375.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: bcryptprimitives.pdb source: PLAY.mal_.exe, 00000000.00000003.381571826.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: cfgmgr32.pdb source: PLAY.mal_.exe, 00000000.00000003.392986515.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: Windows.Storage.pdb source: PLAY.mal_.exe, 00000000.00000003.394554162.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: combase.pdb source: PLAY.mal_.exe, 00000000.00000003.393364039.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ApplicationFrameWindowWindows.Foundation.Collections.IIterator`1<IUnknown>Windows.Foundation.Collections.IVectorView`1<IUnknown>Windows.Foundation.Collections.IVector`1<IUnknown>@%SystemRoot%\System32\SettingSyncCore.dll,-1024internal\onecoreuapshell\private\inc\shouldswitchtodesktop.hinternal\onecoreuapshell\private\inc\sharedstoragesources\syncrootcommon.hData\Program Files\Data\Program Files (x86)\Data\ProgramData\Data\Windows\Program Files\Program Files (x86)\ProgramData\Windows\$Windows.~BT\Windows.old\.appx.appxbundle.appxpackage.automaticdestinations-ms.cat.cdxml.cer.cookie.customdestinations-ms.dmp.dsft.efi.etl.fon.ini.iso.mp.mpb.msip.msm.mui.nst.ocx.olb.ost.otf.p10.p12.p7b.p7c.p7m.p7r.p7s.p7x.partial.pdb.pem.pfm.pfx.psd1.psf.rll.sft.spc.spkg.sst.ttc.ttf.vmcx.vmrs.vsi.vsix.wfs.wim.winmd.xapFTSearched0000000000000000000BasicPropertiesDocumentPropertiesImagePropertiesVideoPropertiesMusicPropertiesRenameAsyncOverloadDefaultOptionsRenameAsyncIStorageItem2GetParentAsyncIsEqualGetThumbnailAsyncOverloadDefaultSizeDefaultOptionsGetThumbnailAsyncOverloadDefaultOptionsget_DisplayNameIStorageItemProperties2GetScaledImageAsThumbnailAsyncOverloadDefaultSizeDefaultOptionsGetScaledImageAsThumbnailAsyncOverloadDefaultOptionsGetScaledImageAsThumbnailAsyncIStorageItemPropertiesWithProviderget_ProviderIStorageItemThumbnailAccessPrivGetScaledImageOrThumbnailAsyncIStorageItemHandleAcccessOpenAsyncPrivatePauseDeferredUpdateSetStreamedFileCallbackGetStreamedFileCallbackGetSpecialInternalPropertySetSpecialInternalPropertyCreateTempFileInSameLocationCopyOverloadDefaultOptionsCopyOverloadCopyAndReplaceAsyncMoveOverloadDefaultNameAndOptionsWindows.Security.EnterpriseData.FileProtectionManagerMoveOverloadDefaultOptionsoptionsCreateFolderAsyncOverloadDefaultOptionsGetItemAsyncGetItemsAsyncOverloadDefaultStartAndCountCreateFileQueryOverloadDefaultCreateFileQueryCreateFolderQueryOverloadDefaultCreateFolderQueryCreateFolderQueryWithOptionsCreateItemQueryWithOptionsGetFilesAsyncOverloadDefaultStartAndCountGetFoldersAsyncOverloadDefaultStartAndCountget_MusicLibraryget_HomeGroupget_RemovableDevicesget_MediaServerDevicesget_Playlistsget_SavedPicturesget_Objects3Dget_AppCapturesget_RecordedCallsGetFolderForUserAsyncget_ApplicationDataSharedLocalGetPublisherCacheFolderGetApplicationDataFolderForUserGetPublisherCacheFolderForUserknownfolder:{AB5FB87B-7CE2-4F83-915D-550846C9537B}knownfolder:{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}knownfolder:{1C2AC1DC-4358-4B6C-9733-AF21156576F0}knownfolder:{FDD39AD0-238F-46AF-ADB4-6C85480369C7}knownfolder:{374DE290-123F-4565-9164-39C4925E467B}knownfolder:{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}knownfolder:{4BD8D571-6D19-48D3-BE97-422220080E43}knownfolder:{33E28130-4E1E-4676-835A-98395C3BC3BB}knownfolder:{AE50C081-EBD2-438A-8655-8A092E34987A}knownfolder:{C870044B-F49E-4126-A9C3-B52A1FF411E8}knownfolder:{3B193882-D3AD-4eab-965A-69829D1FB59F}knownfolder:{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}knownfolder:{18989B1D-99B5-455B-841C-AB7C74E4DDFC}get_Langua
Source:	Binary string: profapi.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.402283247.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: apphelp.pdb source: PLAY.mal_.exe, 00000000.00000003.380856909.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wuser32.pdb source: PLAY.mal_.exe, 00000000.00000003.400002647.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ws2_32.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.382187348.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: netutils.pdb source: PLAY.mal_.exe, 00000000.00000003.380967509.0000000003100000.00000004.00001000.00020000.00000000.sdmp

Checks for available system drives (often done to infect USB drives)

Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: z:	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: x:	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: v:	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: t:	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: r:	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: p:	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: n:	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: l:	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: j:	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: h:	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: f:	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: b:	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: y:	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: w:	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: u:	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: s:	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: q:	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: o:	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: m:	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: k:	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: i:	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: g:	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: e:	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: a:	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: [:	Jump to behavior

Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AEB625 FindFirstFileW,		0_2_00AEB625
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AFC6C9 FindFirstFileExW,		0_2_00AFC6C9

Creates a DirectInput object (often for capturing keystrokes)

Source: PLAY.mal_.exe, 00000000.00000003.380476408.0000000003100000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: DirectInput8Create

Installs a raw input device (often for capturing keystrokes)

Source: PLAY.mal_.exe, 00000000.00000003.400002647.0000000003100000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: GetRawInputData

Yara detected Keylogger Generic

Source: Yara match	File source: 0.3.PLAY.mal_.exe.3100000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.380476408.0000000003100000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: PLAY.mal_.exe PID: 6884, type: MEMORYSTR

Spam, unwanted Advertisements and Ransom Demands

Writes many files with high entropy

Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db entropy: 7.99370881577	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\Default\NTUSER.DAT entropy: 7.99938002977	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies entropy: 7.99055398413	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TM.blf entropy: 7.99747182705	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\Default\NTUSER.DAT.LOG1 entropy: 7.9969397682	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000001.regtrans-ms entropy: 7.99960447813	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000002.regtrans-ms entropy: 7.99967785702	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Recovery\WindowsRE\boot.sdi entropy: 7.99994281938	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Recovery\WindowsRE\Winre.wim entropy: 7.99978673587	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst entropy: 7.9987204886	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat entropy: 7.99927592854	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\eventpage_bin_prod.js entropy: 7.99755154683	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin entropy: 7.99692318117	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs entropy: 7.99994189562	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx entropy: 7.999942459	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx entropy: 7.99730845969	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs entropy: 7.99993639407	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma entropy: 7.99983376886	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Affiliation Database entropy: 7.99410406039	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-62FC0DB0-1450.pma entropy: 7.99996109326	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\cab1.cab entropy: 7.99819227613	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab entropy: 7.99978805821	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\ProgramData\Package Cache\{19F7E289-17B8-44EC-A099-927507B6F739}v14.21.27702\packages\vcRuntimeMinimum_x86\cab1.cab entropy: 7.99988789096	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\ProgramData\Package Cache\{213668DB-2263-4E2D-ABB8-487FD539130E}v14.21.27702\packages\vcRuntimeAdditional_x86\cab1.cab entropy: 7.99996778285	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab entropy: 7.99840138716	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab entropy: 7.99854582847	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab entropy: 7.99982593479	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\17f7cd50011af964_0 entropy: 7.99724336878	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab entropy: 7.99981866052	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab entropy: 7.99978332161	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab entropy: 7.99996026328	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\ProgramData\Package Cache\{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}v14.21.27702\packages\vcRuntimeMinimum_amd64\cab1.cab entropy: 7.99988212784	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1ba843d01a7fd21b_0 entropy: 7.99766796554	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2fc35d15f2eabeff_0 entropy: 7.99740770967	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab entropy: 7.99996505694	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.001.etl entropy: 7.99332668999	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.004.etl entropy: 7.99231889317	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.002.etl entropy: 7.99436517777	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4d1a34821fab0830_0 entropy: 7.99882313552	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.009.etl entropy: 7.99064060505	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\ProgramData\USOShared\Logs\UpdateUx_Temp.1.etl entropy: 7.99535932735	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5e3d1997942e96db_0 entropy: 7.99887352838	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5d86ce9f97b83b7a_0 entropy: 7.99783382452	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6634d30d3dcbf0b9_0 entropy: 7.99918174312	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\92ed7279d3e98be7_0 entropy: 7.99803431143	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9aac68df8d0c7a90_0 entropy: 7.9966570813	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\craw_background.js entropy: 7.99966238658	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_metadata\verified_contents.json entropy: 7.99088819373	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\craw_window.js entropy: 7.99934838305	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\flapper.gif entropy: 7.99723232037	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.005.etl entropy: 7.99115870016	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fc9785cdcbaea0b7_0 entropy: 7.99854856742	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: A:\Recovery\WindowsRE\boot.sdi.PLAY (copy) entropy: 7.99994281938	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx_Temp.1.etl.PLAY (copy) entropy: 7.99535932735	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.PLAY (copy) entropy: 7.99332668999	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.PLAY (copy) entropy: 7.99231889317	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.PLAY (copy) entropy: 7.99064060505	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.PLAY (copy) entropy: 7.99436517777	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.PLAY (copy) entropy: 7.99115870016	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{19F7E289-17B8-44EC-A099-927507B6F739}v14.21.27702\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY (copy) entropy: 7.99988789096	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY (copy) entropy: 7.99978805821	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}v14.21.27702\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY (copy) entropy: 7.99988212784	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY (copy) entropy: 7.99981866052	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY (copy) entropy: 7.99982593479	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY (copy) entropy: 7.99996026328	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY (copy) entropy: 7.99996505694	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{213668DB-2263-4E2D-ABB8-487FD539130E}v14.21.27702\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY (copy) entropy: 7.99996778285	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY (copy) entropy: 7.99854582847	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY (copy) entropy: 7.99840138716	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY (copy) entropy: 7.99819227613	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies.PLAY (copy) entropy: 7.99055398413	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\eventpage_bin_prod.js.PLAY (copy) entropy: 7.99755154683	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_metadata\verified_contents.json.PLAY (copy) entropy: 7.99088819373	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\craw_background.js.PLAY (copy) entropy: 7.99966238658	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\craw_window.js.PLAY (copy) entropy: 7.99934838305	Jump to dropped file
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\flapper.gif.PLAY (copy) entropy: 7.99723232037	Jump to dropped file

Uses 32bit PE files

Source: PLAY.mal_.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Sample file is different than original file name gathered from version info

Source: PLAY.mal_.exe, 00000000.00000003.392933278.00000000031B2000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcrt.dllj% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.399573219.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp_win.dllj% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.400002647.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameuser32j% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.380967509.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNETUTILS.DLLj% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.380261953.0000000003216000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.398164138.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSHLWAPI.DLLj% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.402719687.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameimm32j% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.393364039.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCOMBASE.DLLj% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.382779971.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: LInternalNameOriginalFileNameProductNameProductVersionCompanyNameLegalCopyrightLegalTrademarksPlatform vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.382779971.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSHELL32.DLLj% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.381337074.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamerpcrt4.dllj% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.380378382.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamekernel32j% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.398338084.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamegdi32j% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.393091382.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSHCORE.dllj% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.394554162.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWindows.Storage.dllj% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.381918022.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameiphlpapi.dllj% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.381571826.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamebcryptprimitives.dllj% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.382187348.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamews2_32.dllj% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.402395094.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamePOWRPROF.DLLj% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.397854199.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameadvapi32.dllj% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.402907884.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamempr.dllj% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.380946454.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamebcrypt.dllj% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.402283247.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamePROFAPI.DLLj% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.402134952.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWin32u.DLLj% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.402653498.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamefilterLib.dllj% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.381665426.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesechost.dllj% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.381294989.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSRVCLI.DLLj% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.392986515.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCFGMGR32.DLLj% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.381007395.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameucrtbase.dllj% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.398793778.000000000317B000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamegdi32j% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.380476408.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: NSC_NameNSC_AddressNSC_PhoneNSC_EmailNSC_DescriptionWM/WriterWM/ConductorWM/ProducerWM/DirectorWM/ContentGroupDescriptionWM/SubTitleWM/PartOfSetWM/ProtectionTypeWM/VideoHeightWM/VideoWidthWM/VideoFrameRateWM/MediaClassPrimaryIDWM/MediaClassSecondaryIDWM/PeriodWM/CategoryWM/PictureWM/Lyrics_SynchronisedWM/OriginalLyricistWM/OriginalArtistWM/OriginalAlbumTitleWM/OriginalReleaseYearWM/OriginalFilenameWM/PublisherWM/EncodedByWM/EncodingSettingsWM/EncodingTimeWM/AuthorURLWM/UserWebURLWM/AudioFileURLWM/AudioSourceURLWM/LanguageWM/ParentalRatingWM/BeatsPerMinuteWM/InitialKeyWM/MoodWM/TextWM/DVDIDWM/WMContentIDWM/WMCollectionIDWM/WMCollectionGroupIDWM/UniqueFileIdentifierWM/ModifiedByWM/RadioStationNameWM/RadioStationOwnerWM/PlaylistDelayWM/CodecWM/DRMWM/ISRCWM/ProviderWM/ProviderRatingWM/ProviderStyleWM/ContentDistributorWM/SubscriptionContentIDWM/WMADRCPeakReferenceWM/WMADRCPeakTargetWM/WMADRCAverageReferenceWM/WMADRCAverageTargetWM/StreamTypeInfoWM/PeakBitrateWM/ASFPacketCountWM/ASFSecurityObjectsSizeWM/SharedUserRatingWM/SubTitleDescriptionWM/MediaCreditsWM/ParentalRatingReasonWM/OriginalReleaseTimeWM/MediaStationCallSignWM/MediaStationNameWM/MediaNetworkAffiliationWM/MediaOriginalChannelWM/MediaIsStereoWM/MediaOriginalBroadcastDateTimeWM/VideoClosedCaptioningWM/MediaIsRepeatWM/MediaIsLiveWM/MediaIsTapeWM/MediaIsDelayWM/MediaIsSubtitledWM/MediaIsPremiereWM/MediaIsFinaleWM/MediaIsSAPWM/ProviderCopyrightWM/ISANWM/ADIDWM/WMShadowFileSourceFileTypeWM/WMShadowFileSourceDRMTypeWM/WMCPDistributorWM/WMCPDistributorIDWM/SeasonNumberWM/EpisodeNumberEarlyDataDeliveryJustInTimeDecodeSingleOutputBufferSoftwareScalingDeliverOnReceiveScrambledAudioDedicatedDeliveryThreadEnableDiscreteOutputSpeakerConfigDynamicRangeControlAllowInterlacedOutputVideoSampleDurationsStreamLanguageEnableWMAProSPDIFOutputDeinterlaceModeInterlacedCodingInitialPatternForInverseTelecineJPEGCompressionQualityWatermarkCLSIDWatermarkConfigFixedFrameRate_SOURCEFORMATTAG_ORIGINALWAVEFORMAT_EDL_COMPLEXITYEX_DECODERCOMPLEXITYPROFILEReloadIndexOnSeekStreamNumIndexObjectsFailSeekOnErrorPermitSeeksBeyondEndOfStreamUsePacketAtSeekPointSourceBufferTimeSourceMaxBytesAtOnce_VBRENABLED_VBRQUALITY_RMAX_BMAXVBR PeakBuffer Average_COMPLEXITYEXMAX_COMPLEXITYEXOFFLINE_COMPLEXITYEXLIVE_ISVBRSUPPORTED_PASSESUSEDMusicSpeechClassModeMusicClassModeSpeechClassModeMixedClassModeSpeechFormatCapPeakValueAverageLevelFold6To2Channels3Fold%luTo%luChannels%luDeviceConformanceTemplateEnableFrameInterpolationNeedsPreviousSampleWM/IsCompilation\| vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.380476408.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameKernelbase.dllj% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.402226498.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamekernel.appcore.dllj% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.381518459.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesecurity.dllj% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.380856909.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: -%system32%%systemroot%\system32%sysnative%%windir%%programfilesnative%%systemdrive%\Program FilesCommonFilesDirCommonProgramFilesCommonFilesDir (x86)CommonProgramFiles(x86)ProgramFilesDirProgramFilesProgramFilesDir (x86)ProgramFiles(x86)ProgramDataPublicWIN16WIN32DOSUNKNOWNProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright\StringFileInfo\000004B0\\StringFileInfo\000004E4\\StringFileInfo\040904B0\\StringFileInfo\040904E4\__PROCESS_HISTORYDATABASELIBRARYINEXCLUDESHIMPATCHAPPEXEEXE_TYPEMATCHING_FILESHIM_REFPATCH_REFLAYERFILEAPPHELPLINKDATAMSI_TRANSFORMMSI_TRANSFORM_REFMSI_PACKAGEFLAGCONTEXTMSI_CUSTOM_ACTIONFLAG_REFCONTEXT_REFACTIONLOOKUPNAMEDESCRIPTIONMODULEAPIVENDORAPP_NAMECOMMAND_LINEDLLFILEWILDCARD_NAMEAPPHELP_DETAILSLINK_URLLINK_TEXTAPPHELP_TITLEAPPHELP_CONTACTSXS_MANIFESTDATA_STRINGMSI_TRANSFORM_FILELAYER_DISPLAYNAMECOMPILER_VERSIONACTION_TYPESTRINGTABLEOFFSETSHIM_TAGIDPATCH_TAGIDPREVOSMAJORVERPREVOSMINORVERPREVOSPLATFORMIDPREVOSBUILDNOPROBLEMSEVERITYLANGIDENGINEHTMLHELPIDINDEX_FLAGSFLAGSDATA_VALUETYPEDATA_DWORDLAYER_TAGIDMSI_TRANSFORM_TAGIDFROM_LINK_DATEUPTO_LINK_DATEFLAG_TAGIDCONTEXT_TAGIDRUNTIME_PLATFORMGUEST_TARGET_PLATFORMURLURL_IDAPP_NAME_RC_IDVENDOR_NAME_RC_IDSUMMARY_MSG_RC_IDDESCRIPTION_RC_IDPARAMETER1_RC_IDTAGIDSTRINGTABLE_ITEMINCLUDEGENERALMATCH_LOGIC_NOTAPPLY_ALL_SHIMSUSE_SERVICE_PACK_FILESMITIGATION_OSMONITORING_OFFTELEMETRY_OFFRAC_EVENT_OFFSHIM_ENGINE_OFFLAYER_PROPAGATION_OFFBLOCK_UPGRADEBLOCK_UPGRADE_TYPEREINSTALL_UPGRADEREINSTALL_UPGRADE_TYPEINCLUDEEXCLUDEDLLTIMEMODTIMEFLAG_MASK_KERNELFROM_BIN_PRODUCT_VERSIONUPTO_BIN_PRODUCT_VERSIONDATA_QWORDFLAG_MASK_USERFLAGS_NTVDM1FLAGS_NTVDM2FLAGS_NTVDM3FLAG_MASK_SHELLFLAG_MASK_WINRTFROM_BIN_FILE_VERSIONUPTO_BIN_FILE_VERSIONFLAG_MASK_FUSIONFLAG_PROCESSPARAMFLAG_LUAFLAG_INSTALLPATCH_BITSFILE_BITSEXE_IDDATA_BITSMSI_PACKAGE_IDDATABASE_IDINDEX_BITSINDEXESINDEXMATCH_MODETAGINDEX_TAGINDEX_KEYCONTEXT_PLATFORM_IDCONTEXT_BRANCH_IDFIX_IDAPP_IDKDEVICEKDRIVERMATCHING_DEVICEACPIBIOSCPUOEMKFLAGKFLAG_REFKDATAKSHIMKSHIM_REFVENDOR_IDDEVICE_IDSUB_VENDOR_IDSUB_SYSTEM_IDREVISION_EQREVISION_LEREVISION_GEDATE_EQDATE_LEDATE_GECPU_MODEL_EQCPU_MODEL_LECPU_MODEL_GECPU_FAMILY_EQCPU_FAMILY_LECPU_FAMILY_GECREATOR_REVISION_EQCREATOR_REVISION_LECREATOR_REVISION_GEFORCE_CACHETRACE_PCAPACKAGEID_NAMEPACKAGEID_PUBLISHERPACKAGEID_ARCHITECTUREPACKAGEID_LANGUAGEPACKAGEID_VERSIONFROM_PACKAGEID_VERSIONUPTO_PACKAGEID_VERSIONOSMAXVERSIONTESTEDFROM_OSMAXVERSIONTESTEDUPTO_OSMAXVERSIONTESTEDROUTING_MODEOS_VERSION_VALUEQUIRKQUIRK_TAGIDQUIRK_REFQUIRK_ENABLED_VERSION_LTQUIRK_COMPONENT_CODE_IDQUIRK_CODE_IDQUIRK_OFFELEVATED_PROP_OFFMIGRATION_DATAMIGRATION_DATA_TYPEMIGRATION_DATA_REFMIGRATION_DATA_TEXTMIGRATION_DATA_TAGIDBIOS_BLOCKMATCHING_INFO_BLOCKDEVICE_BLOCKUPGRADE_DRIVER_BLOCKMANUFACTURERMODELDATEUPGRADE_DATAMATCHING_REGREG_VALUE_NAMEREG_VALUE_TYPEREG_VALUE_DATA_SZREG_VALUE_DATA_DWORDREG_VALUE_DATA_QWORDREG_VALUE_DATA_BINARYMATCHING_TEXTTEXTTEXT_ENCODINGMACHINE_BLOCKSHIM_CLASSOS_UPGRADEPACKAGEE
Source: PLAY.mal_.exe, 00000000.00000003.380856909.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameApphelpj% vs PLAY.mal_.exe
Source: PLAY.mal_.exe, 00000000.00000003.381549375.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamecryptbase.dllj% vs PLAY.mal_.exe

Tries to load missing DLLs

Source: C:\Users\user\Desktop\PLAY.mal_.exe

Section loaded: ext-ms-win-gdi-desktop-l1-1-0.dll

Jump to behavior

Detected potential crypto function

Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AF51D0	0_2_00AF51D0
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AE4A81	0_2_00AE4A81
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AE1CAC	0_2_00AE1CAC
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AE5409	0_2_00AE5409
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AE5D3E	0_2_00AE5D3E
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AEC7B0	0_2_00AEC7B0
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AE2F76	0_2_00AE2F76
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AE705A	0_2_00AE705A
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00B0223D	0_2_00B0223D
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AEF580	0_2_00AEF580
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AEC7D9	0_2_00AEC7D9

Abnormal high CPU Usage

Source: C:\Users\user\Desktop\PLAY.mal_.exe

Process Stats: CPU usage > 98%

Source: PLAY.mal_.exe	ReversingLabs: Detection: 80%
Source: PLAY.mal_.exe	Virustotal: Detection: 71%
Source: PLAY.mal_.exe	Metadefender: Detection: 45%

Source: PLAY.mal_.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\PLAY.mal_.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: PLAY.mal_.exe, 00000000.00000003.382779971.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: @ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/AppExplorer.AssocActionId.BurnSelectionExplorer.AssocActionId.CloseSessionIehistoryIerssJavascriptJscriptLDAPResrloginStickyNotesExplorer.AssocActionId.EraseDiscExplorer.AssocActionId.ZipSelectionExplorer.AssocProtocol.search-msExplorer.BurnSelectionExplorer.CloseSessionExplorer.EraseDiscExplorer.ZipSelectionFile.adp.app.application.appref-ms.asp.bas.cnt.cpftelnettn3270VbscriptwindowsmediacenterappwindowsmediacentersslwindowsmediacenterwebWMP11.AssocProtocol.MMS.ade.hlp.hme.hpj.hta.ins.isp.its.jse.cpl.crd.crds.crt.csh.fxp.gadget.grp.mat.mau.mav.maw.mcf.mda.mde.mdt.ksh.mad.maf.mag.mam.maq.mar.mas.mshxml.mst.ops.pcd.pl.plg.prf.prg.mdw.mdz.msc.msh.msh1.msh1xml.msh2.msh2xml.pvw.plsc.rb.rbw.rdp.rgu.scf.scr.printerexport.provxml.ps2.ps2xml.psc2.py.pyc.pyo.vsw.webpnp.ws.wsc.wsh.xaml.xdp.xip.shb.shs.theme.tsk.vb.vbe.vbp.vsmacros.xnkBRITNLSVDAFIHUNOENDEJAKOTWCNFRHEEUISsr-Latn-CSsr-SP-Latnsr-Cyrl-CSsr-SP-Cyrlsr-Latn-BAELPLRUCSPTSKSLARbs-BA-Latnzh-Hantzh-CHTzh-Hanszh-CHSsr-BA-Latnsr-Cyrl-BAsr-BA-Cyrliu-Latn-CAiu-CA-Latnbs-Cyrl-BAbs-BA-Cyrlbs-Latn-BAdadeelenesfifrhearbgcarmroruhrsksqsvthhuisitjakonlplptfavihyazeuhsbmksttrurukbeetlvlttghimtsegayimskkkytstnvexhzuafkafotateknmlasmrsamnswtkuzttbnpaguorsdsyrsichriuamtzmksbocykmlomyglkokmniibbyoquznsobalbklignefypsfildvbinffhapaparnmohbrugmioccokromtignhawlasoiiar-SAbg-BGca-ESzh-TWcs-CZda-DKde-DEel-GRgswsahqucrwwoprsgdkuja-JPko-KRnl-NLnb-NOpl-PLpt-BRrm-CHro-ROen-USes-ES_tradnlfi-FIfr-FRhe-ILhu-HUis-ISit-ITid-IDuk-UAbe-BYsl-SIet-EElv-LVlt-LTtg-Cyrl-TJru-RUhr-HRsk-SKsq-ALsv-SEth-THtr-TRur-PKts-ZAtn-ZAve-ZAxh-ZAzu-ZAaf-ZAka-GEfo-FOfa-IRvi-VNhy-AMaz-Latn-AZeu-EShsb-DEmk-MKst-ZAtk-TMuz-Latn-UZtt-RUbn-INpa-INgu-INor-INta-INhi-INmt-MTse-NOyi-001ms-MYkk-KZky-KGsw-KEcy-GBkm-KHlo-LAmy-MMgl-ESkok-INmni-INsd-Deva-INte-INkn-INml-INas-INmr-INsa-INmn-MNbo-CNfy-NLps-AFfil-PHdv-MVbin-NGff-NGha-Latn-NGibb-NGsyr-SYsi-LKchr-Cher-USiu-Cans-CAam-ETtzm-Arab-MAks-Arabne-NPom-ETti-ETgn-PYhaw-USla-001so-SOii-CNpap-029yo-NGquz-BOnso-ZAba-RUlb-LUkl-GLig-NGkr-NGsah-RUquc-Latn-GTrw-RWwo-SNprs-AFgd-GBku-Arab-IQqps-plocarn-CLmoh-CAbr-FRug-CNmi-NZoc-FRco-FRgsw-FRit-CHnl-BEnn-NOpt-PTro-MDru-MDsv-FIur-INqps-plocaar-IQca-ES-valenciazh-CNde-CHen-GBes-MXfr-BEpa-Arab-PKta-LKmn-Mong-CNsd-Arab-PKtzm-Latn-DZks-Deva-INne-INff-Latn-SNaz-Cyrl-AZdsb-DEtn-BWse-SEga-IEms-BNuz-Cyrl-UZbn-BDes-ESfr-CAse-FImn-Mong-MNdz-BTquz-PEar-LYzh-SGquz-ECti-ERqps-Latn-x-shqps-plocmar-EGzh-HKde-ATen-AUzh-MOde-LIen-NZes-CRfr-LUsmj-SEar-MAen-IEde-LUen-CAes-GTfr-CHhr-BAsmj-NOtzm-Tfng-MAar-DZar-OMen-JMes-VEfr-REsms-FIar-YEen-029es-COes-PAfr-MCsma-NOar-TNen-ZAes-DOfr-029sma-SEar-JOen-TTes-ARfr-CMsr-Latn-MEar-LBen-ZWes-ECfr-CDsr-Latn-RSsmn-FIar-SYen-BZes-PEfr-SNsr-Cyrl-RSes-UYfr-MAar-BHen-HKes-PYfr-HTar-QAen-INfr-CIsr-Cyrl-MEar-KWen-PHes-CLfr-MLar-AEen-IDes-419es-CUbs-Cyrlbs-Latnsr-Cyrlsr-Latnsmnaz-Cyrles-BOen-MYes-SVen-SGes-HNes-NIes-PRes-USiu-Canstzm-Tfngnbsrtg-Cyrldsbsmjuz-Latnsmszhnnbsaz-Latnsmauz-Cyrlmn-Cyrlquc-Lat
Source: PLAY.mal_.exe, 00000000.00000003.394554162.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: .xlsmMicrosoft.Office.Desktop_8wekyb3d8bbwe!Excel.dot.dotx.docmMicrosoft.Office.Desktop_8wekyb3d8bbwe!WordMicrosoft.Office.Desktop_8wekyb3d8bbwe!PowerPoint.ods.xla.xlam.xlt.xltm.xltx.xlsb.pps.ppsm.ppsx.thmx.pot.potm.potx.pptmms-powerpointms-excelms-word.odp.ppa.ppamABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/Explorer.AssocActionId.CloseSessionExplorer.AssocActionId.EraseDiscExplorer.AssocActionId.ZipSelectionExplorer.AssocProtocol.search-msExplorer.BurnSelectionExplorer.CloseSessionExplorer.EraseDiscExplorer.ZipSelectionAppExplorer.AssocActionId.BurnSelectionStickyNotestelnettn3270VbscriptwindowsmediacenterappwindowsmediacentersslwindowsmediacenterwebWMP11.AssocProtocol.MMSFileIehistoryIerssJavascriptJscriptLDAPResrlogin.cpf.crd.crds.crt.csh.fxp.gadget.grp.ade.adp.app.application.appref-ms.asp.bas.cnt.ksh.mad.maf.mag.mam.maq.mar.mas.hlp.hme.hpj.hta.ins.isp.its.jse.mdw.mdz.msc.msh.msh1.msh1xml.msh2.msh2xml.mat.mau.mav.maw.mcf.mda.mde.mdt.printerexport.provxml.ps2.ps2xml.psc2.py.pyc.pyo.mshxml.mst.ops.pcd.pl.plg.prf.prg.shb.shs.theme.tsk.vb.vbe.vbp.vsmacros.pvw.plsc.rb.rbw.rdp.rgu.scf.scr.xnk.vsw.webpnp.ws.wsc.wsh.xaml.xdp.xipKOTWCNFRBRITNLSVENDEJAPTTRSKSLARHEEUISDAFIHUNOELPLRUCSiu-Latn-CAiu-CA-Latnbs-Cyrl-BAbs-BA-Cyrlbs-Latn-BAbs-BA-Latnzh-Hantzh-CHTsr-Latn-CSsr-SP-Latnsr-Cyrl-CSsr-SP-Cyrlsr-Latn-BAsr-BA-Latnsr-Cyrl-BAsr-BA-Cyrlzh-Hanszh-CHSarbgcacsdadeitjakonlplptrmroelenesfifrhehuisukbesletlvlttgfaruhrsksqsvthtrurtnvexhzuafkafohivihyazeuhsbmksttstkuzttbnpaguortamtsegayimskkkyswcykmlomyglkokmnisdteknmlasmrsamnbofypsfildvbinffhaibbsyrsichriuamtzmksneomtignhawlasoiipapyoquznsobalbkligkrsahqucrwwoprsgdkuar-SAarnmohbrugmioccogswes-ES_tradnlfi-FIfr-FRhe-ILhu-HUis-ISit-ITja-JPbg-BGca-ESzh-TWcs-CZda-DKde-DEel-GRen-UShr-HRsk-SKsq-ALsv-SEth-THtr-TRur-PKid-IDko-KRnl-NLnb-NOpl-PLpt-BRrm-CHro-ROru-RUvi-VNhy-AMaz-Latn-AZeu-EShsb-DEmk-MKst-ZAts-ZAuk-UAbe-BYsl-SIet-EElv-LVlt-LTtg-Cyrl-TJfa-IRmt-MTse-NOyi-001ms-MYkk-KZky-KGsw-KEtk-TMtn-ZAve-ZAxh-ZAzu-ZAaf-ZAka-GEfo-FOhi-INkn-INml-INas-INmr-INsa-INmn-MNbo-CNcy-GBuz-Latn-UZtt-RUbn-INpa-INgu-INor-INta-INte-INsi-LKchr-Cher-USiu-Cans-CAam-ETtzm-Arab-MAks-Arabne-NPfy-NLkm-KHlo-LAmy-MMgl-ESkok-INmni-INsd-Deva-INsyr-SYquz-BOnso-ZAba-RUlb-LUkl-GLig-NGkr-NGom-ETps-AFfil-PHdv-MVbin-NGff-NGha-Latn-NGibb-NGyo-NGmoh-CAbr-FRug-CNmi-NZoc-FRco-FRgsw-FRsah-RUti-ETgn-PYhaw-USla-001so-SOii-CNpap-029arn-CLar-IQca-ES-valenciazh-CNde-CHen-GBes-MXfr-BEit-CHquc-Latn-GTrw-RWwo-SNprs-AFgd-GBku-Arab-IQqps-plocqps-plocadsb-DEtn-BWse-SEga-IEms-BNuz-Cyrl-UZbn-BDpa-Arab-PKnl-BEnn-NOpt-PTro-MDru-MDsv-FIur-INaz-Cyrl-AZti-ERqps-Latn-x-shqps-plocmar-EGzh-HKde-ATen-AUes-ESta-LKmn-Mong-CNsd-Arab-PKtzm-Latn-DZks-Deva-INne-INff-Latn-SNquz-ECen-CAes-GTfr-CHhr-BAsmj-NOtzm-Tfng-MAar-DZzh-MOfr-CAse-FImn-Mong-MNdz-BTquz-PEar-LYzh-SGde-LUfr-MCsma-NOar-TNen-ZAes-DOfr-029sma-SEar-OMde-LIen-NZes-CRfr-LUsmj-SEar-MAen-IEes-PAsr-Latn-RSsmn-FIar-SYen-BZes-PEfr-SNsr-Cyrl-RSar-JOen-JMes-VEfr-REsms-FIar-YEen-029es-COfr-CDsr-Cyrl-MEar-KWen-PHes-CLf
Source: PLAY.mal_.exe, 00000000.00000003.398164138.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: RtlDllShutdownInProgress_p0.System......./UseSystemForSystemFoldersSoftware\Microsoft\Windows\CurrentVersion\Explorerdesktop.ini%APPDATA%%USERPROFILE%%ALLUSERSPROFILE%%ProgramFiles%%SystemRoot%%SystemDrive%\\%COMPUTERNAME%...\...PATH.exe.lnk.cmd.bat.com.pifCutListSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation\VarFileInfo\Translation\StringFileInfo\%04X%04X\FileDescription\StringFileInfo\040904E4\FileDescription\StringFileInfo\04090000\FileDescriptionProgram ManagerpszDesktopTitleW%%%s%%%sUSERPROFILEProgramFilesSystemRootSystemDrivewindir"%1"commandshellSoftware\classesDefaultIconshell\%sAssignmentType0Software\Classes\Applications\%sSoftware\Classes\Applications%1.ade.adp.app.asp.cer.chm.cnt.crt.csh.der.fxp.gadget.grp.hlp.hpj.inf.ins.isp.its.js.jse.ksh.mad.maf.mag.mam.maq.mar.mas.mat.mau.mav.maw.mcf.mda.mdb.mde.mdt.mdw.mdz.msc.msh.msh1.msh1xml.msh2.msh2xml.mshxml.msp.mst.msu.ops.pcd.pl.plg.prf.prg.printerexport.ps1.ps1xml.ps2.ps2xml.psc1.psc2.psd1.psm1.pst.scf.sct.shb.shs.theme.tmp.url.vbe.vbp.vbs.vhd.vhdx.vsmacros.vsw.webpnp.ws.wsc.wsf.wsh.xnkHKCU:HKLM:HKCR:%s\shell\%s\commandshell\%s\commandSoftware\Clients\%sSoftware\Clients\%s\%sOpen.*....../UseSystemForSystemFoldersdesktop.ini%SystemDrive%\\%COMPUTERNAME%...\...%s\%s\StringFileInfo\04090000\FileDescriptionT

Source: C:\Users\user\Desktop\PLAY.mal_.exe

File written: C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\desktop.ini

Jump to behavior

Source: classification engine

Classification label: mal64.rans.spyw.winEXE@1/514@0/100

Source: C:\Users\user\Desktop\PLAY.mal_.exe

File read: C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\PLAY.mal_.exe

Code function: 0_2_00AEA224 GetDiskFreeSpaceExW,

0_2_00AEA224

Source: PLAY.mal_.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: PLAY.mal_.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: netutils.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.380967509.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wkernel32.pdb source: PLAY.mal_.exe, 00000000.00000003.380378382.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: bcrypt.pdb source: PLAY.mal_.exe, 00000000.00000003.380946454.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdb source: PLAY.mal_.exe, 00000000.00000003.381007395.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: msvcrt.pdb source: PLAY.mal_.exe, 00000000.00000003.392615104.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wrpcrt4.pdb source: PLAY.mal_.exe, 00000000.00000003.381337074.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: PLAY.mal_.exe, 00000000.00000003.380084663.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: shcore.pdb source: PLAY.mal_.exe, 00000000.00000003.393091382.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wwin32u.pdbGCTL source: PLAY.mal_.exe, 00000000.00000003.402134952.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: bcryptprimitives.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.381571826.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wgdi32.pdb source: PLAY.mal_.exe, 00000000.00000003.398338084.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: advapi32.pdb source: PLAY.mal_.exe, 00000000.00000003.397854199.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: fltLib.pdb source: PLAY.mal_.exe, 00000000.00000003.402653498.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wsspicli.pdb source: PLAY.mal_.exe, 00000000.00000003.381518459.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: cfgmgr32.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.392986515.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: shell32.pdb source: PLAY.mal_.exe, 00000000.00000003.382779971.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wrpcrt4.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.381337074.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: msvcp_win.pdb source: PLAY.mal_.exe, 00000000.00000003.399573219.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wgdi32.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.398338084.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wimm32.pdb source: PLAY.mal_.exe, 00000000.00000003.402719687.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wkernelbase.pdb source: PLAY.mal_.exe, 00000000.00000003.380476408.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: shlwapi.pdb source: PLAY.mal_.exe, 00000000.00000003.398164138.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: mpr.pdb source: PLAY.mal_.exe, 00000000.00000003.402907884.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: shlwapi.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.398164138.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wwin32u.pdb source: PLAY.mal_.exe, 00000000.00000003.402134952.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wsspicli.pdbGCTL source: PLAY.mal_.exe, 00000000.00000003.381518459.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: combase.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.393364039.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ucrtbase.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.381007395.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: srvcli.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.381294989.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wkernelbase.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.380476408.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: cryptbase.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.381549375.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wuser32.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.400002647.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: shell32.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.382779971.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: srvcli.pdb source: PLAY.mal_.exe, 00000000.00000003.381294989.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wimm32.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.402719687.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: fltLib.pdbGCTL source: PLAY.mal_.exe, 00000000.00000003.402653498.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: profapi.pdb source: PLAY.mal_.exe, 00000000.00000003.402283247.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wgdi32full.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.398793778.000000000317B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ws2_32.pdb source: PLAY.mal_.exe, 00000000.00000003.382187348.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: iphlpapi.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.381918022.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wgdi32full.pdb source: PLAY.mal_.exe, 00000000.00000003.398793778.000000000317B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: shcore.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.393091382.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: mpr.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.402907884.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: sechost.pdb source: PLAY.mal_.exe, 00000000.00000003.381665426.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: iphlpapi.pdb source: PLAY.mal_.exe, 00000000.00000003.381918022.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: XAMLHostHwndvolumelabelmasteredudfhelpJOLIETUDFData\Program Files\$Windows.~BT\Windows\ProgramData\Program Files (x86)\Program Files\Data\Windows\Data\ProgramData\Data\Program Files (x86)\.cer.cdxml.cat.automaticdestinations-ms.appxpackage.appxbundle.appxWindows.old\.fon.etl.efi.dsft.dmp.customdestinations-ms.cookie.msm.msip.mpb.mp.p12.p10.otf.ost.olb.ocx.nst.mui.pdb.partial.p7x.p7s.p7r.p7m.p7c.p7b.psf.psd1.pfx.pfm.pem.ttc.sys.sst.spkg.spc.sft.rll.winmd.wim.wfs.vsix.vsi.vmrs.vmcxWININET.xap%s (%d).%s\shellIfExecBrowserFlagsft%06dNeverShowExtAlwaysShowExtTopicL source: PLAY.mal_.exe, 00000000.00000003.382779971.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.380084663.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: powrprof.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.402395094.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: powrprof.pdb source: PLAY.mal_.exe, 00000000.00000003.402395094.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: Windows.Storage.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.394554162.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: apphelp.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.380856909.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: Kernel.Appcore.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.402226498.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wkernel32.pdbGCTL source: PLAY.mal_.exe, 00000000.00000003.380378382.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: sechost.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.381665426.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: Kernel.Appcore.pdb source: PLAY.mal_.exe, 00000000.00000003.402226498.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: bcrypt.pdbGCTL source: PLAY.mal_.exe, 00000000.00000003.380946454.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: msvcp_win.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.399573219.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: advapi32.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.397854199.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: cryptbase.pdb source: PLAY.mal_.exe, 00000000.00000003.381549375.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: bcryptprimitives.pdb source: PLAY.mal_.exe, 00000000.00000003.381571826.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: cfgmgr32.pdb source: PLAY.mal_.exe, 00000000.00000003.392986515.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: Windows.Storage.pdb source: PLAY.mal_.exe, 00000000.00000003.394554162.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: combase.pdb source: PLAY.mal_.exe, 00000000.00000003.393364039.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ApplicationFrameWindowWindows.Foundation.Collections.IIterator`1<IUnknown>Windows.Foundation.Collections.IVectorView`1<IUnknown>Windows.Foundation.Collections.IVector`1<IUnknown>@%SystemRoot%\System32\SettingSyncCore.dll,-1024internal\onecoreuapshell\private\inc\shouldswitchtodesktop.hinternal\onecoreuapshell\private\inc\sharedstoragesources\syncrootcommon.hData\Program Files\Data\Program Files (x86)\Data\ProgramData\Data\Windows\Program Files\Program Files (x86)\ProgramData\Windows\$Windows.~BT\Windows.old\.appx.appxbundle.appxpackage.automaticdestinations-ms.cat.cdxml.cer.cookie.customdestinations-ms.dmp.dsft.efi.etl.fon.ini.iso.mp.mpb.msip.msm.mui.nst.ocx.olb.ost.otf.p10.p12.p7b.p7c.p7m.p7r.p7s.p7x.partial.pdb.pem.pfm.pfx.psd1.psf.rll.sft.spc.spkg.sst.ttc.ttf.vmcx.vmrs.vsi.vsix.wfs.wim.winmd.xapFTSearched0000000000000000000BasicPropertiesDocumentPropertiesImagePropertiesVideoPropertiesMusicPropertiesRenameAsyncOverloadDefaultOptionsRenameAsyncIStorageItem2GetParentAsyncIsEqualGetThumbnailAsyncOverloadDefaultSizeDefaultOptionsGetThumbnailAsyncOverloadDefaultOptionsget_DisplayNameIStorageItemProperties2GetScaledImageAsThumbnailAsyncOverloadDefaultSizeDefaultOptionsGetScaledImageAsThumbnailAsyncOverloadDefaultOptionsGetScaledImageAsThumbnailAsyncIStorageItemPropertiesWithProviderget_ProviderIStorageItemThumbnailAccessPrivGetScaledImageOrThumbnailAsyncIStorageItemHandleAcccessOpenAsyncPrivatePauseDeferredUpdateSetStreamedFileCallbackGetStreamedFileCallbackGetSpecialInternalPropertySetSpecialInternalPropertyCreateTempFileInSameLocationCopyOverloadDefaultOptionsCopyOverloadCopyAndReplaceAsyncMoveOverloadDefaultNameAndOptionsWindows.Security.EnterpriseData.FileProtectionManagerMoveOverloadDefaultOptionsoptionsCreateFolderAsyncOverloadDefaultOptionsGetItemAsyncGetItemsAsyncOverloadDefaultStartAndCountCreateFileQueryOverloadDefaultCreateFileQueryCreateFolderQueryOverloadDefaultCreateFolderQueryCreateFolderQueryWithOptionsCreateItemQueryWithOptionsGetFilesAsyncOverloadDefaultStartAndCountGetFoldersAsyncOverloadDefaultStartAndCountget_MusicLibraryget_HomeGroupget_RemovableDevicesget_MediaServerDevicesget_Playlistsget_SavedPicturesget_Objects3Dget_AppCapturesget_RecordedCallsGetFolderForUserAsyncget_ApplicationDataSharedLocalGetPublisherCacheFolderGetApplicationDataFolderForUserGetPublisherCacheFolderForUserknownfolder:{AB5FB87B-7CE2-4F83-915D-550846C9537B}knownfolder:{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}knownfolder:{1C2AC1DC-4358-4B6C-9733-AF21156576F0}knownfolder:{FDD39AD0-238F-46AF-ADB4-6C85480369C7}knownfolder:{374DE290-123F-4565-9164-39C4925E467B}knownfolder:{bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968}knownfolder:{4BD8D571-6D19-48D3-BE97-422220080E43}knownfolder:{33E28130-4E1E-4676-835A-98395C3BC3BB}knownfolder:{AE50C081-EBD2-438A-8655-8A092E34987A}knownfolder:{C870044B-F49E-4126-A9C3-B52A1FF411E8}knownfolder:{3B193882-D3AD-4eab-965A-69829D1FB59F}knownfolder:{f3ce0f7c-4901-4acc-8648-d5d44b04ef8f}knownfolder:{18989B1D-99B5-455B-841C-AB7C74E4DDFC}get_Langua
Source:	Binary string: profapi.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.402283247.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: apphelp.pdb source: PLAY.mal_.exe, 00000000.00000003.380856909.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wuser32.pdb source: PLAY.mal_.exe, 00000000.00000003.400002647.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ws2_32.pdbUGP source: PLAY.mal_.exe, 00000000.00000003.382187348.0000000003100000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: netutils.pdb source: PLAY.mal_.exe, 00000000.00000003.380967509.0000000003100000.00000004.00001000.00020000.00000000.sdmp

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AE98A4 push edi; retf F1E9h	0_2_00AE9BDF
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AEE160 push cs; iretd	0_2_00AEE178
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AEA472 push edi; retf F1E9h	0_2_00AEA53E
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AF18CF pushfd ; ret	0_2_00AF18E1
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AE98CB push edi; retf F1E9h	0_2_00AE9BDF
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AEF839 push edi; ret	0_2_00AEF837
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AE1033 push eax; ret	0_2_00AE1051
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AE218F push ebp; ret	0_2_00AE21F7
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AEA9C6 push edi; ret	0_2_00AEA9CB
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AE1121 pushad ; ret	0_2_00AE1139
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AEF2AD push ss; ret	0_2_00AEF2AE
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AE933B push ds; ret	0_2_00AE9343
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AF037E pushad ; retf	0_2_00AF037F
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AF84E6 push ecx; ret	0_2_00AF84F9
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AEB441 push ecx; ret	0_2_00AEB451
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AF1600 push ebx; ret	0_2_00AF1615
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AEF7E0 push edi; ret	0_2_00AEF837
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AEDF16 push edi; ret	0_2_00AEDF29

Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: A:\ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: B:\ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File created: C:\ReadMe.txt	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\PLAY.mal_.exe TID: 5764

Thread sleep time: -90000s >= -30000s

Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Users\user\Desktop\PLAY.mal_.exe

Last function: Thread delayed

Contains functionality to query network adapater information

Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: GetAdaptersInfo,		0_2_00AF1A7D
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: GetAdaptersInfo,		0_2_00AF1B89

Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AEB625 FindFirstFileW,		0_2_00AEB625
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AFC6C9 FindFirstFileExW,		0_2_00AFC6C9

Source: C:\Users\user\Desktop\PLAY.mal_.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: PLAY.mal_.exe, 00000000.00000003.380476408.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: DisableGuestVmNetworkConnectivity
Source: PLAY.mal_.exe, 00000000.00000003.630100550.0000000001431000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: PLAY.mal_.exe, 00000000.00000003.380476408.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: EnableGuestVmNetworkConnectivity
Source: PLAY.mal_.exe, 00000000.00000003.464667289.0000000001430000.00000004.00000020.00020000.00000000.sdmp, PLAY.mal_.exe, 00000000.00000003.461841007.0000000001430000.00000004.00000020.00020000.00000000.sdmp, PLAY.mal_.exe, 00000000.00000003.467581499.0000000001436000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\PLAY.mal_.exe

Code function: 0_2_00AFA283 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00AFA283

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AFB0AC mov eax, dword ptr fs:[00000030h]		0_2_00AFB0AC
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AFD3FB mov eax, dword ptr fs:[00000030h]		0_2_00AFD3FB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\PLAY.mal_.exe

Code function: 0_2_00AFE483 GetProcessHeap,

0_2_00AFE483

Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AF83F1 SetUnhandledExceptionFilter,	0_2_00AF83F1
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AFA283 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00AFA283
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AF825E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00AF825E
Source: C:\Users\user\Desktop\PLAY.mal_.exe	Code function: 0_2_00AF7B41 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00AF7B41

Source: PLAY.mal_.exe, 00000000.00000003.382779971.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: ShellFileViewFolderExploreFolderConfirmCabinetIDDeleteGroupDeleteItemReplaceItemReloadFindFolderOpenFindFileCreateGroupShowGroupAddItemExitProgman[RN
Source: PLAY.mal_.exe, 00000000.00000003.382779971.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: %c:\%sExplorerDMGFrameGroupssetupPmFrameGetIconGetDescriptionGetWorkingDirSoftware\Microsoft\Windows\CurrentVersion\Explorer\MapGroupsSenderCA_DDECLASSInstallMake Program Manager GroupStartUpccInsDDEBWWFrameDDEClientWndClassBACKSCAPEMediaRecorderMedia Recorder#32770DDEClientddeClassgroups
Source: PLAY.mal_.exe, 00000000.00000003.394554162.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: TargetundeleteSoftware\Microsoft\Tracking\TimeOut::{9db1186e-40df-11d1-aa8c-00c04fb67863}:Shell_TrayWnd
Source: PLAY.mal_.exe, 00000000.00000003.398164138.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: PLAY.mal_.exe, 00000000.00000003.400002647.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: GetProgmanWindow
Source: PLAY.mal_.exe, 00000000.00000003.382779971.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: PreviewMetadataLabelPreviewMetadataSpacerPreviewEditMetadataPreviewMetadataControlIconLayoutsWorkAreaChangeActivityPreviewMetadataRowAddRemoveAppBarShell_TrayWndhomepagetasklinktasklinkTaskSearchTexttasks%s
Source: PLAY.mal_.exe, 00000000.00000003.398164138.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: *Program ManagerpszDesktopTitleWSoftware\Classes\
Source: PLAY.mal_.exe, 00000000.00000003.382779971.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: animationTileContentsSrcVerticalScrollBaranimationProgressSrcanimationTileContentsDstInneranimationTileContentsSrcInneranimationTileContentsDstanimationProgressDstInneranimationProgressDstanimationProgressSrcInnereltRegularTileHeadereltSummaryeltInterruptPaneeltProgressBaridOperationTileeltInterruptDoForAlleltItemIconeltInterruptDescriptioneltInterruptButtonsContainereltInterruptDeleteBtneltInterruptElevateBtneltItemPropseltItemNameeltInterruptYesBtneltInterruptRetryBtneltInterruptCancelBtneltInterruptSkipBtnConfirmationCheckBoxDoForAlleltInterruptNoBtneltInterruptOKBtnshell\shell32\operationstatusmgr.cppidTileSubTextidOperationInterrupteltInterruptDoForAllLabelidTileActionIdTileKeepSourceidItemTileIdTileDecideForEachIdTileIgnoreIdTileKeepAsPersonalIdTileKeepAsWorkIdTileKeepDestCustomCommandIconDecideForEachTileIconSkipTileIconKeepSourceTileIconeltItemTileContainereltConflictInterruptDescriptionidTileIconidCustomConflictInterrupteltInterruptTileHeaderidConflictInterrupteltRateChartCHARTVIEW%0.2fIdTileDefaulteltPauseButtoneltTileContentseltTile%ueltTimeRemainingeltConflictInterrupteltConfirmationInterrupteltLocationseltItemsRemainingeltDetailseltScrolleltRegularTileeltCancelButtonidTileHosteltScrollBarFillereltDividereltProgressBarContainereltDisplayModeBtnFocusHoldereltDisplayModeBtnWindows.SystemToast.ExplorerEnthusiastModeprogmaneltFooterArealfEscapementSoftware\Microsoft\NotepadRICHEDIT50WlfUnderlinelfItaliclfWeightlfOrientationlfClipPrecisionlfOutPrecisionlfCharSetlfStrikeOutLucida ConsoleiPointSizelfPitchAndFamilylfQualitylfFaceName
Source: PLAY.mal_.exe, 00000000.00000003.382779971.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: ImageList_CoCreateInstanceProgmanProgram Managercomctl32.dllImageList_ReplaceIconImageList_CreateImageList_Destroy
Source: PLAY.mal_.exe, 00000000.00000003.382779971.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: \|}TFoldersAppPropertiesShell*ProgmanProgmanPROGMANSoftware\Microsoft\Windows\CurrentVersion\PoliciesPolicyAutoColorizationHandleAssociationChange
Source: PLAY.mal_.exe, 00000000.00000003.393091382.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWndSHCore.Subclass.DataSystem\CurrentControlSet\Control\HvsiWindowOverrideScaleFactorSoftware\Microsoft\Windows\CurrentVersion\Explorer\FCM\Impolite[
Source: PLAY.mal_.exe, 00000000.00000003.400002647.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SetProgmanWindow
Source: PLAY.mal_.exe, 00000000.00000003.398164138.0000000003100000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: RtlDllShutdownInProgress_p0.System......./UseSystemForSystemFoldersSoftware\Microsoft\Windows\CurrentVersion\Explorerdesktop.ini%APPDATA%%USERPROFILE%%ALLUSERSPROFILE%%ProgramFiles%%SystemRoot%%SystemDrive%\\%COMPUTERNAME%...\...PATH.exe.lnk.cmd.bat.com.pifCutListSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation\VarFileInfo\Translation\StringFileInfo\%04X%04X\FileDescription\StringFileInfo\040904E4\FileDescription\StringFileInfo\04090000\FileDescriptionProgram ManagerpszDesktopTitleW%%%s%%%sUSERPROFILEProgramFilesSystemRootSystemDrivewindir"%1"commandshellSoftware\classesDefaultIconshell\%sAssignmentType0Software\Classes\Applications\%sSoftware\Classes\Applications%1.ade.adp.app.asp.cer.chm.cnt.crt.csh.der.fxp.gadget.grp.hlp.hpj.inf.ins.isp.its.js.jse.ksh.mad.maf.mag.mam.maq.mar.mas.mat.mau.mav.maw.mcf.mda.mdb.mde.mdt.mdw.mdz.msc.msh.msh1.msh1xml.msh2.msh2xml.mshxml.msp.mst.msu.ops.pcd.pl.plg.prf.prg.printerexport.ps1.ps1xml.ps2.ps2xml.psc1.psc2.psd1.psm1.pst.scf.sct.shb.shs.theme.tmp.url.vbe.vbp.vbs.vhd.vhdx.vsmacros.vsw.webpnp.ws.wsc.wsf.wsh.xnkHKCU:HKLM:HKCR:%s\shell\%s\commandshell\%s\commandSoftware\Clients\%sSoftware\Clients\%s\%sOpen.*....../UseSystemForSystemFoldersdesktop.ini%SystemDrive%\\%COMPUTERNAME%...\...%s\%s\StringFileInfo\04090000\FileDescriptionT

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\PLAY.mal_.exe

Code function: 0_2_00AF84FB cpuid

0_2_00AF84FB

Source: C:\Users\user\Desktop\PLAY.mal_.exe

Code function: 0_2_00AF8147 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00AF8147

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\LOG	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GCM Store\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\JumpListIconsRecentClosed\83a1e5e2-01ac-4719-ae04-f0093721c455.tmp	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GPUCache\data_3	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GPUCache\data_2	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Platform Notifications\LOG.old	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GPUCache\data_1	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GPUCache\data_0	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\TransportSecurity	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Preferences	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Safe Browsing Network\Safe Browsing Cookies	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Sessions\Session_13305159346941976	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000008	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Favicons	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Scripts\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension State\LOG.old	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Network Persistent State	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG.old	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension State\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension State\LOG	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Rules\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GPUCache\index	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GCM Store\LOG	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Sessions\Session_13305159336740646	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Session Storage\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Platform Notifications\LOG	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\PreferredApps	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\JumpListIconsRecentClosed\d6cad3df-fce0-43ed-bb96-ffad9e6c76e6.tmp	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Reporting and NEL	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Media History	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Platform Notifications\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Sessions\Tabs_13305159347206338	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension State\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\previews_opt_out.db	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GCM Store\Encryption\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Secure Preferences	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Google Profile.ico	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GCM Store\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG.old	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Scripts\LOG	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.old	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Scripts\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Rules\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network Action Predictor	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Scripts\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\DownloadMetadata	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Sessions\Tabs_13305159337222731	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Session Storage\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\PLAY.mal_.exe	File opened: C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old	Jump to behavior

192.168.2.148

192.168.2.149

192.168.2.146

192.168.2.147

192.168.2.140

192.168.2.141

192.168.2.144

192.168.2.145

192.168.2.142

192.168.2.143

192.168.2.159

192.168.2.157

192.168.2.158

192.168.2.151

192.168.2.152

192.168.2.150

192.168.2.155

192.168.2.156

192.168.2.153

192.168.2.154

192.168.2.126

192.168.2.247

192.168.2.127

192.168.2.248

192.168.2.124

192.168.2.245

192.168.2.125

192.168.2.246

192.168.2.128

192.168.2.249

192.168.2.129

192.168.2.240

192.168.2.122

192.168.2.243

192.168.2.123

192.168.2.244

192.168.2.120

192.168.2.241

192.168.2.121

192.168.2.242

192.168.2.97

192.168.2.137

192.168.2.96

192.168.2.138

192.168.2.99

192.168.2.135

192.168.2.98

192.168.2.136

192.168.2.139

192.168.2.250

192.168.2.130

192.168.2.251

192.168.2.91

192.168.2.90

192.168.2.93

192.168.2.133

192.168.2.254

192.168.2.92

192.168.2.134

192.168.2.95

192.168.2.131

192.168.2.252

192.168.2.94

192.168.2.132

192.168.2.253

192.168.2.104

192.168.2.225

192.168.2.105

192.168.2.226

192.168.2.102

192.168.2.223

192.168.2.103

192.168.2.224

192.168.2.108

192.168.2.229

192.168.2.109

192.168.2.106

192.168.2.227

192.168.2.107

192.168.2.228

192.168.2.100

192.168.2.221

192.168.2.101

192.168.2.222

192.168.2.220

192.168.2.115

192.168.2.236

192.168.2.116

192.168.2.237

192.168.2.113

192.168.2.234

192.168.2.114

192.168.2.235

192.168.2.119

192.168.2.117

192.168.2.238

192.168.2.118

192.168.2.239

192.168.2.111

192.168.2.232

Name	Type	MD5	SHA1	SHA256
A:\Recovery\WindowsRE\ReAgent.xml.PLAY (copy)	data	9F4D6DDBCC64127D42A165E53513E34C	626A3F2349A8A42BFCC739E24E93EEDE3D7E83A3	DC9724F746D805F7D836B92939634D2AE81F26D0176E0B3AD8319D8F9067D98D
A:\Recovery\WindowsRE\boot.sdi.PLAY (copy)	data	4520F44B0C1BAE13EC8018DA94C25C60	9FDE0E46B442DD8BCB32AD7061A61364B71A8613	5FD32D4EE26BF0F9CC89771E464CD422DF36671DF350C415DA74855E815AFFFA
C:\$Recycle.Bin\S-1-5-18\desktop.ini	data	84631327BF326193F59D5FBE4805151C	5533A6A3C291C38F6ABECB97DB8D0666673C6863	2A6E444C7B9ED7F1AFF2732A71B7DAE64C1232C80EFC793AB5B1B5C6682F8B2B
C:\$Recycle.Bin\S-1-5-18\desktop.ini.PLAY (copy)	data	84631327BF326193F59D5FBE4805151C	5533A6A3C291C38F6ABECB97DB8D0666673C6863	2A6E444C7B9ED7F1AFF2732A71B7DAE64C1232C80EFC793AB5B1B5C6682F8B2B
C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\desktop.ini	data	8EB657F0A4AB5F1983B7784363495549	8B4E9B3409BC6CB70AE9A17EC15068C375189088	91885A6DE4E56089630D8B39124AD08FD918B43CC7653156620B2A3BD28DF3A9
C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1000\desktop.ini.PLAY (copy)	data	8EB657F0A4AB5F1983B7784363495549	8B4E9B3409BC6CB70AE9A17EC15068C375189088	91885A6DE4E56089630D8B39124AD08FD918B43CC7653156620B2A3BD28DF3A9
C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\$I2EW2MR.pdf	data	A6214B797D3A974B785BBA52911016CE	8B23D12AD599F12DB74145BE714A228960048808	CA28EAE4A190E70D92246798E66DE34330915AB18E69E7301170D39A791A34F4
C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\$I2EW2MR.pdf.PLAY (copy)	data	A6214B797D3A974B785BBA52911016CE	8B23D12AD599F12DB74145BE714A228960048808	CA28EAE4A190E70D92246798E66DE34330915AB18E69E7301170D39A791A34F4
C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\desktop.ini	data	B7EAB634DC60AFCDCCDBE79322E03A4A	722A6868E3237D7F90A68EAA005992A1D64281D1	B1B8D5A4604442EB93C3072EF237C811EBB70DDA896807214F45D818C1BCF63E
C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1001\desktop.ini.PLAY (copy)	data	B7EAB634DC60AFCDCCDBE79322E03A4A	722A6868E3237D7F90A68EAA005992A1D64281D1	B1B8D5A4604442EB93C3072EF237C811EBB70DDA896807214F45D818C1BCF63E
C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\desktop.ini	data	72BA844E1B3C9CF8D157742715BD8FEB	9BA5BA3CA83AA583B7CAE1882C04014C0CC37190	5C9934247BB3386B6C87AD2B062E4230E69794AE9505AF15ADC581ED0E3A4C76
C:\$Recycle.Bin\S-1-5-21-3853321935-2125563209-4053062332-1002\desktop.ini.PLAY (copy)	data	72BA844E1B3C9CF8D157742715BD8FEB	9BA5BA3CA83AA583B7CAE1882C04014C0CC37190	5C9934247BB3386B6C87AD2B062E4230E69794AE9505AF15ADC581ED0E3A4C76
C:\Documents and Settings\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDCUpd1901220034.msp.PLAY (copy)	data	076F673285A4A8285093979F3C81C3AA	860B78F1ACAC5D8B3749AA059346D6ED21456B74	2C49C4F446D0641459666711FA45C72E6DF9F4CF609D37455665EDFE3ECF696C
C:\Documents and Settings\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\Data1.cab.PLAY (copy)	data	A9EF01DE624FE631C70FF3207019C0D9	4C9882315D7A51190BE925658212E5FB86979FE9	595B49F4E3853052987A117CD99C94F985EEBAACB8510346BE5FEFA2CCCD3F7A
C:\Documents and Settings\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\abcpy.ini.PLAY (copy)	data	915654CD8D47EEE09B7D231EF16291D7	742A72E54596829216E770F101F53596270A4614	BEE6EF660A83C088F845B881753F5FB56EE1311422E9D3F1B69B993FC6B7D9A4
C:\Documents and Settings\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.ini.PLAY (copy)	data	253E08C25096908364CB69770D526524	E58E0096A69ED717A35AA436F27BD6D4FE8FD0B8	904F63C08479B2F3C52379666B8B5C5507B48CEA2FC4B9646F3C2F8D40BFBDDF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.DATABASECOMPARE.16.1033.hxn.PLAY (copy)	data	70E6DD27549154712E6E85B324484324	F436FB0617F7213C0D563EAF9A32D45E09C8B67E	1DE9E05156C7F45DCB2D00C4DBCCEFF19A5C26441BFFDED332C77116184E35D3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.EXCEL.16.1033.hxn.PLAY (copy)	data	E21585C8037F3880A3F717C837CC8C95	F1243A6FCBA7D10FE7A4DD0534BC8276BF06E8CC	2CC0DBD13DDB30C2DC6B3615C6B3339D3D24E253DADF95DC852D042E8D71C404
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.GRAPH.16.1033.hxn.PLAY (copy)	data	E219A576C0A9C0C1D669F8718EFBB7B7	A0D6C5CEEB5CFEC95C48A2B7A025540A7FB96E48	B9110A1BBE1D7B50AD4D1486F95B74153AF70EAF69988E60E8DFB31F1CFCF030
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.GROOVE.16.1033.hxn.PLAY (copy)	data	BAB86621F32E0DB18BE8020F03D6E246	D8AAE3995AD2120DA9B61F63025B6E8D2F1C4A5C	67865B78B95916A00A0BAB57938A07E9B47C297434C9A54624F3685EE73F5A7B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.LYNC.16.1033.hxn.PLAY (copy)	data	673C90DD58D23B33652BBB84B599B388	4C92C2DA91679FE74A384694C687E261D76B514B	88432D16F8EF2A7BBDEBD949D85527745575CE124AE9F9790DECF8265EFEF167
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.LYNC_BASIC.16.1033.hxn.PLAY (copy)	data	B5DC987F47270CBF940AFDD4E7677330	35AEBEB316E9DF3D888965B004C79DB6004195EB	4BD3E8E6763E2549ED561617E9C7A87468270FC60759AC969BA28F47DE0AF280
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.LYNC_ONLINE.16.1033.hxn.PLAY (copy)	data	37FA42AB4AA141958271002A9AC7BA51	7001DF19C4E85AC44A5F30B322511D1845AE02D8	EE7E124AA1DAEF18D3F60E55EFACE027B907409B6603F4EC1F00F8C250D12548
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.MSACCESS.16.1033.hxn.PLAY (copy)	data	13D892EDD653D472EF976F9240AB5257	FC099D08CA2D61738A0714B4AF7F16456A0307D8	3019D8BE6857263AC8F3439D87A24C6CC8490A4474BA86633B3EE4757A0D4763
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.MSOUC.16.1033.hxn.PLAY (copy)	data	898137E80B75A3663063101ABFCCEC9D	E3C5FEE8C48B33FDDA9BC0DE7DE7433196D68284	F326992CDDB8FEB97E6B12C69D8A096B8884DC214A235C501CD6D2CF1B788B15
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.MSPUB.16.1033.hxn.PLAY (copy)	data	2EB290C53EFB17A0BAAF369BD996E107	59C8DB839B743BA25397F03BFB8A21379D028688	A9DEC77AB887AF3F0046FA0D0AE63682F07A3FA510BAE48C9A3B35E00596FDE9
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.ONENOTE.16.1033.hxn.PLAY (copy)	data	947AD8EE0630C35CEA67A3646807E22A	4C2ABC1257E52AB7984783C4F666E375F63E1BAB	EEE0C02EEB4BB6CDD3A227E40D6D5AA46D7F9BFAB42B919C915E8B4F75BA8637
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.OUTLOOK.16.1033.hxn.PLAY (copy)	data	750842DC44EB331CB41A2BD2C6D11047	EA6394203DF446FA85C6D80B0F4AB8F7E301CE5C	54E18A0E1D5085709D6E1D02A606E3F3936696414365799DDD5084D874160BAF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.POWERPNT.16.1033.hxn.PLAY (copy)	data	B4504428EBBEFBA508C3F94F0DEED264	16C994460BE88B2BBC3C1A89A6A1CCCF52B39572	E2D17C8BD49FA993832904B01DD3221909774D60B8353CD3747B18F2E55C88C0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.SETLANG.16.1033.hxn.PLAY (copy)	data	E8B4FF3E8EE6335D4D3FD044772DCF4F	31BA60430A500DBD6CFB4594A23D090728C23BC2	5818BDF05F17A902734F351E7CB9CF95E7ACA6AD397CE3B6FB3CF9985CFFF9A0
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.SKYPEFB.16.1033.hxn.PLAY (copy)	data	6E9FDAC0A8A1FDED48604D7493ECD4A5	9CA6D88B2027BA3DB40908B7DEAD652E9F5A5683	F6B7DB2A8A15425FBC9D8DA3C9F73399463AF66BBCD869C640F1B33746C8CF93
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.SKYPEFB_BASIC.16.1033.hxn.PLAY (copy)	data	102D4806F41008AC77A2D0EB367FA949	7E4A1ABAC7AE854BA509ADEEFC25E6B71DA0756F	D3D9341175C513D1E122DA7F9551C6EAB5C90E760D18AECDFE3690DFEE80405D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.SKYPEFB_ONLINE.16.1033.hxn.PLAY (copy)	PGP\011Secret Key -	C36CB1585CC8D853975BC41162F7B693	6C33FB86E19488C389257B5CC32E50EAC4C830A2	07782C4F92680440FCE0248DF59F0CC9CA0C4178474623C5E0720F511DE0FDE6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.SKYPEFB_ONLINEG.16.1033.hxn.PLAY (copy)	data	8F0B6BC86A929134372F07E2C86B547B	E1D1277457F488AEC6054D0194B9C9AB0C12C571	35A2C988EEF7E8E0281AD24A6BCBD048EB8BFD6ADDD323F249DC1D481B82E57F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.SPREADSHEETCOMPARE.16.1033.hxn.PLAY (copy)	data	4A743485F17CFC3D0CAE4ED528F4AFA7	D4D053912966B6E0A37B6B0DFBE2948C061ABF8A	3405F040554E016AE7113C9B324595A58BBA4F4223143FC45574B8B08B457035
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\MS.WINWORD.16.1033.hxn.PLAY (copy)	data	25C88F1AA76540D7965BC53DB915B051	2E2CF19305DA3A346EF4002F0A487189CCA5DA21	1DF23F20FB094900938E9A0E3F9F80A03BA06D14E7165B6EAE6BBF5F76FC8D53
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\nslist.hxl.PLAY (copy)	data	C0F2EE9176DFA80ED34A003A1181A35B	335FD56936DD0FBAE86B4043566370C4F9ACB38C	C907184065F1710D5A1A1DB118ADAF6333689736754D3CFFF67D6A7111CF9C5F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\refcount.ini.PLAY (copy)	data	03575F11A9393686A100B9C37B156C49	DB61812D9F3A5D337B2BC5291816721278B57210	A1A5ED78546092288965D44BC58C2F948E4C45E88AAD05F68FFA3C4A32F09779
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache\baseimagefam8.PLAY (copy)	data	99BF2E490B1356D8D5AB51C2048F51CF	D83FEAB02729D744F492DF1E76CB709AE796D22D	199D3FBFF63C580D2D9F164BB343664E8A8FD7E4915E45F8294476B52D390AA7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\state.rsm.PLAY (copy)	data	033D0113D58676C879743931E39E553E	017B11A55B935C6A83E323B2BEF903DB443BF65F	4FF7E748A8B8C09C02D6789F1996E5CD0BC56A9817A733468380501586F0C31B
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY (copy)	data	F93141E4711DEF0536A9525CAF2AE8A9	32E35043906EEC39E569EF17EF09E12A3D118E8E	46BDD48359AA47CD01FEA86360B7DD65C2F23F187CA6F7DF3698092F1E828C6A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY (copy)	data	6A6E9ED2B6280CFF9B790CA7C89FAC9F	D110CA5A10F4C6829CA1F345CB7D11766093929D	BCC54FAA1C69F0AB10E5A32E49C02BBFC31D1B71EB80B93A9AC8E25918440C70
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{19F7E289-17B8-44EC-A099-927507B6F739}v14.21.27702\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY (copy)	Dyalog APL version 167.40	BD2A015513042A906CF555EE88FF1D3C	E48C2BDC7B03C50E14795ACB34098204B67D5B98	8B51665B139F696D9C11E1EFE234F663DF450470DE3584E6DBEEF140F27E9D36
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{213668DB-2263-4E2D-ABB8-487FD539130E}v14.21.27702\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY (copy)	data	2D154531D08C6534F1FCCC64F74AFCBD	2829B6ACB6F212C1E491EE841CDB457F97E48047	FC0EC919BDA88BFAB71E28912522BA96C8EB94494B0EBD3BA42294E11A88C3A7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.PLAY (copy)	data	B096DBD7865CC7A779DA795826181521	AB0545E501519B13A6E45F1BDAEDB2B48F0527B2	38C0FA3958DE71ACF24ACF39753EC4DEEED765C9872639045D12DF2BEDB284A8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY (copy)	data	C2DAD1017BA52C0A6922BAD338B2ED97	718F72501713CD7E8B0157E1FC697258566AEF37	D3623C96D298FC87FA617009467E365D71B66A9DF62046F2E5D5DAD0D6EC7AF8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\state.rsm.PLAY (copy)	data	2EFE7957C04780D2A4D2D4D91B76EF5A	BE032296047C32F5816C698CBD893062C85934FC	5A7B6864E9F045B9CE4C2D270483B3F49D2F33BE2F4C3D167D528E7F0852E592
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY (copy)	data	282500AB4DB2CF6CDA452D3312413E29	A15795EBC345D72425F094B54A2499CE0739F621	532578D5F77CADC99AF60E8D7B55158E32FFD900888C8AA6CC690D5F77DFEFFC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY (copy)	data	F04DF6CF62D556BD6794FAF39305A895	FE7984E43633B09E435BC90393D503213EE5DEA8	6B020E5DA5E519C2ED10FD1DDD087857E457BB8AE69E53EFA8FC234D38D98D27
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY (copy)	data	5DE9BB4B9A1842360A5967727E6EB056	CD913C346D384F9B42487DEFF28338616351AFA9	ADC6BBE62F96AD18D2F06BC85E61D76DC9C81A955C77FC165E34C78688868D68
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY (copy)	data	31079187545A7A3EEAFD0B0F4610F4FB	16F4EE2A5164FDE356F3B4981E3BB6BC4BA726D7	D9E556A775D5777E938AAFEF9CDFC4C8E7AF22D19E75F45BBD71C89B3AA3C0E7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY (copy)	data	52450C7D58698BC47EA5AD032D9487C0	BFD16D9F0C1AB91FA920072CE10EBB344740B63D	98FCB9DBD48059CC38989EE3E9F4D3D45474B77BDBAB0DE77C4E50FD68DCA902
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}v14.21.27702\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY (copy)	data	AC7BA4508E688E76B331547B98C385AF	B40CF4EBBBAD9D1E3FC950A387AEA612F666989A	35983FBD0BC965E374D6BD1F147B5521DADD7B962E2A7FC16703EE871B5791F1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY (copy)	data	4F349E86E466361963F7CEC319570262	EA5EE8C64DC7D35D6EA92E03C4C7A9E8CFD6C234	9BDCECFCB0613BDB324093C70C4E6234AD02B7E5A4735C4B3332F44F332BE65F
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.PLAY (copy)	data	146428A951777E2AD38D58B126B52129	04BF78E77E40CF4709F1B7B9AF7031B2406829B2	CC42FB00680E70EF3A04F9EAF1071E512F165BC24B023C012CBC692DEF470857
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\state.rsm.PLAY (copy)	data	76B5B76651EB293CEFCC82B457D7EB46	DFC3EE286A4104F601DAFDD722F96445D649E5BF	8E24B6FC4C0804B2FD300047C43E1BCFFE1008C8A045B1FE4536083B73C297CF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\state.rsm.PLAY (copy)	data	BB8A84CEA92AC2ED098874464BEFA2E1	0359F179708669E7012EC4E63197B829E72D87CB	A226D5B7738FAD15758F267D6E5679660D67C81D4A5E75429B4AB39801CC87B3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore4df22196-a1f2-426c-aa27-062a9f86aba6.xml.PLAY (copy)	data	A3053EA397B077DA899CBCA6879C7626	7E33884202BA04508A750C8CA86BD8469CA73481	2971834C72792189441456CB7B658BBF0C62D938F27D16F112E8DDC2FDB716A5
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml.PLAY (copy)	data	ED046267EC06A42F90C9DAABFF33FB1D	53674604C880E6F1255C2E7440506B0104E839BF	1ADC353C944AAFC4ABF79A7849D5C39E48E62C63B7B516DFC36692E788093829
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotifyIcon.001.etl.PLAY (copy)	data	AA328C45E04A9F0B811AEDA4AB334E5C	E57651BF461870FA2239935A7458D6A5AED30D14	8FF61DED44B07C0D3020A3D33AF6BA627E37851FD5B83685E37F8F7C985B2BB7
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotifyIcon.002.etl.PLAY (copy)	data	539C9EC8D82572D767DBBA37DDFA8059	A93C565C9C5BD0796E1538295825A2D62CA43BE1	674E33381D0E0CCBD947A7BF4160BAC0A541737786AB4E6DB565FF609B26BD55
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\NotifyIcon_Temp.1.etl.PLAY (copy)	data	874C20768D07C1259FFCF88ACAD00185	7EF2C0C5D60408E1E86634804363EC9A2F7EB3E2	7D297C088FDB48CB6F43335FD991A9F4E4D89D2DD97146411E605CFD6F091C37
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.001.etl.PLAY (copy)	data	4C0EAF881DF7DC6FBAECA2847ECC70C6	67A4618C96EE61FB3B781B4E6E0CB03F222B2F3B	E6B104687943C133F7B69DA46C2936A760164CD0CD4352BD523144A98E12313E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.002.etl.PLAY (copy)	data	EED8F29575A0047243E4F3F4C73C3CC0	55CB66C472CBB0B095773906923CBEF9F65D9575	2AFC7C3419E457D2819D32BFA1006C43117076631F46CE07EA48B664BE694CA6
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.003.etl.PLAY (copy)	data	4389EC813692362AE41741C867D4DFCF	0178BB251F806C03BD4106BE393CC60B57A5E2F3	70C6604C4DC2A774ACBE7BC0A9F31F85810088796A4C10186B06E78F9C1F9459
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.004.etl.PLAY (copy)	data	3A1C75D2ACE5BDDE11B70FE319DE6C3C	17D7BD87F13F8DE51AAE9A90F4390AEFBBC788CA	CD923BA463DB592A8AA8BF8DAED499330BC6EC98C9AE0F3A59FCA78C296CE058
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.005.etl.PLAY (copy)	data	CC8CE47F39D0B085A17380BC120534DD	4D2FE10B930E2CD4BE119A29C9890D22D35AFD34	B23FE4723CC3902B4218C323AE590643767099F30E677D4B3BB304FED2437BE8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.006.etl.PLAY (copy)	data	7FF4FBC1AA65635868D53D1753A7E891	78A953185602A7A2A5E3F8F25104A9826E88F3B1	3B607D13A48D3603D6B09E64903F5347920811EA6C525490123A428E0AAF20CE
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.007.etl.PLAY (copy)	data	9E3CA34E7ADCEDF5EC9FD3E90D920848	F7950BC296CBAFBB784D7996FFA790B1B5E80667	85109D158A6A714E4830ED71BE13EC449338D1928D56997AA799D3F3874E0156
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.008.etl.PLAY (copy)	data	B0AC9C7E1E85C483B7307A784598E85E	A40B6BAD4BB21F28E2AA65066BD8E0F0517F8796	59D0BBFF0020F17D46D908D50EFD0D59E2C2433A06C5877BDA9E93ED1F50E319
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.009.etl.PLAY (copy)	data	A2DF46175790D9BA012088C900B43B28	B449E880CBFA2E185770E20BE06B7519D5EBBF97	0ADD976C766A5A13D38ABD8DA9B4387D03D6A2BECCC9F081FA14B9AD90BDC323
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.010.etl.PLAY (copy)	data	F9ABED1A9753622EE996BB87816F8210	898E30F694F3A0473A936D17F2C9DD07D18D04DB	292C0BB8DB038EEF24AD7F8C4B4596A4C4BE977A689CFB7E08EBBB33A1BF43AF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.011.etl.PLAY (copy)	data	80BA803E9FA0ECFADFB842DA68994EE0	550344BD98C64C3AB9E65BE39A93580EAB5BDE76	1E733F58417E0B75011A7DE0444EF4C39A55204E465A8DF529767F4C1D93FF83
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.012.etl.PLAY (copy)	data	2425DC8BE2FFC73B2F05D05FC88145D5	0E95FC81B48F4DB63A410B4EAB7ED1525371C5BD	17CADCA1CB52E061B024042C00662512428377FDDECF81FDA8926AA03B5D0B7A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.013.etl.PLAY (copy)	data	1BFC06087045747749AD135A4819CA79	9826AE64CF195182FD6E9662A8A86FE6352615A5	C80AE09983BED91E104EACBA274FCEA89F7E8A92A0BC3CC7476F9C5371F84301
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.014.etl.PLAY (copy)	data	29BFA8201275A92D297E9770F1677145	9302545488AE03D1C67E2DB0F5764738CA8BE9BF	E634C4F88B83DDDFBE6F6BF705F567D8A809B8D2343D012672D18F3CEB285175
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.015.etl.PLAY (copy)	data	6389E8E76516D3D02AE9AFF7B43D1891	01A9ACC0727FA6155E1327B8552854AE98E32C0F	1497AF30A87AF4787C343DAB261351CDE86B87EA7ECCEDF507803223FCC2D417
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.016.etl.PLAY (copy)	data	DACE244E5FB7240D0D05AD567B31E086	73948DB2211C2D1976E6CB958403675C68DEDA6B	3F9D56AC208C37596DB4B31EC37FFF12CB7125FF3672E30B55EE06537B64303A
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateSessionOrchestration.017.etl.PLAY (copy)	data	CA8861F2BE2222BDAE1DBF79D0A0F344	283D94015CB25FDE80797BF6C8CF68B567755EDD	C7FE06CD2F64D0D514D103EFAF766C50EACD0892D7020E7F4298BD9321E0CA7D
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\USOShared\Logs\UpdateUx_Temp.1.etl.PLAY (copy)	data	F953CE3AB62CF9D9CE6C493F736AB10D	A6BDADE3343961968214C4337DAB884DEDA250FF	64B907D37CDB5C9EEAC5ABA8DF0C532824471370DF960AD0AD6A01AD05DBB1D4
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Microsoft Office Professional Plus 2016.swidtag.PLAY (copy)	data	FA7F436743EBA19FE1FF34E6BDCAFE3E	8BC10D44C8863759F1BABD010D0E9D94FAD1A96B	A1B8C0BB38FDDD20841E707060A4B30FB7A7433349D2F3BE503FB1F3310BAABC
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.PLAY (copy)	data	ED52B3BE4574FF8B05CC68F897BD3E8F	15CE1BD3F39893B3A5D2D30DA8A599A91E9FE303	7F862D3F1ECF9625FE7C10BC4CB3485368B5243370CE3537C42B3EF20FF00F3C
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Desktop\desktop.ini.PLAY (copy)	data	5B0E4DE08C6577C0A4D8F573B3E355E1	445D7AD38FE3369AA2C48F31DEC79AF0C0A6B5AB	D6AD79C951E05F015FC28CD463053F2C9CB31AF92D653D01868D2E3F075A3FF8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\desktop.ini.PLAY (copy)	data	AF94DBEC8F8B87D13FA9C49A07BBD59F	82A44581C9F80DFECA1577E0B14810CA9387A3C0	C2922C4061B15B9B3F719938F6A8D5577EEF6461D20297B69286A5B6AC277FB1
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessibility\Desktop.ini.PLAY (copy)	data	9AA40105840EC0D3266A6C0B474AD6EC	E48A4FEEF8B2DA686A05B05B9843E2EDCC481238	8D2FF47CCD88C296EF4F364CF712FE2DE44F6F895731543EC0512A9F924CB796
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\System Tools\desktop.ini.PLAY (copy)	data	DA6A758BC2F753E0D263C00A8AEAA497	431C6164F20C23FAB6E9495EDB04A42D89DF5088	67622EF2D1738923B368D861B2EA5C33987BC883541B7DCAC8329D4D677B5025
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Accessories\desktop.ini.PLAY (copy)	data	9BBE0248E41922FC2277B5150A468D0C	C64C279566CC36961AFF341BC03C560AA42CB57E	73C79C43739188C3CF8FFCE15DD196BC54460E002B6D1D24F444E66C12DCC5CF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\desktop.ini.PLAY (copy)	data	C8E9B150CC990AA2EF3F9E42679A84FA	6C1E21302B4A1DE11567DB41B72E9EFBA9A5E9C2	E6AA5A0C8CAE4F9BDCF59B033099064B49CF9C1576DB47872FBC1C6E7765F190
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Get Help.url.PLAY (copy)	data	57A89A394A7F0399161AB24A627E0CA0	16E5B621C3F67DB4C5A131C720F57964D1556505	81A7E73C685D4DBC3E0AFD31247F74C3D0ECEC2DACC370DD2C304E290CBD2F09
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Java\Visit Java.com.url.PLAY (copy)	data	7D6736E1CCE485E6849B062E8855CB9E	70223E7215B6804707728392DBB3C9093DA631E1	60DD3EBF88CDE31BDFCF1A2D52B518602D80A9A8C93AECE0F9009DEBE9E6F587
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Maintenance\Desktop.ini.PLAY (copy)	data	D7E0E64A051DDE1DC9F23C23351DE907	15E7F96CDC08F7FC0AECBC3453E1D73100D17C4C	8A8BAAA4A3C99FCE2A1A46F0BDC0157AD9A83DCD3BE994C122996A68D0FDC852
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Microsoft Office 2016 Tools\desktop.ini.PLAY (copy)	data	CCAEA2DF92EA357F568177BBACA30B57	0ADA776ED7FDB8EF750B82F74CDB07019C5DF49F	72CC98B82ABDA23256E12B122FC6D8BC45506AA2D8A69BBD167EAC9F02430E23
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\StartUp\desktop.ini.PLAY (copy)	data	A0A9044BE316653614895E02769DD72A	8D049112249A4D71115A778F9279BC41C93DEDE0	033E38B30C050046A539C0E9C3919757B8CD34E1BA7D8AD7FE639D4E22F4B195
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\System Tools\Desktop.ini.PLAY (copy)	data	F6ABB7A487606A3B5F02291D8AD50E09	EC25AD06D852A98F2BA93D57CA93B4ED8275AB55	C497CAACA14422B946F10A18A8D9D33AA0F551A56D3035EA55A766DF42E400AF
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\desktop.ini.PLAY (copy)	data	16B865E4723C467BB3C33081CCB7ADC1	94368C96BC09703969E4BD8DE041D11534D27CEF	299DB2B943B9E5D132CF25B4DCFEAC214D40D9C29D2FBC964FCA63FD14D6D6A5
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\desktop.ini.PLAY (copy)	data	6A9D096D5617859A458FCBD5ADF1D988	ED3F0F5ACDE61D81FCEDCA2ECADE22EDDF9BBF6C	DEBAEF40E146FE3E61AFCD52FA8B216D236AD004EED52282EB1DBB1E409B5DE8
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Music\desktop.ini.PLAY (copy)	COM executable for DOS	E9A90AB684F88F7787605EDDFF1FA2DA	AB76293517DFE0878CA229D854BD6BF8432B8386	E30FE938F29CEAAB61F7524AE2C0AEDDE707DF47BE89578AC0A9EBF9658026D3
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Pictures\desktop.ini.PLAY (copy)	data	AA6F7D329E6DE8E74992E517F0000CD5	F2141BE2617C4415973832030DBA3697C24E026E	199F56CB72541267B3CFC95472D931FA8980B167F8827DFEFAB8137F11C15B5E
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents\My Videos\desktop.ini.PLAY (copy)	data	CD143AD3D59B89050F07AC69CD0486BD	10FABDB4ADCC641372BEC0354058C8052B63E9A4	8D2B84B7028E9F1C290D64EE23B985DDD583530E16BEA4C9095ECA1EC4720998
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\DownloadMetadata.PLAY (copy)	data	8611076229442312FD1B17E703A323A8	8842EAAD76DB36EA9FC69589DAAE2EFB7BE64B70	C0494EE583A959D719BC8F1AA8788BB044A0B772F13CE267C3B8A417A8C2DEC9
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies.PLAY (copy)	data	6C15DA45C3D30849E4A13B8889378999	D7B94D2BBDBDD65AAF5A1D471F913817EE0F2E25	014F738AB33EACE96EC5D27FECE12C13D135B43C909E35785ADE06A76FDFC819
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Rules\000003.log.PLAY (copy)	data	867CA6678DE3733C5B92ABF44D5B2052	969AA594069EA33D5725F7233E7C566621261159	AB6E1805B103517FAF84A4EF8BD31B3D974E6A7FF98A424BEE01DB690AFEC396
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Rules\CURRENT.PLAY (copy)	data	FE52C6267D4C4EE9370BD76B34185B06	998A89E6D31AFD6EFB529F1AA0C294BB636B790C	D1A43051F0760F6D4E2F1DB986CA1815392BE42B5F3D10143A2CC689B257D33D
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG.PLAY (copy)	data	E8EDBF7404EA5D2C0972436A8F1C1AF0	46ED963FE1057C3E22030AEF0AFE8CC3D9382008	97386E119B8798CB9F03790F7268BD58DBBF7377E57BABBA7FC32C1482EB7067
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001.PLAY (copy)	data	226DA237662763252C7F19E00AF13479	24978272AAF2EA779868BD3A842748B5ABE437BA	BE67014E9F87C040FB88ADD9D8215F8687069A733F368F40026FEFA85C9AA61C
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Scripts\000003.log.PLAY (copy)	data	8C426DBC2A54BC7667D499C956D66570	50FF2EA2787451B88CD4842C2E9443D70BA0D78B	921B46ABAABC671435F9714F0997695BFA0299184B494CC2A3ED157FAF605495
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Scripts\CURRENT.PLAY (copy)	data	67560384118EC69557DB05861354ED36	E254252B8FA4F7DD9DB94C9C3443029AAD71FBFE	37EFBFFAFF83DBABB772FF00691A9BE8430AAD4F047F0E2D1A6C3F8E00FB4A99
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Scripts\LOG.PLAY (copy)	data	30F91F1E0565392656756B68657743A8	AF8042643B8026BB78BE825D525B0A5BC931538A	466E4C8FD903C34C209500FDB4FC4AB877F4EDBC22CA47F7359F0B8CB6F40D09
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Scripts\MANIFEST-000001.PLAY (copy)	data	AFB55939AA3F974D2676E12BE5C0B2D7	FA9C4BAE780B14E17E411A6CE004CB749FB4EB8A	B5933F16F451255924EB52239403666D7B71407F8333E629D3978AEDCB985BB3
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension State\LOG.PLAY (copy)	BS image, Version 17610, Quantization 59316, (Decompresses to 60148 words)	920A3AD320EDB429F067B34C2B97F0B6	90BB1FD35AB3357F75A744C48A779FAAF2CA06A8	94B2BCC7FEC51833C9758A9063B16DC631BAA2385DB08BEA899DB55F74AB251D
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension State\LOG.old.PLAY (copy)	data	0654F19F31FAD45E2A0356ED3FA74D80	D5BBD535FA2B5F6BC69E3A7118F94787DCC65AA3	49921E6C138379E0F04AC11147B7D0007F198C7E6EE77048B4A33539E763061A
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001.PLAY (copy)	data	2BD3BBCFFF0E9165AE36A5C164C9ED3B	CD45CD88769945D93B2FC2361CF981B5A559E6E2	9FDA55621DE0B8155B27171C087A50C075F7B774AD4759AF04EF23C8182EEB00
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\128.png.PLAY (copy)	data	974E3D1AACA3B2D5EC3841F1A97A8E83	D6A21E7E8BE09D7ADF6987380B5A4357FEF155D0	38916153C1700041D9A2BB8B7F324AA2082F43CB806A86E506773EA960269893
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\af\messages.json.PLAY (copy)	data	19520512F0365EF44B82B8C93F178FEF	F6176FB6845D2EFC90286093909FFB13AA2AF09D	0B3F3D912A3670242C5F6D36D89A2E01F902C2CC566AEB92913AC25A9FCB24F9
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\am\messages.json.PLAY (copy)	data	4546086CEC05E56A96D2CDB9C32296CD	A0A6609989402F20D07699B0EE320DEB2A8B102D	2E2322B5EDE89125E97718D93CF5F4ED45CFA6E50785F1D6058ABE7734837E63
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ar\messages.json.PLAY (copy)	data	90C379BE312D58B164DB7565C50D099E	856D00436B3DC3B696825E22EFF1EFFE6E499CDD	23C3443DF136C224483F5BC884D4BA731811E62BE2DE97971C76A1C26C22F7A2
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\az\messages.json.PLAY (copy)	data	9F4223B8FD28436EF493770B102C0FA2	CFF59DB5012478568333B04F8ADC49B44F4F5B2F	D6BA3EF3AF9C109DD6D42C68886974155FC5B2C9FE3B1AFCA9F87A2252B66AF6
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\be\messages.json.PLAY (copy)	data	524997C0815E3DD38FC237DA6BA7B04F	889FC3B727EE0883C731D25A80DB8B2622804568	D7AD764F77FA72976443B8C278FE229107F055E2ACB00AAC645540515ECD08E6
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\bg\messages.json.PLAY (copy)	data	48CB14CABE85A26B2DBBB943385B4BA2	07F0562109082AD830FDAB4E5F32B7AF6AB54B54	7067B14490E48D3FCC506F25EBDB4DE74DC5848A5697C090D8D905F19E0DACD5
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\bn\messages.json.PLAY (copy)	data	D67DFEB774C912BB5265F30536F02116	288B43304112BD692E606E25240F9EA032A48E2C	A97812D36023B8C0DFF75EE22CC5CF0457618E3333255EB0B5CFA211407A10FF
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ca\messages.json.PLAY (copy)	data	A58AE6A6C46BD4C37A45CF06B2FDA306	A15EFDFEE54C94075FE010F97729FFCD4D66DFCA	06D9D23C558D2CFFE411A4EEF9B4364F58FB54A47ABC8C921ABC31F2FD658A28
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\cs\messages.json.PLAY (copy)	data	435274742EC629CB85C38FDB848C6182	CC5311DFF4E886B27C4E28822883E75767C44B74	2DAF38076380BF6EEB8257F51F79480BB831F08003924F398992D35756FBB82A
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\cy\messages.json.PLAY (copy)	data	1F809E09170B76209666BB6B277DF192	1B85AD4BEF0D1AD3B472BD4F13F2A4372E197499	50B8420F5E583F62B39B8FB6E369A72B6B083A5703DE5DC95A1DA607CFE94F77
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\da\messages.json.PLAY (copy)	data	16EC05C30596BB90ACC34E15561C233F	49DDD3F3FCAEB80505B9D4A10630344EE6BF8122	431A928D4466D6ED51DFA9FCC8C21FBA263BBAAF674F66604DBA3850FE63A062
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\de\messages.json.PLAY (copy)	data	06D46B8EE538BB70428DCF4E1C91D3A8	FCF06FC3FB2EB9328BA4B24459F1868312BB8B77	C8CC2241F64F8E6CEC9C6984F4C9574F8E7B41FD00E7A9EBE4CEA3B451AEB36B
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\el\messages.json.PLAY (copy)	data	B80BC20673AA11923B0CEE0DC6C7B30D	916D9F93183D1191C345E40C3B368A3B04FA7B52	572D7DBEAE53AF95A2B51624D524A9B20CDD34DEF444524E69EA9F2B6C3FC327
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\en\messages.json.PLAY (copy)	data	CD9698FC3FB2BE6F388C1A9514A9DDA4	F57A898D9D23F39F7A71290BD09A2DDFB3D1486C	A8B86202E749BA2A39B893D1A421BFC5DCCB74F2B753B66CE965ABA0DFD6313A
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\en_GB\messages.json.PLAY (copy)	data	E61768D1AA13B23BDFC2FC87537E7336	4F26403366EBFA9ACAE2C4CDBF6FB5C13EF044FF	F35D490E5CD5426DF7F406BCF7E8BDE97B051D3038F29CE55ED09337511B58A5
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\en_US\messages.json.PLAY (copy)	data	0EB3F841297D06AF08F124001A6D04F6	340B41B2A1A32B837BEB4CAA30625AE83A2F5DEA	0A1770FD219459A24EA5A40234EAFEBE2B1599685E2A4C1CDEBFF4E53E1547B6
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\es\messages.json.PLAY (copy)	data	ED3E0EBA18084EB616EEDE1D9A0054AB	EA6FE032DD0422E5BADA2A43241D51C8A732E0B7	154A7315B2F1628D38AC11F5B1CF9B4BD3215327C02AE2783C274E0F7CAC02AA
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\es_419\messages.json.PLAY (copy)	data	D5912562DF10C211E6852E9F0D748E93	2542CF2B7577C650E69D1F851631E5FE907E6165	7094B902EA7DF16A2D01EB7C75C349DAFCECFA6913319D6921EFD1E03E374E73
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\et\messages.json.PLAY (copy)	data	F6B6190363E81B266F58AB53887ECD7B	2B7A57321A1D1AFE2817457F62388443E4D07518	D08B840D4DC189B58E8A6B465D26C378EABA760D2317D5656EB8537C0C80EDAF
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\eu\messages.json.PLAY (copy)	data	CCCBB8B9721AE19D42686F72632A1198	BE1756A47086C334630120882F588F2D66D359DB	1F2ECC428DBB4B522D4F91A5714F3D04EBADCAFF9082565C2E2ECEC0D70CDED9
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\fa\messages.json.PLAY (copy)	data	0F9EA7095D5AD76DE756B248A7A34D81	2B6A34370CD6515672C4EB9FEF6CB233BC35BAB2	A6DF9CE4846DAFC90DE2C0AE00BE926280454B5BC8F5FE9E17EA6C3C1ECA6646
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\fi\messages.json.PLAY (copy)	data	ADEC0037713F6094D320ABE2990B89CC	FFA3054B0EE447D5E23930DAAAD4F423B7207EFF	F1487665A141FBDB31961A810A78626888FD2886D695040FE25674378D912A2A
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\fil\messages.json.PLAY (copy)	data	EBF4BAD16EA0E532B6230A04883BDAA8	0B6BB80DFE6287BCF4ADAC41C6F6DAD68A2BBC9E	1D911B36270714D4266444A15DA380B553E0530212E7EF356208BD68FD51040F
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\fr\messages.json.PLAY (copy)	data	539BD85A361CFEB43B996B6E66A37911	9A5182D335944555497DC06363C2DBEDD68EF206	080913FC7E94BE8D64C9B3D18DC3AA4E5F861034590EF5647876F9090F8B3D7C
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\fr_CA\messages.json.PLAY (copy)	data	CDA8D0D954EED369BE26B1FDF95896DB	7C13B1176DE74BEA7E1501D3070EF3DC48CF9C12	79ECAEE461EE7ADD42B3FECD1495E8F260207F9E83DE2EFB4E2CC6CC6B964DE3
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\gl\messages.json.PLAY (copy)	data	081DB788E44C5398C16FC00F351A310B	4FC430AD3063BF23BB25AC69DD96857EAC998035	764425FEF44374639F990989375B2B144EB16470D353D4C9495C3A4250CE24FC
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\gu\messages.json.PLAY (copy)	data	D511E32909BAF967D1545A6821438949	BAF76F92A0A9EB3066148AA30E0D494F7E1DD988	7B06DDC08F58F101410612122FD050FD4CC303B0488DD88F2745B32F1039599E
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\hi\messages.json.PLAY (copy)	data	B5821834ABC982EEBDE7578A13B58FB2	1A3523F71253F17B56C7528905A31264558DD195	3015A4CDB60E25CD96A580260DDD4393915F28060DFC94E388EE2DD7A270EEA0
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\hr\messages.json.PLAY (copy)	data	C4FEEACAC28160366CB9C507E4BE4D29	37CCFFDC00E9AE7F1ABCAD8D78B824938062EE6B	681C8AE492676A8A14E22163674CB3DEB165C274F58FC79678DC410FAD5731EE
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\hu\messages.json.PLAY (copy)	data	1101ED69329D8D61542E2C8A17F5D747	FAA2E8008F8ECAB88922D44F67E928B05A623BA6	CB5700AFF90D451A8EDC54E48CED211AD1605622526318011033D02C788A6049
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\id\messages.json.PLAY (copy)	data	B504B0A98B155DB27A6286432348040E	A2DF5DD9ABBE99F69B3DB6112DCE9D2567631F06	778FED3BDE1464AC80A50FC7A674678CEFA135E8B0341AD563C8C5FD0DBD7C7A
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\is\messages.json.PLAY (copy)	data	871E03BA69EBCCE459457659E16B49A0	F5DB37A5E7306B0CE3D18DBB21C39222F55C77BC	78352200554537766612AD517B2E0A5556A2357C1B70D43783E93440E3161EC4
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\it\messages.json.PLAY (copy)	data	4F0664F194DA7EF3610BD839197DD2AD	E527C58B90C1388C35A8EFF6AC1264D21E71CA64	F4CF0A3A0D1D324BAA9B7ECD47867917DC1E7A8527A6E7D958A614D87A750904
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\iw\messages.json.PLAY (copy)	data	C41A9F0CD99241710B3E3BDC28118CB0	A0315DBDCE7A31E7E834A6CAC39248DBC6CA4390	F368A7BDB2175D9225A1EF19EA39F6FA0DE5DCB4D27FA2A52F52DE74187B1E54
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ja\messages.json.PLAY (copy)	data	BF35DEE366DAE8D739E224131555AE78	E8AB0D917F34C20CA1B979A7C9DEC687C0B653CF	25601F8E690DF85BFBD3776CD1BB367ADD9B7C42F5E14BFDA1B1231DE5AB9FE5
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\kk\messages.json.PLAY (copy)	data	D68DCD136FC4B1F8783402CC4BA4F8B7	7FC0EC24379798850BBE67B24E76CF50D604D65E	A7115FF2217EBBDE9782C99F01D409672EE0484AF4B9222CE57E8C5DA40327F5
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\km\messages.json.PLAY (copy)	data	4028BE6836A573A3C7EA69B83310DEB4	E1E622A75C2AE0BA8BD12BBA4FF3E86B6287C007	3FB7F59764709C00BC792A4EB1FC737E0291A72DBB43D157E645B39E8BB54B96
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\kn\messages.json.PLAY (copy)	data	6830F16C96EDABF0F71A9C0D581CDFD0	5C50BAD36FDACFA18EDC3987F813D8156333FB0D	9EF47859FBBF9A2E85734E2AF2A784813283FFC23194B2C4FDEF59184F4FD708
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ko\messages.json.PLAY (copy)	data	A3402C343F74CC1CBC631134F464256D	1BC3CAD8D04B091447C4E57515F9D2630B789411	F6D1C87457917C192B9E5ED0ABFF5387E00C665D506C36C88DC60F1FD1DA3558
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\lt\messages.json.PLAY (copy)	data	5B768613226B8ACACA322B64175FF1A7	025DFB3F26DBF2453E0658AA62A587B5C752CB09	682EB4FA2EF9D306F2F19830208C303B19CA107A8D86135D186A220CDB83A306
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\lv\messages.json.PLAY (copy)	data	452F28ADCE412185ED8753DE2C74D4CE	92922EE14068EB0406983D88090E0A988F4ECA40	11FEC385AC6C2F99F56747B21A5C424687A6023A0DE79A9D3C4FA625EF89753E
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\mr\messages.json.PLAY (copy)	data	4EA616F8150D99E80BB06463BC607FE8	D294C73402B3EEC0B5E47C541F6C22B8CE28F037	58BDB61C3BCFFF56C26FC2D620204D18C26365165FE83325D94FA98B44C6BF4B
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\my\messages.json.PLAY (copy)	data	659D3FD8E060A0D3BBAB5768A49EFAC9	033FD7BCC86A5A080C64F8EBA6CA332E26B6C3DD	7DE705C75EB2E8EA2E3BBC2CEE3016D0ECBE098EDB70AFA97A2C138AEE65B143
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ne\messages.json.PLAY (copy)	data	DB2F60350FE49CB1AB94623641156353	72EFD7A0D3921D9E88E5203A3AD80D6DDF70C714	0689CDCA5CD823485A4FB4200F1DD40145ACD7069C134A3E43A51DE934FDACCA
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\nl\messages.json.PLAY (copy)	data	F9F41B1174FF37BC29DAF44CF4F2868F	D6EE77F79B9B4BF11D7AF8D6B66DFDE1298525EF	9CE75D5EECD633039B6C2CCA2FADB86CE0C3EE9CA0558578676E43A75BB9577B
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\no\messages.json.PLAY (copy)	data	F762EFFD9BE974ECE4FC4A6C3A752F0F	696A60E36EAE7C6B9FB727E522F4F9B1C85DAD16	13163DBE6FD425564926525403B34D89A4ABD5C6B72C876DFAA7970441584920
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\pa\messages.json.PLAY (copy)	data	AD94B1BEE18A6E011299624825B53766	3CCF777BC1D4ADEB6921A3763C9D0B80A06409AD	8F58697288BC90831AA1FD632F5CDA1D57A261EDD6BB1D7D814E8789E45821BA
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\pl\messages.json.PLAY (copy)	data	007BE72560E3715A894F719E690ACF79	419CF57E656F68B0BB8D77AA079E556D15D4480F	DAFC2F442D00305FDFD4608E79EC5E1FEBA005BE713223A44DA3709AAE893E68
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\pt_BR\messages.json.PLAY (copy)	PGP\011Secret Sub-key -	CE2769025F107FBFA33478E21B4A84FD	C0F705D50C5DF4054CD933F3889ECFC48AA7BEF5	FABD57222B0E8937EA18BDB12D10CFD541C600FF2D63C432A6C7E54A900E5A00
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\pt_PT\messages.json.PLAY (copy)	data	E56D495F1FF16AAA74147770205E9A02	6555111FDA0C154F77ADF81611D2848492E98341	2FC8AFC0FA92C552A0CBCD1FF02B9970F6520E1F7330FBA072CD3963DEEC5D6A
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ro\messages.json.PLAY (copy)	data	52A43048A4EFD22DC0A98B91878B29CE	7E499A2B918ED3B6E4C968FBAE369A3E07052A94	D6DC3B6ECE38630A1365E53F72E8070C564B8A583B892A765E4EB0DA079FFBC8
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ru\messages.json.PLAY (copy)	data	838CC1E520D6663FA8D9711C114DD0FA	5B27BA8446AA7594212611E0A1AAD96AE13FA54D	6FF460B86BC36F9C38BC19DB954B7A78965F951A024D4223C15F699A87D4934E
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\si\messages.json.PLAY (copy)	PGP\011Secret Sub-key -	CC85E4C93B96DB7B1FB1277D9FC7F27A	7A178FBF94F42A4BECA33AA98AD7BDF28979EAFF	30D5D36AB027017A47AADCC314527541174E44D33B514E5FA200E32959F039F4
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\sk\messages.json.PLAY (copy)	data	977213D9940F2B1969E0E031A33B7D07	43E4E2F68C31954F63C6A83826963EA7AA2A9AE2	4BF53BDDEC4FDB5E1F4925307A355EA7D305F6D9D5C2321759B5736A09B134CA
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\sl\messages.json.PLAY (copy)	data	AD30A384BAC9C2E2F50DE16328EC4E0A	94FAF9F4A411F3281346E0F8B7CB13AA52FCBF94	64910F9FE10835BC1F2AF640CC77987A5E9AED8C35D7BDD309E9C20D6722ED19
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\sr\messages.json.PLAY (copy)	data	5ED39A8F554BB0AEB9D9A447AE41E5B3	12ED540E1234BD7E2BFE6E409DA8298A548DF504	C75AED28335AD2670122F7DE33F6EC2D198BFF83075FEFF599D897656241C886
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\sv\messages.json.PLAY (copy)	data	BCCD4EBCBC20C98CE604C24A65FD6E1D	0C8DAF21C7C255D2F956C30165DA6337EA36D3DB	DC2EB83D8E324D9DAB4E637F92CA72C4C9A307BB15D8DDABD28ED7D57B210600
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\sw\messages.json.PLAY (copy)	data	DF396E0F2E443763E0F02351A68B8D4A	DED3BCC362801180624C6A095EA0FA79E993534F	D20590F7CB1919FD48087651E2B0638F3C2686CDD219D60D163D1E3B26031FA4
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ta\messages.json.PLAY (copy)	data	DEF34689504CD28D7165E5D3FC965C9E	8FB274F831EFB322779690AEDFC8E640DE10B0A1	F9654477685ADD916EEABF28F7B33D272036C7032AF705B3375850C55575C960
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\te\messages.json.PLAY (copy)	data	737C8BAF2D9477A9055B478C4B10C557	395154D4D397FF3CF2FA2895AA1FF64DFC0FBEF7	28C7776BFCE024A513812AC5D8DB0672E60E7B797A88E7F8316FFC609E97D0C7
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\th\messages.json.PLAY (copy)	data	33C7D614963C0DCDB6E3158ED4A8EBCC	0729ABD0F4ADE9E9FBC1DA101CE4D48DAC2236DD	4DCCE215D06A0B9974C3F87D6A37C7E7DD0022101D56882EC628AE9EFC29F1D7
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\tr\messages.json.PLAY (copy)	data	B2B40155E9833CD2E04C5710563FE6A8	0D6E77A7B26392B85F3CA12258624657AD5EA26A	0402B6BCE1093E2A76EFF1EAC599384B34F84240EC89BF28C7D1C38A47D33BC8
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\uk\messages.json.PLAY (copy)	data	F5C6DEAE7F5A7211A0B201A4BA07165B	9EE6D7BAB2F77062A0DD64FBDF38414E8E9BDAE0	2CE88A266B6E11AFC6F7125DCC9D5B68C66FE798BB1F0ED3CCFC0CF4EEB22994
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ur\messages.json.PLAY (copy)	data	6CE10D523ABB3F4A994C694FCBA662D3	88910D76C448C06FDC4375A9DDE0D01DFAC9AC86	7F6F9104BCD337856889203C2E4F241F26A14B7A511E4014394D79F61E2CE099
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\vi\messages.json.PLAY (copy)	data	8CF60CD2CCCAA61D4ECDC0CD3481A89C	9E5C2312D8A88693DFA72E27136D849D8BE53176	899B4DE99DA1F484EEFB15F7E638559D93649EF7EED0B5444E5FC1C4EB72750F
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\zh_CN\messages.json.PLAY (copy)	data	C5DAE7EB7B94558CD9238707CEA1FF2C	F374E66A11AD76998A2B50189A68485F2629322C	DE044AF3BBABBA35245BD2D0DD4CD11D577B42ED0B2119A2B12DD00435A03A96
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\zh_HK\messages.json.PLAY (copy)	data	A946C55B16CE9637AE7D7D86C0FB4072	998EAE275D9B461D1452E318075BE84031C4A7A8	9CFAAA1DFAB472C9BBA48967D4CA85076FF1B33645987AFBCD4616EE535B3F3C
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\zh_TW\messages.json.PLAY (copy)	data	39ED890C0D663FD16796E9CBE2E93FE7	50A5C2FE4C3AA311F99CFE590324E5FC4FE4C66C	F86BB1EB84C7EE9B97F06FEA636A79BAD054C95852C1CBEF9B176452D012A2F6
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\zu\messages.json.PLAY (copy)	data	5F4E5DF166543DAAD4EBEE6C53292D07	A189361CFD4E09285F6BC7525E1D5947586D6420	C2715A82F7DE2B507ABBA083B8113028B3AB8909C9DD1305214F808CA8DF7B97
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_metadata\computed_hashes.json.PLAY (copy)	data	A21D9341B951AACEB1828CCBC3CFAE79	99CD917D18C19D1A70C7671B8D33048F01B5D982	CD67AF2E47F9E6D28640096A41B41970E5289CAF5A7ABEB21E671D77A30900DB
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_metadata\verified_contents.json.PLAY (copy)	data	DC5AE393548BAA3E476B7F03056577FA	9FA401311880769469749ADF4BC2C351A2358954	03A996F8AD9E1A843F859B65F790CE4A8121553CF4228C26484A0DF219306035
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\dasherSettingSchema.json.PLAY (copy)	data	8C52FE9B3C2CB1F1133DA35AABE3E4E3	3C960098BB6057BFF72342B88BCED602A8D89153	B8920D3090351EE889E176DCE4581D4B0806016C52FAD8EAAC9AF515BF149A1E
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\eventpage_bin_prod.js.PLAY (copy)	data	9CAE7742980FB39EDE675EDE438F2FB7	82A808402A886CEF8A65132721A077A1B9A104FE	ED992112E9933282BA6D8397D415A537A6E9677A187BAC6C9E59296B9244C4D9
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\manifest.json.PLAY (copy)	data	D420564A9A2A80EFB53FA81E1E278816	A63413812072C46873B87E8B21B3153A0C912BE7	EC6920BF72D01047AD51F367BC9295742D29FF0748C83CE3534CF4B558DF583C
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\page_embed_script.js.PLAY (copy)	data	AAE08AF6AFC76BD5CB5BC4A71218FD5C	383B4189B3E5C64F23E1D11B7368205581C25323	EAF2654B2DA1793DCED0502C8F1ED59660E13A0A454651F362881BE460CAB073
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\craw_background.js.PLAY (copy)	data	5A3B814FE6962A2028C1D26A50340EAA	4A33371D8C1CB656732699591712E25D97C4161C	10D3E0257D2FC1DD6FA7DDEBC1BF194E03CE1AE49A62AAD2A8B8525216484721
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\craw_window.js.PLAY (copy)	data	91E55FDCFAEC2CB598DC7111A5FB2442	9B1609BCAF1186AE015C3238133D2B8237BBEEC7	4E94E77D5C9F319BD371A03F7FC892EBC58B154E163AB1BB2B5D47E98D6001F3
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\craw_window.css.PLAY (copy)	data	CE7038D932DB3C697B70515FBFCB1AEC	9F471B3B8F422FE75FCD5E300F231828938F8EEC	FCDD58F32B7468712631FBA0FF76C0DBDE25E7676F51DE41CD833B48A13DD22A
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\craw_window.html.PLAY (copy)	data	C7F2B9E20959BB9A90C063C1EC0BFA64	E716FD53F6F94968538DA85DFE40FF86CBAB8E21	8B7F00C8DDEA1CD3ABFB5E7C634BC74B63BA74D5BB4957806817C0F9FC5891F7
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\flapper.gif.PLAY (copy)	data	E245D1BD71556BAB7F7119A21F7C3DDC	38ACA64B99B4DB9F3A05A9E31814477F816C3C78	0CF4980DE0A6103F9CDEAC7B0C95FBF8D019A7C8A3B683C529BBC2ACD6648EAD
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\icon_16.png.PLAY (copy)	data	AA9F691905003201687874A8492896F2	14F9B20C5709317E8C8D81FC2EE588264184201A	137C615F98119490B4B02E3FD7FCA2A99FF8A9A1A7BA79764923B43A4B9B1DFD
C:\Documents and Settings\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000008.PLAY (copy)	data	43B6F4A6F900B696A4603E265900B380	B08472CDF3136D965EC3C4C76625159579AE6688	1C963445BCBD1C16C80C56EFCBE6A713E2436F63F567DAF6F82AFBDD37E3DE63
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDCUpd1901220034.msp	data	076F673285A4A8285093979F3C81C3AA	860B78F1ACAC5D8B3749AA059346D6ED21456B74	2C49C4F446D0641459666711FA45C72E6DF9F4CF609D37455665EDFE3ECF696C
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\Data1.cab	data	A9EF01DE624FE631C70FF3207019C0D9	4C9882315D7A51190BE925658212E5FB86979FE9	595B49F4E3853052987A117CD99C94F985EEBAACB8510346BE5FEFA2CCCD3F7A
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\abcpy.ini	data	915654CD8D47EEE09B7D231EF16291D7	742A72E54596829216E770F101F53596270A4614	BEE6EF660A83C088F845B881753F5FB56EE1311422E9D3F1B69B993FC6B7D9A4
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.ini	data	253E08C25096908364CB69770D526524	E58E0096A69ED717A35AA436F27BD6D4FE8FD0B8	904F63C08479B2F3C52379666B8B5C5507B48CEA2FC4B9646F3C2F8D40BFBDDF
C:\ProgramData\Microsoft Help\MS.DATABASECOMPARE.16.1033.hxn	data	70E6DD27549154712E6E85B324484324	F436FB0617F7213C0D563EAF9A32D45E09C8B67E	1DE9E05156C7F45DCB2D00C4DBCCEFF19A5C26441BFFDED332C77116184E35D3
C:\ProgramData\Microsoft Help\MS.EXCEL.16.1033.hxn	data	E21585C8037F3880A3F717C837CC8C95	F1243A6FCBA7D10FE7A4DD0534BC8276BF06E8CC	2CC0DBD13DDB30C2DC6B3615C6B3339D3D24E253DADF95DC852D042E8D71C404
C:\ProgramData\Microsoft Help\MS.GRAPH.16.1033.hxn	data	E219A576C0A9C0C1D669F8718EFBB7B7	A0D6C5CEEB5CFEC95C48A2B7A025540A7FB96E48	B9110A1BBE1D7B50AD4D1486F95B74153AF70EAF69988E60E8DFB31F1CFCF030
C:\ProgramData\Microsoft Help\MS.GROOVE.16.1033.hxn	data	BAB86621F32E0DB18BE8020F03D6E246	D8AAE3995AD2120DA9B61F63025B6E8D2F1C4A5C	67865B78B95916A00A0BAB57938A07E9B47C297434C9A54624F3685EE73F5A7B
C:\ProgramData\Microsoft Help\MS.LYNC.16.1033.hxn	data	673C90DD58D23B33652BBB84B599B388	4C92C2DA91679FE74A384694C687E261D76B514B	88432D16F8EF2A7BBDEBD949D85527745575CE124AE9F9790DECF8265EFEF167
C:\ProgramData\Microsoft Help\MS.LYNC_BASIC.16.1033.hxn	data	B5DC987F47270CBF940AFDD4E7677330	35AEBEB316E9DF3D888965B004C79DB6004195EB	4BD3E8E6763E2549ED561617E9C7A87468270FC60759AC969BA28F47DE0AF280
C:\ProgramData\Microsoft Help\MS.LYNC_ONLINE.16.1033.hxn	data	37FA42AB4AA141958271002A9AC7BA51	7001DF19C4E85AC44A5F30B322511D1845AE02D8	EE7E124AA1DAEF18D3F60E55EFACE027B907409B6603F4EC1F00F8C250D12548
C:\ProgramData\Microsoft Help\MS.MSACCESS.16.1033.hxn	data	13D892EDD653D472EF976F9240AB5257	FC099D08CA2D61738A0714B4AF7F16456A0307D8	3019D8BE6857263AC8F3439D87A24C6CC8490A4474BA86633B3EE4757A0D4763
C:\ProgramData\Microsoft Help\MS.MSOUC.16.1033.hxn	data	898137E80B75A3663063101ABFCCEC9D	E3C5FEE8C48B33FDDA9BC0DE7DE7433196D68284	F326992CDDB8FEB97E6B12C69D8A096B8884DC214A235C501CD6D2CF1B788B15
C:\ProgramData\Microsoft Help\MS.MSPUB.16.1033.hxn	data	2EB290C53EFB17A0BAAF369BD996E107	59C8DB839B743BA25397F03BFB8A21379D028688	A9DEC77AB887AF3F0046FA0D0AE63682F07A3FA510BAE48C9A3B35E00596FDE9
C:\ProgramData\Microsoft Help\MS.ONENOTE.16.1033.hxn	data	947AD8EE0630C35CEA67A3646807E22A	4C2ABC1257E52AB7984783C4F666E375F63E1BAB	EEE0C02EEB4BB6CDD3A227E40D6D5AA46D7F9BFAB42B919C915E8B4F75BA8637
C:\ProgramData\Microsoft Help\MS.OUTLOOK.16.1033.hxn	data	750842DC44EB331CB41A2BD2C6D11047	EA6394203DF446FA85C6D80B0F4AB8F7E301CE5C	54E18A0E1D5085709D6E1D02A606E3F3936696414365799DDD5084D874160BAF
C:\ProgramData\Microsoft Help\MS.POWERPNT.16.1033.hxn	data	B4504428EBBEFBA508C3F94F0DEED264	16C994460BE88B2BBC3C1A89A6A1CCCF52B39572	E2D17C8BD49FA993832904B01DD3221909774D60B8353CD3747B18F2E55C88C0
C:\ProgramData\Microsoft Help\MS.SETLANG.16.1033.hxn	data	E8B4FF3E8EE6335D4D3FD044772DCF4F	31BA60430A500DBD6CFB4594A23D090728C23BC2	5818BDF05F17A902734F351E7CB9CF95E7ACA6AD397CE3B6FB3CF9985CFFF9A0
C:\ProgramData\Microsoft Help\MS.SKYPEFB.16.1033.hxn	data	6E9FDAC0A8A1FDED48604D7493ECD4A5	9CA6D88B2027BA3DB40908B7DEAD652E9F5A5683	F6B7DB2A8A15425FBC9D8DA3C9F73399463AF66BBCD869C640F1B33746C8CF93
C:\ProgramData\Microsoft Help\MS.SKYPEFB_BASIC.16.1033.hxn	data	102D4806F41008AC77A2D0EB367FA949	7E4A1ABAC7AE854BA509ADEEFC25E6B71DA0756F	D3D9341175C513D1E122DA7F9551C6EAB5C90E760D18AECDFE3690DFEE80405D
C:\ProgramData\Microsoft Help\MS.SKYPEFB_ONLINE.16.1033.hxn	PGP\011Secret Key -	C36CB1585CC8D853975BC41162F7B693	6C33FB86E19488C389257B5CC32E50EAC4C830A2	07782C4F92680440FCE0248DF59F0CC9CA0C4178474623C5E0720F511DE0FDE6
C:\ProgramData\Microsoft Help\MS.SKYPEFB_ONLINEG.16.1033.hxn	data	8F0B6BC86A929134372F07E2C86B547B	E1D1277457F488AEC6054D0194B9C9AB0C12C571	35A2C988EEF7E8E0281AD24A6BCBD048EB8BFD6ADDD323F249DC1D481B82E57F
C:\ProgramData\Microsoft Help\MS.SPREADSHEETCOMPARE.16.1033.hxn	data	4A743485F17CFC3D0CAE4ED528F4AFA7	D4D053912966B6E0A37B6B0DFBE2948C061ABF8A	3405F040554E016AE7113C9B324595A58BBA4F4223143FC45574B8B08B457035
C:\ProgramData\Microsoft Help\MS.WINWORD.16.1033.hxn	data	25C88F1AA76540D7965BC53DB915B051	2E2CF19305DA3A346EF4002F0A487189CCA5DA21	1DF23F20FB094900938E9A0E3F9F80A03BA06D14E7165B6EAE6BBF5F76FC8D53
C:\ProgramData\Microsoft Help\nslist.hxl	data	C0F2EE9176DFA80ED34A003A1181A35B	335FD56936DD0FBAE86B4043566370C4F9ACB38C	C907184065F1710D5A1A1DB118ADAF6333689736754D3CFFF67D6A7111CF9C5F
C:\ProgramData\Microsoft OneDrive\setup\refcount.ini	data	03575F11A9393686A100B9C37B156C49	DB61812D9F3A5D337B2BC5291816721278B57210	A1A5ED78546092288965D44BC58C2F948E4C45E88AAD05F68FFA3C4A32F09779
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini	data	01B4F79939C8BC75DE609CAE7E76D4A6	1B6C9177367717D09BAAD1CB8FAB3435CEDAD855	C6D096152F4A1B031C062735D02A3CFD49C2E165D158A93D777F3FA0576C22D8
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini	data	DA6A758BC2F753E0D263C00A8AEAA497	431C6164F20C23FAB6E9495EDB04A42D89DF5088	67622EF2D1738923B368D861B2EA5C33987BC883541B7DCAC8329D4D677B5025
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini	data	9BBE0248E41922FC2277B5150A468D0C	C64C279566CC36961AFF341BC03C560AA42CB57E	73C79C43739188C3CF8FFCE15DD196BC54460E002B6D1D24F444E66C12DCC5CF
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	data	C8E9B150CC990AA2EF3F9E42679A84FA	6C1E21302B4A1DE11567DB41B72E9EFBA9A5E9C2	E6AA5A0C8CAE4F9BDCF59B033099064B49CF9C1576DB47872FBC1C6E7765F190
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url	data	57A89A394A7F0399161AB24A627E0CA0	16E5B621C3F67DB4C5A131C720F57964D1556505	81A7E73C685D4DBC3E0AFD31247F74C3D0ECEC2DACC370DD2C304E290CBD2F09
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url	data	7F21EECFFD443FC58C1BFD3F69224C12	A0F54C57E9DD3D87CC1215C85CBA9CF74E516F78	0CB2900849CE56FC64DC4E49697643518C1C72C31795D5C7C43EC37268CD8CB9
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	data	D7E0E64A051DDE1DC9F23C23351DE907	15E7F96CDC08F7FC0AECBC3453E1D73100D17C4C	8A8BAAA4A3C99FCE2A1A46F0BDC0157AD9A83DCD3BE994C122996A68D0FDC852
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\desktop.ini	data	CCAEA2DF92EA357F568177BBACA30B57	0ADA776ED7FDB8EF750B82F74CDB07019C5DF49F	72CC98B82ABDA23256E12B122FC6D8BC45506AA2D8A69BBD167EAC9F02430E23
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini	data	A0A9044BE316653614895E02769DD72A	8D049112249A4D71115A778F9279BC41C93DEDE0	033E38B30C050046A539C0E9C3919757B8CD34E1BA7D8AD7FE639D4E22F4B195
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini	MPEG-4 LOAS	C80F782958523FC1162E83CBB6FEC0DD	C4F8B0C4FE726AC5C1F66430EC518F9FBAA98700	65EB6E94A7F8ECC101F6B5A35EA4B9EE1EAED84D9341F6CFD5CFD3219D36FDC7
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini	data	16B865E4723C467BB3C33081CCB7ADC1	94368C96BC09703969E4BD8DE041D11534D27CEF	299DB2B943B9E5D132CF25B4DCFEAC214D40D9C29D2FBC964FCA63FD14D6D6A5
C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini	data	6A9D096D5617859A458FCBD5ADF1D988	ED3F0F5ACDE61D81FCEDCA2ECADE22EDDF9BBF6C	DEBAEF40E146FE3E61AFCD52FA8B216D236AD004EED52282EB1DBB1E409B5DE8
C:\ProgramData\Oracle\Java\installcache\baseimagefam8	data	99BF2E490B1356D8D5AB51C2048F51CF	D83FEAB02729D744F492DF1E76CB709AE796D22D	199D3FBFF63C580D2D9F164BB343664E8A8FD7E4915E45F8294476B52D390AA7
C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\state.rsm	data	033D0113D58676C879743931E39E553E	017B11A55B935C6A83E323B2BEF903DB443BF65F	4FF7E748A8B8C09C02D6789F1996E5CD0BC56A9817A733468380501586F0C31B
C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\cab1.cab	data	F93141E4711DEF0536A9525CAF2AE8A9	32E35043906EEC39E569EF17EF09E12A3D118E8E	46BDD48359AA47CD01FEA86360B7DD65C2F23F187CA6F7DF3698092F1E828C6A
C:\ProgramData\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\cab1.cab	data	6A6E9ED2B6280CFF9B790CA7C89FAC9F	D110CA5A10F4C6829CA1F345CB7D11766093929D	BCC54FAA1C69F0AB10E5A32E49C02BBFC31D1B71EB80B93A9AC8E25918440C70
C:\ProgramData\Package Cache\{19F7E289-17B8-44EC-A099-927507B6F739}v14.21.27702\packages\vcRuntimeMinimum_x86\cab1.cab	Dyalog APL version 167.40	BD2A015513042A906CF555EE88FF1D3C	E48C2BDC7B03C50E14795ACB34098204B67D5B98	8B51665B139F696D9C11E1EFE234F663DF450470DE3584E6DBEEF140F27E9D36
C:\ProgramData\Package Cache\{213668DB-2263-4E2D-ABB8-487FD539130E}v14.21.27702\packages\vcRuntimeAdditional_x86\cab1.cab	data	2D154531D08C6534F1FCCC64F74AFCBD	2829B6ACB6F212C1E491EE841CDB457F97E48047	FC0EC919BDA88BFAB71E28912522BA96C8EB94494B0EBD3BA42294E11A88C3A7
C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm	data	B096DBD7865CC7A779DA795826181521	AB0545E501519B13A6E45F1BDAEDB2B48F0527B2	38C0FA3958DE71ACF24ACF39753EC4DEEED765C9872639045D12DF2BEDB284A8
C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab	data	C2DAD1017BA52C0A6922BAD338B2ED97	718F72501713CD7E8B0157E1FC697258566AEF37	D3623C96D298FC87FA617009467E365D71B66A9DF62046F2E5D5DAD0D6EC7AF8
C:\ProgramData\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\state.rsm	data	2EFE7957C04780D2A4D2D4D91B76EF5A	BE032296047C32F5816C698CBD893062C85934FC	5A7B6864E9F045B9CE4C2D270483B3F49D2F33BE2F4C3D167D528E7F0852E592
C:\ProgramData\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\cab1.cab	data	282500AB4DB2CF6CDA452D3312413E29	A15795EBC345D72425F094B54A2499CE0739F621	532578D5F77CADC99AF60E8D7B55158E32FFD900888C8AA6CC690D5F77DFEFFC
C:\ProgramData\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\cab1.cab	data	F04DF6CF62D556BD6794FAF39305A895	FE7984E43633B09E435BC90393D503213EE5DEA8	6B020E5DA5E519C2ED10FD1DDD087857E457BB8AE69E53EFA8FC234D38D98D27
C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab	data	5DE9BB4B9A1842360A5967727E6EB056	CD913C346D384F9B42487DEFF28338616351AFA9	ADC6BBE62F96AD18D2F06BC85E61D76DC9C81A955C77FC165E34C78688868D68
C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab	data	31079187545A7A3EEAFD0B0F4610F4FB	16F4EE2A5164FDE356F3B4981E3BB6BC4BA726D7	D9E556A775D5777E938AAFEF9CDFC4C8E7AF22D19E75F45BBD71C89B3AA3C0E7
C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab	data	59F3C81863BDA8700A10821895BD49C8	7CC6D8226B6A59FA97FE2C2994D0FF402311745C	E6F1B56EEB4C3C3CDA0D6FB2F47C99BE707FEBA35479FD40F08ECA079CBB969E
C:\ProgramData\Package Cache\{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}v14.21.27702\packages\vcRuntimeMinimum_amd64\cab1.cab	data	AC7BA4508E688E76B331547B98C385AF	B40CF4EBBBAD9D1E3FC950A387AEA612F666989A	35983FBD0BC965E374D6BD1F147B5521DADD7B962E2A7FC16703EE871B5791F1
C:\ProgramData\Package Cache\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\packages\vcRuntimeAdditional_x86\cab1.cab	data	4F349E86E466361963F7CEC319570262	EA5EE8C64DC7D35D6EA92E03C4C7A9E8CFD6C234	9BDCECFCB0613BDB324093C70C4E6234AD02B7E5A4735C4B3332F44F332BE65F
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm	data	146428A951777E2AD38D58B126B52129	04BF78E77E40CF4709F1B7B9AF7031B2406829B2	CC42FB00680E70EF3A04F9EAF1071E512F165BC24B023C012CBC692DEF470857
C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\state.rsm	data	76B5B76651EB293CEFCC82B457D7EB46	DFC3EE286A4104F601DAFDD722F96445D649E5BF	8E24B6FC4C0804B2FD300047C43E1BCFFE1008C8A045B1FE4536083B73C297CF
C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\state.rsm	data	BB8A84CEA92AC2ED098874464BEFA2E1	0359F179708669E7012EC4E63197B829E72D87CB	A226D5B7738FAD15758F267D6E5679660D67C81D4A5E75429B4AB39801CC87B3
C:\ProgramData\USOPrivate\UpdateStore\updatestore4df22196-a1f2-426c-aa27-062a9f86aba6.xml	data	A3053EA397B077DA899CBCA6879C7626	7E33884202BA04508A750C8CA86BD8469CA73481	2971834C72792189441456CB7B658BBF0C62D938F27D16F112E8DDC2FDB716A5
C:\ProgramData\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xml	data	ED046267EC06A42F90C9DAABFF33FB1D	53674604C880E6F1255C2E7440506B0104E839BF	1ADC353C944AAFC4ABF79A7849D5C39E48E62C63B7B516DFC36692E788093829
C:\ProgramData\USOShared\Logs\NotifyIcon.001.etl	data	AA328C45E04A9F0B811AEDA4AB334E5C	E57651BF461870FA2239935A7458D6A5AED30D14	8FF61DED44B07C0D3020A3D33AF6BA627E37851FD5B83685E37F8F7C985B2BB7
C:\ProgramData\USOShared\Logs\NotifyIcon.002.etl	data	539C9EC8D82572D767DBBA37DDFA8059	A93C565C9C5BD0796E1538295825A2D62CA43BE1	674E33381D0E0CCBD947A7BF4160BAC0A541737786AB4E6DB565FF609B26BD55
C:\ProgramData\USOShared\Logs\NotifyIcon_Temp.1.etl	data	874C20768D07C1259FFCF88ACAD00185	7EF2C0C5D60408E1E86634804363EC9A2F7EB3E2	7D297C088FDB48CB6F43335FD991A9F4E4D89D2DD97146411E605CFD6F091C37
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.001.etl	data	4C0EAF881DF7DC6FBAECA2847ECC70C6	67A4618C96EE61FB3B781B4E6E0CB03F222B2F3B	E6B104687943C133F7B69DA46C2936A760164CD0CD4352BD523144A98E12313E
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.002.etl	data	EED8F29575A0047243E4F3F4C73C3CC0	55CB66C472CBB0B095773906923CBEF9F65D9575	2AFC7C3419E457D2819D32BFA1006C43117076631F46CE07EA48B664BE694CA6
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.003.etl	data	4389EC813692362AE41741C867D4DFCF	0178BB251F806C03BD4106BE393CC60B57A5E2F3	70C6604C4DC2A774ACBE7BC0A9F31F85810088796A4C10186B06E78F9C1F9459
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.004.etl	data	3A1C75D2ACE5BDDE11B70FE319DE6C3C	17D7BD87F13F8DE51AAE9A90F4390AEFBBC788CA	CD923BA463DB592A8AA8BF8DAED499330BC6EC98C9AE0F3A59FCA78C296CE058
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.005.etl	data	CC8CE47F39D0B085A17380BC120534DD	4D2FE10B930E2CD4BE119A29C9890D22D35AFD34	B23FE4723CC3902B4218C323AE590643767099F30E677D4B3BB304FED2437BE8
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.006.etl	data	7FF4FBC1AA65635868D53D1753A7E891	78A953185602A7A2A5E3F8F25104A9826E88F3B1	3B607D13A48D3603D6B09E64903F5347920811EA6C525490123A428E0AAF20CE
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.007.etl	data	9E3CA34E7ADCEDF5EC9FD3E90D920848	F7950BC296CBAFBB784D7996FFA790B1B5E80667	85109D158A6A714E4830ED71BE13EC449338D1928D56997AA799D3F3874E0156
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.008.etl	data	B0AC9C7E1E85C483B7307A784598E85E	A40B6BAD4BB21F28E2AA65066BD8E0F0517F8796	59D0BBFF0020F17D46D908D50EFD0D59E2C2433A06C5877BDA9E93ED1F50E319
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.009.etl	data	A2DF46175790D9BA012088C900B43B28	B449E880CBFA2E185770E20BE06B7519D5EBBF97	0ADD976C766A5A13D38ABD8DA9B4387D03D6A2BECCC9F081FA14B9AD90BDC323
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.010.etl	data	F9ABED1A9753622EE996BB87816F8210	898E30F694F3A0473A936D17F2C9DD07D18D04DB	292C0BB8DB038EEF24AD7F8C4B4596A4C4BE977A689CFB7E08EBBB33A1BF43AF
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.011.etl	data	80BA803E9FA0ECFADFB842DA68994EE0	550344BD98C64C3AB9E65BE39A93580EAB5BDE76	1E733F58417E0B75011A7DE0444EF4C39A55204E465A8DF529767F4C1D93FF83
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.012.etl	data	2425DC8BE2FFC73B2F05D05FC88145D5	0E95FC81B48F4DB63A410B4EAB7ED1525371C5BD	17CADCA1CB52E061B024042C00662512428377FDDECF81FDA8926AA03B5D0B7A
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.013.etl	data	1BFC06087045747749AD135A4819CA79	9826AE64CF195182FD6E9662A8A86FE6352615A5	C80AE09983BED91E104EACBA274FCEA89F7E8A92A0BC3CC7476F9C5371F84301
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.014.etl	data	29BFA8201275A92D297E9770F1677145	9302545488AE03D1C67E2DB0F5764738CA8BE9BF	E634C4F88B83DDDFBE6F6BF705F567D8A809B8D2343D012672D18F3CEB285175
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.015.etl	data	6389E8E76516D3D02AE9AFF7B43D1891	01A9ACC0727FA6155E1327B8552854AE98E32C0F	1497AF30A87AF4787C343DAB261351CDE86B87EA7ECCEDF507803223FCC2D417
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.016.etl	data	DACE244E5FB7240D0D05AD567B31E086	73948DB2211C2D1976E6CB958403675C68DEDA6B	3F9D56AC208C37596DB4B31EC37FFF12CB7125FF3672E30B55EE06537B64303A
C:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.017.etl	data	CA8861F2BE2222BDAE1DBF79D0A0F344	283D94015CB25FDE80797BF6C8CF68B567755EDD	C7FE06CD2F64D0D514D103EFAF766C50EACD0892D7020E7F4298BD9321E0CA7D
C:\ProgramData\USOShared\Logs\UpdateUx_Temp.1.etl	data	F953CE3AB62CF9D9CE6C493F736AB10D	A6BDADE3343961968214C4337DAB884DEDA250FF	64B907D37CDB5C9EEAC5ABA8DF0C532824471370DF960AD0AD6A01AD05DBB1D4
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Microsoft Office Professional Plus 2016.swidtag	data	FA7F436743EBA19FE1FF34E6BDCAFE3E	8BC10D44C8863759F1BABD010D0E9D94FAD1A96B	A1B8C0BB38FDDD20841E707060A4B30FB7A7433349D2F3BE503FB1F3310BAABC
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag	data	ED52B3BE4574FF8B05CC68F897BD3E8F	15CE1BD3F39893B3A5D2D30DA8A599A91E9FE303	7F862D3F1ECF9625FE7C10BC4CB3485368B5243370CE3537C42B3EF20FF00F3C
C:\ReadMe.txt	ASCII text, with CRLF line terminators	AF5C0A0FD6FA8BC8E59F6221A1705EE6	2DB1C8D26AECFDB8A827A67A5CBF16C4F9977F0D	6E55ACC025EA4888FDF070A1707B6E04A509B24772E81D64595EA6B2848DD71F
C:\Recovery\WindowsRE\ReAgent.xml	data	9F4D6DDBCC64127D42A165E53513E34C	626A3F2349A8A42BFCC739E24E93EEDE3D7E83A3	DC9724F746D805F7D836B92939634D2AE81F26D0176E0B3AD8319D8F9067D98D
C:\Recovery\WindowsRE\Winre.wim	data	737C3135B7CCB4D4854D1ED498CABC0C	CCDBB1074ED1715C017C5EF1B8ADA189A2E749E3	08DBF5CD2B1DC3E651ACF1D8FAC56B47E0AB2887E46A99A1AB467AC5D240BF05
C:\Recovery\WindowsRE\boot.sdi	data	4520F44B0C1BAE13EC8018DA94C25C60	9FDE0E46B442DD8BCB32AD7061A61364B71A8613	5FD32D4EE26BF0F9CC89771E464CD422DF36671DF350C415DA74855E815AFFFA
C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink	data	3D8F6AFD652FBF9E46DBE9FFBFF2A293	EC7522841A0EBE33BE7DA8E9E99532A7E8FF4E69	B17342A7E1D0A6C1329A0236C3A84D23E7200539F2DACB17B5639B141BB28FD6
C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini	data	799C368B699A1CEC6AEF281A6776D9A5	EF673A8A5216327C6673B1D5258647C8BFC14361	7D30F228E7E3D71B374F6310825F77ECCF141A5B648F6B5C5A69F475F7EF7AA3
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini	data	AF503E20DDE71B205CF360310387F94F	07A346F430C3BBDFCC21DE841FFECD83F1C7A5FF	C79093C85161E27C3A4E33D21A88DC2748F48C22F09D16D2CA86ECAAC94FC2E5
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	data	75CB8A08F789A1A47C350D42326AFCF9	363289327CB2C0AAEEBA2E68477793BA77AD7553	7B9A6197278016549606E9BD19DE50DA32D9890548D4F99EF3881945CB36349D
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	data	34F1020AF085FA2F8A28BFF2E751D559	BFE48A37B15DDD172B01C58F09658A873988686F	382462A5BBFEB4B19637F62A84CDAF079AF5186E29344A97F3AE9CC6465DD903
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini	data	6B5BF7697550917A6F1D120EF92C4EA1	970770344EF6018D7CAA838F02EAB10256FB9A87	D75BD6EB8D4F6800D6B97494FEF74B2492ADBC7FDE4F2BD425D812C7EAEE7690
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini	data	C097A848ABFE3E39FE784B6E032B1788	FE8EB05FBB6073629D5A9A6285646106783D313F	BB6022E1F40FD68D3D70B680ECA8D16BB08F790E4036631984A048212C62DC6D
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini	data	AC0C9B1632AB77407DBB31534EF27AC6	BF1A3D705404A26E9EF3B8FA58455213C3E20EB1	484A2CFA250E98D00B5CA337A5DCEACC3412EDB76BC879C638E0E8141F181D3B
C:\Users\Default\NTUSER.DAT	data	24360D4AC64825DB994F83A2F5B0573F	1BEFCF8B056FF425BBE5861964D185FB35ABB72C	AF89E07116D5326B3B9AB6B833DEE19E7C278194E2C466539DF871CB42577DE5
C:\Users\Default\NTUSER.DAT.LOG1	data	2C13E637DB97E0AA01B93C8203BFE381	9AD3DBEAC571FE196F3F411085363327AF10C4BD	C5540A18F47614CEFF871CDD499A0CBCB61109C6E5B3DB6DB6FC8DFF6563E8B4
C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TM.blf	data	B4DB79803D984C840C137378ABDC988B	443AE559D5F2965EEA6980E2C6467D891B08B6B3	5661255207343C767EE2BE67FB59A66A227B15790257D794F470D13FA40F24CD
C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000001.regtrans-ms	data	8E31B8AA0206D148E70DF1CA3F657C56	17E983B46D0DBD3319BFD04D0B9E8100ECACF0C1	C2643B028EB5C11FE1CFF3347BDEC2266D86DC286B151B5DB222C6A063033480
C:\Users\Default\NTUSER.DAT{8ebe95f7-3dcb-11e8-a9d9-7cfe90913f50}.TMContainer00000000000000000002.regtrans-ms	data	4A6C32D09CA1CA5D68F952A49FA0C9B0	6AFCEC5C789C341E910BE6DB161703E5FB89EE14	1FEF4CA49F1D48EDAEDD000BAC4D5CF9B01E18FE591DD4562ED691A7109CB6F0
C:\Users\Public\Desktop\desktop.ini	data	5B0E4DE08C6577C0A4D8F573B3E355E1	445D7AD38FE3369AA2C48F31DEC79AF0C0A6B5AB	D6AD79C951E05F015FC28CD463053F2C9CB31AF92D653D01868D2E3F075A3FF8
C:\Users\Public\Documents\desktop.ini	data	AF94DBEC8F8B87D13FA9C49A07BBD59F	82A44581C9F80DFECA1577E0B14810CA9387A3C0	C2922C4061B15B9B3F719938F6A8D5577EEF6461D20297B69286A5B6AC277FB1
C:\Users\Public\Music\desktop.ini	COM executable for DOS	E9A90AB684F88F7787605EDDFF1FA2DA	AB76293517DFE0878CA229D854BD6BF8432B8386	E30FE938F29CEAAB61F7524AE2C0AEDDE707DF47BE89578AC0A9EBF9658026D3
C:\Users\Public\Pictures\desktop.ini	data	AA6F7D329E6DE8E74992E517F0000CD5	F2141BE2617C4415973832030DBA3697C24E026E	199F56CB72541267B3CFC95472D931FA8980B167F8827DFEFAB8137F11C15B5E
C:\Users\Public\Videos\desktop.ini	data	CD143AD3D59B89050F07AC69CD0486BD	10FABDB4ADCC641372BEC0354058C8052B63E9A4	8D2B84B7028E9F1C290D64EE23B985DDD583530E16BEA4C9095ECA1EC4720998
C:\Users\desktop.ini	data	622D6D135B5C7B3E3E896570ACABA327	DB06F3AE236CC50A6B0B0D76D9E582A15E2516D4	C81899AA64DFE2F7014F29C5AE53BDD34C8F85B4566EDF1D5CD78C30E9D56C69
C:\Users\user\3D Objects\desktop.ini	data	3095497E37E0AC332B032D470B36AB42	F528A10EADCA2916577D87C8ED83E49F4E60AC4E	C45576292D017F20CD077BD1558A0BCF1E21058816C42CDB13D2B330EC2BA75F
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt19.lst	data	DE1FED8FF38F1617BA80BA249E26EDE3	5D295402B596AAB506EC401DD22BE0664E85F64F	4D3C31488B14FDFFF143F664FFE9D4E1196B2D28FFA2C7251895E42EEDF4C4B9
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst	data	FBAED002824E68252BF3FA0ACC476C9D	4658E024D4EFA7497ED9E3F0C4088607A7FE1F81	93D1A5075751BAC59AAC285DD3185ED4EDCB69A7426B10E63078BCC5689112B2
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt19.lst	data	CA3CD2EBA382D61F5E3E91BCF9948227	8CA367B0B03E4FBAF585A2833E583CABC4722148	E03B3C535F26570881C718BF6D1B198BD6A852AFD7E3227D7BEA6B31EDEB2BD3
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat	data	28EAE57619D12446315D6D3F1A271BBC	9FFEDABFCFBFF845A3BC9128D43CB259BE1099BB	9363EC22CC57308B2792FED4674E6E6A0814C679360037FD70983EDA5D709F9E
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents	data	F47767B4F0C08FFA362F6C81B181D749	6586914BF7F5DED2C6004740482998FDA02B5843	D1FC51CC667425947C4DFFB14CF29A4154A5B3FF8DAA88BB3AE3B0149C776B4A
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin	data	A837B096BAE6894351953FE36DC00B61	734C3A82B23C2F09C5FCD4B379642ED84BA4AB30	043C56907094F1B5EED78EF02D2EFE93F68163A577E2A8DFE87A074725BEE47B
C:\Users\user\AppData\Local\Adobe\Color\ACECache11.lst	data	AD31F327EDF227958989F0E43F42D08C	B83EE2C0347127299229E8BCBBF0650CF3D8AD5C	C7FC02861F11A033622DC3116967E9837E5B3D072DCE672B23604867C4EA5C89
C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jcp	data	6E9AD3DFA21E29063494FF195FC3D76A	D116E3FFB1227D414F2F6BECDF3A1E7819B4140D	62ABF7E3CE483B7FA1311E3E5C4C6F7BECDD31FC917F14A5708D4ABFE27C39CB
C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs	data	EE3038E5C13C53B2558D48F82213699D	E118A3A4AFC96EC462B762D8161D1AAA8E9650A6	981BF502D671C8EBE33EB17DFDB0FA1F8AC836E7FDAEA5AE243F54FE98D00A41
C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs	data	25D718323F893CE7C052AD05F407F83E	D7894C8CDA438D8BD598588F44B6721A109F8BB4	F58D6D1C61D5CCB055CAB98060F2AA674D0C29C122EEB5560C161D213153A1E3
C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx	data	17217F45D49EB08921B3B8E1A68A9D75	C951439ABD2EC4058D6BF2CA671930EDC6B8842B	078E0DC085256A51C5BE11918BA2D8E67E90D0261FD603A066FCD4DF5FE77505
C:\Users\user\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp	data	BAC1BC0C53AB133E3F0912DC51D530F2	8A25E4979C191B75D454EC5520AF4E1CEE121DC4	A31827FDAC373BB01C17C0D9CC8E89B31A1B833C9FEE645AA695B214AA9244A4
C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx	data	8C90C6E68E2337E739D6F0ED8C918687	A6D90ABF964EEA333AC8C73DAB06B19E0E1FA98D	FB6B75D66909C9A6B5B240E6CB4F19737F4A10506DC8DBEB956B2B137455AE12
C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val	data	4706B9BF68C463A27EED471A404A97D2	3301B2B41470AC7D9965811CB4CD75EAA47E3D67	019C72DC3E6CB47B18E18EE79DA24D6EF3762EAB301CC1094E071C209394256A
C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-62FC0DB0-1450.pma	data	3B03F78680A90FEB0E9EA5B276075C0C	6AFD0150E6DD099225727947B63BD4768ED783EF	F251CDE4EF643F706274F4E3A989C06080D3553AD7F91F61E152B4C2D4FFDC2A
C:\Users\user\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma	SysEx File - ADA	18311F79D24CB1DE864231DB38C76EC3	D856BEB3A56B93EC3BDAA0C84CBB23D90533C80C	5C3E6CE8ED40A46576AEC432CED4FF9049349B1FC0C9397B3CEF5A3DFBE0831A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat	data	FF4286923AD1026E5055CB427BB627D7	2ECA043A5D89631BB40616759AC0A5FAB7A4A37E	0E151A0CC35863C26005FCD0EED1BE053CF62076F1A39CB9CC7AAD33EBC2CD22
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Affiliation Database	data	034E096A768386C216E77E8BD91E6329	DE7F09FBBAAC72D7F008AE5B6D57ADF194D55D54	88C013342A38D79236EEFD9699782869B0C39B25788E31C6BFB69054E6342353
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0	data	A46B146A6A3C81CCD66DB194D24A4490	CA8D5594EEAE3829B0EDF89F14AD3F4E0698C5B2	6E8900825227818F0CAF323538A3A1BC9CC78355F5B9DF52E443BDE1B5DADA12
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1	data	3475AEBA08DBE1032E13192648D2BB57	DA9F4F89A6DD79C8440F99593067309B8D7FC073	AD38BB25EC0EDEA611AE52D49EBE6E033C742FDB65E8DA907D4CDE70C4415FBA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2	data	0A85A1CACC3E321CA4AA4C5135E530DD	D9005F114AA39F259A3642EE34DBA07BF47146AC	7CFA9171FE368FF3F8314CA6F9215085D463DB64182978FCE2F635CA1C8575EF
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3	data	00CFB936209F06F4DF48547C8F88630C	D78CEBD220990D7AEB41F446F47ECD40DB0D7275	D84FD4913DF40E51C96BE9CD4346914949454BABF2195DD7B882E682527CCC6B
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001	data	84DB6DC1A7DDCECC7F330234050B9CDC	C4A2C73C13D2C16753CB05EA2C0BBE8A44D424B1	26496E5A214099484F7D8FE384844778C62E63BA3E3E97FED54BE0FEC5A31C83
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002	data	EAD4770E780B299184DE7E15706B2C32	7E812D717A711077E323DC50DFF0B4B3F5558DB0	CFCDB344C894A8FF846BAB62C4131B684114A0E6C854DDAC27AC87D80A6FFDF3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003	data	F083133AE2990658BDC71A7A87F188F5	BD7113B99D8F841FEF778AE646030A2FF6B5F653	178E044947EADB7DA546774A9F86E5F4C093B611920604924BCD232729E0A9F9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005	data	DFD55FEB8B1A4BA5F57D697970E19D92	2E943EFD840F3316EA2C8876896DFEEE10D14E92	386D3EC38347F9F67E6BD7D2AEBF8E934BBB617739267989D5EFAB4FB3F0D359
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006	data	ECEDBB61DA79E8D623D74B5F9F353FAF	20ADB3B8BFB9BFE00CB015D02FF7DB96046B65C5	67C8C0846A2B2C2F8323D0D2A49A24FA34594483A8B4E1889C3496CBE0523FFF
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007	data	1F028070FF434B84868FBD7F52241070	17D3C5C7BD060C62E1B8B9A15D0FC49E638B0E76	2F47573A197F1DFD59298B0F12E6E5F4014C326B1C21ED4C1E500793A2F89864
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008	data	B19024881BE3E87ECA0BF4CC76C0ADEE	DDAA809F9DEE7295B20B1A495763EF54BD6A833E	03D9DB0E7528AA70A4F1F2C8CABD3C6CB7C251D1856846FB6CBD373A5367BED3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009	data	9D07D3A60E50BA64F07AA837B8559442	C814F4C7AF6F9CD2A15EF8CDE7752D2FE272CDDD	BDA4D1962B35CC3E96898865EB5CDAC10830D9633DF1F75518102DB4D0634D26
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a	data	B96B403999FDF8CCE320C57831B9D792	6EB597C0735ECB50A80C7C45A928F3E071399036	033E362F3FD34F0E8DA4F3215308906941A327485548C30B618DCDFB556D52ED
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b	data	DEB04FDED8E1283B15566B9C79D556AF	FCCF1966F3E75C23847890132CEFB964AEE59A5E	D950B33540B7169706E249C6572F097F68AF0DD8626084BCF073D3048F5B801C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c	data	AB93C07E8E5CB24059647A45FDF6D357	77484FB61D3AA45E56063933655639B47EE769E1	33DCADEC7103B536CD804A6EE27DDA956E8469C6A9F67D6521ED237316CB3FAA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d	data	01A4BEDF92ABF5993EF2B32A17F6A431	989DCBFE155FE6F45B7A2298FF2BFF3D9FCA3C83	97CEAE16A8F6D141E078B9561F76FD5224552A8179FB8CCE0CD707A0303EFC53
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e	data	FC93CF900691A70E80FCFE4E7BA94C81	091F028B66C9D2F7202972023C1A39ADB342C64D	BDA2B38E633D9E7A0D79175671BB43E4CB72996309DA500BEAD6162761EA65EC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f	data	93FCF9F465710FDEF1FF8E8C9C29E524	CE39D4B6FF08D02DA7692B3122A22027AEC771ED	16E6B1F83E7EB3DB54899EF2B77EB4EDAB9649AB46F76C48645D1838CDF223B7
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010	data	E56CD11BB7342EFA1186217EB5C67472	5FAF7CD5475BA4A59F8B9F4315D2DF9E8268E4C4	554FC9E649106D3E6AF5925E7B8A9CA4F19236C1D7059C8ED1A59FBF30864313
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011	data	BD9BFC0266B4430197BAF61189B62A9B	B3EFD8181835D35C7DB7B89CE9F762B9755725A3	7A978B73FE59D5ED4CFE3FA29430F28F9DFA1DCC228E3501309BA491BD07DAC4
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012	data	AE253A5F8BCDEA921A2C94C43A660E4C	AF07A5B1802B9C49219E11951CD8477DDB71C263	206F87009705A84763BB06988AE16D240DC424BF6DB8CC23D0BD07E39EB86453
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013	data	5389E416C4B3227742FC0422768D5FDC	A437067B27B9A8F68E5E01ACF58411BD922A213B	9290E499FE92A85AA81F615EA4BF0EBE25B10D1F9197251876C7021571E64709
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\index	data	44D7FAA695258978F254C5D383EC2A20	5FDFFCFCEABBE529E7BA95E245F6F5E3E5C77ADC	A0CF0807BE1C28B6DFBD03D031EB3E38DE733C21D22E52263418AC6BA2DE1DB4
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\02f2049f4d076920_0	data	7D6736E1CCE485E6849B062E8855CB9E	70223E7215B6804707728392DBB3C9093DA631E1	60DD3EBF88CDE31BDFCF1A2D52B518602D80A9A8C93AECE0F9009DEBE9E6F587
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0345d052e557eb30_0	data	A4E2EE96F3AC290E915C29FA982C0FA2	ECB13D959F5275588313490AFEA661EB389BE461	692028C71FE923BFFD14E3E1A8F7755C9AC96EF1D3589D4D1B94EBF8A73DD7F2
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0cd82a09b7413176_0	data	1FD3CCA9710FA7C3FB5F3B8573D9B779	0B133B1C5AC6AFB21A9789663EBEE430FF44710D	72C68F5D07240CF2A969324C5DC585E5C441FF6D95740CF8C212663AF4573947
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\12318cd0c335b8e0_0	data	A941C4F2BAA577AA86A101E2F26677B6	525617CD1D6A8F9F2030B5C699FE1633A8CE9143	2A4B1D77A90866E338371273DF67B9AC5076F86D47EF18B33EBBD47FFB0FECED
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\157ac5dc69855318_0	data	10FCEB65AA10B4A3C3EF27A152BDEC93	3316F053FE3230D4125B3DD8C1016B17C8C2D29C	754EB15FD65A7ACEBE4007C7F199B8364CE2B06A8F724698EE2741CBC8A18980
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\17f7cd50011af964_0	data	885BB932FDA75B443E63665F4561D972	B8B0EAD4372254F69B82DAFEF4BDD8307F2C52DC	00FA9C16395944BEC7EE71555030C36C6D8FDD648EA249CB7CA3CE1D1C46E58C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\181db4280bb3db70_0	data	9AA40105840EC0D3266A6C0B474AD6EC	E48A4FEEF8B2DA686A05B05B9843E2EDCC481238	8D2FF47CCD88C296EF4F364CF712FE2DE44F6F895731543EC0512A9F924CB796
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\193710419aa3cc17_0	data	637978061044B33C5053117A0DA109A4	A1AB3160B3A6F0E398280329D16F99F8D82D80A5	4C9E3317E1360366C64B3811F5F29FAE2E68D1E06032B683869C762F54CCC5E0
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1ba843d01a7fd21b_0	data	044BD5FFDEFB9490287876999B8DF53F	EA9CA545237A8DD9DED3BCBC43C13751A0A92874	BBA852889C3B748F83B2B53DA9DEF88FD780C90A5814CE35BC7981E3329A7B1D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\204be61fa3dd1aa2_0	data	6EB4DFD9B0D7A615B99347A6A3FFEC67	F23CF40B9374968EF02E047D5D9B22EE9579EC6C	C619285D1458929D59F6E98DF3BE3AA72A264EA358DA758FBB31D8F56352341E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\244f905c10de3c26_0	data	D47536548E4475939B93F689E20A5A4E	F29D3B211B6FC17BB7F07A19F65D19370D084501	F73380D121E2B5C0A2624FE3DD26935EE5AC7023C084759EC6D56D4D0BC8A58A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\25f13bc86c899fc9_0	data	AD0C3A03EE2E2FE3A1BD60FD78B19478	A52D8AE31BA17FF28E336F776E9B0D0304BD2FF5	17F8D9C10A6D1E898BBCDBDC1DAA3BBAA6D8F0DAE3BA82924EF4D4D7A53F2DB7
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2fc35d15f2eabeff_0	data	06C56826466A022C8DE46EFD2B38B5FD	ABCDD59C35D2E213D7B77C4706A747DF52439851	1CE34166919A450D7538E30E08B1736393286C908EF2EC59BCC6F98BE94915F5
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2fc3d3a085992c47_0	data	103638C2E0057FD754DFB4A76D03F7B4	FE54AF86373440E0828F97CD2BECF03705916567	3069890F34FD1074EDF943F72B7BE63D0C87C4B32EF87B699B766BDC79870A3D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\33d102032f141cd7_0	data	B32FEF67122E41F607C8E21DFA42DFD1	3B414DB4E12502581ECD624AEDF5822D5401F2E9	B59BCDBA8ED3BCAB21BAF5215CDE7EAD7575CED4613111E25B6AFE2BE29D93C9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3653004befb613c5_0	data	2CC2098C9BE4BBB84424127FDB5362CB	EC6793F197BF1CFD8125BBCD19A58C3049B83073	3EF6011376BC76B43FE96CE80ED12F3B8C1CAAA2C70D1ECC3172845A74CFB80B
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\37c5525a0a82ad76_0	data	006CFDF87B89FDB08EC32E78533A4248	6D628744338BE85A49F81D71FAF01D520B322BD8	9D8CC0AD355A21EBD4D0608D8A5CBB31013A7A71AE9973870BCB1AFD98D65B79
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\39208e3502e0f8fa_0	data	3BBE6CCE5627AEBFE3DD72240E5B0E20	A991A3CD73AAF066E5B06CFA8FC6EDABCEF5F45B	D859A0FF97D6BDB6F2C079A8197D5B11984D12D629E136152DF22ACBE45D4B64
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3cad3a8253a7ad76_0	data	7FE0B5DCADD8F737CAA188F1F7DF4A5E	CE166C85E42D7EA6974F5174FBB2F763C31799B7	C6356D3E931ED5B5D0DCA81805258DBFF11626BCFB6526755703FF339558931A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3dbe54b7c92541c6_0	data	C3DEF02DABCDE5827E78ADBCB2274DBA	4A6438612E084C91D51E92FD627F0B96726DFF2E	76132340B25723477E36D5DEC1A36725868AC93DFD7DA4B64EDA8CCC87B0D49D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\413a48146dfbead6_0	data	DD425BF47FE122CF8847EEEAE4F7CE6D	EB55535F1256C10CBBEFAC4BA595EA055C227518	7D647330A815BFB79ADE52099F8A6CB60A3BB3395AB2F834ED67A2EBB47ECB5A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4d1a34821fab0830_0	data	04AC7E65C7EA2660C22B3AE22ABEC12E	A76DB9B46A034A72F243C691D6F47A89F1843E0F	F4220A5B846B92A3056A662B3ACF12E79E1D0C3887F82D38EFBDF8CE22E23F54
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\520e3a8ed2a05fd8_0	data	AFF6A25FD8FB3AC0651A9C699FE42DD5	F2B6CBA695A06088D2C0C83A692C0638F66AD309	0F1B0B4581C2421ED9A7A353B9350E6969B4AD4275A77E595818637B75E0AB33
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\54c2a35d39717397_0	data	3AC75B3FD75DE7B7AC7CDA857D71FB50	CB05BD2CF6F40D2A52AE6696FA9ED517F44E7A8A	24ABA71FAA29D503E78A586A3E98C40B236164484733C5FFD865F7FFD227E4C9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\58ea1f927c503c2b_0	data	568D45EA277A43F4CD0F3BB1AC3852FF	A22A044D0072E035B89744D391EEE9314A53080D	6339E144F5151B5515443017AC072C9241CBAF6D1D03A47F6054B8CA6ED5E0C0
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5d86ce9f97b83b7a_0	data	8277D4C4E7C4B6FA61C2AA3E083E56B8	A32708766C5488699E79A190B5F798B4E5EA3981	67A641EDA50CFDC56BA31C2ED091E4A4B6388B2DC3E3D9B5ED9E0DF606226735
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5e3d1997942e96db_0	data	45218BDDEAF8B128E8EA7CEC8A1DD0BB	A83277973E132AFCE181CD7AF7F13FF14B3C5EA4	CC2E0E14E91FABF595B2BD3BAA2B3AD158D1D4D811CF27567A57CA07804497CB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5febb783fe057117_0	data	7A94FAD91B89E43B09A8224011A8D468	A66B953D8BEBE5059324461619741DFCABC2E7BF	627ED0A116664A7096C896766EE1E91C832D0F3C5DDC5D9F1077EFB1462F6054
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5feda46b7e0a1749_0	data	24F4F3671A8D100D29C59ED466F46422	E58528FBAA5B4846BAB610492421105BDB43C5B4	5B80F264E0A8A6BCBFCA859D8744025680BD3682087634FDB76567EC59DDC53C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6634d30d3dcbf0b9_0	data	563FB0CC596CC76FB53ED9D947453944	C61BD89C33CCBD5A11EB41000BFDAB789B04D2C6	B90205AC4E8039292DA73BBFAEC00BB80D49FB521E9CF946048908AFA2410A85
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\70060c5e68d24ac0_0	data	4AE38BDCC51CA7244B9D2F5B577BF007	F6B738142AD9E851B37F0E9C101294B05081ACE4	7850A906CE3A5BF43E0A552E9549172D394C3C66B538F4DD51E0880C3C5771BE
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7024e62dc145f17b_0	data	ABC50E938039C60918109CFA17CE92F3	D952EEEAE07BC0616B6590AED2DC199C35B3CE62	D645DB79B1F6A30990597F7AD90D727CB07E3D37A31A9C63C110EBBCE2B762D9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\781eda116020e748_0	data	593B7C5B2875D73B96C7081E8DE666FF	B8434A667711FB2E0B6C7FD75EE56191FB2672FB	CF7E7A7FC4A1B0194BC3D5148BB607B1808FE984D5B6035EA9978B01D0A114CE
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\78ce8e30f78a2d10_0	data	087D3168B9A4FEF4F1A64744098888B1	6003D68420E8B394A70CB39B5225C316F96633F1	31286D29BFA01D15036A393C49E23A2D7A3B3F39ADB8FAFBEAE4923B9BEDAC46
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\830eb3248d9b5d25_0	data	6385279EEB7E10CD23111AE4D17F4EAD	EB7D3A95929D3B0438E1DCA0D19621CCB53554D7	73DAD7210FE42A5C436E8D0842AF7076E0C5A8B697A9E90CD3A5C81AB1BFCF32
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\904d92f9077f5bc7_0	data	F56F4C0669928FA889218129C95144DD	49C5567D7F5FD8A48F487EA3044F6BFCE7A3C210	93E809988B4D6A5CCFA1A1D477F52607B3D05B9BEAC981CF2AFF95F1C7A002AE
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\92ed7279d3e98be7_0	data	377D936093E85106A449B6DDC6AE322C	C97C935BDB669998D63784B125DCFF11BC723819	3FEA8D8DEDBB374100A6F163D74DEC9EDC3FA272E57EB61021F2ACE6F90A4CA0
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\99fbbd13ad205f5c_0	data	A4AC7052782A2A012B37D387F17B73CA	677EE669F41BA605150D197A490D7237867A3A43	E58A5741E7FC5BB359E8301CCF742F3D735F058CFDE3A292796F735FFB0FFCE8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9aac68df8d0c7a90_0	data	4495386F77CA98C864F0F3C2ED21A5B0	A4671D9BC74D77D2EB1B776DA2B785D247A084FF	43B43EA45EDACF37BBB6227902B76E49566618163FB4A78BBC5C3AB741C3CD98
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9d6041a3c725d0dd_0	data	A06C2F79F48C71450AAC3FE119AB8A76	AE8A4F28D0AE37ADEF9877D46CF2917008081DA7	BC2AA5FE6CCB283B6E759B6CA6E3F7F03EE48C671886FAEE5CC65A66AB29AAB8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a1ae1b82121938e8_0	data	B243F7A23E06422F75B512F81F70BE5D	4F0EBF73C5BD74579535D9BB0BBCA16641F5FDBD	6B33E710B1BAA3BA935F171C88E5DD455C37C411AC6A55126FA7DC857ECD7AE1
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a98e8bc1ce64e2b3_0	data	BBEF2D6C7D3B3AB0E2A75B60E23828B3	FE5C6BF982DDC6ED3F43B4E344FE9194A6D547CA	6AD94DED07606FD7880FE5283F4B51A74D856DB218E0E56D798C69402D342A4F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ae276f63f5a595de_0	data	C3E6DA1A67077F2A5F40F7AB55546314	1B3B80575D8F21C85C84799F25459EEEFCF8708F	B6D264E84B30F5ECD0782CEDC09A383787B5BFD551AA656DD7ED7B77087C8FF9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\af093619a7f7877c_0	data	55CA5FF1AF6B1F244257AD143EC2B15E	4A0B5469712624CC2C02E5F9BF38A66353EC278C	FC9C9A375CACDD140B348CC815BC02C41DBF9F36CE9EB93C72A8DC7A151716B4
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bebbf0a4fa320847_0	data	DD94314FA32B64C6A14C8E6A5E546823	9BDE9FA4F03E7706FD98A2530FD4612870CE90EF	3395E3F4932CC632E4E5C6962C927022811F1843E2BBCB1C0E6F6283C239E41D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c0f40f633d039512_0	data	13304E399C9DB741DC19B796A7B0F29E	BF6A171D8F2DAEBA87214DDA6AAADA46A76E72A8	898194F364B0AD2C9C7BE0FEEF8F547DC1D55838EB81A42D9201F04EC418E2F4
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c7f24e4bd8dada7f_0	data	636FE7B158136F9744A497222D6FC33F	8850BD5361DF19A52D27ADDB9DB7FA772290D243	F2264489ADE896CCC2837CA4B4EF54C33A9A466803228DB2FB615BD7D9D8C2D8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cd472734465da5c1_0	data	647B782BEA1A9300C55F70CC5AE11D20	83B92F00A8C5DF2F62F8D9D86254A7411E9E0746	6FFE7863F254A8B4FD4D4240216A771E76C4EB42A553F5B03567352926162F8F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ce66982a2c6e4dab_0	data	4F8DBBCC38E92AA5EB72D19B2042DE5C	0A5C3975D654C7E52B4B9359E89CC1ACF834F273	39BF59BD62144AA526E6AB2B56B3C5B9774D5C5DDB92A9E1E793C2000449895D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cf7c0c62d2a87a0c_0	data	0038D0DF773891877018E5CCC5A7207B	D0776418CA12C9DAE28437EBFAFCFF4D1C6AC191	3B70C02F28F4292A8AF58F060687DF8BB66C3C8B0085142F0D5D1ED2C2CEB975
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e0e29b32b66396ce_0	data	D1778027AE823CED62B926398DAC9160	7FE09DE4C43A53B9296BD63CD2A8845A0946EFFE	468F74472A14B4E8D4D64411BADABCD6B6D6CD1474FF13B0128362FED47DEFDB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e957e727b4de6e6c_0	data	F6ABB7A487606A3B5F02291D8AD50E09	EC25AD06D852A98F2BA93D57CA93B4ED8275AB55	C497CAACA14422B946F10A18A8D9D33AA0F551A56D3035EA55A766DF42E400AF
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f5205d5c99120fa5_0	data	E7C8F5EFE830E9153381C136B0622D5D	D4B81C23A6A9355452187D86697322C5FA8832A5	3B2EC409624DA54448211348F0E3C0077051709CD312086FD4ABB817D1DB137E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fc9785cdcbaea0b7_0	data	60B55F3C39D7C539CB7C366FECA6E690	5BD0BFFAEBC3C499C28A3078258DEDFFA5CBF630	344C0D9974D3198C9A7A14124655A45A384FE88226246A7AEFD35CC6DD4C5620
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fd193f77dd25e1a1_0	data	0873C6A2C69D20AA981B122FBB5E1068	567B3B579293B9EE3C6AD6BD184A81173B44B3D3	A6A4D742245194693C98F40C591850DFB6AFC7BB9CD19FD08A0690F29C4DA4B7
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fee6704ec67d5ed1_0	data	0217E56BE3D8B9090B307FEE447E9EB8	F13559A4978090DFD1E544E0C1FDA335E7CD76FE	479509D405E36D22721648D042E051FDBF5DD90BC1F96D77478B986DC053FB5B
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index	PGP\011Secret Key -	735B4A7E8E6B76CCEC360750D8F5AA4C	CA443089E40F6AA05D9D8F7B4CC63704C0FD8843	4F6DA18857C31923EDF8AE96057C6AFF87A2207FF009F24B15926F820B6F8B9D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index	data	52450C7D58698BC47EA5AD032D9487C0	BFD16D9F0C1AB91FA920072CE10EBB344740B63D	98FCB9DBD48059CC38989EE3E9F4D3D45474B77BDBAB0DE77C4E50FD68DCA902
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index	data	0ED9C4B8CDB1808AC66D4CFF5745E7F8	5D5A2AC07C0457D9061CB2F38CB2280EC4EF4410	50FB878073A4F7DF4E528F8A3BF87B6B458BFEE38B57C347D4B3F498AA0E2628
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir\the-real-index	data	A0FD6DF978A825C0D3B6F5C5C96E0039	83256BE50DF7A7D95F5F684A5F8A9EE5C4EFD7DB	5E56CB041258C17750EFD2A1E4D67A75B5091AA5F33C9620590937F3740E0FF1
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata	data	8611076229442312FD1B17E703A323A8	8842EAAD76DB36EA9FC69589DAAE2EFB7BE64B70	C0494EE583A959D719BC8F1AA8788BB044A0B772F13CE267C3B8A417A8C2DEC9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies	data	6C15DA45C3D30849E4A13B8889378999	D7B94D2BBDBDD65AAF5A1D471F913817EE0F2E25	014F738AB33EACE96EC5D27FECE12C13D135B43C909E35785ADE06A76FDFC819
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log	data	867CA6678DE3733C5B92ABF44D5B2052	969AA594069EA33D5725F7233E7C566621261159	AB6E1805B103517FAF84A4EF8BD31B3D974E6A7FF98A424BEE01DB690AFEC396
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\CURRENT	data	FE52C6267D4C4EE9370BD76B34185B06	998A89E6D31AFD6EFB529F1AA0C294BB636B790C	D1A43051F0760F6D4E2F1DB986CA1815392BE42B5F3D10143A2CC689B257D33D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG	data	E8EDBF7404EA5D2C0972436A8F1C1AF0	46ED963FE1057C3E22030AEF0AFE8CC3D9382008	97386E119B8798CB9F03790F7268BD58DBBF7377E57BABBA7FC32C1482EB7067
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.old	data	EF85AF2C667BC5FF21D8AB2BF864C492	356F1EA618457ADF9535BCBBE855DEB5F9720AE6	72C9A4E99384208C9A9D3C0A285B554DCBB837AAC89F96B0E6F84B5E3B5842F2
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001	data	226DA237662763252C7F19E00AF13479	24978272AAF2EA779868BD3A842748B5ABE437BA	BE67014E9F87C040FB88ADD9D8215F8687069A733F368F40026FEFA85C9AA61C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\000003.log	data	8C426DBC2A54BC7667D499C956D66570	50FF2EA2787451B88CD4842C2E9443D70BA0D78B	921B46ABAABC671435F9714F0997695BFA0299184B494CC2A3ED157FAF605495
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\CURRENT	data	67560384118EC69557DB05861354ED36	E254252B8FA4F7DD9DB94C9C3443029AAD71FBFE	37EFBFFAFF83DBABB772FF00691A9BE8430AAD4F047F0E2D1A6C3F8E00FB4A99
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\LOG	data	30F91F1E0565392656756B68657743A8	AF8042643B8026BB78BE825D525B0A5BC931538A	466E4C8FD903C34C209500FDB4FC4AB877F4EDBC22CA47F7359F0B8CB6F40D09
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\MANIFEST-000001	data	AFB55939AA3F974D2676E12BE5C0B2D7	FA9C4BAE780B14E17E411A6CE004CB749FB4EB8A	B5933F16F451255924EB52239403666D7B71407F8333E629D3978AEDCB985BB3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log	data	8F1B758470EAFED2B9AF9810CEA166A9	639119702EEEA9BD0E8A6566E91B08C71D2BD062	0A3E9155D4B9D7053B22F9687E7B417DE4D957B557D34D4DBACF76FAA6B0E3C0
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT	data	D1CF29E5B99F840B3B8A987CB290F414	2EA3FEB47774EACEF2BD5549453483C613E898DC	2C9873673DBE504E4D6BB1985BE491047C98B51F41779E894493BBD19DEE97DB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG	BS image, Version 17610, Quantization 59316, (Decompresses to 60148 words)	920A3AD320EDB429F067B34C2B97F0B6	90BB1FD35AB3357F75A744C48A779FAAF2CA06A8	94B2BCC7FEC51833C9758A9063B16DC631BAA2385DB08BEA899DB55F74AB251D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old	data	0654F19F31FAD45E2A0356ED3FA74D80	D5BBD535FA2B5F6BC69E3A7118F94787DCC65AA3	49921E6C138379E0F04AC11147B7D0007F198C7E6EE77048B4A33539E763061A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001	data	2BD3BBCFFF0E9165AE36A5C164C9ED3B	CD45CD88769945D93B2FC2361CF981B5A559E6E2	9FDA55621DE0B8155B27171C087A50C075F7B774AD4759AF04EF23C8182EEB00
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\128.png	data	974E3D1AACA3B2D5EC3841F1A97A8E83	D6A21E7E8BE09D7ADF6987380B5A4357FEF155D0	38916153C1700041D9A2BB8B7F324AA2082F43CB806A86E506773EA960269893
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\af\messages.json	data	19520512F0365EF44B82B8C93F178FEF	F6176FB6845D2EFC90286093909FFB13AA2AF09D	0B3F3D912A3670242C5F6D36D89A2E01F902C2CC566AEB92913AC25A9FCB24F9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\am\messages.json	data	4546086CEC05E56A96D2CDB9C32296CD	A0A6609989402F20D07699B0EE320DEB2A8B102D	2E2322B5EDE89125E97718D93CF5F4ED45CFA6E50785F1D6058ABE7734837E63
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ar\messages.json	data	90C379BE312D58B164DB7565C50D099E	856D00436B3DC3B696825E22EFF1EFFE6E499CDD	23C3443DF136C224483F5BC884D4BA731811E62BE2DE97971C76A1C26C22F7A2
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\az\messages.json	data	9F4223B8FD28436EF493770B102C0FA2	CFF59DB5012478568333B04F8ADC49B44F4F5B2F	D6BA3EF3AF9C109DD6D42C68886974155FC5B2C9FE3B1AFCA9F87A2252B66AF6
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\be\messages.json	data	524997C0815E3DD38FC237DA6BA7B04F	889FC3B727EE0883C731D25A80DB8B2622804568	D7AD764F77FA72976443B8C278FE229107F055E2ACB00AAC645540515ECD08E6
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\bg\messages.json	data	48CB14CABE85A26B2DBBB943385B4BA2	07F0562109082AD830FDAB4E5F32B7AF6AB54B54	7067B14490E48D3FCC506F25EBDB4DE74DC5848A5697C090D8D905F19E0DACD5
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\bn\messages.json	data	D67DFEB774C912BB5265F30536F02116	288B43304112BD692E606E25240F9EA032A48E2C	A97812D36023B8C0DFF75EE22CC5CF0457618E3333255EB0B5CFA211407A10FF
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ca\messages.json	data	A58AE6A6C46BD4C37A45CF06B2FDA306	A15EFDFEE54C94075FE010F97729FFCD4D66DFCA	06D9D23C558D2CFFE411A4EEF9B4364F58FB54A47ABC8C921ABC31F2FD658A28
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\cs\messages.json	data	435274742EC629CB85C38FDB848C6182	CC5311DFF4E886B27C4E28822883E75767C44B74	2DAF38076380BF6EEB8257F51F79480BB831F08003924F398992D35756FBB82A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\cy\messages.json	data	1F809E09170B76209666BB6B277DF192	1B85AD4BEF0D1AD3B472BD4F13F2A4372E197499	50B8420F5E583F62B39B8FB6E369A72B6B083A5703DE5DC95A1DA607CFE94F77
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\da\messages.json	data	16EC05C30596BB90ACC34E15561C233F	49DDD3F3FCAEB80505B9D4A10630344EE6BF8122	431A928D4466D6ED51DFA9FCC8C21FBA263BBAAF674F66604DBA3850FE63A062
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\de\messages.json	data	06D46B8EE538BB70428DCF4E1C91D3A8	FCF06FC3FB2EB9328BA4B24459F1868312BB8B77	C8CC2241F64F8E6CEC9C6984F4C9574F8E7B41FD00E7A9EBE4CEA3B451AEB36B
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\el\messages.json	data	B80BC20673AA11923B0CEE0DC6C7B30D	916D9F93183D1191C345E40C3B368A3B04FA7B52	572D7DBEAE53AF95A2B51624D524A9B20CDD34DEF444524E69EA9F2B6C3FC327
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\en\messages.json	data	CD9698FC3FB2BE6F388C1A9514A9DDA4	F57A898D9D23F39F7A71290BD09A2DDFB3D1486C	A8B86202E749BA2A39B893D1A421BFC5DCCB74F2B753B66CE965ABA0DFD6313A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\en_GB\messages.json	data	E61768D1AA13B23BDFC2FC87537E7336	4F26403366EBFA9ACAE2C4CDBF6FB5C13EF044FF	F35D490E5CD5426DF7F406BCF7E8BDE97B051D3038F29CE55ED09337511B58A5
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\en_US\messages.json	data	0EB3F841297D06AF08F124001A6D04F6	340B41B2A1A32B837BEB4CAA30625AE83A2F5DEA	0A1770FD219459A24EA5A40234EAFEBE2B1599685E2A4C1CDEBFF4E53E1547B6
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\es\messages.json	data	ED3E0EBA18084EB616EEDE1D9A0054AB	EA6FE032DD0422E5BADA2A43241D51C8A732E0B7	154A7315B2F1628D38AC11F5B1CF9B4BD3215327C02AE2783C274E0F7CAC02AA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\es_419\messages.json	data	D5912562DF10C211E6852E9F0D748E93	2542CF2B7577C650E69D1F851631E5FE907E6165	7094B902EA7DF16A2D01EB7C75C349DAFCECFA6913319D6921EFD1E03E374E73
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\et\messages.json	data	F6B6190363E81B266F58AB53887ECD7B	2B7A57321A1D1AFE2817457F62388443E4D07518	D08B840D4DC189B58E8A6B465D26C378EABA760D2317D5656EB8537C0C80EDAF
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\eu\messages.json	data	CCCBB8B9721AE19D42686F72632A1198	BE1756A47086C334630120882F588F2D66D359DB	1F2ECC428DBB4B522D4F91A5714F3D04EBADCAFF9082565C2E2ECEC0D70CDED9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\fa\messages.json	data	0F9EA7095D5AD76DE756B248A7A34D81	2B6A34370CD6515672C4EB9FEF6CB233BC35BAB2	A6DF9CE4846DAFC90DE2C0AE00BE926280454B5BC8F5FE9E17EA6C3C1ECA6646
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\fi\messages.json	data	ADEC0037713F6094D320ABE2990B89CC	FFA3054B0EE447D5E23930DAAAD4F423B7207EFF	F1487665A141FBDB31961A810A78626888FD2886D695040FE25674378D912A2A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\fil\messages.json	data	EBF4BAD16EA0E532B6230A04883BDAA8	0B6BB80DFE6287BCF4ADAC41C6F6DAD68A2BBC9E	1D911B36270714D4266444A15DA380B553E0530212E7EF356208BD68FD51040F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\fr\messages.json	data	539BD85A361CFEB43B996B6E66A37911	9A5182D335944555497DC06363C2DBEDD68EF206	080913FC7E94BE8D64C9B3D18DC3AA4E5F861034590EF5647876F9090F8B3D7C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\fr_CA\messages.json	data	CDA8D0D954EED369BE26B1FDF95896DB	7C13B1176DE74BEA7E1501D3070EF3DC48CF9C12	79ECAEE461EE7ADD42B3FECD1495E8F260207F9E83DE2EFB4E2CC6CC6B964DE3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\gl\messages.json	data	081DB788E44C5398C16FC00F351A310B	4FC430AD3063BF23BB25AC69DD96857EAC998035	764425FEF44374639F990989375B2B144EB16470D353D4C9495C3A4250CE24FC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\gu\messages.json	data	D511E32909BAF967D1545A6821438949	BAF76F92A0A9EB3066148AA30E0D494F7E1DD988	7B06DDC08F58F101410612122FD050FD4CC303B0488DD88F2745B32F1039599E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\hi\messages.json	data	B5821834ABC982EEBDE7578A13B58FB2	1A3523F71253F17B56C7528905A31264558DD195	3015A4CDB60E25CD96A580260DDD4393915F28060DFC94E388EE2DD7A270EEA0
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\hr\messages.json	data	C4FEEACAC28160366CB9C507E4BE4D29	37CCFFDC00E9AE7F1ABCAD8D78B824938062EE6B	681C8AE492676A8A14E22163674CB3DEB165C274F58FC79678DC410FAD5731EE
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\hu\messages.json	data	1101ED69329D8D61542E2C8A17F5D747	FAA2E8008F8ECAB88922D44F67E928B05A623BA6	CB5700AFF90D451A8EDC54E48CED211AD1605622526318011033D02C788A6049
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\hy\messages.json	data	DB8F2EF963863FD12DD164DE0B4C8C3D	BD580128C3A29C78E94554E5C53FEC81DA7DA263	7719DC12CD23FE1384B8683B3AC75D5F3EA71A34740B0AF04CE35AC318FB9109
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\id\messages.json	data	B504B0A98B155DB27A6286432348040E	A2DF5DD9ABBE99F69B3DB6112DCE9D2567631F06	778FED3BDE1464AC80A50FC7A674678CEFA135E8B0341AD563C8C5FD0DBD7C7A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\is\messages.json	data	871E03BA69EBCCE459457659E16B49A0	F5DB37A5E7306B0CE3D18DBB21C39222F55C77BC	78352200554537766612AD517B2E0A5556A2357C1B70D43783E93440E3161EC4
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\it\messages.json	data	4F0664F194DA7EF3610BD839197DD2AD	E527C58B90C1388C35A8EFF6AC1264D21E71CA64	F4CF0A3A0D1D324BAA9B7ECD47867917DC1E7A8527A6E7D958A614D87A750904
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\iw\messages.json	data	C41A9F0CD99241710B3E3BDC28118CB0	A0315DBDCE7A31E7E834A6CAC39248DBC6CA4390	F368A7BDB2175D9225A1EF19EA39F6FA0DE5DCB4D27FA2A52F52DE74187B1E54
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ja\messages.json	data	BF35DEE366DAE8D739E224131555AE78	E8AB0D917F34C20CA1B979A7C9DEC687C0B653CF	25601F8E690DF85BFBD3776CD1BB367ADD9B7C42F5E14BFDA1B1231DE5AB9FE5
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ka\messages.json	data	D2745318AD2FC98795E0D2A1B394E643	7A732AEA01006EFC98D016F00C0705AE28F91428	402C9EE142DACAD28A42FE0B3D9F1AFF5BB18E1D3B69FEB8EB179DA0C5FD11F3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\kk\messages.json	data	D68DCD136FC4B1F8783402CC4BA4F8B7	7FC0EC24379798850BBE67B24E76CF50D604D65E	A7115FF2217EBBDE9782C99F01D409672EE0484AF4B9222CE57E8C5DA40327F5
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\km\messages.json	data	4028BE6836A573A3C7EA69B83310DEB4	E1E622A75C2AE0BA8BD12BBA4FF3E86B6287C007	3FB7F59764709C00BC792A4EB1FC737E0291A72DBB43D157E645B39E8BB54B96
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\kn\messages.json	data	6830F16C96EDABF0F71A9C0D581CDFD0	5C50BAD36FDACFA18EDC3987F813D8156333FB0D	9EF47859FBBF9A2E85734E2AF2A784813283FFC23194B2C4FDEF59184F4FD708
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ko\messages.json	data	A3402C343F74CC1CBC631134F464256D	1BC3CAD8D04B091447C4E57515F9D2630B789411	F6D1C87457917C192B9E5ED0ABFF5387E00C665D506C36C88DC60F1FD1DA3558
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\lo\messages.json	data	D07EEB39514125CD5581E851C53A8279	4827A43FA8EC78BD360EE3A207680ABD5C759FD3	F150026AB773FCDD0831CFFCB0B23BD7648C27E5C82845E2927535C199A90C77
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\lt\messages.json	data	5B768613226B8ACACA322B64175FF1A7	025DFB3F26DBF2453E0658AA62A587B5C752CB09	682EB4FA2EF9D306F2F19830208C303B19CA107A8D86135D186A220CDB83A306
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\lv\messages.json	data	452F28ADCE412185ED8753DE2C74D4CE	92922EE14068EB0406983D88090E0A988F4ECA40	11FEC385AC6C2F99F56747B21A5C424687A6023A0DE79A9D3C4FA625EF89753E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ml\messages.json	data	11728CA46C3E2911D4DC11B118DC2215	63036BF4C151B5D1E2D439EACE6D78B3A73F9C55	27F24D2CC5AD6BDF2A61FCF7CF653251874C2E2D92109565E032C6A5D52509B9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\mn\messages.json	data	0160B1BD6C6A2F55D814E7F3F951D9FE	402A0A5351583F533E6E823F6BD9D395177275C8	9C526060342400CBBEE656CD7D03784B0EB9030177298C050674BE11F89952AF
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\mr\messages.json	data	4EA616F8150D99E80BB06463BC607FE8	D294C73402B3EEC0B5E47C541F6C22B8CE28F037	58BDB61C3BCFFF56C26FC2D620204D18C26365165FE83325D94FA98B44C6BF4B
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ms\messages.json	data	2A12CC48E5C674431DF6AB531FFE17DE	8D1A4CCA768B30B3B479C5E92AE4747C28E92D89	B2C9561EF73F3FA178522EA79EFFC0F7EBF9DC1B2C731EF04A3C69F388A57FD0
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\my\messages.json	data	659D3FD8E060A0D3BBAB5768A49EFAC9	033FD7BCC86A5A080C64F8EBA6CA332E26B6C3DD	7DE705C75EB2E8EA2E3BBC2CEE3016D0ECBE098EDB70AFA97A2C138AEE65B143
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ne\messages.json	data	DB2F60350FE49CB1AB94623641156353	72EFD7A0D3921D9E88E5203A3AD80D6DDF70C714	0689CDCA5CD823485A4FB4200F1DD40145ACD7069C134A3E43A51DE934FDACCA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\nl\messages.json	data	F9F41B1174FF37BC29DAF44CF4F2868F	D6EE77F79B9B4BF11D7AF8D6B66DFDE1298525EF	9CE75D5EECD633039B6C2CCA2FADB86CE0C3EE9CA0558578676E43A75BB9577B
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\no\messages.json	data	F762EFFD9BE974ECE4FC4A6C3A752F0F	696A60E36EAE7C6B9FB727E522F4F9B1C85DAD16	13163DBE6FD425564926525403B34D89A4ABD5C6B72C876DFAA7970441584920
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\pa\messages.json	data	AD94B1BEE18A6E011299624825B53766	3CCF777BC1D4ADEB6921A3763C9D0B80A06409AD	8F58697288BC90831AA1FD632F5CDA1D57A261EDD6BB1D7D814E8789E45821BA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\pl\messages.json	data	007BE72560E3715A894F719E690ACF79	419CF57E656F68B0BB8D77AA079E556D15D4480F	DAFC2F442D00305FDFD4608E79EC5E1FEBA005BE713223A44DA3709AAE893E68
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\pt_BR\messages.json	PGP\011Secret Sub-key -	CE2769025F107FBFA33478E21B4A84FD	C0F705D50C5DF4054CD933F3889ECFC48AA7BEF5	FABD57222B0E8937EA18BDB12D10CFD541C600FF2D63C432A6C7E54A900E5A00
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\pt_PT\messages.json	data	E56D495F1FF16AAA74147770205E9A02	6555111FDA0C154F77ADF81611D2848492E98341	2FC8AFC0FA92C552A0CBCD1FF02B9970F6520E1F7330FBA072CD3963DEEC5D6A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ro\messages.json	data	52A43048A4EFD22DC0A98B91878B29CE	7E499A2B918ED3B6E4C968FBAE369A3E07052A94	D6DC3B6ECE38630A1365E53F72E8070C564B8A583B892A765E4EB0DA079FFBC8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ru\messages.json	data	838CC1E520D6663FA8D9711C114DD0FA	5B27BA8446AA7594212611E0A1AAD96AE13FA54D	6FF460B86BC36F9C38BC19DB954B7A78965F951A024D4223C15F699A87D4934E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\si\messages.json	PGP\011Secret Sub-key -	CC85E4C93B96DB7B1FB1277D9FC7F27A	7A178FBF94F42A4BECA33AA98AD7BDF28979EAFF	30D5D36AB027017A47AADCC314527541174E44D33B514E5FA200E32959F039F4
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\sk\messages.json	data	977213D9940F2B1969E0E031A33B7D07	43E4E2F68C31954F63C6A83826963EA7AA2A9AE2	4BF53BDDEC4FDB5E1F4925307A355EA7D305F6D9D5C2321759B5736A09B134CA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\sl\messages.json	data	AD30A384BAC9C2E2F50DE16328EC4E0A	94FAF9F4A411F3281346E0F8B7CB13AA52FCBF94	64910F9FE10835BC1F2AF640CC77987A5E9AED8C35D7BDD309E9C20D6722ED19
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\sr\messages.json	data	5ED39A8F554BB0AEB9D9A447AE41E5B3	12ED540E1234BD7E2BFE6E409DA8298A548DF504	C75AED28335AD2670122F7DE33F6EC2D198BFF83075FEFF599D897656241C886
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\sv\messages.json	data	BCCD4EBCBC20C98CE604C24A65FD6E1D	0C8DAF21C7C255D2F956C30165DA6337EA36D3DB	DC2EB83D8E324D9DAB4E637F92CA72C4C9A307BB15D8DDABD28ED7D57B210600
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\sw\messages.json	data	DF396E0F2E443763E0F02351A68B8D4A	DED3BCC362801180624C6A095EA0FA79E993534F	D20590F7CB1919FD48087651E2B0638F3C2686CDD219D60D163D1E3B26031FA4
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ta\messages.json	data	DEF34689504CD28D7165E5D3FC965C9E	8FB274F831EFB322779690AEDFC8E640DE10B0A1	F9654477685ADD916EEABF28F7B33D272036C7032AF705B3375850C55575C960
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\te\messages.json	data	737C8BAF2D9477A9055B478C4B10C557	395154D4D397FF3CF2FA2895AA1FF64DFC0FBEF7	28C7776BFCE024A513812AC5D8DB0672E60E7B797A88E7F8316FFC609E97D0C7
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\th\messages.json	data	33C7D614963C0DCDB6E3158ED4A8EBCC	0729ABD0F4ADE9E9FBC1DA101CE4D48DAC2236DD	4DCCE215D06A0B9974C3F87D6A37C7E7DD0022101D56882EC628AE9EFC29F1D7
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\tr\messages.json	data	B2B40155E9833CD2E04C5710563FE6A8	0D6E77A7B26392B85F3CA12258624657AD5EA26A	0402B6BCE1093E2A76EFF1EAC599384B34F84240EC89BF28C7D1C38A47D33BC8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\uk\messages.json	data	F5C6DEAE7F5A7211A0B201A4BA07165B	9EE6D7BAB2F77062A0DD64FBDF38414E8E9BDAE0	2CE88A266B6E11AFC6F7125DCC9D5B68C66FE798BB1F0ED3CCFC0CF4EEB22994
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\ur\messages.json	data	6CE10D523ABB3F4A994C694FCBA662D3	88910D76C448C06FDC4375A9DDE0D01DFAC9AC86	7F6F9104BCD337856889203C2E4F241F26A14B7A511E4014394D79F61E2CE099
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\vi\messages.json	data	8CF60CD2CCCAA61D4ECDC0CD3481A89C	9E5C2312D8A88693DFA72E27136D849D8BE53176	899B4DE99DA1F484EEFB15F7E638559D93649EF7EED0B5444E5FC1C4EB72750F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\zh_CN\messages.json	data	C5DAE7EB7B94558CD9238707CEA1FF2C	F374E66A11AD76998A2B50189A68485F2629322C	DE044AF3BBABBA35245BD2D0DD4CD11D577B42ED0B2119A2B12DD00435A03A96
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\zh_HK\messages.json	data	A946C55B16CE9637AE7D7D86C0FB4072	998EAE275D9B461D1452E318075BE84031C4A7A8	9CFAAA1DFAB472C9BBA48967D4CA85076FF1B33645987AFBCD4616EE535B3F3C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\zh_TW\messages.json	data	39ED890C0D663FD16796E9CBE2E93FE7	50A5C2FE4C3AA311F99CFE590324E5FC4FE4C66C	F86BB1EB84C7EE9B97F06FEA636A79BAD054C95852C1CBEF9B176452D012A2F6
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_locales\zu\messages.json	data	5F4E5DF166543DAAD4EBEE6C53292D07	A189361CFD4E09285F6BC7525E1D5947586D6420	C2715A82F7DE2B507ABBA083B8113028B3AB8909C9DD1305214F808CA8DF7B97
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_metadata\computed_hashes.json	data	A21D9341B951AACEB1828CCBC3CFAE79	99CD917D18C19D1A70C7671B8D33048F01B5D982	CD67AF2E47F9E6D28640096A41B41970E5289CAF5A7ABEB21E671D77A30900DB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\_metadata\verified_contents.json	data	DC5AE393548BAA3E476B7F03056577FA	9FA401311880769469749ADF4BC2C351A2358954	03A996F8AD9E1A843F859B65F790CE4A8121553CF4228C26484A0DF219306035
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\dasherSettingSchema.json	data	8C52FE9B3C2CB1F1133DA35AABE3E4E3	3C960098BB6057BFF72342B88BCED602A8D89153	B8920D3090351EE889E176DCE4581D4B0806016C52FAD8EAAC9AF515BF149A1E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\eventpage_bin_prod.js	data	9CAE7742980FB39EDE675EDE438F2FB7	82A808402A886CEF8A65132721A077A1B9A104FE	ED992112E9933282BA6D8397D415A537A6E9677A187BAC6C9E59296B9244C4D9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\manifest.json	data	D420564A9A2A80EFB53FA81E1E278816	A63413812072C46873B87E8B21B3153A0C912BE7	EC6920BF72D01047AD51F367BC9295742D29FF0748C83CE3534CF4B558DF583C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.14.0_0\page_embed_script.js	data	AAE08AF6AFC76BD5CB5BC4A71218FD5C	383B4189B3E5C64F23E1D11B7368205581C25323	EAF2654B2DA1793DCED0502C8F1ED59660E13A0A454651F362881BE460CAB073
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\craw_background.js	data	5A3B814FE6962A2028C1D26A50340EAA	4A33371D8C1CB656732699591712E25D97C4161C	10D3E0257D2FC1DD6FA7DDEBC1BF194E03CE1AE49A62AAD2A8B8525216484721
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\craw_window.js	data	91E55FDCFAEC2CB598DC7111A5FB2442	9B1609BCAF1186AE015C3238133D2B8237BBEEC7	4E94E77D5C9F319BD371A03F7FC892EBC58B154E163AB1BB2B5D47E98D6001F3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\craw_window.css	data	CE7038D932DB3C697B70515FBFCB1AEC	9F471B3B8F422FE75FCD5E300F231828938F8EEC	FCDD58F32B7468712631FBA0FF76C0DBDE25E7676F51DE41CD833B48A13DD22A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\craw_window.html	data	C7F2B9E20959BB9A90C063C1EC0BFA64	E716FD53F6F94968538DA85DFE40FF86CBAB8E21	8B7F00C8DDEA1CD3ABFB5E7C634BC74B63BA74D5BB4957806817C0F9FC5891F7
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\flapper.gif	data	E245D1BD71556BAB7F7119A21F7C3DDC	38ACA64B99B4DB9F3A05A9E31814477F816C3C78	0CF4980DE0A6103F9CDEAC7B0C95FBF8D019A7C8A3B683C529BBC2ACD6648EAD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\icon_128.png	data	2416298AE56883F6B2141B080EAC9E34	C4823F3BB4A4BE7968A030434F4D32513C2FD3B7	618249DBCF8DA2EF74525222147FB7481B384C62464FFC0EE95965B766D3FA77
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\icon_16.png	data	AA9F691905003201687874A8492896F2	14F9B20C5709317E8C8D81FC2EE588264184201A	137C615F98119490B4B02E3FD7FCA2A99FF8A9A1A7BA79764923B43A4B9B1DFD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT	data	53B8E6BF7BB334A72640727DD1C5EC7C	70539BB56917D813EAEBB750CFAD02ACC340E52D	0EF13C12C41D6559FD2E4C594C79522EF6D4A1C2CE2B10E41D7E57E1D625AB1F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG	data	065366C78F0A253118149148BF795119	107930403692FF970ABB16C22FC98B9034BD3C3F	CEA22164186F1E4924F9C6D0031950E150B5826D2DCE9B4CE2E3B5DD386F85A1
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old	data	6E53D0863E4A399BAAA3E6F3B1DBEA3F	92AF133189D560077795C9020DF8FF14DB70EAA8	87A9E3787C749FB4558B05FB7CE6E12541FFA1E9FFE4101FAAE4071D3AFAB670
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000008	data	43B6F4A6F900B696A4603E265900B380	B08472CDF3136D965EC3C4C76625159579AE6688	1C963445BCBD1C16C80C56EFCBE6A713E2436F63F567DAF6F82AFBDD37E3DE63
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db	data	59F38B3EA6DED3674A3594AA7D61B404	DEA174AEFF899957DF444A739E0ECD7A38D0DD0C	623F8B1AEE08CB98AEFBD8106BED2D1972EB8ED94DFE4CEEC82896B8F3ABEB66
C:\bootTel.dat	data	D5110A91B570CA40BD734DA1AD9CD83E	BDA60DBBC86779428B128BAFB84095C42DDF4D98	85B68E121DF5073D5819A4660A7C4D56C1D17DEE5DAC2E2161A09E125B60B113
C:\bootTel.dat.PLAY (copy)	data	D5110A91B570CA40BD734DA1AD9CD83E	BDA60DBBC86779428B128BAFB84095C42DDF4D98	85B68E121DF5073D5819A4660A7C4D56C1D17DEE5DAC2E2161A09E125B60B113

ID:	695797
Product:	CloudBasic
Start time:	23:17:24
Start date:	01.09.2022
Sample:	PLAY.mal_.exe
Cookbook:	default.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	223eff1610b432a1f1aa06c60bd7b9a6
SHA1:	14177730443c65aefeeda3162b324fdedf9cf9e0
SHA256:	006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report
PLAY.mal_.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Key, Mouse, Clipboard, Microphone and Screen Capturing

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Windows Analysis Report PLAY.mal_.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Key, Mouse, Clipboard, Microphone and Screen Capturing

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Windows Analysis Report
PLAY.mal_.exe