Malware Analysis Report

2025-01-18 04:44

Sample ID 230615-p2sm9sha28
Target expressvpn_windows_12.38.0.60_release.exe
SHA256 6569fcc8ecc5e6dbc85dd0ebca9d248454446a7f6ff806c34c598303fc989060
Tags
revengerat discovery evasion persistence spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6569fcc8ecc5e6dbc85dd0ebca9d248454446a7f6ff806c34c598303fc989060

Threat Level: Known bad

The file expressvpn_windows_12.38.0.60_release.exe was found to be: Known bad.

Malicious Activity Summary

revengerat discovery evasion persistence spyware stealer trojan

RevengeRAT

RevengeRat Executable

Blocklisted process makes network request

Drops file in Drivers directory

Downloads MZ/PE file

Sets file execution options in registry

Reads user/profile data of web browsers

Drops desktop.ini file(s)

Checks whether UAC is enabled

Adds Run key to start application

Enumerates connected drives

Checks computer location settings

Suspicious use of NtCreateThreadExHideFromDebugger

Drops file in System32 directory

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Program Files directory

Loads dropped DLL

Checks system information in the registry

Checks installed software on the system

Registers COM server for autorun

Executes dropped EXE

Drops file in Windows directory

Enumerates physical storage devices

Program crash

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Suspicious behavior: LoadsDriver

Checks SCSI registry key(s)

Suspicious use of AdjustPrivilegeToken

Suspicious use of UnmapMainImage

Suspicious use of WriteProcessMemory

Uses Volume Shadow Copy service COM API

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Enumerates system info in registry

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-06-15 12:50

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-06-15 12:49

Reported

2023-06-15 13:09

Platform

win10v2004-20230220-en

Max time kernel

1052s

Max time network

1057s

Command Line

"C:\Users\Admin\AppData\Local\Temp\expressvpn_windows_12.38.0.60_release.exe"

Signatures

RevengeRAT

trojan revengerat

RevengeRat Executable

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\drivers\SETB60C.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\drivers\SETB60C.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\drivers\expressvpn-tun.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\drivers\SETC3C8.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\drivers\SETC3C8.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\drivers\tapexpressvpn.sys C:\Windows\system32\DrvInst.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe C:\Program Files (x86)\Microsoft\Temp\EUC593.tmp\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Microsoft\Temp\EUC593.tmp\MicrosoftEdgeUpdate.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.be\ExpressVPN_12.38.0.60.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ExpressVPNNotificationService = "\"C:\\Program Files (x86)\\ExpressVPN\\expressvpn-ui\\ExpressVPNNotificationServiceStarter.exe\"" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d} = "\"C:\\ProgramData\\Package Cache\\{ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d}\\VC_redist.x64.exe\" /burn.runonce" C:\Windows\Temp\{7BCBD610-83F9-4224-A570-BD5524A1001E}\.be\VC_redist.x64.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C0E992C-238C-46B5-BA57-73D87F17DB65}\EDGEMITMP_CCA90.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{8e563438-c5e3-4ece-98b6-53dcb8e954c2} = "\"C:\\ProgramData\\Package Cache\\{8e563438-c5e3-4ece-98b6-53dcb8e954c2}\\ExpressVPN_12.38.0.60.exe\" /burn.runonce" C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.be\ExpressVPN_12.38.0.60.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\vcredist_x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6} = "\"C:\\ProgramData\\Package Cache\\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\\vcredist_x64.exe\" /burn.runonce" C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\vcredist_x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce C:\Windows\Temp\{7BCBD610-83F9-4224-A570-BD5524A1001E}\.be\VC_redist.x64.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerLauncher.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini C:\Windows\system32\svchost.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
File opened (read-only) \??\S: C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
File opened (read-only) \??\G: C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
File opened (read-only) \??\K: C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
File opened (read-only) \??\Z: C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
File opened (read-only) \??\L: C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
File opened (read-only) \??\R: C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
File opened (read-only) \??\O: C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
File opened (read-only) \??\V: C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
File opened (read-only) \??\W: C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
File opened (read-only) \??\Y: C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
File opened (read-only) \??\U: C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Windows\system32\msiexec.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Windows\Temp\{3F2F9BF6-7239-4224-BBE0-9DA42F7940D2}\.cr\windowsdesktop-runtime-6.0.5-win-x64.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\rundll32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Windows\Temp\{1E766296-47EB-4DC7-A810-AD9092F6E0F3}\.cr\VC_redist.x64.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\MinecraftInstaller.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Program Files\Feather Launcher\Feather Launcher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Program Files\Feather Launcher\Feather Launcher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Microsoft\Temp\EUC593.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerLauncher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation C:\Program Files\Feather Launcher\Feather Launcher.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\DriverStore\Temp\{bc5ff136-34b3-3d4d-ba91-52bfacd2a1ca}\SETB32E.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\gameconfighelper.dll C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{225121c3-8708-ec47-8d38-5b025bfa099e}\SET909A.tmp C:\Windows\system32\reg.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_7d40425feb31ec57\gameflt.sys C:\Windows\system32\reg.exe N/A
File created C:\Windows\system32\concrt140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\gamingservicesproxy.dll C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\reg.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{8c550c1f-a539-ab4e-a20a-01674f20ffde}\oemvista.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{b1a0db9d-69f9-9444-8c6b-186ee7cd918f}\SET8C56.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\mfc140deu.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140ita.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140jpn.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140kor.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140cht.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{8c550c1f-a539-ab4e-a20a-01674f20ffde}\SETC1D6.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\msvcp140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140ita.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140rus.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\gamingtcuihelpers.dll C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\expressvpn-tun.inf_amd64_037ca5e9d7c24541\expressvpn-tun.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{bc5ff136-34b3-3d4d-ba91-52bfacd2a1ca} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_7d40425feb31ec57 C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\vcruntime140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140u.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{7cf22a8a-0691-7844-8f92-1951d7585c05} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_7d40425feb31ec57\gameflt.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_7d40425feb31ec57\gameflt.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{b1a0db9d-69f9-9444-8c6b-186ee7cd918f}\xvdd.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\mfc140chs.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfcm140u.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\gameplatformservices.dll C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\xvdd.inf_amd64_45f35b192221e9ae\xvdd.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{b1a0db9d-69f9-9444-8c6b-186ee7cd918f} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\msvcp140_1.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{bc5ff136-34b3-3d4d-ba91-52bfacd2a1ca}\SETB35F.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\gamelaunchhelper.dll C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{7cf22a8a-0691-7844-8f92-1951d7585c05}\SETCA53.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{7cf22a8a-0691-7844-8f92-1951d7585c05}\SETCA64.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{8c550c1f-a539-ab4e-a20a-01674f20ffde}\tapexpressvpn.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\gamingservicesproxy.dll C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{225121c3-8708-ec47-8d38-5b025bfa099e}\gameflt.sys C:\Windows\system32\reg.exe N/A
File opened for modification C:\Windows\system32\mfc140enu.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{bc5ff136-34b3-3d4d-ba91-52bfacd2a1ca}\SETB32E.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_a2734a096bf19b1e\tapexpressvpn.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\xgameruntime.dll C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{225121c3-8708-ec47-8d38-5b025bfa099e}\gameflt.inf C:\Windows\system32\reg.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_7d40425feb31ec57\gameflt.sys C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{225121c3-8708-ec47-8d38-5b025bfa099e}\SET909C.tmp C:\Windows\system32\reg.exe N/A
File created C:\Windows\system32\msvcp140_atomic_wait.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{8c550c1f-a539-ab4e-a20a-01674f20ffde}\SETC1D5.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\GameInputRedist.dll C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{b1a0db9d-69f9-9444-8c6b-186ee7cd918f}\xvdd.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\vcamp140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\msvcp140_1.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{b1a0db9d-69f9-9444-8c6b-186ee7cd918f}\SET8C56.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\vccorlib140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140fra.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_7d40425feb31ec57 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\expressvpn-tun.inf_amd64_037ca5e9d7c24541\expressvpn-tun.cat C:\Windows\system32\DrvInst.exe N/A

Suspicious use of NtCreateThreadExHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\Temp\EUC593.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\Temp\EUC593.tmp\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\R15Migrator\Icon_Reverted.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\StudioSharedUI\statusWarning.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\114.0.1823.43\Locales\lb.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C0E992C-238C-46B5-BA57-73D87F17DB65}\EDGEMITMP_CCA90.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\114.0.1823.43\Locales\sr-Latn-RS.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C0E992C-238C-46B5-BA57-73D87F17DB65}\EDGEMITMP_CCA90.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\Controls\[email protected] C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\114.0.1823.43\Trust Protection Lists\Mu\Entities C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C0E992C-238C-46B5-BA57-73D87F17DB65}\EDGEMITMP_CCA90.tmp\setup.exe N/A
File created C:\Program Files (x86)\ExpressVPN\expressvpn-ui\System.Buffers.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\avatar\scripts\humanoidWalkFamilyWithDiagonals.rbxm C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\LayeredClothingEditor\WorkspaceIcons\Center Camera to Mannequin.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\TopRoundedRect8px.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Microsoft GameInput\x64\gameinputredist.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\common\[email protected] C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\PlayerList\[email protected] C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected] C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\InspectMenu\[email protected] C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\LegacyRbxGui\popup_warnTriangle.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\PlatformContent\pc\textures\sky\indoor512_bk.tex C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\VoiceChat\SpeakerNew\[email protected] C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\ExtraContent\textures\ui\LuaApp\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\ExtraContent\textures\ui\LuaApp\icons\[email protected] C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.5\fr\PresentationUI.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\AvatarImporter\icon_error.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\Controls\[email protected] C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\VoiceChat\MicDark\Unmuted60.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\[email protected] C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\Lobby\Buttons\nine_slice_button.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\sky\clouds-bc4.dds C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\AvatarEditorImages\Sliders\body-type-slider-background.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\DeveloperFramework\button_arrow_down.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\StudioToolbox\AssetConfig\marketplace.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.5\PresentationFramework.Classic.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ExpressVPN\splittunnel\install\expressvpndriverinstaller.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\ExtraContent\textures\ui\LuaChat\9-slice\[email protected] C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files\Feather Launcher\libEGL.dll C:\Users\Admin\Downloads\Feather Launcher Setup 1.5.5.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\AnimationEditor\rigbuilder_blue.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\Controls\return.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EUC593.tmp\msedgeupdateres_sr-Latn-RS.dll C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\114.0.1823.43\identity_proxy\beta.identity_helper.exe.manifest C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C0E992C-238C-46B5-BA57-73D87F17DB65}\EDGEMITMP_CCA90.tmp\setup.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.5\ja\UIAutomationClient.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\UnlockCursor.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\Slider-BKG-Right-Cap.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\ExtraContent\textures\ui\LuaApp\dropdown\gr-tip-up.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\fonts\families\Montserrat.json C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\AnimationEditor\Checkmark.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\StudioToolbox\AudioMusic.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\ExtraContent\textures\ui\InGameMenu\game_tiles_background.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files\Feather Launcher\locales\cs.pak C:\Users\Admin\Downloads\Feather Launcher Setup 1.5.5.exe N/A
File created C:\Program Files\Feather Launcher\locales\zh-TW.pak C:\Users\Admin\Downloads\Feather Launcher Setup 1.5.5.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\avatar\scripts\humanoidAnimateR15MoodsGrounding.rbxm C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\fonts\ComicNeue-Angular-Bold.ttf C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.43\Locales\sq.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C0E992C-238C-46B5-BA57-73D87F17DB65}\EDGEMITMP_CCA90.tmp\setup.exe N/A
File created C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Assets\en-US\150x150Logo.scale-100.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.deps.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\StudioToolbox\ScrollBarBottom.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\Emotes\TenFoot\[email protected] C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_3x_4.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.43\Locales\lv.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C0E992C-238C-46B5-BA57-73D87F17DB65}\EDGEMITMP_CCA90.tmp\setup.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.5\System.IO.Compression.FileSystem.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\TagEditor\VisibilityOffLightTheme.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\TerrainTools\radio_button_bullet_dark.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\Slider-Fill-Center.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeCore\114.0.1823.43\Locales\qu.pak C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C0E992C-238C-46B5-BA57-73D87F17DB65}\EDGEMITMP_CCA90.tmp\setup.exe N/A
File created C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\AnimationEditor\button_hierarchy_opened.png C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI6D63.tmp-\System.Security.AccessControl.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSI3D72.tmp-\Grpc.Core.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI3D72.tmp-\Microsoft.Extensions.Options.ConfigurationExtensions.dll C:\Windows\SysWOW64\rundll32.exe N/A
File created C:\Windows\Installer\{E5B9C3E5-889C-4F22-A959-F4B8982D786D}\app_icon.ico C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI4A26.tmp-\System.Threading.Tasks.Extensions.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI3D72.tmp-\Google.Protobuf.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI45C0.tmp-\LaunchDarkly.JsonStream.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI7544.tmp-\Sentry.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI6D63.tmp-\ExpressVpn.Client.Setup.CustomActions.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI7544.tmp-\Microsoft.Extensions.Logging.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI17D5.tmp-\System.Security.AccessControl.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI3D72.tmp-\Microsoft.Extensions.Primitives.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI4A26.tmp-\System.IO.FileSystem.AccessControl.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI4C98.tmp-\LaunchDarkly.EventSource.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI513C.tmp-\ExpressVpn.Client.Setup.Shared.dll C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\Installer\MSI6A36.tmp-\System.Buffers.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI6D63.tmp-\Microsoft.Extensions.FileProviders.Physical.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI7544.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI513C.tmp-\System.Security.Principal.Windows.dll C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\Installer\MSI6A36.tmp-\MissingLinq.Linq2Management.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI17D5.tmp-\LaunchDarkly.InternalSdk.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI4C98.tmp-\WixSharp.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\inf\oem6.pnf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSI513C.tmp-\Microsoft.Extensions.Logging.Abstractions.dll C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\Installer\MSI56BC.tmp-\System.Security.Principal.Windows.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI6A36.tmp-\ExpressVpn.Client.Setup.CustomActions.pdb C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI6A36.tmp-\Microsoft.Extensions.FileProviders.Abstractions.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI6D63.tmp-\ExpressVpn.Common.Logging.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI3D72.tmp-\ExpressVpn.Client.Setup.Shared.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI3D72.tmp-\ExpressVpn.Common.Logging.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI45C0.tmp-\System.Reactive.Interfaces.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI513C.tmp-\log4net.dll C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\Installer\MSI6D63.tmp-\System.Text.Encodings.Web.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3D72.tmp-\BootstrapperCore.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI5F48.tmp-\Microsoft.Extensions.Configuration.Abstractions.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI5F48.tmp-\System.Collections.Immutable.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI6A36.tmp-\LaunchDarkly.InternalSdk.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI7544.tmp-\System.Threading.Tasks.Extensions.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI4A26.tmp-\LaunchDarkly.JsonStream.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI4C98.tmp-\Microsoft.Extensions.FileSystemGlobbing.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI4C98.tmp-\System.Memory.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI56BC.tmp-\LaunchDarkly.ClientSdk.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI4A26.tmp-\MissingLinq.Linq2Management.dll C:\Windows\SysWOW64\rundll32.exe N/A
File created C:\Windows\Installer\e57a075.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI45C0.tmp-\LaunchDarkly.CommonSdk.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI45C0.tmp-\Microsoft.Extensions.Logging.Configuration.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI4A26.tmp-\Google.Protobuf.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI17D5.tmp-\WixSharp.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI3D72.tmp-\System.ValueTuple.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI6D63.tmp-\Microsoft.Bcl.AsyncInterfaces.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI7544.tmp-\Microsoft.Extensions.Configuration.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI17D5.tmp-\System.IO.FileSystem.AccessControl.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI6A36.tmp-\ExpressVPN.Common.Shared.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI4C98.tmp-\Microsoft.Extensions.Configuration.Binder.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI3D72.tmp-\System.Reactive.Linq.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSIAF9A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI17D5.tmp-\System.Security.Principal.Windows.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI5F48.tmp-\Microsoft.Extensions.Configuration.Json.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI45C0.tmp-\System.Runtime.CompilerServices.Unsafe.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI56BC.tmp-\Microsoft.Extensions.Logging.Configuration.dll C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI6D63.tmp-\CustomAction.config C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\Installer\MSI4C98.tmp-\Microsoft.Extensions.DependencyInjection.Abstractions.dll C:\Windows\SysWOW64\rundll32.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe N/A
N/A N/A C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.be\ExpressVPN_12.38.0.60.exe N/A
N/A N/A C:\ProgramData\Package Cache\B5B1819CCA753B070181F50411375B80412860A3\windowsdesktop-runtime-6.0.5-win-x64.exe N/A
N/A N/A C:\Windows\Temp\{3F2F9BF6-7239-4224-BBE0-9DA42F7940D2}\.cr\windowsdesktop-runtime-6.0.5-win-x64.exe N/A
N/A N/A C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.Installer.Exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\lightway.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN-Installer.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\wintun\tapinstall\tapinstall.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\wintun\tapinstall\tapinstall.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\splittunnel\install\expressvpndriverinstaller.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\splittunnel\install\expressvpndriverinstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\MinecraftInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe N/A
N/A N/A C:\Users\Admin\Downloads\Feather Launcher Setup 1.5.5.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\vcredist_x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\vcredist_x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\VC_redist.x64.exe N/A
N/A N/A C:\Windows\Temp\{1E766296-47EB-4DC7-A810-AD9092F6E0F3}\.cr\VC_redist.x64.exe N/A
N/A N/A C:\Windows\Temp\{7BCBD610-83F9-4224-A570-BD5524A1001E}\.be\VC_redist.x64.exe N/A
N/A N/A C:\Program Files\Feather Launcher\Feather Launcher.exe N/A
N/A N/A C:\Program Files\Feather Launcher\Feather Launcher.exe N/A
N/A N/A C:\Program Files\Feather Launcher\Feather Launcher.exe N/A
N/A N/A C:\Program Files\Feather Launcher\Feather Launcher.exe N/A
N/A N/A C:\Program Files\Feather Launcher\Feather Launcher.exe N/A
N/A N/A C:\Program Files\Feather Launcher\Feather Launcher.exe N/A
N/A N/A C:\Program Files\Feather Launcher\Feather Launcher.exe N/A
N/A N/A C:\Program Files\Feather Launcher\Feather Launcher.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Temp\EUC593.tmp\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C0E992C-238C-46B5-BA57-73D87F17DB65}\MicrosoftEdge_X64_114.0.1823.43.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C0E992C-238C-46B5-BA57-73D87F17DB65}\EDGEMITMP_CCA90.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerLauncher.exe N/A
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe N/A
N/A N/A C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe N/A
N/A N/A C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe N/A
N/A N/A C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe N/A
N/A N/A C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe N/A
N/A N/A C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe N/A
N/A N/A C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe N/A
N/A N/A C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe N/A
N/A N/A C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe N/A
N/A N/A C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe N/A
N/A N/A C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe N/A
N/A N/A C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe N/A
N/A N/A C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe N/A
N/A N/A C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe N/A
N/A N/A C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe N/A
N/A N/A C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe N/A
N/A N/A C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe N/A
N/A N/A C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe N/A
N/A N/A C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe N/A
N/A N/A C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe N/A
N/A N/A C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe N/A
N/A N/A C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe N/A
N/A N/A C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe N/A
N/A N/A C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe N/A
N/A N/A C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe N/A
N/A N/A C:\Windows\Temp\{3F2F9BF6-7239-4224-BBE0-9DA42F7940D2}\.cr\windowsdesktop-runtime-6.0.5-win-x64.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{4eb799a7-3ca3-4f32-b247-62b1a8899a9f}\LocalServer32 C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FBA5170-10C4-4185-89E3-2D8389223563}\InProcServer32\ = "C:\\Program Files\\WindowsApps\\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\\InstallServicePlugin.dll" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{25209EC2-1BAD-45AB-AC18-42396DF52294}\InProcServer32\ThreadingModel = "Both" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{25209EC2-1BAD-45AB-AC18-42396DF52294}\InProcServer32 C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{25209EC2-1BAD-45AB-AC18-42396DF52294}\InProcServer32\ThreadingModel = "Both" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{25209EC2-1BAD-45AB-AC18-42396DF52294}\InProcServer32 C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FBA5170-10C4-4185-89E3-2D8389223563}\InProcServer32\ = "C:\\Program Files\\WindowsApps\\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\\InstallServicePlugin.dll" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FBA5170-10C4-4185-89E3-2D8389223563}\InProcServer32\ThreadingModel = "Both" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{4eb799a7-3ca3-4f32-b247-62b1a8899a9f}\LocalServer32\ = "\"C:\\Program Files (x86)\\ExpressVPN\\expressvpn-ui\\ExpressVPNNotificationService.exe\" -ToastActivated" C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{25209EC2-1BAD-45AB-AC18-42396DF52294}\InProcServer32\ = "C:\\Windows\\system32\\GamingServicesProxy.dll" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FBA5170-10C4-4185-89E3-2D8389223563}\InProcServer32 C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FBA5170-10C4-4185-89E3-2D8389223563}\InProcServer32\ThreadingModel = "Both" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{25209EC2-1BAD-45AB-AC18-42396DF52294}\InProcServer32\ = "C:\\Windows\\system32\\GamingServicesProxy.dll" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FBA5170-10C4-4185-89E3-2D8389223563}\InProcServer32 C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Program Files (x86)\ExpressVPN\wintun\tapinstall\tapinstall.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Program Files (x86)\ExpressVPN\wintun\tapinstall\tapinstall.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Program Files (x86)\ExpressVPN\wintun\tapinstall\tapinstall.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Program Files (x86)\ExpressVPN\wintun\tapinstall\tapinstall.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\reg.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Program Files (x86)\ExpressVPN\wintun\tapinstall\tapinstall.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Program Files (x86)\ExpressVPN\wintun\tapinstall\tapinstall.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000027c70fafd0cbe6b20000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000027c70faf0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3f000000ffffffff00000000070001000068090027c70faf000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000027c70faf00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000027c70faf00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Filters C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\reg.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxPlayerBeta.exe = "11000" C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerLauncher.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerLauncher.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\20 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\24\52C64B7E\@%SystemRoot%\system32\NgcRecovery.dll,-100 = "Windows Hello Recovery Key Encryption" C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\24 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E C:\Windows\SysWOW64\rundll32.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{BAEE68FB-2B54-4DE3-BECC-4FF62E89ABAF}\DeviceTicket = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3dbb16e8f2aa6449fe67bb4f410b51a00000000020000000000106600000001000020000000a8527d26ffeb666c87b5d3925cad20299ccb9d8a004092b373ad957538865207000000000e80000000020000200000006a32c69ccbb7d99a47936e72a60d3f78e9a95deaf5f31e9b5d7505e048ae6713b0030000d6c292e98ca39e448f00c23c08bf0740a028de165d5ad668f50263432ef1e8e3d7ac5860b6acb41eda63f633e95eedcc4d15873e39ee1208a1db46524c6772a55331a88d9b23875f5889bb330737c5c1e21c3cdb58ffe7bac0b8cfdc6907efafb5b58c5b87306e5623b3a150eeff12dadb270574bd097cd3947e64f4ae20d1134aada972f21839f54b622a4e43c54324033d3155d525f7f87ff6ae9e06105cf897f85fa767f8f977f9eca120d8c2e4bf61dc2f626c4e281c47d611c6fdf43f14991fc5764571aec613ac6f9dc91597fe5e747524ac203900b924dee6f96558569827bd008e4704e1538a11dacb53c6702725acef038ba4e54bf3aa8769841348041794f55819c835bfdd948f314b96e5841d7e91edbb37788d83558b8fcdd3d5518cac249187bebcde5c66f895912660951d30b6521bfcf388333570b28ddbc22e7a18205b18f5d95d68ddc6d5fd7c5ebc94b4797fa0c9602bec912647d9f20218e37fc3f7674b6a47992c9c8d667e19acb230c69161a572d2ab29cb9904a68bc85233969885acf27bb10536f220b82cfeddeeade5411e5bd01027f7c9c0c5bca1eae59b4825e63df3925724d8ab5cac8941610ec92888982f82c7e08fc4507a0ed032ac3b45146b322a45a8ead5c0063959c02e4a372b9dd9c829a97d10f9cfd93743fb29bc90148f0b8c14d81d5c0e2b7e2acfebef83cf51774254456766093452bd0d381d471b26c6a3299485c1a00ad3be27d14418fc5d596141c0f68fb71909bcd14f66552453096bcaf9ec3339a8458d1f3f3c0e3869b336e49533aaa0dfb868de56acf984247c6c4a76184c46b3820e5198bd489f9ea4f81aa3a75535d9cd5b43b023fb0933d27c7124deabeffc2f26eaeccb13b6e68f75fc4302cd2d099ecdc515e5716b5f4ea445b51cdf32d80e17bf516ed707a2b3efb8bf2ad7e029251ad5e6449d6e6bdfa82fce1c6da8b9811ed15f41c70d9cf7fd081b53c58ed62bf5d8528d8680b2a7225520134055f4d57455cf6544cb6a17639c629dbe562b1e4915f8ae7c2fb961beac4c91043cdef04497398f66fe69c6bb08f1bef14bc2fa9bdb655db0b065648f6dce4050817b322b4d73c422867039b1ecfe5cc7476a6f0ce2562f60537ec7922014e230e65752a800d6874f473c1c9de7bdb72a4270b2bc9a88796e7265bcf42555ea1ed3c55a6835970c85674c5c93c71b33b9c4ac3fff3ecd04c560c0847d3e712494807e7f9277a6ce9684ce9ee4ed7dcd045a835b1cbce518693a1c90a4cbfa27451701aa4592bbf87068d819b6834874bf3b882d0cf30418e23507753e667d5380f34000000011369956e75887ef75bee5f01027f3475f3e5f9d87268423d91052cd693829367affe53d20228e62b0d53155230a1ea63f717f2755b2284bc0766002b5a2657e C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{BAEE68FB-2B54-4DE3-BECC-4FF62E89ABAF}\ApplicationFlags = "1" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\reg.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\reg.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F} C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_runtime_48.23.40665_x64 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BC9DC3BC-6685-4005-B961-A6B53B75A12D}\ProxyStubClsid32 C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3FA6B2F1062C666895053EEFBD8C156D\SourceList\LastUsedSource = "n;1;C:\\Program Files\\WindowsApps\\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{339A4992-B8C2-40CF-B0C5-4F810A07DBB1}\ = "IEnumGamePlatformStorageContent" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\23B875EDA4807E94E855F6853A57870C\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{DE578B32-084A-49E7-8E55-6F58A37578C0}v48.23.40699\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F2ED644-9CFD-4F10-B063-15595024151D}\ = "IGameCorePackageService_V1" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4D2BF08-1409-4918-9D84-32EE00E9178C} C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E97EABA8-9BCD-4930-992E-2ADC66176817}\LocalService = "GamingServices" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{b2d57aa0-8729-5ab5-9e6b-95059b8d8a94}\ProxyStubClsid32\ = "{25209EC2-1BAD-45AB-AC18-42396DF52294}" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4D2BF08-1409-4918-9D84-32EE00E9178C}\SynchronousInterface\ = "{115E6AF7-8620-4B0E-A9B1-4CA958B8A24D}" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{671D365D-D1F9-4B8A-BA89-832EB0CFF5F5} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{0f711ee3-eb88-456d-acb4-c2ee31add211}\Dependents\{0f711ee3-eb88-456d-acb4-c2ee31add211} C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\14DCC6E369B6DB74E8E17D5B39EC9E67\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{81a071a8-08cb-59f3-ade7-8ce0499458f4}\ProxyStubClsid32 C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ProgID\ = "MicrosoftEdgeUpdate.PolicyStatusSvc.1.0" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods\ = "24" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AE51CF4F-D657-41C0-AC3B-7218A32CA524}\ProxyStubClsid32\ = "{25209EC2-1BAD-45AB-AC18-42396DF52294}" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CC042A88-E160-44CD-B089-8C9E6F0AB42D}\ = "IEnumGamePlatformPackageDependencies" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc.1.0\ = "Microsoft Edge Update Update3Web" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle" C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{8e563438-c5e3-4ece-98b6-53dcb8e954c2}\Dependents\{8e563438-c5e3-4ece-98b6-53dcb8e954c2} C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.be\ExpressVPN_12.38.0.60.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3E8C9ABE-9226-4609-BF5B-60288A391DEE}\ = "InstallServiceProgressHandler" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4C1344D-55A0-453A-957E-83727B36CAC9}\ProxyStubClsid32\ = "{25209EC2-1BAD-45AB-AC18-42396DF52294}" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\VersionIndependentProgID C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{82B0290F-C7F3-466C-BF99-49FD29CA5C92}\ProxyStubClsid32\ = "{25209EC2-1BAD-45AB-AC18-42396DF52294}" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D4DAB5B8-A025-4A72-84AC-7FE45C6E5456}\SynchronousInterface\ = "{CB48C4B7-2ADA-438F-A9CA-E6ACC3838C4B}" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{c4ffeb73-c9fc-44f1-930b-ad0254e8270f}\ = "IUserPropertiesChangedArgs" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods\ = "4" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F688F2BD-1AD7-49EB-A902-7F890E0138E4}\ProxyStubClsid32\ = "{25209EC2-1BAD-45AB-AC18-42396DF52294}" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{95DCB150-58FD-48A8-98D0-84324818BA51}\ = "IEnumGameCorePackageRegions_V1" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0415A237-4CC5-48ED-BE61-B04899D7D237}\ = "IEnumGamePlatformPackageRegions" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{41EFFFA0-7356-4247-A84D-E54DEBC5DCEF} C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C8B9BA5-D030-44F8-819E-EA04BE3CC9C8}\ = "IGamePlatformGameSaveService" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F} C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C0947C0-A113-47D8-ACC2-1F3FB425EA88}\ = "IEnumGamePlatformPackageExecutables" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{04A4A9D1-8881-4E18-96CF-184E58A2323C}\ = "IGamePlatformTestService" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\14DCC6E369B6DB74E8E17D5B39EC9E67\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4FF525D5-AC7F-4D25-8CEC-23686C02A7C9}\ = "ApplicationLicenseManager" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19da4497-1d4b-4b84-8aba-aabdb5b03841}\ProxyStubClsid32 C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ac69f006-0efe-5a09-bd55-1c640aff54c1}\ = "Windows.Foundation.IAsyncOperation`1<GameCore.Users.GetUserTokenAndSignatureResult>" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LOCALSERVER32 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5E3C9B5EC98822F49A954F8B89D287D6\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FACCFDC4-ED66-4EFF-8F00-AA1374E4499D}\AppId = "{2964DB41-BAE4-4996-A0A0-D036BFFDC267}" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5d3910a4-74e0-4cf1-bfad-50b1c6522cfa}\ProxyStubClsid32 C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1AFDDE03-A524-4FC6-A566-2BC802898DFF}\ProxyStubClsid32\ = "{25209EC2-1BAD-45AB-AC18-42396DF52294}" C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\MinecraftInstaller.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe N/A
N/A N/A C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4176 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\expressvpn_windows_12.38.0.60_release.exe C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe
PID 4176 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\expressvpn_windows_12.38.0.60_release.exe C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe
PID 4176 wrote to memory of 2432 N/A C:\Users\Admin\AppData\Local\Temp\expressvpn_windows_12.38.0.60_release.exe C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe
PID 2432 wrote to memory of 4664 N/A C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.be\ExpressVPN_12.38.0.60.exe
PID 2432 wrote to memory of 4664 N/A C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.be\ExpressVPN_12.38.0.60.exe
PID 2432 wrote to memory of 4664 N/A C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.be\ExpressVPN_12.38.0.60.exe
PID 2052 wrote to memory of 2844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 2024 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 460 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2052 wrote to memory of 3180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\expressvpn_windows_12.38.0.60_release.exe

"C:\Users\Admin\AppData\Local\Temp\expressvpn_windows_12.38.0.60_release.exe"

C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe

"C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\expressvpn_windows_12.38.0.60_release.exe" -burn.filehandle.attached=684 -burn.filehandle.self=536

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.be\ExpressVPN_12.38.0.60.exe

"C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.be\ExpressVPN_12.38.0.60.exe" -q -burn.elevated BurnPipe.{3779C1D0-E97F-4266-BBD1-ACE21AEDFFB0} {504F2B8E-8F15-4292-ADA9-56309CC697D7} 2432

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcad149758,0x7ffcad149768,0x7ffcad149778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3316 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4396 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4596 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4760 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4724 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4616 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5200 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5136 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5584 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\ProgramData\Package Cache\B5B1819CCA753B070181F50411375B80412860A3\windowsdesktop-runtime-6.0.5-win-x64.exe

"C:\ProgramData\Package Cache\B5B1819CCA753B070181F50411375B80412860A3\windowsdesktop-runtime-6.0.5-win-x64.exe" /install /quiet /norestart -burn.filehandle.self=1584 -burn.embedded BurnPipe.{5786FD4A-3C3E-435F-842B-E1368431C3B2} {817D71EA-A3C8-4854-B520-C8A1A1690496} 4664

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5372 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Windows\Temp\{3F2F9BF6-7239-4224-BBE0-9DA42F7940D2}\.cr\windowsdesktop-runtime-6.0.5-win-x64.exe

"C:\Windows\Temp\{3F2F9BF6-7239-4224-BBE0-9DA42F7940D2}\.cr\windowsdesktop-runtime-6.0.5-win-x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\B5B1819CCA753B070181F50411375B80412860A3\windowsdesktop-runtime-6.0.5-win-x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=648 /install /quiet /norestart -burn.filehandle.self=1584 -burn.embedded BurnPipe.{5786FD4A-3C3E-435F-842B-E1368431C3B2} {817D71EA-A3C8-4854-B520-C8A1A1690496} 4664

C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe

"C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe" -q -burn.elevated BurnPipe.{5D8CD81F-1DDE-4D95-9FEF-28FD4069A92B} {94DDB85D-8564-4381-8341-11F2714A4971} 6056

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding C892AD93B3B496556B4134107E8B2655

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff72c567688,0x7ff72c567698,0x7ff72c5676a8

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 8E5D3F39D7027F4C6A363826B4E2DCB7

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding D68746BCA2BC31AE93F1290610C362ED

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1776 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 32160872D57F185595A402565CFCFE4B

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5152 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3524 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3308 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1656 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2784 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5304 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5352 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 609934E0AAE89F8ED2DFA1FC8E48316F

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI17D5.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240654468 22 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.CloseMainApp

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5648 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1788 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x494 0x44c

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=852 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding D994A4D1B21E13C424E4159D4BF2B622 E Global\MSI0000

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI3D72.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240663937 37 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.SetBrowserHelperPath

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5484 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5048 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI45C0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240666046 41 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.CreateAccessTokens

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI4A26.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240667171 45 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.CreateDefaultPortConfiguration

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI4C98.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240667796 49 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.CreateServiceCredentials

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI513C.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240668984 53 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.InitializeProteusId

C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.Installer.Exe

"C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.Installer.Exe"

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI56BC.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240670390 57 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.SetServicesFailureActions

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5160 -ip 5160

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 1252

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI5F48.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240672593 62 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.AddErrorReportingKeys

C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe

"C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe"

C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe

"C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe"

C:\Program Files (x86)\ExpressVPN\services\lightway.exe

"C:\Program Files (x86)\ExpressVPN\services\lightway.exe" --version

C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe

"C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe"

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI6A36.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240675406 66 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.RemoveLegacyRegistryData

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI6D63.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240676250 70 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.RemoveUserFolderData

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=1776 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=3436 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4740 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5912 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI7544.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240678296 80 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.DeleteBinaries

C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe

"C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe" install

C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe

"C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe"

C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe

"C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe" uihaslaunched

C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN-Installer.exe

"ExpressVPN-Installer.exe" install

C:\Program Files (x86)\ExpressVPN\wintun\tapinstall\tapinstall.exe

"C:\Program Files (x86)\ExpressVPN\wintun\tapinstall\tapinstall.exe" install "C:\Program Files (x86)\ExpressVPN\wintun\driver\expressvpn-tun.inf" expressvpntun

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{bffd6bab-abbe-7c4a-b475-31039dae7ebf}\expressvpn-tun.inf" "9" "4497a52b3" "0000000000000138" "WinSta0\Default" "0000000000000158" "208" "c:\program files (x86)\expressvpn\wintun\driver"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:07cfc4e755425814:Expressvpntun.Install:0.8.0.0:expressvpntun," "4497a52b3" "0000000000000138"

C:\Windows\SysWOW64\netsh.exe

"C:\Windows\SysWOW64\netsh.exe" interface ipv4 set subinterface "Local Area Connection" mtu=1500

C:\Program Files (x86)\ExpressVPN\wintun\tapinstall\tapinstall.exe

"C:\Program Files (x86)\ExpressVPN\wintun\tapinstall\tapinstall.exe" install "C:\Program Files (x86)\ExpressVPN\tap\driver\OemVista.inf" tapexpressvpn

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{b8aabe2b-d368-4d4f-8a92-1e53f031ef63}\oemvista.inf" "9" "41ad97973" "0000000000000180" "WinSta0\Default" "0000000000000184" "208" "c:\program files (x86)\expressvpn\tap\driver"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "2" "211" "ROOT\NET\0001" "C:\Windows\INF\oem4.inf" "oem4.inf:3beb73aff103cc24:tapexpressvpn.ndi:9.24.2.45:tapexpressvpn," "41ad97973" "0000000000000180"

C:\Windows\SysWOW64\netsh.exe

"C:\Windows\SysWOW64\netsh.exe" interface ipv4 set subinterface "Ethernet 2" mtu=1500

C:\Program Files (x86)\ExpressVPN\splittunnel\install\expressvpndriverinstaller.exe

"C:\Program Files (x86)\ExpressVPN\splittunnel\install\expressvpndriverinstaller.exe" remove

C:\Program Files (x86)\ExpressVPN\splittunnel\install\expressvpndriverinstaller.exe

"C:\Program Files (x86)\ExpressVPN\splittunnel\install\expressvpndriverinstaller.exe" install "C:\Program Files (x86)\ExpressVPN\splittunnel\driver\expressvpnsplittunnel.sys"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=4632 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=1660 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=3424 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4460 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=5440 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6368 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=6384 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=6428 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6596 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5552 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=5528 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=6236 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=5956 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=856 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=3372 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=6288 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=6216 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=6220 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=6580 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=5908 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=6052 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=3256 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=6120 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=6112 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=7124 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=7764 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=8004 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=8244 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=8460 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=8316 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=8216 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=9104 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=9076 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=9772 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=9224 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=9356 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=9064 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=8904 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=8472 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=10212 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=9380 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=10032 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=10040 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=6216 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=1620 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=7776 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=6052 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=11492 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=11452 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=11080 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=9748 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=5848 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=6992 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=12416 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=11876 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=12320 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=10636 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=96 --mojo-platform-channel-handle=11796 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=97 --mojo-platform-channel-handle=10856 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=98 --mojo-platform-channel-handle=12116 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=101 --mojo-platform-channel-handle=12796 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=100 --mojo-platform-channel-handle=12780 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=12696 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=102 --mojo-platform-channel-handle=12752 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=103 --mojo-platform-channel-handle=13412 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=104 --mojo-platform-channel-handle=13608 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=105 --mojo-platform-channel-handle=11748 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=106 --mojo-platform-channel-handle=13596 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=107 --mojo-platform-channel-handle=13232 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=109 --mojo-platform-channel-handle=13740 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=108 --mojo-platform-channel-handle=13628 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=110 --mojo-platform-channel-handle=14364 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=111 --mojo-platform-channel-handle=14088 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=112 --mojo-platform-channel-handle=11520 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=113 --mojo-platform-channel-handle=12344 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=114 --mojo-platform-channel-handle=12232 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=13764 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=11416 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=117 --mojo-platform-channel-handle=12284 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=118 --mojo-platform-channel-handle=11396 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=119 --mojo-platform-channel-handle=14484 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=120 --mojo-platform-channel-handle=11212 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=121 --mojo-platform-channel-handle=14188 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=122 --mojo-platform-channel-handle=14472 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=14396 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=124 --mojo-platform-channel-handle=11064 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=125 --mojo-platform-channel-handle=14000 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=126 --mojo-platform-channel-handle=11696 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=127 --mojo-platform-channel-handle=14092 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=128 --mojo-platform-channel-handle=12204 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=129 --mojo-platform-channel-handle=9356 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10380 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3228 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=132 --mojo-platform-channel-handle=13932 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=133 --mojo-platform-channel-handle=12452 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=134 --mojo-platform-channel-handle=11456 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=135 --mojo-platform-channel-handle=12480 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12280 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7104 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=13512 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11744 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=13940 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=13612 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Users\Admin\Downloads\MinecraftInstaller.exe

"C:\Users\Admin\Downloads\MinecraftInstaller.exe"

C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe

"C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe" scenarioMinecraft

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.XboxIdentityProvider_8wekyb3d8bbwe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=143 --mojo-platform-channel-handle=4704 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=144 --mojo-platform-channel-handle=11340 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=12340 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9712 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=147 --mojo-platform-channel-handle=13888 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=148 --mojo-platform-channel-handle=10396 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=149 --mojo-platform-channel-handle=12380 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=150 --mojo-platform-channel-handle=14612 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11696 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12908 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=14728 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=14748 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=14752 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Users\Admin\Downloads\Feather Launcher Setup 1.5.5.exe

"C:\Users\Admin\Downloads\Feather Launcher Setup 1.5.5.exe"

C:\Windows\system32\svchost.exe

"svchost.exe"

C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe

"C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe"

C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe

"C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /i "C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\gameinputredist.msi" /quiet /l*v "C:\Windows\TEMP\gameinputredist.log"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe

"C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe" Global\GameInputSession_1

C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe

"C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Windows\TEMP\{53a9cadf-d2ec-e643-bd1f-121d88d4cc28}\xvdd.inf" "9" "4e7a111df" "0000000000000138" "Service-0x0-3e7$\Default" "0000000000000150" "208" "C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\drivers"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "1" "0" "SWD\XvddEnum\XvddRootDevice_Instance" "" "" "48fe919b3" "0000000000000000"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Windows\TEMP\{75b8a007-87ed-cd44-b492-01ae301c547c}\gameflt.inf" "9" "42e40eeeb" "000000000000014C" "Service-0x0-3e7$\Default" "000000000000015C" "208" "C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\drivers"

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\vcredist_x64.exe

"C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\vcredist_x64.exe" /quiet /norestart

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\vcredist_x64.exe

"C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\vcredist_x64.exe" /quiet /norestart -burn.unelevated BurnPipe.{72FD05FB-54E9-4080-9D76-097881DC233E} {218FB332-FFF3-4208-B851-2C155CC8CBF0} 5336

C:\Windows\system32\DrvInst.exe

DrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_7d40425feb31ec57\gameflt.inf" "0" "42e40eeeb" "000000000000015C" "Service-0x0-3e7$\Default"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "5" "2" "C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_7d40425feb31ec57\gameflt.inf" "0" "4100319eb" "0000000000000158" "Service-0x0-3e7$\Default"

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\VC_redist.x64.exe

"C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\VC_redist.x64.exe" /quiet /norestart

C:\Windows\Temp\{1E766296-47EB-4DC7-A810-AD9092F6E0F3}\.cr\VC_redist.x64.exe

"C:\Windows\Temp\{1E766296-47EB-4DC7-A810-AD9092F6E0F3}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\VC_redist.x64.exe" -burn.filehandle.attached=676 -burn.filehandle.self=780 /quiet /norestart

C:\Windows\Temp\{7BCBD610-83F9-4224-A570-BD5524A1001E}\.be\VC_redist.x64.exe

"C:\Windows\Temp\{7BCBD610-83F9-4224-A570-BD5524A1001E}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{28B298A2-8B13-4396-8824-F033647458C8} {98A36D13-03DD-44CC-94CB-50A91E554421} 3652

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" epl Microsoft-Windows-AppXDeploymentServer/Operational C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\Microsoft-Windows-AppXDeploymentServer_Operational.evtx /ow:true

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" epl Microsoft-Windows-AppXDeployment/Operational C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\Microsoft-Windows-AppXDeployment_Operational.evtx /ow:true

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" epl Microsoft-Windows-AppxPackaging/Operational C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\Microsoft-Windows-AppxPackaging_Operational.evtx /ow:true

C:\Windows\system32\wscollect.exe

"C:\Windows\system32\wscollect.exe" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\wscollect_gr.cab

C:\Windows\System32\reg.exe

C:\Windows\System32\reg.exe export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SIH" "C:\Users\Admin\AppData\Local\Temp\registry_SIH.txt" /y

C:\Windows\System32\reg.exe

C:\Windows\System32\reg.exe export "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig" "C:\Users\Admin\AppData\Local\Temp\registry_DNSPolicy.txt" /y

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe

"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d} -burn.filehandle.self=1264 -burn.embedded BurnPipe.{9F6D0742-F0B1-499B-9BD8-640EE9E065A1} {7D28F070-1DFD-485B-A629-D5B6769EDDFC} 4920

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe

"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=648 -burn.filehandle.self=668 -uninstall -quiet -burn.related.upgrade -burn.ancestors={ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d} -burn.filehandle.self=1264 -burn.embedded BurnPipe.{9F6D0742-F0B1-499B-9BD8-640EE9E065A1} {7D28F070-1DFD-485B-A629-D5B6769EDDFC} 4920

C:\Windows\system32\reg.exe

"C:\Windows\system32\reg.exe" export HKLM\Software\Microsoft\GamingServices C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKLM_GRTS.reg /y

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe

"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{FAEADDFE-5319-4239-923B-EAE1BD18A617} {BC92F3B3-0F6F-42EA-B2E1-8460AF50EDD0} 1912

C:\Windows\system32\reg.exe

"C:\Windows\system32\reg.exe" export HKCU\Software\Microsoft\GamingServices C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKCU_GRTS.reg /y

C:\Windows\system32\reg.exe

"C:\Windows\system32\reg.exe" export HKLM\SYSTEM\CurrentControlSet\Services\GamingServices C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\GS_Service.reg /y

C:\Windows\system32\reg.exe

"C:\Windows\system32\reg.exe" export HKLM\SYSTEM\CurrentControlSet\Services\GamingServicesNet C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\GSNet_Service.reg /y

C:\Windows\system32\reg.exe

"C:\Windows\system32\reg.exe" export HKLM\SYSTEM\CurrentControlSet\Services\GameFlt C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\GameFlt_Service.reg /y

C:\Windows\system32\reg.exe

"C:\Windows\system32\reg.exe" export HKLM\SYSTEM\CurrentControlSet\Services\Xvdd C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\Xvdd_Service.reg /y

C:\Program Files\Feather Launcher\Feather Launcher.exe

"C:\Program Files\Feather Launcher\Feather Launcher.exe"

C:\Program Files\Feather Launcher\Feather Launcher.exe

"C:\Program Files\Feather Launcher\Feather Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1768,i,15831841621490548240,4255790313524525291,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\Feather Launcher\Feather Launcher.exe

"C:\Program Files\Feather Launcher\Feather Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --mojo-platform-channel-handle=2040 --field-trial-handle=1768,i,15831841621490548240,4255790313524525291,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Program Files\Feather Launcher\Feather Launcher.exe

"C:\Program Files\Feather Launcher\Feather Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --app-path="C:\Program Files\Feather Launcher\resources\app.asar" --no-sandbox --no-zygote --disable-blink-features=GetDisplayMedia --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2320 --field-trial-handle=1768,i,15831841621490548240,4255790313524525291,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files\Feather Launcher\Feather Launcher.exe

"C:\Program Files\Feather Launcher\Feather Launcher.exe" "C:\Program Files\Feather Launcher\resources\app.asar\preload\preload-mod-watcher-fork.js"

C:\Program Files\Feather Launcher\Feather Launcher.exe

"C:\Program Files\Feather Launcher\Feather Launcher.exe" "C:\Program Files\Feather Launcher\resources\app.asar\preload\preload-skin-watcher-fork.js"

C:\Program Files\Feather Launcher\Feather Launcher.exe

"C:\Program Files\Feather Launcher\Feather Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --app-path="C:\Program Files\Feather Launcher\resources\app.asar" --enable-sandbox --disable-blink-features=GetDisplayMedia --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3496 --field-trial-handle=1768,i,15831841621490548240,4255790313524525291,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe

"C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Windows\TEMP\{7e3470d8-7ccb-7f4e-93b9-9e52c293701a}\gameflt.inf" "9" "42e40eeeb" "000000000000014C" "Service-0x0-3e7$\Default" "000000000000015C" "208" "C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\drivers"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_7d40425feb31ec57\gameflt.inf" "0" "42e40eeeb" "000000000000015C" "Service-0x0-3e7$\Default"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "5" "2" "C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_7d40425feb31ec57\gameflt.inf" "0" "4100319eb" "0000000000000168" "Service-0x0-3e7$\Default"

C:\Program Files\Feather Launcher\Feather Launcher.exe

"C:\Program Files\Feather Launcher\Feather Launcher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3092 --field-trial-handle=1768,i,15831841621490548240,4255790313524525291,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=156 --mojo-platform-channel-handle=1332 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=157 --mojo-platform-channel-handle=14460 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6396 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=14308 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=160 --mojo-platform-channel-handle=5200 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=161 --mojo-platform-channel-handle=14628 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=162 --mojo-platform-channel-handle=9240 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=163 --mojo-platform-channel-handle=8940 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=164 --mojo-platform-channel-handle=12336 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=165 --mojo-platform-channel-handle=6888 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x494 0x44c

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=166 --mojo-platform-channel-handle=4440 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6280 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6732 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6768 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12648 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=14328 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe

"C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe"

C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe

C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=3539e67194ee6ba0c99d6e96abe3b09d611a4794 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x6c4,0x6d0,0x774,0x75c,0x780,0x878c44,0x878c54,0x878c64

C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

MicrosoftEdgeWebview2Setup.exe /silent /install

C:\Program Files (x86)\Microsoft\Temp\EUC593.tmp\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\Temp\EUC593.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjFCNzA0QkUtRDI1MC00OTEwLTk1QTktMUMyOEVCQ0REMEE0fSIgdXNlcmlkPSJ7MjY5QjU3MDEtQzY2My00NEMyLTg5MTktREI1MUYwQjNFNDBGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InswQ0FEMDE4Ni00MUY4LTQwNkMtOTIyOC1FRUUxREJFMjJCNEN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3FXSlN6V3dQZmRjTFIrWEdJdjZ4clpmaVlPeGhQVTJzMU5XbWpXY2FGUGc9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzMuNDUiIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzQyMjYxNDQyNCIgaW5zdGFsbF90aW1lX21zPSI5OTMiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{F1B704BE-D250-4910-95A9-1C28EBCDD0A4}" /silent

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjFCNzA0QkUtRDI1MC00OTEwLTk1QTktMUMyOEVCQ0REMEE0fSIgdXNlcmlkPSJ7MjY5QjU3MDEtQzY2My00NEMyLTg5MTktREI1MUYwQjNFNDBGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGMDhCMjQ0RS0zN0E0LTQxMjItQTI5My04RENCRURGNzMxNkN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3FXSlN6V3dQZmRjTFIrWEdJdjZ4clpmaVlPeGhQVTJzMU5XbWpXY2FGUGc9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIzIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzQyNzA0NDYwMSIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C0E992C-238C-46B5-BA57-73D87F17DB65}\MicrosoftEdge_X64_114.0.1823.43.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C0E992C-238C-46B5-BA57-73D87F17DB65}\MicrosoftEdge_X64_114.0.1823.43.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C0E992C-238C-46B5-BA57-73D87F17DB65}\EDGEMITMP_CCA90.tmp\setup.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C0E992C-238C-46B5-BA57-73D87F17DB65}\EDGEMITMP_CCA90.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C0E992C-238C-46B5-BA57-73D87F17DB65}\MicrosoftEdge_X64_114.0.1823.43.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjFCNzA0QkUtRDI1MC00OTEwLTk1QTktMUMyOEVCQ0REMEE0fSIgdXNlcmlkPSJ7MjY5QjU3MDEtQzY2My00NEMyLTg5MTktREI1MUYwQjNFNDBGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyQkYzNzMxNS0xRkRELTQ5NEMtOUEyRi0zREE2RjY4MDhEOTZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjExNC4wLjE4MjMuNDMiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzNDM3NzE0NTIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM0MzgxMDQ2MjUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzU5Nzc3NDYxMSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvYTNhNGRkYTMtMWE2ZS00MWQ0LWFiOTktMGJiZTQzYzNmNjg0P1AxPTE2ODc0MzkyODAmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9QzdGTEZuRDVQS1V2ZkVLVnF4MkdlQ1djMWdCa2hNbFV4cGExMno5ZHlodWdvY2dBZXEwN2tKSlBXeEgwdFdDaHA5VjFvMWVQbnV5NXlOJTJmek5XV1dudyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE0NzI0Mzk3NiIgdG90YWw9IjE0NzI0Mzk3NiIgZG93bmxvYWRfdGltZV9tcz0iMTI5NzkiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzU5Nzk0NDU4MyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzNjEzMzU0MjA5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NjA5IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzg3MTgzNDA2NCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjUwOSIgZG93bmxvYWRfdGltZV9tcz0iMTU5NTAiIGRvd25sb2FkZWQ9IjE0NzI0Mzk3NiIgdG90YWw9IjE0NzI0Mzk3NiIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMjU4MTkiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=172 --mojo-platform-channel-handle=5924 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12388 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8

C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerLauncher.exe

"C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerLauncher.exe" roblox-player:1+launchmode:play+gameinfo:g1H0LfoOVrP4lFZJcfRJ6Nqu0_UJCQWxOFnJo3N7HOCS6Bl9mikvHy_CFWxbhcWTk2sZC7PpiNnoG1X3tk0AIxgAbG8Z3_1a8CQYcetqEbNm-g_YR3IsgTlkLZr3kej6sKJ7UvqDV40urTxQc5LuMfmeXD4BOGzzyJeZSRT_e_0EWTsAdGEqgGlLgIG3paqR6yLKRsP3ku9c_12Oz4Nv34Nx4zagbG3s1T2x4hLtKVU+launchtime:1686834540600+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D176063550447%26placeId%3D8737602449%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D6aae0b56-4608-4ae9-80ec-072a3b378fe2%26joinAttemptOrigin%3DPlayButton+browsertrackerid:176063550447+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp

C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerLauncher.exe

"C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=3539e67194ee6ba0c99d6e96abe3b09d611a4794 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x72c,0x730,0x734,0x68c,0x4a8,0x8e8c44,0x8e8c54,0x8e8c64

C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe

"C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe" --app -t g1H0LfoOVrP4lFZJcfRJ6Nqu0_UJCQWxOFnJo3N7HOCS6Bl9mikvHy_CFWxbhcWTk2sZC7PpiNnoG1X3tk0AIxgAbG8Z3_1a8CQYcetqEbNm-g_YR3IsgTlkLZr3kej6sKJ7UvqDV40urTxQc5LuMfmeXD4BOGzzyJeZSRT_e_0EWTsAdGEqgGlLgIG3paqR6yLKRsP3ku9c_12Oz4Nv34Nx4zagbG3s1T2x4hLtKVU -j https://assetgame.roblox.com/game/PlaceLauncher.ashx?request=RequestGame&browserTrackerId=176063550447&placeId=8737602449&isPlayTogetherGame=false&joinAttemptId=6aae0b56-4608-4ae9-80ec-072a3b378fe2&joinAttemptOrigin=PlayButton -b 176063550447 --launchtime=1686834540600 --rloc en_us --gloc en_us

C:\Windows\System32\GameBarPresenceWriter.exe

"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 444 -p 7964 -ip 7964

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 7964 -s 1980

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 40.125.122.151:443 tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 58.250.217.23.in-addr.arpa udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 download.visualstudio.microsoft.com udp
US 93.184.215.201:443 download.visualstudio.microsoft.com tcp
US 8.8.8.8:53 201.215.184.93.in-addr.arpa udp
IE 20.50.73.11:443 tcp
US 8.8.8.8:53 62.13.109.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
NL 8.238.21.126:80 tcp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
NL 142.251.36.46:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
NL 173.223.113.164:443 tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
NL 142.251.36.1:443 clients2.googleusercontent.com tcp
NL 173.223.113.131:80 tcp
US 131.253.33.203:80 tcp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 labs.google.com udp
NL 142.250.179.206:443 labs.google.com tcp
NL 142.250.179.206:443 labs.google.com tcp
NL 142.250.179.206:443 labs.google.com udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
NL 142.250.179.163:443 id.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 216.58.214.22:443 i.ytimg.com tcp
NL 216.58.214.22:443 i.ytimg.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.179.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 163.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 22.214.58.216.in-addr.arpa udp
NL 142.251.36.14:443 play.google.com udp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 202.179.250.142.in-addr.arpa udp
NL 216.58.214.22:443 i.ytimg.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 101.15.18.104.in-addr.arpa udp
US 8.8.8.8:53 101.14.18.104.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
DE 172.217.23.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
DE 172.217.23.194:443 googleads.g.doubleclick.net udp
NL 142.250.179.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
US 8.8.8.8:53 o137163.ingest.sentry.io udp
US 34.120.195.249:443 o137163.ingest.sentry.io tcp
US 34.120.195.249:443 o137163.ingest.sentry.io tcp
US 8.8.8.8:53 249.195.120.34.in-addr.arpa udp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.80:80 www.msftncsi.com tcp
US 8.8.8.8:53 80.121.18.2.in-addr.arpa udp
US 34.120.195.249:443 o137163.ingest.sentry.io tcp
US 8.8.8.8:53 clientstream.launchdarkly.com udp
US 13.248.151.210:443 clientstream.launchdarkly.com tcp
US 8.8.8.8:53 210.151.248.13.in-addr.arpa udp
US 2.18.121.80:80 www.msftncsi.com tcp
US 8.8.8.8:53 mobile.launchdarkly.com udp
US 2.18.121.80:80 www.msftncsi.com tcp
N/A 127.0.0.1:2021 tcp
N/A 127.0.0.1:2022 tcp
NL 142.250.179.163:443 id.google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
NL 142.250.179.142:443 google.com tcp
US 192.178.48.227:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.48.178.192.in-addr.arpa udp
N/A 127.0.0.1:2020 tcp
US 8.8.8.8:53 hackerztrickz.com udp
US 162.243.164.163:443 hackerztrickz.com tcp
US 162.243.164.163:443 hackerztrickz.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 2.18.121.70:80 apps.identrust.com tcp
US 192.178.48.227:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 163.164.243.162.in-addr.arpa udp
US 8.8.8.8:53 70.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 200.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
US 192.178.48.227:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.80:80 www.msftncsi.com tcp
US 162.243.164.163:443 hackerztrickz.com tcp
DE 172.217.23.194:443 googleads.g.doubleclick.net udp
US 162.243.164.163:443 hackerztrickz.com tcp
US 162.243.164.163:443 hackerztrickz.com tcp
US 162.243.164.163:443 hackerztrickz.com tcp
US 162.243.164.163:443 hackerztrickz.com tcp
NL 142.250.179.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 partner.googleadservices.com udp
NL 142.251.36.2:443 partner.googleadservices.com tcp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 2.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.googletagservices.com udp
NL 142.251.36.1:443 tpc.googlesyndication.com tcp
NL 142.251.36.1:443 tpc.googlesyndication.com tcp
NL 142.251.36.1:443 tpc.googlesyndication.com tcp
NL 142.251.36.1:443 tpc.googlesyndication.com tcp
NL 142.251.39.98:443 www.googletagservices.com tcp
NL 142.251.36.1:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
N/A 127.0.0.1:2020 tcp
US 8.8.8.8:53 dclk-match.dotomi.com udp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 8.8.8.8:53 fksnk.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 an.yandex.ru udp
US 8.8.8.8:53 rtb2-useast.e-volution.ai udp
US 8.8.8.8:53 b1sync.zemanta.com udp
IE 54.72.87.105:443 pr-bh.ybp.yahoo.com tcp
RU 77.88.21.90:443 an.yandex.ru tcp
US 52.3.201.139:443 sync.srv.stackadapt.com tcp
US 34.200.89.174:443 fksnk.com tcp
NL 142.251.36.34:443 cm.g.doubleclick.net tcp
NL 89.207.16.140:443 dclk-match.dotomi.com tcp
US 8.8.8.8:53 b1sync.zemanta.com tcp
US 174.137.133.49:443 rtb2-useast.e-volution.ai tcp
US 50.31.142.159:443 b1sync.zemanta.com tcp
NL 142.251.36.34:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 ib.adnxs.com udp
CA 185.80.39.216:443 dsum-sec.casalemedia.com tcp
NL 185.89.210.101:443 ib.adnxs.com tcp
CA 185.80.39.216:443 dsum-sec.casalemedia.com tcp
US 8.8.8.8:53 dsp.adkernel.com udp
US 174.137.133.49:443 dsp.adkernel.com tcp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 8.8.8.8:53 d5p.de17a.com udp
US 8.8.8.8:53 a.rfihub.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
SE 213.155.156.185:443 d5p.de17a.com tcp
DE 51.89.9.253:443 onetag-sys.com tcp
NL 193.0.160.130:443 a.rfihub.com tcp
US 8.8.8.8:53 fw.adsafeprotected.com udp
US 8.8.8.8:53 s0.2mdn.net udp
NL 142.250.179.134:443 s0.2mdn.net tcp
US 54.86.48.49:443 fw.adsafeprotected.com tcp
US 50.31.142.159:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 dsp.adfarm1.adition.com udp
US 8.8.8.8:53 gcm.ctnsnet.com udp
US 8.8.8.8:53 s.uuidksinc.net udp
US 8.8.8.8:53 match.adsby.bidtheatre.com udp
DE 85.114.159.118:443 dsp.adfarm1.adition.com tcp
NL 188.166.17.21:443 match.adsby.bidtheatre.com tcp
NL 31.220.27.135:443 s.uuidksinc.net tcp
US 50.31.142.159:443 b1sync.zemanta.com tcp
US 35.186.193.173:443 gcm.ctnsnet.com tcp
US 8.8.8.8:53 34.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 140.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 105.87.72.54.in-addr.arpa udp
US 8.8.8.8:53 90.21.88.77.in-addr.arpa udp
US 8.8.8.8:53 139.201.3.52.in-addr.arpa udp
US 8.8.8.8:53 174.89.200.34.in-addr.arpa udp
US 8.8.8.8:53 49.133.137.174.in-addr.arpa udp
US 8.8.8.8:53 159.142.31.50.in-addr.arpa udp
US 8.8.8.8:53 216.39.80.185.in-addr.arpa udp
US 8.8.8.8:53 101.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 130.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 253.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 185.156.155.213.in-addr.arpa udp
US 8.8.8.8:53 134.179.250.142.in-addr.arpa udp
US 50.31.142.159:443 b1sync.zemanta.com tcp
NL 142.250.179.134:443 s0.2mdn.net udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
NL 142.250.179.162:443 googleads4.g.doubleclick.net tcp
US 8.8.8.8:53 pm.w55c.net udp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 tr.blismedia.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
CH 185.29.132.245:443 sync.mathtag.com tcp
US 34.96.105.8:443 tr.blismedia.com tcp
US 35.153.76.238:443 pm.w55c.net tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 static.adsafeprotected.com udp
US 8.8.8.8:53 dt.adsafeprotected.com udp
US 52.38.248.249:443 dt.adsafeprotected.com tcp
US 52.38.248.249:443 dt.adsafeprotected.com tcp
US 52.38.248.249:443 dt.adsafeprotected.com tcp
US 18.65.39.66:443 static.adsafeprotected.com tcp
US 8.8.8.8:53 ad.turn.com udp
US 35.186.193.173:443 gcm.ctnsnet.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 c1.adform.net udp
NL 46.228.164.11:443 ad.turn.com tcp
DE 35.157.169.142:443 x.bidswitch.net tcp
DK 37.157.3.20:443 c1.adform.net tcp
US 8.8.8.8:53 21.17.166.188.in-addr.arpa udp
US 8.8.8.8:53 118.159.114.85.in-addr.arpa udp
US 8.8.8.8:53 135.27.220.31.in-addr.arpa udp
US 8.8.8.8:53 49.48.86.54.in-addr.arpa udp
US 8.8.8.8:53 173.193.186.35.in-addr.arpa udp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 8.105.96.34.in-addr.arpa udp
US 8.8.8.8:53 245.132.29.185.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 238.76.153.35.in-addr.arpa udp
US 8.8.8.8:53 66.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 249.248.38.52.in-addr.arpa udp
US 8.8.8.8:53 ads.avct.cloud udp
IE 52.214.255.2:443 ads.avct.cloud tcp
NL 142.250.179.162:443 googleads4.g.doubleclick.net udp
US 2.18.121.80:80 www.msftncsi.com tcp
US 8.8.8.8:53 11.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 142.169.157.35.in-addr.arpa udp
US 8.8.8.8:53 20.3.157.37.in-addr.arpa udp
US 8.8.8.8:53 2.255.214.52.in-addr.arpa udp
US 8.8.8.8:53 ade.googlesyndication.com udp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.71:80 www.msftncsi.com tcp
US 8.8.8.8:53 71.121.18.2.in-addr.arpa udp
US 2.18.121.71:80 www.msftncsi.com tcp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.80:80 www.msftncsi.com tcp
US 2.18.121.80:80 www.msftncsi.com tcp
US 192.178.48.227:443 beacons.gcp.gvt2.com udp
NL 142.250.179.141:443 accounts.google.com udp
NL 142.250.179.142:443 google.com udp
US 8.8.8.8:53 e2cs47.gcp.gvt2.com udp
US 8.8.8.8:53 e2c33.gcp.gvt2.com udp
US 35.209.229.224:443 e2cs47.gcp.gvt2.com tcp
JP 35.213.86.143:443 e2c33.gcp.gvt2.com tcp
JP 35.213.86.143:443 e2c33.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
US 192.178.49.195:443 beacons.gvt2.com tcp
US 8.8.8.8:53 224.229.209.35.in-addr.arpa udp
US 8.8.8.8:53 143.86.213.35.in-addr.arpa udp
US 8.8.8.8:53 195.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 gamebanana.com udp
US 104.26.9.16:443 gamebanana.com tcp
US 104.26.9.16:443 gamebanana.com tcp
US 8.8.8.8:53 config.playwire.com udp
US 8.8.8.8:53 cdn.intergi.com udp
US 8.8.8.8:53 cdn.intergient.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 webfiles.gamebanana.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 images.gamebanana.com udp
NL 52.222.139.23:443 cdn.intergient.com tcp
NL 52.222.139.23:443 cdn.intergient.com tcp
US 172.67.70.134:443 btloader.com tcp
NL 142.251.36.42:443 ajax.googleapis.com tcp
NL 142.251.36.42:443 ajax.googleapis.com tcp
NL 108.156.60.40:443 config.playwire.com tcp
NL 52.222.139.23:443 cdn.intergient.com tcp
NL 52.222.139.59:443 cdn.intergi.com tcp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 209.222.98.196:443 images.gamebanana.com tcp
US 209.222.98.196:443 images.gamebanana.com tcp
US 209.222.98.196:443 images.gamebanana.com tcp
US 209.222.98.196:443 images.gamebanana.com tcp
US 209.222.98.196:443 images.gamebanana.com tcp
US 209.222.98.196:443 images.gamebanana.com tcp
US 104.194.11.17:443 images.gamebanana.com tcp
US 104.194.11.17:443 images.gamebanana.com tcp
US 35.244.159.8:443 us-u.openx.net tcp
NL 104.126.125.209:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 16.9.26.104.in-addr.arpa udp
US 35.244.159.8:443 us-u.openx.net tcp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
NL 185.29.134.248:443 sync.mathtag.com tcp
NL 104.80.228.197:443 ads.pubmatic.com tcp
GB 96.16.108.246:443 acdn.adnxs.com tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 z.moatads.com udp
US 8.8.8.8:53 cdn.video.playwire.com udp
US 52.46.155.104:443 s.amazon-adsystem.com tcp
NL 104.80.229.151:443 z.moatads.com tcp
US 8.8.8.8:53 cdn.playwire.com udp
NL 108.156.60.120:443 cdn.video.playwire.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
DE 172.217.23.194:443 securepubads.g.doubleclick.net tcp
NL 52.222.139.24:443 cdn.playwire.com tcp
US 8.8.8.8:53 ad-delivery.net udp
DE 172.217.23.194:443 securepubads.g.doubleclick.net tcp
NL 52.222.139.59:443 cdn.intergi.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
NL 142.250.102.156:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
DE 172.217.23.194:443 securepubads.g.doubleclick.net udp
DE 172.217.23.194:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 secure.quantserve.com udp
US 8.8.8.8:53 23.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 134.70.67.172.in-addr.arpa udp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 40.60.156.108.in-addr.arpa udp
SG 103.229.10.247:443 secure.quantserve.com tcp
US 8.8.8.8:53 59.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 209.125.126.104.in-addr.arpa udp
US 8.8.8.8:53 196.98.222.209.in-addr.arpa udp
US 8.8.8.8:53 17.11.194.104.in-addr.arpa udp
US 8.8.8.8:53 248.134.29.185.in-addr.arpa udp
US 8.8.8.8:53 197.228.80.104.in-addr.arpa udp
US 8.8.8.8:53 246.108.16.96.in-addr.arpa udp
US 8.8.8.8:53 151.229.80.104.in-addr.arpa udp
US 8.8.8.8:53 120.60.156.108.in-addr.arpa udp
US 8.8.8.8:53 104.155.46.52.in-addr.arpa udp
US 8.8.8.8:53 198.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 70.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 156.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 24.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
NL 108.156.60.40:443 config.playwire.com tcp
NL 104.80.229.151:443 z.moatads.com tcp
US 8.8.8.8:53 predicted-price-floor.playwire.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
SG 103.229.10.247:443 secure.quantserve.com tcp
NL 65.9.86.8:443 predicted-price-floor.playwire.com tcp
NL 52.222.139.35:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
NL 142.250.179.206:443 fundingchoicesmessages.google.com tcp
US 104.194.11.17:443 images.gamebanana.com tcp
US 104.194.11.17:443 images.gamebanana.com tcp
US 104.194.11.17:443 images.gamebanana.com tcp
US 104.194.11.17:443 images.gamebanana.com tcp
US 8.8.8.8:53 mb.moatads.com udp
SG 18.138.3.202:443 mb.moatads.com tcp
US 8.8.8.8:53 ps.eyeota.net udp
SG 54.251.140.206:443 ps.eyeota.net tcp
NL 142.250.179.206:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
NL 178.250.1.3:443 static.criteo.net tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
NL 142.250.179.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 247.10.229.103.in-addr.arpa udp
US 8.8.8.8:53 8.86.9.65.in-addr.arpa udp
US 8.8.8.8:53 35.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 202.3.138.18.in-addr.arpa udp
SG 54.251.234.207:443 bcp.crwdcntrl.net tcp
NL 52.222.139.24:443 cdn.playwire.com tcp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 172.64.152.222:443 cdn-ima.33across.com tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
US 8.8.8.8:53 rules.quantcount.com udp
US 18.65.39.30:443 rules.quantcount.com tcp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 206.140.251.54.in-addr.arpa udp
US 8.8.8.8:53 222.152.64.172.in-addr.arpa udp
US 8.8.8.8:53 207.234.251.54.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 30.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 esp.rtbhouse.com udp
US 35.190.39.111:443 esp.rtbhouse.com tcp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 gumi.criteo.com udp
DE 141.95.98.65:443 id5-sync.com tcp
SG 182.161.73.136:443 gumi.criteo.com tcp
US 35.190.39.111:443 esp.rtbhouse.com udp
DE 141.95.98.65:443 id5-sync.com tcp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 fid.agkn.com udp
SG 52.76.166.242:443 id.crwdcntrl.net tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 pixel.quantserve.com udp
US 34.160.46.1:443 fid.agkn.com tcp
NL 52.222.136.109:443 c.amazon-adsystem.com tcp
NL 142.251.36.34:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 match.adsrvr.org udp
SG 182.161.73.136:443 gumi.criteo.com tcp
US 8.8.8.8:53 cms.analytics.yahoo.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 111.39.190.35.in-addr.arpa udp
US 8.8.8.8:53 65.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 1.46.160.34.in-addr.arpa udp
US 8.8.8.8:53 109.136.222.52.in-addr.arpa udp
SG 54.251.140.206:443 ps.eyeota.net tcp
US 8.8.8.8:53 px.moatads.com udp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
IE 212.82.100.182:443 cms.analytics.yahoo.com tcp
NL 185.89.210.153:443 ib.adnxs.com tcp
GB 96.16.109.251:443 px.moatads.com tcp
US 8.8.8.8:53 fingerprinter-production.herokuapp.com udp
SG 54.251.140.206:443 ps.eyeota.net tcp
US 52.5.82.174:443 fingerprinter-production.herokuapp.com tcp
NL 52.222.136.109:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 script.4dex.io udp
US 18.65.37.219:443 aax.amazon-adsystem.com tcp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 104.26.9.169:443 script.4dex.io tcp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 104.18.3.114:443 mp.4dex.io tcp
US 8.8.8.8:53 apex.go.sonobi.com udp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
US 8.8.8.8:53 g2.gumgum.com udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 ads.servenobid.com udp
JP 52.194.171.158:443 g2.gumgum.com tcp
JP 52.194.171.158:443 g2.gumgum.com tcp
JP 52.194.171.158:443 g2.gumgum.com tcp
JP 52.194.171.158:443 g2.gumgum.com tcp
JP 52.194.171.158:443 g2.gumgum.com tcp
JP 52.194.171.158:443 g2.gumgum.com tcp
US 8.8.8.8:53 rtb.openx.net udp
US 104.18.24.185:443 htlb.casalemedia.com tcp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
IE 52.30.65.194:443 ads.servenobid.com tcp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 35.186.253.211:443 rtb.openx.net tcp
DE 3.70.80.231:443 btlr.sharethrough.com tcp
DE 3.70.80.231:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 hb.yellowblue.io udp
DE 3.70.80.231:443 btlr.sharethrough.com tcp
DE 3.70.80.231:443 btlr.sharethrough.com tcp
DE 3.70.80.231:443 btlr.sharethrough.com tcp
DE 3.70.80.231:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 tlx.3lift.com udp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
DE 18.192.234.196:443 tlx.3lift.com tcp
IE 54.76.77.238:443 hb.yellowblue.io tcp
FR 23.39.253.208:443 secure.cdn.fastclick.net tcp
FR 23.39.253.208:443 secure.cdn.fastclick.net tcp
US 104.26.9.169:443 script.4dex.io tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 67.220.226.232:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 153.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 136.73.161.182.in-addr.arpa udp
US 8.8.8.8:53 119.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 182.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 251.109.16.96.in-addr.arpa udp
US 8.8.8.8:53 242.166.76.52.in-addr.arpa udp
US 8.8.8.8:53 174.82.5.52.in-addr.arpa udp
US 8.8.8.8:53 219.37.65.18.in-addr.arpa udp
US 8.8.8.8:53 169.9.26.104.in-addr.arpa udp
US 8.8.8.8:53 231.149.71.3.in-addr.arpa udp
US 8.8.8.8:53 114.3.18.104.in-addr.arpa udp
US 8.8.8.8:53 21.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 185.24.18.104.in-addr.arpa udp
US 8.8.8.8:53 211.253.186.35.in-addr.arpa udp
US 8.8.8.8:53 194.65.30.52.in-addr.arpa udp
US 8.8.8.8:53 8.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 231.80.70.3.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 196.234.192.18.in-addr.arpa udp
US 8.8.8.8:53 208.253.39.23.in-addr.arpa udp
US 8.8.8.8:53 232.226.220.67.in-addr.arpa udp
US 8.8.8.8:53 238.77.76.54.in-addr.arpa udp
US 8.8.8.8:53 158.171.194.52.in-addr.arpa udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 s.ad.smaato.net udp
DE 51.89.9.253:443 onetag-sys.com tcp
US 50.31.142.159:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 rtb.gumgum.com udp
US 35.244.159.8:443 us-u.openx.net tcp
NL 104.80.228.197:443 ads.pubmatic.com tcp
US 8.8.8.8:53 sync-amz.ads.yieldmo.com udp
NL 104.126.125.209:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 eb2.3lift.com udp
US 13.248.245.213:443 eb2.3lift.com tcp
JP 54.95.221.161:443 match.prod.bidr.io tcp
CA 185.80.39.216:443 ssum-sec.casalemedia.com tcp
US 3.227.148.228:443 cs-server-s2s.yellowblue.io tcp
NL 52.222.139.37:443 s.ad.smaato.net tcp
SG 13.250.187.90:443 sync-amz.ads.yieldmo.com tcp
JP 54.95.221.161:443 match.prod.bidr.io tcp
SG 13.250.187.90:443 sync-amz.ads.yieldmo.com tcp
US 35.244.159.8:443 us-u.openx.net udp
US 8.8.8.8:53 213.245.248.13.in-addr.arpa udp
US 8.8.8.8:53 37.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 cec69a122a124fd58f7c3c73f35f9c91.safeframe.googlesyndication.com udp
US 8.8.8.8:53 228.148.227.3.in-addr.arpa udp
US 8.8.8.8:53 161.221.95.54.in-addr.arpa udp
NL 142.250.179.161:443 cec69a122a124fd58f7c3c73f35f9c91.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 ats.rlcdn.com udp
NL 13.227.219.68:443 ats.rlcdn.com tcp
NL 142.250.179.206:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 52.46.155.104:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 geo.privacymanager.io udp
US 8.8.8.8:53 p.rfihub.com udp
CA 185.80.39.216:443 dsum-sec.casalemedia.com tcp
NL 193.0.160.130:443 p.rfihub.com tcp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
US 8.8.8.8:53 secure.adnxs.com udp
NL 52.222.139.95:443 geo.privacymanager.io tcp
US 8.8.8.8:53 dmp.brand-display.com udp
NL 63.215.202.146:443 proc.ad.cpe.dotomi.com tcp
DE 37.252.173.215:443 secure.adnxs.com tcp
US 34.111.151.213:443 dmp.brand-display.com tcp
CA 185.80.39.216:443 dsum-sec.casalemedia.com tcp
US 104.18.24.185:443 htlb.casalemedia.com udp
US 35.186.253.211:443 rtb.openx.net udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 8.8.8.8:53 cdn.ampproject.org udp
NL 142.251.36.1:443 tpc.googlesyndication.com udp
NL 142.250.179.161:443 cdn.ampproject.org tcp
NL 142.250.179.161:443 cdn.ampproject.org tcp
NL 142.250.179.161:443 cdn.ampproject.org tcp
NL 142.250.179.161:443 cdn.ampproject.org tcp
NL 142.250.179.161:443 cdn.ampproject.org tcp
US 8.8.8.8:53 161.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 68.219.227.13.in-addr.arpa udp
US 8.8.8.8:53 95.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 146.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 215.173.252.37.in-addr.arpa udp
US 8.8.8.8:53 213.151.111.34.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
NL 142.251.39.98:443 www.googletagservices.com udp
US 8.8.8.8:53 oajs.openx.net udp
NL 142.250.179.162:443 googleads4.g.doubleclick.net udp
NL 142.250.179.134:443 s0.2mdn.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 34.120.107.143:443 oajs.openx.net tcp
US 8.8.8.8:53 cms.quantserve.com udp
US 8.8.8.8:53 a.tribalfusion.com udp
US 8.8.8.8:53 um.simpli.fi udp
US 8.8.8.8:53 dis.criteo.com udp
US 50.31.142.159:443 b1sync.zemanta.com tcp
FR 178.250.7.11:443 dis.criteo.com tcp
US 104.18.25.173:443 a.tribalfusion.com tcp
NL 35.204.158.49:443 um.simpli.fi tcp
US 8.8.8.8:53 widget.as.criteo.com udp
US 50.31.142.159:443 b1sync.zemanta.com tcp
SG 182.161.73.146:443 widget.as.criteo.com tcp
US 8.8.8.8:53 s.tribalfusion.com udp
US 8.8.8.8:53 143.107.120.34.in-addr.arpa udp
US 8.8.8.8:53 11.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 173.25.18.104.in-addr.arpa udp
SG 182.161.73.146:443 widget.as.criteo.com tcp
US 8.8.8.8:53 49.158.204.35.in-addr.arpa udp
US 8.8.8.8:53 dsum.casalemedia.com udp
CA 185.80.39.216:443 dsum.casalemedia.com tcp
US 8.8.8.8:53 check.analytics.rlcdn.com udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 8.8.8.8:53 pm.w55c.net udp
US 8.8.8.8:53 x.bidswitch.net udp
DE 3.75.152.220:443 x.bidswitch.net tcp
US 52.7.42.70:443 pm.w55c.net tcp
CA 185.80.39.216:443 dsum.casalemedia.com tcp
IE 67.220.226.232:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 playwire-d.openx.net udp
US 8.8.8.8:53 sdk.streamrail.com udp
GB 96.16.108.246:443 acdn.adnxs.com tcp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 public.servenobid.com udp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 pixel.mathtag.com udp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 80.77.87.163:443 cs.admanmedia.com tcp
US 8.8.8.8:53 146.73.161.182.in-addr.arpa udp
US 8.8.8.8:53 220.152.75.3.in-addr.arpa udp
US 8.8.8.8:53 70.42.7.52.in-addr.arpa udp
US 18.65.39.15:443 public.servenobid.com tcp
NL 213.19.162.90:443 pixel.rubiconproject.com tcp
NL 13.227.219.110:443 sdk.streamrail.com tcp
NL 173.223.112.197:443 pixel.mathtag.com tcp
NL 13.227.219.110:443 sdk.streamrail.com tcp
US 18.65.39.15:443 public.servenobid.com tcp
NL 173.223.112.197:443 pixel.mathtag.com tcp
NL 213.19.162.90:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 r.scoota.co udp
US 8.8.8.8:53 match.justpremium.com udp
US 8.8.8.8:53 green.erne.co udp
IE 52.48.51.220:443 r.scoota.co tcp
NL 46.228.164.11:443 ad.turn.com tcp
IE 54.72.87.105:443 pr-bh.ybp.yahoo.com tcp
FR 141.95.172.216:443 green.erne.co tcp
US 44.239.208.236:443 match.justpremium.com tcp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 8.8.8.8:53 c.bing.com udp
US 44.239.208.236:443 match.justpremium.com tcp
US 204.79.197.200:443 c.bing.com tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 8.8.8.8:53 sync.go.sonobi.com udp
US 69.166.1.10:443 sync.go.sonobi.com tcp
US 8.8.8.8:53 stags.bluekai.com udp
US 8.8.8.8:53 sync.teads.tv udp
NL 173.223.113.181:443 stags.bluekai.com tcp
NL 173.223.113.34:443 sync.teads.tv tcp
US 8.8.8.8:53 match.sharethrough.com udp
NL 173.223.113.34:443 sync.teads.tv tcp
US 8.8.8.8:53 image6.pubmatic.com udp
US 8.8.8.8:53 ice.360yield.com udp
US 8.8.8.8:53 ce.lijit.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 69.166.1.10:443 sync.go.sonobi.com tcp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 ssp.disqus.com udp
US 8.8.8.8:53 hbx.media.net udp
GB 185.64.190.78:443 image6.pubmatic.com tcp
GB 185.64.190.78:443 image6.pubmatic.com tcp
SG 52.77.145.66:443 match.sharethrough.com tcp
SG 52.77.145.66:443 match.sharethrough.com tcp
SG 52.77.145.66:443 match.sharethrough.com tcp
NL 216.52.2.16:443 ap.lijit.com tcp
NL 216.52.2.91:443 ap.lijit.com tcp
US 8.8.8.8:53 163.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 15.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 90.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 110.219.227.13.in-addr.arpa udp
US 8.8.8.8:53 197.112.223.173.in-addr.arpa udp
US 8.8.8.8:53 216.172.95.141.in-addr.arpa udp
US 8.8.8.8:53 220.51.48.52.in-addr.arpa udp
US 8.8.8.8:53 236.208.239.44.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 10.1.166.69.in-addr.arpa udp
US 147.28.129.37:443 prebid.a-mo.net tcp
US 199.127.204.142:443 sync.1rx.io tcp
SG 54.255.221.127:443 ice.360yield.com tcp
GB 23.44.232.24:443 hbx.media.net tcp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
SG 52.77.145.66:443 match.sharethrough.com tcp
SG 54.255.221.127:443 ice.360yield.com tcp
US 8.8.8.8:53 bh.contextweb.com udp
US 199.127.204.142:443 sync.1rx.io tcp
US 147.28.129.37:443 prebid.a-mo.net tcp
GB 23.44.232.24:443 hbx.media.net tcp
US 8.8.8.8:53 sync.outbrain.com udp
US 8.8.8.8:53 sync.ipredictive.com udp
US 8.8.8.8:53 sync.technoratimedia.com udp
US 8.8.8.8:53 match.deepintent.com udp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 csync.loopme.me udp
CA 185.80.39.216:443 dsum.casalemedia.com tcp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 199.127.204.142:443 sync.1rx.io tcp
US 199.127.204.142:443 sync.1rx.io tcp
SG 52.77.145.66:443 match.sharethrough.com tcp
US 52.21.11.19:443 ssp.disqus.com tcp
SG 52.77.145.66:443 match.sharethrough.com tcp
US 52.20.224.27:443 sync.srv.stackadapt.com tcp
US 50.31.142.255:443 sync.outbrain.com tcp
US 198.148.27.140:443 bh.contextweb.com tcp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 ads.yieldmo.com udp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 token.rubiconproject.com udp
US 54.172.162.57:443 sync.ipredictive.com tcp
US 193.122.130.38:443 sync.technoratimedia.com tcp
US 8.8.8.8:53 kinesis.us-east-1.amazonaws.com udp
US 2.18.121.71:443 ads.stickyadstv.com tcp
NL 35.214.235.85:443 csync.loopme.me tcp
US 67.202.105.23:443 ssc-cms.33across.com tcp
NL 213.19.162.90:443 pixel.rubiconproject.com tcp
FR 185.86.138.153:443 ssbsync.smartadserver.com tcp
FR 185.86.138.153:443 ssbsync.smartadserver.com tcp
US 8.18.47.7:443 match.deepintent.com tcp
NL 173.223.112.20:443 contextual.media.net tcp
SG 18.138.93.67:443 ads.yieldmo.com tcp
US 8.8.8.8:53 181.113.223.173.in-addr.arpa udp
US 8.8.8.8:53 34.113.223.173.in-addr.arpa udp
US 8.8.8.8:53 78.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 66.145.77.52.in-addr.arpa udp
US 8.8.8.8:53 16.2.52.216.in-addr.arpa udp
US 8.8.8.8:53 91.2.52.216.in-addr.arpa udp
US 8.8.8.8:53 24.232.44.23.in-addr.arpa udp
IE 52.51.52.84:443 dpm.demdex.net tcp
US 8.8.8.8:53 www.msftncsi.com udp
US 3.227.250.254:443 kinesis.us-east-1.amazonaws.com tcp
FR 185.86.138.153:443 ssbsync.smartadserver.com tcp
CA 185.80.39.216:443 dsum.casalemedia.com tcp
US 67.202.105.23:443 ssc-cms.33across.com tcp
SG 18.138.93.67:443 ads.yieldmo.com tcp
IE 52.51.52.84:443 dpm.demdex.net tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 cs-rtb.minutemedia-prebid.com udp
US 8.8.8.8:53 ad-cdn.technoratimedia.com udp
US 8.8.8.8:53 sync.adkernel.com udp
NL 52.222.139.106:443 cs-rtb.minutemedia-prebid.com tcp
US 2.18.121.71:80 www.msftncsi.com tcp
US 152.199.22.191:443 ad-cdn.technoratimedia.com tcp
NL 104.98.130.104:443 secure-assets.rubiconproject.com tcp
US 69.166.1.10:443 sync.go.sonobi.com tcp
US 8.8.8.8:53 cs.iqzone.com udp
US 8.8.8.8:53 sync.search.spotxchange.com udp
NL 185.29.134.248:443 sync.mathtag.com tcp
US 104.18.25.173:443 s.tribalfusion.com udp
NL 104.98.130.104:443 secure-assets.rubiconproject.com tcp
NL 77.245.57.72:443 sync.adkernel.com tcp
NL 77.245.57.72:443 sync.adkernel.com tcp
US 8.2.111.13:443 cs.iqzone.com tcp
NL 185.94.180.125:443 sync.search.spotxchange.com tcp
JP 13.112.54.241:443 usersync.gumgum.com tcp
JP 13.112.54.241:443 usersync.gumgum.com tcp
JP 13.112.54.241:443 usersync.gumgum.com tcp
NL 213.19.162.90:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 cs.yellowblue.io udp
US 8.8.8.8:53 tg.socdm.com udp
US 8.8.8.8:53 creativecdn.com udp
NL 104.98.130.104:443 secure-assets.rubiconproject.com tcp
US 8.8.8.8:53 image8.pubmatic.com udp
JP 202.241.208.55:443 tg.socdm.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
GB 185.64.190.79:443 image8.pubmatic.com tcp
IE 52.215.241.149:443 cs.yellowblue.io tcp
US 8.2.111.13:443 cs.iqzone.com tcp
JP 13.112.54.241:443 usersync.gumgum.com tcp
US 8.8.8.8:53 d.turn.com udp
NL 46.228.164.13:443 d.turn.com tcp
JP 13.112.54.241:443 usersync.gumgum.com tcp
JP 13.112.54.241:443 usersync.gumgum.com tcp
JP 202.241.208.55:443 tg.socdm.com tcp
IE 67.220.226.232:443 aax-eu.amazon-adsystem.com tcp
IE 52.215.241.149:443 cs.yellowblue.io tcp
NL 185.89.210.153:443 ib.adnxs.com tcp
US 8.8.8.8:53 37.129.28.147.in-addr.arpa udp
US 8.8.8.8:53 142.204.127.199.in-addr.arpa udp
US 8.8.8.8:53 140.27.148.198.in-addr.arpa udp
US 8.8.8.8:53 19.11.21.52.in-addr.arpa udp
US 8.8.8.8:53 27.224.20.52.in-addr.arpa udp
US 8.8.8.8:53 255.142.31.50.in-addr.arpa udp
US 8.8.8.8:53 85.235.214.35.in-addr.arpa udp
US 8.8.8.8:53 20.112.223.173.in-addr.arpa udp
US 8.8.8.8:53 153.138.86.185.in-addr.arpa udp
US 8.8.8.8:53 127.221.255.54.in-addr.arpa udp
US 8.8.8.8:53 57.162.172.54.in-addr.arpa udp
US 8.8.8.8:53 38.130.122.193.in-addr.arpa udp
US 8.8.8.8:53 7.47.18.8.in-addr.arpa udp
US 8.8.8.8:53 23.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 84.52.51.52.in-addr.arpa udp
US 8.8.8.8:53 254.250.227.3.in-addr.arpa udp
US 8.8.8.8:53 67.93.138.18.in-addr.arpa udp
US 8.8.8.8:53 106.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 191.22.199.152.in-addr.arpa udp
US 8.8.8.8:53 104.130.98.104.in-addr.arpa udp
US 8.8.8.8:53 72.57.245.77.in-addr.arpa udp
US 8.8.8.8:53 125.180.94.185.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 149.241.215.52.in-addr.arpa udp
US 8.8.8.8:53 79.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 241.54.112.13.in-addr.arpa udp
US 8.8.8.8:53 13.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 55.208.241.202.in-addr.arpa udp
NL 104.126.125.209:443 eus.rubiconproject.com tcp
NL 104.126.125.209:443 eus.rubiconproject.com tcp
SG 54.251.140.206:443 ps.eyeota.net tcp
SG 54.251.140.206:443 ps.eyeota.net tcp
US 8.8.8.8:53 dis.eu.criteo.com udp
FR 178.250.7.11:443 dis.eu.criteo.com tcp
US 8.8.8.8:53 pixel.tapad.com udp
US 34.111.113.62:443 pixel.tapad.com tcp
US 34.111.113.62:443 pixel.tapad.com udp
NL 216.52.2.16:443 ap.lijit.com tcp
NL 216.52.2.16:443 ap.lijit.com tcp
US 69.166.1.10:443 sync.go.sonobi.com tcp
US 8.8.8.8:53 62.113.111.34.in-addr.arpa udp
US 8.8.8.8:53 pixel-eu.onaudience.com udp
FR 141.94.171.214:443 pixel-eu.onaudience.com tcp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 199.127.204.142:443 sync.1rx.io tcp
NL 35.214.235.85:443 csync.loopme.me tcp
CA 185.80.39.216:443 dsum.casalemedia.com tcp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 id.rlcdn.com udp
FR 185.86.138.153:443 ssbsync-global.smartadserver.com tcp
US 35.190.60.146:443 id.rlcdn.com tcp
NL 213.19.162.90:443 pixel.rubiconproject.com tcp
NL 185.89.210.153:443 ib.adnxs.com tcp
FR 185.86.138.153:443 ssbsync-global.smartadserver.com tcp
US 8.8.8.8:53 image4.pubmatic.com udp
US 8.43.72.97:443 pixel-us-east.rubiconproject.com tcp
US 8.43.72.97:443 pixel-us-east.rubiconproject.com tcp
NL 198.47.127.20:443 image4.pubmatic.com tcp
US 35.190.60.146:443 id.rlcdn.com udp
US 8.8.8.8:53 simage2.pubmatic.com udp
NL 198.47.127.205:443 simage2.pubmatic.com tcp
US 8.8.8.8:53 214.171.94.141.in-addr.arpa udp
US 8.8.8.8:53 146.60.190.35.in-addr.arpa udp
US 8.8.8.8:53 20.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 97.72.43.8.in-addr.arpa udp
US 8.8.8.8:53 cr.frontend.weborama.fr udp
US 8.8.8.8:53 a.audrte.com udp
US 54.84.97.211:443 a.audrte.com tcp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
US 8.8.8.8:53 sync.targeting.unrulymedia.com udp
US 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
DE 85.114.159.118:443 dsp.adfarm1.adition.com tcp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
FR 185.86.138.152:443 rtb-csync.smartadserver.com tcp
FR 185.86.138.152:443 rtb-csync.smartadserver.com tcp
FR 185.86.138.152:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 casale-match.dotomi.com udp
CA 185.80.39.216:443 dsum.casalemedia.com tcp
FR 185.86.138.152:443 rtb-csync.smartadserver.com tcp
CA 185.80.39.216:443 dsum.casalemedia.com tcp
CA 185.80.39.216:443 dsum.casalemedia.com tcp
NL 64.158.223.137:443 casale-match.dotomi.com tcp
US 8.8.8.8:53 a.sportradarserving.com udp
US 35.211.233.246:443 a.sportradarserving.com tcp
NL 77.245.57.72:443 sync.adkernel.com tcp
US 8.8.8.8:53 image2.pubmatic.com udp
US 8.8.8.8:53 205.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 221.129.111.34.in-addr.arpa udp
US 8.8.8.8:53 211.97.84.54.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 152.138.86.185.in-addr.arpa udp
US 8.8.8.8:53 137.223.158.64.in-addr.arpa udp
US 8.8.8.8:53 246.233.211.35.in-addr.arpa udp
US 8.8.8.8:53 uipglob.semasio.net udp
DK 77.243.51.122:443 uipglob.semasio.net tcp
US 8.8.8.8:53 trc.taboola.com udp
US 8.8.8.8:53 dmp.adform.net udp
US 8.8.8.8:53 cm.mgid.com udp
US 151.101.1.44:443 trc.taboola.com tcp
DK 37.157.6.241:443 dmp.adform.net tcp
US 104.19.135.78:443 cm.mgid.com tcp
US 50.31.142.159:443 b1sync.zemanta.com tcp
US 50.31.142.255:443 sync.outbrain.com tcp
NL 77.245.57.72:443 sync.adkernel.com tcp
US 104.19.135.78:443 cm.mgid.com udp
US 34.111.129.221:443 cr.frontend.weborama.fr udp
US 8.8.8.8:53 122.51.243.77.in-addr.arpa udp
US 8.8.8.8:53 44.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 78.135.19.104.in-addr.arpa udp
US 8.8.8.8:53 241.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 mwzeom.zeotap.com udp
US 8.8.8.8:53 pixel.onaudience.com udp
US 8.8.8.8:53 pubmatic-match.dotomi.com udp
US 8.8.8.8:53 simage4.pubmatic.com udp
FR 141.94.171.212:443 pixel.onaudience.com tcp
US 104.22.24.87:443 mwzeom.zeotap.com tcp
US 104.36.113.111:443 simage4.pubmatic.com tcp
SE 213.155.156.185:443 d5p.de17a.com tcp
US 8.8.8.8:53 i.w55c.net udp
DE 35.157.118.240:443 i.w55c.net tcp
US 8.8.8.8:53 ml314.com udp
US 34.111.234.236:443 ml314.com tcp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
NL 98.98.134.241:443 pixel-sync.sitescout.com tcp
NL 188.166.17.21:443 match.adsby.bidtheatre.com tcp
US 35.211.233.246:443 a.sportradarserving.com udp
NL 77.245.57.72:443 sync.adkernel.com tcp
US 8.8.8.8:53 aa.agkn.com udp
US 8.8.8.8:53 ads.avocet.io udp
DE 18.194.199.66:443 aa.agkn.com tcp
IE 3.252.158.15:443 ads.avocet.io tcp
US 8.8.8.8:53 ads.playground.xyz udp
US 34.102.253.54:443 ads.playground.xyz tcp
US 8.8.8.8:53 d.agkn.com udp
DE 52.57.1.132:443 d.agkn.com tcp
US 8.8.8.8:53 87.24.22.104.in-addr.arpa udp
US 8.8.8.8:53 212.171.94.141.in-addr.arpa udp
US 8.8.8.8:53 240.118.157.35.in-addr.arpa udp
US 8.8.8.8:53 236.234.111.34.in-addr.arpa udp
US 8.8.8.8:53 111.113.36.104.in-addr.arpa udp
US 8.8.8.8:53 241.134.98.98.in-addr.arpa udp
US 8.8.8.8:53 66.199.194.18.in-addr.arpa udp
US 8.8.8.8:53 15.158.252.3.in-addr.arpa udp
US 8.8.8.8:53 ads.avct.cloud udp
DE 37.252.173.215:443 secure.adnxs.com tcp
IE 46.137.186.228:443 ads.avct.cloud tcp
CA 185.80.39.216:443 dsum.casalemedia.com tcp
US 8.8.8.8:53 odr.mookie1.com udp
US 35.190.90.30:443 odr.mookie1.com tcp
US 50.31.142.255:443 sync.outbrain.com tcp
US 8.8.8.8:53 us.shb-sync.com udp
US 8.2.110.33:443 us.shb-sync.com tcp
US 8.8.8.8:53 secure.insightexpressai.com udp
FR 23.39.250.129:443 secure.insightexpressai.com tcp
US 8.8.8.8:53 ads.creative-serving.com udp
US 8.8.8.8:53 uipus.semasio.net udp
US 50.57.31.206:443 uipus.semasio.net tcp
US 3.234.11.15:443 ads.creative-serving.com tcp
US 50.57.31.206:443 uipus.semasio.net tcp
US 8.8.8.8:53 api.retargetly.com udp
US 104.22.17.141:443 api.retargetly.com tcp
US 8.8.8.8:53 54.253.102.34.in-addr.arpa udp
US 8.8.8.8:53 132.1.57.52.in-addr.arpa udp
US 8.8.8.8:53 228.186.137.46.in-addr.arpa udp
US 8.8.8.8:53 33.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 30.90.190.35.in-addr.arpa udp
US 8.8.8.8:53 129.250.39.23.in-addr.arpa udp
FR 141.94.171.212:443 pixel.onaudience.com tcp
US 54.84.97.211:443 a.audrte.com tcp
US 8.8.8.8:53 cm.adgrx.com udp
NL 63.251.232.165:443 cm.adgrx.com tcp
NL 35.214.235.85:443 csync.loopme.me tcp
US 8.8.8.8:53 cm-supply-web.gammaplatform.com udp
US 8.8.8.8:53 ipac.ctnsnet.com udp
US 8.8.8.8:53 core.iprom.net udp
SG 52.220.229.2:443 cm-supply-web.gammaplatform.com tcp
SI 195.5.165.20:443 core.iprom.net tcp
US 8.8.8.8:53 206.31.57.50.in-addr.arpa udp
US 8.8.8.8:53 15.11.234.3.in-addr.arpa udp
US 8.8.8.8:53 141.17.22.104.in-addr.arpa udp
US 8.8.8.8:53 165.232.251.63.in-addr.arpa udp
US 8.8.8.8:53 ad.mrtnsvr.com udp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
FR 141.95.172.216:443 green.erne.co tcp
FR 141.94.171.214:443 pixel.onaudience.com tcp
US 50.31.142.255:443 sync.outbrain.com tcp
US 8.8.8.8:53 t.adx.opera.com udp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 8.8.8.8:53 20.165.5.195.in-addr.arpa udp
US 8.8.8.8:53 2.229.220.52.in-addr.arpa udp
US 8.8.8.8:53 6.163.102.34.in-addr.arpa udp
US 8.8.8.8:53 matching.truffle.bid udp
DE 157.90.40.26:443 matching.truffle.bid tcp
US 8.8.8.8:53 check.analytics.rlcdn.com udp
US 188.114.96.0:443 cm.rtbsystem.com tcp
NL 13.227.219.68:443 check.analytics.rlcdn.com tcp
US 8.8.8.8:53 eyeota-match.dotomi.com udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 ws.rqtrk.eu udp
NL 89.207.16.204:443 eyeota-match.dotomi.com tcp
DE 141.95.32.69:443 ws.rqtrk.eu tcp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 26.40.90.157.in-addr.arpa udp
US 8.8.8.8:53 0.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 pippio.com udp
US 107.178.254.65:443 pippio.com tcp
US 107.178.254.65:443 pippio.com udp
FR 141.94.171.212:443 pixel.onaudience.com tcp
US 8.8.8.8:53 tags.rd.linksynergy.com udp
US 34.98.67.3:443 tags.rd.linksynergy.com tcp
US 8.8.8.8:53 prebid-server.rubiconproject.com udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
US 8.8.8.8:53 hb.minutemedia-prebid.com udp
DE 3.70.80.231:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 search.spotxchange.com udp
IE 34.251.83.76:443 hb.minutemedia-prebid.com tcp
NL 185.94.180.123:443 search.spotxchange.com tcp
US 8.8.8.8:53 204.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 69.32.95.141.in-addr.arpa udp
US 8.8.8.8:53 65.254.178.107.in-addr.arpa udp
US 8.8.8.8:53 3.67.98.34.in-addr.arpa udp
US 8.8.8.8:53 123.180.94.185.in-addr.arpa udp
US 8.8.8.8:53 76.83.251.34.in-addr.arpa udp
US 3.227.250.254:443 kinesis.us-east-1.amazonaws.com tcp
US 8.8.8.8:53 imasdk.googleapis.com udp
NL 142.250.179.170:443 imasdk.googleapis.com tcp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 170.179.250.142.in-addr.arpa udp
NL 142.250.179.170:443 imasdk.googleapis.com udp
US 8.8.8.8:53 csi.gstatic.com udp
US 69.166.1.8:443 apex.go.sonobi.com tcp
NL 185.94.180.123:443 search.spotxchange.com tcp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 tags.bluekai.com udp
US 8.8.8.8:53 thrtle.com udp
US 8.8.8.8:53 aorta.clickagy.com udp
US 3.226.27.231:443 thrtle.com tcp
US 3.231.177.242:443 aorta.clickagy.com tcp
NL 98.98.134.241:443 pixel-sync.sitescout.com tcp
US 8.8.8.8:53 231.27.226.3.in-addr.arpa udp
US 8.8.8.8:53 242.177.231.3.in-addr.arpa udp
US 8.8.8.8:53 sync.sharethis.com udp
US 8.8.8.8:53 i.liadm.com udp
US 18.208.118.220:443 i.liadm.com tcp
DE 52.29.195.46:443 sync.sharethis.com tcp
US 8.8.8.8:53 tracking.emerse.com udp
US 8.8.8.8:53 partner.mediawallahscript.com udp
BE 35.195.81.176:443 tracking.emerse.com tcp
US 52.72.67.12:443 partner.mediawallahscript.com tcp
US 8.8.8.8:53 i6.liadm.com udp
US 8.8.8.8:53 220.118.208.18.in-addr.arpa udp
US 8.8.8.8:53 46.195.29.52.in-addr.arpa udp
US 8.8.8.8:53 176.81.195.35.in-addr.arpa udp
US 8.8.8.8:53 12.67.72.52.in-addr.arpa udp
US 75.101.202.140:443 i6.liadm.com tcp
US 8.2.111.13:443 cs.iqzone.com tcp
US 8.8.8.8:53 140.202.101.75.in-addr.arpa udp
US 8.8.8.8:53 13.111.2.8.in-addr.arpa udp
US 104.194.11.17:443 images.gamebanana.com tcp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
NL 142.251.39.110:443 encrypted-tbn2.gstatic.com tcp
NL 142.251.39.110:443 encrypted-tbn2.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
NL 142.251.36.46:443 encrypted-tbn1.gstatic.com tcp
NL 142.251.36.46:443 encrypted-tbn1.gstatic.com tcp
NL 142.251.36.46:443 encrypted-tbn1.gstatic.com tcp
NL 142.251.36.46:443 encrypted-tbn1.gstatic.com tcp
NL 142.251.36.46:443 encrypted-tbn1.gstatic.com tcp
NL 142.251.36.46:443 encrypted-tbn1.gstatic.com tcp
US 8.8.8.8:53 www.minecraft.net udp
US 2.18.121.75:443 www.minecraft.net tcp
US 2.18.121.75:443 www.minecraft.net tcp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 cdnssl.clicktale.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 110.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 75.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.67:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 js.monitor.azure.com udp
NL 52.222.139.83:443 cdnssl.clicktale.net tcp
US 13.107.246.67:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 microsoftmscompoc.tt.omtrdc.net udp
NL 173.223.113.131:443 www.microsoft.com tcp
US 8.8.8.8:53 target.microsoft.com udp
US 13.107.246.68:443 js.monitor.azure.com tcp
US 8.8.8.8:53 assets.adobedtm.com udp
US 8.8.8.8:53 gamingassetstorage.blob.core.windows.net udp
GB 96.16.109.56:443 assets.adobedtm.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 20.60.178.228:443 gamingassetstorage.blob.core.windows.net tcp
NL 157.240.201.15:443 connect.facebook.net tcp
US 8.8.8.8:53 s.go-mpulse.net udp
CH 2.20.220.95:443 s.go-mpulse.net tcp
NL 185.89.210.153:443 ib.adnxs.com tcp
NL 213.19.162.21:443 fastlane.rubiconproject.com tcp
US 69.166.1.8:443 apex.go.sonobi.com tcp
DE 3.70.80.231:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 67.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 83.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 68.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 56.109.16.96.in-addr.arpa udp
US 8.8.8.8:53 15.201.240.157.in-addr.arpa udp
US 8.8.8.8:53 228.178.60.20.in-addr.arpa udp
US 8.8.8.8:53 95.220.20.2.in-addr.arpa udp
US 8.8.8.8:53 mscom.demdex.net udp
US 8.8.8.8:53 msftenterprise.sc.omtrdc.net udp
US 8.8.8.8:53 cm.everesttech.net udp
IE 52.49.74.91:443 mscom.demdex.net tcp
IE 52.214.231.213:443 cm.everesttech.net tcp
US 66.235.152.107:443 target.microsoft.com tcp
US 63.140.62.135:443 msftenterprise.sc.omtrdc.net tcp
US 8.8.8.8:53 tr.snapchat.com udp
US 35.190.43.134:443 tr.snapchat.com tcp
US 35.190.43.134:443 tr.snapchat.com tcp
NL 157.240.201.15:443 connect.facebook.net udp
US 35.190.43.134:443 tr.snapchat.com udp
US 8.8.8.8:53 91.74.49.52.in-addr.arpa udp
US 8.8.8.8:53 213.231.214.52.in-addr.arpa udp
US 8.8.8.8:53 135.62.140.63.in-addr.arpa udp
US 8.8.8.8:53 107.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 134.43.190.35.in-addr.arpa udp
US 8.8.8.8:53 c.go-mpulse.net udp
NL 173.223.112.132:443 c.go-mpulse.net tcp
US 8.8.8.8:53 w.clarity.ms udp
NL 157.240.247.35:443 www.facebook.com tcp
US 23.96.124.156:443 w.clarity.ms tcp
HK 20.205.115.81:443 c1.microsoft.com tcp
US 8.8.8.8:53 0217991b.akstat.io udp
NL 173.223.112.132:443 0217991b.akstat.io tcp
US 8.8.8.8:53 trial-eum-clientnsv4-s.akamaihd.net udp
US 8.8.8.8:53 trial-eum-clienttons-s.akamaihd.net udp
US 2.18.121.78:443 trial-eum-clientnsv4-s.akamaihd.net tcp
US 2.18.121.134:443 trial-eum-clienttons-s.akamaihd.net tcp
US 8.8.8.8:53 rtd.tubemogul.com udp
US 151.101.2.49:443 rtd.tubemogul.com tcp
US 8.8.8.8:53 ti6uodiccj4u4zelbklq-p2auj6-494162877-clientnsv4-s.akamaihd.net udp
US 8.8.8.8:53 154-61-71-13_s-2-18-121-134_ts-1686833815-clienttons-s.akamaihd.net udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 rtd-tm.everesttech.net udp
US 8.8.8.8:53 idpix.media6degrees.com udp
US 104.208.16.90:443 browser.events.data.microsoft.com tcp
US 2.18.121.77:443 ti6uodiccj4u4zelbklq-p2auj6-494162877-clientnsv4-s.akamaihd.net tcp
US 2.18.121.134:443 154-61-71-13_s-2-18-121-134_ts-1686833815-clienttons-s.akamaihd.net tcp
US 104.18.22.234:443 idpix.media6degrees.com tcp
US 8.8.8.8:53 analytics.twitter.com udp
US 104.244.42.131:443 analytics.twitter.com tcp
US 8.8.8.8:53 132.112.223.173.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 156.124.96.23.in-addr.arpa udp
US 8.8.8.8:53 81.115.205.20.in-addr.arpa udp
US 8.8.8.8:53 78.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 77.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 134.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 234.22.18.104.in-addr.arpa udp
US 8.8.8.8:53 90.16.208.104.in-addr.arpa udp
US 104.208.16.90:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 servedby.flashtalking.com udp
DE 184.24.18.42:443 servedby.flashtalking.com tcp
US 8.8.8.8:53 px.owneriq.net udp
FR 23.217.250.62:443 px.owneriq.net tcp
US 8.8.8.8:53 jadserve.postrelease.com udp
FR 23.217.250.62:443 px.owneriq.net tcp
IE 52.209.97.79:443 jadserve.postrelease.com tcp
US 8.8.8.8:53 ds.reson8.com udp
US 104.18.8.110:443 ds.reson8.com tcp
US 8.8.8.8:53 131.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 42.18.24.184.in-addr.arpa udp
US 8.8.8.8:53 62.250.217.23.in-addr.arpa udp
US 8.8.8.8:53 79.97.209.52.in-addr.arpa udp
US 8.8.8.8:53 bttrack.com udp
US 192.132.33.46:443 bttrack.com tcp
US 8.8.8.8:53 dmpsync.3lift.com udp
US 35.71.178.8:443 dmpsync.3lift.com tcp
US 8.8.8.8:53 rtb.adentifi.com udp
US 34.192.101.54:443 rtb.adentifi.com tcp
CA 185.80.39.216:443 dsum.casalemedia.com tcp
US 8.8.8.8:53 110.8.18.104.in-addr.arpa udp
US 8.8.8.8:53 8.178.71.35.in-addr.arpa udp
US 8.8.8.8:53 46.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 54.101.192.34.in-addr.arpa udp
NL 157.240.247.35:443 www.facebook.com udp
US 52.20.224.27:443 sync.srv.stackadapt.com tcp
US 104.208.16.90:443 browser.events.data.microsoft.com tcp
US 104.208.16.90:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.80:80 www.msftncsi.com tcp
US 8.8.8.8:53 ti6uodiccj4uwzelbknq-f-f249bd2f8-clientnsv4-s.akamaihd.net udp
US 104.208.16.90:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 ti6uodiccj4uwzelbkpq-f-c9cf5568b-clientnsv4-s.akamaihd.net udp
US 8.8.8.8:53 xbox.com udp
US 20.112.52.29:443 xbox.com tcp
JP 13.112.54.241:443 usersync.gumgum.com tcp
JP 13.112.54.241:443 usersync.gumgum.com tcp
US 8.8.8.8:53 www.xbox.com udp
NL 173.223.112.50:80 www.xbox.com tcp
NL 173.223.112.50:443 www.xbox.com tcp
US 8.8.8.8:53 ajax.aspnetcdn.com udp
US 8.8.8.8:53 assets-www.xbox.com udp
US 8.8.8.8:53 29.52.112.20.in-addr.arpa udp
US 8.8.8.8:53 50.112.223.173.in-addr.arpa udp
US 152.199.19.160:443 ajax.aspnetcdn.com tcp
NL 173.223.112.50:443 assets-www.xbox.com tcp
NL 173.223.112.50:443 assets-www.xbox.com tcp
NL 173.223.112.50:443 assets-www.xbox.com tcp
NL 173.223.112.50:443 assets-www.xbox.com tcp
NL 173.223.112.50:443 assets-www.xbox.com tcp
NL 173.223.112.50:443 assets-www.xbox.com tcp
NL 173.223.112.50:443 assets-www.xbox.com tcp
US 8.8.8.8:53 mem.gfx.ms udp
US 13.107.246.48:443 mem.gfx.ms tcp
US 13.107.246.68:443 js.monitor.azure.com tcp
US 8.8.8.8:53 160.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 99.113.223.173.in-addr.arpa udp
US 8.8.8.8:53 69.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 48.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 o741402.ingest.sentry.io udp
US 34.120.195.249:443 o741402.ingest.sentry.io tcp
NL 173.223.112.50:443 assets-www.xbox.com tcp
US 8.8.8.8:53 beacons2.gvt2.com udp
IN 172.217.167.163:443 beacons2.gvt2.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 20.190.160.22:443 login.microsoftonline.com tcp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
NL 20.190.160.22:443 login.microsoftonline.com tcp
US 104.208.16.90:443 browser.events.data.microsoft.com tcp
IN 172.217.167.163:443 beacons2.gvt2.com udp
US 8.8.8.8:53 163.167.217.172.in-addr.arpa udp
US 104.208.16.90:443 browser.events.data.microsoft.com tcp
US 13.107.246.48:443 mem.gfx.ms tcp
US 8.8.8.8:53 emerald.xboxservices.com udp
US 8.8.8.8:53 142.145.190.20.in-addr.arpa udp
US 13.107.246.68:443 emerald.xboxservices.com tcp
US 13.107.246.68:443 emerald.xboxservices.com tcp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 152.195.19.97:443 acctcdn.msftauth.net tcp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 13.107.246.68:443 acctcdnmsftuswe2.azureedge.net tcp
US 8.8.8.8:53 acctcdnvzeuno.azureedge.net udp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 8.8.8.8:53 185.221.229.192.in-addr.arpa udp
US 104.208.16.90:443 browser.events.data.microsoft.com tcp
US 104.208.16.90:443 browser.events.data.microsoft.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 192.178.48.227:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 97.19.195.152.in-addr.arpa udp
US 2.18.121.80:80 www.msftncsi.com tcp
NL 142.250.179.142:443 google.com udp
FI 35.217.17.196:443 e2c39.gcp.gvt2.com tcp
US 8.8.8.8:53 196.17.217.35.in-addr.arpa udp
US 8.8.8.8:53 dc.services.visualstudio.com udp
NL 13.69.106.215:443 dc.services.visualstudio.com tcp
US 192.178.49.195:443 beacons.gvt2.com udp
US 8.8.8.8:53 215.106.69.13.in-addr.arpa udp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.71:80 www.msftncsi.com tcp
NL 216.58.214.22:443 i.ytimg.com udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com udp
NL 142.251.36.34:443 googleads.g.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net udp
US 8.8.8.8:53 196.17.217.35.in-addr.arpa udp
US 66.235.152.107:443 target.microsoft.com tcp
US 8.8.8.8:53 ti6uodiccj4uwzelblaq-f-fb5166434-clientnsv4-s.akamaihd.net udp
US 23.96.124.156:443 w.clarity.ms tcp
NL 173.223.112.132:443 0217991b.akstat.io tcp
US 104.208.16.90:443 browser.events.data.microsoft.com tcp
NL 23.38.22.250:443 aka.ms tcp
NL 23.38.22.250:443 aka.ms tcp
US 8.8.8.8:53 launcher.mojang.com udp
US 13.107.246.48:443 launcher.mojang.com tcp
US 8.8.8.8:53 250.22.38.23.in-addr.arpa udp
US 2.18.121.71:80 www.msftncsi.com tcp
US 8.8.8.8:53 b7b52.playfabapi.com udp
US 20.42.151.134:443 b7b52.playfabapi.com tcp
US 8.8.8.8:53 134.151.42.20.in-addr.arpa udp
US 8.8.8.8:53 w.clarity.ms udp
US 23.96.124.156:443 w.clarity.ms tcp
US 192.178.48.227:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.71:80 www.msftncsi.com tcp
US 20.42.151.134:443 b7b52.playfabapi.com tcp
US 8.8.8.8:53 84.150.43.20.in-addr.arpa udp
IN 172.217.167.163:443 beacons2.gvt2.com udp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 42.220.44.20.in-addr.arpa udp
US 2.18.121.71:80 www.msftncsi.com tcp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 192.178.48.227:443 beacons.gcp.gvt2.com udp
NL 142.250.179.142:443 google.com udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 126.137.241.8.in-addr.arpa udp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.80:80 www.msftncsi.com tcp
US 2.18.121.80:80 www.msftncsi.com tcp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.71:80 www.msftncsi.com tcp
US 8.8.8.8:53 w.clarity.ms udp
US 23.96.124.156:443 w.clarity.ms tcp
US 192.178.48.227:443 beacons.gcp.gvt2.com udp
FI 35.217.17.196:443 e2c39.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 clients2.google.com udp
IN 172.217.167.163:443 beacons2.gvt2.com udp
GB 216.58.208.99:443 beacons3.gvt2.com tcp
NL 142.251.36.46:443 clients2.google.com udp
US 192.178.49.195:443 beacons.gvt2.com udp
GB 216.58.208.99:443 beacons3.gvt2.com udp
US 8.8.8.8:53 e2c24.gcp.gvt2.com udp
US 35.185.21.228:443 e2c24.gcp.gvt2.com tcp
US 8.8.8.8:53 99.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 228.21.185.35.in-addr.arpa udp
US 23.96.124.156:443 w.clarity.ms tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 216.58.214.22:443 i.ytimg.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 feathermc.com udp
US 104.26.10.70:443 feathermc.com tcp
US 104.26.10.70:443 feathermc.com tcp
US 2.18.121.71:80 www.msftncsi.com tcp
US 8.8.8.8:53 fonts.bunny.net udp
SI 103.180.115.2:443 fonts.bunny.net tcp
US 104.26.10.70:443 feathermc.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 images.feathercdn.net udp
US 151.101.1.229:443 cdn.jsdelivr.net udp
US 188.114.96.0:443 images.feathercdn.net tcp
US 188.114.96.0:443 images.feathercdn.net tcp
US 188.114.96.0:443 images.feathercdn.net tcp
US 188.114.96.0:443 images.feathercdn.net tcp
US 188.114.96.0:443 images.feathercdn.net tcp
SI 103.180.115.2:443 fonts.bunny.net tcp
US 8.8.8.8:53 70.10.26.104.in-addr.arpa udp
US 8.8.8.8:53 2.115.180.103.in-addr.arpa udp
SI 103.180.115.2:443 fonts.bunny.net tcp
SI 103.180.115.2:443 fonts.bunny.net tcp
US 104.26.10.70:443 feathermc.com udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 105.104.123.20.in-addr.arpa udp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.80:80 www.msftncsi.com tcp
US 8.8.8.8:53 launcher.feathercdn.net udp
US 192.178.48.227:443 beacons.gcp.gvt2.com udp
US 2.18.121.80:80 www.msftncsi.com tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.80:80 www.msftncsi.com tcp
US 192.178.49.195:443 beacons.gvt2.com udp
GB 216.58.208.99:443 beacons3.gvt2.com udp
US 8.8.8.8:53 w.clarity.ms udp
US 23.96.124.156:443 w.clarity.ms tcp
US 2.18.121.80:80 www.msftncsi.com tcp
US 8.8.8.8:53 electron-launcher.feathermc.com udp
US 104.26.11.70:443 electron-launcher.feathermc.com tcp
US 104.26.11.70:443 electron-launcher.feathermc.com udp
US 188.114.96.0:443 launcher.feathercdn.net tcp
US 8.8.8.8:53 70.11.26.104.in-addr.arpa udp
US 8.8.8.8:53 news-content-api.feathermc.com udp
US 8.8.8.8:53 play.pvplegacy.net udp
US 8.8.8.8:53 mc.roleplayhub.net udp
IN 103.180.115.9:443 news-content-api.feathermc.com tcp
US 8.8.8.8:53 play.jackpotmc.com udp
US 8.8.8.8:53 feather.zedarmc.com udp
US 135.148.38.22:25565 mc.roleplayhub.net tcp
US 31.25.11.61:25565 play.pvplegacy.net tcp
US 31.25.11.35:25565 play.jackpotmc.com tcp
US 104.143.3.74:25565 feather.zedarmc.com tcp
US 8.8.8.8:53 news.feathermc.com udp
US 8.8.8.8:53 61.11.25.31.in-addr.arpa udp
US 8.8.8.8:53 35.11.25.31.in-addr.arpa udp
US 8.8.8.8:53 22.38.148.135.in-addr.arpa udp
US 8.8.8.8:53 9.115.180.103.in-addr.arpa udp
US 8.8.8.8:53 74.3.143.104.in-addr.arpa udp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.71:80 www.msftncsi.com tcp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 signup.live.com udp
US 2.18.121.71:80 www.msftncsi.com tcp
US 20.42.151.134:443 b7b52.playfabapi.com tcp
US 20.42.151.134:443 b7b52.playfabapi.com tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.189.173.13:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 13.173.189.20.in-addr.arpa udp
US 20.189.173.13:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 labs.google.com udp
NL 142.250.179.206:443 labs.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
US 2.18.121.80:80 www.msftncsi.com tcp
US 23.96.124.156:443 w.clarity.ms tcp
US 20.189.173.13:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 user.auth.xboxlive.com udp
IE 137.116.225.129:443 user.auth.xboxlive.com tcp
US 8.8.8.8:53 xsts.auth.xboxlive.com udp
US 52.156.147.113:443 xsts.auth.xboxlive.com tcp
US 8.8.8.8:53 129.225.116.137.in-addr.arpa udp
US 8.8.8.8:53 api.minecraftservices.com udp
US 13.107.246.48:443 api.minecraftservices.com tcp
US 8.8.8.8:53 api.feathermc.com udp
US 104.26.10.70:443 api.feathermc.com tcp
US 8.8.8.8:53 sessionserver.mojang.com udp
US 13.107.246.48:443 sessionserver.mojang.com tcp
US 8.8.8.8:53 113.147.156.52.in-addr.arpa udp
US 104.26.10.70:443 api.feathermc.com udp
US 104.26.11.70:443 api.feathermc.com tcp
US 8.8.8.8:53 crafatar.com udp
US 188.114.96.0:443 crafatar.com tcp
US 188.114.96.0:443 crafatar.com tcp
US 8.8.8.8:53 textures.minecraft.net udp
US 8.8.8.8:53 play.pvplegacy.net udp
US 31.25.11.12:25565 play.pvplegacy.net tcp
US 135.148.38.22:25565 mc.roleplayhub.net tcp
US 31.25.11.35:25565 play.jackpotmc.com tcp
US 104.143.3.74:25565 feather.zedarmc.com tcp
US 8.8.8.8:53 12.11.25.31.in-addr.arpa udp
US 8.8.8.8:53 px.moatads.com udp
GB 96.16.109.251:443 px.moatads.com tcp
US 8.8.8.8:53 csm.sg1.as.criteo.net udp
SG 182.161.73.142:443 csm.sg1.as.criteo.net tcp
SG 182.161.73.142:443 csm.sg1.as.criteo.net tcp
US 8.8.8.8:53 142.73.161.182.in-addr.arpa udp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.71:80 www.msftncsi.com tcp
NL 142.250.179.206:443 labs.google.com udp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
US 2.18.121.71:80 www.msftncsi.com tcp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.80:80 www.msftncsi.com tcp
US 8.8.8.8:53 w.clarity.ms udp
US 23.96.124.156:443 w.clarity.ms tcp
US 104.26.11.70:443 api.feathermc.com udp
US 8.8.8.8:53 play.pvplegacy.net udp
US 8.8.8.8:53 play.jackpotmc.com udp
US 135.148.38.22:25565 mc.roleplayhub.net tcp
US 31.25.11.93:25565 play.pvplegacy.net tcp
US 104.143.3.74:25565 feather.zedarmc.com tcp
US 31.25.11.35:25565 play.jackpotmc.com tcp
US 8.8.8.8:53 93.11.25.31.in-addr.arpa udp
US 2.18.121.80:80 www.msftncsi.com tcp
US 8.8.8.8:53 www.minecraft.net udp
US 2.18.121.75:443 www.minecraft.net tcp
US 2.18.121.75:443 www.minecraft.net tcp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 0217991b.akstat.io udp
NL 173.223.112.132:443 0217991b.akstat.io tcp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.71:80 www.msftncsi.com tcp
US 2.18.121.71:80 www.msftncsi.com tcp
US 8.8.8.8:53 c.go-mpulse.net udp
NL 23.206.105.140:443 c.go-mpulse.net tcp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 140.105.206.23.in-addr.arpa udp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.80:80 www.msftncsi.com tcp
US 8.8.8.8:53 w.clarity.ms udp
US 23.96.124.156:443 w.clarity.ms tcp
US 8.8.8.8:53 play.pvplegacy.net udp
US 135.148.38.22:25565 mc.roleplayhub.net tcp
US 31.25.11.35:25565 play.jackpotmc.com tcp
US 104.143.3.74:25565 feather.zedarmc.com tcp
US 31.25.11.44:25565 play.pvplegacy.net tcp
US 8.8.8.8:53 44.11.25.31.in-addr.arpa udp
US 2.18.121.80:80 www.msftncsi.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.179.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.80:80 www.msftncsi.com tcp
US 8.8.8.8:53 174.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 www.roblox.com udp
US 128.116.117.3:443 www.roblox.com tcp
US 128.116.117.3:443 www.roblox.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
DE 172.217.23.195:443 ssl.gstatic.com tcp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.117.116.128.in-addr.arpa udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 205.185.216.42:443 static.rbxcdn.com tcp
US 205.185.216.42:443 static.rbxcdn.com tcp
US 205.185.216.42:443 static.rbxcdn.com tcp
US 205.185.216.42:443 static.rbxcdn.com tcp
US 205.185.216.42:443 static.rbxcdn.com tcp
US 205.185.216.42:443 static.rbxcdn.com tcp
US 205.185.216.42:443 static.rbxcdn.com tcp
US 2.18.121.136:443 js.rbxcdn.com tcp
US 2.18.121.136:443 js.rbxcdn.com tcp
US 2.18.121.136:443 js.rbxcdn.com tcp
US 2.18.121.136:443 js.rbxcdn.com tcp
US 2.18.121.136:443 js.rbxcdn.com tcp
US 2.18.121.136:443 js.rbxcdn.com tcp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 128.116.114.3:443 roblox.com tcp
US 104.18.42.229:443 roblox-api.arkoselabs.com tcp
US 8.8.8.8:53 metrics.roblox.com udp
US 128.116.117.4:443 metrics.roblox.com tcp
US 8.8.8.8:53 195.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 42.216.185.205.in-addr.arpa udp
US 8.8.8.8:53 136.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 229.42.18.104.in-addr.arpa udp
US 8.8.8.8:53 3.114.116.128.in-addr.arpa udp
US 8.8.8.8:53 4.117.116.128.in-addr.arpa udp
US 8.8.8.8:53 apis.rbxcdn.com udp
US 2.18.121.72:443 apis.rbxcdn.com tcp
US 8.8.8.8:53 locale.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
US 205.185.216.42:443 images.rbxcdn.com tcp
US 128.116.117.4:443 apis.roblox.com tcp
US 8.8.8.8:53 auth.roblox.com udp
US 128.116.117.4:443 auth.roblox.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 8.8.8.8:53 72.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 ssl.google-analytics.com udp
NL 142.250.179.136:443 ssl.google-analytics.com tcp
US 8.8.8.8:53 136.179.250.142.in-addr.arpa udp
NL 142.250.179.206:443 labs.google.com udp
US 2.18.121.80:80 www.msftncsi.com tcp
US 8.8.8.8:53 ncs.roblox.com udp
US 128.116.117.3:443 ncs.roblox.com tcp
US 128.116.117.3:443 ncs.roblox.com tcp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 assetgame.roblox.com udp
US 8.8.8.8:53 twostepverification.roblox.com udp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.80:80 www.msftncsi.com tcp
US 8.8.8.8:53 play.pvplegacy.net udp
US 8.8.8.8:53 play.jackpotmc.com udp
US 135.148.38.22:25565 mc.roleplayhub.net tcp
US 31.25.11.35:25565 play.jackpotmc.com tcp
US 104.143.3.74:25565 feather.zedarmc.com tcp
US 31.25.11.125:25565 play.pvplegacy.net tcp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.80:80 www.msftncsi.com tcp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.71:80 www.msftncsi.com tcp
US 2.18.121.71:80 www.msftncsi.com tcp
US 8.8.8.8:53 w.clarity.ms udp
US 23.96.124.156:443 w.clarity.ms tcp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 2.18.121.78:443 static.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 8.8.8.8:53 images.rbxcdn.com udp
US 8.8.8.8:53 102.175.234.205.in-addr.arpa udp
US 2.18.121.68:443 images.rbxcdn.com tcp
US 8.8.8.8:53 realtime-signalr.roblox.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
US 8.8.8.8:53 lms.roblox.com udp
NL 216.58.214.10:443 content-autofill.googleapis.com udp
US 2.18.121.73:443 tr.rbxcdn.com tcp
US 2.18.121.73:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 chat.roblox.com udp
US 8.8.8.8:53 contacts.roblox.com udp
US 8.8.8.8:53 notifications.roblox.com udp
US 8.8.8.8:53 economy.roblox.com udp
US 8.8.8.8:53 privatemessages.roblox.com udp
US 8.8.8.8:53 friends.roblox.com udp
US 8.8.8.8:53 accountsettings.roblox.com udp
US 8.8.8.8:53 trades.roblox.com udp
US 8.8.8.8:53 cs.ns1p.net udp
US 3.136.187.136:443 cs.ns1p.net tcp
US 8.8.8.8:53 aws-ap-northeast-1d-lms.rbx.com udp
US 8.8.8.8:53 hkg1-128-116-118-3.roblox.com udp
US 8.8.8.8:53 aws-ap-east-1a-lms.rbx.com udp
US 8.8.8.8:53 lhr2-128-116-119-3.roblox.com udp
US 8.8.8.8:53 aws-us-west-2b-lms.rbx.com udp
US 8.8.8.8:53 bom1-128-116-104-4.roblox.com udp
JP 3.113.62.146:443 aws-ap-northeast-1d-lms.rbx.com tcp
HK 128.116.118.3:443 hkg1-128-116-118-3.roblox.com tcp
IN 128.116.104.4:443 bom1-128-116-104-4.roblox.com tcp
HK 18.166.232.45:443 aws-ap-east-1a-lms.rbx.com tcp
GB 128.116.119.3:443 lhr2-128-116-119-3.roblox.com tcp
US 44.235.44.172:443 aws-us-west-2b-lms.rbx.com tcp
US 8.8.8.8:53 68.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 10.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 73.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 presence.roblox.com udp
JP 3.113.62.146:443 aws-ap-northeast-1d-lms.rbx.com tcp
HK 128.116.118.3:443 hkg1-128-116-118-3.roblox.com tcp
US 8.8.8.8:53 s.ns1p.net udp
US 3.136.187.136:443 s.ns1p.net tcp
US 8.8.8.8:53 3.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 136.187.136.3.in-addr.arpa udp
US 8.8.8.8:53 4.104.116.128.in-addr.arpa udp
US 8.8.8.8:53 45.232.166.18.in-addr.arpa udp
US 8.8.8.8:53 3.118.116.128.in-addr.arpa udp
US 8.8.8.8:53 146.62.113.3.in-addr.arpa udp
US 8.8.8.8:53 rblxcdn.roblox.com udp
US 8.8.8.8:53 sjc1-128-116-117-3.roblox.com udp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.80:80 www.msftncsi.com tcp
US 8.8.8.8:53 b.ns1p.net udp
US 8.8.8.8:53 play.pvplegacy.net udp
US 8.8.8.8:53 feather.zedarmc.com udp
US 135.148.38.22:25565 mc.roleplayhub.net tcp
US 31.25.11.35:25565 play.jackpotmc.com tcp
US 104.143.3.74:25565 feather.zedarmc.com tcp
US 31.25.11.121:25565 play.pvplegacy.net tcp
US 8.8.8.8:53 121.11.25.31.in-addr.arpa udp
US 2.18.121.80:80 www.msftncsi.com tcp
US 8.8.8.8:53 followings.roblox.com udp
US 8.8.8.8:53 games.roblox.com udp
US 8.8.8.8:53 cdg1-128-116-122-3.roblox.com udp
US 8.8.8.8:53 aws-us-east-1c-lms.rbx.com udp
US 8.8.8.8:53 waw1-128-116-124-3.roblox.com udp
US 8.8.8.8:53 sea1-128-116-115-3.roblox.com udp
US 8.8.8.8:53 badges.roblox.com udp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
DE 128.116.123.3:443 fra2-128-116-123-3.roblox.com tcp
US 128.116.115.3:443 sea1-128-116-115-3.roblox.com tcp
PL 128.116.124.3:443 waw1-128-116-124-3.roblox.com tcp
US 107.20.10.178:443 aws-us-east-1c-lms.rbx.com tcp
US 8.8.8.8:53 voice.roblox.com udp
US 8.8.8.8:53 www.youtube-nocookie.com udp
US 8.8.8.8:53 3.123.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.122.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.124.116.128.in-addr.arpa udp
US 8.8.8.8:53 178.10.20.107.in-addr.arpa udp
US 8.8.8.8:53 accountinformation.roblox.com udp
NL 172.217.168.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 i.ytimg.com udp
NL 216.58.214.22:443 i.ytimg.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.251.36.1:443 yt3.ggpht.com udp
US 8.8.8.8:53 rr4---sn-aigzrnz7.googlevideo.com udp
GB 74.125.175.201:443 rr4---sn-aigzrnz7.googlevideo.com tcp
GB 74.125.175.201:443 rr4---sn-aigzrnz7.googlevideo.com tcp
US 8.8.8.8:53 202.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 201.175.125.74.in-addr.arpa udp
GB 74.125.175.201:443 rr4---sn-aigzrnz7.googlevideo.com udp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.71:80 www.msftncsi.com tcp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
US 2.18.121.71:80 www.msftncsi.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com udp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.80:80 www.msftncsi.com tcp
US 2.18.121.80:80 www.msftncsi.com tcp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.71:80 www.msftncsi.com tcp
US 2.18.121.71:80 www.msftncsi.com tcp
US 8.8.8.8:53 setup.rbxcdn.com udp
US 205.185.216.10:443 setup.rbxcdn.com tcp
US 8.8.8.8:53 10.216.185.205.in-addr.arpa udp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.71:80 www.msftncsi.com tcp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
NL 23.222.43.72:443 clientsettingscdn.roblox.com tcp
US 128.116.117.8:443 ephemeralcounters.api.roblox.com tcp
US 8.8.8.8:53 setup.rbxcdn.qq.com udp
US 8.8.8.8:53 72.43.222.23.in-addr.arpa udp
US 128.116.117.8:443 ephemeralcounters.api.roblox.com tcp
US 8.8.8.8:53 setup.rbxcdn.com udp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
US 8.8.8.8:53 setup-ak.rbxcdn.com udp
US 8.8.8.8:53 setup-ll.rbxcdn.com udp
US 8.8.8.8:53 setup-cfly.rbxcdn.com udp
US 8.8.8.8:53 setup-hw.rbxcdn.com udp
US 8.8.8.8:53 8.117.116.128.in-addr.arpa udp
US 205.185.216.10:443 setup-hw.rbxcdn.com tcp
US 8.8.8.8:53 www.minecraft.net udp
US 2.18.121.73:443 www.minecraft.net tcp
US 8.8.8.8:53 0217991b.akstat.io udp
NL 173.223.112.132:443 0217991b.akstat.io tcp
US 2.18.121.71:80 www.msftncsi.com tcp
US 8.8.8.8:53 16.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 msedge.api.cdp.microsoft.com udp
IE 20.166.2.191:443 msedge.api.cdp.microsoft.com tcp
US 8.8.8.8:53 www.msftncsi.com udp
US 8.8.8.8:53 msedge.f.tlu.dl.delivery.mp.microsoft.com udp
US 2.18.121.71:80 www.msftncsi.com tcp
NL 87.248.202.1:80 msedge.f.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 191.2.166.20.in-addr.arpa udp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
US 2.18.121.71:80 www.msftncsi.com tcp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.71:80 www.msftncsi.com tcp
US 8.8.8.8:53 c.go-mpulse.net udp
NL 173.223.112.132:443 c.go-mpulse.net tcp
US 128.116.117.8:443 ephemeralcounters.api.roblox.com tcp
NL 23.222.43.72:443 clientsettingscdn.roblox.com tcp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.80:80 www.msftncsi.com tcp
US 8.8.8.8:53 client-telemetry.roblox.com udp
US 128.116.117.3:443 client-telemetry.roblox.com tcp
US 2.18.121.80:80 www.msftncsi.com tcp
US 128.116.117.8:443 ephemeralcounters.api.roblox.com tcp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
NL 23.222.43.72:443 clientsettingscdn.roblox.com tcp
US 128.116.117.8:443 ephemeralcounters.api.roblox.com tcp
US 8.8.8.8:53 setup.rbxcdn.qq.com udp
US 128.116.117.8:443 ephemeralcounters.api.roblox.com tcp
US 8.8.8.8:53 clientsettingscdn.roblox.qq.com udp
US 8.8.8.8:53 setup.rbxcdn.com udp
US 8.8.8.8:53 clientsettingscdn.roblox.com udp
US 8.8.8.8:53 setup-ak.rbxcdn.com udp
US 8.8.8.8:53 setup-cfly.rbxcdn.com udp
US 8.8.8.8:53 setup-hw.rbxcdn.com udp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.80:80 www.msftncsi.com tcp
NL 23.222.43.72:443 clientsettingscdn.roblox.com tcp
US 128.116.117.8:443 ephemeralcounters.api.roblox.com tcp
US 8.8.8.8:53 apis.roblox.com udp
US 128.116.117.4:443 apis.roblox.com tcp
US 128.116.117.8:443 ephemeralcounters.api.roblox.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 128.116.117.3:443 client-telemetry.roblox.com tcp
US 128.116.117.4:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.80:80 www.msftncsi.com tcp
US 8.8.8.8:53 www.msftncsi.com udp
US 2.18.121.80:80 www.msftncsi.com tcp

Files

C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe

MD5 07c7857ac0338fdc449755eddac67c94
SHA1 db057f68b70c981978855a2b02d8a8a397c79b0a
SHA256 efde80da6ad11fdcd949c24ea07338a4ed1bd1dac31bc9753ac776607e9cd23a
SHA512 842e01b17306e3f6250d685d27ac67855b5db2cb79f0efc1118f33aff5029fe761941b81bbebf5294794664ee7490eba562a71cf1ab558de708555cf85166e9d

C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe

MD5 07c7857ac0338fdc449755eddac67c94
SHA1 db057f68b70c981978855a2b02d8a8a397c79b0a
SHA256 efde80da6ad11fdcd949c24ea07338a4ed1bd1dac31bc9753ac776607e9cd23a
SHA512 842e01b17306e3f6250d685d27ac67855b5db2cb79f0efc1118f33aff5029fe761941b81bbebf5294794664ee7490eba562a71cf1ab558de708555cf85166e9d

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\mbahost.dll

MD5 c59832217903ce88793a6c40888e3cae
SHA1 6d9facabf41dcf53281897764d467696780623b8
SHA256 9dfa1bc5d2ab4c652304976978749141b8c312784b05cb577f338a0aa91330db
SHA512 1b1f4cb2e3fa57cb481e28a967b19a6fefa74f3c77a3f3214a6b09e11ceb20ae428d036929f000710b4eb24a2c57d5d7dfe39661d5a1f48ee69a02d83381d1a9

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\BootstrapperCore.dll

MD5 b0d10a2a622a322788780e7a3cbb85f3
SHA1 04d90b16fa7b47a545c1133d5c0ca9e490f54633
SHA256 f2c2b3ce2df70a3206f3111391ffc7b791b32505fa97aef22c0c2dbf6f3b0426
SHA512 62b0aa09234067e67969c5f785736d92cd7907f1f680a07f6b44a1caf43bfeb2df96f29034016f3345c4580c6c9bc1b04bea932d06e53621da4fcf7b8c0a489f

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\BootstrapperCore.dll

MD5 b0d10a2a622a322788780e7a3cbb85f3
SHA1 04d90b16fa7b47a545c1133d5c0ca9e490f54633
SHA256 f2c2b3ce2df70a3206f3111391ffc7b791b32505fa97aef22c0c2dbf6f3b0426
SHA512 62b0aa09234067e67969c5f785736d92cd7907f1f680a07f6b44a1caf43bfeb2df96f29034016f3345c4580c6c9bc1b04bea932d06e53621da4fcf7b8c0a489f

memory/2432-237-0x0000000006290000-0x00000000062A8000-memory.dmp

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\BootstrapperCore.config

MD5 0c79473766c4a706b8acacbeff369bc6
SHA1 f5470d0ec6fd98403fa756d1760ddf0ecb3c5b81
SHA256 c044ee99956b0b7628f29d2c7f8d0aaaf18054156acf910915c86edbb09476aa
SHA512 991a357bcea62be7e926a9768e3cf3d399303b5cc7667bfe71c9487de289efbeaca91d98e18880125daac6b7f73b6d298bbbd2276452f155e82173ac5aac1c02

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\WixSharp Setup.exe

MD5 a1124e760bc0cbf9e261cdfe7a418832
SHA1 0795b0adf6cf467fb7942b1f7405bd0ed754a9d6
SHA256 0502f8da948a642e4db4cea611ce28dd3da8c2928d3626ce530cfafbb4d11f7a
SHA512 5ff54162d73559133b64bf35bf07da1d3ee064ce32c071caf137f9eea41d0fb30879e7835b6cf537639cd2442c9117a9cf68d4a5e89b8af5d1319b82f9f4afcb

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\WixSharp Setup.exe

MD5 a1124e760bc0cbf9e261cdfe7a418832
SHA1 0795b0adf6cf467fb7942b1f7405bd0ed754a9d6
SHA256 0502f8da948a642e4db4cea611ce28dd3da8c2928d3626ce530cfafbb4d11f7a
SHA512 5ff54162d73559133b64bf35bf07da1d3ee064ce32c071caf137f9eea41d0fb30879e7835b6cf537639cd2442c9117a9cf68d4a5e89b8af5d1319b82f9f4afcb

memory/2432-244-0x0000000006810000-0x0000000006996000-memory.dmp

memory/2432-245-0x0000000006200000-0x0000000006210000-memory.dmp

memory/2432-246-0x0000000006200000-0x0000000006210000-memory.dmp

memory/2432-247-0x0000000006200000-0x0000000006210000-memory.dmp

memory/2432-251-0x00000000067D0000-0x00000000067D8000-memory.dmp

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\ExpressVpn.Client.Setup.Shared.dll

MD5 46e1d39b4319db3517b9fa2d7d0b67c8
SHA1 33af5ab0df4b9d690fe283fb8a8bd63508f3ada3
SHA256 b509e2c677b73b4cad4f09d0c3f94724bf3fd952b3f4c24c30985636ff2ed30c
SHA512 dfedfc09ca7c1dbe611015c19464918d1b13b0f9828d504ac11598be442d61ce3ef8038f0d9c9ea0275fa5d95630e41ffe6a0bb1b0b67f955a46a858669a345e

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\ExpressVpn.Client.Setup.Shared.dll

MD5 46e1d39b4319db3517b9fa2d7d0b67c8
SHA1 33af5ab0df4b9d690fe283fb8a8bd63508f3ada3
SHA256 b509e2c677b73b4cad4f09d0c3f94724bf3fd952b3f4c24c30985636ff2ed30c
SHA512 dfedfc09ca7c1dbe611015c19464918d1b13b0f9828d504ac11598be442d61ce3ef8038f0d9c9ea0275fa5d95630e41ffe6a0bb1b0b67f955a46a858669a345e

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\Microsoft.Extensions.DependencyInjection.Abstractions.dll

MD5 405bf969e7e50ef47422e54fa33605c8
SHA1 4f3c5c8803212719ee74c60813b9ae08604684b3
SHA256 95a7c66abd60ba45a2020ac3d42702fd9823f7b6db2ceec6a37c9e9b0602fed1
SHA512 d04978227453e3341fbdc6a8730da193f1c5e19a2635e02cb5d6eb6fef7c3ea53cf7df5df16230c12693cdaaccc90add812c5ad0a6ed0749e8de75c03602502a

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\Microsoft.Extensions.DependencyInjection.Abstractions.dll

MD5 405bf969e7e50ef47422e54fa33605c8
SHA1 4f3c5c8803212719ee74c60813b9ae08604684b3
SHA256 95a7c66abd60ba45a2020ac3d42702fd9823f7b6db2ceec6a37c9e9b0602fed1
SHA512 d04978227453e3341fbdc6a8730da193f1c5e19a2635e02cb5d6eb6fef7c3ea53cf7df5df16230c12693cdaaccc90add812c5ad0a6ed0749e8de75c03602502a

memory/2432-255-0x00000000067F0000-0x0000000006800000-memory.dmp

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\ExpressVpn.Common.Logging.dll

MD5 988912a8a5ae0cafeb29f80b4e3af6d4
SHA1 1ca87bea628fff4c8995d92168e736ef7fffd1ae
SHA256 5c67aca3caf64cb4a2ca3111ce00da9aa1364583344896dfdcb6d85c5050f43e
SHA512 2d58cde0d8f2d2aca423a612c77f34a146f46c64f8e5c877e7395baf2669ae1537bcff6431c7c0c01bb0889ced875604f9c4743b0974c2f89e300aaa13b01d3f

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\ExpressVpn.Common.Logging.dll

MD5 988912a8a5ae0cafeb29f80b4e3af6d4
SHA1 1ca87bea628fff4c8995d92168e736ef7fffd1ae
SHA256 5c67aca3caf64cb4a2ca3111ce00da9aa1364583344896dfdcb6d85c5050f43e
SHA512 2d58cde0d8f2d2aca423a612c77f34a146f46c64f8e5c877e7395baf2669ae1537bcff6431c7c0c01bb0889ced875604f9c4743b0974c2f89e300aaa13b01d3f

memory/2432-259-0x00000000069C0000-0x00000000069D8000-memory.dmp

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\ExpressVPN.Common.Shared.dll

MD5 8d3bd603070c5341750804592de30739
SHA1 19b27c7834ad7cbf1b9d6a396dfa0a5fa5588112
SHA256 74fd8ff3b37e161c04c4a17ada1138cc44f52b4af93f946237affb040b0c916b
SHA512 8c366f1a037e448edec3d324f559ccb56ac184c5f504764c8afec8cc56048d4532b8a0926e10316d6d41fc2b21a9bd673899ff459c665e6d3d8e371bce980c35

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\ExpressVPN.Common.Shared.dll

MD5 8d3bd603070c5341750804592de30739
SHA1 19b27c7834ad7cbf1b9d6a396dfa0a5fa5588112
SHA256 74fd8ff3b37e161c04c4a17ada1138cc44f52b4af93f946237affb040b0c916b
SHA512 8c366f1a037e448edec3d324f559ccb56ac184c5f504764c8afec8cc56048d4532b8a0926e10316d6d41fc2b21a9bd673899ff459c665e6d3d8e371bce980c35

memory/2432-263-0x00000000069E0000-0x00000000069F4000-memory.dmp

memory/2432-264-0x0000000006A00000-0x0000000006A1A000-memory.dmp

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\ExpressVPN.Utils.dll

MD5 f162ee7a69d27493bd375907f666ca94
SHA1 b79c97c0cdb592f7ce01f3b4bddf5ab5db252547
SHA256 a8609434e1d3481f153b811e5f7c1a0a98b205a0a6d5a176b45b4b8b1ff1b95e
SHA512 cd32829c002d236014e45d14232f7104f4518291c39fa0dd55b5d29a1c5bf991b287b1ae3c6f16e5e8d31efba5f27e61d3c7241648936f1157d0564a1a47d32b

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\ExpressVPN.Utils.dll

MD5 f162ee7a69d27493bd375907f666ca94
SHA1 b79c97c0cdb592f7ce01f3b4bddf5ab5db252547
SHA256 a8609434e1d3481f153b811e5f7c1a0a98b205a0a6d5a176b45b4b8b1ff1b95e
SHA512 cd32829c002d236014e45d14232f7104f4518291c39fa0dd55b5d29a1c5bf991b287b1ae3c6f16e5e8d31efba5f27e61d3c7241648936f1157d0564a1a47d32b

memory/2432-268-0x0000000006A20000-0x0000000006A40000-memory.dmp

memory/2432-272-0x0000000006B40000-0x0000000006B58000-memory.dmp

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\Microsoft.Extensions.DependencyInjection.dll

MD5 f2a9c263e730b94057d26d8e6562e342
SHA1 e36e4c8100585db5c7dbd07ff66f4adad8ccd37f
SHA256 d6de20035b25367a82da6180c45511d9077374c5f96f6cc5fedd2107d61efb9c
SHA512 976fff499e641484a176801ca904221270220d07a1ffe14c03a9b3f32372a264ebe25e704dc63ec18f1bc2a430afa6a098847c327d695a3d19359422a300d4e9

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\Microsoft.Extensions.DependencyInjection.dll

MD5 f2a9c263e730b94057d26d8e6562e342
SHA1 e36e4c8100585db5c7dbd07ff66f4adad8ccd37f
SHA256 d6de20035b25367a82da6180c45511d9077374c5f96f6cc5fedd2107d61efb9c
SHA512 976fff499e641484a176801ca904221270220d07a1ffe14c03a9b3f32372a264ebe25e704dc63ec18f1bc2a430afa6a098847c327d695a3d19359422a300d4e9

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\Microsoft.Bcl.AsyncInterfaces.dll

MD5 48efe61d6ca3054309907b532d576d2a
SHA1 f36403aabb16540c93fb35245ec0b4e435628aae
SHA256 295af2142d9214f3fd84eafe4778dca119be7e0229f14b6ba8d5269c2f1e2e78
SHA512 778e7c4675d8fde9e083230213d2efa19aa6924fe892ed74fa1ea2ec16743bb14b99b51856e75eaef632d57be7f36dd1bc7ce39a7c2b0435b2f3211bb19836a3

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\Microsoft.Bcl.AsyncInterfaces.dll

MD5 48efe61d6ca3054309907b532d576d2a
SHA1 f36403aabb16540c93fb35245ec0b4e435628aae
SHA256 295af2142d9214f3fd84eafe4778dca119be7e0229f14b6ba8d5269c2f1e2e78
SHA512 778e7c4675d8fde9e083230213d2efa19aa6924fe892ed74fa1ea2ec16743bb14b99b51856e75eaef632d57be7f36dd1bc7ce39a7c2b0435b2f3211bb19836a3

memory/2432-276-0x00000000069B0000-0x00000000069BA000-memory.dmp

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\System.Threading.Tasks.Extensions.dll

MD5 e1e9d7d46e5cd9525c5927dc98d9ecc7
SHA1 2242627282f9e07e37b274ea36fac2d3cd9c9110
SHA256 4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6
SHA512 da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11

memory/2432-280-0x0000000006B60000-0x0000000006B6A000-memory.dmp

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\System.Threading.Tasks.Extensions.dll

MD5 e1e9d7d46e5cd9525c5927dc98d9ecc7
SHA1 2242627282f9e07e37b274ea36fac2d3cd9c9110
SHA256 4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6
SHA512 da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\Microsoft.Extensions.Logging.Abstractions.dll

MD5 1237591a98cea80b03eaa68dbbcb2176
SHA1 5761dfe8070d1e273c20bf6ce50eb46a8780e065
SHA256 ce8a3129430b92e206d59720adff91ebae0af7c8a808ba81b2ecf9ce680260e1
SHA512 1446308e87aaf15ac1b3f79d8f4620b2172fb4c5f34059df75fae0ab244015cae6ac46faa86a0ab91b71d51bf91476dc407f473016ed0b71526ff6e446bbda07

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\Microsoft.Extensions.Logging.Abstractions.dll

MD5 1237591a98cea80b03eaa68dbbcb2176
SHA1 5761dfe8070d1e273c20bf6ce50eb46a8780e065
SHA256 ce8a3129430b92e206d59720adff91ebae0af7c8a808ba81b2ecf9ce680260e1
SHA512 1446308e87aaf15ac1b3f79d8f4620b2172fb4c5f34059df75fae0ab244015cae6ac46faa86a0ab91b71d51bf91476dc407f473016ed0b71526ff6e446bbda07

memory/2432-284-0x0000000006B90000-0x0000000006BA0000-memory.dmp

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\Newtonsoft.Json.dll

MD5 6815034209687816d8cf401877ec8133
SHA1 1248142eb45eed3beb0d9a2d3b8bed5fe2569b10
SHA256 7f912b28a07c226e0be3acfb2f57f050538aba0100fa1f0bf2c39f1a1f1da814
SHA512 3398094ce429ab5dcdecf2ad04803230669bb4accaef7083992e9b87afac55841ba8def2a5168358bd17e60799e55d076b0e5ca44c86b9e6c91150d3dc37c721

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\Newtonsoft.Json.dll

MD5 6815034209687816d8cf401877ec8133
SHA1 1248142eb45eed3beb0d9a2d3b8bed5fe2569b10
SHA256 7f912b28a07c226e0be3acfb2f57f050538aba0100fa1f0bf2c39f1a1f1da814
SHA512 3398094ce429ab5dcdecf2ad04803230669bb4accaef7083992e9b87afac55841ba8def2a5168358bd17e60799e55d076b0e5ca44c86b9e6c91150d3dc37c721

memory/2432-288-0x0000000006D20000-0x0000000006DD0000-memory.dmp

memory/2432-291-0x0000000006200000-0x0000000006210000-memory.dmp

memory/2432-292-0x000000007F750000-0x000000007F760000-memory.dmp

memory/2432-293-0x00000000066E0000-0x0000000006702000-memory.dmp

memory/2432-296-0x0000000006200000-0x0000000006210000-memory.dmp

memory/2432-297-0x0000000007790000-0x0000000007798000-memory.dmp

memory/2432-298-0x0000000009D00000-0x0000000009D38000-memory.dmp

memory/2432-299-0x0000000009CC0000-0x0000000009CCE000-memory.dmp

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.be\ExpressVPN_12.38.0.60.exe

MD5 07c7857ac0338fdc449755eddac67c94
SHA1 db057f68b70c981978855a2b02d8a8a397c79b0a
SHA256 efde80da6ad11fdcd949c24ea07338a4ed1bd1dac31bc9753ac776607e9cd23a
SHA512 842e01b17306e3f6250d685d27ac67855b5db2cb79f0efc1118f33aff5029fe761941b81bbebf5294794664ee7490eba562a71cf1ab558de708555cf85166e9d

memory/2432-303-0x0000000009ED0000-0x0000000009ED8000-memory.dmp

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.be\ExpressVPN_12.38.0.60.exe

MD5 07c7857ac0338fdc449755eddac67c94
SHA1 db057f68b70c981978855a2b02d8a8a397c79b0a
SHA256 efde80da6ad11fdcd949c24ea07338a4ed1bd1dac31bc9753ac776607e9cd23a
SHA512 842e01b17306e3f6250d685d27ac67855b5db2cb79f0efc1118f33aff5029fe761941b81bbebf5294794664ee7490eba562a71cf1ab558de708555cf85166e9d

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.be\ExpressVPN_12.38.0.60.exe

MD5 07c7857ac0338fdc449755eddac67c94
SHA1 db057f68b70c981978855a2b02d8a8a397c79b0a
SHA256 efde80da6ad11fdcd949c24ea07338a4ed1bd1dac31bc9753ac776607e9cd23a
SHA512 842e01b17306e3f6250d685d27ac67855b5db2cb79f0efc1118f33aff5029fe761941b81bbebf5294794664ee7490eba562a71cf1ab558de708555cf85166e9d

memory/2432-312-0x0000000006200000-0x0000000006210000-memory.dmp

memory/2432-313-0x0000000006200000-0x0000000006210000-memory.dmp

memory/2432-314-0x0000000006200000-0x0000000006210000-memory.dmp

memory/2432-315-0x0000000006200000-0x0000000006210000-memory.dmp

memory/2432-316-0x000000007F750000-0x000000007F760000-memory.dmp

memory/2432-317-0x0000000006200000-0x0000000006210000-memory.dmp

\??\pipe\crashpad_2052_BOPOPFJVLJDFHUUA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\scoped_dir2052_1611100194\82983e92-e51b-4dda-ac79-a9198d6cdc0f.tmp

MD5 2cc86b681f2cd1d9f095584fd3153a61
SHA1 2a0ac7262fb88908a453bc125c5c3fc72b8d490e
SHA256 d412fbbeb84e2a6882b2f0267b058f2ceb97f501e440fe3f9f70fac5c2277b9c
SHA512 14ba32c3cd5b1faf100d06f78981deebbbb673299a355b6eaec88e6cb5543725242c850235a541afa8abba4a609bb2ec26e4a0526c6b198016b08d8af868b986

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\Net6DesktopRuntime64

MD5 26d558f92be15a50d59b8261123de56b
SHA1 b5b1819cca753b070181f50411375b80412860a3
SHA256 1b305b1ae89b2391a4411bb2c5edb6b059a7bf7955275c57b43d1f2a94ce3f62
SHA512 5eb1537295cdb513197419c311777229fd43af6cea0ef6134f9990b32b8ac26aa51139f2c0b63d9cdfb6d753dd9db6f243b887ec511f15866157aa9e127b5cea

C:\Users\Admin\AppData\Local\Temp\scoped_dir2052_1611100194\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\MainMsi

MD5 d5e72c30c8383525e3aed1f1c2f1caab
SHA1 453c6b82989d62d7e3d9e1c805b5d106c1f5463d
SHA256 59efe52b08ee6c4cef658510eeb2be1b4f4701d162ff581a57a2997421652c57
SHA512 f8e67557af9e9053498460a32401b0b9f20cbe771d14189df112db505ba2f9330c7f89fa4aa61f486a4ab7867115a0c1909cbf5b5b5546cc70c61280b49ee867

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ed6c638e459bf4808f4b07e57a335857
SHA1 c99362aecace91b9a9614cc6dec5926870643767
SHA256 613a7b8bb968abd9321c2de9183eff1ae32737cd62bb626a44e99cf5a499d854
SHA512 fc15dfe845869fe0fe5050d98b531a33db60840215e3e1c85a239e99eec745467df1e8cdcdcb93fb5745b5b56c7b17b88ba56ddc70d9e6c400c75fd7c3b53087

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 861007b6d6ef1971a153e6fc8b03446b
SHA1 a567010e80ac53eb53e3246dd14b0b728a6827cd
SHA256 fbc339c6c5f43b131f174c0e7e9f7b5f6ade136460978c5116a27f46a2a07376
SHA512 d4aa45a437fcf0f51eac8883942ff584c6bac6b53cf43523c63824a2b1678ab733ca751435c157493db6f71fd6286c1625b2f3a43168d39eb85f63c681049dfa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 1780acc0f9763a3e59600bd61ab9b9f8
SHA1 74c9da98ad596dd1d35a29ba69d16299db90505e
SHA256 3c6f7885483fab2849967322f6e203a789aca36e67d4d66cb355bbb83d5890dd
SHA512 f9e536105b90cf01e12fa29c66d5944a77095e6090472b56e010972408864f47f0cd67458ab951981f20f7fd2d79415cc40824072c8e58114a8e5b8a4d14d332

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cef03b0ae56356f25fa179726f82f44f
SHA1 38bb53d022df4ca43a1f251d049dd80f28e9f629
SHA256 3d286ee21071ae7d0d65e8e16cd31804d38beb0d7d8a88b55d8ee3b28fde02e0
SHA512 2f0ea0fe962464d2b8668de6996f1393f56469053e6c80b4996e0f5dd46c82f2d50835c464ad7b62cd192a14f0d297ef9fe69b7345f98e5ffa18564f8e0f2ffe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\ProgramData\Package Cache\B5B1819CCA753B070181F50411375B80412860A3\windowsdesktop-runtime-6.0.5-win-x64.exe

MD5 26d558f92be15a50d59b8261123de56b
SHA1 b5b1819cca753b070181f50411375b80412860a3
SHA256 1b305b1ae89b2391a4411bb2c5edb6b059a7bf7955275c57b43d1f2a94ce3f62
SHA512 5eb1537295cdb513197419c311777229fd43af6cea0ef6134f9990b32b8ac26aa51139f2c0b63d9cdfb6d753dd9db6f243b887ec511f15866157aa9e127b5cea

C:\Windows\Temp\{3F2F9BF6-7239-4224-BBE0-9DA42F7940D2}\.cr\windowsdesktop-runtime-6.0.5-win-x64.exe

MD5 987433e22c318ff3bfd596f6b7bb3d0d
SHA1 7b8b48d30370bf1cc8e1c2c68b96622a6051d08e
SHA256 ea4484732f4415318ad0a403f8768129f1d4e6f871602881f3d339bcf7a2fa73
SHA512 8dcf1535cb673983f916d2c6d255f9a0f2ff708d9a356c5d02e0e326ce967353878a1019e686db0cb7e88e6a8cf78e4c73949fb831ca885241e0c5bce3934d46

C:\Windows\Temp\{3F2F9BF6-7239-4224-BBE0-9DA42F7940D2}\.cr\windowsdesktop-runtime-6.0.5-win-x64.exe

MD5 987433e22c318ff3bfd596f6b7bb3d0d
SHA1 7b8b48d30370bf1cc8e1c2c68b96622a6051d08e
SHA256 ea4484732f4415318ad0a403f8768129f1d4e6f871602881f3d339bcf7a2fa73
SHA512 8dcf1535cb673983f916d2c6d255f9a0f2ff708d9a356c5d02e0e326ce967353878a1019e686db0cb7e88e6a8cf78e4c73949fb831ca885241e0c5bce3934d46

C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.ba\wixstdba.dll

MD5 4356ee50f0b1a878e270614780ddf095
SHA1 b5c0915f023b2e4ed3e122322abc40c4437909af
SHA256 41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104
SHA512 b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.ba\bg.png

MD5 9eb0320dfbf2bd541e6a55c01ddc9f20
SHA1 eb282a66d29594346531b1ff886d455e1dcd6d99
SHA256 9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79
SHA512 9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe

MD5 987433e22c318ff3bfd596f6b7bb3d0d
SHA1 7b8b48d30370bf1cc8e1c2c68b96622a6051d08e
SHA256 ea4484732f4415318ad0a403f8768129f1d4e6f871602881f3d339bcf7a2fa73
SHA512 8dcf1535cb673983f916d2c6d255f9a0f2ff708d9a356c5d02e0e326ce967353878a1019e686db0cb7e88e6a8cf78e4c73949fb831ca885241e0c5bce3934d46

C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe

MD5 987433e22c318ff3bfd596f6b7bb3d0d
SHA1 7b8b48d30370bf1cc8e1c2c68b96622a6051d08e
SHA256 ea4484732f4415318ad0a403f8768129f1d4e6f871602881f3d339bcf7a2fa73
SHA512 8dcf1535cb673983f916d2c6d255f9a0f2ff708d9a356c5d02e0e326ce967353878a1019e686db0cb7e88e6a8cf78e4c73949fb831ca885241e0c5bce3934d46

C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe

MD5 987433e22c318ff3bfd596f6b7bb3d0d
SHA1 7b8b48d30370bf1cc8e1c2c68b96622a6051d08e
SHA256 ea4484732f4415318ad0a403f8768129f1d4e6f871602881f3d339bcf7a2fa73
SHA512 8dcf1535cb673983f916d2c6d255f9a0f2ff708d9a356c5d02e0e326ce967353878a1019e686db0cb7e88e6a8cf78e4c73949fb831ca885241e0c5bce3934d46

C:\ProgramData\Package Cache\{8e563438-c5e3-4ece-98b6-53dcb8e954c2}\state.rsm

MD5 a7b9c0008fa75505ae8ad8e99617ace5
SHA1 6ef386c6a77d5390ca66032e4496e961659f6de1
SHA256 4c20916775719bc406ce71856335123c21d03b6eb824ff6f8aa7b45a4be7767b
SHA512 9693033537e15ec8e9181366d44a6b38afee4bd8779c97a6fa22da7342d27a8ed7f5902e96f451ec26e88edaa68107c091fe4e1e5abdb1b28b2fa28a4d225209

C:\ProgramData\Package Cache\{8e563438-c5e3-4ece-98b6-53dcb8e954c2}\ExpressVPN_12.38.0.60.exe

MD5 07c7857ac0338fdc449755eddac67c94
SHA1 db057f68b70c981978855a2b02d8a8a397c79b0a
SHA256 efde80da6ad11fdcd949c24ea07338a4ed1bd1dac31bc9753ac776607e9cd23a
SHA512 842e01b17306e3f6250d685d27ac67855b5db2cb79f0efc1118f33aff5029fe761941b81bbebf5294794664ee7490eba562a71cf1ab558de708555cf85166e9d

C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\dotnet_runtime_6.0.5_win_x64.msi

MD5 abf5dbc0196845d9c906189aa70d07ec
SHA1 4a6879976ca9d64a151e1679d0b08d975883a7b2
SHA256 f8f96b0c0a444a391d1a5c02d217d530905c32895166251d16a1b5903b6815f1
SHA512 035fffdf011e5d30b06ca3b78b37ceb90c1773b08244efc0ca8f7e8b7c4ef83b1b0c5273431e752d0f7dc83a49ccf5fbb733f8235825bf5b8ded32f7b51939e3

C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\windowsdesktop_runtime_6.0.5_win_x64.msi

MD5 bf16e0cb45daf8f291ecfa351cb0c3c2
SHA1 1491de942eec40921a35f35aa377c2f8f7332c5b
SHA256 0c3b15d1e680e29377a08ec0577d87d222dda47b84c955f4e834497b59041f9c
SHA512 a69a495b265e6e16fbc4a06455a02baabe35c6ad4abf499ca99a4b5cc9dfe2bcf337b6a60d32bfb15eca03b4c08710a095111ec637b2fbef0279c26d9e9e9ae8

C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\dotnet_host_6.0.5_win_x64.msi

MD5 bdc10a6d27e4df71409c9cd8bc40d48c
SHA1 3cd9327008fc4bc8f76d9f8174bc6a1bbf4d7632
SHA256 ec6d27122faf6585fa4419284a95212102c54bbd7ee02bd56835a496039c70de
SHA512 c60196e4f34efcaa62ac3bb750205b701d7434872fe9eb866a5d80ccab6cef879b35aab0d09c19d25cdbf2a3e19c23a4170a16033ad2fbd008dccc9a6530b1c9

C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\dotnet_hostfxr_6.0.5_win_x64.msi

MD5 eef7d4eaa530df3288c03b8e6463aaa3
SHA1 4d94b0073d5afeb1642a2f0da5c178f5765857b3
SHA256 cbdda269bf97e5e990d909fc503149005e4cd70e68d565c0fd4fbed3222d7711
SHA512 2be6dbc2c4d2a8d68653ffd8cb56196178c4ecea2f247a8d6f6cf3061917a43ff814ce48ab2939b475ae0d69df8fe41e0864ebaa282adcfb3e578ca0da10f823

C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.5_(x64)_20230615125328_000_dotnet_runtime_6.0.5_win_x64.msi.log

MD5 17cfa80bee83a519b3b96d86b06f60f9
SHA1 9f66c92773581534f455ee08c4f1c98131760fd6
SHA256 c53df84add68d4b97c44e825dd7f3aa22e3c8c27ec93caeeec283ecd1b64aab6
SHA512 686bc5dc2e945485aa90faf1a6d0b82ee9d082182aa45839b16f13fdc1159306ef3a516c7dbd12a21634ab9cec655e157726b059ea3fd53c98fdcb4eede071e5

C:\Windows\Installer\MSIA43F.tmp

MD5 d711da8a6487aea301e05003f327879f
SHA1 548d3779ed3ab7309328f174bfb18d7768d27747
SHA256 3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283
SHA512 c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

C:\Windows\Installer\MSIA43F.tmp

MD5 d711da8a6487aea301e05003f327879f
SHA1 548d3779ed3ab7309328f174bfb18d7768d27747
SHA256 3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283
SHA512 c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 526f730757d8cb2edd2dcf7e34331d05
SHA1 0ca71bd560c509fe1c0644d906da468b0c65275a
SHA256 8fc091e4fa47a0d87c84df1f7052e30387ecbdd3d49854150ae8c15c41529bb9
SHA512 c0287626140474fe7b3587f50496a8553a18617689c608546a0f1a461e6ee13f6119d26c94307c81bcd9836dfc117bde6cba7450cb9b162dcf1bf55d3673b99d

C:\Windows\Installer\e57a069.msi

MD5 abf5dbc0196845d9c906189aa70d07ec
SHA1 4a6879976ca9d64a151e1679d0b08d975883a7b2
SHA256 f8f96b0c0a444a391d1a5c02d217d530905c32895166251d16a1b5903b6815f1
SHA512 035fffdf011e5d30b06ca3b78b37ceb90c1773b08244efc0ca8f7e8b7c4ef83b1b0c5273431e752d0f7dc83a49ccf5fbb733f8235825bf5b8ded32f7b51939e3

C:\Config.Msi\e57a068.rbs

MD5 038d580a782680178ca400ee570d7d0d
SHA1 75ea391a0588dfa77db2e65cf10f6559692186b8
SHA256 f77da8f40c6d248c247eacd50ab2fb78b60b9424d5a8a1354ec821dda764d607
SHA512 dce046b7581eb3e5a4c0fc7c99b771456e39891292522f472d10c4a586e892c2604c1f25fbbc2c9faecd258390ba2b0efad4657918b95b2d5288b3002730357d

C:\Windows\Installer\MSICA37.tmp

MD5 d711da8a6487aea301e05003f327879f
SHA1 548d3779ed3ab7309328f174bfb18d7768d27747
SHA256 3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283
SHA512 c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

C:\Windows\Installer\MSICA37.tmp

MD5 d711da8a6487aea301e05003f327879f
SHA1 548d3779ed3ab7309328f174bfb18d7768d27747
SHA256 3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283
SHA512 c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.5_(x64)_20230615125328_001_dotnet_hostfxr_6.0.5_win_x64.msi.log

MD5 468b62f3afeb27957aa4869a1800ef45
SHA1 85ee4a312ccf8df04d7ca2e0f745f298e2c82dad
SHA256 4f6032b8ee829101abe5796beb9865cf77e5764d2ab8630490e0403d0ad2eae3
SHA512 ff27f845f191b27cf5fd8bdb7632cc79426078076148176ed4a19cab866cb58e735e867149cd027de2ab2fe236388cf859d838e6f9a93aecd672456bc5d35d93

C:\Windows\Installer\MSICCE8.tmp

MD5 d711da8a6487aea301e05003f327879f
SHA1 548d3779ed3ab7309328f174bfb18d7768d27747
SHA256 3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283
SHA512 c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

C:\Windows\Installer\e57a06a.msi

MD5 eef7d4eaa530df3288c03b8e6463aaa3
SHA1 4d94b0073d5afeb1642a2f0da5c178f5765857b3
SHA256 cbdda269bf97e5e990d909fc503149005e4cd70e68d565c0fd4fbed3222d7711
SHA512 2be6dbc2c4d2a8d68653ffd8cb56196178c4ecea2f247a8d6f6cf3061917a43ff814ce48ab2939b475ae0d69df8fe41e0864ebaa282adcfb3e578ca0da10f823

C:\Config.Msi\e57a06c.rbs

MD5 ae59508430136e4f367f9ec09aa18be0
SHA1 0fee496b24e23a19e3aec3090b565c9e007e2a08
SHA256 ccdd63292ca8938c2d1a63bdd3ab440b3f3fa72f1ea21206539c3b274e7c26e1
SHA512 1bceaa3c4cbc489d7adfc25bfdb2f6b97f3900d54a9d83109d79dcc899a2147cf3a95e073ba90d88b68041104d986832ae4eb8016e92c7c692aaf3e3c958f7b1

C:\Program Files\dotnet\ThirdPartyNotices.txt

MD5 f77a4aecfaf4640d801eb6dcdfddc478
SHA1 7424710f255f6205ef559e4d7e281a3b701183bb
SHA256 d5db0ed54363e40717ae09e746dec99ad5b09223cc1273bb870703176dd226b7
SHA512 1b729dfa561899980ba8b15128ea39bc1e609fe07b30b283001fd9cf9da62885d78c18082d0085edd81f09203f878549b48f7f888a8486a2a526b134c849fd6b

C:\Program Files\dotnet\LICENSE.txt

MD5 31c5a77b3c57c8c2e82b9541b00bcd5a
SHA1 153d4bc14e3a2c1485006f1752e797ca8684d06d
SHA256 7f6839a61ce892b79c6549e2dc5a81fdbd240a0b260f8881216b45b7fda8b45d
SHA512 ad33e3c0c3b060ad44c5b1b712c991b2d7042f6a60dc691c014d977c922a7e3a783ba9bade1a34de853c271fde1fb75bc2c47869acd863a40be3a6c6d754c0a6

C:\Config.Msi\e57a070.rbs

MD5 e4bdbabe0b37ca20baab8b217aca4fb4
SHA1 d1346c2fc8c93f63733bf65807e9f03b632b4f61
SHA256 24ad142829b2a1edbf00c18c4fe809636c6913b38041709eb9b47e36c3b34852
SHA512 8be5cd819398e89f42ea7496ea0ea7b2d662b057650ab37ffb0cee599dd870987407bfad5e918bd832bc81c17afa54e43c63d455fc415963d3ef2f910a8b11f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a5232a34bbc3a132d14679ec841d2edb
SHA1 9707f7c37f378d759720bce9ef851bf278a80a85
SHA256 a4a1416d4e8324bce967366c51155d3c7b7affdbdcba27b3469abdb949d75b03
SHA512 74ab96d0546fdd9807a5927898549f68fa0b6ba90a051350b51b37bb646f89088ffad452abbeb82083a53d87461a50e2cc81b2e5a89cb1f139961fdb018556cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6400a246cbd5a7a64ef30fa7be486be3
SHA1 57784abba928a036d091cac8933a13950fe78230
SHA256 5974d66347ed67a91bf101cdd5fe0f27c81a62affae15632b788ddf1ca4d8593
SHA512 c592316039ead41cb08cb69e5c455a12ac68c08ec3002b13124f55bf927ac29bce412e9b8da5124d9d5879d0bdd3063e8668f98cb269c42c26b4442478e62dfb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 5b0c0d429185ff30e04c93f67116d98f
SHA1 8eb3286fe16a5bee5a0164b131bc534fd131f250
SHA256 f1a0b957050b529afc0e94c436976326124ed8968183859c413986487623294d
SHA512 6295bcd662325172b15c476d26f23c8794c4f1454e0e8cfd43bca79b45aa03e1ae721ebdada1c52fe7699027fa97699156280ff259ce3cc476e322ccc0337902

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4b1f6241586d232bd85a69087e2b0eee
SHA1 a16a784e165fa3b74456f4cfda64ec71c3f3bdba
SHA256 251b1bea4a5cbec8ef53f50356977189801cd5946d3f3208c8f4622abbf26d2b
SHA512 b3ea7e0ff626e399bb55f45d39a6dc615568d77f4e359c763e5ebfc6ae3aed0cfe146a08716a2e41a8cbfa3e9fe76bfe2d19c868dbaada004746d07073569a28

C:\Windows\Installer\e57a075.msi

MD5 bf16e0cb45daf8f291ecfa351cb0c3c2
SHA1 1491de942eec40921a35f35aa377c2f8f7332c5b
SHA256 0c3b15d1e680e29377a08ec0577d87d222dda47b84c955f4e834497b59041f9c
SHA512 a69a495b265e6e16fbc4a06455a02baabe35c6ad4abf499ca99a4b5cc9dfe2bcf337b6a60d32bfb15eca03b4c08710a095111ec637b2fbef0279c26d9e9e9ae8

C:\Config.Msi\e57a074.rbs

MD5 73a8ffc587d0befaeb588a7f7d22c837
SHA1 56230fa937c1d46fd2b5e65c4349a146e3ec63a9
SHA256 7b4639973f2099b3972cd7e18a5362d5b3e65ac9ae8e3538d299a411654d965a
SHA512 3407e148ff86d5a3cb4ad9275d36330a35fa6640f7f92b788c148c3080f60dfcbb523d917fc2417e5a26b00997b231cc9a69b3a356a1a04cbcc32c1632bd2a25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 efcb2deb411162f092bd8a22325600ec
SHA1 dd40a30585062eb7d274b2f2cdd11b1f55efec2e
SHA256 59f94c786ebbd9ae21f80adfcad2e18062bba92f0cb758ea9a9009ba24b403d6
SHA512 85bafa5d47654de8717d670b16e0b270b81acbbdbf096cd23e5881cc18f7bdb56ee674f16dafcecbe707803893a92f42b99a85fcf975bf044b5b535b78a30229

C:\Windows\Installer\MSI17D5.tmp-\Newtonsoft.Json.dll

MD5 6815034209687816d8cf401877ec8133
SHA1 1248142eb45eed3beb0d9a2d3b8bed5fe2569b10
SHA256 7f912b28a07c226e0be3acfb2f57f050538aba0100fa1f0bf2c39f1a1f1da814
SHA512 3398094ce429ab5dcdecf2ad04803230669bb4accaef7083992e9b87afac55841ba8def2a5168358bd17e60799e55d076b0e5ca44c86b9e6c91150d3dc37c721

memory/1268-1745-0x0000000004D90000-0x0000000004DBE000-memory.dmp

memory/1268-1747-0x0000000004DE0000-0x0000000004DF6000-memory.dmp

memory/1268-1749-0x0000000004DC0000-0x0000000004DC8000-memory.dmp

memory/1268-1751-0x0000000004E20000-0x0000000004E38000-memory.dmp

memory/1268-1754-0x0000000004E60000-0x0000000004E74000-memory.dmp

memory/1268-1756-0x0000000004F60000-0x0000000004FD0000-memory.dmp

memory/1268-1758-0x0000000004EC0000-0x0000000004EE0000-memory.dmp

memory/1268-1760-0x0000000004EA0000-0x0000000004EAA000-memory.dmp

memory/1268-1762-0x0000000004EE0000-0x0000000004EEC000-memory.dmp

memory/1268-1772-0x0000000004F50000-0x0000000004F60000-memory.dmp

memory/1268-1779-0x0000000004F50000-0x0000000004F60000-memory.dmp

memory/1268-1780-0x0000000004F50000-0x0000000004F60000-memory.dmp

C:\Windows\Installer\MSI17D5.tmp-\Microsoft.Extensions.Logging.Abstractions.dll

MD5 1237591a98cea80b03eaa68dbbcb2176
SHA1 5761dfe8070d1e273c20bf6ce50eb46a8780e065
SHA256 ce8a3129430b92e206d59720adff91ebae0af7c8a808ba81b2ecf9ce680260e1
SHA512 1446308e87aaf15ac1b3f79d8f4620b2172fb4c5f34059df75fae0ab244015cae6ac46faa86a0ab91b71d51bf91476dc407f473016ed0b71526ff6e446bbda07

C:\Windows\Installer\MSI17D5.tmp-\System.Threading.Tasks.Extensions.dll

MD5 e1e9d7d46e5cd9525c5927dc98d9ecc7
SHA1 2242627282f9e07e37b274ea36fac2d3cd9c9110
SHA256 4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6
SHA512 da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11

C:\Windows\Installer\MSI17D5.tmp-\Microsoft.Bcl.AsyncInterfaces.dll

MD5 48efe61d6ca3054309907b532d576d2a
SHA1 f36403aabb16540c93fb35245ec0b4e435628aae
SHA256 295af2142d9214f3fd84eafe4778dca119be7e0229f14b6ba8d5269c2f1e2e78
SHA512 778e7c4675d8fde9e083230213d2efa19aa6924fe892ed74fa1ea2ec16743bb14b99b51856e75eaef632d57be7f36dd1bc7ce39a7c2b0435b2f3211bb19836a3

C:\Windows\Installer\MSI17D5.tmp-\Microsoft.Extensions.DependencyInjection.dll

MD5 f2a9c263e730b94057d26d8e6562e342
SHA1 e36e4c8100585db5c7dbd07ff66f4adad8ccd37f
SHA256 d6de20035b25367a82da6180c45511d9077374c5f96f6cc5fedd2107d61efb9c
SHA512 976fff499e641484a176801ca904221270220d07a1ffe14c03a9b3f32372a264ebe25e704dc63ec18f1bc2a430afa6a098847c327d695a3d19359422a300d4e9

C:\Windows\Installer\MSI17D5.tmp-\Microsoft.Extensions.DependencyInjection.Abstractions.dll

MD5 405bf969e7e50ef47422e54fa33605c8
SHA1 4f3c5c8803212719ee74c60813b9ae08604684b3
SHA256 95a7c66abd60ba45a2020ac3d42702fd9823f7b6db2ceec6a37c9e9b0602fed1
SHA512 d04978227453e3341fbdc6a8730da193f1c5e19a2635e02cb5d6eb6fef7c3ea53cf7df5df16230c12693cdaaccc90add812c5ad0a6ed0749e8de75c03602502a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 77ac726b80f73a3255e56752658dce34
SHA1 b81f281b8faeb23252393be7ac154563fdc7744c
SHA256 3cf31e73d94c5187ce9ecc426251e23870f416ddda80301d301f60285bdbc42a
SHA512 4476df6da469075b522c36283b0c5a98ea40cc149bd41cfb2b97ed637c2f1d7a0ad9c66ab887b93c93f9614a0984c74e9c4c3da6f6f920243cf258fd47028977

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe581ebe.TMP

MD5 a2cfdb4e918dbe1c0aba49c647d0895a
SHA1 d0ff89f7d6c04b2d8944b5120ab536e922cc84b2
SHA256 183a38aba24f31bd3830bd5099082f0e40bfc07ac1521cf3f35da57fbe15ff64
SHA512 b806206cb812c5c3a4c58feeee55973f727c52c7eb5e2a18a2a716ff808568f8f3525ca7c27e59db8edae24a87a7c8c1e6e3a57a0d9964923b437ee081423dfd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a54f88aefe75194eb85ce86a76db7c08
SHA1 c629b216ff3a16745225376d35519c96551b7ac5
SHA256 6c03076b365263365810af635a270a1a345891ca0d252147c364891e0c237b9b
SHA512 ab5adeefaee531aa55aa06ab8f5a8753f236a278b384b1a9432b8427d326f13a28fc2449ef2579afdebcd8e827cea15160f3c46b3a333633a7cb11629ac1d4dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 5743a4ed71f8d9d5da13bb913aa9a3b8
SHA1 c179fb755847fc52565f36ca0a657914e900df8a
SHA256 d47d382e35b99f535f09ca7208102f6d0cc1a331a5ba84c32d560061713156db
SHA512 3a34ebb67271fd58a8593589b59518d76b070dc67928bb9b04f27786af5522bfc6ce2dc87f0c3cc4951486cd0b246f064ce78f89d5d9d7b703ff8a28fc556626

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 4cd9141ca0a6c19415d035752cf0b9df
SHA1 c91980b39cb48c07439fb2b35cd0aeb1f7808213
SHA256 63ff9d954ee10e70184f9fb1016fe11931425c71b3b3ede8e28f85a9d7439598
SHA512 e75ff9f01740dcca451e290e134ea8c88d28e1b8cb989865e62eb3467afb3c4e737beb6c816a9e1343276e8eee523f5f8151a9840c6b01b633f5c177ac42577d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6b94ddc0756264d534b0744e503ba1f6
SHA1 297dd40e1f00f7ba7e6b07f3672270019e3ee1f6
SHA256 f67828c592a00d8f211f9765a4d612569301e5b98dcfc8aa2d3c0c89f0e0f092
SHA512 24faba3bd04254fe356a65ef810b1fb15d7b267007565cf362d2f7d94c488cb5120cc899b51e5cb5f9f2eadf3b202c6a898a2a79a421ce9a15b20264093a3ef7

C:\Windows\Installer\MSI3D72.tmp-\Microsoft.Deployment.WindowsInstaller.dll

MD5 1a5caea6734fdd07caa514c3f3fb75da
SHA1 f070ac0d91bd337d7952abd1ddf19a737b94510c
SHA256 cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca
SHA512 a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1

C:\Windows\Installer\MSI3D72.tmp-\CustomAction.config

MD5 c9c40af1656f8531eaa647caceb1e436
SHA1 907837497508de13d5a7e60697fc9d050e327e19
SHA256 1a67f60962ca1cbf19873b62a8518efe8c701a09cd609af4c50ecc7f0b468bb8
SHA512 0f7033686befa3f4acf3ed355c1674eaa6e349fba97e906446c8a7000be6876f157bc015bf5d3011fbbdc2c771bcbaea97918b8d24c064cbbd302741cc70cbc7

C:\Windows\Installer\MSI3D72.tmp-\ExpressVpn.Client.Setup.CustomActions.dll

MD5 3e40e18013bbb899607891f3234a8446
SHA1 0cc000b1a1d41cd46ab393b2ebf928939b6477ba
SHA256 d04a426349d56dda212e907cdd3799d402cd7d7e46f5fc051fa14c7802ee7fc6
SHA512 ec20c499b3475805b2ce3da8658d96899f3d35ff4544cb961350e6b06ee252f244b567dc11ccd73e9ebf7075735237063d94a34333457312bc3ed418d9e7e04d

C:\Windows\Installer\MSI3D72.tmp-\ExpressVpn.Client.Setup.Shared.dll

MD5 9c69b9327a9cb3f9c814bebb625c55c2
SHA1 3f0c9af7f54af5d09f91e06005351c6e143c83a9
SHA256 491737b9d171ede500938a3985d438f3018ca98c84f8ace03e75c2f63b05a2e0
SHA512 f7ba8808d87d22ef9ca130b56c32846df0c947d0e41347ad93fe7c06cd1ac8769721f8cc3477893f41c4491cd32bb44a91550da035f190f02e5dd58d04e8527b

C:\Windows\Installer\MSI3D72.tmp-\ExpressVpn.Common.Logging.dll

MD5 4c0619b0ea8d374bf199e507af60823c
SHA1 6472e515499ec9fa0ee43e1e9006ae1dcc8dc111
SHA256 a19a22cdab7b32c45ae226fa66bb9e6ab70e27e1b63ed4839a94f213d141dcfe
SHA512 9a093e0f304a320589c7755d48813d4303a10358c9d753a75ab98c7ffafe140483bfb9e54b2f764bbbe068fdcdf2ed87b3a4d14f13ab09844e347ea0f4cfcc85

C:\Windows\Installer\MSI3D72.tmp-\ExpressVPN.Client.Installer.dll

MD5 e79df256636d80c69810b873d9efcfe8
SHA1 3e586438fbb0b2ae743665b14436b4cc1a9f657b
SHA256 fb3b97b9683ade2d0cc9bc74933748b74032ea2c265b37fe060bbc1280d096e2
SHA512 fb47cfad24d6a965990cb672db9840aa43ecabde4112a7ff2049095bf11b8bf74404bcb82dd49b8d9ee9d4f418345948e943aa722fe025f1a5cb473bdae96347

C:\Windows\Installer\MSI3D72.tmp-\ExpressVpn.Utils.Wmi.dll

MD5 316786e333501cbb1b9d7a2799e4d4af
SHA1 53884c1dbfb5ec819aa8d0242205e026ecc73bf5
SHA256 bd837011f2b402833653bf4c2e4ef065426316672c09d6764686bd798b3a22d6
SHA512 562a0e9ce21c0a6333569207f8fcbc8b4f79872ed17a5d9a40a05ed6b9ccee33ae0df82d96a4e58f2bb39a97a5e945dddceb9726419616ebff0fa52ec38c3028

C:\Windows\Installer\MSI3D72.tmp-\ExpressVPN.Utils.dll

MD5 4fe7e636837b93970abc6f0de3531c40
SHA1 1874886c7c25bc3f3b5250bc892b0d024d7b874b
SHA256 7406b12169d3a9e496c64df21635e99189a632e4d43b7bc28193699e0f8fa3ab
SHA512 29e1cd8a6f762a35928535c30ef20c394e59d2280ecfe93e0d2f0aa728e5bfff59496e5e6bc5d170fb3798faa71498e55a61a1ceeea594496d7afb2e37d1ab76

memory/4512-2521-0x0000000004FC0000-0x0000000005036000-memory.dmp

C:\Windows\Installer\MSI3D72.tmp-\WixSharp.dll

MD5 dd1aaef9d73a034f25c660c892cc3492
SHA1 cee6f7bc28721daa7c63e182baf18b353f981021
SHA256 08650aee86ff2e3e31b7d1e5239d61a668f1efb56e0bee43f824217b4360d01a
SHA512 b095fb787f243baee30713428adfba1b98b6e58b94f10acebe03318786e46e6da12c183474b014e7b97bc4720ae4e24f71e39573cf7827f9ad7d5f949389fa6f

C:\Windows\Installer\MSI3D72.tmp-\ExpressVPN.Common.Shared.dll

MD5 e13ebbf5e06bba7267eb1f14dc027ae0
SHA1 bedade1d1b7f6217d7127549c0a7a2dac416a0fc
SHA256 0587fe0fde62220324b26426c00e7ffd895e8b17b768d79710f934bfb559a065
SHA512 7c47952f6672cf6319e29bfa928a12d56de87f0a7a25958e479ea43add25e39c8472db3c56c2fc7cc9cb9dd83de4b7243d5a6b0013e3f79771fb7660901ce726

memory/4512-2530-0x0000000005070000-0x000000000508E000-memory.dmp

memory/4512-2531-0x0000000004DA0000-0x0000000004DB0000-memory.dmp

memory/4512-2532-0x0000000004DA0000-0x0000000004DB0000-memory.dmp

memory/4512-2533-0x0000000004DA0000-0x0000000004DB0000-memory.dmp

memory/4512-2535-0x0000000004DA0000-0x0000000004DB0000-memory.dmp

memory/4512-2536-0x0000000004DA0000-0x0000000004DB0000-memory.dmp

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN.lnk

MD5 841038ec9118a58a82880ee44e4967e7
SHA1 223ff5f98fb31a9ed8be1109b08f96208a458f53
SHA256 3a5317f052b3992263eeec3f932019303b9979111a65b9ed277221b4f40a8fd6
SHA512 650ba2333d68e47a1fd2471731c42eb6e6f2e198861eba079373a6bbb832909032d01965375ccf9a3663af9d5a5bc56c9556c503f6527dc5bd563d3c4cdce247

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN.lnk

MD5 b38f81f0772d3381ea5165033ba4a99d
SHA1 d038ea598f742841aa96738003c3d8325ef60ed1
SHA256 5ca6908b6ce677c23af4c7a91f3dfc7bfe387ba271d33c1151ca4e2a160359f8
SHA512 77b8668878f712d5be4b0af55ad073bd0697ae3e50318546871f96d6e6df0d30ba78b7092454534ab6b9ea4264b9f18bbddad9f987aae1e80064020c3c78b4ba

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN.lnk~RFe584570.TMP

MD5 9a7c84fb3ba9a945b52ff938f21002ab
SHA1 646b54ecd1eb736f4c882c0493f5cc1f6899d220
SHA256 9462671130fa8dc30dd7b4080b7753162371881d312146ecd6d504e5e2e31391
SHA512 22507fa25966a34b81b25198412d5dddfd183b0710e1fc22f89d77a381a103e65382bc6bcecabf97a81787fcb14deebddbcf90bc717e0371f8ed27775dd81267

C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe

MD5 85ad9f4cfba5a47f8714fd63887605ab
SHA1 79e52d574f81a57168fc1dcc25fd3b2e5c361603
SHA256 e85912b9f6d1434726264cef08db208b92265d2b6fddf42234bc345a9684bf11
SHA512 1272401153dadb496d850901bde2f96f677a1591b568ca37476b362611621c45ad437b891a3c7e98b9cd99081e32fdb027512ef2b5e9391e36aa728ab708c1bd

C:\Windows\Installer\MSI45C0.tmp

MD5 9d0ee5a255b92fd11c36979ecb3aca67
SHA1 2021cdb47d5743ce84991004c3891f53173ebd59
SHA256 ec23d81a8e3139d572150e582fb7191b7db3a338f507301ed94cfad8ebc30206
SHA512 925208e9202f3003cfd81de194d170ce9cd539a6163a35f169cbd41ad7c478c444885c7574a5516a282e16485a413d6938f59ba710d230340b746bd67f13f088

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e9d9bd4fbaee64f6bcd39f9e0018f675
SHA1 af501cf379082cd0f9484ffed26d745c057de048
SHA256 3a316bccbb16b3a5e413beee4e3992d5dd4241a5bfe8ab8ead7aad126e74de6f
SHA512 89b8e03cbc2f12a8ac7cf331e916a0dfa3ece11b79e54ef13053bc29975869c609b502247de657d15cdeab343338b4f737aa8cf67f4b6898c03128ba17687817

C:\Windows\Installer\MSI45C0.tmp-\BootstrapperCore.dll

MD5 b0d10a2a622a322788780e7a3cbb85f3
SHA1 04d90b16fa7b47a545c1133d5c0ca9e490f54633
SHA256 f2c2b3ce2df70a3206f3111391ffc7b791b32505fa97aef22c0c2dbf6f3b0426
SHA512 62b0aa09234067e67969c5f785736d92cd7907f1f680a07f6b44a1caf43bfeb2df96f29034016f3345c4580c6c9bc1b04bea932d06e53621da4fcf7b8c0a489f

C:\Windows\Installer\MSI45C0.tmp-\Grpc.Core.Api.dll

MD5 33e82bfceee2a76c34edee46091bafc8
SHA1 55c8e27e8efa1e08e87f96424c574ec581335910
SHA256 1e6db7069217797180cf7664e555994a9993db0155c9761be8012860bb82f8a2
SHA512 2818f76c324cfa556c5c9b68cba712c57d12da2f1bf6cf6defd314c0a5dbe4f504e20c04deaf9b69be6a56b01f47fe341ffbca2a431df9a71b28d38c9e1ec6bc

C:\Windows\Installer\MSI45C0.tmp-\Grpc.Core.dll

MD5 832a45191b8711adc888d8d45b26f0f8
SHA1 a90d87c10f3e5ed48a80f8e1cf0e883a07830c8d
SHA256 873b7debc4411c2707b48de1454d2ff437d9d56d44ad603c6487a8fb69b4413c
SHA512 94fe9bad110671a1bd965f4847609ed20955f082f96c049b1679634fbc878b189edaf952914137316a3a7ee65996df020ed2c65dcce0b7ba55db853f48132ef4

C:\Windows\Installer\MSI45C0.tmp-\Google.Protobuf.dll

MD5 25647dfce0e91490e97f8c6366b2632a
SHA1 8b812d8418143e0e8bc782e6687583dee13710bd
SHA256 da005e408ac85c4fafae30aa79ab7c18ddfa9fb5b23cd7fb2228a88413388c54
SHA512 5c0947cceb867f765ef4e77a73c2e2cea11f80ed83cdd43f3f5816ac2c27403fa74ea6a7edd648061d14d3e480d0f5e8271b754688d8da62e8653ae7581bb910

C:\Windows\Installer\MSI45C0.tmp-\Microsoft.Extensions.Primitives.dll

MD5 d833ddcb52e5c6d6da71bae25395a911
SHA1 17ce025ad7a0175c467f5a7108ca81a813e4ac21
SHA256 76152e774b2bd9c5a0d301e92e253d8bf55fa90e191d0155dfd86b2b84766ae8
SHA512 fd963a9fa5bdd10a1c54ce8fcba862b59786280ca5d668fa041b30b80d7fa2b84230d33b1c0541423534c764e7432213039d5f586d0427d542c0faf703081a79

C:\Windows\Installer\MSI45C0.tmp-\Microsoft.Extensions.Options.dll

MD5 3ddea0033ead23660b51921146dda017
SHA1 5708c44aa5326da0a69072a9b0e48715112a4bdd
SHA256 c4673c6000602e76844bad63feecbe42d88fc72639b1fd64d2acde48955be970
SHA512 d57e25a2412f2685770e3fd1d6650ee433ed28d337221941841eb9589dbf3868a27efb0d488f960f75785e60357cd2914b0eece1da62aa9ffe77219340c03576

C:\Windows\Installer\MSI45C0.tmp-\System.Collections.Immutable.dll

MD5 c598080fa777d6e63dfd0370e97ec8f3
SHA1 9d1236dcfb3caa07278a6d4ec751798d67d73cc2
SHA256 646d3b52a4898078f46534727bdb06ff23b72523441458b9f49ecc315bf3ef5c
SHA512 8a5b4afb4363732008c97d53f13ee430401e4a17677af37123da035f15f9e9409a2aeb74ae238379291fd5de07c3cd4e3de2778da5edf83a42649fa5b281cb32

C:\Windows\Installer\MSI45C0.tmp-\System.Buffers.dll

MD5 ecdfe8ede869d2ccc6bf99981ea96400
SHA1 2f410a0396bc148ed533ad49b6415fb58dd4d641
SHA256 accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb
SHA512 5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741

C:\Windows\Installer\MSI45C0.tmp-\System.Memory.dll

MD5 6fb95a357a3f7e88ade5c1629e2801f8
SHA1 19bf79600b716523b5317b9a7b68760ae5d55741
SHA256 8e76318e8b06692abf7dab1169d27d15557f7f0a34d36af6463eff0fe21213c7
SHA512 293d8c709bc68d2c980a0df423741ce06d05ff757077e63986d34cb6459f9623a024d12ef35a280f50d3d516d98abe193213b9ca71bfde2a9fe8753b1a6de2f0

C:\Windows\Installer\MSI45C0.tmp-\System.Reactive.Core.dll

MD5 f20967beae947a5d54156b5cb40d0c04
SHA1 c5ea57f70835e22cbaf08ac5262716de3de16f2b
SHA256 ac464ea84539c60cbdb498dd787f6fb90b2f11067a5acc9e1ed4f8f62cb7bc7a
SHA512 7f1fd97ac58bfe5194e348a141595bb261870bed0cdab0e491aec40da7a930d2d821457aa2e44c80da276bbce98dd3a08e344de3539037367977815055a79435

C:\Windows\Installer\MSI45C0.tmp-\System.Reactive.Interfaces.dll

MD5 0a471405a43ace8273b6e266f819901f
SHA1 bb7c4d3930358fa574136248cc1da6c9bcf5f192
SHA256 c86b4625d3a35b6f600d8f0d129b82eb73928e5d4f9df1a028e527aac86ee4e4
SHA512 27da5c7d98cac39525b845f40f128cbbdec6a693c1f20be689a1bc2ec0a2fa33a1a82605dad06e410371cf069304663bd6bf1c4a5864d99921e0584243b33997

C:\Windows\Installer\MSI45C0.tmp-\System.Reflection.Metadata.dll

MD5 c4ea65bd802f1ccd3ea2ad1841fd85c2
SHA1 2364d6dd5dd3b566e06e6b1dc960533d2b3017b7
SHA256 46451e1168dd11d450aa9b6119f17cec9a70928a40ac3c752abf61ce809cba6f
SHA512 fc4c18ea6a6f38d8c4b4f2e02d3d077cc729b531ca08cf9602c65e22aadc0be770e441660cc980cbfed3b27bd783e65f793838532673e2845276390b4b22d730

C:\Windows\Installer\MSI45C0.tmp-\System.Text.Encodings.Web.dll

MD5 e8cdacfd2ef2f4b3d1a8e6d59b6e3027
SHA1 9a85d938d8430a73255a65ea002a7709c81a4cf3
SHA256 edf13ebf2d45152e26a16b947cd953aeb7a42602fa48e53fd7673934e5acea30
SHA512 ee1005270305b614236d68e427263b4b4528ad3842057670fad061867286815577ec7d3ed8176e6683d723f9f592abcbf28d24935ce8a34571ab7f1720e2ffc5

C:\Windows\Installer\MSI45C0.tmp-\System.Text.Json.dll

MD5 38470ca21414a8827c24d8fe0438e84b
SHA1 1c394a150c5693c69f85403f201caa501594b7ab
SHA256 2c7435257690ac95dc03b45a236005124097f08519adf3134b1d1ece4190e64c
SHA512 079f7320cc2f3b97a5733725d3b13dff17b595465159daabca5a166d39777100e5a2d9af2a75989dfabdb2f29eac0710e16c3bb2660621344b7a63c5dbb87ef8

C:\Windows\Installer\MSI45C0.tmp-\System.ValueTuple.dll

MD5 23ee4302e85013a1eb4324c414d561d5
SHA1 d1664731719e85aad7a2273685d77feb0204ec98
SHA256 e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4
SHA512 6b223ce7f580a40a8864a762e3d5cccf1d34a554847787551e8a5d4d05d7f7a5f116f2de8a1c793f327a64d23570228c6e3648a541dd52f93d58f8f243591e32

C:\Windows\Installer\MSI45C0.tmp-\System.Reactive.Linq.dll

MD5 317dce13b2316abee548a2b013f26471
SHA1 3123573b2291a0f01badb10b149f741bcb9eb0f7
SHA256 21fad2983b4b2f95049e975c9f26a77bfe9281d8ed18e380c9017fc82137a1d9
SHA512 3444f813632f5f397b5c27e0314479a404b7ade058a5e6c540331fa4fd5fa798ba7352b1bf58d6f977e5e61912ed9620a1ec1350901d0b00fad2ace3eaeb6163

C:\Windows\Installer\MSI45C0.tmp-\System.Numerics.Vectors.dll

MD5 aaa2cbf14e06e9d3586d8a4ed455db33
SHA1 3d216458740ad5cb05bc5f7c3491cde44a1e5df0
SHA256 1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183
SHA512 0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8

C:\Windows\Installer\MSI4A26.tmp-\Microsoft.Extensions.Configuration.Abstractions.dll

MD5 baa7644ed2f322d1d2c953220987c4a9
SHA1 3860c3d54413837fd23e9a7081c15d27ab2ed4f0
SHA256 5da295c08aba9257c8f27a39a3d21e0ee82c4e55c098794688305c270b4983b6
SHA512 034cb63f8a8ccf99d2cb182c72e7e5ad67cd23baaca376dff3444c13e9c0bb78e1e5643ed82999130e9398fbd643cd86a875249401a49438b7d7976329d2ac74

C:\Windows\Installer\MSI4A26.tmp-\Microsoft.Extensions.Configuration.Json.dll

MD5 ae4d8069218e6a793e4cb461e09d4d9e
SHA1 cba0b162d94d80def76020a36c855543e8787ef9
SHA256 dfa8ce0bbd09c898957dc08ca9d3e1db2e87edd5d940c78f6b0becc6243d9d9e
SHA512 6c838cbba6623ec3f9168f79f27ba651073a96cda48cdce244883caba27004ac72f76c77f5012f0b044877fd3d90c1b9425465fc1782f0b5dc37d33c9f124e3e

C:\Windows\Installer\MSI4A26.tmp-\Microsoft.Extensions.FileProviders.Abstractions.dll

MD5 9b981dcb9329e9043987eb2c24371714
SHA1 c3c45b42a67525cbf8596cf6ef9a56d103bb70f9
SHA256 0706cedcd984a2478f10a9e57bb06e81bae2e0a1271507b26e91fb8f8c3413fe
SHA512 566bf7d258d3306742c3c585d04d19b338a8e1224e29ec7af35770e6827bf597a613775223cf93aa9afcb4ea3da0ca53b99493d9b3c6684da815907c8629b03e

C:\Windows\Installer\MSI4A26.tmp-\Microsoft.Extensions.Logging.Configuration.dll

MD5 89edab075ca0d2e8eee86dbd664ba609
SHA1 651ca53b439982ae4583722e650570c9e6d78561
SHA256 5ca00fffda7e3af0b67c0f9c0c572acaee4a0a50c1b9c38d3be19cb5a358890a
SHA512 fc28c7b66fc2e9b750058c0e1b8e5bca118212cb1cc2a91c9701514f319d63c38ffe95682ed3bdb892d58c97d35c22a12d2db22e3ee283fc3066c67b5908b222

C:\Windows\Installer\MSI4A26.tmp-\Microsoft.Extensions.Options.ConfigurationExtensions.dll

MD5 25f286646b702aea416ea09b4d1d5dab
SHA1 63762d40b3d8bd7e2f7d8f6fb1186cbfa4b4f0a3
SHA256 89595fabd8b150813d0d2e8993f19aa2e2cab3b3be22e1173c8179b51b37dccd
SHA512 019c432de3f3bee3be6ef0a88b5a4966e1b6af7fe2ef6b19016248554f11acbf0ced306582930c3dad781ad308b9b98a27b2889f67f2323f9747033aff9a7617

C:\Windows\Installer\MSI4A26.tmp-\Microsoft.Extensions.Logging.dll

MD5 73eab96c0898a78a61d89782ef6fab83
SHA1 07541eed457b5977890c13622d4fc4cabebc67fb
SHA256 c4b2b98c21b24b88640bc0be5dcd335d82df129dcaa0dcc778d91a759a037524
SHA512 90e8b699f451667d18762cbeb0f050f5462e97186b2b495b5de737ae565a7e1667c0ae5d89442ad93c08f2b5db5459b7febb63b1667466e13908f24cf1e3c075

C:\Windows\Installer\MSI4A26.tmp-\Microsoft.Extensions.Http.dll

MD5 4186e9c7d8c571c4620b5e6ea312539c
SHA1 6ffccc5331e561dc09c80acbb448f14500aef8c8
SHA256 8736296948e3d51c58303a328000f9d6d83160084d2d375e71914c55e6aaa644
SHA512 707942962d1ed4865796eb1432418ecbf4c948c82cb5e5536b5320765427d0028024510904197cfa08dd110bd09887916f208ac35c25e715f5c6d7827ea1a8ce

C:\Windows\Installer\MSI4A26.tmp-\Microsoft.Extensions.FileSystemGlobbing.dll

MD5 f8dc23b883576fb84eccd1b7b56490d3
SHA1 c447b48529380954c878f1d933a10ef1bc402bb6
SHA256 1acb904f6eee86f33b507a7e7cf8f2112d34d1b34daf1532df4d800795d328bc
SHA512 2604147c8a3664e2abeeafe9503cbed07866c763581c7587f59f8472718995c7d17782385826d70ab515a73bf4efc57e91ec5738d09363689305592c38fdb6db

C:\Windows\Installer\MSI4A26.tmp-\Microsoft.Extensions.FileProviders.Physical.dll

MD5 4e153e7492eae30cd0aa49a3140c1ebe
SHA1 55c123a2f3d1c7e24c4ed5edc54043cd9c37810a
SHA256 6bda4bddedfbb9023a5330dc1fd528e851cf2c869e53f3248e704927cec107cc
SHA512 ba25bbbba4c3e454f4ec064195f5f5e9d0cc4c217b9b4ee538fd31d138224a12c58c0b97c588ea4ea482b2303b0afa04125c30bed102b7c5f2aa645d8e7c03bf

C:\Windows\Installer\MSI4A26.tmp-\Microsoft.Extensions.Configuration.FileExtensions.dll

MD5 8be2c97bbbe81795e3042602a21965e6
SHA1 cf89501075ac6713c091ca773dad2ba946b7c6ea
SHA256 385ec618612990af5b4d8ec6edffb13fbb5ff5a03e7786033b42ea061ee3976e
SHA512 d89a13ac0e3639acbb26f43739cd7a01ddb07fb03d7e0db5940dd28624d76014ba5e420b45f2d35b1acf0d9b3117a06f41f56109066fc95e9bb438d7516afc04

C:\Windows\Installer\MSI4A26.tmp-\Microsoft.Extensions.Configuration.dll

MD5 4ae4c4004b28a9c7286ce1b4f2bbf415
SHA1 423c11f0e71b51378f39eb275093aa223c49f848
SHA256 d5f7cd54e4aa3b02bd445bd5b8ff4786cb6463ec976cbfe820fced5e272ec572
SHA512 7bf95813a0c66425dcf3e4d7e0078f72e97a3df9baff9cc525f2292f5cdbbe1cb52fd674089d1be15516770f214b9e7bc937de314eb9042441bf0ef1be28b044

C:\Windows\Installer\MSI4A26.tmp-\Microsoft.Extensions.Configuration.Binder.dll

MD5 b825099a89c81fe4127ee2628596d5d1
SHA1 8e69faa62f82dd042a51a345eea19b959442e985
SHA256 f2f6d158380c32a50bdb827b4d63f97c364f221813641daf74c257034484b507
SHA512 5c8dd2275702daa09bee2a8dac563d1292eef6735cd0a3a250f633afb3ac7823769435c4a29796b0b3522d72312497bac86b5ca71cbba2fbe31ce9cc24557068

C:\Windows\Installer\MSI4A26.tmp-\System.IO.FileSystem.AccessControl.dll

MD5 3409c581f0c5083f0c2a93a7a5ac9790
SHA1 18ea7bd41d31247148abf184527c9368a26f39e7
SHA256 e6026501ad4056ff2f1655b0afdfe8923bc6e8fbad67e1e9ef56e3002f49fbb9
SHA512 ae877c6fddad0e4133274e6372d783eaa4dd6bdcbbf40ab66302fb89bd2f76b215130001186b5c9a135abd16336c5bfd4d414177704d7d359539da91918e82ed

C:\Windows\Installer\MSI4A26.tmp-\System.Diagnostics.DiagnosticSource.dll

MD5 ccb6a65fa77074cdb0cb00478a89aecc
SHA1 be6e62302419bfcd9fd9842a9084e64367580970
SHA256 599a79d25958eae655ddae7337477d16ebc4f013b6896bbd60719c85b37db88c
SHA512 0495c13ced63266fe1adbabc0e2c86e7d6ce1b1dc3065f42a40607239ae88c92c39eba07a02dc0c68e200883b65a8541fd7b5c3dea58cb4c6d494dee0946d605

C:\Windows\Installer\MSI4A26.tmp-\System.Security.AccessControl.dll

MD5 996aab294e1d369b148d732e5ec0dfdc
SHA1 28465fd34680a082506f160107f350b46140a1aa
SHA256 1fda491eebdb19ea0a83cf6c16ab5dd004a1bfdfc845ede017ebe0945beb927f
SHA512 5e6b172d2de5928915b38ec80c7b76f42430aac959f04aa3521c63495b6f3c4f82df139c275e9fc5024b1a0a4f307daade6130b6028779f98f456282ae8b61cd

C:\Windows\Installer\MSI4A26.tmp-\System.Security.Principal.Windows.dll

MD5 be2962225b441cc23575456f32a9cf6a
SHA1 9a5be1fcf410fe5934d720329d36a2377e83747e
SHA256 b4d8e15adc235d0e858e39b5133e5d00a4baa8c94f4f39e3b5e791b0f9c0c806
SHA512 3f7692e94419bffe3465d54c0e25c207330cd1368fcdfad71dbeed1ee842474b5abcb03dba5bc124bd10033263f22dc9f462f12c20f866aebc5c91eb151af2e6

C:\Windows\Installer\MSI4A26.tmp-\System.Runtime.CompilerServices.Unsafe.dll

MD5 c610e828b54001574d86dd2ed730e392
SHA1 180a7baafbc820a838bbaca434032d9d33cceebe
SHA256 37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf
SHA512 441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396

C:\Windows\Installer\MSI4C98.tmp-\ExpressVpn.Client.Setup.CustomActions.pdb

MD5 d47b237172f53537265eae8e3519606f
SHA1 11a8cb9f6f74968b8098e2715f695a7b7bf53554
SHA256 53788ab62cfd07a5f3116e20181c1292a6ff2ceef724bf41cef89b35a10d481e
SHA512 fc8079c00f119a0368aa364bf94558877f7ff21f54c0ce75fb088efc2c6a4ba2e83f4846c2f13dc129cb01e353a731a08813ae49b396f5f368d36814a84ff24b

C:\Windows\Installer\MSI4C98.tmp-\LaunchDarkly.ClientSdk.dll

MD5 b79e7de7c6642e6d6ce8e2b37b921c2c
SHA1 59eea6cc0dd51fb08d68cb668e81f75946b343d1
SHA256 15e9c3d9f8efbcdc5f18d5c77ac81fda944b38afcca559d8e21b3346b42afa27
SHA512 1a54d162b342e3cee2a3b2c8a856e99276df5ece4e4cc48b6f306c1e653554a5430d3f9b3dbe03bc589fe0d9aee12c9a9fedd135172d825f917f1cf478ea1910

C:\Windows\Installer\MSI4C98.tmp-\LaunchDarkly.CommonSdk.dll

MD5 bddf7315bf45d28f31ddfeba750eae17
SHA1 4dd5532e09df3e134105e41cb78b5534de314e6b
SHA256 0afa90a013560bffa6f335f5565e4947b7ddc8056c31e08d13a771d036748099
SHA512 56939801584e59266a36c4caf32329835cbbca618c5b0ca81709de1d67aa968ab5ac6b993695593b6480ea1a76c24155055825e6ae6e8741f08bac0397b276c5

C:\Windows\Installer\MSI4C98.tmp-\ManagedWifi.dll

MD5 b4130361f0edba34394a59f5d434ac88
SHA1 58061bb6dcb6f4bcc9d341730923207645184169
SHA256 3ffbc36eedbf1222c2b4034530ee258b654e7e7f2c23900b83c01454e0a4f80f
SHA512 c95a60d8701699d8ac5fc0431ea8402c11b31599927c83cd41c7e7076111702eb904f638f4b4f37749bbdf801b8b62bb876c95211d18dcbf5c8af75bb4f81a57

C:\Windows\Installer\MSI4C98.tmp-\log4net.dll

MD5 8594e528cbd4b9b81cdf98ad39a7f7da
SHA1 51c67d26bbc287ce39c892eff1a6178dbc2c1219
SHA256 e6b5667056e67787e77a10be1ba134f46c1af8d4977148aa7829c9222fea80de
SHA512 eb6685ad13dbce6049fb38e15f17854a8fd5bf797d1a45fa7264db5e1ae6094a480e7a6ddb0d02ce5fad4e7394cbec3f1e5d9cd4eed0cf3b8b0eec18384a8608

C:\Windows\Installer\MSI4C98.tmp-\LaunchDarkly.Logging.dll

MD5 5c0c31190f09f6da14d16a9f1c01378a
SHA1 8cbe5d3a83b91d55b5bd511fa24904b48002eb57
SHA256 d8c514832108b4defc03968c375e4b263b0ef0fffdbb85d30d3522c07fc6372c
SHA512 a65d490717d09feff5894cee7fbb00a8d88bae3601b89f2dc45c73eb3fd85ba02b80ff73686dc8bf5f854675b7569c2eaaa4aa87047e4898c6a2003cc306c327

C:\Windows\Installer\MSI4C98.tmp-\LaunchDarkly.JsonStream.dll

MD5 a6364c20196dea022227564b830ca058
SHA1 560bc6572892014b5cf43dd91cb10d2f3c39de92
SHA256 7c49cdc1202e3691fc2848546e267136cfb597b7f50533a1b2c7e8c755389f65
SHA512 9ab37ae34c020e0cc4a9f2f542e9a11f033911578ff730139c73687f2efa96a7899e2aac68e1ccf4fbf6dea4ea8e29cea19fda607f38c54978b371633afd0b29

C:\Windows\Installer\MSI4C98.tmp-\MissingLinq.Linq2Management.dll

MD5 3a41ddea7a6ced7d4a1af988064350ef
SHA1 43405986af7602d8ecae222e34825e469d564c6f
SHA256 a52086b39a18146dcb27a492d2429b6f70fd12044e50d56b8b17d172254f6aa4
SHA512 c789bc85f8fe77600bc5723c92a1fff4e75924db6cfc7eede22ad08d6fb3675b396e627f1eb271b372bf28384322f8ab3326bb7ab22e7f50fb35b022b2e2b798

C:\Windows\Installer\MSI4C98.tmp-\LaunchDarkly.InternalSdk.dll

MD5 37f3ffd5ec2276e591cb3e47e6fbd2be
SHA1 75cab5c4c5fbe168f0030af5836d267ca5ca67d3
SHA256 12a8f93a53951d7adc792753839064d79a4338475327f49d61372761ef0b0959
SHA512 9f36711a94e821bd2eb0d9ab3e7c296f5ab28f492016748849384170c8b4ba3264a84e14ee860ab574a1e784d10235709c197859907475370e245377542c0999

C:\Windows\Installer\MSI4C98.tmp-\NLog.dll

MD5 6553bba76b42597080ffd54cb12a33c4
SHA1 661357b08128507a34fe75466ecb5d7e3a522454
SHA256 c73881b442220f671bd35873999483777ebdc95b5123feaa5813fd9d55268b64
SHA512 ed9180002c30a18b5ac73224b8560163a1323a878d6b5698aa76bd0e5825c28f525d3f0080d1682224d24b739425d6ddccdd9f272cabb4e28a21073100589f5b

C:\Windows\Installer\MSI4C98.tmp-\Sentry.Extensions.Logging.dll

MD5 8f826963e958bd0816266db056b049b1
SHA1 ee1e08065a5ece32e0783e36653db25abeb62173
SHA256 ac278dfa3187a5c2480e5c60df999890390d35260c39f0e2d74d25d166672e14
SHA512 c58fdbc9b474f1a84098d14627d0a1b44b463a23b772da79bfa269bee5dbd7bbafa1cd72eb3dcc8db3cf42a103781d0de787bae00d80bbe5f18481a5435fdccb

C:\Windows\Installer\MSI4C98.tmp-\Sentry.dll

MD5 2e7dfe826fbdb73299d37722206fb29b
SHA1 268056d5f8519db888bbd2ec274128333b81b6d2
SHA256 73e9de1f6002f9ef0df14f9a934e4ef87578a7dd67012cac0acec593832f824f
SHA512 36ba5406343acca303792702ebae768f7c853d3c651a181d8e897dfd20c71f21046a16a0ae2773dc182ca853cfd45cae6e442e9e5b4c39fe4154f2cc483ef5e7

C:\Windows\Installer\MSI4C98.tmp-\LaunchDarkly.EventSource.dll

MD5 88e4c62a290c1b92a5db9dfaea8b27a2
SHA1 40924ee10f8fc47a4b0e155f94ae63d84c38be09
SHA256 62d279ad27aba29a8dc9e8d74ceb509e11bf88fa8f3d2d10f8a7d0d581f85754
SHA512 69c838ea49bde60c7ea6b56a597a86a14654dc2262f515ec82f5362ae157f4395a0ce4d72d8150ac2c43031f8e1a4d55b6427cdf07091cd838489406dc95bbc5

C:\Windows\Installer\MSI4C98.tmp-\System.Management.Automation.dll

MD5 7bde1e64b59b1922baf74b6a19b8fc32
SHA1 2daf4971be94dcdd811d1bf799eb5d08502a87ff
SHA256 1fa048750cd62df4e1317d9fc054a95d49b6b142b2825ae15d983f43af91528b
SHA512 0c5a2279ceb52798a8f398a5c498e67a606275e75acef5627c2103db54f920c567e92d4adf7b2050acbfb1de33f118ff34d85ba7db0f08133f89efd633aa235d

C:\Windows\Installer\MSI4C98.tmp-\WixSharp.Msi.dll

MD5 92a1f1ab887a8099eebc0a646a0455d4
SHA1 8ac9e007e6a18fd238781fc80a4887b2d3fe6375
SHA256 7aac4d32402119d5226fd414e8449dd5bef70592ef29a2c5071350eb5d77d2dd
SHA512 f17ad09f6e9cf03f24d24bd3407e4fb57789b29d0d876798b01d2305ffc3a8b5176a463d9db6ce12a86314c2686f7a6195239dd1e901116ce602f72e3a88b09a

C:\Windows\Installer\MSI4C98.tmp-\WixSharp.UI.dll

MD5 4cb9b80d4790c5ecc3ec5718a8345f10
SHA1 949c3128e65606899550831bf824214030710971
SHA256 a4cabea22c6d3e0a4e1b640b97705c448400bec6945830b6dedc6e85ff54e96f
SHA512 d5e96c7124a12735e40cd6960caedb8c7f64c379d3f823cf7d556a0cfb467763695d3355074ed586580c91aea73af857e314e3e7b293a42c025931c0f041a4f8

memory/2900-3092-0x0000000000E90000-0x0000000000EA0000-memory.dmp

memory/2900-3093-0x0000000000E90000-0x0000000000EA0000-memory.dmp

memory/2900-3091-0x0000000000E90000-0x0000000000EA0000-memory.dmp

memory/2900-3094-0x0000000000E90000-0x0000000000EA0000-memory.dmp

memory/2900-3090-0x0000000000E90000-0x0000000000EA0000-memory.dmp

memory/1764-3271-0x0000000003190000-0x00000000031A0000-memory.dmp

memory/1764-3272-0x0000000003190000-0x00000000031A0000-memory.dmp

memory/1764-3274-0x0000000003190000-0x00000000031A0000-memory.dmp

memory/1764-3275-0x0000000003190000-0x00000000031A0000-memory.dmp

memory/1764-3273-0x0000000003190000-0x00000000031A0000-memory.dmp

memory/5160-3444-0x0000000005260000-0x0000000005282000-memory.dmp

memory/5160-3445-0x0000000005050000-0x0000000005060000-memory.dmp

memory/5160-3446-0x0000000005050000-0x0000000005060000-memory.dmp

memory/5160-3448-0x0000000005050000-0x0000000005060000-memory.dmp

memory/5160-3447-0x0000000005050000-0x0000000005060000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7ad2e7ba040862e30d94b388fc095e7d
SHA1 09fa459449166e83147552b0dab19c218a822b6f
SHA256 66bf262c26d51704828cf42b455030a130fe1b54969d83eca6ca1f5799a64b69
SHA512 d617d9c09ab55c8e02b1126ab8e9db8da5db875e9919fc63ae70a2928c8de18c12cef781e2d01991958162a4d10bff16ab892a02b51d4a4418fad32b696f2051

C:\Windows\Installer\e57a079.msi

MD5 d5e72c30c8383525e3aed1f1c2f1caab
SHA1 453c6b82989d62d7e3d9e1c805b5d106c1f5463d
SHA256 59efe52b08ee6c4cef658510eeb2be1b4f4701d162ff581a57a2997421652c57
SHA512 f8e67557af9e9053498460a32401b0b9f20cbe771d14189df112db505ba2f9330c7f89fa4aa61f486a4ab7867115a0c1909cbf5b5b5546cc70c61280b49ee867

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1a1e72d9eba6e1deec86d8222e3f10d5
SHA1 1a89aebeb5e64b35dd6c696ef51828b876ca2503
SHA256 ae39161e9b5e17bf7a9998caa87477411353495f370f45d6d0cf8adbaeabc1d7
SHA512 5069f953aa88c3fd61d0a9d06cff9578d4168ea624bd412e3cff7f99a9461113b9b34cc6147a5a2c3a96b350079be242134c802a6fcebf74975719d3cb2a4bf2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 2636df9f69d06749733cd5318ff207a5
SHA1 d01f4ec36d52e5d64540986cb96ba0083f0aa70f
SHA256 e65219a32b413fa7ce617f11dcca6c0ede34f649999fc6921a94a904cac25915
SHA512 98b5710a8dcbaef588ee084a61696dd0b8abc56171c97399d2a358239f6177855b571217785aa4473ece805d14fb972ddebf395275b7948fe80ed1a07be3bab3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586f01.TMP

MD5 b69ea3b97f74cbfdff998db4f373d700
SHA1 4c762286625fa20521573415342137ba4fae5705
SHA256 8f708dafd14b0ba2c7bb647cf160993ba1f9ea351a4210bf8e807d6de8555305
SHA512 2308ce3aa838c095c3b68ba166b9fa2f9e45cb0467e3a8786178d17f0e2d4e55a0b7bdbb82607bfe4be8426a735114d0f052d460cdc4601ee400f8713891d395

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 d5999e8e1211d6f9ce3e574ca3b670d8
SHA1 7590d1b0de400cdf96f064f2e96906f114e124ca
SHA256 b6e0fe7e9fd7a4c9728c6bf00273de9bd95f501ca56d4868c0aab46eb8cff0b7
SHA512 a10994b33598204209f74a220f61e34b8e5aff37a533276eea433c3059f71d8d449629966f7235230a9bc101b74c5da61e7beb25c8ab07ab2227d39d5baee373

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe586f7e.TMP

MD5 4a05f91f217c820df347d4837cb54e9f
SHA1 a1b676228c506f8e3a27c8424951c34cfad7b7d2
SHA256 15ae1d091075f6ee289cc0a3a1ca30e3775d1c437a32ba0d64ad79da7b598ce8
SHA512 1855edcaa8e35b9ed8a78ffa6816508a47b77b19df1fb14318bb97aed5a72bac420d29ef214613f8115463fbd12673403839a1a604108a9fa940b051978521a4

C:\ProgramData\ExpressVPN\Config\p3d0hfrs.bin

MD5 2438ffbd144ce0a702ad1683097b3ab6
SHA1 9c76f62e511aa4dcd7efb07c2fcf0bcb23b3743f
SHA256 aadeaa54a88d4d95081060728c437fc87b389e9376b93f5e8e1fc9a93c7f00de
SHA512 bbd332f2eef1b51112a18813ac4ff75dfeb939fdd63f0c399e4d728a4865618158ebff00c445b6e440e0b82fc80a6dbb904263b0d444ccdb40ef221e38d28f92

C:\Config.Msi\e57a078.rbs

MD5 fec9a35f4888082c99fa8faa5f128a2c
SHA1 e960ee84aae9c22657445d5f399016ea32783427
SHA256 962f75332ab97cbbb6f52a706613133b4bed54f8a28fe3a05613de1a2cd31ad3
SHA512 9902c891586c658f0687b5a5cd97280948a28deb10981db2de2d5d335a8caa665823fda9f1559f1be22d7095b8826ad8bd4e7cfe1a645340a956be2fc8084028

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 e753dcc2ceac54c6c5b0619a7126f04d
SHA1 b4a85d46ac70dbaef2bf98e8fad3033777f00510
SHA256 2567f11fd0788cbea9ee96dde5b7b27fc77242a97a90c960a947aaa9a9f38e0c
SHA512 1ff65d9653e5372860f4f27c2baeaa5de15c1dff9fdec5e595c7b165a0923a90615ccb85c16034fc8ac02650773e2567dbf1d6ff2fbac94724018f00f13b5cbd

C:\Windows\Installer\MSI792D.tmp

MD5 a3ae5d86ecf38db9427359ea37a5f646
SHA1 eb4cb5ff520717038adadcc5e1ef8f7c24b27a90
SHA256 c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74
SHA512 96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ecc4e8b3-ba0e-4aa2-ac7f-4901bfd3cc49\index-dir\the-real-index

MD5 07bb39b5934a8a913e64d88e2a0a5876
SHA1 e04619b8f7706655604f1e38a9b3413ae7faca64
SHA256 85b99c05b4c5f55a707019568c014f81dd8da3139e0d6c94a0b9c8f16e087666
SHA512 e44260a2a0c8474ea41fdd8922ee405bd9ab717ead3b67f6b24482642deb9a8a5ec856dc4fc265c736c54bffea74e80dfa68e81b3c868d794d71aa4c6fefb8ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ecc4e8b3-ba0e-4aa2-ac7f-4901bfd3cc49\index-dir\the-real-index~RFe587b65.TMP

MD5 1fb3fb02ada79e61e1c07b0429ae39d0
SHA1 09dff2264a484286f8b0fb7826a5f6f5e8cc1ea6
SHA256 cf0f9210edb62aa6d44884915a695cc6e2c3f47020108f7df8e680fa041d404d
SHA512 dcd128e2ea2c321c274e7da4140bf2be6831cfee2544b0fef4ae9932645da9e26a8881e67b9dcecb9e4f53f2cbaac1a0f0f946256da35edc168b0ee8cdb6f624

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ca874aa1-c8e7-4aaa-ad66-342063748953\index-dir\the-real-index

MD5 5632443fe0a509bcf8139070f2cf9823
SHA1 1fad27c071c10a967535aa87892641ce6829abf6
SHA256 53f94bf61762edc359f4ae1a252edceb026043b42010bb49bed4535007c0289e
SHA512 d4fd5989880554e93bdc794b48b6bbabec91a90e54b5cfaeb510321026c60f8dde819045034ca5553f71fd42cdc55addd558d2d7dd3e2608775056ce74f81d2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ca874aa1-c8e7-4aaa-ad66-342063748953\index-dir\the-real-index~RFe587ba3.TMP

MD5 6b66885690944444bfd21a36bbaea50e
SHA1 1cdb49d66725b5c5d811182b8f2b1714e60daab1
SHA256 072a0e0936199bdb16cf67497b097981c44ba147edca484f5549ea3acb268e42
SHA512 d6181ded17c344386284d7c49ba60695c88198fa7f8e1711c65a2584bd9651d922809a7b88e436d2f7b8ec9366a4477507875d807f84fb2856f4424ecbd2e1d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 095c8f334e40499021f4e5b6a0732518
SHA1 d138e6799a9096fb01485828f9264e1e2a91a690
SHA256 a14d954383898d0e911e75010986b63b74ec7f3a8254ee13b40d98b1af7b5dcb
SHA512 61930e96bff5f34b1046c55f1e63487622537da2bea8bd02248a98e6b6ca7117db055ead3b17a4d1b4257dfae74310f315454e8322809c82b4c437e535749d85

C:\Users\Admin\AppData\Local\Temp\DEL7CC1.tmp

MD5 f162ee7a69d27493bd375907f666ca94
SHA1 b79c97c0cdb592f7ce01f3b4bddf5ab5db252547
SHA256 a8609434e1d3481f153b811e5f7c1a0a98b205a0a6d5a176b45b4b8b1ff1b95e
SHA512 cd32829c002d236014e45d14232f7104f4518291c39fa0dd55b5d29a1c5bf991b287b1ae3c6f16e5e8d31efba5f27e61d3c7241648936f1157d0564a1a47d32b

C:\Users\Admin\AppData\Local\Temp\DEL7CC0.tmp

MD5 8d3bd603070c5341750804592de30739
SHA1 19b27c7834ad7cbf1b9d6a396dfa0a5fa5588112
SHA256 74fd8ff3b37e161c04c4a17ada1138cc44f52b4af93f946237affb040b0c916b
SHA512 8c366f1a037e448edec3d324f559ccb56ac184c5f504764c8afec8cc56048d4532b8a0926e10316d6d41fc2b21a9bd673899ff459c665e6d3d8e371bce980c35

C:\Users\Admin\AppData\Local\Temp\DEL7CBF.tmp

MD5 988912a8a5ae0cafeb29f80b4e3af6d4
SHA1 1ca87bea628fff4c8995d92168e736ef7fffd1ae
SHA256 5c67aca3caf64cb4a2ca3111ce00da9aa1364583344896dfdcb6d85c5050f43e
SHA512 2d58cde0d8f2d2aca423a612c77f34a146f46c64f8e5c877e7395baf2669ae1537bcff6431c7c0c01bb0889ced875604f9c4743b0974c2f89e300aaa13b01d3f

C:\Users\Admin\AppData\Local\Temp\DEL7CD7.tmp

MD5 a1124e760bc0cbf9e261cdfe7a418832
SHA1 0795b0adf6cf467fb7942b1f7405bd0ed754a9d6
SHA256 0502f8da948a642e4db4cea611ce28dd3da8c2928d3626ce530cfafbb4d11f7a
SHA512 5ff54162d73559133b64bf35bf07da1d3ee064ce32c071caf137f9eea41d0fb30879e7835b6cf537639cd2442c9117a9cf68d4a5e89b8af5d1319b82f9f4afcb

C:\Users\Admin\AppData\Local\Temp\DEL7CBE.tmp

MD5 46e1d39b4319db3517b9fa2d7d0b67c8
SHA1 33af5ab0df4b9d690fe283fb8a8bd63508f3ada3
SHA256 b509e2c677b73b4cad4f09d0c3f94724bf3fd952b3f4c24c30985636ff2ed30c
SHA512 dfedfc09ca7c1dbe611015c19464918d1b13b0f9828d504ac11598be442d61ce3ef8038f0d9c9ea0275fa5d95630e41ffe6a0bb1b0b67f955a46a858669a345e

C:\Users\Admin\AppData\Local\ExpressVPN\ExpressVPN.exe_Url_gwqkjzvdy3xpznw2dfneavuubxdnvnis\12.38.0.60\user.config

MD5 df2ea154c113c86c064714b3b0b5555a
SHA1 c0b1a1a0a78a372d9fdd7ba4a029cdee42a0de65
SHA256 c2cf2a4af9784fca26bb94e650209bfdf1decee29f02e1398b902ad49182588d
SHA512 c7cbbe4c79af3c2a246ba361842d1adcdd541e1eeadffa1ea55e9be75ce5099b90d020864def8f449b8fe472a3576454809f036533404e706b1baa142402a0fe

C:\Users\Admin\AppData\Local\ExpressVPN\ExpressVPN.exe_Url_gwqkjzvdy3xpznw2dfneavuubxdnvnis\12.38.0.60\ehcqzq4u.newcfg

MD5 26e3e068ccf44f130f40a158db8c4526
SHA1 c5f43d44ddadff0fd11a4f6285b54329196d668f
SHA256 18c2b162e66a3fe5edfb24eb6215dda7c075cc8afa9eb69cd2bcb0785f400e79
SHA512 7720c82b2464879668763cad16963de5d4ecc5ac377b641cc8675d113c91a462c46733396be023417be05ac3b3eca3a8749c1e91fe191bd697db092df14e6856

C:\Users\Admin\AppData\Local\ExpressVPN\ExpressVPN.exe_Url_gwqkjzvdy3xpznw2dfneavuubxdnvnis\12.38.0.60\0gz3r2eu.newcfg

MD5 286c05e5e213d7e97069184c0c44c85b
SHA1 009b760165d9332fc7af6bfa05a826fb87964f9e
SHA256 d29a7bc5b1f30f8d9dde55e417e89eb86b5339613910e293405b5aaf50fea7ed
SHA512 eaf3ebf413e08b111a6937947da7b29100737d6c1b4c21783392d1093db3ec9e28371f1afe203c3335f866bb09a213000d48a60e71a7c54d2750b1582c033b1c

C:\Users\Admin\AppData\Local\ExpressVPN\ExpressVPN.exe_Url_gwqkjzvdy3xpznw2dfneavuubxdnvnis\12.38.0.60\h2ryqczs.newcfg

MD5 0b5a51b4d5c666f5df3161ed1bc62511
SHA1 362568ee7b81c337f4abbc2179682346445785bb
SHA256 95eaf9af9ccb14c33daeb04c498cad14f7b4eca49e890cb0c6debdb189a0538c
SHA512 947d1717325db18bbd7782929b018ac54660a8465d52c9264fa0d4b2521682ffcadb15bcc93c9bd141ffa3c7d9ee3397b4b7fcae74a9511bb404d244eb660b12

C:\Users\Admin\AppData\Local\ExpressVPN\ExpressVPN.exe_Url_gwqkjzvdy3xpznw2dfneavuubxdnvnis\12.38.0.60\mofochyx.newcfg

MD5 a39f8f3cf32aa2eb6b8796db17cb4717
SHA1 a656c39987cd4d044105ac3665a414e0970aff49
SHA256 dcbe2d0f8514213217fef33467208772f9b6c9c0d28b1bdfd3d1a6f829948cae
SHA512 735b305f0adcaee25981a16c960352e78070132cb0ffff010027a8fc8441da8720b6f905a8966478a4c9f9a885114e8d0957b2c61c1bae2ab0de21789ded1847

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f56c747195c50f6a4bdbda79f493d047
SHA1 07074169f5a167cecd75a9e5faa9c08e1b9b1c35
SHA256 834c2812636fc23b9fda8da4081d929d407e3459a3b301459d8e70ede166f446
SHA512 bcc5f3420bedd96a3580ef5cb4a010a47c2362e36cf0675ebfbe2d10ee2d94e13021b94cbece0d22b1d76467fb13614a5b6b07cdd428fcf0b0339eeb3cd1f0d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7833479352d7df09c877de7cf28f2c44
SHA1 883ddbcb75a74b8cceed81401bac3ce87fd4aca9
SHA256 12c274e253a52fa92d472f72575cfee1e579ed82c2cd1969e83086cace1f0884
SHA512 10a19e1d70f404880a6b72d3cadec8f2dc77db5d1422d859b0ef6efb5bb0ce291b1408282e73b3009a1060a43e9d03a23c9832e3e2754b9c58448d0c5e69d344

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 112bd1f57a5f0e3581bf99479355e1b4
SHA1 f21fda221f28a0121cbbffd37041e7b18a1cded6
SHA256 c33bd34a4cfb52823250b510e05b6a8c130b3bb8c1aeb199ca1c21e105568543
SHA512 ac816966352b685ecd3d7bc291cfb15dd6e3389ff33d3acbef5a66555783687a469bc29874f890d93015ed3cb79789101e9346107268e6d3ad2da0afc7f1fc51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bce005637d4809663ee734240f15235b
SHA1 da53877695445af32f4cfffe62cdb071b44ee1c6
SHA256 a536a370a193d23784540c83af6a9ed5b5fe9312c0c3a93ed140fabcd2691ea7
SHA512 a6ff2d90bf3d651eb0694e215169086c7007f1f00bed67042cc2e95698825fae0e020348f87e68265952ba39c15ea1708e94c7b54c5a751bdc601a815c7d807c

C:\Windows\System32\DriverStore\Temp\{bc5ff136-34b3-3d4d-ba91-52bfacd2a1ca}\SETB32E.tmp

MD5 9f21d84f9a3aea8e7caac61a6ce039ab
SHA1 0204dd21800cf1b3529735ca4800fcb09c973a06
SHA256 6e520a11e243e3298f5d11dcef49f23311a481a40ce5f3bde3204deb3df77075
SHA512 fa9eae2283bcdbf5d31713edc4e4fcaf578aaad47d990744fefd8d2c046c9f373e98095f0485b53af8edfc79a83a9557ead407b4a11e775571f109edca020dbd

C:\Windows\System32\DriverStore\Temp\{bc5ff136-34b3-3d4d-ba91-52bfacd2a1ca}\SETB35E.tmp

MD5 4bd1a31fceeaf553140842a3fd8747e2
SHA1 346f78c0f112c666fd9557782a966f46a4eb16a0
SHA256 f420cf15041c06075eb7cf1edf4d5401fa0b5904b06f3f006c6d3732961ae9c6
SHA512 ef2980cf7529fa7f50e48481fb86e58b47358ef686e8b4fcbf4717f4f1932600d3762e5cd4afca637e6a915d20e1487cd4e64e6e187cfd3a79b5dbc38bead6d7

C:\Windows\System32\DriverStore\Temp\{bc5ff136-34b3-3d4d-ba91-52bfacd2a1ca}\SETB35F.tmp

MD5 b8fa093624da23283f743bb28a8ced2b
SHA1 2c531829807ccfb13180f881452a4f6c6647cb99
SHA256 b969c3940c90f674173e6a0788dc6e232f24240b1e83d175d6fdadf0e23d6195
SHA512 32367377cf57ca44edddc378a6508f3a3d3b61f016c5912fa9891c0abfd10833db478526fabdfbe029e6889444adc38b2a3359e6916344c760e3876dfe706fca

C:\Windows\System32\DriverStore\Temp\{8c550c1f-a539-ab4e-a20a-01674f20ffde}\SETC1B5.tmp

MD5 30393ccc41eb110f731411391027856d
SHA1 29bc442c8b7f943d2097a5f02d83ae475ba07e8b
SHA256 884406ceb5ac1f4958738f2311fe85d46897392f11abe02c2a6db6f684367a04
SHA512 d74d6bf3bdc6bb91986a7d7deae81759f630e2c9ebf115bfdd7c23a7df5aaf451d806d175737fa3210c40d46df7860a36adf94c2079c37cd4d4a28b8b4dcd81d

C:\Windows\System32\DriverStore\Temp\{8c550c1f-a539-ab4e-a20a-01674f20ffde}\SETC1D5.tmp

MD5 be19a353723ceb54e03ce34b864a9af2
SHA1 ae655c16708dc6b6e93b1341f1b9757c1101010f
SHA256 8bb3acec7c503cd60e24f367c647cca90345295d6fc954c6ec80fb41b56f6182
SHA512 a2f990e70c31c37f27860d9aff9e06bbbb3054474d0fdce8e57cd6d23da2ab1b875788c74d602b65e669cb98b47c64ca29fe1a22b32dbba3d2f39bc4c921a151

C:\Windows\System32\DriverStore\Temp\{8c550c1f-a539-ab4e-a20a-01674f20ffde}\SETC1D6.tmp

MD5 d2eeda960671e459a34237f5a2adaac3
SHA1 a3db9e0118f8ff28d9d48d43fc820ac9cbfdc6bd
SHA256 02385be3f7256c7e7e71b0e81e5c98bc696a4077de5cc7d5b34f96dc997d6db9
SHA512 5785b80823f22d10b6bf5b77aa4663a77bc508a6eb5c6008dcb012ffc8dcb616344e703d47e21ef2b7356368ca57ce0a7f819abe5f0522b43c1ad12c3961dc6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 06afb6bf0e92df93599c6392571fc4a0
SHA1 a8072a4de2af4e00fc53bb9e596822f076e98be6
SHA256 f46f6271ef300f0b01b83e5f1d5ce67e829ec2968276097c72bfc9366883e778
SHA512 7b026b38e5a8c40eaaad8f85f6c2cac2818f36797e4ecc63cacdf8a75447a0cbd60a2ddd92bced2fff0ecb5d1264ba65575d0168dd86a592d0c99d5a2e24ec76

C:\Users\Admin\AppData\Local\ExpressVPN\ExpressVPN.exe_Url_gwqkjzvdy3xpznw2dfneavuubxdnvnis\12.38.0.60\ghgt1mal.newcfg

MD5 b17e73b19568a084875bec4883d8e077
SHA1 617438d8784c43f99584f533e1a21b3b5e05ab7e
SHA256 ea9400ba57a160617c9b909b3d1241d1bad24676ebc44bc2a9204df864ee20ee
SHA512 7535c93b9413e994bc8d35f4cbe6dc97d923eeb51f120f17079d9d323da2b734c1d6a1569f5db494a3b55dc09132de613a3a2294447aad805e543e47c73d3651

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3215f85d7ac188cf868233f2f830143e
SHA1 2bcb136467827d095a3ab15bc8fa2146c799e312
SHA256 7cea145d5fcdee52fdc7a89793a1f2602b8270ecb9abdb04143269d82e0da8c1
SHA512 3ecf9111d75d1cfabd6252cbd91428bd7cca1d253f517d44798f2bde635c1956c7e80749b26b244a9488dc7fb4f4822765e4c305a54fcc076c3fe4629710f37a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 694457d67f2761042ea3bee20e46134b
SHA1 de9f2f816c11deab674c91e307c3002202bb2afd
SHA256 a30b8cbf7403067a1a1cf00bb128c88313fa4a1f581a8d4b7cf40ece80f7d58a
SHA512 fe9fa19003dc99d23b232a9bf63663d3fd32f2390b4504d727b8e27721bb3e90164e35b08b36273bf11feeae00890e38bb3f4ccbb766739eeef911a8088ee334

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_googleads.g.doubleclick.net_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 13e0feeb8a4fff9efe354486ce6f7c76
SHA1 2d3a6ca2681b18da32ce6563f4a01edb1eb34528
SHA256 5d9268d8355211ea16384364f0da2c82e3855b60bc6af38b57e802fc9a5637e4
SHA512 095a5560bd562b897330bfe12c51d6e5691bc49650deb539f334c78799964aaee80c2cfa630be027e5dd7bf88e7b5c4254bb4f2a356e28a1638260f20bac4540

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 696cf509b726d9eb5c2bb70abe005370
SHA1 a9a49be8a61694f6f74b13623ae7118be731dbab
SHA256 2b25f1075bc24816bd203a93cd3714e284b6e6ed3fe0d8d26ae687faaef885ee
SHA512 cb1724327d6b0d023c45acad32eeb94d52cbe99d270bf004102130f45b692772fdcecf2d7e0541ba083b1707c4620e8ef3b6455db6c3db15edac4bad3b122443

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 33da8de86eedff6a7f56763aec23105b
SHA1 e495cad28eff85f7bd72413ccb9d64ca8a3cf84b
SHA256 bca8bb8fda0cd6dc3839d3d0c811187e12cbb8533c6b98e00672f24d20692f11
SHA512 0dd2e38b9e8a99fe6a6366f6b10c5eb1031ea50b734eeacf25f7961268398fac4a5748f3aacddd37fb554b94e6b0218f0a4363b22901f277cdfa5102b800f868

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0c9c7b3eb07f0f1f142f1fabab0fd5ba
SHA1 6f89b0c38320168b2252a5132ba4a1077c94fca5
SHA256 52530a8db5faed6f632a17d8be67e8f30e49bbedc7743382d7e27ef428b91dd7
SHA512 ffdab82c450c6ec3df59ba5350eac24119828ef666184733b486f289a7ea36c67c29f1bce60680c9307814c559e75c8ef47f4c300be779cfede7b800897e501d

C:\Users\Admin\AppData\Local\ExpressVPN\ExpressVPN.exe_Url_gwqkjzvdy3xpznw2dfneavuubxdnvnis\12.38.0.60\user.config

MD5 8d26910e7ea6671aec22bc078ae48493
SHA1 ae47d94d6d899a177a3a544d90fd490746651a13
SHA256 79508fbd810afdc81aa07c0f14ee892b3d3a68d14d7bbec96283648eb876fc35
SHA512 178eb3e8325251c0f9721f9b143cfaebdbcadb932cb3ddece8ad0e3825ed6060d5ffae9941837d34cec40a68fb5cf364c58f89c6333c558c1ee051b136c416c0

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\e0cf5cbb8e886d22.customDestinations-ms

MD5 71e64b53a31b6f904d7af10ad8c9a01a
SHA1 2c273968f7f33a8063e6a6fafedaee7387ab5574
SHA256 3311cf147fbab9a7beb84ec4778aab5934e75b173933bc4c0e1869e4c8d839a0
SHA512 9a76fde35b8eeb09ecda829cad03d0bfef581ed72bdcc4d7344d5eab547736a6248adec8ba3689cdd56aae6bb3a53d7b294a0d92f0433dd3e17dc45c0f4df29a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\e0cf5cbb8e886d22.customDestinations-ms

MD5 e4a1661c2c886ebb688dec494532431c
SHA1 a2ae2a7db83b33dc95396607258f553114c9183c
SHA256 b76875c50ef704dbbf7f02c982445971d1bbd61aebe2e4b28ddc58a1d66317d5
SHA512 efdcb76fb40482bc94e37eae3701e844bf22c7d74d53aef93ac7b6ae1c1094ba2f853875d2c66a49a7075ea8c69f5a348b786d6ee0fa711669279d04adaac22c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 82da29ea87791fb1f5143f73fcc88b08
SHA1 c0dfc36345113f491152f0e83f69e6f565531cab
SHA256 1bd47dd8221ebc78a85dcbb6351de208f0ef6f355d1c300734d65990495d25b9
SHA512 1b086d62c7e33f8242a07b8f3437d27977a0a91ddf266d75254e6961c75f0c158fb53e34953fae27f8e8b5e7c6ff48e6fa0e47c7f2f25d9ef407eb738225c62a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 269519ccf1f31e39906c9ac15288c5cc
SHA1 c3e74575e2a1e0d1250a0dd965362427622953f3
SHA256 10802a663f101abddbbdaab1489b34b08387fc39cc9b6d73be4eda8060ff881b
SHA512 f6537bae69db86632da9da26078a8e0a57d9efd3070899742fd6764b43c7d5f7a14c09288a814a6e81635aebed9d3cef96941bab0b46f420dd2a1d18abda62ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 85c6fda667528787c89028ca2cea6700
SHA1 a8b2fde6c13465932dfdb1fafdb9728c11b4d04e
SHA256 dc95424e36c53c512f1a4da2a794fa292ddef9f132f1ff51357f38cf119d6fb3
SHA512 68b5d1efb5c7c6704e423d5b98c2cd1fcab27c26028ea6f0bdbc416948a118b45dd86c144439df211beb031850ed3f1010b149ee8813f333f9afca1183d4513e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 0cf59b8f3fc900b6911a16ba27f96246
SHA1 d37d9e001c92bbf8df2e82b26a1e47be29351ecd
SHA256 612f0e98a4d954e8587842213ef8581ed41d207a61969f6d68e4becda6615c95
SHA512 dfe7157e0268fd4de6530c3ab168177f4d8b886d013d0abfdec36049073fa6c92e6b350ae9282de497b2811f663f598d3aaa2d99a733e36264f59df9918540ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 c40bfb376b8f725031fd09311c4a86b9
SHA1 1746db62dffea7b3fa40021391df7ffdd3855659
SHA256 2cba6c9b5931001fe4c52e9fbcd3bb979dec85b286eb9a666dcd2efeb3bd9167
SHA512 b64b8f31a0876b837d6d75f5528277adc7be9399afa86e544f3cd6d7c00764143fa028d0e58537ec71de20b5e66876587e2b06b7e3f808e177b4c8e8b8ec0500

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 139540953e8f38618c8ab93335204289
SHA1 6e243b8a4b9ac1d7f9184998691edf4dac904e4a
SHA256 e352eea95b106038e9f6df7f9a5f87499d28d4270fe8c77ed58a0067c4e60dc1
SHA512 1bd802b3179b8930009bb40c81ab6d21559dfc2a9036123ebab1e935a8f252094cfc57bb1aec320001f6e906cc0d63fa7f1ab9de7dbf1a71cdbcf12196648b79

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 9008db35d545875768f51c498810db68
SHA1 324c4fbd184dd92a77e61b9e1397c8d6bf41444e
SHA256 6ffe03abdacb762bc1070ff69528fea107d33b9d13042501192eaf0c693f97c5
SHA512 c5d3179df0b8ee2af6374832c57279b555fb27c4ef6ec00860a74eb79b240d8b3e1e36e0e0551186de157e4d99037f4546e63958c2852b5d043137826ce44876

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 403ba81ac18859fc92a8671b612b3687
SHA1 19d70a81c9927e5644e5d2bb78d567b2c0996185
SHA256 9640a50011c211ca586b6a8de635769f75422f5ebda67a32c0a3aa58b7fdc825
SHA512 83ab82161c3ddfab13a0c9e2bb1807340b0b28d1d4ae4a293ae507290ac2bc53db938ad8de2c94d276aecfc6c951062ef8a85501940237b5ad310c3dd2c3b17c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a3ff101db4cd5782e5a2be26df2affa9
SHA1 835ebe52f4d49785a261102818f265b216c6843b
SHA256 4ad0a65c4854c6c4c734d11f84a6b0b8fc3157bfcd633f95ad0a79ffa5ff1cf8
SHA512 de9e0bdf14257830eeb35fa2351b859ca08a5f0c3561f5ed50481fb4050356f90e0d003e92f659ec507b83b5c2b9be346ced3066f1710f9e205a6f65e474234d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 cceafb4c81f85c54d45867c180e6b25c
SHA1 1eeab404fa2ac2b3e334ceebe5f8f79227ee6d6a
SHA256 140e0644e4d5d571259c8fad973cf98265bbad377f4355f5a511e9b4bee5878d
SHA512 18cb4030e03d01d856c94f404c3669b4a413e216e1205b1cb754cd71813a8985274eef9a6935b6486ec91e43aca9d6fb39174d33e8949ed9dfe7a62a66c00397

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b87867ab65926183a0a79fd23ed12d8d
SHA1 9a808a1898908ed0253ddb4e86299a69d7ff39c6
SHA256 7ffb34eab14fd4604585489082831c1de96f50b56a0a3cf94a3b9d5697894bec
SHA512 f900e7962767a485ec5a4bf17c5ab8f774eddc8757fd88dadc10f6df763d867ff4be56038281b711b56df2ca36e4e8c88888d3e70569f38ce1ba3d25eae1f791

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 15cc4a34187c73ba12aeb17a23b7e5d0
SHA1 4e144863c441489625544458ef77374bd9c670b3
SHA256 61df0f267cf52d999d47d37d4b2295a62edf49842f1fc1c0c5ea53eda5b8b0db
SHA512 d01a680691985e4e1ec272572a01c8fc58085dfb77e04dec34c742e165244e766159f0e47ed202f315033520fc1378258d21218ae39d82407a876b297ce59b4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0332140a29a02f60292ebb19c6ab89af
SHA1 453e88ced582d34899b1b8a09e3a85fb6cebafd2
SHA256 4a82aff4040ef6e85c38ab34aecec807228f4a266f21806c8b517e17deaf7d47
SHA512 4ed0793cc346fe699bf067329cc1d21f916387f24cbb1b573c9c01ae2564c39a4c7514f32b03e2348d9ab82fe9f270b73471bf9b840231ab8e722d0f4717b5bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 15e5b485711231984d8c0049530f9a7c
SHA1 c2c1be2f9ca20aba16dfaf5cda53e1b8679141b0
SHA256 bdb0ebc922741648ed3933342678fd2006676f5ff707e414f71058839de1c1a6
SHA512 66469c67ab433e97c4631af5f1183d602ad6fe19468104c8b4ec3c2e6a58746dc5712f8c2fe7a5cefdddb3fc4c06ca993ff95f9a69bc786fe8da344fc07505c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4b0902e22d0f71b5036a0a8841de303f
SHA1 9dddd329e4a6842bf3558681c9173c021965eb91
SHA256 6ea050feff2087ac62d5f3b2d3acc50a9e0445dee318d3b697af3048516e7f13
SHA512 84089ea127ba4261ae4337f2e30992aa6a5e66b353801c6438ec033f322fa345b084bac221b5e757929cd6b3f312fbceb3d9cd073d491572eaec90fc0fe1ef99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d7

MD5 8991c3ec80ec8fbc41382a55679e3911
SHA1 8cc8cee91d671038acd9e3ae611517d6801b0909
SHA256 f55bacd4a20fef96f5c736a912d1947be85c268df18003395e511c1e860e8800
SHA512 4968a21d8cb9821282d10ba2d19f549a07f996b9fa2cdbcc677ac9901627c71578b1fc65db3ca78e56a47da382e89e52ac16fee8437caa879ece2cfba48c5a6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 05d0e56b425681b166b4614041ecd2e4
SHA1 f89088253d7f986537f0d018a91bda87feb6d165
SHA256 10dabb1a37f3ce29bb640f7eb93a760c7b2fa3da6425f66b97668c2d7730cef6
SHA512 f7e5186392c0d81b52a9371bf3cbb3fcc789ed9666951882799d023577701081d26da839c5002961a5bb717feb58ea9c2066e1b93560adc3421ef2216b398c12

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000dd

MD5 5bb5b01117aacd71cb1955ddcad3d156
SHA1 865f19011ddd428c748e4a521c7d545d31d72dac
SHA256 c5d4fa262a24ae6af1d6412eac0325f8806bff684240ab0a19ca3554b9419beb
SHA512 3d4af1d7e75efc7753e773784aef05462571826423345b343dfc42927001c963232cc5568e5102c417aff9aa15e589247f550d62b72a8a72e73c5ffb3a9817dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 00a44645ab6f8feccc06d7dd95d00634
SHA1 4a14f742ce549490acf1657df4bd53d146fcb4f8
SHA256 a81db9e578f1a80136d3c527505c46d997f14d3a91dac56b4a35abc51980108f
SHA512 82c1242de2cffe253c2f899304e67ceb2ea888298be91c9222967d600e6b7ee2e8675c2901dd286ea5700d482e1bfcb2f3a1ccea14f1e3150b42250d934a3a08

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 170ee0544c0ab7a49f69c20661fe64a8
SHA1 874e06151b9f155e307124095747db66c5b2ba03
SHA256 61930a008e449dd36db1a53fc0d9061290ea2cc78831bac0c8e7b1c80a941f37
SHA512 1e939f42d90d451d736ad94ba3089a684daa0c98adcc43b900897e951e0972b1e858136068a1449fe1f75bd899ffe66fd3cfeb10c57f988ac25fb89ef51a8ccc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2a5cd33c7a713261f41a627e31796c89
SHA1 8cc8359cae41ab8cd3b78565b63753e1f5d6def9
SHA256 b3cd72f97790e92f04b653c40e7daaba870917a6fd154a314582ea283be772c6
SHA512 7b3fc89323162d1111cdc4bceab46640f6c544c823991b9d0e1addce7ef507cbf8bab27bea8eab9bc7898c052b95cb4845bbf427cbe64160c499b99194905cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c2562df7262a12796dda7bf9a09fbc4e
SHA1 856c30a224b07a613a5bf82543a283a6d14499e3
SHA256 3a81555ada6fa25d592db26fd33275bbea6b92d3d52ec7a8199b1df54043c5ac
SHA512 ab8128da7f53eed962e87427fec4b1bf84cab921bab1f20077bd1db75e6ad8e40c9a5be8d1b12b83b0264d3d249e36407220eb42aaf692236058cb4e05683a08

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\de7ca7744244c9be_0

MD5 06fb20ca021263398a60bb5517936a9e
SHA1 ffc5d2713d894dd4c646351331fbc05ff90406c0
SHA256 11c41a1251f16f8505fe8254e92ad67be90ceea6db4e9c6814ccc1d1a6dec989
SHA512 b49e10e7d0ce2d6bf24d823a2b80bb66a4527e33fe97b46929981ee63e09fabb8af608d255bf3e610832076229ac57be1d3208fbcd659e08c1384d0298b50ecb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\56cf58e31d04cbf8_0

MD5 4df81b284904375eadbac03216a46dd8
SHA1 b1e532d219a191c7b312a7ae5cf70cd61d0c838c
SHA256 ca47003f6dea6b2c8e9870e6bf0110cafc0511b3f1b1259103c554b89416bfe4
SHA512 a3a2bce63544ff287e4671c0d649e590ccdab9a428b72d5bd77730590865613e5fd1526667cef0f57f5c14369aba3419924cdd24f7ca2d1df1d4d35226edf428

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\75e1eddf93bfbca4_0

MD5 7ed3b82ae61b543f46d075dc73bc054e
SHA1 892b10ba42da0cdbaaef82522a560c74b3d2f5ab
SHA256 31f47f4b2ffa380e5cc81ecb35c882662290d26b2de0ad40f480059cc6525d2c
SHA512 96610160fee785fbee31ff0f9fefa17c0f081513f41fc436ea098d4753ffd912d0d76605adfb1b3a714bb8ab473de7a1d43e68670ae48f1eeab4bda7a4e3f594

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\875d69f125275e45_0

MD5 adef8c2674c76b8e33e1172addd39435
SHA1 27e193aae5ad3f910d0ea10f67c859ece62cf85b
SHA256 d5078a794a8cd5bf585fe47538c78ea452a18b60cc91fa3ebb0bc06e01a176ab
SHA512 31470b046e3e71ecae627ed18e4805365c7c9a8f57191801624c28bf321bde830328e3815d7ebf03dcf41793d07d6e5b48834cfe44bc079a5c66c2601a75179f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 f28a0375ed51538ef3ebeca6a23f4277
SHA1 f415ef0bbd9e9e4346586250f50391086e5cbc91
SHA256 47d5847517d6f1136cc3f0c989760699ac0eda54e7aad18b9420c62a475cfdaa
SHA512 46c409f3fb3a088399544190ead012ffd372c324261b8bc2fa61383db9b7136527825684fec32e837ca117acea48b3a5bbeef6591588bc996749897f24fc9a48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 764093f9f56de3c58a10dfcb6de1b04a
SHA1 280c982cd8a56f486df4da816fe7063b2ea653f7
SHA256 cd95846c4eeae1340e14ea76d06b7f215e204f5e8f2b60cbf2da0f24732a28bf
SHA512 675f8119969fb62c31e4fc6bc93dcb7cbbf2f37c87a48f3a1ffbc8ce01c8bd32704151e0601ea56495bc75fe41ad7d60e571dee68c6746e4a7a96c794f7a57e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ca874aa1-c8e7-4aaa-ad66-342063748953\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8a0e042d4b5b9c466ac70709bc7ca092
SHA1 cf267596bf8ff0c14fff1b6753345bacbe54ec21
SHA256 a6da44b9cc302dc71c1256480cf28e5031f8ca17bccfa162dccd90082631e4ed
SHA512 b5e4414364bbca617d0a3a3aa6defe801f2c8cd7b1a742cb1a3548d0a57b5e9b44dba8419cef81660a9e6a0274621d79ef89df8557825df42391c31c4535dfd5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c8

MD5 2cb0d3831a5c488d563cb81dce95fe32
SHA1 750aee5bf6b01f9e32e8a8a56b7fd9cf58311660
SHA256 f781f6571d1f4210a3635e89b8b72a823a0be466b1b13c950a2b7ac2465efb6c
SHA512 aa7249f02998952dc373504989f92d72b2cc6936db9350d9cc7915c61714e1d2f3acc87d7b3ad2890a124659f4a02da4d5500fa2060bc37235b46145d28361a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c3

MD5 a63f55cd19376ca24a43a13864d13382
SHA1 6b11d3f0392c3ff44486fae4bceb7cefc3c9b068
SHA256 1df1f5660045ef7345694bdc6769b2d51d8988d2454fe3b9a36a4fcd0403d78b
SHA512 348de8f128d27e5a6970d25a183896635fa7cc45062d2ffde5687aedd7e25c69bbcd9631e9807c3fddd0f077237e5f50d39556310ee84a01f07ad3a3aaf887f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c7

MD5 b12909e69fe3ce3fe56091a1c4ec1383
SHA1 841a3789ec05d6913195601dbfde82deb5c12241
SHA256 9efad0efcde01b9f458eccc564f16b069ab086274582933c0f30d74af6f56a7f
SHA512 376ad27ab5c7a3347e1edb3ddc8b77cb8160df2d5bd10500ee15d63cec02a223d4ead518e28b47ae8824561b224738e857f740b72c991e0a60a74bd531aacc62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c4

MD5 0321191b9016b265a2f6eadcfdd57d8e
SHA1 9f3756b28a49f32a78b79c7d9005a23c0369ca60
SHA256 bc00d8be48550558cb1a86275f6433951216812997054650aedcd778ec6f7eda
SHA512 fd9dd30b092c31f31d57a3f62f1471a4124b4c28ffc1b97c4e1bf499696ae7fd9adbb9462a6cf185b5ec9d2262e53989007d89c500a88db9daf797db90ac278d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000cc

MD5 1103e325ec7308b8edbc5fd6739076bc
SHA1 35159f0d6c8a25fd24e626e48475f2ff5179d667
SHA256 79ee3956173072b0a83d38a19ac159d4720b0a9f66fa88cda84f64f5122d85c1
SHA512 04dbba7f51927bb933c7542782dd57167b48353b31fb1f11ee455e0242dab69e679fab8b92000e7febfb8fda702d8293fc0252ce8151004693af28ff16442374

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d8

MD5 4e60263428fe0101efeeaf6ea3807ac4
SHA1 57bc27add3982fd33446acfc9f6eb6ecc8567a4a
SHA256 aaf063ab303912bfb76f9a5fdff2fa0eff49a41db0180b9bf357696bd7d2e129
SHA512 9fb6359eaaa12ca79d07bc0412774362c222104dfc1b7e21d31ad140a7c352abda26c350082556e44ab93598037faf498abc4e6c3561af56992624f1e8113964

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6e33c38230b87a5eb7d877a7a5e55200
SHA1 9d0b29043f69b8ceaeafa071c91508574e71cec7
SHA256 6c26e36ebf200f5ebee0dbf3527ae36fb1c921277c13784cfb72cf8f0be0f0aa
SHA512 ce92d25398cb622303d99b5529cd3ba8b4608a54866e21799d1e8acb70aad880a75ab313348fcbfcdf70b96fcec26c6911879852566db6f95213b61a09d1bc1f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 40b47f6959e132d28525e069100f2180
SHA1 78ed24c4ba678ecb115f99c5eb55e8867b305ace
SHA256 ddedb6c7c4d8cf4dd4a9ae94aed1c8d6838a9a9dd89057010d84b3376328fa0a
SHA512 971861aa6f84232ff487931f30749c88707c3bd7d2d69d4259a8ea56874b6d90a7ab55f28930040f523185d84ecc5d3ef6f7687af51ce1360fb2f0642ffb4259

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000db

MD5 18cbdb4d408d86c1ea8a90dd1b48f68d
SHA1 7e973165954de624dde7c3d2405946a5c38de317
SHA256 246a57a9ec6c889bc2f687439d5cab8ccae8104836f858f74e79062f959675e7
SHA512 342858ea48ce0d527e324a2e18b8ec338c55d52b6a83ccf0a93c15dca62c1199bfb4978f0ca674781d199d726e36ef30ef482467dac1ea1fabf77a42ba494db1

C:\Users\Admin\Downloads\MinecraftInstaller.exe

MD5 d03193d3a30ceb126904df28abc953bc
SHA1 9ad806e2ebe4a6f6dd2d48cec1b598505d6e53ea
SHA256 df166846ab3a86b2a797e81ee48377ee5dfb8a2f3091e6344816cfd63316e72b
SHA512 a51d29b1eb3936fa3447aafe365dcee28f18fd6509cfe5d83e66b5ab7f1e0029ef8367c1203944ec93e1289570cc42b656d2c74b35e003b841f43efd336987eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 218626d5a03cec53e3549dfa15965fa9
SHA1 05c0921d428d94cd35b98dead711927e603c1df2
SHA256 58021f7e58216e745ad9900644ea7c47a841bc3d167cbcfa4786faf91204b262
SHA512 98df5a550d96e545cf7647837f65f929b4f06f274ac67f76d0557637cf2d127ce9e608d1050c95257898920d9d1af537dc0dad48f808d7b024b4ff86190a3f68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f7976c139ebf85429068f5727e3a9c79
SHA1 b2febc651aba93cf15767f570d4efb3b03ad0663
SHA256 bc4912615a30f25263b87f0da91d7bcf437ec63da8816fae7e1e633b55be0127
SHA512 17f4a4eca66405612f77856fd33e8a8a2216edd91f154469a62d4894f9f2ea36e072219eb53e5009f26f6ab4feae4b5c6f5639959d6d0c9b50866be9a06b2ee2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 0dc0ec58731aba803a9e1d9a61182cb7
SHA1 33798ce1c403d86992af48aa4decfb01807ba345
SHA256 0537f04d1294806777cdd3e6725a3c7a73c83ad0d8294b7020f845b331c6ae8f
SHA512 1e8c11c04d7ab1ced2b5fd4a975f3d8813e81f2b6f4255ba62c9a4f5a76e2af501b5eb1977c986054c240718c8d9ee32b95f564e06c46416ef9b2294ceba8066

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cb714d24f52220aeadb789052fa53c13
SHA1 86188c2304467656019caedbbde0b6ff2ce18bc7
SHA256 4ec009037ecde3c893e8e863f54eadf5981c060c6e63c99e5a6b51fb6656fff8
SHA512 1497fddae285bc4d144897a61bd818f04a53f61d0d36c3bf32deef3f7ca70906ee2cfcc7bb10f0acc07a21842378a0ea238888fe40006fb45cdbbd9b77921911

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 d1fb8fc0871da0f4983c3ac84630e022
SHA1 d5fcadac6ef932baf33c0de9950b59d8cdf5ada8
SHA256 937d172a6606cf380fbfb25157b36c7a4aab4538ef77234102523bf16abca8e1
SHA512 fed61290ca1a7426d12840553ae337e317024279b8aaf65772cd7b6d7569c26a49aacfbb201489fa474297472447103548374cf34f847a178840700136ef587c

C:\Users\Admin\AppData\Local\MinecraftInstaller\deviceId.txt

MD5 2e61a88d1b1229a34a0a75d31e7503ea
SHA1 5ba901d565072f677e1ef9176b40ef39a8d13418
SHA256 e1b4c76f8cb9e1cc4894df3e71ee5d69f4f5d1e790f873847895b0b76d572b59
SHA512 866e1c353fed16b4cbae9d9ee4469225df100b736c231942fb8cdcce7351a6748184e1df9413d646dbde3f1c9c13899b0812c34bbbee8b5ef13179d02bec77a7

C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe

MD5 4c15abea139342edaf5cf161fc1100a9
SHA1 498225859a606fa7162317b150b43185e389685c
SHA256 604bd7e4b0395b3424bbc8e82f52248fc5ff0d33349d07fe424f6301a089d939
SHA512 818f01f8925f2b625cb4a894b1ee073ed92675079b6d6ac862f579cb5eace8e0490fa238175fabc105582b6addd7a369dabe3055674f8938759e8913e83e0553

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d2eeae395b5209ba15df394a396caa01
SHA1 b2fa00df7683e9021738be05f65a81278894dbbe
SHA256 723e57d83ace5317edb4da5240b84af903423b5298fd706ef0e054948c9ee30d
SHA512 601f444ffd973d6a746092408415a999ce1d200da6c6b6b1876853c57f5a7b935094fda96cdbf97057a56b015fb05c3e65675ed26399ccedd2f6074173eabdf5

memory/6584-6458-0x000001AE41840000-0x000001AE41850000-memory.dmp

memory/6584-6474-0x000001AE41940000-0x000001AE41950000-memory.dmp

memory/6584-6490-0x000001AE49EF0000-0x000001AE49EF1000-memory.dmp

memory/6584-6491-0x000001AE49F10000-0x000001AE49F11000-memory.dmp

memory/6584-6492-0x000001AE49F10000-0x000001AE49F11000-memory.dmp

memory/6584-6493-0x000001AE49F10000-0x000001AE49F11000-memory.dmp

memory/6584-6494-0x000001AE49F10000-0x000001AE49F11000-memory.dmp

memory/6584-6495-0x000001AE49F10000-0x000001AE49F11000-memory.dmp

memory/6584-6496-0x000001AE49F10000-0x000001AE49F11000-memory.dmp

memory/6584-6497-0x000001AE49F10000-0x000001AE49F11000-memory.dmp

memory/6584-6498-0x000001AE49F10000-0x000001AE49F11000-memory.dmp

memory/6584-6499-0x000001AE49F10000-0x000001AE49F11000-memory.dmp

memory/6584-6500-0x000001AE49F10000-0x000001AE49F11000-memory.dmp

memory/6584-6501-0x000001AE49B40000-0x000001AE49B41000-memory.dmp

memory/6584-6502-0x000001AE49B30000-0x000001AE49B31000-memory.dmp

memory/6584-6504-0x000001AE49B40000-0x000001AE49B41000-memory.dmp

memory/6584-6507-0x000001AE49B30000-0x000001AE49B31000-memory.dmp

memory/6584-6510-0x000001AE49A70000-0x000001AE49A71000-memory.dmp

memory/6584-6522-0x000001AE49C70000-0x000001AE49C71000-memory.dmp

memory/6584-6524-0x000001AE49C80000-0x000001AE49C81000-memory.dmp

memory/6584-6525-0x000001AE49C80000-0x000001AE49C81000-memory.dmp

memory/6584-6526-0x000001AE49D90000-0x000001AE49D91000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a5f2e24ca4fe34fe_0

MD5 a42c4ed4cfcea8bab49a3ed5b637fa56
SHA1 3be9c96ac2272ae167e56992dfe3a38218b2c40c
SHA256 47e341b0de270aeef3104976e194f977b4b0a7aebd44454f5019b9f4e2571d5c
SHA512 c03eb408b552e5ce0339345c40dcc1b051072d5d5b89c5edcf08c1f35a34cb31416d4948f25d05a3c985c70ac5f1999caf3eaffa75bdac8b96149a21377bc373

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bc7c0fe7184df195_0

MD5 93ee7f897c29fa6870b056a310b786ff
SHA1 43fdcf6123665a02be1c3a1f38974a8662a70578
SHA256 66e97a52e4a7aa1a028af5a612a412fba4b3231fb64232065ba57d0482a2e4b6
SHA512 cf1d14bd9129fac9fe4f51bb4c2522610a6b21c2b5838adaee9aeb227b4c8d9a1f7e94f14a201b12b597624fcb35b517fb0cbde24ddeb1b9611ac6f52e695eae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

MD5 bd969b6e4f4ffdf90bbc344ef831cafb
SHA1 668a7a0922724f5f24a4846425a3ab76b9dc3600
SHA256 518744dbfec89b8e935f41bc06ff328547105037f5eecd57b1f7dfebb47d6f30
SHA512 2379999a05b477a6281fb2e71000b8c50896e1b5c3ffc0bef58d52507dcf02679fa3151dd493614aa84b0cd8dbb4de7602c9ec08f8ff2eecef9b2dc57fa1e42b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

MD5 fe1772946f3f9e7f1306c25d2ebf973f
SHA1 0c06a17027583c8d0838013e35685b64f618ce30
SHA256 b1b72a5cd1632b9eeb459373d74eafecd6485e6cfbb20beab4004edab3f1ea05
SHA512 f5118832fa7760b1b9ca47ee9cbd060117e97dbef1709ba8d89af30189e589845cdd2f4d158ab66f8208cf3d00b5fc7d6a354ac2a7d8bd3fb49b10e27e507d4b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe5cd99e.TMP

MD5 b5435ae9cacfc00a79b5f1556ada23dd
SHA1 8b6522d9c4bb5a488d6b3d9d1ef6b6f97a3ab2b1
SHA256 b47781580e833d24e9b465edd91affa7c58165d07470afca36b8cf5739c4edaa
SHA512 56655302df8d28732c81dfe15edd810ebfd52ee13f9a3e749bbd50daaba268104e9019f45954c9f1f6b0efb33f5cbdee1b39713dd3e7d9cc247bb7719f41a097

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

MD5 9a2c9a50b907df7522dc51b5e6ac4570
SHA1 52ec73d4defe88f2ee47276d71b5f40c5bbbe5a2
SHA256 6c4d8cb9ca85269836e8867bd53093eabb8bbc51d1e9d349f0ea0e1ba7a84996
SHA512 158466238adaecef08a23345e8b072dc6762f5e245ae13fe74533711dfbe5afd1b34fc7dfd80ffc8c727b239f7cde18c293648044e4ddc2ac78176fbb2341376

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000129

MD5 a659d25ceeadc7285e578026d3c39326
SHA1 b926c8e1dac895c1ca548d4f836c9e74f53ad1e4
SHA256 238e878d68072d454e594ca2bea403c9a9efaac6276192ff43e112f311eafc22
SHA512 54ec7c22b62b348d609f85291fe6d930cfc499733971964e82f8322aef2321f55a5c402957366f76a2ebc47c7364bac61370c7a9c5214e86e7f94f2f22560eab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 db2823fec968ce51650bd6c51127e129
SHA1 a9e1a2ace1e991a1791bd0fe700dc57b7e4a5065
SHA256 11f130a77f34cfa2f81c71b8667ba7a074841e8be1e8fd4aadf31363fcbe7253
SHA512 94c91ce03d1d0b44bf0a6d228844040df25e34d1056652d515b2e718f355ec35c8ae2ded4d6f047c112c18c1539dd9571c20d99aaa4c20c8ec8dbed5d56e0e0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c2

MD5 4d5370d18198b410d652c109ab20303a
SHA1 d24127e115416349308def5503e1efa68d132a4b
SHA256 5d374426c9d46a8894bcfef4d490907c4023e1a6305a061366a4367cf7c6fe21
SHA512 a2ab6fb3dbc9145a28a803658d9d8754c57c455d7828f4048f0626c6a9793fcba07108b4a02aeb47ce9aeb1397f31a07b8fa006aef7bd2170ee05102436e3486

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

MD5 b63bebcd6b8591b01e87e3dbe073c5ce
SHA1 e4f1cfd996736e9353649a9c38ac737017b4dee2
SHA256 9a1606fea2bc126eb4d22771998dc4c13a717a7c47b3d07f47a04d409c3fa703
SHA512 45c1899e67318131542e721b021cc9383cdf7857b5505feffced4a47d10d7ff9b57bfb02f2c247229dd747d1c60fb8e02904e14cc992dbeac7ff86383833c738

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

MD5 9b303c07327fcba3ccf659c3b2220c6d
SHA1 c6108a87d70865ad0e2603b6686e2fe22e25a3c8
SHA256 e7535bcdc16527c8e425ff365f920273b3500b3161e0cf5dbe149c46f44323df
SHA512 cb6a1cc2bf8538091af8a29dd6499038a98ced537e6cebce604c6f51001959cfa3e7d4b2a37943e0d4e6d3ada2cd85cb124c674b21ef4fa18ca940da2c3932c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 094c6def326357bdc59945e3fbf04121
SHA1 e0aeee5b5e84936c0c717091c5c6dac805f3f5d4
SHA256 35fdb03baaabe7e52c7962a82cfa7a8a2278d42ce33741ad21762fc9a372a0a4
SHA512 4480c80ae4cc67a9a46d267484c65f5988a8cdc958b39cedd56f982eca0fbc8b605a75515669242f74000a1ef0e4146c6ca241c2783ee31ff3c774970d5ead6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7836dfbb07807271264b2c83f0ea81ab
SHA1 5ae72fdd20c610a7950d802e6312f263e25a956f
SHA256 5087f40c4240b34bf0823e4b418fff5fc6f4ccb32d5e7044bad151909251c6db
SHA512 736155a53776250e5b61025b92b12885df72ffb51903cd710cd30d6b24013ad018f6dd54020dbfccbe3b7996ad34fd5d23ed04cbd01a4e117cd5b705d781a741

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6d0b05d1e051a3fff56b8f6a0c26cac1
SHA1 9f18407b0d798257cd6957e086850da52b0b2ee1
SHA256 6989faa53376b834d2068d46cabb8c22dfad86bd2d779d07da4696ff558690f4
SHA512 3a2ebc70c22fde45a25ad7816997d8e24754d04b93ac0da938aa8ebbc8d8f9b31465ec7c6ca07cf5dd0453c1335694bed9c7d4181fa64a779dc7e689740d9908

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fe5446732feac1b0e7894978872dd870
SHA1 246786c7b7eb13d866d2fffb3fe8359b9681ffaa
SHA256 9bb48aaf7f268b29143b18cc7a6a9fb6b59e8418787174675ed57246c25cf898
SHA512 f67d0b14a2b8e069650c4bd4bb0fb89e14abd1b1038b4803ef071d029c4914f2cdaf24542221a528dc3df0f0f6e59db791ada88f1adcb0d4712932de041b8a7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 646bf1d10858a2fcb1c966f38f15a592
SHA1 629793c6a5f40a505588b0b39512c3936b6e9b1c
SHA256 b9555bd20944e02ceb439ab4eec778dce864872b14641d4dbdfc9a05e5525e46
SHA512 0da5c8f93074499d470ec38f5cb18456240e3e7a82bfad138e92ecaa6bf2e681543502a57c4536f185dbc418145c5e2dfb51239bcac198d8968a10ffe224dd5e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8e15ca921072882d457c09f6924df924
SHA1 a23362bdd1dc57856ea00bf3eea42286dad5f28d
SHA256 60baf096e5796b025bbb30df0fec5642d958ef8ef225b6d66be21747813018e6
SHA512 0d6aeabfd8f5f027b181ba99f16414aad34e79fd8f63060412f9efdd8ff0c50070cf112f339f998a550e1d7baf061a3769474e9f53664c9407b388b96fa50ee9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4cfe1fa51e8ee39738b8849259fb6023
SHA1 529a5265a75aeb9dffc021f9df7d6ed64a53892a
SHA256 bfe1f7a2f264b328070bda8af4165a2c470f6795ca3b52d488b7c8aa9d0972e6
SHA512 efed35b4ff2ed9da977f1eb969bc4096170e6cf64b4fedc621a36613bac6a174190b52e0f1d4cb139bafc87e12e88af9a629018e2a159214f25aa94d8a791bde

C:\Users\Admin\Downloads\Feather Launcher Setup 1.5.5.exe

MD5 a8130d85ef43e42a33fe1064a4f135ed
SHA1 1ba835089ac121f3141663ca4a253f86adc64b3a
SHA256 327c129fa0d9b80666eaef565d13709a82d8558f9e9d525e4eb2b6b1ded512be
SHA512 73afb6ae38f6087dbbb3014c3d4e3f759643dfbbb5d8960ce1521925ec172504af78ce3c7afcc51478c258ef792e4755c094c0845e20a221596863706a2afb0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log

MD5 e3b7ba8b286c90a44e8000b5394c7796
SHA1 c6955da78f7f3ccd5445cec327a366ddc53a7788
SHA256 654a149d1a07da929388faf509b2001fee707289a461f4ef1d56feb3dba3914c
SHA512 65fc66e98a37a749efb77fdbb1457e6ab6f2d74d1cd05694fac059353f332ff936f99a196a9294f22a1ab0cd51e0901ea05c2bbf007ddd45096c914ee874fe08

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\nsProcess.dll

MD5 f0438a894f3a7e01a4aae8d1b5dd0289
SHA1 b058e3fcfb7b550041da16bf10d8837024c38bf6
SHA256 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
SHA512 f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

C:\Program Files\Feather Launcher\chrome_100_percent.pak

MD5 a3d4515d3a33a407d313a62818e82a5d
SHA1 967ff9a6774a66f7b3299af4fd5d70961ed54d79
SHA256 662a9db6ef4197cb4b6c50648a2cafceb7fd903015828df3fee605a602370be0
SHA512 0c757e1beccbca1ae0791fa0c51a9e2019696bd0965c73de67b364fba6f317ea2cf20fa65e4fa7dd22519683528e5112dc8c530049170f4e702e0c8d4e065801

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\chrome_200_percent.pak

MD5 3bab45c70f22646cf8452c30903810cb
SHA1 40b31d4c79b5a2b8d12f8cf8b6c49c962c31f766
SHA256 d4282ae977f23afe252e19e421c8d09696ea3b83a1e73a6aaebaaa5547c74cbc
SHA512 85eda055494f0233c963e821906cf69d94e664d8396e8b08e7a8f412e1c16af71252fef1bfe3ed43cfad157aa90c0dcbb375626e2ddf0e807c9b23ad27e61d9c

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\d3dcompiler_47.dll

MD5 cb9807f6cf55ad799e920b7e0f97df99
SHA1 bb76012ded5acd103adad49436612d073d159b29
SHA256 5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a
SHA512 f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\Feather Launcher.exe

MD5 fe25f9cfc1df95770eddb8090f7d0b8f
SHA1 001b7ceb9c1bac8fcce45d80fd0dbb96879b8695
SHA256 112abb0dfc8f76ecb80c4bc9c7bfc01ba8e7d6bae2d48cb12b47d32428029bc9
SHA512 257c396c1acf9bb6f964d5f4deda7435a72832f9147a49dc06a1818cf77ea52ae7778248a250695b12e618adfdec3c78ca57568da15973dfffc95ddf7a554b8e

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\icudtl.dat

MD5 6690f2b2384e1bf8961fda96a4d07691
SHA1 111f6dd9833c653908431621fe8fbc87f1135632
SHA256 cb73d42d36839708013393ad0e4e932fdda9a1acda9275ecdbe74fe89eea8366
SHA512 6a5242fdc0ba09e339151feae1b3f7a9f00a09288b6f4ea9305d1a09d8bc3015c074ee91de35b8d6fc765c2fb55ec37dd91b8e66b7a7bb3148cbc305de19b088

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\ffmpeg.dll

MD5 68ea02ddbfdd0aa3a694789ee6d95bc2
SHA1 326354fda27d5de1a7bf23b440c6eeb889c7c00d
SHA256 0c4e27571b2b7c2f50fb6c6d9746fa978079bfb3834bd69ac2f36123c41a0c99
SHA512 5d517890cfa9782eb5e78ae9bbec54c25b7db1260bc73e39e6b96fc5482b5d7908e25b8b0571eab7129ce78963bea601fecc6be1efda6376addb1c0240e7276e

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\libEGL.dll

MD5 655672c205e37b079c34a4427118479b
SHA1 e1d595a25e76f2f1be50f0ac3046e82462790d69
SHA256 498fafb59d3d1a91fa24f95a59411dacf3fb373408e8ea5f931e2ed6b2732d36
SHA512 a5ad3ac4e382d28d2d95cfc1b02ffca2ba1b5277567c1db81e14a87891e6ef9e5b8b2b56f4b63f8512c0b527dc3de7a5ebf5bb479dad827dfa17294f5874ab92

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\vulkan-1.dll

MD5 58871cf606db440509b56a3f764e72e3
SHA1 312e810cfcfb663b0da00eac3b87294c0b035cfa
SHA256 ea1f3a66f9322d20da4542c42595eb789e532a224a0338dc488e998ae00e59ea
SHA512 07279c40721414f6ab345f83d9189c3c7012a54fc839359cb33cf4793ea771507535518554be99bac339463b7bee89e263e7a5cdd3f443a550ca6476c350a2a4

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\vk_swiftshader.dll

MD5 17bb7a2a7cd8ccd96ed19753cfc75bec
SHA1 7c996eaa179fd472a572a0efb3e243a81b283977
SHA256 070c9bb970f13a47e3246fbeadd4d2d3916273e1ae3db2059d806691bfeaf6d8
SHA512 80ff7ba1b32e3de374e8637852b96c12882a5f7d32651ff0e1c2cb97898a44aee46a569a42b073a4e368f364f0daae2e86eca36068fe6794eb5ba55cd3ca5ee4

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\v8_context_snapshot.bin

MD5 b978b7e83b574a43fe766af2b670c1c4
SHA1 ab0d1211740fefe3b8ddc8bcb2400e68cc88ba4d
SHA256 f59fa568139442c7f547fc8a5a0fd090ddc8427cc409e2fcef0518a9dcb47a96
SHA512 ac0f297b128e83d55788aadf5870849781d81cc61461117c5cf22f757e20089acb640b3ebc2f3bb2fbe1659e75da73a63cb884be4a791a90702758e6c52dc706

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\da.pak

MD5 528f37f3f0f7b145a979d5c241b4fa0a
SHA1 553184bd357c6493e73c1a1dcc5d142e1a36f0ff
SHA256 19444d709ff0b9343aef93a640c505566572a0f3121012716d2af937c08d6dd1
SHA512 6a58016bd952dd93026e81bd240a5d02b0538c61b3f0422ce4439a719d4c0d76caada1f3177d4c4942c0b573844c7e42d202285758dce8bdd8c44115ea4b068d

C:\Config.Msi\e5d7302.rbs

MD5 5a8f4b27db9efc1f5e3e3a172957693a
SHA1 bee949cc6b7930507e0eb38c4cc3cd7414357a5f
SHA256 3db4549abadb4b32f217889412a9f428bec3dedc3570c628f55769995ba2945e
SHA512 b45a262e0f10fefeb50226d4a82aee590145cf9e0f2e09159160485a84a6dacf586387e3e92e38b0c4403b382fe916cd5fb814c94fcce9b7ca84bc4c5a15064f

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\de.pak

MD5 8ae896d9d42d65ae82093eefe5dba356
SHA1 57b6175fcd23ae0dafc7eebbdaf7cc26c1ead0bc
SHA256 6e8983727e035e77652fb453192871e435dbab03ffb3088a86ec918ef01b7f37
SHA512 6271a6e21fca7793964199489d21d1fb8d93eff2cf1979b3da7ca6eb22d4786a28a6e62b6ba0b8907a6be7487d5c9c45d8d372eb34ec16ddddbedfd49dfc475f

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\cs.pak

MD5 11a76a16e2f94290a6671b2fa7c782bb
SHA1 ccaecdb49758bcff8fe31ec0907b3a4a0f1ee6d1
SHA256 dee2f88b85753600284bb4acc844be1f0edd5688f98340770bc042aecbd73fb9
SHA512 a19845703cd2af109c085383307eff88e8f2ea4f6446541ba1f0bba89522e714d43cfa355af149a9a12ead96ab389b27c273a53dd15a93b401f6f7eb4d43886c

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\ca.pak

MD5 711098caf9322fa49fbe4ee2ba794a7e
SHA1 d567f076ed6b8b1479c566efb155ba491401f140
SHA256 95758e3b0e83067a8eb8f135f1a9f6112db18ab6a21981c5ec32c899c729a159
SHA512 bcbff969d9e3ed54f6072b359f911c0c9ed875b12fc7a29002e9a251331b4d47b7c0d740ef1c596bbc8828d6e32f216f41bdadf0873a0a85ea5b65bc8770158f

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\bn.pak

MD5 bc688ba7dd2b0f9946ac98a1df15131f
SHA1 b453ec6785191b3dbd5d78e7b25b9481b6522b32
SHA256 6ad844d2b22c8fbf3587ea603140deb1475dab934ac62e402dbf1c6946dc882e
SHA512 3d60102975a6acb39ad5f750128ab4967bdb5a64eeb398c5fc71e5fcca860eb97487df4e85269a5ffdc1f030bae2ff1c03d61b08565792f84696693aef8119ba

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\bg.pak

MD5 d9291d2f1e816471f691f37c5a4635a0
SHA1 201f26fff690b95f559d57866d7db519364ac27e
SHA256 4a7d229dbd7ca53bac0438d5705a8ecad9e33213f6752e58624da1b9e9cd571b
SHA512 074b46011bed5750dd49ec5e021b02850d11b235730c27bc2d0910a69f2f1d03c79dbe692b5dc34b7be28ab071b8af6c639151ebb10364f04b8acf4615c54270

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\ar.pak

MD5 f27d0b588bfb76f541e9a8d83c74fc58
SHA1 23d01bdf7e1a7d9cc34a53b5d0e9a221395d0f67
SHA256 88645be62d0421ace7b2c44df7de67a4a83b04977049bef82b465f60f06d5560
SHA512 9406a3150e40a5c93c9a2ba82030b334161273ec3d66c8812cb7328340cafd0ce549f178cddcd00bfc227a258e8aba64305be203fb6502fd87f76f224d0a7126

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\am.pak

MD5 1ef5cb04c40f553fad6dd74295ff4588
SHA1 9065653dc4ec508b657fb86f45a69114d1ab4be1
SHA256 9aa0bee97cd6957d3fa1dc43e3bc45b7fc4f55df6df9a33faa7aeaf6e2c46a71
SHA512 fe766d0841a1a247442e85b5e4890fd3f83c76686e61c2243ed93a373d7c4b9a79558200583e58fb17cfa64efe053d61c582d83beb078a62ef232376e4741ead

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\af.pak

MD5 3ab2fcf223a5fefe8a186741b3507e14
SHA1 9e851c09c08415a228fad02ba87a9caeb29e3b9b
SHA256 e6db19247e92d007323f9e0ee776c423a6a8a64ab321c9d5c964cf137e390a4d
SHA512 c1259f7953191b7c89694d826f4e45564d4c7b6be2aa7e85b73c5a6f723894b139ba62d215def008f45a95215fb3da7463e229c8ed014a6db4b03e64133891e9

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\snapshot_blob.bin

MD5 17b5a28e6aa7ef49bea7555843937313
SHA1 8c740e68f009c3d03db74edc347cc5d1fac7b1b8
SHA256 2590aa136bc101f1075e42cd8939c7679ceb35b773c989be2ada49acaffd01a5
SHA512 af7efffed22246389d6a834cc8d8467e965849ffb8fbecd4d192c0596d1a026c6ddbe49cd2029163fd77bad22906e80446512bdb918875a7fa96c6ffef65cfc5

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\resources.pak

MD5 2cccd68519bff7f6a45380607940ca9a
SHA1 107ed8e7aaf2ea4d8b290afc023fdede16e47254
SHA256 44387afe96c6d1cc6b24e6e05e42e92eb51d6c520743fc8e2eab06c683ba27e3
SHA512 da3c67f10ff1d741f6c4d5313f8f1887ad3232b33935d5576d321e2d0622f601fde3f3cae24b23f00e8e7f7f48aea49fcf4fde12aef2b396ea5697566f8b7128

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\LICENSES.chromium.html

MD5 997768ae7eb8c036425bed10f766e823
SHA1 2ec99026b977f6603a8a7890bc05594a9a4f13a1
SHA256 ab30ee348b3257ec2f19fb5733e64278438be792f1280ce0f28eae0c9cb8943c
SHA512 f408b817b68861cbad62425e0bb8726f876d36a2212186a8f948d5c825c95ed819dcc41284d8ad8ac11e7ab7ff6141588fededd01c287780f84269846515f639

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\libGLESv2.dll

MD5 eb2b911d33f5ba82109a0d5608c28334
SHA1 fbc578fbcfc88a132438b38e97bb87c16a9f698f
SHA256 2404be88c798b43499ab7466e2b04bd58510f0d3fa59049aba6ffb932b65c977
SHA512 19becd2003702813898893f7b1fcd1db179a76fbd201fe34471254b75ba5e98af262922adafe5ef0672302cdf4c0b1e2f8910fd2e51ded0f3c4d6c5a43de489e

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\id.pak

MD5 437540fba9de2809d42dfc66ad78d664
SHA1 0ef84382147c9ec2c1f8f248f7234506d0f3785c
SHA256 788a4e41a8e6b70e714913b4894a48fdf24799f7a20320565c523b233a41a8be
SHA512 e893b418457b2aaef7605e36a61351b43b18b38ba675b2377bbf7744c7ba83fb66db151faf28f9bf0361f874cb4dc93e4bb1066cb7a5fb6a41b1b97f907c1dbc

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\nl.pak

MD5 abab4a5f1afd809d2e7d5cad3ea17e70
SHA1 d57dd02b63849f7798b1ba11efb889075fed10f3
SHA256 361d54411d890d26fbe6d1f8e8f8258e72afca143783f9f16145b9f4f5f9333d
SHA512 076a061a9278d83c76048696d14120310b64fe41a0300a0e0588e1c7ae933026d8994f9672d85c5c76046a3d7eba5fea6ce70fa7fb4cde0990777e3965fb1d8c

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\nb.pak

MD5 9cd8697bbc2b78dc3fe4c022d1fd5ee2
SHA1 9b0cc62586e391af46899464dc22df60746b53df
SHA256 fee60b6eff88716fd8ad4a9b2da8b16827753c819671831e2d7dc2723aee3bf8
SHA512 30db548a2bc7af38ffe0a1970a52afce2fee04c02b4b61b277d875f068c86fe46fe537303cbbbbb66f3f715268b43cf3b2cdfcd90c2a4157393d6242eca79c37

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\ms.pak

MD5 aa1d4538fd06a6663ca213e059592f90
SHA1 4197b4bdd58b09ca8caf76d0c22e3eda358dbeca
SHA256 d51d9f4fd2be492a751db6898b4c2843b2b6cbfe893bb66ffa4eb8e1a66e7e5f
SHA512 718d3ed30f8f8052b2c52e8458188880a050ccf14f2929e953e18a551f6abd4fbc87af525ccd2efa353bbee00529cdeb7146373023d598cb6430e16465bf1cae

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\mr.pak

MD5 a72af6ed3bc9c364cdd096d65e3b5349
SHA1 f652a7d21e8cafebcd72cc38891d4b7b908444c8
SHA256 c20543bde56b4ba78b7efd8a1fd4d6990e751ea7e243c91a2e83ca78dc0d9289
SHA512 3d0523ac8ac9e1d9f2e3e802053a14c8c3ea0b45cac0865b10efb23e869236b8103824777b5efd45eda7d6da128e9ec15bc68963bb60cc46a034ef357fd66b77

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\ml.pak

MD5 68ba8ab8cdb6bcab0650324a9b2736c4
SHA1 5cb7dcae00cfaba7e621373273dc80144319f031
SHA256 c990dd02ea8ccad94f5002b2b05e74ad258a9b13ec1168732cde06d0723e2a91
SHA512 7b4b75d2a67b32c0232b05de4085196484bf52cfeb109f2543c4cb184456601afafe3e05ae7ec9c37666499bcb424346114fc9fd08af65a7af853e42cb16f5cb

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\lv.pak

MD5 f0645d37826c1e2923240b745506b7f6
SHA1 d41a06f30cb4aa187b6f02320db9c743058551da
SHA256 1af1ac2692035d502e772f976c977936d0feb42f65a9096e0af2fcf8b7df03bf
SHA512 29ccd6915aced1680eb0ab6ce4554ccbcfcc196a7e1398ae5da1433205c7b2e77ed2bc7349704d1dffafd108403bffe53c36bd018bacf6faf7363f8e35c32a9d

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\lt.pak

MD5 2a21c3d432c272f81edf923308858802
SHA1 7dad07b28eaa2db09c341a4670a17016702ea1d4
SHA256 da21c47633640002d0eb397d9f2685df542b6f5e53ee3ca655340750de2f3217
SHA512 8f646dbceb6a13568364f194f1ab95055378404e0ac21a3b4e609bfc1ab3b41869fb3ef4700aa0161ef43e4a394666437c17cf49f7bb0bb1d27fcdfb252ac782

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\ko.pak

MD5 2f216c3e58b73f7981d61034d707b53e
SHA1 fd47331e07c8575057aaa58b1068e82721073300
SHA256 7b87b2795f4bee5d4ea37b959ef9d7815b4cc39ba3470d97006370337c3e5997
SHA512 eb07bfc41b76e4ccac9346f9540208d184291cc443028ce74cefdead0b2c63cef6c92862eb5c5479810cbfc98ad2a60d9281a6286d25a78ee12e8dfcb2522288

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\kn.pak

MD5 be3dcd0f8dd4275662a01a381bf294fc
SHA1 b97dc0e112e1b66ab3b9b7679cd9b2e8d9e40cba
SHA256 c06445ffccb52fca884686db4eda33d315d8340fd653c199c0fd8a07d1872720
SHA512 a9b00474ab5d1ab88bc005ff53c8d7e33a103d87c2794e38bd6819de629969d9dff06bd4bc7c2318ada4de5a61d68462bf5e0464c7f53a4250b4f617f99ad32b

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\ja.pak

MD5 d453d6bf0d493cf8a28dcc7e32149cde
SHA1 fe164f188b61c6b0c243262df7fda8fc612d9e82
SHA256 1b3bcb7b6482cd9b005aaf30ccde3b4f3603f0a9e1d0f2209d70ecc74f7353de
SHA512 1588071999065dc93959ac36557e321881e7f244b2166c0af76deb4083d3e9580e6d0dac1fe474a49cb43cebc76a3f0ed400e750c090886c77e85ad0dea86c2b

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\it.pak

MD5 f21eee789d7b89f4c1ac03bcc95b6391
SHA1 754ddc787e22378c3034c78dc126e49d952c1ffb
SHA256 94652279dd554461d91613fd2cf295e0c68a7fa46855c53172781b15a5b2bcb7
SHA512 588640b61bc8ec60d9d6a6110544b0d191cf0d084e17bc79ab19177eaf74899c1eccd7b0f0f6852182b48b19596446e819ef0c1d64fbffbc87552a8d0eddf49c

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\hu.pak

MD5 e74277eadf72ef7164e03a0a38d8f6f3
SHA1 0085e77f0a9bf30d290f1eaf24466a12789a1c6f
SHA256 df6c21a38bedd4c6d02ab60650f4c34537e238d4c72b96b2857973027542c3d8
SHA512 27ef60832a863c4ad3ff0816ee03b8bdeb584fc83654f4b1061786014aea92334ed44482321a370836aba7e08cc4b0992a8ece81cf8b98e42cdc76813470ecb9

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\hr.pak

MD5 5858fdf0f665ef6dba8a4e68ae175974
SHA1 fc8085083e4b38462c42e6ca5ae67fea408f18a8
SHA256 66e85a46152b7baa26b2fd8d6af3df0ca67f54b75281aa08cf6a0f7e769aee8c
SHA512 6b32b62749b2e1a8921faa425ffe69f1d3bb3d8ebceb74f5215c355a35aac8220ae8a0624c68ec45123430cc731812504fc22bfac1d50e810168f3b3509176cb

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\hi.pak

MD5 d0b36880a50bd87dfab2ebaff24c0ea9
SHA1 eb1f30d0092b4900f332cc2162f9f1c52ccf4da8
SHA256 b23dd1037a3d133ef29b73f5fd90765a7af9f0f69b24858343acb084a59b01c8
SHA512 bb80d1ca39707b96601433f9b10d7857950aae2075d173d5650af2e3a6e6fc795ba4a6ab55888933b9f0e62bd03d362af42357ba22c75a1ad599d153582f6bab

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\he.pak

MD5 f7f22a75ba2cc2a2d1094ecdc60a208b
SHA1 a631ebc0d180fa994b3856f706ea75714292a7f6
SHA256 4e972808f0a25619462a0390105e8a869037341a30b3481b3c80d918009efdb2
SHA512 fa7e27d931421fa504c6731e4aebfec0908c98f72c2ec7341195ca907420dfedf30f68e0949e3824b6368d64244de3bba6a7183d3fae424a0e1de69bbfa9d71a

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\gu.pak

MD5 9ad27f9e3aa9356d8398a823a5a90762
SHA1 65a3b8b786a245e307bad3966d9ec02094c06cde
SHA256 984aed687408ebdeb291a57893034490d6acfe9d34546dcc3715f33c8907ca61
SHA512 46fa7165714cd1b7c1e2389c85e2ed73f40125491959cc458ac621f5e156963f0fc141deb1c973996a15bb2b7b835ba36806db762ebe97b02159d64d002a93f8

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\fr.pak

MD5 0b0722d0c9187ed3bb445e66b9f73668
SHA1 426b41bc9677861b61daf77e235c20ca70b5deb8
SHA256 b7b3e4f04dadde5c228408c32c55f088372181cad5b71df515cdad8dd1ef9e6d
SHA512 4d5e3d6054cef9f903844a0822906c612def3d4c3319a7114a54421ff1a4d3c523d02d457d5a2ef8636d6f4183392f64d821c6ab2e8b79c9930e95f7a36a891b

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\fil.pak

MD5 850333b9705ef8ea07a6a9ded5904040
SHA1 12950aeb4d7f13ff335c5012e1d0af0da50ba541
SHA256 742705b1c87900f6e8f02fa112d2cf13ffaa6c09c62a7dc34a2cd6a29608dd10
SHA512 c464725f7f9702c9e94a7491e963664fbfb2b07507ade4f32fe2372eb9d0313bb229fa8eada511b338d094780341c24cfb59f745471b0b82fbae94ebdc8ef4e8

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\fi.pak

MD5 71f7182ad054b5294d1a3c8fb91d1612
SHA1 13a210397d6352912c35ffcfceb0e2ba3910f7b4
SHA256 0b41ce33c0036aee83989ce4ffc2d096b2f6fab77634e4bb500ec70a51b4e0bd
SHA512 157f11807cdf4667efbc93cf2f3134d9d48b6eb08b941eefb7b085dd3e110efc42c78ef554c0faa2b46e0155903342c6b5b6b20f796907138619b880bcb2d2f9

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\fa.pak

MD5 d7051343f1cd16379689a2a28a614bae
SHA1 7dfb720048bcde2282c682d5653fdaf3b55d89cf
SHA256 4c00aed6cd9f9f6d2a98c157cc10a07f4f09fcc18b72c048eb6777a2600181ce
SHA512 3d4284a0c4c528be1b9466582bfaf2cc1acf9a03ce9cdcb27ba2481c31cd841b0a70912ca388dfe1d3cdbc58c82e095baa961707a344d03cb0db777a61b5cdd3

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\et.pak

MD5 f6b7f59ef4eadb505faf6f939adafecd
SHA1 738f208a717786f23d124201aa16b377b686cf50
SHA256 8e75989893f0d59f6ccae2042231ec8e7dea6fbc78210700d0d1d3a67f6b1d59
SHA512 195bec3a111c498cb4b791bc7d15b459014717fe4270cd82d01e6e4d1b12bac03e267b7699b12e43db5c6cfd8625b6358bcee039aa18edf593f824fb27bcb38e

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\es.pak

MD5 85e0afd9c09f97cecc025f31fdb6269c
SHA1 13b9ec632e465c31fe6e88b1e3c186a2eacf5de6
SHA256 e1a9180677d2989137e8dd381e6c847c47b385a6d3e965a047829479317736ae
SHA512 0371b816522bc43b124ab8dfba3ac55e63c435276031f7035075a0767a11f3d73b5991156ee6ea1770d0115c09cb653c9d3fbda4b2d9f1e00b068c9d7a2f8db4

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\es-419.pak

MD5 637dcfd56428fe96bb0a778b0cf8a660
SHA1 1bad857d600d00864edc3d31529cf4ef6a49b580
SHA256 45f136986a226b1385189997aad2f660d0f518cc9871862250736237e0b105cf
SHA512 66b5c92687e97326af47258d38ec523184ced00855ca385515c64bfb9a7e3eb8dd1f885c4db5891bad680c670714bf9e5574483e34265c1f7781c8a7e7af9301

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\en-US.pak

MD5 1e9b12891461eefd9db12e537965329c
SHA1 bf2346e045f79a70218890764b9318fa86886b36
SHA256 bd67fc968d75e77f2bae7ad552c398ccc4dad8635d74814c2046f813010c45e7
SHA512 3f01b9fc7e07bf6f3f8cda357debb83f73bb24179f6926d0b24114ac0078f42941a68842453bd7ee86cb759ef76e240b84278ebe1541cb659fb7caf3cf5b6820

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\en-GB.pak

MD5 0444defa8f211ac4eabcc760b14a5b8a
SHA1 f143e080ba73f83c77d6c095ab8be1f71f763532
SHA256 e252661d412a068610ac2e2a64609f21f71c64602c579a14d7e6ee59d08fdfc1
SHA512 ef4977e477c3c39c2915e82162bf44370a3e2242a2fe57b43a0c2342171d02278adcec9d602ad4d4021a6554ad85a55d4635ccf3cf97405bda30626379d875b6

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\el.pak

MD5 79077480619d88f5d4d0c349e86de169
SHA1 3b05b9de0d79e6cf82ff5e482dd1626f58d1c858
SHA256 b4bdd19191dc4bc22f8a3ecab032f034b0c0c0669e9a5ba1b42717ec0b5b418b
SHA512 1fc5697c798c83f70345700037af7aa22acfac5a3c7e319dd57d587a35b7e907ecfdf175e283df365e31c0f824713743a96cc56b60e9c1f335bda80fcfec38ee

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\pt-BR.pak

MD5 8bef64a4500a00f0e72944a4a4b6556e
SHA1 13724500fabaa1c452a253bd43572d40d74f8e43
SHA256 1054376071aba92b165cf561b7931a18ae0b29c9ca22eda85c5c9c7e6721e49b
SHA512 8590fbb13913342c988a7bfbe7abe1483cefca90b801152ba483752804879a30b5f8aa4f7cd55165978984da68937006b675a65d7c6ca93e770ea2586a35ab02

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\sr.pak

MD5 7b929206486e740b4c9299112186a94a
SHA1 b52a4c8eafa2d9439d525a167cb3482f31d7a6e1
SHA256 a0ef17a572ce510796886b844226b65991bbddcc71b763b91569a07ef23d2070
SHA512 91f4676cc8eeee6f3d643f13c27602ce05639b3707bbd950fb0f745242e92d053b74f575d87522a43f2135662870ca3e3eb6ca894737a5d14900b9e48c837673

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\sl.pak

MD5 1dbb16fa2da8c13145420e85cda509c4
SHA1 6bee3ddc96a98c1e658299dabf6457fcf90c67cf
SHA256 5015c0685b66ef38c92ffc4963e144e913b646d8e855f3976e50c8039879cccf
SHA512 a98b086bf9175b7c2b5c25e1208c8f7248c6eed2bc9acc095a52479550b58bd22dfd9a09dd3674f59ce9ef537f27b0dafcdab194158438d0e68d3c120fb97e34

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\sk.pak

MD5 ff48eea350d1fe820a47c2cd0f9a93ac
SHA1 1a069d1f9b278be78cefd290670dcecc463aa7a3
SHA256 fe43904bfb0072add943ee8d44e9f92a80eb2aa55ce7157de52ea625c277db53
SHA512 507ab138d8b6dbabdeacf3031fe4c63687fd91d04d0eb5e27b12ffe1d84c93ee40f69e48853d6bebe177d614e4a14f034024f93397a0e9fe5779ccd01760caa6

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\ru.pak

MD5 9cbc09a3aad1ed164062db66c31b5031
SHA1 ea8fef1cdaccec36262c65f09b4448128a5ad2bf
SHA256 f6b76bf79ea9f03d6bf8a399778a387029baf9a94ad274788514b2086b612bd8
SHA512 02b7510ae112a28aeabff0833ef997b1fe0d7ea23818221da8df16db392d4b85792fb60bbb3f3157c912269f5abf0db0aa82364e2cdeaedaf8b2d8fdce2537f1

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\resources\app-update.yml

MD5 9300d1436965c7c0933f53bd16bd332b
SHA1 96246ceebfd51faa9470f9152d0925f6cc1983cf
SHA256 53c824fd08de03ee221296cb75ad6e8c3cff5b8254a467180197cb308666377b
SHA512 9683ac45be9771e053fa11a0b13b7fe6866c44385046c3f7b67e77e1fd068f5903bdb1987209cf68432ffc021f8366f6fb002c360e3ed6ae030a8fe3996415f0

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\resources\app.asar.unpacked\native\cleanup.feather

MD5 e249fba7f4de1b7113e1d04d9101ff99
SHA1 953165b75b9f6d26a9a309fe68c7415f004a35da
SHA256 82319ef7ae02d653342df75c099b00d96c83db831fd0b22a462f5f1c52ccf2e5
SHA512 ea53592726bcf437692abe1490509acc9560c49e9352f3ca9e6d3c60a79ab0361e53fce47f0d758d8d872866499df3a8f5417bc4ccf0b6856e775566b56c2904

C:\Windows\System32\DriverStore\Temp\{b1a0db9d-69f9-9444-8c6b-186ee7cd918f}\SET8C56.tmp

MD5 da35554449881ab09f3692b4f920bc84
SHA1 97ca96471c153404a303835b931e8f9fdeaacbdd
SHA256 a7f1fceb672356038d63f1658ed7ab700b300ef2c389fe1e96cd169a0a448c53
SHA512 91e4c7aab14327f7581c5f1c238a8533ff366897c80437d94265b8ae6b400e311c30da5997e471d75dce0a7c578d740072da2582b416147535859b3d512607e6

C:\Windows\System32\DriverStore\Temp\{b1a0db9d-69f9-9444-8c6b-186ee7cd918f}\SET8C55.tmp

MD5 a91b525f9686fe6c3bb30ac95c1928e1
SHA1 dcda9b4ebf7a2c024518292a44a07639179dc220
SHA256 bd5c2632d4d29645debdbc51238bd5de6b4fba5d30fb2a346ede60713ec6f01b
SHA512 ed933cc1db3c29dbb57de8ca44ae162f012d4820cf5e836a588fd9dc8dc959c03b1ac0fe9569a89ab16ef5af30862882aa2504d1f7838ea16c3a7c37c4098628

C:\Windows\System32\DriverStore\Temp\{b1a0db9d-69f9-9444-8c6b-186ee7cd918f}\SET8C54.tmp

MD5 af3c920c92f0688febb19b4805200d4f
SHA1 c35515e4798f560e217ed9208881156b4606b4fd
SHA256 a7d560904523a020f5c2ab82632b3a91692a2bbfb7ce06bd9bbc0cb9fb1949dc
SHA512 a51aaa6d260cb54cd30f7a80d95a1f0d3919f203627d8eaeec6422c70520adee6455f6c0cc2dac468a3e389846b6337673dad937eacb4ab8f73fda4ffbd245b8

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\resources\elevate.exe

MD5 24961e3eacf61323cf8717924f4c2314
SHA1 74196223e4dd6f0a08eafeb6af1781a11fe49697
SHA256 7817a3f2c665eea26f1f16715a00dbe7810d9955ac041a05921b285c507df54a
SHA512 8b3303f22c1183541a4dd7a4d23e62ca05021a07f4a674e4aebd1123b564b452294237f383b4678f141bd8e1534e490a13283e3bb0f1d9537144b4e3d462caef

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\resources\app.asar

MD5 8369d9fbfedb113095eb402c4e3a82fb
SHA1 789bdf48d048391ae8d49c903d0f8fa5f5bc78d2
SHA256 e878d22ac49f49c53b939c5a7065f057c73c39674422cb74deaaa039ac31c5aa
SHA512 97828d662a348a10344cfbd83de5260c2e6c6aedb5b99dfc64050611267494d0e1e8e6ed42d3ed3a927cb03122925ca84fa53b4e7f3c3d3d1123163e8f0e555a

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\zh-TW.pak

MD5 31b1d4dc9c0fbabb29c2e32c759e7238
SHA1 45810ead9541adbd12f15eb63bf33f932f7e48d1
SHA256 54469b7be7f1c7cd972e77d9853813d41b515b2ef8a3824e7fad2646b3ebb3a4
SHA512 10e76d0226cda5541a3352c8111b16d59d563e91512be4e0ddcac9b71e0c2f5953ac170d8a23fa1c6d523d3214057950ccb7a67f922921d6c34d475590055856

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\zh-CN.pak

MD5 d9be21bde24de1026279aeb67999b1bd
SHA1 0a0e090bebc5e4e7550152bee739f220f8ad9e9f
SHA256 6c364baa231f41c668fb15da586568a985fee2b4bb3e611c07ba97675336c013
SHA512 d376aaa1d38f20e0cf89131452df6d67489711950a3c89aa515570588797c4d83c5dc467773d3af525a551e0f6087fdabbd2ec3d2b48db4b961f2c1e9932f0db

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\vi.pak

MD5 34f3d7788e213b731c0495b2fe45c78b
SHA1 e7a2ed024e61375077973031e2dc82d924ed75ca
SHA256 2ca9eb9d04ab45f479b392ca9067d353e5472f863d3b784acfcb1361c6da30d7
SHA512 48400842614a31f65278e667b43d188dd44e4e9101c7d3d01ad75569d1182cb603ad07168195364ae53dc598f544f438f846ccfc604db208fb29998b292febdc

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\ur.pak

MD5 77ce70fb50d1de7cfdd6b13161a09809
SHA1 09d08cfaffbf255a013a8b9727d40c776be51d37
SHA256 ae2457b6f347d34fa8ecf524d91154ba9b80ee160196d774546c1b8924049495
SHA512 7fae3a792a2d64ecbf60ba2b694ddf2b40df0e1fb81b602b878ede856912579b7ea78488bbe998151350df814a8d8b0f3f1299882c9b330d214f9db05de86b56

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\uk.pak

MD5 987144e7837f63de1889492166f4330a
SHA1 f9b5055572eb238b357a7c977c4ceb6f7a768232
SHA256 d10af321c33d48f5e97abb1c74b76e43e63390b9022bed58437fa4d271283900
SHA512 32ae4c6d7e90cc0723ca385fddf36ae88fc803bec790d844eac4c7a67493352c3aa85a49b095178fcbfa4485b9167b6f4dbf0034e7784148383d0084d63fb9e5

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\tr.pak

MD5 8faad383bb39fa15ccc8d07beffa5a34
SHA1 5bcd907923c04b310dda718b5eff4115cf42c6fe
SHA256 e31a9cefcbef64d082b77a16a2d5dff11673f74363cf9fc34e36004a62e308d6
SHA512 9a604a1e4cbb23d48203d02950465020c6dd5a3556ac6e5ef7dceb0491b8d5c5722b6b73226642f2234885a36dbdcb1f628503b6cf63c84b4a28408d74e82764

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\th.pak

MD5 73bc88a210dcdfb14b6f29d8f86f4f4d
SHA1 fb3392a03cc355aae318902122b7245f2fc13d01
SHA256 bb8b656b1d2c4cf5f361f59b44abd4809cd774e664dbd0f90b62b97ea125e3c6
SHA512 671b90bff006b22ce714971bb8ba87acc4d887f9893709a090a85a8dcabb1ecd72edf54775c77378ae22dfd5ad2880df10efb201b1d4c11a1d304086b8ed3c8f

C:\Windows\System32\DriverStore\Temp\{225121c3-8708-ec47-8d38-5b025bfa099e}\SET909C.tmp

MD5 5b7b08550e6301040c9f44944ba40e52
SHA1 0630f4a65932232bf63d9261b1013f355bc78d8e
SHA256 b138b2b591cf030604976d33c010ff2d5b845b265c6c8c0507b7beb0b49e6c59
SHA512 9f8bad98a9e6cf46ea977638a3e2827c4d14b263f4dadd6f3d91303d618b80429fd67ef00388b2c324ad334e7fb4d73527e27a5fb28317b5971098449ab8f02e

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

C:\Windows\System32\DriverStore\Temp\{225121c3-8708-ec47-8d38-5b025bfa099e}\SET909B.tmp

MD5 887f0d14c8a2b33281ec31033ac35a0e
SHA1 26dcf1ea5e9cd19cbdbfffe49ff935c21159f94e
SHA256 7800b0f48e0fd1b17642307af27c89d1cbaeb199203455ee48b0ce178f090d6c
SHA512 3ed0046d46482d47f580c0265bd12c8421894c67a3c80e0db39c2452578654785e51d1315ecd98b2a1b83f387e9fd7ce51b626ab8c2ae04b68d637ffad161407

C:\Windows\System32\DriverStore\Temp\{225121c3-8708-ec47-8d38-5b025bfa099e}\SET909A.tmp

MD5 2b0aef3f4efd549637bfe7091c813ddc
SHA1 65b8d07bded90a4f9bdde04981cd5f86e741421e
SHA256 8d75f1481d117755f9d7fd44ce14a1f5dfae46a1c1cde7162a93eb4ad21443f2
SHA512 c6be56cdf131496e819798fa0fc21bb04e2224c6c84809ae0f9a0197b104b99e7729eaa486eed1d67044743798c2991182efd68d27366a18121f97adaa8c3c5c

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\te.pak

MD5 d7f858c12123e975b4a862c3df05c0f4
SHA1 f8d2ffbf76883f5f095e10f3de5694c209c47b12
SHA256 29e4d010c6b951c129633aac0f55b70107fd24dcf1062c20e263611e30ab4b93
SHA512 1d44549e83b0af8d9c1b5826c970eb8dba5e8159c0ccc3586022d65d1e5234b06cc97ee4a9d45d7d944e882f4c5a12947bf810f73c8c064255ac0f46e35799a6

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\ta.pak

MD5 2204d0005209a5a2fe25bb44b8e5ace3
SHA1 161d7d4e286d7bff25e3f096923a5a7c7a3cd30c
SHA256 fafe173abc2ca773026b0caa24e693a0ac4c9d0ad7c40258bece10e4714dcb15
SHA512 8dc654487702636e28a1fcde05b8b9d2ec71a640c48233dbd5ed0aa174a875e275e310973f7e993908919affb7671282d40a8dd280b24a1c5cd29dc66e4f9abe

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\sw.pak

MD5 8e490ee67f6c53f9916715b0d32257d2
SHA1 dbf51ece8c770f38019f497bb10966feffde0ea9
SHA256 a8d904e4871efa01c72ef64bab601e6cb1de216db4a696966e90fe1b733bef17
SHA512 a5774b930e4d5f6d91049fafdb6a743fda32f670e9aad9000740010d1b271a4c3c881d138e40abfcdbc6bf98f37fb3791007a74d38ac507b8bf86ebe0ee00c15

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\sv.pak

MD5 c5bd14d64a64ac7f361e49035405852f
SHA1 e2484e58f524464fadf898ee0a3c972db19fa9d0
SHA256 21c7d459c55f255c6da5a6454eafc836a3bcdba9c99c76bad0f0d6fbbe7a33ef
SHA512 74443233e16ec24814ebc4e16aa5108ab447c4b1d095c2e18ae4cd2d25fccb13a182fda1dbcc286b9f8b07e80e19ab19544fe758efd90910a4eb1d05c3ce3393

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\ro.pak

MD5 3e9f9e59dd4a782ff7b1f1106df6c88c
SHA1 a0694aa9cc39e1aa5ee6b0cccc0de76b14a8f808
SHA256 d56825b2ad81fa419b428855d8b3cff01015a446b7cc989d7b17fe1b3b5f45cd
SHA512 7e03875cc9b5c01838af6b470c541cf7f2402fbbd1b50bf0634a4c26fe417c85d59f53112e1013425d26dd2664c83181591baca502c259e513445a6ea2fdd18c

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\pt-PT.pak

MD5 a0e1ae3d3ee87f7031fffd278cce007b
SHA1 c36d4e8db6913f021a0be1d9b8a3e8a13943359b
SHA256 e5c382258030217591f439a4020069378c3362677258d5129c69ef8e25abd6c2
SHA512 bad63254f3a4fb65a9e7cf00587985cbbc93fb3fc2b48735b59fed3c98ebc1c51fd5e8394209f86c6040d05663b677b6d468cd98920f9b088c6fe1cdfea7b47d

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\pl.pak

MD5 b5fa6aa430ac5ffbaf172627733d0a28
SHA1 22179851889ee0f30097b0ca7417575f91c9b7bf
SHA256 fb1dc5b556f59b6ad642167f1df9e654517ad494559eb3f441ca8f79d56a86e0
SHA512 80dda2de947cf5e2084bcda6623b83ab7cabfbcf5e6fe4d36d3290ee10f18f7be897b29bd3ac9f5be72572e04a7791e008532dee68bdb9647b20532fa38cb386

C:\Users\Admin\AppData\Local\Temp\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\.ba1\logo.png

MD5 d6bd210f227442b3362493d046cea233
SHA1 ff286ac8370fc655aea0ef35e9cf0bfcb6d698de
SHA256 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef
SHA512 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

C:\Windows\Temp\{7BCBD610-83F9-4224-A570-BD5524A1001E}\.be\VC_redist.x64.exe

MD5 464799b58f1090430afa4aa6183bedb6
SHA1 f2b3d878516031e4d968fa8d7b160a14e51688e8
SHA256 42305b0bdfc29a9b03bbbf17b0adc12146cdb37031ae51029b440d537f714571
SHA512 7ab70eb7fdcc107bc41c345b8ca7414ea40f7c3b566614d7767d5d9d93b84cb73d14e447b8a885ce71fb1c46a2469b825a56946a1ef7ac0f8ffdd3110f08d97b

C:\Windows\Installer\e5d7314.msi

MD5 a074f9ba7166e1f8ad9db84ce76d843a
SHA1 2a36a3d8707f8b4fec94e26ec6e2a5df721591eb
SHA256 a3ba9b962f0e5ecdcfa3f9ff7b25bf7b61d78abe5f393ee45f71ef7ce0d9d497
SHA512 8ef81f2680f2b2de0453f2f2e8f209257c38f0e243a55d478a0085415af1483771741b09009eee3b1b78530016ca53c38b00918c5a6a91d947576d3b061bd31f

C:\Config.Msi\e5d7313.rbs

MD5 d2653c10ae41db734bc3aae5bbf678ce
SHA1 37c5c8465f56dd9fedc57b24cf3087f80259c454
SHA256 ba2bcf9f67664a6814fd9ded322672829ef256588a995a3419da05435ef8e366
SHA512 df44461a7ac3e87672e2382d79684dcc648e6deb84ddf1ed073cf80f1fab022a586c315b224a256d89f5928eb8733b13c46e5dc2011a30971a21cb94f41ccc90

C:\Config.Msi\e5d7307.rbs

MD5 718c4936a6508e9433e2a868987e9b3d
SHA1 9a6de8d47d87687cab1e33ae7159623f7026654a
SHA256 3a73c9578c89544af3752157998b297c1ab873f032404cf02358257d476ee07f
SHA512 3f830e55ab92fa72b67aaa739c91ae3ccdf7097289832c4b967f91ded5e109b94722a6376b258a0d02185c1d4be7313a42b440db2100c030777ea48303f4e8fd

C:\Config.Msi\e5d7318.rbs

MD5 14803ce479eb102bd6681bcd97f382fb
SHA1 161fb9442b84084dc0592b7d25b591647584607c
SHA256 d6ddda3bcebc16decef7d47ecb8f593d30d1ddfe924ab99dacf6dec103cc4f6f
SHA512 21c2a0a53215ee270d15b08e5aca2b85c1e80070196b456539d08da0594d2b0ad64f4a71b3dcda8afb74b517f57e5150a5304d752bd5a3e817141d3a8cb9d84f

C:\Config.Msi\e5d7327.rbs

MD5 4eb97406d0ace45590d2b911358dc7d6
SHA1 fd9f6ee35b97fa1a804f2961eda94138a61e99f9
SHA256 7f854b8e9e95acd3ba3db6d0f222989cc02e113175482542f3c9058e80d1bb33
SHA512 f44fd2a3c44b01597351712f6931e7bb42d394aa017c0ddb179338162d902d255b6c3e71bf8ee49aae7002ed6d5ca5e7fb7c89c88d311373f1bbe20129fc0e65

C:\Users\Admin\AppData\Local\Temp\REGD506.tmp

MD5 f42861b81e83483cfc09d908f07221ad
SHA1 4b25216d23dad0fcb82064b855ec4bfcc896128c
SHA256 fd82ed8808aed6aed3520877ec80a53d92511193680caf13dc3ddc74a895041a
SHA512 f4c34f9d4b420307188e10ff39d4a669056bcf34488b8ec93c4db858dfb58e3c2fa6a222f974081c871a5bd0044cc5728a7bc4477104bebb19e5acb8c8756805

C:\Users\Admin\AppData\Local\Temp\REGD554.tmp

MD5 1dcabbad0bc2c18ace0bcebdfaefcf7f
SHA1 4eb32e363cb6b707693cbdd39395e6cfd64e0786
SHA256 dd748e062c99392c060afda9a9e1587bb14f7499c59f6d0108d4d0d65b4ac893
SHA512 459d72662b4010dd4958ea0781635da8693fc68901c89ceaebd8f4896eacf8ceb50e8a053cf0901f344f8a87e803cf7161aa6220d8bf3be53950d941ba29c34b

C:\Windows\Temp\{063F7EAE-D7C4-44FC-AD8C-490029E3285E}\.ba\wixstdba.dll

MD5 eab9caf4277829abdf6223ec1efa0edd
SHA1 74862ecf349a9bedd32699f2a7a4e00b4727543d
SHA256 a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041
SHA512 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

C:\Windows\Temp\{063F7EAE-D7C4-44FC-AD8C-490029E3285E}\.ba\thm.wxl

MD5 fbfcbc4dacc566a3c426f43ce10907b6
SHA1 63c45f9a771161740e100faf710f30eed017d723
SHA256 70400f181d00e1769774ff36bcd8b1ab5fbc431418067d31b876d18cc04ef4ce
SHA512 063fb6685ee8d2fa57863a74d66a83c819fe848ba3072b6e7d1b4fe397a9b24a1037183bb2fda776033c0936be83888a6456aae947e240521e2ab75d984ee35e

C:\Users\Admin\AppData\Local\Temp\REGD68C.tmp

MD5 c79ee81cc081ec96c4b07562584e9431
SHA1 0232f6fb9b7b980a3c39c3a88d05094a79cbabb2
SHA256 3059e3fa7a25c503e4133b2dd7ee91d70c63f29c0c67b760d4c3f3ea6cdae040
SHA512 be5992ef82487e75cd45375221f3b984b8291910cc1c6f939df4ae6eab5cfd3c79fb391d877f72643a6174607522ec3bbc40817086b30a6fe09668f9fcb30f87

C:\Users\Admin\AppData\Local\Temp\REGD767.tmp

MD5 c3047ec19fe673d02a9d74d9a9d4deba
SHA1 87a9a959f02252fb5226333fe7b197aecc9dabb5
SHA256 6f9fae20e0186b6a5b6946538d57b4ded658ab804f72e6e385e9ee717cfe3fbd
SHA512 3c65a1fe5ac2f3418dd1acc74e671dee1caaef5b44b1843f522670640fc09116db58e968274cdee461f9776bfbd60684628613680d2d71fa9d24fdf99c85d33a

C:\Users\Admin\AppData\Local\Temp\REGD7C5.tmp

MD5 53436c54d16643d3b8392ff1950d7ad0
SHA1 5d424e8bf8a124027e6a5b6ca8f906ef362be36d
SHA256 15974ac707fae6699af8272c359b92feaa7e3f26a686db8dc8681680d6744c01
SHA512 cbea6970d29ec256fda4bd1c9acd9484af6cb748ee06cb41d56c1be450fd975b03ec08ad4626d5f5223cdcc7c3c27415736399c5c5749259ff55db1514c3f648

C:\Users\Admin\AppData\Local\Temp\REGD842.tmp

MD5 728b57667503be88e891a7bf65cc5415
SHA1 c925a86437174659764cace89f7647ae54e2ce13
SHA256 2e143832731a0893e404e38449c5d5749124b3ee622024471a4953fbc790afc5
SHA512 025d29432057b24f40e8f4ec579f103dfc4aec4017ac1c79948ea10bc07ed09494d94fd74316afdd8caec870bc946c170b6a0be5fad0618c07664f9611232102

C:\Users\Admin\AppData\Local\Temp\REGD8BF.tmp

MD5 84b4cc3601045035b52a2655e7978ec6
SHA1 0a5091a61928e5cd971dedaac06ea4ca1913d7a2
SHA256 f210e60e8556ecd1e530765d8411cee1bfaf71accd7f9160c9a9f8d6279a7c5f
SHA512 e970959d2a3d06056c428ff6163fc5b512217beefc0676e602a56ab985084780e2de5886102c75e27e92ce47a4f13d011b21119662d4707189e5f7e0abcc3623

C:\Users\Admin\AppData\Local\Temp\REGD97A.tmp

MD5 e42c48c8d41e7dcead3eb97bb12b0f67
SHA1 5ef9deb6000a41ed7445e4dcd6bc1458d623e18f
SHA256 ee9ec015124ef5408d8a560ed740b8c6a6dd1adfee340a865aa40d42945723b7
SHA512 98ea23b7c27c8c9947c43aca988739bd5b1dee945af7d0ed8d55c0e7ab140c714c50e3196804d3aadbe5d52cd5109aeeb2e52d650317bff83b078a650b40b16d

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\SpiderBanner.dll

MD5 17309e33b596ba3a5693b4d3e85cf8d7
SHA1 7d361836cf53df42021c7f2b148aec9458818c01
SHA256 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA512 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

memory/7308-8033-0x00007FFCCA820000-0x00007FFCCA821000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

memory/5756-8089-0x00007FFCB7880000-0x00007FFCB788C000-memory.dmp

memory/5756-8090-0x00007FFCA5650000-0x00007FFCA566B000-memory.dmp

memory/5756-8091-0x00007FFCA55C0000-0x00007FFCA564E000-memory.dmp

C:\Users\Admin\AppData\Roaming\Feather Launcher\Preferences~RFe5e172f.TMP

MD5 d11dedf80b85d8d9be3fec6bb292f64b
SHA1 aab8783454819cd66ddf7871e887abdba138aef3
SHA256 8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67
SHA512 6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

C:\Users\Admin\AppData\Roaming\Feather Launcher\f8925a10-4c1e-41fa-a32e-e5d432c6aff0.tmp

MD5 58127c59cb9e1da127904c341d15372b
SHA1 62445484661d8036ce9788baeaba31d204e9a5fc
SHA256 be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA512 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

C:\Users\Admin\AppData\Roaming\Feather Launcher\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Feather Launcher\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Roaming\Feather Launcher\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\Feather Launcher\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Roaming\Feather Launcher\Preferences

MD5 76198dd44d1c97b1f437780e85609e40
SHA1 48de9d4f3cecfdbbddf2e5ab06c05baa3916c43d
SHA256 741b0a738d8d7a5840b866d90032cf7ece7d9d7565d3726a7a71ead3e2d2f949
SHA512 5da4f0e3568260a56abc234e32b4df88fdac43dab1422f56695121eab41f496698f1fbf1ea53584bb9ddf758d41a2b0de1945c9c3e42f20da38971f730073052

C:\Windows\System32\catroot2\dberr.txt

MD5 0a17ff16905c9a930e634ef76f2f7a69
SHA1 a2606a850b25179c5bb343c29fde4a84d5125862
SHA256 f2fb0b9234cf219dda745d59c39985cb4cf60c49b5c2e352f7de07c62a86e91c
SHA512 bd95068e26e936e0a82ad976b8af3767620555c83ddb8db2f08ce7dd120490927a6f546504d26475746f3685b8b2b67900008cc6d56ec5380276792d02c75a4f

C:\Users\Admin\AppData\Roaming\Feather Launcher\Network\TransportSecurity

MD5 70b1b0d699317e8ec06193f1b5c8f87a
SHA1 d21ccb50d2024118fccbf84390189bf570ca1ec2
SHA256 dd8107d64134419bafaa46d8288a7c7abbb063d201420a32f750e1a5505d97ff
SHA512 57456119954ab1555ab9fb495b4fe7ca72afee07d5af4dda88fab7b38ac3d971ae65e43a9f3c19cc1d67eabff784235c2535da3c0bf204a2c52a60513f238cbd

C:\Users\Admin\AppData\Roaming\Feather Launcher\Network\TransportSecurity~RFe5ef5c8.TMP

MD5 0b79a5832f1204fc864389944bc90593
SHA1 05fc79e6f88999737dea471544fae71ba57819f3
SHA256 8eecd08eda6a90f22938d7dc27518174aad1008b379c5ab665e5403b480c9d07
SHA512 5ef5ac637df6ae9bbe37ee36d657b810cf28614f36c797e4a7b887006bb0c7ae416e84bca9236a606261bf42b2045419744d38e660acd4ba85926e330f15b42e

C:\Users\Admin\AppData\Roaming\Feather Launcher\Network\Network Persistent State

MD5 c7e3450897198bb6600fe0ebcb19cc3b
SHA1 a20e9d5babbd583803fb8fbc2a33294be8726151
SHA256 cd344eb6865d34b157961db21d646459b20c2a54c02734a05167d7d6a9a01d33
SHA512 c7871a4707987c96b5df87ad6ba161eee42cfa73292f964edfb56c10ccf3628c5369c8cfe1a0cc6a27e3c68296bcf6e1b04ffce7ce4051f2fd130024f7c1c030

C:\Users\Admin\AppData\Roaming\Feather Launcher\Network\Network Persistent State~RFe5f00a5.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 002b5847cee71c089328ca6cfe8e5377
SHA1 2f2296a9e9b54f5b53ec0243ee6ab273773245f8
SHA256 7dbe4734e4d43573d2519c63a59a34fd5064753c47cfbf74c3478fe506a4f89e
SHA512 57f7f8bca1eb9b23f0c7a9f786cc01e699492c519197e45352a11d75eff9beb998a238aa569ec87093cb661c928c2ef3083581e999f2e3ac430abd8a3a8e191c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 8dd134728bb0fa32cc865f934d9abd64
SHA1 e1843d3ae1059d3c7061e47d9c6956c72e79b891
SHA256 b12130e28259e5efe82aa3e1123031845369275c48d2a74cc8a5147524ac2949
SHA512 f882fdcbca5c75db81164c3b6bf8d02fae1eeac7205b82acc36f1968ae1b965936bb39faabe80684f6a0086187b844a5d16ebd48656cb51a216c6a311285b601

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0b5312ac28e770f500448c8eb14c055b
SHA1 c60cb61ddab1403e0e2a2ac689cfa66a1319b93a
SHA256 24951a8b1407c521b41f7f9d45b0561a537631a29d8043288189fa0fdabd9936
SHA512 2f457d9a91b318d5b03b62a0ae02d2b75241b9650025fb9e0895cf9d5475645cd1423fa8e5ca8e0537a069c5280d8a72d13392cb566b9599d70f0cee33fff735

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8f45a9af935399ff40d76bf086b218d9
SHA1 9af1c062be3da5927aa73dd73297b2c22ef9d43c
SHA256 6aaf0531613f19f714283226ea72665a38c7dd741524d145a798701d6b18f990
SHA512 18aae1e717affa777b04a1c1c846cc2c4faf069c61d4513ab030b34f94a9d2691c79297e54f3d958049b2d2f44445f92b0fae898a626b9451829beacbdd218f7

C:\Users\Admin\AppData\Roaming\Feather Launcher\Network\TransportSecurity

MD5 449663b534d6e9c038b3e91d8d83daab
SHA1 91d63d451bceec7ca0c60559cdd981c718f5f7a5
SHA256 6d683cd26359f578d61e22b66170dec2b033d3fe0c12797f648913b81c989d28
SHA512 60a3714a4d526c94fb95848836e68b0d20b8bbdb41fbd19732858515ac00264c50dcb66f6b6f6d157a996b6dcfc39d2ca02d94ea79749fad68b545ab9b7db3e0

C:\Users\Admin\AppData\Roaming\Feather Launcher\Network\Network Persistent State

MD5 9eaa60018cc1f49601cd4b5ed4ba2099
SHA1 f62f18396b3101fe4869f4ad8c805168eccf1d8f
SHA256 fb2f590d9c7d08d1c992392b957ecd254974223012328371d3357fae2c239bf5
SHA512 5c2f77699a4dbe25adb68796ba4753b54726277bfca3b93636978023095c18c2e1a5a18e22c7b490fa0ecf8d9e36191a426eda54651d8ad254dba9e67ec7aa70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ca874aa1-c8e7-4aaa-ad66-342063748953\c31431273c7b90b5_0

MD5 cf39eb736d1da5035f035f38f84585f0
SHA1 022ca781adc6cb8214c8b357bee009733baccdb5
SHA256 2b25170f26b228b017ef7d78f7a8b0b1f36fca92e6ce6a1942d95ede7b07b4eb
SHA512 a1153959adf03ec46c38cd12d7e406f0358b8a2f62449e68ca22945b8757013162bedea9e4b69e7a9864a38f6e90ba01655d97ce9058673b324ac148fc9e7d0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

MD5 6c014803bdf26dcf574689a822b8c59e
SHA1 37e4ae331aceb576b9ba5d4d1f965f4c08c31e48
SHA256 fd9553aa6dd036333771d334b131aed773faa84ebd0e491581dd53751041f876
SHA512 97977ab67c327a63a20be6800795bb351da0713240ef30e843d4004eb18a80ed3f88b00f5c14729da1e50a374c1e3960c004492096ae1a0fee555074854a81e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ca874aa1-c8e7-4aaa-ad66-342063748953\23c2bcaacc07d8d5_1

MD5 14fdffac497957f76b607509d79be383
SHA1 77fd74d44dd55e7677cf07c9d5f29ba560f7caca
SHA256 ed3b8a691d488292750bf6b1e338b63993c7c863e07c3f29d73a45926412e956
SHA512 4fbb1706d9bb63cb8814a93b6f0a046bf71b70dcb5ca3a48824b4fdaccbdf0c2d78a81f38dc80f8485a86345f52da807644917b039be16e149f6021e148b2943

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ca874aa1-c8e7-4aaa-ad66-342063748953\23c2bcaacc07d8d5_0

MD5 af730d95c1b7c98ea042565b0435d066
SHA1 02498511ec8a16a26c64095c474877d1d9e5ada3
SHA256 3a4680bab7ece2c16b7e2aac730cd175d92e8b91c5b586a0121d6c5ca86f1b8d
SHA512 fa370536834cc5d25cfd85c7bb14d824a64fa909ff41a790735cd4c935ad0f349feecfe0230ea54f7ee468210302618127bc1819e93a489b05a3ed7eed79376b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 49093b5d5416d3cf90f6f9ed04716802
SHA1 3891735423710acc7204c061b3ed2160edc12a4c
SHA256 9f81879873413ca0810e1a26fb0fabf847e21393706fe4e43ede8dc88a20b074
SHA512 b2b3311ebf381922c73b4f69e953280c0ff6ba55471e01f588377fdf4e8b82e09d37a102cbec4df12548c554e0a6b3b8e2fb6c224ccbff21ce7b3cf291d6edf1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 28c4b9d5b7dee93b448a1d5c467f075f
SHA1 ea872dbf37712a2dc01d29481fc9e7a578b6079b
SHA256 da9df256f19d770513af343130b40026bde9baa9c27e51361b72ac67c28afca0
SHA512 ff55c1024572b7e2e5d98467e20957a51dd5d08f1c89ef982b554a98aee93e62523ab251655b5f8fc25ea062027097af44f40df7ef3a77217253dc6f47a4c217

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 89ae41bb33fad63e3d4808322f6d0776
SHA1 70c782c99a6ac59a86163bf1cc0713e584c56d19
SHA256 0ea995a16c01c0fb9c465d10271e9c8533b7f4191a0a7ba4deb0d67c4038e8f5
SHA512 98d8e5c76250f02a17756b627d56a3e61bca0ffde933e0607c9fb775686464af40385d08d274472bedb704707f263352c601ab973943fda76a9e1f50b306b2e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 47f0c8d6fa44f68bd1d28cebadc09779
SHA1 818e19177208eba68ffeb029836298f71ec981cd
SHA256 0c1db589b1b64cef73cfd5eef6181a2dcfc025bc0522f16fd7b6e5606273991a
SHA512 e560ec127d76805bcdb820f2c777b1ecff60fea7b98d3d5838136cb7910aa969a98aa8688829e4a7641d9c220ab5ad7685951abd6060398c8f3b77a18abb26a9

C:\Users\Admin\AppData\Roaming\Feather Launcher\Network\Network Persistent State

MD5 1111f26531817040c5c3bcce2b210d8e
SHA1 2c7067ea7ac96b16c836f3c4f2bbafe9a8ed5896
SHA256 8e83f0c4166d08b1f9e922ef8028c3a2dc7d86388f4cfe76a99bc43957f39eb3
SHA512 cae2f1aefef10222bc4285156f404a94958a3da4dbf1ca200a75ef9341b50d162fcf9478815146488a51a987292e984930ad4d67f6a613b5ab78e6d2fe5c1f1f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4fc31585b5b0b80a9029cbfa09108ed5
SHA1 a523dca876f192c11a16a74acb50b875d9ddf1cb
SHA256 36a2d7ac2ac32d49b412472dfcf61b9dde090738a9991bb13c38f5aaeae87050
SHA512 ae5996bc36ccea2cabed2956faebd14d4caa1dedfe63d4af22aee2946125bc148c2f7706a7df1cfefa9d83fce7887f263a6048ad4b846834936c627f5d12ce19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 80e4f4c93c6ce18340fdc47ce90d2794
SHA1 ce0d4dc732f3d31be1fb4c3e3d0446fe1dffece8
SHA256 b783ca2961ad4dacb7d82d73a5b9d8c15a326e710e146093bb4a3f6b93f43537
SHA512 f0cb41a50cb58349b146236d74de3dd47cf67432d7e3d370a63b9bb502e3e746ec5898a07565f89b1f39a15c35e22f568e39442b944436b7b4c4b5d636265c0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000168

MD5 6983568534e8cd4d346a2638a0892bf2
SHA1 2df1d616ae8f4989dbe9427848e5974b195e0a5a
SHA256 02043e5d2b23f9582ee2645e55ac26e556496bf25f15d146eda049af1f8553b6
SHA512 11a02ae3e51eea6768f8274178feae2da5398e6c5f62a5d34146ca7edbdd484ff85e59a2e1c61a8c0e1a1eda8af8f9fe9d5470cd357c2b424719b41eb7effce1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 89c9d67e734a15e9fd86c0a4145da8aa
SHA1 1fc4ef5c1a4710a59aca0da88310773a3e45512b
SHA256 85a58c25786d22d293e5cc290c87e8b9d54b82ef62b5fffd767851c05f95a4b7
SHA512 9f199f4f3a613415ec09b8dbc84f2d07f034dcece7cb75e9fb69f22f384c3a753b8ea9445e5d0941eaf3dcb667b754e3ed85265ced40601f93a79d4138612615

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d19766b9cc03c307f5b41620bcbf1459
SHA1 91cefb3285d8a8cd443957dba85af10f2c12dbd9
SHA256 ac86e3c7f3c973aa7db50ff01ed28a4e8bb7b5cca66c4a4292c098eabc0d476b
SHA512 6db01a0feaf879d616f5648fcedf679362d8660eefcc3492a57384954a9fc89c7731f8bbca1b69614e629a70b45856861c2b235777303de56f6ee8e717859a30

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 da3854402f56c6df3944885431c4aed8
SHA1 0f29f088ebeac3d91485605d9290e46800af3158
SHA256 29fad9b9128dfe4d0a82dbe5c10fca9a4735783ebb7627fd7ea82b7f22e199ad
SHA512 5f63a21e46fb799d18f1e2b763a14d62d34b4835cac6bd59aeafad01bb5b1f1c63fdb0a65921daf9f5c120e07df29ffa85838884b6de151b10bd80b8d3ca3455

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f3258c697f6957a2515f56d963e2881a
SHA1 3422756cb1be6c60c63c950b8271241034e8e5d6
SHA256 87244d4f2c69d03222eae4a4486b66138a91bae220bf6e92e52441479875a14d
SHA512 81c5f9abce2f306dadd893bb5da2575c87baeb6a4dfd54bc9b5d11482cb61b17386e03b4e408c2ec9e085d48005b04593818ab8e207ddcf42be2f2d69b0d7988

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000147

MD5 4db5ed265b89eca18f703bcb8a39ef2e
SHA1 9fbeaf0375e32ef2eb6a52677ce39cdbf7618670
SHA256 5b31205b36dc55af6f85ed761eaef9c18e0712bfe59997ab291c9ef98090948c
SHA512 828e3f3986a33c882dbd467c298c4adc0b29bd56d717468c27b5ca06b68d7e92e4e6e65f19a4be991a5eb18908d29b53853d23cc2596d47f83ae7a0d7cca450a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000158

MD5 c4af52263ab18fec54aea9918acea1d3
SHA1 166dc27530074ff818ea293f041dae3ee563738d
SHA256 ca788ffc18fad2b1109bbfdc5986bf5d27bc087fe83e5b301b16098cf6b0dcb8
SHA512 ab6ccf1780d21513af20b702f3b37470ca0358e48bd70ce402e9a878aea476ac7a97caf1902a5bc0b98b5e66505b58792a4ff14dfc3f03bb4357db8a7cf48c54

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a892985fe2a20052a9748b2736bf9fa3
SHA1 88fb8a40c40cbb978756ab5217c40f39e0968f13
SHA256 53acd79524af2cdcbb2efef8be99ec6e789b9a14752ce492f7224fd5edc32fcc
SHA512 ab61fa23ef43193ac6b46c7dd91ad69be57591e558e21b67349080aad178269e131b836d520f3533dcee844111f5ab2c1c2b264dd1391da48d091258eef2b43f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5e567f8be59b760dc9a49bfe66d8ed47
SHA1 06a2db2225d38429929bb69aaa03dc01c168deaf
SHA256 04e2e3365de2dacdeb53a1dda24176c2b1797cbad5984110b117085fa15648f1
SHA512 8eb9b3de721686e6b17ceca23bf5736c75325f688451b6db14803979e29def98003c099558d5905c446d296fded395647f110321b3b01a9b1963b86c2cb24ec2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ee3579f1fe09e7bcec2e5ff704f67786
SHA1 a05e50a71ab9201c62e530a10c8e6200454dcacd
SHA256 cf6cea994ebac6f412df2a1d6d8c178901e76a3fc590707424dee5649d518e5b
SHA512 419379aac28d31bb68ec85f316d8a73a365be9df740b440f24151fee19af1b44db230930d38169114b20fc5537ccd8ed325c46b27197f5c4c0a64568e1f6093d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000164

MD5 01d5892e6e243b52998310c2925b9f3a
SHA1 58180151b6a6ee4af73583a214b68efb9e8844d4
SHA256 7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d
SHA512 de6ca9d539326c1d63a79e90a87d6a69676fc77a2955050b4c5299fab12b87af63c3d7f0789d10f4be214e5c58d6271106a82944d276d5ca361b6d01f7a9f319

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0001e8

MD5 a96ca75ab398b0e3ff07bf947cc72cd0
SHA1 50d67ed2da8f79b6e4a4431a0e881acbb5faef07
SHA256 762ed5358929d4facf87afec42b21d88dba6374c7f21e2b6c80eb31ffa186731
SHA512 51e17eb2a79692956b0cde9ba501b05b03f49d53cdd2f6cbde7d37874cdf379ec4a803442c68a01c14d1592e37de360baaed93a67a7b2334f481adade9bbdb76

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0001e9

MD5 ed7de27114ad06dd53ef89708ded646b
SHA1 f034401ad056ea6f1e96ca2014f6f36289c6a371
SHA256 037155352d2553f37e170e68bf022b18be7bffc5821077852d792e885f6552ca
SHA512 b769bdc91469bc8e28b37c192f5243b7bd4d3780557e69c1ac6101756d770ae139b3455fa31a26265d888b443cf84178123fb14ff5a2c09e6c56df31ba24ae2a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

MD5 f135c79b490938186451f815e178c5c4
SHA1 0377ca60a1149ef2e02923dbf1415f1827b788fe
SHA256 fbad4e8a2c4e45b06c5ec840e68ce1f896cbdc8db24eef04770a7db8ec9964aa
SHA512 d77466a2ed057616df41f6d684ca308a76dfeac02448753f59875d6a9a37f1a90ce8a602b3a84895f41686a73fcdb9a3e56a0c829689a68283452436b0a4885a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe62dbd4.TMP

MD5 dec2527883990ffbaa93b30dff7b0639
SHA1 71b491c8db08460d3753d659a996c9b1647c474c
SHA256 a62c7958700c38c2010e2c8a5c63ed6d47154b0f911eab2da28dd49dd49b8899
SHA512 7a189ad11e074aa8b33fe51de204b56b6521553d62a88928fe1801f705e80bfb0815c2f1049887a5ac2f1fab70cf05e7933495c0f37c1f5c661b46543320d756

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8c289e8c0b610577127663e8d2ae80e9
SHA1 392248b2593a524df59a658b2ef254c40be87f49
SHA256 05d415455259879bbf21380edef05a91b7818756caf062b0cb03e86a961e4599
SHA512 29d3cace6b52b7a906061587fb218b6613e3d56dde875cbe76d6d6022f55136dedc7bd433ed471313370ba471e301f7525a7723f1cfe3faec0f041ffdae68f24

C:\Users\Admin\AppData\Roaming\Feather Launcher\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 13ac2f582d3a3add470af6411cdbba7a
SHA1 b285d37808f03635e80c839d75b192fd37d16258
SHA256 a6a4bb2879e2a3dde3fc8836c8915ba6c8724cbb8527d7f8e287b6ee156698e4
SHA512 e7699ab8c37bf55c9360cff422c4a416feabf83929dce64d88d393cbff8779b6eba44d510e68e75e75fcc2464bee3c214e1f04090fe75836cce42ca9b0fdf74f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 351360c3eb510a79f009bb98bee79d8d
SHA1 c9fb97302f72bdadbe5b5b830f2a47b1234c1d7a
SHA256 95ea975928049f1c8b9ddc051cbff93dbafb208bccc78de2d567e818338c10b4
SHA512 c29a0539d7b6ef1f22e0a587f80a3ce875fc2044ebf74df2e097951451c2731ae5d7a2e360fb6751e7360399979be3b1d806673fb7da2ec90ab2afc8d18d0521

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c1f4eaa7b0ccbd8ef7952490d62d88c3
SHA1 7e4cf7fb1d2b82ea76229992b06580a2b679a071
SHA256 4e719a460c8f7688324d30291551ee0743cbb8be49e123187d58f956e29f4439
SHA512 219be035df0485a7f85ab99d167168e9004f0f28919f940a7c855864c576f38e8f988084317ebbce4bad1fba9cf9532f9f3549fc176ce1c15b536b33e1c6acab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0056319488e0fbb63305763852820347
SHA1 17f8b482aee8e06ec594f2ec8c6dcfedde885f6a
SHA256 33876f913d633590fae5a4f2baf38851e6535abc3a724de46c53d9c39c467d65
SHA512 e425b171182a1454c7375857290cf388f7b3b3b3cdb68faad6f18fc22b523737ffa8ed921bd70b13bfb42c7cb2fff6f9052281b96e396113ec279ff314d332d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a81c6b34418dcedf8c4bb5c56ae23c54
SHA1 c988d942611f81d51e5123b16c4f4b9e19c5d7dc
SHA256 b250c4cba08cf4d50c7d6137080db7d2e060d5e0b30d5d3a0019df5d02f79767
SHA512 703339452517d65b15b1cc7f3b7f4475cfbe36c6ba49faf5bbd691a0a546d9a3ad7605096c441076bf210960563d78fd7c2b7db9318470880070abf9c0e393dd

C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe

MD5 a37cac76cc02bf62462a514281e29047
SHA1 5b430683926059ef58df924fd87638abb2d82eab
SHA256 af4f0da458195e016f0a5e395df89c36f005bf24ca1ddd68a35373ba8ff66734
SHA512 c94ffc5ba4a4abddb437f46115f1eb83e3b6a51224860e337f4286edd0e8442676f3b999a28234c34f61f983cbbc2363fb953306dfe1ef98d710752e0e29ef51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 df2f351166813b8f59f060a11491e218
SHA1 4aeffb2dc0be42821d74891969f1f07c6c18352c
SHA256 59ffa56ba9a3da9417401005f32ec80880ec7fcd66e6aad85aff8f96b3b46ee6
SHA512 5735737fa33d8ba4bd40a3384770ee301d545ffb7b34d84b3125d94f032a09c44593421360e03e6fae50ea3749f58942e20dd188b4845b802bca59da848661fb

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKFP9JBL\BatchIncrement[1].json

MD5 bedbf7d7d69748886e9b48f45c75fbbe
SHA1 aa0789d89bfbd44ca1bffe83851af95b6afb012c
SHA256 b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61
SHA512 7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bc49c32802efe4045ecaeeda8bd18929
SHA1 3b4e00184a3cb955ee0e0aa236040fccec8ea87e
SHA256 cf53639a322f6bfe0c86ff79228ec30606b74800d8bc22a626363ebdbf0fbeb5
SHA512 03751395473b3c638a897a9bc3e559753d6e4d673c170386e6e148521886637509277ac20e3caa46425f2931317298aa84393b4adee0318baba6c2072262546b

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

MD5 4dc57ab56e37cd05e81f0d8aaafc5179
SHA1 494a90728d7680f979b0ad87f09b5b58f16d1cd5
SHA256 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718
SHA512 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

MD5 0924122cee858cb755590b92c2ea0caa
SHA1 988346bae9305900099848a9794596611716e185
SHA256 5d32283e240c80da06a10b5f35b62e67db2d72e5c1f55993ef36c08251a257b4
SHA512 3e31b909484970ea28bab95f05b0e3ee6127e795f0e478c232570670661f16d01ddfcd312e6df2a80935bf9b84ea2f688196222e5419494c3ed0794338beda84

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\114.0.1823.43\MicrosoftEdge_X64_114.0.1823.43.exe

MD5 98d0fcbbe8c9e1a5bb9d0a7a8ee8294f
SHA1 c53ae3208919e43a4bf3e7bedefeb8a915d177ca
SHA256 fb6af04add2dc7627135325efa7eaa2b4d83c78d4fe0eaf0e0a67d45f7e81387
SHA512 3d20bf8ee7d3300689f422820ea9dc6c3db89cf633691f8781c229bd8aa034cf9cc3afc4c6dfa40d382c785667116f84b35ae7e22dffc24fb0d9e00b655e4def

C:\Program Files (x86)\Microsoft\EdgeCore\114.0.1823.43\Installer\setup.exe

MD5 f50898b32e6015acc79c2d51e0d71c2d
SHA1 f2ba0aded11419cfeb194cf3d4563ff824748b15
SHA256 d78c5bc9972b06ce256c5ecf9f63be48baae41d5b65250733b56dc4ddedf7cb1
SHA512 dc28bd07283e265e94e67b016b543b02c677ab54faa80c279013f262d398c58c6c54c403b44879ea6dee750287b1b9652c7586b8c421efed0097292f3be6d056

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

MD5 0128d1dcb4d7ddfb65a6cb1197fa9375
SHA1 afe62b9971aa5962a68e17ea07c81878f9d58cbb
SHA256 4a6b38138904e107198d69a3bdba108487675804c069b7b34f85e670ce6c691a
SHA512 0267684939c3d9bc8fd60a440bf39dc94162bbbf2f0db298ccf4a7396a251b6550ab2d4afd4f3215f3a158d050eb850a65c089896268aa2acb20c4b151356ba5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe65cca2.TMP

MD5 a44cb43a7719cc3eb33f7509124c81bd
SHA1 8a0980929e3bcc2cede9d4de140807690554f851
SHA256 bca5587ec797c5deb47f8c4ed8d6e8c49be66f3f0c1be95e5ba95bd985d429d9
SHA512 13cf350c1617107338fa8c7cb4eed2cb3b07b8d1d6e518ca646d7c001542d9c5ad68b79ba0de7db18e61415df76b0c0940a72db2e5bd6ff4ecf4043582f3b340

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0de931dd285b2f75b7e5cafef3befd55
SHA1 e109d44f7d384ba5851224e01aba495d7e8c8e34
SHA256 823b1d50a262c587e463fee222daf2e32ddd8be75c157f496ce9024d07c5fd11
SHA512 0e0798b119ed9e8fd319dbac45a8a7c2f7d44475fe5de74e8a1713eedc3cc37490098cb84d94d34f59fa2e2290f4c7d44ddec49487703377467cee5efdaaec25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 f89c8450c6df8aa7f356b71b5e455004
SHA1 d92efa979f4539e8a7020a16023f1bdf5d3f6fd3
SHA256 534282908e5a4e66dd43ad7978f57d201ad1001304ab7bd5480975d38bba0097
SHA512 f11d34ec1a76adb7ad4cbcb20e4cee1d3f658362bafe04c497964f6ded05c701db5f0509951726405ee492451e7c8922ff2a80afa66171f3553c1583d89c0f01

C:\Users\Admin\Videos\Captures\desktop.ini

MD5 b0d27eaec71f1cd73b015f5ceeb15f9d
SHA1 62264f8b5c2f5034a1e4143df6e8c787165fbc2f
SHA256 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2
SHA512 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c