Analysis Overview
SHA256
6569fcc8ecc5e6dbc85dd0ebca9d248454446a7f6ff806c34c598303fc989060
Threat Level: Known bad
The file expressvpn_windows_12.38.0.60_release.exe was found to be: Known bad.
Malicious Activity Summary
RevengeRAT
RevengeRat Executable
Blocklisted process makes network request
Drops file in Drivers directory
Downloads MZ/PE file
Sets file execution options in registry
Reads user/profile data of web browsers
Drops desktop.ini file(s)
Checks whether UAC is enabled
Adds Run key to start application
Enumerates connected drives
Checks computer location settings
Suspicious use of NtCreateThreadExHideFromDebugger
Drops file in System32 directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
Loads dropped DLL
Checks system information in the registry
Checks installed software on the system
Registers COM server for autorun
Executes dropped EXE
Drops file in Windows directory
Enumerates physical storage devices
Program crash
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Suspicious behavior: LoadsDriver
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Enumerates system info in registry
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-06-15 12:50
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-06-15 12:49
Reported
2023-06-15 13:09
Platform
win10v2004-20230220-en
Max time kernel
1052s
Max time network
1057s
Command Line
Signatures
RevengeRAT
RevengeRat Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\drivers\SETB60C.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\drivers\SETB60C.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\expressvpn-tun.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\SETC3C8.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\drivers\SETC3C8.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\tapexpressvpn.sys | C:\Windows\system32\DrvInst.exe | N/A |
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EUC593.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EUC593.tmp\MicrosoftEdgeUpdate.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.be\ExpressVPN_12.38.0.60.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ExpressVPNNotificationService = "\"C:\\Program Files (x86)\\ExpressVPN\\expressvpn-ui\\ExpressVPNNotificationServiceStarter.exe\"" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d} = "\"C:\\ProgramData\\Package Cache\\{ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d}\\VC_redist.x64.exe\" /burn.runonce" | C:\Windows\Temp\{7BCBD610-83F9-4224-A570-BD5524A1001E}\.be\VC_redist.x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C0E992C-238C-46B5-BA57-73D87F17DB65}\EDGEMITMP_CCA90.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{8e563438-c5e3-4ece-98b6-53dcb8e954c2} = "\"C:\\ProgramData\\Package Cache\\{8e563438-c5e3-4ece-98b6-53dcb8e954c2}\\ExpressVPN_12.38.0.60.exe\" /burn.runonce" | C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.be\ExpressVPN_12.38.0.60.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\vcredist_x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6} = "\"C:\\ProgramData\\Package Cache\\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\\vcredist_x64.exe\" /burn.runonce" | C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\vcredist_x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce | C:\Windows\Temp\{7BCBD610-83F9-4224-A570-BD5524A1001E}\.be\VC_redist.x64.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerLauncher.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Videos\Captures\desktop.ini | C:\Windows\system32\svchost.exe | N/A |
Enumerates connected drives
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation | C:\Windows\Temp\{3F2F9BF6-7239-4224-BBE0-9DA42F7940D2}\.cr\windowsdesktop-runtime-6.0.5-win-x64.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation | C:\Windows\Temp\{1E766296-47EB-4DC7-A810-AD9092F6E0F3}\.cr\VC_redist.x64.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\MinecraftInstaller.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation | C:\Program Files\Feather Launcher\Feather Launcher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation | C:\Program Files\Feather Launcher\Feather Launcher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Temp\EUC593.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerLauncher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation | C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation | C:\Program Files\Feather Launcher\Feather Launcher.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{bc5ff136-34b3-3d4d-ba91-52bfacd2a1ca}\SETB32E.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\gameconfighelper.dll | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{225121c3-8708-ec47-8d38-5b025bfa099e}\SET909A.tmp | C:\Windows\system32\reg.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_7d40425feb31ec57\gameflt.sys | C:\Windows\system32\reg.exe | N/A |
| File created | C:\Windows\system32\concrt140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\gamingservicesproxy.dll | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\reg.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{8c550c1f-a539-ab4e-a20a-01674f20ffde}\oemvista.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{b1a0db9d-69f9-9444-8c6b-186ee7cd918f}\SET8C56.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140deu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140ita.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140jpn.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140kor.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140cht.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{8c550c1f-a539-ab4e-a20a-01674f20ffde}\SETC1D6.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\msvcp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140ita.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfc140rus.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\gamingtcuihelpers.dll | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\expressvpn-tun.inf_amd64_037ca5e9d7c24541\expressvpn-tun.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{bc5ff136-34b3-3d4d-ba91-52bfacd2a1ca} | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_7d40425feb31ec57 | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\vcruntime140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{7cf22a8a-0691-7844-8f92-1951d7585c05} | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_7d40425feb31ec57\gameflt.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_7d40425feb31ec57\gameflt.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{b1a0db9d-69f9-9444-8c6b-186ee7cd918f}\xvdd.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140chs.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\mfcm140u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\gameplatformservices.dll | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\xvdd.inf_amd64_45f35b192221e9ae\xvdd.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{b1a0db9d-69f9-9444-8c6b-186ee7cd918f} | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\msvcp140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{bc5ff136-34b3-3d4d-ba91-52bfacd2a1ca}\SETB35F.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\gamelaunchhelper.dll | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{7cf22a8a-0691-7844-8f92-1951d7585c05}\SETCA53.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{7cf22a8a-0691-7844-8f92-1951d7585c05}\SETCA64.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{8c550c1f-a539-ab4e-a20a-01674f20ffde}\tapexpressvpn.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\system32\gamingservicesproxy.dll | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{225121c3-8708-ec47-8d38-5b025bfa099e}\gameflt.sys | C:\Windows\system32\reg.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140enu.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{bc5ff136-34b3-3d4d-ba91-52bfacd2a1ca}\SETB32E.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_a2734a096bf19b1e\tapexpressvpn.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\xgameruntime.dll | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{225121c3-8708-ec47-8d38-5b025bfa099e}\gameflt.inf | C:\Windows\system32\reg.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_7d40425feb31ec57\gameflt.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{225121c3-8708-ec47-8d38-5b025bfa099e}\SET909C.tmp | C:\Windows\system32\reg.exe | N/A |
| File created | C:\Windows\system32\msvcp140_atomic_wait.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{8c550c1f-a539-ab4e-a20a-01674f20ffde}\SETC1D5.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\GameInputRedist.dll | C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{b1a0db9d-69f9-9444-8c6b-186ee7cd918f}\xvdd.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\vcamp140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\system32\msvcp140_1.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{b1a0db9d-69f9-9444-8c6b-186ee7cd918f}\SET8C56.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\vccorlib140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\system32\mfc140fra.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_7d40425feb31ec57 | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\expressvpn-tun.inf_amd64_037ca5e9d7c24541\expressvpn-tun.cat | C:\Windows\system32\DrvInst.exe | N/A |
Suspicious use of NtCreateThreadExHideFromDebugger
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks installed software on the system
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EUC593.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EUC593.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\R15Migrator\Icon_Reverted.png | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\StudioSharedUI\statusWarning.png | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\114.0.1823.43\Locales\lb.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C0E992C-238C-46B5-BA57-73D87F17DB65}\EDGEMITMP_CCA90.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\114.0.1823.43\Locales\sr-Latn-RS.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C0E992C-238C-46B5-BA57-73D87F17DB65}\EDGEMITMP_CCA90.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\Controls\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeCore\114.0.1823.43\Trust Protection Lists\Mu\Entities | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C0E992C-238C-46B5-BA57-73D87F17DB65}\EDGEMITMP_CCA90.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\ExpressVPN\expressvpn-ui\System.Buffers.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\avatar\scripts\humanoidWalkFamilyWithDiagonals.rbxm | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\LayeredClothingEditor\WorkspaceIcons\Center Camera to Mannequin.png | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\TopRoundedRect8px.png | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft GameInput\x64\gameinputredist.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\common\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\PlayerList\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\InspectMenu\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\LegacyRbxGui\popup_warnTriangle.png | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\PlatformContent\pc\textures\sky\indoor512_bk.tex | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\VoiceChat\SpeakerNew\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\ExtraContent\textures\ui\LuaApp\icons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\ExtraContent\textures\ui\LuaApp\icons\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.5\fr\PresentationUI.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\AvatarImporter\icon_error.png | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\Controls\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\VoiceChat\MicDark\Unmuted60.png | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\Lobby\Buttons\nine_slice_button.png | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\sky\clouds-bc4.dds | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\AvatarEditorImages\Sliders\body-type-slider-background.png | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\DeveloperFramework\button_arrow_down.png | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\StudioToolbox\AssetConfig\marketplace.png | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.5\PresentationFramework.Classic.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\ExpressVPN\splittunnel\install\expressvpndriverinstaller.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\ExtraContent\textures\ui\LuaChat\9-slice\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files\Feather Launcher\libEGL.dll | C:\Users\Admin\Downloads\Feather Launcher Setup 1.5.5.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\AnimationEditor\rigbuilder_blue.png | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\Controls\return.png | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EUC593.tmp\msedgeupdateres_sr-Latn-RS.dll | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\114.0.1823.43\identity_proxy\beta.identity_helper.exe.manifest | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C0E992C-238C-46B5-BA57-73D87F17DB65}\EDGEMITMP_CCA90.tmp\setup.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.5\ja\UIAutomationClient.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\UnlockCursor.png | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\Slider-BKG-Right-Cap.png | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\ExtraContent\textures\ui\LuaApp\dropdown\gr-tip-up.png | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\fonts\families\Montserrat.json | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\AnimationEditor\Checkmark.png | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\StudioToolbox\AudioMusic.png | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\ExtraContent\textures\ui\InGameMenu\game_tiles_background.png | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\cs.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.5.5.exe | N/A |
| File created | C:\Program Files\Feather Launcher\locales\zh-TW.pak | C:\Users\Admin\Downloads\Feather Launcher Setup 1.5.5.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\avatar\scripts\humanoidAnimateR15MoodsGrounding.rbxm | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\fonts\ComicNeue-Angular-Bold.ttf | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.43\Locales\sq.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C0E992C-238C-46B5-BA57-73D87F17DB65}\EDGEMITMP_CCA90.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\ExpressVPN\expressvpn-ui\Assets\en-US\150x150Logo.scale-100.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.deps.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\StudioToolbox\ScrollBarBottom.png | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\Emotes\TenFoot\[email protected] | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_3x_4.png | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.43\Locales\lv.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C0E992C-238C-46B5-BA57-73D87F17DB65}\EDGEMITMP_CCA90.tmp\setup.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.5\System.IO.Compression.FileSystem.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\TagEditor\VisibilityOffLightTheme.png | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\TerrainTools\radio_button_bullet_dark.png | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\ui\Slider-Fill-Center.png | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeCore\114.0.1823.43\Locales\qu.pak | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C0E992C-238C-46B5-BA57-73D87F17DB65}\EDGEMITMP_CCA90.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\content\textures\AnimationEditor\button_hierarchy_opened.png | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSI6D63.tmp-\System.Security.AccessControl.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3D72.tmp-\Grpc.Core.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3D72.tmp-\Microsoft.Extensions.Options.ConfigurationExtensions.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\Installer\{E5B9C3E5-889C-4F22-A959-F4B8982D786D}\app_icon.ico | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4A26.tmp-\System.Threading.Tasks.Extensions.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3D72.tmp-\Google.Protobuf.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI45C0.tmp-\LaunchDarkly.JsonStream.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7544.tmp-\Sentry.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6D63.tmp-\ExpressVpn.Client.Setup.CustomActions.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7544.tmp-\Microsoft.Extensions.Logging.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI17D5.tmp-\System.Security.AccessControl.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3D72.tmp-\Microsoft.Extensions.Primitives.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4A26.tmp-\System.IO.FileSystem.AccessControl.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4C98.tmp-\LaunchDarkly.EventSource.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI513C.tmp-\ExpressVpn.Client.Setup.Shared.dll | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6A36.tmp-\System.Buffers.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6D63.tmp-\Microsoft.Extensions.FileProviders.Physical.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7544.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI513C.tmp-\System.Security.Principal.Windows.dll | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6A36.tmp-\MissingLinq.Linq2Management.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI17D5.tmp-\LaunchDarkly.InternalSdk.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4C98.tmp-\WixSharp.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\inf\oem6.pnf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI513C.tmp-\Microsoft.Extensions.Logging.Abstractions.dll | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI56BC.tmp-\System.Security.Principal.Windows.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6A36.tmp-\ExpressVpn.Client.Setup.CustomActions.pdb | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6A36.tmp-\Microsoft.Extensions.FileProviders.Abstractions.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6D63.tmp-\ExpressVpn.Common.Logging.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3D72.tmp-\ExpressVpn.Client.Setup.Shared.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3D72.tmp-\ExpressVpn.Common.Logging.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI45C0.tmp-\System.Reactive.Interfaces.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI513C.tmp-\log4net.dll | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6D63.tmp-\System.Text.Encodings.Web.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3D72.tmp-\BootstrapperCore.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5F48.tmp-\Microsoft.Extensions.Configuration.Abstractions.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5F48.tmp-\System.Collections.Immutable.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6A36.tmp-\LaunchDarkly.InternalSdk.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7544.tmp-\System.Threading.Tasks.Extensions.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4A26.tmp-\LaunchDarkly.JsonStream.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4C98.tmp-\Microsoft.Extensions.FileSystemGlobbing.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4C98.tmp-\System.Memory.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI56BC.tmp-\LaunchDarkly.ClientSdk.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4A26.tmp-\MissingLinq.Linq2Management.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File created | C:\Windows\Installer\e57a075.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI45C0.tmp-\LaunchDarkly.CommonSdk.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI45C0.tmp-\Microsoft.Extensions.Logging.Configuration.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4A26.tmp-\Google.Protobuf.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI17D5.tmp-\WixSharp.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3D72.tmp-\System.ValueTuple.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6D63.tmp-\Microsoft.Bcl.AsyncInterfaces.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7544.tmp-\Microsoft.Extensions.Configuration.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI17D5.tmp-\System.IO.FileSystem.AccessControl.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6A36.tmp-\ExpressVPN.Common.Shared.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4C98.tmp-\Microsoft.Extensions.Configuration.Binder.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3D72.tmp-\System.Reactive.Linq.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAF9A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI17D5.tmp-\System.Security.Principal.Windows.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5F48.tmp-\Microsoft.Extensions.Configuration.Json.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI45C0.tmp-\System.Runtime.CompilerServices.Unsafe.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI56BC.tmp-\Microsoft.Extensions.Logging.Configuration.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6D63.tmp-\CustomAction.config | C:\Windows\SysWOW64\rundll32.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4C98.tmp-\Microsoft.Extensions.DependencyInjection.Abstractions.dll | C:\Windows\SysWOW64\rundll32.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{4eb799a7-3ca3-4f32-b247-62b1a8899a9f}\LocalServer32 | C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FBA5170-10C4-4185-89E3-2D8389223563}\InProcServer32\ = "C:\\Program Files\\WindowsApps\\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\\InstallServicePlugin.dll" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{25209EC2-1BAD-45AB-AC18-42396DF52294}\InProcServer32\ThreadingModel = "Both" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{25209EC2-1BAD-45AB-AC18-42396DF52294}\InProcServer32 | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{25209EC2-1BAD-45AB-AC18-42396DF52294}\InProcServer32\ThreadingModel = "Both" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{25209EC2-1BAD-45AB-AC18-42396DF52294}\InProcServer32 | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FBA5170-10C4-4185-89E3-2D8389223563}\InProcServer32\ = "C:\\Program Files\\WindowsApps\\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\\InstallServicePlugin.dll" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FBA5170-10C4-4185-89E3-2D8389223563}\InProcServer32\ThreadingModel = "Both" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{4eb799a7-3ca3-4f32-b247-62b1a8899a9f}\LocalServer32\ = "\"C:\\Program Files (x86)\\ExpressVPN\\expressvpn-ui\\ExpressVPNNotificationService.exe\" -ToastActivated" | C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{25209EC2-1BAD-45AB-AC18-42396DF52294}\InProcServer32\ = "C:\\Windows\\system32\\GamingServicesProxy.dll" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FBA5170-10C4-4185-89E3-2D8389223563}\InProcServer32 | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FBA5170-10C4-4185-89E3-2D8389223563}\InProcServer32\ThreadingModel = "Both" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{25209EC2-1BAD-45AB-AC18-42396DF52294}\InProcServer32\ = "C:\\Windows\\system32\\GamingServicesProxy.dll" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FBA5170-10C4-4185-89E3-2D8389223563}\InProcServer32 | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
| N/A | N/A | C:\Windows\system32\WerFault.exe | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Program Files (x86)\ExpressVPN\wintun\tapinstall\tapinstall.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Program Files (x86)\ExpressVPN\wintun\tapinstall\tapinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Program Files (x86)\ExpressVPN\wintun\tapinstall\tapinstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Program Files (x86)\ExpressVPN\wintun\tapinstall\tapinstall.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Program Files (x86)\ExpressVPN\wintun\tapinstall\tapinstall.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 | C:\Program Files (x86)\ExpressVPN\wintun\tapinstall\tapinstall.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000027c70fafd0cbe6b20000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000027c70faf0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3f000000ffffffff00000000070001000068090027c70faf000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000027c70faf00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000027c70faf00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Filters | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxPlayerBeta.exe = "11000" | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerLauncher.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerLauncher.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0" | C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\20 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\24\52C64B7E\@%SystemRoot%\system32\NgcRecovery.dll,-100 = "Windows Hello Recovery Key Encryption" | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\24 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{BAEE68FB-2B54-4DE3-BECC-4FF62E89ABAF}\DeviceTicket = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3dbb16e8f2aa6449fe67bb4f410b51a00000000020000000000106600000001000020000000a8527d26ffeb666c87b5d3925cad20299ccb9d8a004092b373ad957538865207000000000e80000000020000200000006a32c69ccbb7d99a47936e72a60d3f78e9a95deaf5f31e9b5d7505e048ae6713b0030000d6c292e98ca39e448f00c23c08bf0740a028de165d5ad668f50263432ef1e8e3d7ac5860b6acb41eda63f633e95eedcc4d15873e39ee1208a1db46524c6772a55331a88d9b23875f5889bb330737c5c1e21c3cdb58ffe7bac0b8cfdc6907efafb5b58c5b87306e5623b3a150eeff12dadb270574bd097cd3947e64f4ae20d1134aada972f21839f54b622a4e43c54324033d3155d525f7f87ff6ae9e06105cf897f85fa767f8f977f9eca120d8c2e4bf61dc2f626c4e281c47d611c6fdf43f14991fc5764571aec613ac6f9dc91597fe5e747524ac203900b924dee6f96558569827bd008e4704e1538a11dacb53c6702725acef038ba4e54bf3aa8769841348041794f55819c835bfdd948f314b96e5841d7e91edbb37788d83558b8fcdd3d5518cac249187bebcde5c66f895912660951d30b6521bfcf388333570b28ddbc22e7a18205b18f5d95d68ddc6d5fd7c5ebc94b4797fa0c9602bec912647d9f20218e37fc3f7674b6a47992c9c8d667e19acb230c69161a572d2ab29cb9904a68bc85233969885acf27bb10536f220b82cfeddeeade5411e5bd01027f7c9c0c5bca1eae59b4825e63df3925724d8ab5cac8941610ec92888982f82c7e08fc4507a0ed032ac3b45146b322a45a8ead5c0063959c02e4a372b9dd9c829a97d10f9cfd93743fb29bc90148f0b8c14d81d5c0e2b7e2acfebef83cf51774254456766093452bd0d381d471b26c6a3299485c1a00ad3be27d14418fc5d596141c0f68fb71909bcd14f66552453096bcaf9ec3339a8458d1f3f3c0e3869b336e49533aaa0dfb868de56acf984247c6c4a76184c46b3820e5198bd489f9ea4f81aa3a75535d9cd5b43b023fb0933d27c7124deabeffc2f26eaeccb13b6e68f75fc4302cd2d099ecdc515e5716b5f4ea445b51cdf32d80e17bf516ed707a2b3efb8bf2ad7e029251ad5e6449d6e6bdfa82fce1c6da8b9811ed15f41c70d9cf7fd081b53c58ed62bf5d8528d8680b2a7225520134055f4d57455cf6544cb6a17639c629dbe562b1e4915f8ae7c2fb961beac4c91043cdef04497398f66fe69c6bb08f1bef14bc2fa9bdb655db0b065648f6dce4050817b322b4d73c422867039b1ecfe5cc7476a6f0ce2562f60537ec7922014e230e65752a800d6874f473c1c9de7bdb72a4270b2bc9a88796e7265bcf42555ea1ed3c55a6835970c85674c5c93c71b33b9c4ac3fff3ecd04c560c0847d3e712494807e7f9277a6ce9684ce9ee4ed7dcd045a835b1cbce518693a1c90a4cbfa27451701aa4592bbf87068d819b6834874bf3b882d0cf30418e23507753e667d5380f34000000011369956e75887ef75bee5f01027f3475f3e5f9d87268423d91052cd693829367affe53d20228e62b0d53155230a1ea63f717f2755b2284bc0766002b5a2657e | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{BAEE68FB-2B54-4DE3-BECC-4FF62E89ABAF}\ApplicationFlags = "1" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\reg.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_runtime_48.23.40665_x64 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BC9DC3BC-6685-4005-B961-A6B53B75A12D}\ProxyStubClsid32 | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3FA6B2F1062C666895053EEFBD8C156D\SourceList\LastUsedSource = "n;1;C:\\Program Files\\WindowsApps\\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{339A4992-B8C2-40CF-B0C5-4F810A07DBB1}\ = "IEnumGamePlatformStorageContent" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\23B875EDA4807E94E855F6853A57870C\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{DE578B32-084A-49E7-8E55-6F58A37578C0}v48.23.40699\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F2ED644-9CFD-4F10-B063-15595024151D}\ = "IGameCorePackageService_V1" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4D2BF08-1409-4918-9D84-32EE00E9178C} | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E97EABA8-9BCD-4930-992E-2ADC66176817}\LocalService = "GamingServices" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7B3738C-9BCA-4B14-90B7-89D0F3A3E497}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{b2d57aa0-8729-5ab5-9e6b-95059b8d8a94}\ProxyStubClsid32\ = "{25209EC2-1BAD-45AB-AC18-42396DF52294}" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4D2BF08-1409-4918-9D84-32EE00E9178C}\SynchronousInterface\ = "{115E6AF7-8620-4B0E-A9B1-4CA958B8A24D}" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{671D365D-D1F9-4B8A-BA89-832EB0CFF5F5} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ = "ICredentialDialog" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{0f711ee3-eb88-456d-acb4-c2ee31add211}\Dependents\{0f711ee3-eb88-456d-acb4-c2ee31add211} | C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\14DCC6E369B6DB74E8E17D5B39EC9E67\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{81a071a8-08cb-59f3-ade7-8ce0499458f4}\ProxyStubClsid32 | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ProgID\ = "MicrosoftEdgeUpdate.PolicyStatusSvc.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods\ = "24" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AE51CF4F-D657-41C0-AC3B-7218A32CA524}\ProxyStubClsid32\ = "{25209EC2-1BAD-45AB-AC18-42396DF52294}" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CC042A88-E160-44CD-B089-8C9E6F0AB42D}\ = "IEnumGamePlatformPackageDependencies" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc.1.0\ = "Microsoft Edge Update Update3Web" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{8e563438-c5e3-4ece-98b6-53dcb8e954c2}\Dependents\{8e563438-c5e3-4ece-98b6-53dcb8e954c2} | C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.be\ExpressVPN_12.38.0.60.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B0892A21B74EB194295FB07C3048E14D\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3E8C9ABE-9226-4609-BF5B-60288A391DEE}\ = "InstallServiceProgressHandler" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4C1344D-55A0-453A-957E-83727B36CAC9}\ProxyStubClsid32\ = "{25209EC2-1BAD-45AB-AC18-42396DF52294}" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\VersionIndependentProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{82B0290F-C7F3-466C-BF99-49FD29CA5C92}\ProxyStubClsid32\ = "{25209EC2-1BAD-45AB-AC18-42396DF52294}" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D4DAB5B8-A025-4A72-84AC-7FE45C6E5456}\SynchronousInterface\ = "{CB48C4B7-2ADA-438F-A9CA-E6ACC3838C4B}" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{c4ffeb73-c9fc-44f1-930b-ad0254e8270f}\ = "IUserPropertiesChangedArgs" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F688F2BD-1AD7-49EB-A902-7F890E0138E4}\ProxyStubClsid32\ = "{25209EC2-1BAD-45AB-AC18-42396DF52294}" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{95DCB150-58FD-48A8-98D0-84324818BA51}\ = "IEnumGameCorePackageRegions_V1" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0415A237-4CC5-48ED-BE61-B04899D7D237}\ = "IEnumGamePlatformPackageRegions" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{41EFFFA0-7356-4247-A84D-E54DEBC5DCEF} | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C8B9BA5-D030-44F8-819E-EA04BE3CC9C8}\ = "IGamePlatformGameSaveService" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C0947C0-A113-47D8-ACC2-1F3FB425EA88}\ = "IEnumGamePlatformPackageExecutables" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{04A4A9D1-8881-4E18-96CF-184E58A2323C}\ = "IGamePlatformTestService" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\14DCC6E369B6DB74E8E17D5B39EC9E67\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4FF525D5-AC7F-4D25-8CEC-23686C02A7C9}\ = "ApplicationLicenseManager" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19da4497-1d4b-4b84-8aba-aabdb5b03841}\ProxyStubClsid32 | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ac69f006-0efe-5a09-bd55-1c640aff54c1}\ = "Windows.Foundation.IAsyncOperation`1<GameCore.Users.GetUserTokenAndSignatureResult>" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\LOCALSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5E3C9B5EC98822F49A954F8B89D287D6\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FACCFDC4-ED66-4EFF-8F00-AA1374E4499D}\AppId = "{2964DB41-BAE4-4996-A0A0-D036BFFDC267}" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5d3910a4-74e0-4cf1-bfad-50b1c6522cfa}\ProxyStubClsid32 | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1AFDDE03-A524-4FC6-A566-2BC802898DFF}\ProxyStubClsid32\ = "{25209EC2-1BAD-45AB-AC18-42396DF52294}" | C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 | C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\expressvpn_windows_12.38.0.60_release.exe
"C:\Users\Admin\AppData\Local\Temp\expressvpn_windows_12.38.0.60_release.exe"
C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe
"C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\expressvpn_windows_12.38.0.60_release.exe" -burn.filehandle.attached=684 -burn.filehandle.self=536
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.be\ExpressVPN_12.38.0.60.exe
"C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.be\ExpressVPN_12.38.0.60.exe" -q -burn.elevated BurnPipe.{3779C1D0-E97F-4266-BBD1-ACE21AEDFFB0} {504F2B8E-8F15-4292-ADA9-56309CC697D7} 2432
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcad149758,0x7ffcad149768,0x7ffcad149778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3316 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4396 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4596 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4760 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4724 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4616 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5200 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5136 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5584 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\ProgramData\Package Cache\B5B1819CCA753B070181F50411375B80412860A3\windowsdesktop-runtime-6.0.5-win-x64.exe
"C:\ProgramData\Package Cache\B5B1819CCA753B070181F50411375B80412860A3\windowsdesktop-runtime-6.0.5-win-x64.exe" /install /quiet /norestart -burn.filehandle.self=1584 -burn.embedded BurnPipe.{5786FD4A-3C3E-435F-842B-E1368431C3B2} {817D71EA-A3C8-4854-B520-C8A1A1690496} 4664
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5372 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Windows\Temp\{3F2F9BF6-7239-4224-BBE0-9DA42F7940D2}\.cr\windowsdesktop-runtime-6.0.5-win-x64.exe
"C:\Windows\Temp\{3F2F9BF6-7239-4224-BBE0-9DA42F7940D2}\.cr\windowsdesktop-runtime-6.0.5-win-x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\B5B1819CCA753B070181F50411375B80412860A3\windowsdesktop-runtime-6.0.5-win-x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=648 /install /quiet /norestart -burn.filehandle.self=1584 -burn.embedded BurnPipe.{5786FD4A-3C3E-435F-842B-E1368431C3B2} {817D71EA-A3C8-4854-B520-C8A1A1690496} 4664
C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe
"C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe" -q -burn.elevated BurnPipe.{5D8CD81F-1DDE-4D95-9FEF-28FD4069A92B} {94DDB85D-8564-4381-8341-11F2714A4971} 6056
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding C892AD93B3B496556B4134107E8B2655
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff72c567688,0x7ff72c567698,0x7ff72c5676a8
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 8E5D3F39D7027F4C6A363826B4E2DCB7
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding D68746BCA2BC31AE93F1290610C362ED
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1776 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 32160872D57F185595A402565CFCFE4B
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5152 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3524 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3308 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1656 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2784 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5304 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5352 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 609934E0AAE89F8ED2DFA1FC8E48316F
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSI17D5.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240654468 22 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.CloseMainApp
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5648 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1788 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x494 0x44c
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=852 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding D994A4D1B21E13C424E4159D4BF2B622 E Global\MSI0000
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSI3D72.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240663937 37 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.SetBrowserHelperPath
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5484 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5048 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSI45C0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240666046 41 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.CreateAccessTokens
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSI4A26.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240667171 45 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.CreateDefaultPortConfiguration
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSI4C98.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240667796 49 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.CreateServiceCredentials
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSI513C.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240668984 53 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.InitializeProteusId
C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.Installer.Exe
"C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.Installer.Exe"
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSI56BC.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240670390 57 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.SetServicesFailureActions
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5160 -ip 5160
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 1252
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSI5F48.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240672593 62 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.AddErrorReportingKeys
C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe
"C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.SystemService.exe"
C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe
"C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.VpnService.exe"
C:\Program Files (x86)\ExpressVPN\services\lightway.exe
"C:\Program Files (x86)\ExpressVPN\services\lightway.exe" --version
C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe
"C:\Program Files (x86)\ExpressVPN\services\ExpressVPN.AppService.exe"
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSI6A36.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240675406 66 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.RemoveLegacyRegistryData
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSI6D63.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240676250 70 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.RemoveUserFolderData
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=1776 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=3436 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4740 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5912 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Windows\Installer\MSI7544.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240678296 80 ExpressVpn.Client.Setup.CustomActions!ExpressVpn.Client.Setup.CustomActions.Actions.DeleteBinaries
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe
"C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe" install
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
"C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe"
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe
"C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe" uihaslaunched
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN-Installer.exe
"ExpressVPN-Installer.exe" install
C:\Program Files (x86)\ExpressVPN\wintun\tapinstall\tapinstall.exe
"C:\Program Files (x86)\ExpressVPN\wintun\tapinstall\tapinstall.exe" install "C:\Program Files (x86)\ExpressVPN\wintun\driver\expressvpn-tun.inf" expressvpntun
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{bffd6bab-abbe-7c4a-b475-31039dae7ebf}\expressvpn-tun.inf" "9" "4497a52b3" "0000000000000138" "WinSta0\Default" "0000000000000158" "208" "c:\program files (x86)\expressvpn\wintun\driver"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:07cfc4e755425814:Expressvpntun.Install:0.8.0.0:expressvpntun," "4497a52b3" "0000000000000138"
C:\Windows\SysWOW64\netsh.exe
"C:\Windows\SysWOW64\netsh.exe" interface ipv4 set subinterface "Local Area Connection" mtu=1500
C:\Program Files (x86)\ExpressVPN\wintun\tapinstall\tapinstall.exe
"C:\Program Files (x86)\ExpressVPN\wintun\tapinstall\tapinstall.exe" install "C:\Program Files (x86)\ExpressVPN\tap\driver\OemVista.inf" tapexpressvpn
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{b8aabe2b-d368-4d4f-8a92-1e53f031ef63}\oemvista.inf" "9" "41ad97973" "0000000000000180" "WinSta0\Default" "0000000000000184" "208" "c:\program files (x86)\expressvpn\tap\driver"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "2" "211" "ROOT\NET\0001" "C:\Windows\INF\oem4.inf" "oem4.inf:3beb73aff103cc24:tapexpressvpn.ndi:9.24.2.45:tapexpressvpn," "41ad97973" "0000000000000180"
C:\Windows\SysWOW64\netsh.exe
"C:\Windows\SysWOW64\netsh.exe" interface ipv4 set subinterface "Ethernet 2" mtu=1500
C:\Program Files (x86)\ExpressVPN\splittunnel\install\expressvpndriverinstaller.exe
"C:\Program Files (x86)\ExpressVPN\splittunnel\install\expressvpndriverinstaller.exe" remove
C:\Program Files (x86)\ExpressVPN\splittunnel\install\expressvpndriverinstaller.exe
"C:\Program Files (x86)\ExpressVPN\splittunnel\install\expressvpndriverinstaller.exe" install "C:\Program Files (x86)\ExpressVPN\splittunnel\driver\expressvpnsplittunnel.sys"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=4632 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=1660 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=3424 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4460 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=5440 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6368 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=6384 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=6428 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6596 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5552 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=5528 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=6236 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=5956 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=856 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=3372 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=6288 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=6216 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=6220 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=6580 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=5908 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=6052 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=3256 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=6120 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=6112 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=7124 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=7764 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=8004 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=8244 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=8460 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=8316 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=8216 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=9104 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=9076 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=9772 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=9224 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=9356 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=9064 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=8904 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=8472 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=10212 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=9380 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=10032 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=10040 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=6216 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=1620 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=7776 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=6052 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=11492 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=11452 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=11080 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=9748 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=5848 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=6992 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=12416 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=11876 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=12320 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=10636 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=96 --mojo-platform-channel-handle=11796 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=97 --mojo-platform-channel-handle=10856 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=98 --mojo-platform-channel-handle=12116 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=101 --mojo-platform-channel-handle=12796 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=100 --mojo-platform-channel-handle=12780 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=12696 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=102 --mojo-platform-channel-handle=12752 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=103 --mojo-platform-channel-handle=13412 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=104 --mojo-platform-channel-handle=13608 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=105 --mojo-platform-channel-handle=11748 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=106 --mojo-platform-channel-handle=13596 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=107 --mojo-platform-channel-handle=13232 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=109 --mojo-platform-channel-handle=13740 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=108 --mojo-platform-channel-handle=13628 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=110 --mojo-platform-channel-handle=14364 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=111 --mojo-platform-channel-handle=14088 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=112 --mojo-platform-channel-handle=11520 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=113 --mojo-platform-channel-handle=12344 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=114 --mojo-platform-channel-handle=12232 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=13764 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=11416 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=117 --mojo-platform-channel-handle=12284 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=118 --mojo-platform-channel-handle=11396 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=119 --mojo-platform-channel-handle=14484 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=120 --mojo-platform-channel-handle=11212 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=121 --mojo-platform-channel-handle=14188 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=122 --mojo-platform-channel-handle=14472 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=14396 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=124 --mojo-platform-channel-handle=11064 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=125 --mojo-platform-channel-handle=14000 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=126 --mojo-platform-channel-handle=11696 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=127 --mojo-platform-channel-handle=14092 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=128 --mojo-platform-channel-handle=12204 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=129 --mojo-platform-channel-handle=9356 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10380 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3228 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=132 --mojo-platform-channel-handle=13932 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=133 --mojo-platform-channel-handle=12452 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=134 --mojo-platform-channel-handle=11456 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=135 --mojo-platform-channel-handle=12480 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12280 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7104 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=13512 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11744 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=13940 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=13612 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Users\Admin\Downloads\MinecraftInstaller.exe
"C:\Users\Admin\Downloads\MinecraftInstaller.exe"
C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe
"C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe" scenarioMinecraft
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.XboxIdentityProvider_8wekyb3d8bbwe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=143 --mojo-platform-channel-handle=4704 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=144 --mojo-platform-channel-handle=11340 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=12340 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9712 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=147 --mojo-platform-channel-handle=13888 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=148 --mojo-platform-channel-handle=10396 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=149 --mojo-platform-channel-handle=12380 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=150 --mojo-platform-channel-handle=14612 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11696 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12908 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=14728 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=14748 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=14752 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Users\Admin\Downloads\Feather Launcher Setup 1.5.5.exe
"C:\Users\Admin\Downloads\Feather Launcher Setup 1.5.5.exe"
C:\Windows\system32\svchost.exe
"svchost.exe"
C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe
"C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe"
C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
"C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /i "C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\gameinputredist.msi" /quiet /l*v "C:\Windows\TEMP\gameinputredist.log"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe
"C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe" Global\GameInputSession_1
C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe
"C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Windows\TEMP\{53a9cadf-d2ec-e643-bd1f-121d88d4cc28}\xvdd.inf" "9" "4e7a111df" "0000000000000138" "Service-0x0-3e7$\Default" "0000000000000150" "208" "C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\drivers"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "0" "SWD\XvddEnum\XvddRootDevice_Instance" "" "" "48fe919b3" "0000000000000000"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Windows\TEMP\{75b8a007-87ed-cd44-b492-01ae301c547c}\gameflt.inf" "9" "42e40eeeb" "000000000000014C" "Service-0x0-3e7$\Default" "000000000000015C" "208" "C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\drivers"
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\vcredist_x64.exe
"C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\vcredist_x64.exe" /quiet /norestart
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\vcredist_x64.exe
"C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\vcredist_x64.exe" /quiet /norestart -burn.unelevated BurnPipe.{72FD05FB-54E9-4080-9D76-097881DC233E} {218FB332-FFF3-4208-B851-2C155CC8CBF0} 5336
C:\Windows\system32\DrvInst.exe
DrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_7d40425feb31ec57\gameflt.inf" "0" "42e40eeeb" "000000000000015C" "Service-0x0-3e7$\Default"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "5" "2" "C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_7d40425feb31ec57\gameflt.inf" "0" "4100319eb" "0000000000000158" "Service-0x0-3e7$\Default"
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\VC_redist.x64.exe
"C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\VC_redist.x64.exe" /quiet /norestart
C:\Windows\Temp\{1E766296-47EB-4DC7-A810-AD9092F6E0F3}\.cr\VC_redist.x64.exe
"C:\Windows\Temp\{1E766296-47EB-4DC7-A810-AD9092F6E0F3}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\VC_redist.x64.exe" -burn.filehandle.attached=676 -burn.filehandle.self=780 /quiet /norestart
C:\Windows\Temp\{7BCBD610-83F9-4224-A570-BD5524A1001E}\.be\VC_redist.x64.exe
"C:\Windows\Temp\{7BCBD610-83F9-4224-A570-BD5524A1001E}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{28B298A2-8B13-4396-8824-F033647458C8} {98A36D13-03DD-44CC-94CB-50A91E554421} 3652
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" epl Microsoft-Windows-AppXDeploymentServer/Operational C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\Microsoft-Windows-AppXDeploymentServer_Operational.evtx /ow:true
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" epl Microsoft-Windows-AppXDeployment/Operational C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\Microsoft-Windows-AppXDeployment_Operational.evtx /ow:true
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" epl Microsoft-Windows-AppxPackaging/Operational C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\Microsoft-Windows-AppxPackaging_Operational.evtx /ow:true
C:\Windows\system32\wscollect.exe
"C:\Windows\system32\wscollect.exe" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\wscollect_gr.cab
C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SIH" "C:\Users\Admin\AppData\Local\Temp\registry_SIH.txt" /y
C:\Windows\System32\reg.exe
C:\Windows\System32\reg.exe export "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig" "C:\Users\Admin\AppData\Local\Temp\registry_DNSPolicy.txt" /y
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d} -burn.filehandle.self=1264 -burn.embedded BurnPipe.{9F6D0742-F0B1-499B-9BD8-640EE9E065A1} {7D28F070-1DFD-485B-A629-D5B6769EDDFC} 4920
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=648 -burn.filehandle.self=668 -uninstall -quiet -burn.related.upgrade -burn.ancestors={ee198d9f-cfe1-4f8a-bf5f-7b1be355b63d} -burn.filehandle.self=1264 -burn.embedded BurnPipe.{9F6D0742-F0B1-499B-9BD8-640EE9E065A1} {7D28F070-1DFD-485B-A629-D5B6769EDDFC} 4920
C:\Windows\system32\reg.exe
"C:\Windows\system32\reg.exe" export HKLM\Software\Microsoft\GamingServices C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKLM_GRTS.reg /y
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{FAEADDFE-5319-4239-923B-EAE1BD18A617} {BC92F3B3-0F6F-42EA-B2E1-8460AF50EDD0} 1912
C:\Windows\system32\reg.exe
"C:\Windows\system32\reg.exe" export HKCU\Software\Microsoft\GamingServices C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKCU_GRTS.reg /y
C:\Windows\system32\reg.exe
"C:\Windows\system32\reg.exe" export HKLM\SYSTEM\CurrentControlSet\Services\GamingServices C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\GS_Service.reg /y
C:\Windows\system32\reg.exe
"C:\Windows\system32\reg.exe" export HKLM\SYSTEM\CurrentControlSet\Services\GamingServicesNet C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\GSNet_Service.reg /y
C:\Windows\system32\reg.exe
"C:\Windows\system32\reg.exe" export HKLM\SYSTEM\CurrentControlSet\Services\GameFlt C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\GameFlt_Service.reg /y
C:\Windows\system32\reg.exe
"C:\Windows\system32\reg.exe" export HKLM\SYSTEM\CurrentControlSet\Services\Xvdd C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\Xvdd_Service.reg /y
C:\Program Files\Feather Launcher\Feather Launcher.exe
"C:\Program Files\Feather Launcher\Feather Launcher.exe"
C:\Program Files\Feather Launcher\Feather Launcher.exe
"C:\Program Files\Feather Launcher\Feather Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1768,i,15831841621490548240,4255790313524525291,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Program Files\Feather Launcher\Feather Launcher.exe
"C:\Program Files\Feather Launcher\Feather Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --mojo-platform-channel-handle=2040 --field-trial-handle=1768,i,15831841621490548240,4255790313524525291,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Program Files\Feather Launcher\Feather Launcher.exe
"C:\Program Files\Feather Launcher\Feather Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --app-path="C:\Program Files\Feather Launcher\resources\app.asar" --no-sandbox --no-zygote --disable-blink-features=GetDisplayMedia --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2320 --field-trial-handle=1768,i,15831841621490548240,4255790313524525291,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files\Feather Launcher\Feather Launcher.exe
"C:\Program Files\Feather Launcher\Feather Launcher.exe" "C:\Program Files\Feather Launcher\resources\app.asar\preload\preload-mod-watcher-fork.js"
C:\Program Files\Feather Launcher\Feather Launcher.exe
"C:\Program Files\Feather Launcher\Feather Launcher.exe" "C:\Program Files\Feather Launcher\resources\app.asar\preload\preload-skin-watcher-fork.js"
C:\Program Files\Feather Launcher\Feather Launcher.exe
"C:\Program Files\Feather Launcher\Feather Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --app-path="C:\Program Files\Feather Launcher\resources\app.asar" --enable-sandbox --disable-blink-features=GetDisplayMedia --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3496 --field-trial-handle=1768,i,15831841621490548240,4255790313524525291,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe
"C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\GamingServices.exe"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Windows\TEMP\{7e3470d8-7ccb-7f4e-93b9-9e52c293701a}\gameflt.inf" "9" "42e40eeeb" "000000000000014C" "Service-0x0-3e7$\Default" "000000000000015C" "208" "C:\Program Files\WindowsApps\Microsoft.GamingServices_13.78.12002.0_x64__8wekyb3d8bbwe\drivers"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_7d40425feb31ec57\gameflt.inf" "0" "42e40eeeb" "000000000000015C" "Service-0x0-3e7$\Default"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "5" "2" "C:\Windows\System32\DriverStore\FileRepository\gameflt.inf_amd64_7d40425feb31ec57\gameflt.inf" "0" "4100319eb" "0000000000000168" "Service-0x0-3e7$\Default"
C:\Program Files\Feather Launcher\Feather Launcher.exe
"C:\Program Files\Feather Launcher\Feather Launcher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Feather Launcher" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3092 --field-trial-handle=1768,i,15831841621490548240,4255790313524525291,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=156 --mojo-platform-channel-handle=1332 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=157 --mojo-platform-channel-handle=14460 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6396 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=14308 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=160 --mojo-platform-channel-handle=5200 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=161 --mojo-platform-channel-handle=14628 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=162 --mojo-platform-channel-handle=9240 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=163 --mojo-platform-channel-handle=8940 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=164 --mojo-platform-channel-handle=12336 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=165 --mojo-platform-channel-handle=6888 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x494 0x44c
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=166 --mojo-platform-channel-handle=4440 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6280 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6732 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6768 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12648 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=14328 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
"C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe"
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=3539e67194ee6ba0c99d6e96abe3b09d611a4794 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x6c4,0x6d0,0x774,0x75c,0x780,0x878c44,0x878c54,0x878c64
C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
MicrosoftEdgeWebview2Setup.exe /silent /install
C:\Program Files (x86)\Microsoft\Temp\EUC593.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EUC593.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjFCNzA0QkUtRDI1MC00OTEwLTk1QTktMUMyOEVCQ0REMEE0fSIgdXNlcmlkPSJ7MjY5QjU3MDEtQzY2My00NEMyLTg5MTktREI1MUYwQjNFNDBGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InswQ0FEMDE4Ni00MUY4LTQwNkMtOTIyOC1FRUUxREJFMjJCNEN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3FXSlN6V3dQZmRjTFIrWEdJdjZ4clpmaVlPeGhQVTJzMU5XbWpXY2FGUGc9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzMuNDUiIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzQyMjYxNDQyNCIgaW5zdGFsbF90aW1lX21zPSI5OTMiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{F1B704BE-D250-4910-95A9-1C28EBCDD0A4}" /silent
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjFCNzA0QkUtRDI1MC00OTEwLTk1QTktMUMyOEVCQ0REMEE0fSIgdXNlcmlkPSJ7MjY5QjU3MDEtQzY2My00NEMyLTg5MTktREI1MUYwQjNFNDBGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGMDhCMjQ0RS0zN0E0LTQxMjItQTI5My04RENCRURGNzMxNkN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3FXSlN6V3dQZmRjTFIrWEdJdjZ4clpmaVlPeGhQVTJzMU5XbWpXY2FGUGc9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIzIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzQyNzA0NDYwMSIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C0E992C-238C-46B5-BA57-73D87F17DB65}\MicrosoftEdge_X64_114.0.1823.43.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C0E992C-238C-46B5-BA57-73D87F17DB65}\MicrosoftEdge_X64_114.0.1823.43.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C0E992C-238C-46B5-BA57-73D87F17DB65}\EDGEMITMP_CCA90.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C0E992C-238C-46B5-BA57-73D87F17DB65}\EDGEMITMP_CCA90.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6C0E992C-238C-46B5-BA57-73D87F17DB65}\MicrosoftEdge_X64_114.0.1823.43.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjFCNzA0QkUtRDI1MC00OTEwLTk1QTktMUMyOEVCQ0REMEE0fSIgdXNlcmlkPSJ7MjY5QjU3MDEtQzY2My00NEMyLTg5MTktREI1MUYwQjNFNDBGfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyQkYzNzMxNS0xRkRELTQ5NEMtOUEyRi0zREE2RjY4MDhEOTZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjExNC4wLjE4MjMuNDMiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzNDM3NzE0NTIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM0MzgxMDQ2MjUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzU5Nzc3NDYxMSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvYTNhNGRkYTMtMWE2ZS00MWQ0LWFiOTktMGJiZTQzYzNmNjg0P1AxPTE2ODc0MzkyODAmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9QzdGTEZuRDVQS1V2ZkVLVnF4MkdlQ1djMWdCa2hNbFV4cGExMno5ZHlodWdvY2dBZXEwN2tKSlBXeEgwdFdDaHA5VjFvMWVQbnV5NXlOJTJmek5XV1dudyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE0NzI0Mzk3NiIgdG90YWw9IjE0NzI0Mzk3NiIgZG93bmxvYWRfdGltZV9tcz0iMTI5NzkiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzU5Nzk0NDU4MyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzNjEzMzU0MjA5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NjA5IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzg3MTgzNDA2NCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjUwOSIgZG93bmxvYWRfdGltZV9tcz0iMTU5NTAiIGRvd25sb2FkZWQ9IjE0NzI0Mzk3NiIgdG90YWw9IjE0NzI0Mzk3NiIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMjU4MTkiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=172 --mojo-platform-channel-handle=5924 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12388 --field-trial-handle=1828,i,3965701909540749858,10087327390374118102,131072 /prefetch:8
C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerLauncher.exe" roblox-player:1+launchmode:play+gameinfo:g1H0LfoOVrP4lFZJcfRJ6Nqu0_UJCQWxOFnJo3N7HOCS6Bl9mikvHy_CFWxbhcWTk2sZC7PpiNnoG1X3tk0AIxgAbG8Z3_1a8CQYcetqEbNm-g_YR3IsgTlkLZr3kej6sKJ7UvqDV40urTxQc5LuMfmeXD4BOGzzyJeZSRT_e_0EWTsAdGEqgGlLgIG3paqR6yLKRsP3ku9c_12Oz4Nv34Nx4zagbG3s1T2x4hLtKVU+launchtime:1686834540600+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D176063550447%26placeId%3D8737602449%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D6aae0b56-4608-4ae9-80ec-072a3b378fe2%26joinAttemptOrigin%3DPlayButton+browsertrackerid:176063550447+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerLauncher.exe
"C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerLauncher.exe" --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=3539e67194ee6ba0c99d6e96abe3b09d611a4794 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x72c,0x730,0x734,0x68c,0x4a8,0x8e8c44,0x8e8c54,0x8e8c64
C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe
"C:\Program Files (x86)\Roblox\Versions\version-21bedf9513a74867\RobloxPlayerBeta.exe" --app -t g1H0LfoOVrP4lFZJcfRJ6Nqu0_UJCQWxOFnJo3N7HOCS6Bl9mikvHy_CFWxbhcWTk2sZC7PpiNnoG1X3tk0AIxgAbG8Z3_1a8CQYcetqEbNm-g_YR3IsgTlkLZr3kej6sKJ7UvqDV40urTxQc5LuMfmeXD4BOGzzyJeZSRT_e_0EWTsAdGEqgGlLgIG3paqR6yLKRsP3ku9c_12Oz4Nv34Nx4zagbG3s1T2x4hLtKVU -j https://assetgame.roblox.com/game/PlaceLauncher.ashx?request=RequestGame&browserTrackerId=176063550447&placeId=8737602449&isPlayTogetherGame=false&joinAttemptId=6aae0b56-4608-4ae9-80ec-072a3b378fe2&joinAttemptOrigin=PlayButton -b 176063550447 --launchtime=1686834540600 --rloc en_us --gloc en_us
C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 444 -p 7964 -ip 7964
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 7964 -s 1980
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 40.125.122.151:443 | tcp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.250.217.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.visualstudio.microsoft.com | udp |
| US | 93.184.215.201:443 | download.visualstudio.microsoft.com | tcp |
| US | 8.8.8.8:53 | 201.215.184.93.in-addr.arpa | udp |
| IE | 20.50.73.11:443 | tcp | |
| US | 8.8.8.8:53 | 62.13.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.255.255.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.159.162.in-addr.arpa | udp |
| NL | 8.238.21.126:80 | tcp | |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 142.251.36.46:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 46.36.251.142.in-addr.arpa | udp |
| NL | 173.223.113.164:443 | tcp | |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| NL | 142.251.36.1:443 | clients2.googleusercontent.com | tcp |
| NL | 173.223.113.131:80 | tcp | |
| US | 131.253.33.203:80 | tcp | |
| US | 8.8.8.8:53 | 1.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | labs.google.com | udp |
| NL | 142.250.179.206:443 | labs.google.com | tcp |
| NL | 142.250.179.206:443 | labs.google.com | tcp |
| NL | 142.250.179.206:443 | labs.google.com | udp |
| US | 8.8.8.8:53 | 206.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| NL | 142.250.179.163:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 216.58.214.22:443 | i.ytimg.com | tcp |
| NL | 216.58.214.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 142.250.179.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 163.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.214.58.216.in-addr.arpa | udp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 202.179.250.142.in-addr.arpa | udp |
| NL | 216.58.214.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 141.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.15.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.14.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| DE | 172.217.23.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 194.23.217.172.in-addr.arpa | udp |
| DE | 172.217.23.194:443 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.202:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| NL | 142.251.36.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 6.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| NL | 216.58.214.14:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| US | 8.8.8.8:53 | o137163.ingest.sentry.io | udp |
| US | 34.120.195.249:443 | o137163.ingest.sentry.io | tcp |
| US | 34.120.195.249:443 | o137163.ingest.sentry.io | tcp |
| US | 8.8.8.8:53 | 249.195.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | 80.121.18.2.in-addr.arpa | udp |
| US | 34.120.195.249:443 | o137163.ingest.sentry.io | tcp |
| US | 8.8.8.8:53 | clientstream.launchdarkly.com | udp |
| US | 13.248.151.210:443 | clientstream.launchdarkly.com | tcp |
| US | 8.8.8.8:53 | 210.151.248.13.in-addr.arpa | udp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | mobile.launchdarkly.com | udp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| N/A | 127.0.0.1:2021 | tcp | |
| N/A | 127.0.0.1:2022 | tcp | |
| NL | 142.250.179.163:443 | id.google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| NL | 142.250.179.142:443 | google.com | tcp |
| US | 192.178.48.227:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 142.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.48.178.192.in-addr.arpa | udp |
| N/A | 127.0.0.1:2020 | tcp | |
| US | 8.8.8.8:53 | hackerztrickz.com | udp |
| US | 162.243.164.163:443 | hackerztrickz.com | tcp |
| US | 162.243.164.163:443 | hackerztrickz.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 2.18.121.70:80 | apps.identrust.com | tcp |
| US | 192.178.48.227:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 163.164.243.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.179.250.142.in-addr.arpa | udp |
| US | 192.178.48.227:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| US | 162.243.164.163:443 | hackerztrickz.com | tcp |
| DE | 172.217.23.194:443 | googleads.g.doubleclick.net | udp |
| US | 162.243.164.163:443 | hackerztrickz.com | tcp |
| US | 162.243.164.163:443 | hackerztrickz.com | tcp |
| US | 162.243.164.163:443 | hackerztrickz.com | tcp |
| US | 162.243.164.163:443 | hackerztrickz.com | tcp |
| NL | 142.250.179.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| NL | 142.251.36.2:443 | partner.googleadservices.com | tcp |
| US | 8.8.8.8:53 | 2.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.39.98:443 | www.googletagservices.com | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 98.39.251.142.in-addr.arpa | udp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| N/A | 127.0.0.1:2020 | tcp | |
| US | 8.8.8.8:53 | dclk-match.dotomi.com | udp |
| US | 8.8.8.8:53 | pr-bh.ybp.yahoo.com | udp |
| US | 8.8.8.8:53 | fksnk.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | an.yandex.ru | udp |
| US | 8.8.8.8:53 | rtb2-useast.e-volution.ai | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| IE | 54.72.87.105:443 | pr-bh.ybp.yahoo.com | tcp |
| RU | 77.88.21.90:443 | an.yandex.ru | tcp |
| US | 52.3.201.139:443 | sync.srv.stackadapt.com | tcp |
| US | 34.200.89.174:443 | fksnk.com | tcp |
| NL | 142.251.36.34:443 | cm.g.doubleclick.net | tcp |
| NL | 89.207.16.140:443 | dclk-match.dotomi.com | tcp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | tcp |
| US | 174.137.133.49:443 | rtb2-useast.e-volution.ai | tcp |
| US | 50.31.142.159:443 | b1sync.zemanta.com | tcp |
| NL | 142.251.36.34:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| CA | 185.80.39.216:443 | dsum-sec.casalemedia.com | tcp |
| NL | 185.89.210.101:443 | ib.adnxs.com | tcp |
| CA | 185.80.39.216:443 | dsum-sec.casalemedia.com | tcp |
| US | 8.8.8.8:53 | dsp.adkernel.com | udp |
| US | 174.137.133.49:443 | dsp.adkernel.com | tcp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| US | 8.8.8.8:53 | d5p.de17a.com | udp |
| US | 8.8.8.8:53 | a.rfihub.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| SE | 213.155.156.185:443 | d5p.de17a.com | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| NL | 193.0.160.130:443 | a.rfihub.com | tcp |
| US | 8.8.8.8:53 | fw.adsafeprotected.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| NL | 142.250.179.134:443 | s0.2mdn.net | tcp |
| US | 54.86.48.49:443 | fw.adsafeprotected.com | tcp |
| US | 50.31.142.159:443 | b1sync.zemanta.com | tcp |
| US | 8.8.8.8:53 | dsp.adfarm1.adition.com | udp |
| US | 8.8.8.8:53 | gcm.ctnsnet.com | udp |
| US | 8.8.8.8:53 | s.uuidksinc.net | udp |
| US | 8.8.8.8:53 | match.adsby.bidtheatre.com | udp |
| DE | 85.114.159.118:443 | dsp.adfarm1.adition.com | tcp |
| NL | 188.166.17.21:443 | match.adsby.bidtheatre.com | tcp |
| NL | 31.220.27.135:443 | s.uuidksinc.net | tcp |
| US | 50.31.142.159:443 | b1sync.zemanta.com | tcp |
| US | 35.186.193.173:443 | gcm.ctnsnet.com | tcp |
| US | 8.8.8.8:53 | 34.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.87.72.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.21.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.201.3.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.89.200.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.133.137.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.142.31.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.39.80.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.160.0.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.156.155.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.179.250.142.in-addr.arpa | udp |
| US | 50.31.142.159:443 | b1sync.zemanta.com | tcp |
| NL | 142.250.179.134:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| NL | 142.250.179.162:443 | googleads4.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | pm.w55c.net | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | tr.blismedia.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| CH | 185.29.132.245:443 | sync.mathtag.com | tcp |
| US | 34.96.105.8:443 | tr.blismedia.com | tcp |
| US | 35.153.76.238:443 | pm.w55c.net | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | static.adsafeprotected.com | udp |
| US | 8.8.8.8:53 | dt.adsafeprotected.com | udp |
| US | 52.38.248.249:443 | dt.adsafeprotected.com | tcp |
| US | 52.38.248.249:443 | dt.adsafeprotected.com | tcp |
| US | 52.38.248.249:443 | dt.adsafeprotected.com | tcp |
| US | 18.65.39.66:443 | static.adsafeprotected.com | tcp |
| US | 8.8.8.8:53 | ad.turn.com | udp |
| US | 35.186.193.173:443 | gcm.ctnsnet.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | c1.adform.net | udp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| DE | 35.157.169.142:443 | x.bidswitch.net | tcp |
| DK | 37.157.3.20:443 | c1.adform.net | tcp |
| US | 8.8.8.8:53 | 21.17.166.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.159.114.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.27.220.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.48.86.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.193.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.105.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.132.29.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.76.153.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.248.38.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ads.avct.cloud | udp |
| IE | 52.214.255.2:443 | ads.avct.cloud | tcp |
| NL | 142.250.179.162:443 | googleads4.g.doubleclick.net | udp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | 11.164.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.169.157.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.3.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.255.214.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.71:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | 71.121.18.2.in-addr.arpa | udp |
| US | 2.18.121.71:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| US | 192.178.48.227:443 | beacons.gcp.gvt2.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| NL | 142.250.179.142:443 | google.com | udp |
| US | 8.8.8.8:53 | e2cs47.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c33.gcp.gvt2.com | udp |
| US | 35.209.229.224:443 | e2cs47.gcp.gvt2.com | tcp |
| JP | 35.213.86.143:443 | e2c33.gcp.gvt2.com | tcp |
| JP | 35.213.86.143:443 | e2c33.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 192.178.49.195:443 | beacons.gvt2.com | tcp |
| US | 8.8.8.8:53 | 224.229.209.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.86.213.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.49.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gamebanana.com | udp |
| US | 104.26.9.16:443 | gamebanana.com | tcp |
| US | 104.26.9.16:443 | gamebanana.com | tcp |
| US | 8.8.8.8:53 | config.playwire.com | udp |
| US | 8.8.8.8:53 | cdn.intergi.com | udp |
| US | 8.8.8.8:53 | cdn.intergient.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | webfiles.gamebanana.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | images.gamebanana.com | udp |
| NL | 52.222.139.23:443 | cdn.intergient.com | tcp |
| NL | 52.222.139.23:443 | cdn.intergient.com | tcp |
| US | 172.67.70.134:443 | btloader.com | tcp |
| NL | 142.251.36.42:443 | ajax.googleapis.com | tcp |
| NL | 142.251.36.42:443 | ajax.googleapis.com | tcp |
| NL | 108.156.60.40:443 | config.playwire.com | tcp |
| NL | 52.222.139.23:443 | cdn.intergient.com | tcp |
| NL | 52.222.139.59:443 | cdn.intergi.com | tcp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 209.222.98.196:443 | images.gamebanana.com | tcp |
| US | 209.222.98.196:443 | images.gamebanana.com | tcp |
| US | 209.222.98.196:443 | images.gamebanana.com | tcp |
| US | 209.222.98.196:443 | images.gamebanana.com | tcp |
| US | 209.222.98.196:443 | images.gamebanana.com | tcp |
| US | 209.222.98.196:443 | images.gamebanana.com | tcp |
| US | 104.194.11.17:443 | images.gamebanana.com | tcp |
| US | 104.194.11.17:443 | images.gamebanana.com | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| NL | 104.126.125.209:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 16.9.26.104.in-addr.arpa | udp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| NL | 185.29.134.248:443 | sync.mathtag.com | tcp |
| NL | 104.80.228.197:443 | ads.pubmatic.com | tcp |
| GB | 96.16.108.246:443 | acdn.adnxs.com | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | z.moatads.com | udp |
| US | 8.8.8.8:53 | cdn.video.playwire.com | udp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| NL | 104.80.229.151:443 | z.moatads.com | tcp |
| US | 8.8.8.8:53 | cdn.playwire.com | udp |
| NL | 108.156.60.120:443 | cdn.video.playwire.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| DE | 172.217.23.194:443 | securepubads.g.doubleclick.net | tcp |
| NL | 52.222.139.24:443 | cdn.playwire.com | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| DE | 172.217.23.194:443 | securepubads.g.doubleclick.net | tcp |
| NL | 52.222.139.59:443 | cdn.intergi.com | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| NL | 142.250.102.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| DE | 172.217.23.194:443 | securepubads.g.doubleclick.net | udp |
| DE | 172.217.23.194:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | 23.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.70.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.60.156.108.in-addr.arpa | udp |
| SG | 103.229.10.247:443 | secure.quantserve.com | tcp |
| US | 8.8.8.8:53 | 59.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.125.126.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.98.222.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.11.194.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.134.29.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.228.80.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.108.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.229.80.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.60.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.155.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| NL | 108.156.60.40:443 | config.playwire.com | tcp |
| NL | 104.80.229.151:443 | z.moatads.com | tcp |
| US | 8.8.8.8:53 | predicted-price-floor.playwire.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| SG | 103.229.10.247:443 | secure.quantserve.com | tcp |
| NL | 65.9.86.8:443 | predicted-price-floor.playwire.com | tcp |
| NL | 52.222.139.35:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| NL | 142.250.179.206:443 | fundingchoicesmessages.google.com | tcp |
| US | 104.194.11.17:443 | images.gamebanana.com | tcp |
| US | 104.194.11.17:443 | images.gamebanana.com | tcp |
| US | 104.194.11.17:443 | images.gamebanana.com | tcp |
| US | 104.194.11.17:443 | images.gamebanana.com | tcp |
| US | 8.8.8.8:53 | mb.moatads.com | udp |
| SG | 18.138.3.202:443 | mb.moatads.com | tcp |
| US | 8.8.8.8:53 | ps.eyeota.net | udp |
| SG | 54.251.140.206:443 | ps.eyeota.net | tcp |
| NL | 142.250.179.206:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| NL | 142.250.179.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 247.10.229.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.86.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.3.138.18.in-addr.arpa | udp |
| SG | 54.251.234.207:443 | bcp.crwdcntrl.net | tcp |
| NL | 52.222.139.24:443 | cdn.playwire.com | tcp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 172.64.152.222:443 | cdn-ima.33across.com | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| US | 18.65.39.30:443 | rules.quantcount.com | tcp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.140.251.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.152.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.234.251.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | esp.rtbhouse.com | udp |
| US | 35.190.39.111:443 | esp.rtbhouse.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | gumi.criteo.com | udp |
| DE | 141.95.98.65:443 | id5-sync.com | tcp |
| SG | 182.161.73.136:443 | gumi.criteo.com | tcp |
| US | 35.190.39.111:443 | esp.rtbhouse.com | udp |
| DE | 141.95.98.65:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | fid.agkn.com | udp |
| SG | 52.76.166.242:443 | id.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| US | 34.160.46.1:443 | fid.agkn.com | tcp |
| NL | 52.222.136.109:443 | c.amazon-adsystem.com | tcp |
| NL | 142.251.36.34:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| SG | 182.161.73.136:443 | gumi.criteo.com | tcp |
| US | 8.8.8.8:53 | cms.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | 111.39.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.98.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.46.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.136.222.52.in-addr.arpa | udp |
| SG | 54.251.140.206:443 | ps.eyeota.net | tcp |
| US | 8.8.8.8:53 | px.moatads.com | udp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| IE | 212.82.100.182:443 | cms.analytics.yahoo.com | tcp |
| NL | 185.89.210.153:443 | ib.adnxs.com | tcp |
| GB | 96.16.109.251:443 | px.moatads.com | tcp |
| US | 8.8.8.8:53 | fingerprinter-production.herokuapp.com | udp |
| SG | 54.251.140.206:443 | ps.eyeota.net | tcp |
| US | 52.5.82.174:443 | fingerprinter-production.herokuapp.com | tcp |
| NL | 52.222.136.109:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 18.65.37.219:443 | aax.amazon-adsystem.com | tcp |
| DE | 141.95.98.65:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 104.18.3.114:443 | mp.4dex.io | tcp |
| US | 8.8.8.8:53 | apex.go.sonobi.com | udp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | g2.gumgum.com | udp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | ads.servenobid.com | udp |
| JP | 52.194.171.158:443 | g2.gumgum.com | tcp |
| JP | 52.194.171.158:443 | g2.gumgum.com | tcp |
| JP | 52.194.171.158:443 | g2.gumgum.com | tcp |
| JP | 52.194.171.158:443 | g2.gumgum.com | tcp |
| JP | 52.194.171.158:443 | g2.gumgum.com | tcp |
| JP | 52.194.171.158:443 | g2.gumgum.com | tcp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 104.18.24.185:443 | htlb.casalemedia.com | tcp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| IE | 52.30.65.194:443 | ads.servenobid.com | tcp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 35.186.253.211:443 | rtb.openx.net | tcp |
| DE | 3.70.80.231:443 | btlr.sharethrough.com | tcp |
| DE | 3.70.80.231:443 | btlr.sharethrough.com | tcp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| DE | 3.70.80.231:443 | btlr.sharethrough.com | tcp |
| DE | 3.70.80.231:443 | btlr.sharethrough.com | tcp |
| DE | 3.70.80.231:443 | btlr.sharethrough.com | tcp |
| DE | 3.70.80.231:443 | btlr.sharethrough.com | tcp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| DE | 18.192.234.196:443 | tlx.3lift.com | tcp |
| IE | 54.76.77.238:443 | hb.yellowblue.io | tcp |
| FR | 23.39.253.208:443 | secure.cdn.fastclick.net | tcp |
| FR | 23.39.253.208:443 | secure.cdn.fastclick.net | tcp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| IE | 67.220.226.232:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.73.161.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.109.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.166.76.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.82.5.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.37.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.9.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.149.71.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.3.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.24.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.253.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.65.30.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.166.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.80.70.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.234.192.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.253.39.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.226.220.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.77.76.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.171.194.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| US | 50.31.142.159:443 | b1sync.zemanta.com | tcp |
| US | 8.8.8.8:53 | rtb.gumgum.com | udp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| NL | 104.80.228.197:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | sync-amz.ads.yieldmo.com | udp |
| NL | 104.126.125.209:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| JP | 54.95.221.161:443 | match.prod.bidr.io | tcp |
| CA | 185.80.39.216:443 | ssum-sec.casalemedia.com | tcp |
| US | 3.227.148.228:443 | cs-server-s2s.yellowblue.io | tcp |
| NL | 52.222.139.37:443 | s.ad.smaato.net | tcp |
| SG | 13.250.187.90:443 | sync-amz.ads.yieldmo.com | tcp |
| JP | 54.95.221.161:443 | match.prod.bidr.io | tcp |
| SG | 13.250.187.90:443 | sync-amz.ads.yieldmo.com | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | 213.245.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cec69a122a124fd58f7c3c73f35f9c91.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 228.148.227.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.221.95.54.in-addr.arpa | udp |
| NL | 142.250.179.161:443 | cec69a122a124fd58f7c3c73f35f9c91.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | ats.rlcdn.com | udp |
| NL | 13.227.219.68:443 | ats.rlcdn.com | tcp |
| NL | 142.250.179.206:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | geo.privacymanager.io | udp |
| US | 8.8.8.8:53 | p.rfihub.com | udp |
| CA | 185.80.39.216:443 | dsum-sec.casalemedia.com | tcp |
| NL | 193.0.160.130:443 | p.rfihub.com | tcp |
| US | 8.8.8.8:53 | proc.ad.cpe.dotomi.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| NL | 52.222.139.95:443 | geo.privacymanager.io | tcp |
| US | 8.8.8.8:53 | dmp.brand-display.com | udp |
| NL | 63.215.202.146:443 | proc.ad.cpe.dotomi.com | tcp |
| DE | 37.252.173.215:443 | secure.adnxs.com | tcp |
| US | 34.111.151.213:443 | dmp.brand-display.com | tcp |
| CA | 185.80.39.216:443 | dsum-sec.casalemedia.com | tcp |
| US | 104.18.24.185:443 | htlb.casalemedia.com | udp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | udp |
| NL | 142.250.179.161:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.161:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.161:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.161:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.161:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | 161.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.202.215.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.173.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.151.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| NL | 142.251.39.98:443 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| NL | 142.250.179.162:443 | googleads4.g.doubleclick.net | udp |
| NL | 142.250.179.134:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 34.120.107.143:443 | oajs.openx.net | tcp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| US | 8.8.8.8:53 | a.tribalfusion.com | udp |
| US | 8.8.8.8:53 | um.simpli.fi | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 50.31.142.159:443 | b1sync.zemanta.com | tcp |
| FR | 178.250.7.11:443 | dis.criteo.com | tcp |
| US | 104.18.25.173:443 | a.tribalfusion.com | tcp |
| NL | 35.204.158.49:443 | um.simpli.fi | tcp |
| US | 8.8.8.8:53 | widget.as.criteo.com | udp |
| US | 50.31.142.159:443 | b1sync.zemanta.com | tcp |
| SG | 182.161.73.146:443 | widget.as.criteo.com | tcp |
| US | 8.8.8.8:53 | s.tribalfusion.com | udp |
| US | 8.8.8.8:53 | 143.107.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.25.18.104.in-addr.arpa | udp |
| SG | 182.161.73.146:443 | widget.as.criteo.com | tcp |
| US | 8.8.8.8:53 | 49.158.204.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dsum.casalemedia.com | udp |
| CA | 185.80.39.216:443 | dsum.casalemedia.com | tcp |
| US | 8.8.8.8:53 | check.analytics.rlcdn.com | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | pm.w55c.net | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| DE | 3.75.152.220:443 | x.bidswitch.net | tcp |
| US | 52.7.42.70:443 | pm.w55c.net | tcp |
| CA | 185.80.39.216:443 | dsum.casalemedia.com | tcp |
| IE | 67.220.226.232:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | playwire-d.openx.net | udp |
| US | 8.8.8.8:53 | sdk.streamrail.com | udp |
| GB | 96.16.108.246:443 | acdn.adnxs.com | tcp |
| DE | 141.95.98.65:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 141.95.98.65:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | public.servenobid.com | udp |
| DE | 141.95.98.65:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 141.95.98.65:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | pixel.mathtag.com | udp |
| DE | 141.95.98.65:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 80.77.87.163:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | 146.73.161.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.152.75.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.42.7.52.in-addr.arpa | udp |
| US | 18.65.39.15:443 | public.servenobid.com | tcp |
| NL | 213.19.162.90:443 | pixel.rubiconproject.com | tcp |
| NL | 13.227.219.110:443 | sdk.streamrail.com | tcp |
| NL | 173.223.112.197:443 | pixel.mathtag.com | tcp |
| NL | 13.227.219.110:443 | sdk.streamrail.com | tcp |
| US | 18.65.39.15:443 | public.servenobid.com | tcp |
| NL | 173.223.112.197:443 | pixel.mathtag.com | tcp |
| NL | 213.19.162.90:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | r.scoota.co | udp |
| US | 8.8.8.8:53 | match.justpremium.com | udp |
| US | 8.8.8.8:53 | green.erne.co | udp |
| IE | 52.48.51.220:443 | r.scoota.co | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| IE | 54.72.87.105:443 | pr-bh.ybp.yahoo.com | tcp |
| FR | 141.95.172.216:443 | green.erne.co | tcp |
| US | 44.239.208.236:443 | match.justpremium.com | tcp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 44.239.208.236:443 | match.justpremium.com | tcp |
| US | 204.79.197.200:443 | c.bing.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 8.8.8.8:53 | sync.go.sonobi.com | udp |
| US | 69.166.1.10:443 | sync.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | stags.bluekai.com | udp |
| US | 8.8.8.8:53 | sync.teads.tv | udp |
| NL | 173.223.113.181:443 | stags.bluekai.com | tcp |
| NL | 173.223.113.34:443 | sync.teads.tv | tcp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| NL | 173.223.113.34:443 | sync.teads.tv | tcp |
| US | 8.8.8.8:53 | image6.pubmatic.com | udp |
| US | 8.8.8.8:53 | ice.360yield.com | udp |
| US | 8.8.8.8:53 | ce.lijit.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 69.166.1.10:443 | sync.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | ssp.disqus.com | udp |
| US | 8.8.8.8:53 | hbx.media.net | udp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| SG | 52.77.145.66:443 | match.sharethrough.com | tcp |
| SG | 52.77.145.66:443 | match.sharethrough.com | tcp |
| SG | 52.77.145.66:443 | match.sharethrough.com | tcp |
| NL | 216.52.2.16:443 | ap.lijit.com | tcp |
| NL | 216.52.2.91:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | 163.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.112.223.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.172.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.51.48.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.208.239.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.1.166.69.in-addr.arpa | udp |
| US | 147.28.129.37:443 | prebid.a-mo.net | tcp |
| US | 199.127.204.142:443 | sync.1rx.io | tcp |
| SG | 54.255.221.127:443 | ice.360yield.com | tcp |
| GB | 23.44.232.24:443 | hbx.media.net | tcp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| SG | 52.77.145.66:443 | match.sharethrough.com | tcp |
| SG | 54.255.221.127:443 | ice.360yield.com | tcp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| US | 199.127.204.142:443 | sync.1rx.io | tcp |
| US | 147.28.129.37:443 | prebid.a-mo.net | tcp |
| GB | 23.44.232.24:443 | hbx.media.net | tcp |
| US | 8.8.8.8:53 | sync.outbrain.com | udp |
| US | 8.8.8.8:53 | sync.ipredictive.com | udp |
| US | 8.8.8.8:53 | sync.technoratimedia.com | udp |
| US | 8.8.8.8:53 | match.deepintent.com | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | csync.loopme.me | udp |
| CA | 185.80.39.216:443 | dsum.casalemedia.com | tcp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 199.127.204.142:443 | sync.1rx.io | tcp |
| US | 199.127.204.142:443 | sync.1rx.io | tcp |
| SG | 52.77.145.66:443 | match.sharethrough.com | tcp |
| US | 52.21.11.19:443 | ssp.disqus.com | tcp |
| SG | 52.77.145.66:443 | match.sharethrough.com | tcp |
| US | 52.20.224.27:443 | sync.srv.stackadapt.com | tcp |
| US | 50.31.142.255:443 | sync.outbrain.com | tcp |
| US | 198.148.27.140:443 | bh.contextweb.com | tcp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | ads.yieldmo.com | udp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 54.172.162.57:443 | sync.ipredictive.com | tcp |
| US | 193.122.130.38:443 | sync.technoratimedia.com | tcp |
| US | 8.8.8.8:53 | kinesis.us-east-1.amazonaws.com | udp |
| US | 2.18.121.71:443 | ads.stickyadstv.com | tcp |
| NL | 35.214.235.85:443 | csync.loopme.me | tcp |
| US | 67.202.105.23:443 | ssc-cms.33across.com | tcp |
| NL | 213.19.162.90:443 | pixel.rubiconproject.com | tcp |
| FR | 185.86.138.153:443 | ssbsync.smartadserver.com | tcp |
| FR | 185.86.138.153:443 | ssbsync.smartadserver.com | tcp |
| US | 8.18.47.7:443 | match.deepintent.com | tcp |
| NL | 173.223.112.20:443 | contextual.media.net | tcp |
| SG | 18.138.93.67:443 | ads.yieldmo.com | tcp |
| US | 8.8.8.8:53 | 181.113.223.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.113.223.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.145.77.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.2.52.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.2.52.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.232.44.23.in-addr.arpa | udp |
| IE | 52.51.52.84:443 | dpm.demdex.net | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 3.227.250.254:443 | kinesis.us-east-1.amazonaws.com | tcp |
| FR | 185.86.138.153:443 | ssbsync.smartadserver.com | tcp |
| CA | 185.80.39.216:443 | dsum.casalemedia.com | tcp |
| US | 67.202.105.23:443 | ssc-cms.33across.com | tcp |
| SG | 18.138.93.67:443 | ads.yieldmo.com | tcp |
| IE | 52.51.52.84:443 | dpm.demdex.net | tcp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cs-rtb.minutemedia-prebid.com | udp |
| US | 8.8.8.8:53 | ad-cdn.technoratimedia.com | udp |
| US | 8.8.8.8:53 | sync.adkernel.com | udp |
| NL | 52.222.139.106:443 | cs-rtb.minutemedia-prebid.com | tcp |
| US | 2.18.121.71:80 | www.msftncsi.com | tcp |
| US | 152.199.22.191:443 | ad-cdn.technoratimedia.com | tcp |
| NL | 104.98.130.104:443 | secure-assets.rubiconproject.com | tcp |
| US | 69.166.1.10:443 | sync.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | cs.iqzone.com | udp |
| US | 8.8.8.8:53 | sync.search.spotxchange.com | udp |
| NL | 185.29.134.248:443 | sync.mathtag.com | tcp |
| US | 104.18.25.173:443 | s.tribalfusion.com | udp |
| NL | 104.98.130.104:443 | secure-assets.rubiconproject.com | tcp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| US | 8.2.111.13:443 | cs.iqzone.com | tcp |
| NL | 185.94.180.125:443 | sync.search.spotxchange.com | tcp |
| JP | 13.112.54.241:443 | usersync.gumgum.com | tcp |
| JP | 13.112.54.241:443 | usersync.gumgum.com | tcp |
| JP | 13.112.54.241:443 | usersync.gumgum.com | tcp |
| NL | 213.19.162.90:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | cs.yellowblue.io | udp |
| US | 8.8.8.8:53 | tg.socdm.com | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| NL | 104.98.130.104:443 | secure-assets.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| JP | 202.241.208.55:443 | tg.socdm.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| GB | 185.64.190.79:443 | image8.pubmatic.com | tcp |
| IE | 52.215.241.149:443 | cs.yellowblue.io | tcp |
| US | 8.2.111.13:443 | cs.iqzone.com | tcp |
| JP | 13.112.54.241:443 | usersync.gumgum.com | tcp |
| US | 8.8.8.8:53 | d.turn.com | udp |
| NL | 46.228.164.13:443 | d.turn.com | tcp |
| JP | 13.112.54.241:443 | usersync.gumgum.com | tcp |
| JP | 13.112.54.241:443 | usersync.gumgum.com | tcp |
| JP | 202.241.208.55:443 | tg.socdm.com | tcp |
| IE | 67.220.226.232:443 | aax-eu.amazon-adsystem.com | tcp |
| IE | 52.215.241.149:443 | cs.yellowblue.io | tcp |
| NL | 185.89.210.153:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | 37.129.28.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.204.127.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.27.148.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.11.21.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.224.20.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.142.31.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.235.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.112.223.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.138.86.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.221.255.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.162.172.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.130.122.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.47.18.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.52.51.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.250.227.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.93.138.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.22.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.130.98.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.57.245.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.180.94.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.241.215.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.54.112.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.164.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.208.241.202.in-addr.arpa | udp |
| NL | 104.126.125.209:443 | eus.rubiconproject.com | tcp |
| NL | 104.126.125.209:443 | eus.rubiconproject.com | tcp |
| SG | 54.251.140.206:443 | ps.eyeota.net | tcp |
| SG | 54.251.140.206:443 | ps.eyeota.net | tcp |
| US | 8.8.8.8:53 | dis.eu.criteo.com | udp |
| FR | 178.250.7.11:443 | dis.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | pixel.tapad.com | udp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| US | 34.111.113.62:443 | pixel.tapad.com | udp |
| NL | 216.52.2.16:443 | ap.lijit.com | tcp |
| NL | 216.52.2.16:443 | ap.lijit.com | tcp |
| US | 69.166.1.10:443 | sync.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | 62.113.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pixel-eu.onaudience.com | udp |
| FR | 141.94.171.214:443 | pixel-eu.onaudience.com | tcp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| US | 199.127.204.142:443 | sync.1rx.io | tcp |
| NL | 35.214.235.85:443 | csync.loopme.me | tcp |
| CA | 185.80.39.216:443 | dsum.casalemedia.com | tcp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| FR | 185.86.138.153:443 | ssbsync-global.smartadserver.com | tcp |
| US | 35.190.60.146:443 | id.rlcdn.com | tcp |
| NL | 213.19.162.90:443 | pixel.rubiconproject.com | tcp |
| NL | 185.89.210.153:443 | ib.adnxs.com | tcp |
| FR | 185.86.138.153:443 | ssbsync-global.smartadserver.com | tcp |
| US | 8.8.8.8:53 | image4.pubmatic.com | udp |
| US | 8.43.72.97:443 | pixel-us-east.rubiconproject.com | tcp |
| US | 8.43.72.97:443 | pixel-us-east.rubiconproject.com | tcp |
| NL | 198.47.127.20:443 | image4.pubmatic.com | tcp |
| US | 35.190.60.146:443 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | simage2.pubmatic.com | udp |
| NL | 198.47.127.205:443 | simage2.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 214.171.94.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.60.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.72.43.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cr.frontend.weborama.fr | udp |
| US | 8.8.8.8:53 | a.audrte.com | udp |
| US | 54.84.97.211:443 | a.audrte.com | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | tcp |
| US | 8.8.8.8:53 | sync.targeting.unrulymedia.com | udp |
| US | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| DE | 85.114.159.118:443 | dsp.adfarm1.adition.com | tcp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| FR | 185.86.138.152:443 | rtb-csync.smartadserver.com | tcp |
| FR | 185.86.138.152:443 | rtb-csync.smartadserver.com | tcp |
| FR | 185.86.138.152:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | casale-match.dotomi.com | udp |
| CA | 185.80.39.216:443 | dsum.casalemedia.com | tcp |
| FR | 185.86.138.152:443 | rtb-csync.smartadserver.com | tcp |
| CA | 185.80.39.216:443 | dsum.casalemedia.com | tcp |
| CA | 185.80.39.216:443 | dsum.casalemedia.com | tcp |
| NL | 64.158.223.137:443 | casale-match.dotomi.com | tcp |
| US | 8.8.8.8:53 | a.sportradarserving.com | udp |
| US | 35.211.233.246:443 | a.sportradarserving.com | tcp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| US | 8.8.8.8:53 | 205.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.129.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.97.84.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.138.86.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.223.158.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.233.211.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uipglob.semasio.net | udp |
| DK | 77.243.51.122:443 | uipglob.semasio.net | tcp |
| US | 8.8.8.8:53 | trc.taboola.com | udp |
| US | 8.8.8.8:53 | dmp.adform.net | udp |
| US | 8.8.8.8:53 | cm.mgid.com | udp |
| US | 151.101.1.44:443 | trc.taboola.com | tcp |
| DK | 37.157.6.241:443 | dmp.adform.net | tcp |
| US | 104.19.135.78:443 | cm.mgid.com | tcp |
| US | 50.31.142.159:443 | b1sync.zemanta.com | tcp |
| US | 50.31.142.255:443 | sync.outbrain.com | tcp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| US | 104.19.135.78:443 | cm.mgid.com | udp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | udp |
| US | 8.8.8.8:53 | 122.51.243.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.135.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.6.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mwzeom.zeotap.com | udp |
| US | 8.8.8.8:53 | pixel.onaudience.com | udp |
| US | 8.8.8.8:53 | pubmatic-match.dotomi.com | udp |
| US | 8.8.8.8:53 | simage4.pubmatic.com | udp |
| FR | 141.94.171.212:443 | pixel.onaudience.com | tcp |
| US | 104.22.24.87:443 | mwzeom.zeotap.com | tcp |
| US | 104.36.113.111:443 | simage4.pubmatic.com | tcp |
| SE | 213.155.156.185:443 | d5p.de17a.com | tcp |
| US | 8.8.8.8:53 | i.w55c.net | udp |
| DE | 35.157.118.240:443 | i.w55c.net | tcp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 34.111.234.236:443 | ml314.com | tcp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| NL | 98.98.134.241:443 | pixel-sync.sitescout.com | tcp |
| NL | 188.166.17.21:443 | match.adsby.bidtheatre.com | tcp |
| US | 35.211.233.246:443 | a.sportradarserving.com | udp |
| NL | 77.245.57.72:443 | sync.adkernel.com | tcp |
| US | 8.8.8.8:53 | aa.agkn.com | udp |
| US | 8.8.8.8:53 | ads.avocet.io | udp |
| DE | 18.194.199.66:443 | aa.agkn.com | tcp |
| IE | 3.252.158.15:443 | ads.avocet.io | tcp |
| US | 8.8.8.8:53 | ads.playground.xyz | udp |
| US | 34.102.253.54:443 | ads.playground.xyz | tcp |
| US | 8.8.8.8:53 | d.agkn.com | udp |
| DE | 52.57.1.132:443 | d.agkn.com | tcp |
| US | 8.8.8.8:53 | 87.24.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.171.94.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.118.157.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.234.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.113.36.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.134.98.98.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.199.194.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.158.252.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ads.avct.cloud | udp |
| DE | 37.252.173.215:443 | secure.adnxs.com | tcp |
| IE | 46.137.186.228:443 | ads.avct.cloud | tcp |
| CA | 185.80.39.216:443 | dsum.casalemedia.com | tcp |
| US | 8.8.8.8:53 | odr.mookie1.com | udp |
| US | 35.190.90.30:443 | odr.mookie1.com | tcp |
| US | 50.31.142.255:443 | sync.outbrain.com | tcp |
| US | 8.8.8.8:53 | us.shb-sync.com | udp |
| US | 8.2.110.33:443 | us.shb-sync.com | tcp |
| US | 8.8.8.8:53 | secure.insightexpressai.com | udp |
| FR | 23.39.250.129:443 | secure.insightexpressai.com | tcp |
| US | 8.8.8.8:53 | ads.creative-serving.com | udp |
| US | 8.8.8.8:53 | uipus.semasio.net | udp |
| US | 50.57.31.206:443 | uipus.semasio.net | tcp |
| US | 3.234.11.15:443 | ads.creative-serving.com | tcp |
| US | 50.57.31.206:443 | uipus.semasio.net | tcp |
| US | 8.8.8.8:53 | api.retargetly.com | udp |
| US | 104.22.17.141:443 | api.retargetly.com | tcp |
| US | 8.8.8.8:53 | 54.253.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.1.57.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.186.137.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.110.2.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.90.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.250.39.23.in-addr.arpa | udp |
| FR | 141.94.171.212:443 | pixel.onaudience.com | tcp |
| US | 54.84.97.211:443 | a.audrte.com | tcp |
| US | 8.8.8.8:53 | cm.adgrx.com | udp |
| NL | 63.251.232.165:443 | cm.adgrx.com | tcp |
| NL | 35.214.235.85:443 | csync.loopme.me | tcp |
| US | 8.8.8.8:53 | cm-supply-web.gammaplatform.com | udp |
| US | 8.8.8.8:53 | ipac.ctnsnet.com | udp |
| US | 8.8.8.8:53 | core.iprom.net | udp |
| SG | 52.220.229.2:443 | cm-supply-web.gammaplatform.com | tcp |
| SI | 195.5.165.20:443 | core.iprom.net | tcp |
| US | 8.8.8.8:53 | 206.31.57.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.11.234.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.17.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.232.251.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ad.mrtnsvr.com | udp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| FR | 141.95.172.216:443 | green.erne.co | tcp |
| FR | 141.94.171.214:443 | pixel.onaudience.com | tcp |
| US | 50.31.142.255:443 | sync.outbrain.com | tcp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 8.8.8.8:53 | 20.165.5.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.229.220.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.163.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | matching.truffle.bid | udp |
| DE | 157.90.40.26:443 | matching.truffle.bid | tcp |
| US | 8.8.8.8:53 | check.analytics.rlcdn.com | udp |
| US | 188.114.96.0:443 | cm.rtbsystem.com | tcp |
| NL | 13.227.219.68:443 | check.analytics.rlcdn.com | tcp |
| US | 8.8.8.8:53 | eyeota-match.dotomi.com | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | ws.rqtrk.eu | udp |
| NL | 89.207.16.204:443 | eyeota-match.dotomi.com | tcp |
| DE | 141.95.32.69:443 | ws.rqtrk.eu | tcp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.40.90.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pippio.com | udp |
| US | 107.178.254.65:443 | pippio.com | tcp |
| US | 107.178.254.65:443 | pippio.com | udp |
| FR | 141.94.171.212:443 | pixel.onaudience.com | tcp |
| US | 8.8.8.8:53 | tags.rd.linksynergy.com | udp |
| US | 34.98.67.3:443 | tags.rd.linksynergy.com | tcp |
| US | 8.8.8.8:53 | prebid-server.rubiconproject.com | udp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| US | 8.8.8.8:53 | hb.minutemedia-prebid.com | udp |
| DE | 3.70.80.231:443 | btlr.sharethrough.com | tcp |
| US | 8.8.8.8:53 | search.spotxchange.com | udp |
| IE | 34.251.83.76:443 | hb.minutemedia-prebid.com | tcp |
| NL | 185.94.180.123:443 | search.spotxchange.com | tcp |
| US | 8.8.8.8:53 | 204.16.207.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.32.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.254.178.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.67.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.180.94.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.83.251.34.in-addr.arpa | udp |
| US | 3.227.250.254:443 | kinesis.us-east-1.amazonaws.com | tcp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| NL | 142.250.179.170:443 | imasdk.googleapis.com | tcp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | 170.179.250.142.in-addr.arpa | udp |
| NL | 142.250.179.170:443 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| NL | 185.94.180.123:443 | search.spotxchange.com | tcp |
| US | 8.8.8.8:53 | 8.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tags.bluekai.com | udp |
| US | 8.8.8.8:53 | thrtle.com | udp |
| US | 8.8.8.8:53 | aorta.clickagy.com | udp |
| US | 3.226.27.231:443 | thrtle.com | tcp |
| US | 3.231.177.242:443 | aorta.clickagy.com | tcp |
| NL | 98.98.134.241:443 | pixel-sync.sitescout.com | tcp |
| US | 8.8.8.8:53 | 231.27.226.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.177.231.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sync.sharethis.com | udp |
| US | 8.8.8.8:53 | i.liadm.com | udp |
| US | 18.208.118.220:443 | i.liadm.com | tcp |
| DE | 52.29.195.46:443 | sync.sharethis.com | tcp |
| US | 8.8.8.8:53 | tracking.emerse.com | udp |
| US | 8.8.8.8:53 | partner.mediawallahscript.com | udp |
| BE | 35.195.81.176:443 | tracking.emerse.com | tcp |
| US | 52.72.67.12:443 | partner.mediawallahscript.com | tcp |
| US | 8.8.8.8:53 | i6.liadm.com | udp |
| US | 8.8.8.8:53 | 220.118.208.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.195.29.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.81.195.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.67.72.52.in-addr.arpa | udp |
| US | 75.101.202.140:443 | i6.liadm.com | tcp |
| US | 8.2.111.13:443 | cs.iqzone.com | tcp |
| US | 8.8.8.8:53 | 140.202.101.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.111.2.8.in-addr.arpa | udp |
| US | 104.194.11.17:443 | images.gamebanana.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn3.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| NL | 142.251.39.110:443 | encrypted-tbn2.gstatic.com | tcp |
| NL | 142.251.39.110:443 | encrypted-tbn2.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.251.36.46:443 | encrypted-tbn1.gstatic.com | tcp |
| NL | 142.251.36.46:443 | encrypted-tbn1.gstatic.com | tcp |
| NL | 142.251.36.46:443 | encrypted-tbn1.gstatic.com | tcp |
| NL | 142.251.36.46:443 | encrypted-tbn1.gstatic.com | tcp |
| NL | 142.251.36.46:443 | encrypted-tbn1.gstatic.com | tcp |
| NL | 142.251.36.46:443 | encrypted-tbn1.gstatic.com | tcp |
| US | 8.8.8.8:53 | www.minecraft.net | udp |
| US | 2.18.121.75:443 | www.minecraft.net | tcp |
| US | 2.18.121.75:443 | www.minecraft.net | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | cdnssl.clicktale.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 110.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.67:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| NL | 52.222.139.83:443 | cdnssl.clicktale.net | tcp |
| US | 13.107.246.67:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | microsoftmscompoc.tt.omtrdc.net | udp |
| NL | 173.223.113.131:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | target.microsoft.com | udp |
| US | 13.107.246.68:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | assets.adobedtm.com | udp |
| US | 8.8.8.8:53 | gamingassetstorage.blob.core.windows.net | udp |
| GB | 96.16.109.56:443 | assets.adobedtm.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 20.60.178.228:443 | gamingassetstorage.blob.core.windows.net | tcp |
| NL | 157.240.201.15:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| CH | 2.20.220.95:443 | s.go-mpulse.net | tcp |
| NL | 185.89.210.153:443 | ib.adnxs.com | tcp |
| NL | 213.19.162.21:443 | fastlane.rubiconproject.com | tcp |
| US | 69.166.1.8:443 | apex.go.sonobi.com | tcp |
| DE | 3.70.80.231:443 | btlr.sharethrough.com | tcp |
| US | 8.8.8.8:53 | 67.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.109.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.201.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.178.60.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.220.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mscom.demdex.net | udp |
| US | 8.8.8.8:53 | msftenterprise.sc.omtrdc.net | udp |
| US | 8.8.8.8:53 | cm.everesttech.net | udp |
| IE | 52.49.74.91:443 | mscom.demdex.net | tcp |
| IE | 52.214.231.213:443 | cm.everesttech.net | tcp |
| US | 66.235.152.107:443 | target.microsoft.com | tcp |
| US | 63.140.62.135:443 | msftenterprise.sc.omtrdc.net | tcp |
| US | 8.8.8.8:53 | tr.snapchat.com | udp |
| US | 35.190.43.134:443 | tr.snapchat.com | tcp |
| US | 35.190.43.134:443 | tr.snapchat.com | tcp |
| NL | 157.240.201.15:443 | connect.facebook.net | udp |
| US | 35.190.43.134:443 | tr.snapchat.com | udp |
| US | 8.8.8.8:53 | 91.74.49.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.231.214.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.62.140.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.152.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.43.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| NL | 173.223.112.132:443 | c.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | w.clarity.ms | udp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| US | 23.96.124.156:443 | w.clarity.ms | tcp |
| HK | 20.205.115.81:443 | c1.microsoft.com | tcp |
| US | 8.8.8.8:53 | 0217991b.akstat.io | udp |
| NL | 173.223.112.132:443 | 0217991b.akstat.io | tcp |
| US | 8.8.8.8:53 | trial-eum-clientnsv4-s.akamaihd.net | udp |
| US | 8.8.8.8:53 | trial-eum-clienttons-s.akamaihd.net | udp |
| US | 2.18.121.78:443 | trial-eum-clientnsv4-s.akamaihd.net | tcp |
| US | 2.18.121.134:443 | trial-eum-clienttons-s.akamaihd.net | tcp |
| US | 8.8.8.8:53 | rtd.tubemogul.com | udp |
| US | 151.101.2.49:443 | rtd.tubemogul.com | tcp |
| US | 8.8.8.8:53 | ti6uodiccj4u4zelbklq-p2auj6-494162877-clientnsv4-s.akamaihd.net | udp |
| US | 8.8.8.8:53 | 154-61-71-13_s-2-18-121-134_ts-1686833815-clienttons-s.akamaihd.net | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | rtd-tm.everesttech.net | udp |
| US | 8.8.8.8:53 | idpix.media6degrees.com | udp |
| US | 104.208.16.90:443 | browser.events.data.microsoft.com | tcp |
| US | 2.18.121.77:443 | ti6uodiccj4u4zelbklq-p2auj6-494162877-clientnsv4-s.akamaihd.net | tcp |
| US | 2.18.121.134:443 | 154-61-71-13_s-2-18-121-134_ts-1686833815-clienttons-s.akamaihd.net | tcp |
| US | 104.18.22.234:443 | idpix.media6degrees.com | tcp |
| US | 8.8.8.8:53 | analytics.twitter.com | udp |
| US | 104.244.42.131:443 | analytics.twitter.com | tcp |
| US | 8.8.8.8:53 | 132.112.223.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.124.96.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.115.205.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.22.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.16.208.104.in-addr.arpa | udp |
| US | 104.208.16.90:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | servedby.flashtalking.com | udp |
| DE | 184.24.18.42:443 | servedby.flashtalking.com | tcp |
| US | 8.8.8.8:53 | px.owneriq.net | udp |
| FR | 23.217.250.62:443 | px.owneriq.net | tcp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| FR | 23.217.250.62:443 | px.owneriq.net | tcp |
| IE | 52.209.97.79:443 | jadserve.postrelease.com | tcp |
| US | 8.8.8.8:53 | ds.reson8.com | udp |
| US | 104.18.8.110:443 | ds.reson8.com | tcp |
| US | 8.8.8.8:53 | 131.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.18.24.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.250.217.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.97.209.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 192.132.33.46:443 | bttrack.com | tcp |
| US | 8.8.8.8:53 | dmpsync.3lift.com | udp |
| US | 35.71.178.8:443 | dmpsync.3lift.com | tcp |
| US | 8.8.8.8:53 | rtb.adentifi.com | udp |
| US | 34.192.101.54:443 | rtb.adentifi.com | tcp |
| CA | 185.80.39.216:443 | dsum.casalemedia.com | tcp |
| US | 8.8.8.8:53 | 110.8.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.178.71.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.33.132.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.101.192.34.in-addr.arpa | udp |
| NL | 157.240.247.35:443 | www.facebook.com | udp |
| US | 52.20.224.27:443 | sync.srv.stackadapt.com | tcp |
| US | 104.208.16.90:443 | browser.events.data.microsoft.com | tcp |
| US | 104.208.16.90:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | ti6uodiccj4uwzelbknq-f-f249bd2f8-clientnsv4-s.akamaihd.net | udp |
| US | 104.208.16.90:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | ti6uodiccj4uwzelbkpq-f-c9cf5568b-clientnsv4-s.akamaihd.net | udp |
| US | 8.8.8.8:53 | xbox.com | udp |
| US | 20.112.52.29:443 | xbox.com | tcp |
| JP | 13.112.54.241:443 | usersync.gumgum.com | tcp |
| JP | 13.112.54.241:443 | usersync.gumgum.com | tcp |
| US | 8.8.8.8:53 | www.xbox.com | udp |
| NL | 173.223.112.50:80 | www.xbox.com | tcp |
| NL | 173.223.112.50:443 | www.xbox.com | tcp |
| US | 8.8.8.8:53 | ajax.aspnetcdn.com | udp |
| US | 8.8.8.8:53 | assets-www.xbox.com | udp |
| US | 8.8.8.8:53 | 29.52.112.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.112.223.173.in-addr.arpa | udp |
| US | 152.199.19.160:443 | ajax.aspnetcdn.com | tcp |
| NL | 173.223.112.50:443 | assets-www.xbox.com | tcp |
| NL | 173.223.112.50:443 | assets-www.xbox.com | tcp |
| NL | 173.223.112.50:443 | assets-www.xbox.com | tcp |
| NL | 173.223.112.50:443 | assets-www.xbox.com | tcp |
| NL | 173.223.112.50:443 | assets-www.xbox.com | tcp |
| NL | 173.223.112.50:443 | assets-www.xbox.com | tcp |
| NL | 173.223.112.50:443 | assets-www.xbox.com | tcp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 13.107.246.48:443 | mem.gfx.ms | tcp |
| US | 13.107.246.68:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | 160.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.113.223.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | o741402.ingest.sentry.io | udp |
| US | 34.120.195.249:443 | o741402.ingest.sentry.io | tcp |
| NL | 173.223.112.50:443 | assets-www.xbox.com | tcp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| IN | 172.217.167.163:443 | beacons2.gvt2.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 20.190.160.22:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| NL | 20.190.160.22:443 | login.microsoftonline.com | tcp |
| US | 104.208.16.90:443 | browser.events.data.microsoft.com | tcp |
| IN | 172.217.167.163:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 163.167.217.172.in-addr.arpa | udp |
| US | 104.208.16.90:443 | browser.events.data.microsoft.com | tcp |
| US | 13.107.246.48:443 | mem.gfx.ms | tcp |
| US | 8.8.8.8:53 | emerald.xboxservices.com | udp |
| US | 8.8.8.8:53 | 142.145.190.20.in-addr.arpa | udp |
| US | 13.107.246.68:443 | emerald.xboxservices.com | tcp |
| US | 13.107.246.68:443 | emerald.xboxservices.com | tcp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| US | 152.195.19.97:443 | acctcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | acctcdnmsftuswe2.azureedge.net | udp |
| US | 13.107.246.68:443 | acctcdnmsftuswe2.azureedge.net | tcp |
| US | 8.8.8.8:53 | acctcdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | lgincdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | lgincdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 8.8.8.8:53 | 185.221.229.192.in-addr.arpa | udp |
| US | 104.208.16.90:443 | browser.events.data.microsoft.com | tcp |
| US | 104.208.16.90:443 | browser.events.data.microsoft.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 192.178.48.227:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 97.19.195.152.in-addr.arpa | udp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| NL | 142.250.179.142:443 | google.com | udp |
| FI | 35.217.17.196:443 | e2c39.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 196.17.217.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dc.services.visualstudio.com | udp |
| NL | 13.69.106.215:443 | dc.services.visualstudio.com | tcp |
| US | 192.178.49.195:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | 215.106.69.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.71:80 | www.msftncsi.com | tcp |
| NL | 216.58.214.22:443 | i.ytimg.com | udp |
| NL | 142.251.36.14:443 | encrypted-tbn0.gstatic.com | udp |
| NL | 142.251.36.34:443 | googleads.g.doubleclick.net | udp |
| NL | 142.251.36.6:443 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | 196.17.217.35.in-addr.arpa | udp |
| US | 66.235.152.107:443 | target.microsoft.com | tcp |
| US | 8.8.8.8:53 | ti6uodiccj4uwzelblaq-f-fb5166434-clientnsv4-s.akamaihd.net | udp |
| US | 23.96.124.156:443 | w.clarity.ms | tcp |
| NL | 173.223.112.132:443 | 0217991b.akstat.io | tcp |
| US | 104.208.16.90:443 | browser.events.data.microsoft.com | tcp |
| NL | 23.38.22.250:443 | aka.ms | tcp |
| NL | 23.38.22.250:443 | aka.ms | tcp |
| US | 8.8.8.8:53 | launcher.mojang.com | udp |
| US | 13.107.246.48:443 | launcher.mojang.com | tcp |
| US | 8.8.8.8:53 | 250.22.38.23.in-addr.arpa | udp |
| US | 2.18.121.71:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | b7b52.playfabapi.com | udp |
| US | 20.42.151.134:443 | b7b52.playfabapi.com | tcp |
| US | 8.8.8.8:53 | 134.151.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | w.clarity.ms | udp |
| US | 23.96.124.156:443 | w.clarity.ms | tcp |
| US | 192.178.48.227:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.71:80 | www.msftncsi.com | tcp |
| US | 20.42.151.134:443 | b7b52.playfabapi.com | tcp |
| US | 8.8.8.8:53 | 84.150.43.20.in-addr.arpa | udp |
| IN | 172.217.167.163:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.220.44.20.in-addr.arpa | udp |
| US | 2.18.121.71:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 192.178.48.227:443 | beacons.gcp.gvt2.com | udp |
| NL | 142.250.179.142:443 | google.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 126.137.241.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.71:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | w.clarity.ms | udp |
| US | 23.96.124.156:443 | w.clarity.ms | tcp |
| US | 192.178.48.227:443 | beacons.gcp.gvt2.com | udp |
| FI | 35.217.17.196:443 | e2c39.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| IN | 172.217.167.163:443 | beacons2.gvt2.com | udp |
| GB | 216.58.208.99:443 | beacons3.gvt2.com | tcp |
| NL | 142.251.36.46:443 | clients2.google.com | udp |
| US | 192.178.49.195:443 | beacons.gvt2.com | udp |
| GB | 216.58.208.99:443 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c24.gcp.gvt2.com | udp |
| US | 35.185.21.228:443 | e2c24.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 99.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.21.185.35.in-addr.arpa | udp |
| US | 23.96.124.156:443 | w.clarity.ms | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 216.58.214.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | feathermc.com | udp |
| US | 104.26.10.70:443 | feathermc.com | tcp |
| US | 104.26.10.70:443 | feathermc.com | tcp |
| US | 2.18.121.71:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | fonts.bunny.net | udp |
| SI | 103.180.115.2:443 | fonts.bunny.net | tcp |
| US | 104.26.10.70:443 | feathermc.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | images.feathercdn.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | udp |
| US | 188.114.96.0:443 | images.feathercdn.net | tcp |
| US | 188.114.96.0:443 | images.feathercdn.net | tcp |
| US | 188.114.96.0:443 | images.feathercdn.net | tcp |
| US | 188.114.96.0:443 | images.feathercdn.net | tcp |
| US | 188.114.96.0:443 | images.feathercdn.net | tcp |
| SI | 103.180.115.2:443 | fonts.bunny.net | tcp |
| US | 8.8.8.8:53 | 70.10.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.115.180.103.in-addr.arpa | udp |
| SI | 103.180.115.2:443 | fonts.bunny.net | tcp |
| SI | 103.180.115.2:443 | fonts.bunny.net | tcp |
| US | 104.26.10.70:443 | feathermc.com | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.104.123.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | launcher.feathercdn.net | udp |
| US | 192.178.48.227:443 | beacons.gcp.gvt2.com | udp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| US | 192.178.49.195:443 | beacons.gvt2.com | udp |
| GB | 216.58.208.99:443 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | w.clarity.ms | udp |
| US | 23.96.124.156:443 | w.clarity.ms | tcp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | electron-launcher.feathermc.com | udp |
| US | 104.26.11.70:443 | electron-launcher.feathermc.com | tcp |
| US | 104.26.11.70:443 | electron-launcher.feathermc.com | udp |
| US | 188.114.96.0:443 | launcher.feathercdn.net | tcp |
| US | 8.8.8.8:53 | 70.11.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | news-content-api.feathermc.com | udp |
| US | 8.8.8.8:53 | play.pvplegacy.net | udp |
| US | 8.8.8.8:53 | mc.roleplayhub.net | udp |
| IN | 103.180.115.9:443 | news-content-api.feathermc.com | tcp |
| US | 8.8.8.8:53 | play.jackpotmc.com | udp |
| US | 8.8.8.8:53 | feather.zedarmc.com | udp |
| US | 135.148.38.22:25565 | mc.roleplayhub.net | tcp |
| US | 31.25.11.61:25565 | play.pvplegacy.net | tcp |
| US | 31.25.11.35:25565 | play.jackpotmc.com | tcp |
| US | 104.143.3.74:25565 | feather.zedarmc.com | tcp |
| US | 8.8.8.8:53 | news.feathermc.com | udp |
| US | 8.8.8.8:53 | 61.11.25.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.11.25.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.38.148.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.115.180.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.3.143.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.71:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | lgincdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 8.8.8.8:53 | acctcdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | signup.live.com | udp |
| US | 2.18.121.71:80 | www.msftncsi.com | tcp |
| US | 20.42.151.134:443 | b7b52.playfabapi.com | tcp |
| US | 20.42.151.134:443 | b7b52.playfabapi.com | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.189.173.13:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 13.173.189.20.in-addr.arpa | udp |
| US | 20.189.173.13:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | labs.google.com | udp |
| NL | 142.250.179.206:443 | labs.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| US | 23.96.124.156:443 | w.clarity.ms | tcp |
| US | 20.189.173.13:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | user.auth.xboxlive.com | udp |
| IE | 137.116.225.129:443 | user.auth.xboxlive.com | tcp |
| US | 8.8.8.8:53 | xsts.auth.xboxlive.com | udp |
| US | 52.156.147.113:443 | xsts.auth.xboxlive.com | tcp |
| US | 8.8.8.8:53 | 129.225.116.137.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.minecraftservices.com | udp |
| US | 13.107.246.48:443 | api.minecraftservices.com | tcp |
| US | 8.8.8.8:53 | api.feathermc.com | udp |
| US | 104.26.10.70:443 | api.feathermc.com | tcp |
| US | 8.8.8.8:53 | sessionserver.mojang.com | udp |
| US | 13.107.246.48:443 | sessionserver.mojang.com | tcp |
| US | 8.8.8.8:53 | 113.147.156.52.in-addr.arpa | udp |
| US | 104.26.10.70:443 | api.feathermc.com | udp |
| US | 104.26.11.70:443 | api.feathermc.com | tcp |
| US | 8.8.8.8:53 | crafatar.com | udp |
| US | 188.114.96.0:443 | crafatar.com | tcp |
| US | 188.114.96.0:443 | crafatar.com | tcp |
| US | 8.8.8.8:53 | textures.minecraft.net | udp |
| US | 8.8.8.8:53 | play.pvplegacy.net | udp |
| US | 31.25.11.12:25565 | play.pvplegacy.net | tcp |
| US | 135.148.38.22:25565 | mc.roleplayhub.net | tcp |
| US | 31.25.11.35:25565 | play.jackpotmc.com | tcp |
| US | 104.143.3.74:25565 | feather.zedarmc.com | tcp |
| US | 8.8.8.8:53 | 12.11.25.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | px.moatads.com | udp |
| GB | 96.16.109.251:443 | px.moatads.com | tcp |
| US | 8.8.8.8:53 | csm.sg1.as.criteo.net | udp |
| SG | 182.161.73.142:443 | csm.sg1.as.criteo.net | tcp |
| SG | 182.161.73.142:443 | csm.sg1.as.criteo.net | tcp |
| US | 8.8.8.8:53 | 142.73.161.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.71:80 | www.msftncsi.com | tcp |
| NL | 142.250.179.206:443 | labs.google.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 2.18.121.71:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | w.clarity.ms | udp |
| US | 23.96.124.156:443 | w.clarity.ms | tcp |
| US | 104.26.11.70:443 | api.feathermc.com | udp |
| US | 8.8.8.8:53 | play.pvplegacy.net | udp |
| US | 8.8.8.8:53 | play.jackpotmc.com | udp |
| US | 135.148.38.22:25565 | mc.roleplayhub.net | tcp |
| US | 31.25.11.93:25565 | play.pvplegacy.net | tcp |
| US | 104.143.3.74:25565 | feather.zedarmc.com | tcp |
| US | 31.25.11.35:25565 | play.jackpotmc.com | tcp |
| US | 8.8.8.8:53 | 93.11.25.31.in-addr.arpa | udp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | www.minecraft.net | udp |
| US | 2.18.121.75:443 | www.minecraft.net | tcp |
| US | 2.18.121.75:443 | www.minecraft.net | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 0217991b.akstat.io | udp |
| NL | 173.223.112.132:443 | 0217991b.akstat.io | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.71:80 | www.msftncsi.com | tcp |
| US | 2.18.121.71:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| NL | 23.206.105.140:443 | c.go-mpulse.net | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 140.105.206.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | w.clarity.ms | udp |
| US | 23.96.124.156:443 | w.clarity.ms | tcp |
| US | 8.8.8.8:53 | play.pvplegacy.net | udp |
| US | 135.148.38.22:25565 | mc.roleplayhub.net | tcp |
| US | 31.25.11.35:25565 | play.jackpotmc.com | tcp |
| US | 104.143.3.74:25565 | feather.zedarmc.com | tcp |
| US | 31.25.11.44:25565 | play.pvplegacy.net | tcp |
| US | 8.8.8.8:53 | 44.11.25.31.in-addr.arpa | udp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 142.250.179.202:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | 174.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 128.116.117.3:443 | www.roblox.com | tcp |
| US | 128.116.117.3:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| DE | 172.217.23.195:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 130.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.117.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 205.185.216.42:443 | static.rbxcdn.com | tcp |
| US | 205.185.216.42:443 | static.rbxcdn.com | tcp |
| US | 205.185.216.42:443 | static.rbxcdn.com | tcp |
| US | 205.185.216.42:443 | static.rbxcdn.com | tcp |
| US | 205.185.216.42:443 | static.rbxcdn.com | tcp |
| US | 205.185.216.42:443 | static.rbxcdn.com | tcp |
| US | 205.185.216.42:443 | static.rbxcdn.com | tcp |
| US | 2.18.121.136:443 | js.rbxcdn.com | tcp |
| US | 2.18.121.136:443 | js.rbxcdn.com | tcp |
| US | 2.18.121.136:443 | js.rbxcdn.com | tcp |
| US | 2.18.121.136:443 | js.rbxcdn.com | tcp |
| US | 2.18.121.136:443 | js.rbxcdn.com | tcp |
| US | 2.18.121.136:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 128.116.114.3:443 | roblox.com | tcp |
| US | 104.18.42.229:443 | roblox-api.arkoselabs.com | tcp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 128.116.117.4:443 | metrics.roblox.com | tcp |
| US | 8.8.8.8:53 | 195.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.216.185.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.42.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.114.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.117.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| US | 2.18.121.72:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| US | 205.185.216.42:443 | images.rbxcdn.com | tcp |
| US | 128.116.117.4:443 | apis.roblox.com | tcp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 128.116.117.4:443 | auth.roblox.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | 72.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| NL | 142.250.179.136:443 | ssl.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 136.179.250.142.in-addr.arpa | udp |
| NL | 142.250.179.206:443 | labs.google.com | udp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| US | 128.116.117.3:443 | ncs.roblox.com | tcp |
| US | 128.116.117.3:443 | ncs.roblox.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | assetgame.roblox.com | udp |
| US | 8.8.8.8:53 | twostepverification.roblox.com | udp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | play.pvplegacy.net | udp |
| US | 8.8.8.8:53 | play.jackpotmc.com | udp |
| US | 135.148.38.22:25565 | mc.roleplayhub.net | tcp |
| US | 31.25.11.35:25565 | play.jackpotmc.com | tcp |
| US | 104.143.3.74:25565 | feather.zedarmc.com | tcp |
| US | 31.25.11.125:25565 | play.pvplegacy.net | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.71:80 | www.msftncsi.com | tcp |
| US | 2.18.121.71:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | w.clarity.ms | udp |
| US | 23.96.124.156:443 | w.clarity.ms | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 2.18.121.78:443 | static.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| US | 8.8.8.8:53 | 102.175.234.205.in-addr.arpa | udp |
| US | 2.18.121.68:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | realtime-signalr.roblox.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | lms.roblox.com | udp |
| NL | 216.58.214.10:443 | content-autofill.googleapis.com | udp |
| US | 2.18.121.73:443 | tr.rbxcdn.com | tcp |
| US | 2.18.121.73:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | chat.roblox.com | udp |
| US | 8.8.8.8:53 | contacts.roblox.com | udp |
| US | 8.8.8.8:53 | notifications.roblox.com | udp |
| US | 8.8.8.8:53 | economy.roblox.com | udp |
| US | 8.8.8.8:53 | privatemessages.roblox.com | udp |
| US | 8.8.8.8:53 | friends.roblox.com | udp |
| US | 8.8.8.8:53 | accountsettings.roblox.com | udp |
| US | 8.8.8.8:53 | trades.roblox.com | udp |
| US | 8.8.8.8:53 | cs.ns1p.net | udp |
| US | 3.136.187.136:443 | cs.ns1p.net | tcp |
| US | 8.8.8.8:53 | aws-ap-northeast-1d-lms.rbx.com | udp |
| US | 8.8.8.8:53 | hkg1-128-116-118-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-ap-east-1a-lms.rbx.com | udp |
| US | 8.8.8.8:53 | lhr2-128-116-119-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-us-west-2b-lms.rbx.com | udp |
| US | 8.8.8.8:53 | bom1-128-116-104-4.roblox.com | udp |
| JP | 3.113.62.146:443 | aws-ap-northeast-1d-lms.rbx.com | tcp |
| HK | 128.116.118.3:443 | hkg1-128-116-118-3.roblox.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| HK | 18.166.232.45:443 | aws-ap-east-1a-lms.rbx.com | tcp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| US | 44.235.44.172:443 | aws-us-west-2b-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | 68.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | presence.roblox.com | udp |
| JP | 3.113.62.146:443 | aws-ap-northeast-1d-lms.rbx.com | tcp |
| HK | 128.116.118.3:443 | hkg1-128-116-118-3.roblox.com | tcp |
| US | 8.8.8.8:53 | s.ns1p.net | udp |
| US | 3.136.187.136:443 | s.ns1p.net | tcp |
| US | 8.8.8.8:53 | 3.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.187.136.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.104.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.232.166.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.118.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.62.113.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rblxcdn.roblox.com | udp |
| US | 8.8.8.8:53 | sjc1-128-116-117-3.roblox.com | udp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | b.ns1p.net | udp |
| US | 8.8.8.8:53 | play.pvplegacy.net | udp |
| US | 8.8.8.8:53 | feather.zedarmc.com | udp |
| US | 135.148.38.22:25565 | mc.roleplayhub.net | tcp |
| US | 31.25.11.35:25565 | play.jackpotmc.com | tcp |
| US | 104.143.3.74:25565 | feather.zedarmc.com | tcp |
| US | 31.25.11.121:25565 | play.pvplegacy.net | tcp |
| US | 8.8.8.8:53 | 121.11.25.31.in-addr.arpa | udp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | followings.roblox.com | udp |
| US | 8.8.8.8:53 | games.roblox.com | udp |
| US | 8.8.8.8:53 | cdg1-128-116-122-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-us-east-1c-lms.rbx.com | udp |
| US | 8.8.8.8:53 | waw1-128-116-124-3.roblox.com | udp |
| US | 8.8.8.8:53 | sea1-128-116-115-3.roblox.com | udp |
| US | 8.8.8.8:53 | badges.roblox.com | udp |
| FR | 128.116.122.3:443 | cdg1-128-116-122-3.roblox.com | tcp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| US | 128.116.115.3:443 | sea1-128-116-115-3.roblox.com | tcp |
| PL | 128.116.124.3:443 | waw1-128-116-124-3.roblox.com | tcp |
| US | 107.20.10.178:443 | aws-us-east-1c-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | voice.roblox.com | udp |
| US | 8.8.8.8:53 | www.youtube-nocookie.com | udp |
| US | 8.8.8.8:53 | 3.123.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.122.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.124.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.10.20.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accountinformation.roblox.com | udp |
| NL | 172.217.168.202:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 216.58.214.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | rr4---sn-aigzrnz7.googlevideo.com | udp |
| GB | 74.125.175.201:443 | rr4---sn-aigzrnz7.googlevideo.com | tcp |
| GB | 74.125.175.201:443 | rr4---sn-aigzrnz7.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 202.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.175.125.74.in-addr.arpa | udp |
| GB | 74.125.175.201:443 | rr4---sn-aigzrnz7.googlevideo.com | udp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.71:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 2.18.121.71:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.71:80 | www.msftncsi.com | tcp |
| US | 2.18.121.71:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| US | 205.185.216.10:443 | setup.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 10.216.185.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.71:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| NL | 23.222.43.72:443 | clientsettingscdn.roblox.com | tcp |
| US | 128.116.117.8:443 | ephemeralcounters.api.roblox.com | tcp |
| US | 8.8.8.8:53 | setup.rbxcdn.qq.com | udp |
| US | 8.8.8.8:53 | 72.43.222.23.in-addr.arpa | udp |
| US | 128.116.117.8:443 | ephemeralcounters.api.roblox.com | tcp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| US | 8.8.8.8:53 | setup-ak.rbxcdn.com | udp |
| US | 8.8.8.8:53 | setup-ll.rbxcdn.com | udp |
| US | 8.8.8.8:53 | setup-cfly.rbxcdn.com | udp |
| US | 8.8.8.8:53 | setup-hw.rbxcdn.com | udp |
| US | 8.8.8.8:53 | 8.117.116.128.in-addr.arpa | udp |
| US | 205.185.216.10:443 | setup-hw.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | www.minecraft.net | udp |
| US | 2.18.121.73:443 | www.minecraft.net | tcp |
| US | 8.8.8.8:53 | 0217991b.akstat.io | udp |
| NL | 173.223.112.132:443 | 0217991b.akstat.io | tcp |
| US | 2.18.121.71:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | 16.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| IE | 20.166.2.191:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 8.8.8.8:53 | msedge.f.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 2.18.121.71:80 | www.msftncsi.com | tcp |
| NL | 87.248.202.1:80 | msedge.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 191.2.166.20.in-addr.arpa | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 2.18.121.71:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.71:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| NL | 173.223.112.132:443 | c.go-mpulse.net | tcp |
| US | 128.116.117.8:443 | ephemeralcounters.api.roblox.com | tcp |
| NL | 23.222.43.72:443 | clientsettingscdn.roblox.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | client-telemetry.roblox.com | udp |
| US | 128.116.117.3:443 | client-telemetry.roblox.com | tcp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| US | 128.116.117.8:443 | ephemeralcounters.api.roblox.com | tcp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| NL | 23.222.43.72:443 | clientsettingscdn.roblox.com | tcp |
| US | 128.116.117.8:443 | ephemeralcounters.api.roblox.com | tcp |
| US | 8.8.8.8:53 | setup.rbxcdn.qq.com | udp |
| US | 128.116.117.8:443 | ephemeralcounters.api.roblox.com | tcp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.qq.com | udp |
| US | 8.8.8.8:53 | setup.rbxcdn.com | udp |
| US | 8.8.8.8:53 | clientsettingscdn.roblox.com | udp |
| US | 8.8.8.8:53 | setup-ak.rbxcdn.com | udp |
| US | 8.8.8.8:53 | setup-cfly.rbxcdn.com | udp |
| US | 8.8.8.8:53 | setup-hw.rbxcdn.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| NL | 23.222.43.72:443 | clientsettingscdn.roblox.com | tcp |
| US | 128.116.117.8:443 | ephemeralcounters.api.roblox.com | tcp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| US | 128.116.117.4:443 | apis.roblox.com | tcp |
| US | 128.116.117.8:443 | ephemeralcounters.api.roblox.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 128.116.117.3:443 | client-telemetry.roblox.com | tcp |
| US | 128.116.117.4:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
| US | 8.8.8.8:53 | www.msftncsi.com | udp |
| US | 2.18.121.80:80 | www.msftncsi.com | tcp |
Files
C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe
| MD5 | 07c7857ac0338fdc449755eddac67c94 |
| SHA1 | db057f68b70c981978855a2b02d8a8a397c79b0a |
| SHA256 | efde80da6ad11fdcd949c24ea07338a4ed1bd1dac31bc9753ac776607e9cd23a |
| SHA512 | 842e01b17306e3f6250d685d27ac67855b5db2cb79f0efc1118f33aff5029fe761941b81bbebf5294794664ee7490eba562a71cf1ab558de708555cf85166e9d |
C:\Windows\Temp\{59FD5347-03BB-44ED-B732-4FB8EDFD3858}\.cr\expressvpn_windows_12.38.0.60_release.exe
| MD5 | 07c7857ac0338fdc449755eddac67c94 |
| SHA1 | db057f68b70c981978855a2b02d8a8a397c79b0a |
| SHA256 | efde80da6ad11fdcd949c24ea07338a4ed1bd1dac31bc9753ac776607e9cd23a |
| SHA512 | 842e01b17306e3f6250d685d27ac67855b5db2cb79f0efc1118f33aff5029fe761941b81bbebf5294794664ee7490eba562a71cf1ab558de708555cf85166e9d |
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\mbahost.dll
| MD5 | c59832217903ce88793a6c40888e3cae |
| SHA1 | 6d9facabf41dcf53281897764d467696780623b8 |
| SHA256 | 9dfa1bc5d2ab4c652304976978749141b8c312784b05cb577f338a0aa91330db |
| SHA512 | 1b1f4cb2e3fa57cb481e28a967b19a6fefa74f3c77a3f3214a6b09e11ceb20ae428d036929f000710b4eb24a2c57d5d7dfe39661d5a1f48ee69a02d83381d1a9 |
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\BootstrapperCore.dll
| MD5 | b0d10a2a622a322788780e7a3cbb85f3 |
| SHA1 | 04d90b16fa7b47a545c1133d5c0ca9e490f54633 |
| SHA256 | f2c2b3ce2df70a3206f3111391ffc7b791b32505fa97aef22c0c2dbf6f3b0426 |
| SHA512 | 62b0aa09234067e67969c5f785736d92cd7907f1f680a07f6b44a1caf43bfeb2df96f29034016f3345c4580c6c9bc1b04bea932d06e53621da4fcf7b8c0a489f |
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\BootstrapperCore.dll
| MD5 | b0d10a2a622a322788780e7a3cbb85f3 |
| SHA1 | 04d90b16fa7b47a545c1133d5c0ca9e490f54633 |
| SHA256 | f2c2b3ce2df70a3206f3111391ffc7b791b32505fa97aef22c0c2dbf6f3b0426 |
| SHA512 | 62b0aa09234067e67969c5f785736d92cd7907f1f680a07f6b44a1caf43bfeb2df96f29034016f3345c4580c6c9bc1b04bea932d06e53621da4fcf7b8c0a489f |
memory/2432-237-0x0000000006290000-0x00000000062A8000-memory.dmp
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\BootstrapperCore.config
| MD5 | 0c79473766c4a706b8acacbeff369bc6 |
| SHA1 | f5470d0ec6fd98403fa756d1760ddf0ecb3c5b81 |
| SHA256 | c044ee99956b0b7628f29d2c7f8d0aaaf18054156acf910915c86edbb09476aa |
| SHA512 | 991a357bcea62be7e926a9768e3cf3d399303b5cc7667bfe71c9487de289efbeaca91d98e18880125daac6b7f73b6d298bbbd2276452f155e82173ac5aac1c02 |
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\WixSharp Setup.exe
| MD5 | a1124e760bc0cbf9e261cdfe7a418832 |
| SHA1 | 0795b0adf6cf467fb7942b1f7405bd0ed754a9d6 |
| SHA256 | 0502f8da948a642e4db4cea611ce28dd3da8c2928d3626ce530cfafbb4d11f7a |
| SHA512 | 5ff54162d73559133b64bf35bf07da1d3ee064ce32c071caf137f9eea41d0fb30879e7835b6cf537639cd2442c9117a9cf68d4a5e89b8af5d1319b82f9f4afcb |
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\WixSharp Setup.exe
| MD5 | a1124e760bc0cbf9e261cdfe7a418832 |
| SHA1 | 0795b0adf6cf467fb7942b1f7405bd0ed754a9d6 |
| SHA256 | 0502f8da948a642e4db4cea611ce28dd3da8c2928d3626ce530cfafbb4d11f7a |
| SHA512 | 5ff54162d73559133b64bf35bf07da1d3ee064ce32c071caf137f9eea41d0fb30879e7835b6cf537639cd2442c9117a9cf68d4a5e89b8af5d1319b82f9f4afcb |
memory/2432-244-0x0000000006810000-0x0000000006996000-memory.dmp
memory/2432-245-0x0000000006200000-0x0000000006210000-memory.dmp
memory/2432-246-0x0000000006200000-0x0000000006210000-memory.dmp
memory/2432-247-0x0000000006200000-0x0000000006210000-memory.dmp
memory/2432-251-0x00000000067D0000-0x00000000067D8000-memory.dmp
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\ExpressVpn.Client.Setup.Shared.dll
| MD5 | 46e1d39b4319db3517b9fa2d7d0b67c8 |
| SHA1 | 33af5ab0df4b9d690fe283fb8a8bd63508f3ada3 |
| SHA256 | b509e2c677b73b4cad4f09d0c3f94724bf3fd952b3f4c24c30985636ff2ed30c |
| SHA512 | dfedfc09ca7c1dbe611015c19464918d1b13b0f9828d504ac11598be442d61ce3ef8038f0d9c9ea0275fa5d95630e41ffe6a0bb1b0b67f955a46a858669a345e |
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\ExpressVpn.Client.Setup.Shared.dll
| MD5 | 46e1d39b4319db3517b9fa2d7d0b67c8 |
| SHA1 | 33af5ab0df4b9d690fe283fb8a8bd63508f3ada3 |
| SHA256 | b509e2c677b73b4cad4f09d0c3f94724bf3fd952b3f4c24c30985636ff2ed30c |
| SHA512 | dfedfc09ca7c1dbe611015c19464918d1b13b0f9828d504ac11598be442d61ce3ef8038f0d9c9ea0275fa5d95630e41ffe6a0bb1b0b67f955a46a858669a345e |
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\Microsoft.Extensions.DependencyInjection.Abstractions.dll
| MD5 | 405bf969e7e50ef47422e54fa33605c8 |
| SHA1 | 4f3c5c8803212719ee74c60813b9ae08604684b3 |
| SHA256 | 95a7c66abd60ba45a2020ac3d42702fd9823f7b6db2ceec6a37c9e9b0602fed1 |
| SHA512 | d04978227453e3341fbdc6a8730da193f1c5e19a2635e02cb5d6eb6fef7c3ea53cf7df5df16230c12693cdaaccc90add812c5ad0a6ed0749e8de75c03602502a |
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\Microsoft.Extensions.DependencyInjection.Abstractions.dll
| MD5 | 405bf969e7e50ef47422e54fa33605c8 |
| SHA1 | 4f3c5c8803212719ee74c60813b9ae08604684b3 |
| SHA256 | 95a7c66abd60ba45a2020ac3d42702fd9823f7b6db2ceec6a37c9e9b0602fed1 |
| SHA512 | d04978227453e3341fbdc6a8730da193f1c5e19a2635e02cb5d6eb6fef7c3ea53cf7df5df16230c12693cdaaccc90add812c5ad0a6ed0749e8de75c03602502a |
memory/2432-255-0x00000000067F0000-0x0000000006800000-memory.dmp
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\ExpressVpn.Common.Logging.dll
| MD5 | 988912a8a5ae0cafeb29f80b4e3af6d4 |
| SHA1 | 1ca87bea628fff4c8995d92168e736ef7fffd1ae |
| SHA256 | 5c67aca3caf64cb4a2ca3111ce00da9aa1364583344896dfdcb6d85c5050f43e |
| SHA512 | 2d58cde0d8f2d2aca423a612c77f34a146f46c64f8e5c877e7395baf2669ae1537bcff6431c7c0c01bb0889ced875604f9c4743b0974c2f89e300aaa13b01d3f |
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\ExpressVpn.Common.Logging.dll
| MD5 | 988912a8a5ae0cafeb29f80b4e3af6d4 |
| SHA1 | 1ca87bea628fff4c8995d92168e736ef7fffd1ae |
| SHA256 | 5c67aca3caf64cb4a2ca3111ce00da9aa1364583344896dfdcb6d85c5050f43e |
| SHA512 | 2d58cde0d8f2d2aca423a612c77f34a146f46c64f8e5c877e7395baf2669ae1537bcff6431c7c0c01bb0889ced875604f9c4743b0974c2f89e300aaa13b01d3f |
memory/2432-259-0x00000000069C0000-0x00000000069D8000-memory.dmp
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\ExpressVPN.Common.Shared.dll
| MD5 | 8d3bd603070c5341750804592de30739 |
| SHA1 | 19b27c7834ad7cbf1b9d6a396dfa0a5fa5588112 |
| SHA256 | 74fd8ff3b37e161c04c4a17ada1138cc44f52b4af93f946237affb040b0c916b |
| SHA512 | 8c366f1a037e448edec3d324f559ccb56ac184c5f504764c8afec8cc56048d4532b8a0926e10316d6d41fc2b21a9bd673899ff459c665e6d3d8e371bce980c35 |
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\ExpressVPN.Common.Shared.dll
| MD5 | 8d3bd603070c5341750804592de30739 |
| SHA1 | 19b27c7834ad7cbf1b9d6a396dfa0a5fa5588112 |
| SHA256 | 74fd8ff3b37e161c04c4a17ada1138cc44f52b4af93f946237affb040b0c916b |
| SHA512 | 8c366f1a037e448edec3d324f559ccb56ac184c5f504764c8afec8cc56048d4532b8a0926e10316d6d41fc2b21a9bd673899ff459c665e6d3d8e371bce980c35 |
memory/2432-263-0x00000000069E0000-0x00000000069F4000-memory.dmp
memory/2432-264-0x0000000006A00000-0x0000000006A1A000-memory.dmp
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\ExpressVPN.Utils.dll
| MD5 | f162ee7a69d27493bd375907f666ca94 |
| SHA1 | b79c97c0cdb592f7ce01f3b4bddf5ab5db252547 |
| SHA256 | a8609434e1d3481f153b811e5f7c1a0a98b205a0a6d5a176b45b4b8b1ff1b95e |
| SHA512 | cd32829c002d236014e45d14232f7104f4518291c39fa0dd55b5d29a1c5bf991b287b1ae3c6f16e5e8d31efba5f27e61d3c7241648936f1157d0564a1a47d32b |
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\ExpressVPN.Utils.dll
| MD5 | f162ee7a69d27493bd375907f666ca94 |
| SHA1 | b79c97c0cdb592f7ce01f3b4bddf5ab5db252547 |
| SHA256 | a8609434e1d3481f153b811e5f7c1a0a98b205a0a6d5a176b45b4b8b1ff1b95e |
| SHA512 | cd32829c002d236014e45d14232f7104f4518291c39fa0dd55b5d29a1c5bf991b287b1ae3c6f16e5e8d31efba5f27e61d3c7241648936f1157d0564a1a47d32b |
memory/2432-268-0x0000000006A20000-0x0000000006A40000-memory.dmp
memory/2432-272-0x0000000006B40000-0x0000000006B58000-memory.dmp
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\Microsoft.Extensions.DependencyInjection.dll
| MD5 | f2a9c263e730b94057d26d8e6562e342 |
| SHA1 | e36e4c8100585db5c7dbd07ff66f4adad8ccd37f |
| SHA256 | d6de20035b25367a82da6180c45511d9077374c5f96f6cc5fedd2107d61efb9c |
| SHA512 | 976fff499e641484a176801ca904221270220d07a1ffe14c03a9b3f32372a264ebe25e704dc63ec18f1bc2a430afa6a098847c327d695a3d19359422a300d4e9 |
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\Microsoft.Extensions.DependencyInjection.dll
| MD5 | f2a9c263e730b94057d26d8e6562e342 |
| SHA1 | e36e4c8100585db5c7dbd07ff66f4adad8ccd37f |
| SHA256 | d6de20035b25367a82da6180c45511d9077374c5f96f6cc5fedd2107d61efb9c |
| SHA512 | 976fff499e641484a176801ca904221270220d07a1ffe14c03a9b3f32372a264ebe25e704dc63ec18f1bc2a430afa6a098847c327d695a3d19359422a300d4e9 |
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\Microsoft.Bcl.AsyncInterfaces.dll
| MD5 | 48efe61d6ca3054309907b532d576d2a |
| SHA1 | f36403aabb16540c93fb35245ec0b4e435628aae |
| SHA256 | 295af2142d9214f3fd84eafe4778dca119be7e0229f14b6ba8d5269c2f1e2e78 |
| SHA512 | 778e7c4675d8fde9e083230213d2efa19aa6924fe892ed74fa1ea2ec16743bb14b99b51856e75eaef632d57be7f36dd1bc7ce39a7c2b0435b2f3211bb19836a3 |
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\Microsoft.Bcl.AsyncInterfaces.dll
| MD5 | 48efe61d6ca3054309907b532d576d2a |
| SHA1 | f36403aabb16540c93fb35245ec0b4e435628aae |
| SHA256 | 295af2142d9214f3fd84eafe4778dca119be7e0229f14b6ba8d5269c2f1e2e78 |
| SHA512 | 778e7c4675d8fde9e083230213d2efa19aa6924fe892ed74fa1ea2ec16743bb14b99b51856e75eaef632d57be7f36dd1bc7ce39a7c2b0435b2f3211bb19836a3 |
memory/2432-276-0x00000000069B0000-0x00000000069BA000-memory.dmp
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\System.Threading.Tasks.Extensions.dll
| MD5 | e1e9d7d46e5cd9525c5927dc98d9ecc7 |
| SHA1 | 2242627282f9e07e37b274ea36fac2d3cd9c9110 |
| SHA256 | 4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6 |
| SHA512 | da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11 |
memory/2432-280-0x0000000006B60000-0x0000000006B6A000-memory.dmp
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\System.Threading.Tasks.Extensions.dll
| MD5 | e1e9d7d46e5cd9525c5927dc98d9ecc7 |
| SHA1 | 2242627282f9e07e37b274ea36fac2d3cd9c9110 |
| SHA256 | 4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6 |
| SHA512 | da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11 |
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\Microsoft.Extensions.Logging.Abstractions.dll
| MD5 | 1237591a98cea80b03eaa68dbbcb2176 |
| SHA1 | 5761dfe8070d1e273c20bf6ce50eb46a8780e065 |
| SHA256 | ce8a3129430b92e206d59720adff91ebae0af7c8a808ba81b2ecf9ce680260e1 |
| SHA512 | 1446308e87aaf15ac1b3f79d8f4620b2172fb4c5f34059df75fae0ab244015cae6ac46faa86a0ab91b71d51bf91476dc407f473016ed0b71526ff6e446bbda07 |
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\Microsoft.Extensions.Logging.Abstractions.dll
| MD5 | 1237591a98cea80b03eaa68dbbcb2176 |
| SHA1 | 5761dfe8070d1e273c20bf6ce50eb46a8780e065 |
| SHA256 | ce8a3129430b92e206d59720adff91ebae0af7c8a808ba81b2ecf9ce680260e1 |
| SHA512 | 1446308e87aaf15ac1b3f79d8f4620b2172fb4c5f34059df75fae0ab244015cae6ac46faa86a0ab91b71d51bf91476dc407f473016ed0b71526ff6e446bbda07 |
memory/2432-284-0x0000000006B90000-0x0000000006BA0000-memory.dmp
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\Newtonsoft.Json.dll
| MD5 | 6815034209687816d8cf401877ec8133 |
| SHA1 | 1248142eb45eed3beb0d9a2d3b8bed5fe2569b10 |
| SHA256 | 7f912b28a07c226e0be3acfb2f57f050538aba0100fa1f0bf2c39f1a1f1da814 |
| SHA512 | 3398094ce429ab5dcdecf2ad04803230669bb4accaef7083992e9b87afac55841ba8def2a5168358bd17e60799e55d076b0e5ca44c86b9e6c91150d3dc37c721 |
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.ba\Newtonsoft.Json.dll
| MD5 | 6815034209687816d8cf401877ec8133 |
| SHA1 | 1248142eb45eed3beb0d9a2d3b8bed5fe2569b10 |
| SHA256 | 7f912b28a07c226e0be3acfb2f57f050538aba0100fa1f0bf2c39f1a1f1da814 |
| SHA512 | 3398094ce429ab5dcdecf2ad04803230669bb4accaef7083992e9b87afac55841ba8def2a5168358bd17e60799e55d076b0e5ca44c86b9e6c91150d3dc37c721 |
memory/2432-288-0x0000000006D20000-0x0000000006DD0000-memory.dmp
memory/2432-291-0x0000000006200000-0x0000000006210000-memory.dmp
memory/2432-292-0x000000007F750000-0x000000007F760000-memory.dmp
memory/2432-293-0x00000000066E0000-0x0000000006702000-memory.dmp
memory/2432-296-0x0000000006200000-0x0000000006210000-memory.dmp
memory/2432-297-0x0000000007790000-0x0000000007798000-memory.dmp
memory/2432-298-0x0000000009D00000-0x0000000009D38000-memory.dmp
memory/2432-299-0x0000000009CC0000-0x0000000009CCE000-memory.dmp
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.be\ExpressVPN_12.38.0.60.exe
| MD5 | 07c7857ac0338fdc449755eddac67c94 |
| SHA1 | db057f68b70c981978855a2b02d8a8a397c79b0a |
| SHA256 | efde80da6ad11fdcd949c24ea07338a4ed1bd1dac31bc9753ac776607e9cd23a |
| SHA512 | 842e01b17306e3f6250d685d27ac67855b5db2cb79f0efc1118f33aff5029fe761941b81bbebf5294794664ee7490eba562a71cf1ab558de708555cf85166e9d |
memory/2432-303-0x0000000009ED0000-0x0000000009ED8000-memory.dmp
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.be\ExpressVPN_12.38.0.60.exe
| MD5 | 07c7857ac0338fdc449755eddac67c94 |
| SHA1 | db057f68b70c981978855a2b02d8a8a397c79b0a |
| SHA256 | efde80da6ad11fdcd949c24ea07338a4ed1bd1dac31bc9753ac776607e9cd23a |
| SHA512 | 842e01b17306e3f6250d685d27ac67855b5db2cb79f0efc1118f33aff5029fe761941b81bbebf5294794664ee7490eba562a71cf1ab558de708555cf85166e9d |
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\.be\ExpressVPN_12.38.0.60.exe
| MD5 | 07c7857ac0338fdc449755eddac67c94 |
| SHA1 | db057f68b70c981978855a2b02d8a8a397c79b0a |
| SHA256 | efde80da6ad11fdcd949c24ea07338a4ed1bd1dac31bc9753ac776607e9cd23a |
| SHA512 | 842e01b17306e3f6250d685d27ac67855b5db2cb79f0efc1118f33aff5029fe761941b81bbebf5294794664ee7490eba562a71cf1ab558de708555cf85166e9d |
memory/2432-312-0x0000000006200000-0x0000000006210000-memory.dmp
memory/2432-313-0x0000000006200000-0x0000000006210000-memory.dmp
memory/2432-314-0x0000000006200000-0x0000000006210000-memory.dmp
memory/2432-315-0x0000000006200000-0x0000000006210000-memory.dmp
memory/2432-316-0x000000007F750000-0x000000007F760000-memory.dmp
memory/2432-317-0x0000000006200000-0x0000000006210000-memory.dmp
\??\pipe\crashpad_2052_BOPOPFJVLJDFHUUA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Temp\scoped_dir2052_1611100194\82983e92-e51b-4dda-ac79-a9198d6cdc0f.tmp
| MD5 | 2cc86b681f2cd1d9f095584fd3153a61 |
| SHA1 | 2a0ac7262fb88908a453bc125c5c3fc72b8d490e |
| SHA256 | d412fbbeb84e2a6882b2f0267b058f2ceb97f501e440fe3f9f70fac5c2277b9c |
| SHA512 | 14ba32c3cd5b1faf100d06f78981deebbbb673299a355b6eaec88e6cb5543725242c850235a541afa8abba4a609bb2ec26e4a0526c6b198016b08d8af868b986 |
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\Net6DesktopRuntime64
| MD5 | 26d558f92be15a50d59b8261123de56b |
| SHA1 | b5b1819cca753b070181f50411375b80412860a3 |
| SHA256 | 1b305b1ae89b2391a4411bb2c5edb6b059a7bf7955275c57b43d1f2a94ce3f62 |
| SHA512 | 5eb1537295cdb513197419c311777229fd43af6cea0ef6134f9990b32b8ac26aa51139f2c0b63d9cdfb6d753dd9db6f243b887ec511f15866157aa9e127b5cea |
C:\Users\Admin\AppData\Local\Temp\scoped_dir2052_1611100194\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Windows\Temp\{95961535-E93A-4361-93D1-6C20EDA89CC5}\MainMsi
| MD5 | d5e72c30c8383525e3aed1f1c2f1caab |
| SHA1 | 453c6b82989d62d7e3d9e1c805b5d106c1f5463d |
| SHA256 | 59efe52b08ee6c4cef658510eeb2be1b4f4701d162ff581a57a2997421652c57 |
| SHA512 | f8e67557af9e9053498460a32401b0b9f20cbe771d14189df112db505ba2f9330c7f89fa4aa61f486a4ab7867115a0c1909cbf5b5b5546cc70c61280b49ee867 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ed6c638e459bf4808f4b07e57a335857 |
| SHA1 | c99362aecace91b9a9614cc6dec5926870643767 |
| SHA256 | 613a7b8bb968abd9321c2de9183eff1ae32737cd62bb626a44e99cf5a499d854 |
| SHA512 | fc15dfe845869fe0fe5050d98b531a33db60840215e3e1c85a239e99eec745467df1e8cdcdcb93fb5745b5b56c7b17b88ba56ddc70d9e6c400c75fd7c3b53087 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 861007b6d6ef1971a153e6fc8b03446b |
| SHA1 | a567010e80ac53eb53e3246dd14b0b728a6827cd |
| SHA256 | fbc339c6c5f43b131f174c0e7e9f7b5f6ade136460978c5116a27f46a2a07376 |
| SHA512 | d4aa45a437fcf0f51eac8883942ff584c6bac6b53cf43523c63824a2b1678ab733ca751435c157493db6f71fd6286c1625b2f3a43168d39eb85f63c681049dfa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 1780acc0f9763a3e59600bd61ab9b9f8 |
| SHA1 | 74c9da98ad596dd1d35a29ba69d16299db90505e |
| SHA256 | 3c6f7885483fab2849967322f6e203a789aca36e67d4d66cb355bbb83d5890dd |
| SHA512 | f9e536105b90cf01e12fa29c66d5944a77095e6090472b56e010972408864f47f0cd67458ab951981f20f7fd2d79415cc40824072c8e58114a8e5b8a4d14d332 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cef03b0ae56356f25fa179726f82f44f |
| SHA1 | 38bb53d022df4ca43a1f251d049dd80f28e9f629 |
| SHA256 | 3d286ee21071ae7d0d65e8e16cd31804d38beb0d7d8a88b55d8ee3b28fde02e0 |
| SHA512 | 2f0ea0fe962464d2b8668de6996f1393f56469053e6c80b4996e0f5dd46c82f2d50835c464ad7b62cd192a14f0d297ef9fe69b7345f98e5ffa18564f8e0f2ffe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\ProgramData\Package Cache\B5B1819CCA753B070181F50411375B80412860A3\windowsdesktop-runtime-6.0.5-win-x64.exe
| MD5 | 26d558f92be15a50d59b8261123de56b |
| SHA1 | b5b1819cca753b070181f50411375b80412860a3 |
| SHA256 | 1b305b1ae89b2391a4411bb2c5edb6b059a7bf7955275c57b43d1f2a94ce3f62 |
| SHA512 | 5eb1537295cdb513197419c311777229fd43af6cea0ef6134f9990b32b8ac26aa51139f2c0b63d9cdfb6d753dd9db6f243b887ec511f15866157aa9e127b5cea |
C:\Windows\Temp\{3F2F9BF6-7239-4224-BBE0-9DA42F7940D2}\.cr\windowsdesktop-runtime-6.0.5-win-x64.exe
| MD5 | 987433e22c318ff3bfd596f6b7bb3d0d |
| SHA1 | 7b8b48d30370bf1cc8e1c2c68b96622a6051d08e |
| SHA256 | ea4484732f4415318ad0a403f8768129f1d4e6f871602881f3d339bcf7a2fa73 |
| SHA512 | 8dcf1535cb673983f916d2c6d255f9a0f2ff708d9a356c5d02e0e326ce967353878a1019e686db0cb7e88e6a8cf78e4c73949fb831ca885241e0c5bce3934d46 |
C:\Windows\Temp\{3F2F9BF6-7239-4224-BBE0-9DA42F7940D2}\.cr\windowsdesktop-runtime-6.0.5-win-x64.exe
| MD5 | 987433e22c318ff3bfd596f6b7bb3d0d |
| SHA1 | 7b8b48d30370bf1cc8e1c2c68b96622a6051d08e |
| SHA256 | ea4484732f4415318ad0a403f8768129f1d4e6f871602881f3d339bcf7a2fa73 |
| SHA512 | 8dcf1535cb673983f916d2c6d255f9a0f2ff708d9a356c5d02e0e326ce967353878a1019e686db0cb7e88e6a8cf78e4c73949fb831ca885241e0c5bce3934d46 |
C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.ba\wixstdba.dll
| MD5 | 4356ee50f0b1a878e270614780ddf095 |
| SHA1 | b5c0915f023b2e4ed3e122322abc40c4437909af |
| SHA256 | 41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104 |
| SHA512 | b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691 |
C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.ba\bg.png
| MD5 | 9eb0320dfbf2bd541e6a55c01ddc9f20 |
| SHA1 | eb282a66d29594346531b1ff886d455e1dcd6d99 |
| SHA256 | 9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79 |
| SHA512 | 9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d |
C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe
| MD5 | 987433e22c318ff3bfd596f6b7bb3d0d |
| SHA1 | 7b8b48d30370bf1cc8e1c2c68b96622a6051d08e |
| SHA256 | ea4484732f4415318ad0a403f8768129f1d4e6f871602881f3d339bcf7a2fa73 |
| SHA512 | 8dcf1535cb673983f916d2c6d255f9a0f2ff708d9a356c5d02e0e326ce967353878a1019e686db0cb7e88e6a8cf78e4c73949fb831ca885241e0c5bce3934d46 |
C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe
| MD5 | 987433e22c318ff3bfd596f6b7bb3d0d |
| SHA1 | 7b8b48d30370bf1cc8e1c2c68b96622a6051d08e |
| SHA256 | ea4484732f4415318ad0a403f8768129f1d4e6f871602881f3d339bcf7a2fa73 |
| SHA512 | 8dcf1535cb673983f916d2c6d255f9a0f2ff708d9a356c5d02e0e326ce967353878a1019e686db0cb7e88e6a8cf78e4c73949fb831ca885241e0c5bce3934d46 |
C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\.be\windowsdesktop-runtime-6.0.5-win-x64.exe
| MD5 | 987433e22c318ff3bfd596f6b7bb3d0d |
| SHA1 | 7b8b48d30370bf1cc8e1c2c68b96622a6051d08e |
| SHA256 | ea4484732f4415318ad0a403f8768129f1d4e6f871602881f3d339bcf7a2fa73 |
| SHA512 | 8dcf1535cb673983f916d2c6d255f9a0f2ff708d9a356c5d02e0e326ce967353878a1019e686db0cb7e88e6a8cf78e4c73949fb831ca885241e0c5bce3934d46 |
C:\ProgramData\Package Cache\{8e563438-c5e3-4ece-98b6-53dcb8e954c2}\state.rsm
| MD5 | a7b9c0008fa75505ae8ad8e99617ace5 |
| SHA1 | 6ef386c6a77d5390ca66032e4496e961659f6de1 |
| SHA256 | 4c20916775719bc406ce71856335123c21d03b6eb824ff6f8aa7b45a4be7767b |
| SHA512 | 9693033537e15ec8e9181366d44a6b38afee4bd8779c97a6fa22da7342d27a8ed7f5902e96f451ec26e88edaa68107c091fe4e1e5abdb1b28b2fa28a4d225209 |
C:\ProgramData\Package Cache\{8e563438-c5e3-4ece-98b6-53dcb8e954c2}\ExpressVPN_12.38.0.60.exe
| MD5 | 07c7857ac0338fdc449755eddac67c94 |
| SHA1 | db057f68b70c981978855a2b02d8a8a397c79b0a |
| SHA256 | efde80da6ad11fdcd949c24ea07338a4ed1bd1dac31bc9753ac776607e9cd23a |
| SHA512 | 842e01b17306e3f6250d685d27ac67855b5db2cb79f0efc1118f33aff5029fe761941b81bbebf5294794664ee7490eba562a71cf1ab558de708555cf85166e9d |
C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\dotnet_runtime_6.0.5_win_x64.msi
| MD5 | abf5dbc0196845d9c906189aa70d07ec |
| SHA1 | 4a6879976ca9d64a151e1679d0b08d975883a7b2 |
| SHA256 | f8f96b0c0a444a391d1a5c02d217d530905c32895166251d16a1b5903b6815f1 |
| SHA512 | 035fffdf011e5d30b06ca3b78b37ceb90c1773b08244efc0ca8f7e8b7c4ef83b1b0c5273431e752d0f7dc83a49ccf5fbb733f8235825bf5b8ded32f7b51939e3 |
C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\windowsdesktop_runtime_6.0.5_win_x64.msi
| MD5 | bf16e0cb45daf8f291ecfa351cb0c3c2 |
| SHA1 | 1491de942eec40921a35f35aa377c2f8f7332c5b |
| SHA256 | 0c3b15d1e680e29377a08ec0577d87d222dda47b84c955f4e834497b59041f9c |
| SHA512 | a69a495b265e6e16fbc4a06455a02baabe35c6ad4abf499ca99a4b5cc9dfe2bcf337b6a60d32bfb15eca03b4c08710a095111ec637b2fbef0279c26d9e9e9ae8 |
C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\dotnet_host_6.0.5_win_x64.msi
| MD5 | bdc10a6d27e4df71409c9cd8bc40d48c |
| SHA1 | 3cd9327008fc4bc8f76d9f8174bc6a1bbf4d7632 |
| SHA256 | ec6d27122faf6585fa4419284a95212102c54bbd7ee02bd56835a496039c70de |
| SHA512 | c60196e4f34efcaa62ac3bb750205b701d7434872fe9eb866a5d80ccab6cef879b35aab0d09c19d25cdbf2a3e19c23a4170a16033ad2fbd008dccc9a6530b1c9 |
C:\Windows\Temp\{1AA92712-72D1-4083-A54D-B9800D8475AF}\dotnet_hostfxr_6.0.5_win_x64.msi
| MD5 | eef7d4eaa530df3288c03b8e6463aaa3 |
| SHA1 | 4d94b0073d5afeb1642a2f0da5c178f5765857b3 |
| SHA256 | cbdda269bf97e5e990d909fc503149005e4cd70e68d565c0fd4fbed3222d7711 |
| SHA512 | 2be6dbc2c4d2a8d68653ffd8cb56196178c4ecea2f247a8d6f6cf3061917a43ff814ce48ab2939b475ae0d69df8fe41e0864ebaa282adcfb3e578ca0da10f823 |
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.5_(x64)_20230615125328_000_dotnet_runtime_6.0.5_win_x64.msi.log
| MD5 | 17cfa80bee83a519b3b96d86b06f60f9 |
| SHA1 | 9f66c92773581534f455ee08c4f1c98131760fd6 |
| SHA256 | c53df84add68d4b97c44e825dd7f3aa22e3c8c27ec93caeeec283ecd1b64aab6 |
| SHA512 | 686bc5dc2e945485aa90faf1a6d0b82ee9d082182aa45839b16f13fdc1159306ef3a516c7dbd12a21634ab9cec655e157726b059ea3fd53c98fdcb4eede071e5 |
C:\Windows\Installer\MSIA43F.tmp
| MD5 | d711da8a6487aea301e05003f327879f |
| SHA1 | 548d3779ed3ab7309328f174bfb18d7768d27747 |
| SHA256 | 3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283 |
| SHA512 | c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681 |
C:\Windows\Installer\MSIA43F.tmp
| MD5 | d711da8a6487aea301e05003f327879f |
| SHA1 | 548d3779ed3ab7309328f174bfb18d7768d27747 |
| SHA256 | 3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283 |
| SHA512 | c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 526f730757d8cb2edd2dcf7e34331d05 |
| SHA1 | 0ca71bd560c509fe1c0644d906da468b0c65275a |
| SHA256 | 8fc091e4fa47a0d87c84df1f7052e30387ecbdd3d49854150ae8c15c41529bb9 |
| SHA512 | c0287626140474fe7b3587f50496a8553a18617689c608546a0f1a461e6ee13f6119d26c94307c81bcd9836dfc117bde6cba7450cb9b162dcf1bf55d3673b99d |
C:\Windows\Installer\e57a069.msi
| MD5 | abf5dbc0196845d9c906189aa70d07ec |
| SHA1 | 4a6879976ca9d64a151e1679d0b08d975883a7b2 |
| SHA256 | f8f96b0c0a444a391d1a5c02d217d530905c32895166251d16a1b5903b6815f1 |
| SHA512 | 035fffdf011e5d30b06ca3b78b37ceb90c1773b08244efc0ca8f7e8b7c4ef83b1b0c5273431e752d0f7dc83a49ccf5fbb733f8235825bf5b8ded32f7b51939e3 |
C:\Config.Msi\e57a068.rbs
| MD5 | 038d580a782680178ca400ee570d7d0d |
| SHA1 | 75ea391a0588dfa77db2e65cf10f6559692186b8 |
| SHA256 | f77da8f40c6d248c247eacd50ab2fb78b60b9424d5a8a1354ec821dda764d607 |
| SHA512 | dce046b7581eb3e5a4c0fc7c99b771456e39891292522f472d10c4a586e892c2604c1f25fbbc2c9faecd258390ba2b0efad4657918b95b2d5288b3002730357d |
C:\Windows\Installer\MSICA37.tmp
| MD5 | d711da8a6487aea301e05003f327879f |
| SHA1 | 548d3779ed3ab7309328f174bfb18d7768d27747 |
| SHA256 | 3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283 |
| SHA512 | c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681 |
C:\Windows\Installer\MSICA37.tmp
| MD5 | d711da8a6487aea301e05003f327879f |
| SHA1 | 548d3779ed3ab7309328f174bfb18d7768d27747 |
| SHA256 | 3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283 |
| SHA512 | c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681 |
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.5_(x64)_20230615125328_001_dotnet_hostfxr_6.0.5_win_x64.msi.log
| MD5 | 468b62f3afeb27957aa4869a1800ef45 |
| SHA1 | 85ee4a312ccf8df04d7ca2e0f745f298e2c82dad |
| SHA256 | 4f6032b8ee829101abe5796beb9865cf77e5764d2ab8630490e0403d0ad2eae3 |
| SHA512 | ff27f845f191b27cf5fd8bdb7632cc79426078076148176ed4a19cab866cb58e735e867149cd027de2ab2fe236388cf859d838e6f9a93aecd672456bc5d35d93 |
C:\Windows\Installer\MSICCE8.tmp
| MD5 | d711da8a6487aea301e05003f327879f |
| SHA1 | 548d3779ed3ab7309328f174bfb18d7768d27747 |
| SHA256 | 3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283 |
| SHA512 | c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681 |
C:\Windows\Installer\e57a06a.msi
| MD5 | eef7d4eaa530df3288c03b8e6463aaa3 |
| SHA1 | 4d94b0073d5afeb1642a2f0da5c178f5765857b3 |
| SHA256 | cbdda269bf97e5e990d909fc503149005e4cd70e68d565c0fd4fbed3222d7711 |
| SHA512 | 2be6dbc2c4d2a8d68653ffd8cb56196178c4ecea2f247a8d6f6cf3061917a43ff814ce48ab2939b475ae0d69df8fe41e0864ebaa282adcfb3e578ca0da10f823 |
C:\Config.Msi\e57a06c.rbs
| MD5 | ae59508430136e4f367f9ec09aa18be0 |
| SHA1 | 0fee496b24e23a19e3aec3090b565c9e007e2a08 |
| SHA256 | ccdd63292ca8938c2d1a63bdd3ab440b3f3fa72f1ea21206539c3b274e7c26e1 |
| SHA512 | 1bceaa3c4cbc489d7adfc25bfdb2f6b97f3900d54a9d83109d79dcc899a2147cf3a95e073ba90d88b68041104d986832ae4eb8016e92c7c692aaf3e3c958f7b1 |
C:\Program Files\dotnet\ThirdPartyNotices.txt
| MD5 | f77a4aecfaf4640d801eb6dcdfddc478 |
| SHA1 | 7424710f255f6205ef559e4d7e281a3b701183bb |
| SHA256 | d5db0ed54363e40717ae09e746dec99ad5b09223cc1273bb870703176dd226b7 |
| SHA512 | 1b729dfa561899980ba8b15128ea39bc1e609fe07b30b283001fd9cf9da62885d78c18082d0085edd81f09203f878549b48f7f888a8486a2a526b134c849fd6b |
C:\Program Files\dotnet\LICENSE.txt
| MD5 | 31c5a77b3c57c8c2e82b9541b00bcd5a |
| SHA1 | 153d4bc14e3a2c1485006f1752e797ca8684d06d |
| SHA256 | 7f6839a61ce892b79c6549e2dc5a81fdbd240a0b260f8881216b45b7fda8b45d |
| SHA512 | ad33e3c0c3b060ad44c5b1b712c991b2d7042f6a60dc691c014d977c922a7e3a783ba9bade1a34de853c271fde1fb75bc2c47869acd863a40be3a6c6d754c0a6 |
C:\Config.Msi\e57a070.rbs
| MD5 | e4bdbabe0b37ca20baab8b217aca4fb4 |
| SHA1 | d1346c2fc8c93f63733bf65807e9f03b632b4f61 |
| SHA256 | 24ad142829b2a1edbf00c18c4fe809636c6913b38041709eb9b47e36c3b34852 |
| SHA512 | 8be5cd819398e89f42ea7496ea0ea7b2d662b057650ab37ffb0cee599dd870987407bfad5e918bd832bc81c17afa54e43c63d455fc415963d3ef2f910a8b11f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a5232a34bbc3a132d14679ec841d2edb |
| SHA1 | 9707f7c37f378d759720bce9ef851bf278a80a85 |
| SHA256 | a4a1416d4e8324bce967366c51155d3c7b7affdbdcba27b3469abdb949d75b03 |
| SHA512 | 74ab96d0546fdd9807a5927898549f68fa0b6ba90a051350b51b37bb646f89088ffad452abbeb82083a53d87461a50e2cc81b2e5a89cb1f139961fdb018556cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6400a246cbd5a7a64ef30fa7be486be3 |
| SHA1 | 57784abba928a036d091cac8933a13950fe78230 |
| SHA256 | 5974d66347ed67a91bf101cdd5fe0f27c81a62affae15632b788ddf1ca4d8593 |
| SHA512 | c592316039ead41cb08cb69e5c455a12ac68c08ec3002b13124f55bf927ac29bce412e9b8da5124d9d5879d0bdd3063e8668f98cb269c42c26b4442478e62dfb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | 5b0c0d429185ff30e04c93f67116d98f |
| SHA1 | 8eb3286fe16a5bee5a0164b131bc534fd131f250 |
| SHA256 | f1a0b957050b529afc0e94c436976326124ed8968183859c413986487623294d |
| SHA512 | 6295bcd662325172b15c476d26f23c8794c4f1454e0e8cfd43bca79b45aa03e1ae721ebdada1c52fe7699027fa97699156280ff259ce3cc476e322ccc0337902 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4b1f6241586d232bd85a69087e2b0eee |
| SHA1 | a16a784e165fa3b74456f4cfda64ec71c3f3bdba |
| SHA256 | 251b1bea4a5cbec8ef53f50356977189801cd5946d3f3208c8f4622abbf26d2b |
| SHA512 | b3ea7e0ff626e399bb55f45d39a6dc615568d77f4e359c763e5ebfc6ae3aed0cfe146a08716a2e41a8cbfa3e9fe76bfe2d19c868dbaada004746d07073569a28 |
C:\Windows\Installer\e57a075.msi
| MD5 | bf16e0cb45daf8f291ecfa351cb0c3c2 |
| SHA1 | 1491de942eec40921a35f35aa377c2f8f7332c5b |
| SHA256 | 0c3b15d1e680e29377a08ec0577d87d222dda47b84c955f4e834497b59041f9c |
| SHA512 | a69a495b265e6e16fbc4a06455a02baabe35c6ad4abf499ca99a4b5cc9dfe2bcf337b6a60d32bfb15eca03b4c08710a095111ec637b2fbef0279c26d9e9e9ae8 |
C:\Config.Msi\e57a074.rbs
| MD5 | 73a8ffc587d0befaeb588a7f7d22c837 |
| SHA1 | 56230fa937c1d46fd2b5e65c4349a146e3ec63a9 |
| SHA256 | 7b4639973f2099b3972cd7e18a5362d5b3e65ac9ae8e3538d299a411654d965a |
| SHA512 | 3407e148ff86d5a3cb4ad9275d36330a35fa6640f7f92b788c148c3080f60dfcbb523d917fc2417e5a26b00997b231cc9a69b3a356a1a04cbcc32c1632bd2a25 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | efcb2deb411162f092bd8a22325600ec |
| SHA1 | dd40a30585062eb7d274b2f2cdd11b1f55efec2e |
| SHA256 | 59f94c786ebbd9ae21f80adfcad2e18062bba92f0cb758ea9a9009ba24b403d6 |
| SHA512 | 85bafa5d47654de8717d670b16e0b270b81acbbdbf096cd23e5881cc18f7bdb56ee674f16dafcecbe707803893a92f42b99a85fcf975bf044b5b535b78a30229 |
C:\Windows\Installer\MSI17D5.tmp-\Newtonsoft.Json.dll
| MD5 | 6815034209687816d8cf401877ec8133 |
| SHA1 | 1248142eb45eed3beb0d9a2d3b8bed5fe2569b10 |
| SHA256 | 7f912b28a07c226e0be3acfb2f57f050538aba0100fa1f0bf2c39f1a1f1da814 |
| SHA512 | 3398094ce429ab5dcdecf2ad04803230669bb4accaef7083992e9b87afac55841ba8def2a5168358bd17e60799e55d076b0e5ca44c86b9e6c91150d3dc37c721 |
memory/1268-1745-0x0000000004D90000-0x0000000004DBE000-memory.dmp
memory/1268-1747-0x0000000004DE0000-0x0000000004DF6000-memory.dmp
memory/1268-1749-0x0000000004DC0000-0x0000000004DC8000-memory.dmp
memory/1268-1751-0x0000000004E20000-0x0000000004E38000-memory.dmp
memory/1268-1754-0x0000000004E60000-0x0000000004E74000-memory.dmp
memory/1268-1756-0x0000000004F60000-0x0000000004FD0000-memory.dmp
memory/1268-1758-0x0000000004EC0000-0x0000000004EE0000-memory.dmp
memory/1268-1760-0x0000000004EA0000-0x0000000004EAA000-memory.dmp
memory/1268-1762-0x0000000004EE0000-0x0000000004EEC000-memory.dmp
memory/1268-1772-0x0000000004F50000-0x0000000004F60000-memory.dmp
memory/1268-1779-0x0000000004F50000-0x0000000004F60000-memory.dmp
memory/1268-1780-0x0000000004F50000-0x0000000004F60000-memory.dmp
C:\Windows\Installer\MSI17D5.tmp-\Microsoft.Extensions.Logging.Abstractions.dll
| MD5 | 1237591a98cea80b03eaa68dbbcb2176 |
| SHA1 | 5761dfe8070d1e273c20bf6ce50eb46a8780e065 |
| SHA256 | ce8a3129430b92e206d59720adff91ebae0af7c8a808ba81b2ecf9ce680260e1 |
| SHA512 | 1446308e87aaf15ac1b3f79d8f4620b2172fb4c5f34059df75fae0ab244015cae6ac46faa86a0ab91b71d51bf91476dc407f473016ed0b71526ff6e446bbda07 |
C:\Windows\Installer\MSI17D5.tmp-\System.Threading.Tasks.Extensions.dll
| MD5 | e1e9d7d46e5cd9525c5927dc98d9ecc7 |
| SHA1 | 2242627282f9e07e37b274ea36fac2d3cd9c9110 |
| SHA256 | 4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6 |
| SHA512 | da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11 |
C:\Windows\Installer\MSI17D5.tmp-\Microsoft.Bcl.AsyncInterfaces.dll
| MD5 | 48efe61d6ca3054309907b532d576d2a |
| SHA1 | f36403aabb16540c93fb35245ec0b4e435628aae |
| SHA256 | 295af2142d9214f3fd84eafe4778dca119be7e0229f14b6ba8d5269c2f1e2e78 |
| SHA512 | 778e7c4675d8fde9e083230213d2efa19aa6924fe892ed74fa1ea2ec16743bb14b99b51856e75eaef632d57be7f36dd1bc7ce39a7c2b0435b2f3211bb19836a3 |
C:\Windows\Installer\MSI17D5.tmp-\Microsoft.Extensions.DependencyInjection.dll
| MD5 | f2a9c263e730b94057d26d8e6562e342 |
| SHA1 | e36e4c8100585db5c7dbd07ff66f4adad8ccd37f |
| SHA256 | d6de20035b25367a82da6180c45511d9077374c5f96f6cc5fedd2107d61efb9c |
| SHA512 | 976fff499e641484a176801ca904221270220d07a1ffe14c03a9b3f32372a264ebe25e704dc63ec18f1bc2a430afa6a098847c327d695a3d19359422a300d4e9 |
C:\Windows\Installer\MSI17D5.tmp-\Microsoft.Extensions.DependencyInjection.Abstractions.dll
| MD5 | 405bf969e7e50ef47422e54fa33605c8 |
| SHA1 | 4f3c5c8803212719ee74c60813b9ae08604684b3 |
| SHA256 | 95a7c66abd60ba45a2020ac3d42702fd9823f7b6db2ceec6a37c9e9b0602fed1 |
| SHA512 | d04978227453e3341fbdc6a8730da193f1c5e19a2635e02cb5d6eb6fef7c3ea53cf7df5df16230c12693cdaaccc90add812c5ad0a6ed0749e8de75c03602502a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 77ac726b80f73a3255e56752658dce34 |
| SHA1 | b81f281b8faeb23252393be7ac154563fdc7744c |
| SHA256 | 3cf31e73d94c5187ce9ecc426251e23870f416ddda80301d301f60285bdbc42a |
| SHA512 | 4476df6da469075b522c36283b0c5a98ea40cc149bd41cfb2b97ed637c2f1d7a0ad9c66ab887b93c93f9614a0984c74e9c4c3da6f6f920243cf258fd47028977 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe581ebe.TMP
| MD5 | a2cfdb4e918dbe1c0aba49c647d0895a |
| SHA1 | d0ff89f7d6c04b2d8944b5120ab536e922cc84b2 |
| SHA256 | 183a38aba24f31bd3830bd5099082f0e40bfc07ac1521cf3f35da57fbe15ff64 |
| SHA512 | b806206cb812c5c3a4c58feeee55973f727c52c7eb5e2a18a2a716ff808568f8f3525ca7c27e59db8edae24a87a7c8c1e6e3a57a0d9964923b437ee081423dfd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | a54f88aefe75194eb85ce86a76db7c08 |
| SHA1 | c629b216ff3a16745225376d35519c96551b7ac5 |
| SHA256 | 6c03076b365263365810af635a270a1a345891ca0d252147c364891e0c237b9b |
| SHA512 | ab5adeefaee531aa55aa06ab8f5a8753f236a278b384b1a9432b8427d326f13a28fc2449ef2579afdebcd8e827cea15160f3c46b3a333633a7cb11629ac1d4dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 5743a4ed71f8d9d5da13bb913aa9a3b8 |
| SHA1 | c179fb755847fc52565f36ca0a657914e900df8a |
| SHA256 | d47d382e35b99f535f09ca7208102f6d0cc1a331a5ba84c32d560061713156db |
| SHA512 | 3a34ebb67271fd58a8593589b59518d76b070dc67928bb9b04f27786af5522bfc6ce2dc87f0c3cc4951486cd0b246f064ce78f89d5d9d7b703ff8a28fc556626 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027
| MD5 | 4cd9141ca0a6c19415d035752cf0b9df |
| SHA1 | c91980b39cb48c07439fb2b35cd0aeb1f7808213 |
| SHA256 | 63ff9d954ee10e70184f9fb1016fe11931425c71b3b3ede8e28f85a9d7439598 |
| SHA512 | e75ff9f01740dcca451e290e134ea8c88d28e1b8cb989865e62eb3467afb3c4e737beb6c816a9e1343276e8eee523f5f8151a9840c6b01b633f5c177ac42577d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6b94ddc0756264d534b0744e503ba1f6 |
| SHA1 | 297dd40e1f00f7ba7e6b07f3672270019e3ee1f6 |
| SHA256 | f67828c592a00d8f211f9765a4d612569301e5b98dcfc8aa2d3c0c89f0e0f092 |
| SHA512 | 24faba3bd04254fe356a65ef810b1fb15d7b267007565cf362d2f7d94c488cb5120cc899b51e5cb5f9f2eadf3b202c6a898a2a79a421ce9a15b20264093a3ef7 |
C:\Windows\Installer\MSI3D72.tmp-\Microsoft.Deployment.WindowsInstaller.dll
| MD5 | 1a5caea6734fdd07caa514c3f3fb75da |
| SHA1 | f070ac0d91bd337d7952abd1ddf19a737b94510c |
| SHA256 | cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca |
| SHA512 | a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1 |
C:\Windows\Installer\MSI3D72.tmp-\CustomAction.config
| MD5 | c9c40af1656f8531eaa647caceb1e436 |
| SHA1 | 907837497508de13d5a7e60697fc9d050e327e19 |
| SHA256 | 1a67f60962ca1cbf19873b62a8518efe8c701a09cd609af4c50ecc7f0b468bb8 |
| SHA512 | 0f7033686befa3f4acf3ed355c1674eaa6e349fba97e906446c8a7000be6876f157bc015bf5d3011fbbdc2c771bcbaea97918b8d24c064cbbd302741cc70cbc7 |
C:\Windows\Installer\MSI3D72.tmp-\ExpressVpn.Client.Setup.CustomActions.dll
| MD5 | 3e40e18013bbb899607891f3234a8446 |
| SHA1 | 0cc000b1a1d41cd46ab393b2ebf928939b6477ba |
| SHA256 | d04a426349d56dda212e907cdd3799d402cd7d7e46f5fc051fa14c7802ee7fc6 |
| SHA512 | ec20c499b3475805b2ce3da8658d96899f3d35ff4544cb961350e6b06ee252f244b567dc11ccd73e9ebf7075735237063d94a34333457312bc3ed418d9e7e04d |
C:\Windows\Installer\MSI3D72.tmp-\ExpressVpn.Client.Setup.Shared.dll
| MD5 | 9c69b9327a9cb3f9c814bebb625c55c2 |
| SHA1 | 3f0c9af7f54af5d09f91e06005351c6e143c83a9 |
| SHA256 | 491737b9d171ede500938a3985d438f3018ca98c84f8ace03e75c2f63b05a2e0 |
| SHA512 | f7ba8808d87d22ef9ca130b56c32846df0c947d0e41347ad93fe7c06cd1ac8769721f8cc3477893f41c4491cd32bb44a91550da035f190f02e5dd58d04e8527b |
C:\Windows\Installer\MSI3D72.tmp-\ExpressVpn.Common.Logging.dll
| MD5 | 4c0619b0ea8d374bf199e507af60823c |
| SHA1 | 6472e515499ec9fa0ee43e1e9006ae1dcc8dc111 |
| SHA256 | a19a22cdab7b32c45ae226fa66bb9e6ab70e27e1b63ed4839a94f213d141dcfe |
| SHA512 | 9a093e0f304a320589c7755d48813d4303a10358c9d753a75ab98c7ffafe140483bfb9e54b2f764bbbe068fdcdf2ed87b3a4d14f13ab09844e347ea0f4cfcc85 |
C:\Windows\Installer\MSI3D72.tmp-\ExpressVPN.Client.Installer.dll
| MD5 | e79df256636d80c69810b873d9efcfe8 |
| SHA1 | 3e586438fbb0b2ae743665b14436b4cc1a9f657b |
| SHA256 | fb3b97b9683ade2d0cc9bc74933748b74032ea2c265b37fe060bbc1280d096e2 |
| SHA512 | fb47cfad24d6a965990cb672db9840aa43ecabde4112a7ff2049095bf11b8bf74404bcb82dd49b8d9ee9d4f418345948e943aa722fe025f1a5cb473bdae96347 |
C:\Windows\Installer\MSI3D72.tmp-\ExpressVpn.Utils.Wmi.dll
| MD5 | 316786e333501cbb1b9d7a2799e4d4af |
| SHA1 | 53884c1dbfb5ec819aa8d0242205e026ecc73bf5 |
| SHA256 | bd837011f2b402833653bf4c2e4ef065426316672c09d6764686bd798b3a22d6 |
| SHA512 | 562a0e9ce21c0a6333569207f8fcbc8b4f79872ed17a5d9a40a05ed6b9ccee33ae0df82d96a4e58f2bb39a97a5e945dddceb9726419616ebff0fa52ec38c3028 |
C:\Windows\Installer\MSI3D72.tmp-\ExpressVPN.Utils.dll
| MD5 | 4fe7e636837b93970abc6f0de3531c40 |
| SHA1 | 1874886c7c25bc3f3b5250bc892b0d024d7b874b |
| SHA256 | 7406b12169d3a9e496c64df21635e99189a632e4d43b7bc28193699e0f8fa3ab |
| SHA512 | 29e1cd8a6f762a35928535c30ef20c394e59d2280ecfe93e0d2f0aa728e5bfff59496e5e6bc5d170fb3798faa71498e55a61a1ceeea594496d7afb2e37d1ab76 |
memory/4512-2521-0x0000000004FC0000-0x0000000005036000-memory.dmp
C:\Windows\Installer\MSI3D72.tmp-\WixSharp.dll
| MD5 | dd1aaef9d73a034f25c660c892cc3492 |
| SHA1 | cee6f7bc28721daa7c63e182baf18b353f981021 |
| SHA256 | 08650aee86ff2e3e31b7d1e5239d61a668f1efb56e0bee43f824217b4360d01a |
| SHA512 | b095fb787f243baee30713428adfba1b98b6e58b94f10acebe03318786e46e6da12c183474b014e7b97bc4720ae4e24f71e39573cf7827f9ad7d5f949389fa6f |
C:\Windows\Installer\MSI3D72.tmp-\ExpressVPN.Common.Shared.dll
| MD5 | e13ebbf5e06bba7267eb1f14dc027ae0 |
| SHA1 | bedade1d1b7f6217d7127549c0a7a2dac416a0fc |
| SHA256 | 0587fe0fde62220324b26426c00e7ffd895e8b17b768d79710f934bfb559a065 |
| SHA512 | 7c47952f6672cf6319e29bfa928a12d56de87f0a7a25958e479ea43add25e39c8472db3c56c2fc7cc9cb9dd83de4b7243d5a6b0013e3f79771fb7660901ce726 |
memory/4512-2530-0x0000000005070000-0x000000000508E000-memory.dmp
memory/4512-2531-0x0000000004DA0000-0x0000000004DB0000-memory.dmp
memory/4512-2532-0x0000000004DA0000-0x0000000004DB0000-memory.dmp
memory/4512-2533-0x0000000004DA0000-0x0000000004DB0000-memory.dmp
memory/4512-2535-0x0000000004DA0000-0x0000000004DB0000-memory.dmp
memory/4512-2536-0x0000000004DA0000-0x0000000004DB0000-memory.dmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN.lnk
| MD5 | 841038ec9118a58a82880ee44e4967e7 |
| SHA1 | 223ff5f98fb31a9ed8be1109b08f96208a458f53 |
| SHA256 | 3a5317f052b3992263eeec3f932019303b9979111a65b9ed277221b4f40a8fd6 |
| SHA512 | 650ba2333d68e47a1fd2471731c42eb6e6f2e198861eba079373a6bbb832909032d01965375ccf9a3663af9d5a5bc56c9556c503f6527dc5bd563d3c4cdce247 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN.lnk
| MD5 | b38f81f0772d3381ea5165033ba4a99d |
| SHA1 | d038ea598f742841aa96738003c3d8325ef60ed1 |
| SHA256 | 5ca6908b6ce677c23af4c7a91f3dfc7bfe387ba271d33c1151ca4e2a160359f8 |
| SHA512 | 77b8668878f712d5be4b0af55ad073bd0697ae3e50318546871f96d6e6df0d30ba78b7092454534ab6b9ea4264b9f18bbddad9f987aae1e80064020c3c78b4ba |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN.lnk~RFe584570.TMP
| MD5 | 9a7c84fb3ba9a945b52ff938f21002ab |
| SHA1 | 646b54ecd1eb736f4c882c0493f5cc1f6899d220 |
| SHA256 | 9462671130fa8dc30dd7b4080b7753162371881d312146ecd6d504e5e2e31391 |
| SHA512 | 22507fa25966a34b81b25198412d5dddfd183b0710e1fc22f89d77a381a103e65382bc6bcecabf97a81787fcb14deebddbcf90bc717e0371f8ed27775dd81267 |
C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPN.exe
| MD5 | 85ad9f4cfba5a47f8714fd63887605ab |
| SHA1 | 79e52d574f81a57168fc1dcc25fd3b2e5c361603 |
| SHA256 | e85912b9f6d1434726264cef08db208b92265d2b6fddf42234bc345a9684bf11 |
| SHA512 | 1272401153dadb496d850901bde2f96f677a1591b568ca37476b362611621c45ad437b891a3c7e98b9cd99081e32fdb027512ef2b5e9391e36aa728ab708c1bd |
C:\Windows\Installer\MSI45C0.tmp
| MD5 | 9d0ee5a255b92fd11c36979ecb3aca67 |
| SHA1 | 2021cdb47d5743ce84991004c3891f53173ebd59 |
| SHA256 | ec23d81a8e3139d572150e582fb7191b7db3a338f507301ed94cfad8ebc30206 |
| SHA512 | 925208e9202f3003cfd81de194d170ce9cd539a6163a35f169cbd41ad7c478c444885c7574a5516a282e16485a413d6938f59ba710d230340b746bd67f13f088 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e9d9bd4fbaee64f6bcd39f9e0018f675 |
| SHA1 | af501cf379082cd0f9484ffed26d745c057de048 |
| SHA256 | 3a316bccbb16b3a5e413beee4e3992d5dd4241a5bfe8ab8ead7aad126e74de6f |
| SHA512 | 89b8e03cbc2f12a8ac7cf331e916a0dfa3ece11b79e54ef13053bc29975869c609b502247de657d15cdeab343338b4f737aa8cf67f4b6898c03128ba17687817 |
C:\Windows\Installer\MSI45C0.tmp-\BootstrapperCore.dll
| MD5 | b0d10a2a622a322788780e7a3cbb85f3 |
| SHA1 | 04d90b16fa7b47a545c1133d5c0ca9e490f54633 |
| SHA256 | f2c2b3ce2df70a3206f3111391ffc7b791b32505fa97aef22c0c2dbf6f3b0426 |
| SHA512 | 62b0aa09234067e67969c5f785736d92cd7907f1f680a07f6b44a1caf43bfeb2df96f29034016f3345c4580c6c9bc1b04bea932d06e53621da4fcf7b8c0a489f |
C:\Windows\Installer\MSI45C0.tmp-\Grpc.Core.Api.dll
| MD5 | 33e82bfceee2a76c34edee46091bafc8 |
| SHA1 | 55c8e27e8efa1e08e87f96424c574ec581335910 |
| SHA256 | 1e6db7069217797180cf7664e555994a9993db0155c9761be8012860bb82f8a2 |
| SHA512 | 2818f76c324cfa556c5c9b68cba712c57d12da2f1bf6cf6defd314c0a5dbe4f504e20c04deaf9b69be6a56b01f47fe341ffbca2a431df9a71b28d38c9e1ec6bc |
C:\Windows\Installer\MSI45C0.tmp-\Grpc.Core.dll
| MD5 | 832a45191b8711adc888d8d45b26f0f8 |
| SHA1 | a90d87c10f3e5ed48a80f8e1cf0e883a07830c8d |
| SHA256 | 873b7debc4411c2707b48de1454d2ff437d9d56d44ad603c6487a8fb69b4413c |
| SHA512 | 94fe9bad110671a1bd965f4847609ed20955f082f96c049b1679634fbc878b189edaf952914137316a3a7ee65996df020ed2c65dcce0b7ba55db853f48132ef4 |
C:\Windows\Installer\MSI45C0.tmp-\Google.Protobuf.dll
| MD5 | 25647dfce0e91490e97f8c6366b2632a |
| SHA1 | 8b812d8418143e0e8bc782e6687583dee13710bd |
| SHA256 | da005e408ac85c4fafae30aa79ab7c18ddfa9fb5b23cd7fb2228a88413388c54 |
| SHA512 | 5c0947cceb867f765ef4e77a73c2e2cea11f80ed83cdd43f3f5816ac2c27403fa74ea6a7edd648061d14d3e480d0f5e8271b754688d8da62e8653ae7581bb910 |
C:\Windows\Installer\MSI45C0.tmp-\Microsoft.Extensions.Primitives.dll
| MD5 | d833ddcb52e5c6d6da71bae25395a911 |
| SHA1 | 17ce025ad7a0175c467f5a7108ca81a813e4ac21 |
| SHA256 | 76152e774b2bd9c5a0d301e92e253d8bf55fa90e191d0155dfd86b2b84766ae8 |
| SHA512 | fd963a9fa5bdd10a1c54ce8fcba862b59786280ca5d668fa041b30b80d7fa2b84230d33b1c0541423534c764e7432213039d5f586d0427d542c0faf703081a79 |
C:\Windows\Installer\MSI45C0.tmp-\Microsoft.Extensions.Options.dll
| MD5 | 3ddea0033ead23660b51921146dda017 |
| SHA1 | 5708c44aa5326da0a69072a9b0e48715112a4bdd |
| SHA256 | c4673c6000602e76844bad63feecbe42d88fc72639b1fd64d2acde48955be970 |
| SHA512 | d57e25a2412f2685770e3fd1d6650ee433ed28d337221941841eb9589dbf3868a27efb0d488f960f75785e60357cd2914b0eece1da62aa9ffe77219340c03576 |
C:\Windows\Installer\MSI45C0.tmp-\System.Collections.Immutable.dll
| MD5 | c598080fa777d6e63dfd0370e97ec8f3 |
| SHA1 | 9d1236dcfb3caa07278a6d4ec751798d67d73cc2 |
| SHA256 | 646d3b52a4898078f46534727bdb06ff23b72523441458b9f49ecc315bf3ef5c |
| SHA512 | 8a5b4afb4363732008c97d53f13ee430401e4a17677af37123da035f15f9e9409a2aeb74ae238379291fd5de07c3cd4e3de2778da5edf83a42649fa5b281cb32 |
C:\Windows\Installer\MSI45C0.tmp-\System.Buffers.dll
| MD5 | ecdfe8ede869d2ccc6bf99981ea96400 |
| SHA1 | 2f410a0396bc148ed533ad49b6415fb58dd4d641 |
| SHA256 | accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb |
| SHA512 | 5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741 |
C:\Windows\Installer\MSI45C0.tmp-\System.Memory.dll
| MD5 | 6fb95a357a3f7e88ade5c1629e2801f8 |
| SHA1 | 19bf79600b716523b5317b9a7b68760ae5d55741 |
| SHA256 | 8e76318e8b06692abf7dab1169d27d15557f7f0a34d36af6463eff0fe21213c7 |
| SHA512 | 293d8c709bc68d2c980a0df423741ce06d05ff757077e63986d34cb6459f9623a024d12ef35a280f50d3d516d98abe193213b9ca71bfde2a9fe8753b1a6de2f0 |
C:\Windows\Installer\MSI45C0.tmp-\System.Reactive.Core.dll
| MD5 | f20967beae947a5d54156b5cb40d0c04 |
| SHA1 | c5ea57f70835e22cbaf08ac5262716de3de16f2b |
| SHA256 | ac464ea84539c60cbdb498dd787f6fb90b2f11067a5acc9e1ed4f8f62cb7bc7a |
| SHA512 | 7f1fd97ac58bfe5194e348a141595bb261870bed0cdab0e491aec40da7a930d2d821457aa2e44c80da276bbce98dd3a08e344de3539037367977815055a79435 |
C:\Windows\Installer\MSI45C0.tmp-\System.Reactive.Interfaces.dll
| MD5 | 0a471405a43ace8273b6e266f819901f |
| SHA1 | bb7c4d3930358fa574136248cc1da6c9bcf5f192 |
| SHA256 | c86b4625d3a35b6f600d8f0d129b82eb73928e5d4f9df1a028e527aac86ee4e4 |
| SHA512 | 27da5c7d98cac39525b845f40f128cbbdec6a693c1f20be689a1bc2ec0a2fa33a1a82605dad06e410371cf069304663bd6bf1c4a5864d99921e0584243b33997 |
C:\Windows\Installer\MSI45C0.tmp-\System.Reflection.Metadata.dll
| MD5 | c4ea65bd802f1ccd3ea2ad1841fd85c2 |
| SHA1 | 2364d6dd5dd3b566e06e6b1dc960533d2b3017b7 |
| SHA256 | 46451e1168dd11d450aa9b6119f17cec9a70928a40ac3c752abf61ce809cba6f |
| SHA512 | fc4c18ea6a6f38d8c4b4f2e02d3d077cc729b531ca08cf9602c65e22aadc0be770e441660cc980cbfed3b27bd783e65f793838532673e2845276390b4b22d730 |
C:\Windows\Installer\MSI45C0.tmp-\System.Text.Encodings.Web.dll
| MD5 | e8cdacfd2ef2f4b3d1a8e6d59b6e3027 |
| SHA1 | 9a85d938d8430a73255a65ea002a7709c81a4cf3 |
| SHA256 | edf13ebf2d45152e26a16b947cd953aeb7a42602fa48e53fd7673934e5acea30 |
| SHA512 | ee1005270305b614236d68e427263b4b4528ad3842057670fad061867286815577ec7d3ed8176e6683d723f9f592abcbf28d24935ce8a34571ab7f1720e2ffc5 |
C:\Windows\Installer\MSI45C0.tmp-\System.Text.Json.dll
| MD5 | 38470ca21414a8827c24d8fe0438e84b |
| SHA1 | 1c394a150c5693c69f85403f201caa501594b7ab |
| SHA256 | 2c7435257690ac95dc03b45a236005124097f08519adf3134b1d1ece4190e64c |
| SHA512 | 079f7320cc2f3b97a5733725d3b13dff17b595465159daabca5a166d39777100e5a2d9af2a75989dfabdb2f29eac0710e16c3bb2660621344b7a63c5dbb87ef8 |
C:\Windows\Installer\MSI45C0.tmp-\System.ValueTuple.dll
| MD5 | 23ee4302e85013a1eb4324c414d561d5 |
| SHA1 | d1664731719e85aad7a2273685d77feb0204ec98 |
| SHA256 | e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4 |
| SHA512 | 6b223ce7f580a40a8864a762e3d5cccf1d34a554847787551e8a5d4d05d7f7a5f116f2de8a1c793f327a64d23570228c6e3648a541dd52f93d58f8f243591e32 |
C:\Windows\Installer\MSI45C0.tmp-\System.Reactive.Linq.dll
| MD5 | 317dce13b2316abee548a2b013f26471 |
| SHA1 | 3123573b2291a0f01badb10b149f741bcb9eb0f7 |
| SHA256 | 21fad2983b4b2f95049e975c9f26a77bfe9281d8ed18e380c9017fc82137a1d9 |
| SHA512 | 3444f813632f5f397b5c27e0314479a404b7ade058a5e6c540331fa4fd5fa798ba7352b1bf58d6f977e5e61912ed9620a1ec1350901d0b00fad2ace3eaeb6163 |
C:\Windows\Installer\MSI45C0.tmp-\System.Numerics.Vectors.dll
| MD5 | aaa2cbf14e06e9d3586d8a4ed455db33 |
| SHA1 | 3d216458740ad5cb05bc5f7c3491cde44a1e5df0 |
| SHA256 | 1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183 |
| SHA512 | 0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8 |
C:\Windows\Installer\MSI4A26.tmp-\Microsoft.Extensions.Configuration.Abstractions.dll
| MD5 | baa7644ed2f322d1d2c953220987c4a9 |
| SHA1 | 3860c3d54413837fd23e9a7081c15d27ab2ed4f0 |
| SHA256 | 5da295c08aba9257c8f27a39a3d21e0ee82c4e55c098794688305c270b4983b6 |
| SHA512 | 034cb63f8a8ccf99d2cb182c72e7e5ad67cd23baaca376dff3444c13e9c0bb78e1e5643ed82999130e9398fbd643cd86a875249401a49438b7d7976329d2ac74 |
C:\Windows\Installer\MSI4A26.tmp-\Microsoft.Extensions.Configuration.Json.dll
| MD5 | ae4d8069218e6a793e4cb461e09d4d9e |
| SHA1 | cba0b162d94d80def76020a36c855543e8787ef9 |
| SHA256 | dfa8ce0bbd09c898957dc08ca9d3e1db2e87edd5d940c78f6b0becc6243d9d9e |
| SHA512 | 6c838cbba6623ec3f9168f79f27ba651073a96cda48cdce244883caba27004ac72f76c77f5012f0b044877fd3d90c1b9425465fc1782f0b5dc37d33c9f124e3e |
C:\Windows\Installer\MSI4A26.tmp-\Microsoft.Extensions.FileProviders.Abstractions.dll
| MD5 | 9b981dcb9329e9043987eb2c24371714 |
| SHA1 | c3c45b42a67525cbf8596cf6ef9a56d103bb70f9 |
| SHA256 | 0706cedcd984a2478f10a9e57bb06e81bae2e0a1271507b26e91fb8f8c3413fe |
| SHA512 | 566bf7d258d3306742c3c585d04d19b338a8e1224e29ec7af35770e6827bf597a613775223cf93aa9afcb4ea3da0ca53b99493d9b3c6684da815907c8629b03e |
C:\Windows\Installer\MSI4A26.tmp-\Microsoft.Extensions.Logging.Configuration.dll
| MD5 | 89edab075ca0d2e8eee86dbd664ba609 |
| SHA1 | 651ca53b439982ae4583722e650570c9e6d78561 |
| SHA256 | 5ca00fffda7e3af0b67c0f9c0c572acaee4a0a50c1b9c38d3be19cb5a358890a |
| SHA512 | fc28c7b66fc2e9b750058c0e1b8e5bca118212cb1cc2a91c9701514f319d63c38ffe95682ed3bdb892d58c97d35c22a12d2db22e3ee283fc3066c67b5908b222 |
C:\Windows\Installer\MSI4A26.tmp-\Microsoft.Extensions.Options.ConfigurationExtensions.dll
| MD5 | 25f286646b702aea416ea09b4d1d5dab |
| SHA1 | 63762d40b3d8bd7e2f7d8f6fb1186cbfa4b4f0a3 |
| SHA256 | 89595fabd8b150813d0d2e8993f19aa2e2cab3b3be22e1173c8179b51b37dccd |
| SHA512 | 019c432de3f3bee3be6ef0a88b5a4966e1b6af7fe2ef6b19016248554f11acbf0ced306582930c3dad781ad308b9b98a27b2889f67f2323f9747033aff9a7617 |
C:\Windows\Installer\MSI4A26.tmp-\Microsoft.Extensions.Logging.dll
| MD5 | 73eab96c0898a78a61d89782ef6fab83 |
| SHA1 | 07541eed457b5977890c13622d4fc4cabebc67fb |
| SHA256 | c4b2b98c21b24b88640bc0be5dcd335d82df129dcaa0dcc778d91a759a037524 |
| SHA512 | 90e8b699f451667d18762cbeb0f050f5462e97186b2b495b5de737ae565a7e1667c0ae5d89442ad93c08f2b5db5459b7febb63b1667466e13908f24cf1e3c075 |
C:\Windows\Installer\MSI4A26.tmp-\Microsoft.Extensions.Http.dll
| MD5 | 4186e9c7d8c571c4620b5e6ea312539c |
| SHA1 | 6ffccc5331e561dc09c80acbb448f14500aef8c8 |
| SHA256 | 8736296948e3d51c58303a328000f9d6d83160084d2d375e71914c55e6aaa644 |
| SHA512 | 707942962d1ed4865796eb1432418ecbf4c948c82cb5e5536b5320765427d0028024510904197cfa08dd110bd09887916f208ac35c25e715f5c6d7827ea1a8ce |
C:\Windows\Installer\MSI4A26.tmp-\Microsoft.Extensions.FileSystemGlobbing.dll
| MD5 | f8dc23b883576fb84eccd1b7b56490d3 |
| SHA1 | c447b48529380954c878f1d933a10ef1bc402bb6 |
| SHA256 | 1acb904f6eee86f33b507a7e7cf8f2112d34d1b34daf1532df4d800795d328bc |
| SHA512 | 2604147c8a3664e2abeeafe9503cbed07866c763581c7587f59f8472718995c7d17782385826d70ab515a73bf4efc57e91ec5738d09363689305592c38fdb6db |
C:\Windows\Installer\MSI4A26.tmp-\Microsoft.Extensions.FileProviders.Physical.dll
| MD5 | 4e153e7492eae30cd0aa49a3140c1ebe |
| SHA1 | 55c123a2f3d1c7e24c4ed5edc54043cd9c37810a |
| SHA256 | 6bda4bddedfbb9023a5330dc1fd528e851cf2c869e53f3248e704927cec107cc |
| SHA512 | ba25bbbba4c3e454f4ec064195f5f5e9d0cc4c217b9b4ee538fd31d138224a12c58c0b97c588ea4ea482b2303b0afa04125c30bed102b7c5f2aa645d8e7c03bf |
C:\Windows\Installer\MSI4A26.tmp-\Microsoft.Extensions.Configuration.FileExtensions.dll
| MD5 | 8be2c97bbbe81795e3042602a21965e6 |
| SHA1 | cf89501075ac6713c091ca773dad2ba946b7c6ea |
| SHA256 | 385ec618612990af5b4d8ec6edffb13fbb5ff5a03e7786033b42ea061ee3976e |
| SHA512 | d89a13ac0e3639acbb26f43739cd7a01ddb07fb03d7e0db5940dd28624d76014ba5e420b45f2d35b1acf0d9b3117a06f41f56109066fc95e9bb438d7516afc04 |
C:\Windows\Installer\MSI4A26.tmp-\Microsoft.Extensions.Configuration.dll
| MD5 | 4ae4c4004b28a9c7286ce1b4f2bbf415 |
| SHA1 | 423c11f0e71b51378f39eb275093aa223c49f848 |
| SHA256 | d5f7cd54e4aa3b02bd445bd5b8ff4786cb6463ec976cbfe820fced5e272ec572 |
| SHA512 | 7bf95813a0c66425dcf3e4d7e0078f72e97a3df9baff9cc525f2292f5cdbbe1cb52fd674089d1be15516770f214b9e7bc937de314eb9042441bf0ef1be28b044 |
C:\Windows\Installer\MSI4A26.tmp-\Microsoft.Extensions.Configuration.Binder.dll
| MD5 | b825099a89c81fe4127ee2628596d5d1 |
| SHA1 | 8e69faa62f82dd042a51a345eea19b959442e985 |
| SHA256 | f2f6d158380c32a50bdb827b4d63f97c364f221813641daf74c257034484b507 |
| SHA512 | 5c8dd2275702daa09bee2a8dac563d1292eef6735cd0a3a250f633afb3ac7823769435c4a29796b0b3522d72312497bac86b5ca71cbba2fbe31ce9cc24557068 |
C:\Windows\Installer\MSI4A26.tmp-\System.IO.FileSystem.AccessControl.dll
| MD5 | 3409c581f0c5083f0c2a93a7a5ac9790 |
| SHA1 | 18ea7bd41d31247148abf184527c9368a26f39e7 |
| SHA256 | e6026501ad4056ff2f1655b0afdfe8923bc6e8fbad67e1e9ef56e3002f49fbb9 |
| SHA512 | ae877c6fddad0e4133274e6372d783eaa4dd6bdcbbf40ab66302fb89bd2f76b215130001186b5c9a135abd16336c5bfd4d414177704d7d359539da91918e82ed |
C:\Windows\Installer\MSI4A26.tmp-\System.Diagnostics.DiagnosticSource.dll
| MD5 | ccb6a65fa77074cdb0cb00478a89aecc |
| SHA1 | be6e62302419bfcd9fd9842a9084e64367580970 |
| SHA256 | 599a79d25958eae655ddae7337477d16ebc4f013b6896bbd60719c85b37db88c |
| SHA512 | 0495c13ced63266fe1adbabc0e2c86e7d6ce1b1dc3065f42a40607239ae88c92c39eba07a02dc0c68e200883b65a8541fd7b5c3dea58cb4c6d494dee0946d605 |
C:\Windows\Installer\MSI4A26.tmp-\System.Security.AccessControl.dll
| MD5 | 996aab294e1d369b148d732e5ec0dfdc |
| SHA1 | 28465fd34680a082506f160107f350b46140a1aa |
| SHA256 | 1fda491eebdb19ea0a83cf6c16ab5dd004a1bfdfc845ede017ebe0945beb927f |
| SHA512 | 5e6b172d2de5928915b38ec80c7b76f42430aac959f04aa3521c63495b6f3c4f82df139c275e9fc5024b1a0a4f307daade6130b6028779f98f456282ae8b61cd |
C:\Windows\Installer\MSI4A26.tmp-\System.Security.Principal.Windows.dll
| MD5 | be2962225b441cc23575456f32a9cf6a |
| SHA1 | 9a5be1fcf410fe5934d720329d36a2377e83747e |
| SHA256 | b4d8e15adc235d0e858e39b5133e5d00a4baa8c94f4f39e3b5e791b0f9c0c806 |
| SHA512 | 3f7692e94419bffe3465d54c0e25c207330cd1368fcdfad71dbeed1ee842474b5abcb03dba5bc124bd10033263f22dc9f462f12c20f866aebc5c91eb151af2e6 |
C:\Windows\Installer\MSI4A26.tmp-\System.Runtime.CompilerServices.Unsafe.dll
| MD5 | c610e828b54001574d86dd2ed730e392 |
| SHA1 | 180a7baafbc820a838bbaca434032d9d33cceebe |
| SHA256 | 37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf |
| SHA512 | 441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396 |
C:\Windows\Installer\MSI4C98.tmp-\ExpressVpn.Client.Setup.CustomActions.pdb
| MD5 | d47b237172f53537265eae8e3519606f |
| SHA1 | 11a8cb9f6f74968b8098e2715f695a7b7bf53554 |
| SHA256 | 53788ab62cfd07a5f3116e20181c1292a6ff2ceef724bf41cef89b35a10d481e |
| SHA512 | fc8079c00f119a0368aa364bf94558877f7ff21f54c0ce75fb088efc2c6a4ba2e83f4846c2f13dc129cb01e353a731a08813ae49b396f5f368d36814a84ff24b |
C:\Windows\Installer\MSI4C98.tmp-\LaunchDarkly.ClientSdk.dll
| MD5 | b79e7de7c6642e6d6ce8e2b37b921c2c |
| SHA1 | 59eea6cc0dd51fb08d68cb668e81f75946b343d1 |
| SHA256 | 15e9c3d9f8efbcdc5f18d5c77ac81fda944b38afcca559d8e21b3346b42afa27 |
| SHA512 | 1a54d162b342e3cee2a3b2c8a856e99276df5ece4e4cc48b6f306c1e653554a5430d3f9b3dbe03bc589fe0d9aee12c9a9fedd135172d825f917f1cf478ea1910 |
C:\Windows\Installer\MSI4C98.tmp-\LaunchDarkly.CommonSdk.dll
| MD5 | bddf7315bf45d28f31ddfeba750eae17 |
| SHA1 | 4dd5532e09df3e134105e41cb78b5534de314e6b |
| SHA256 | 0afa90a013560bffa6f335f5565e4947b7ddc8056c31e08d13a771d036748099 |
| SHA512 | 56939801584e59266a36c4caf32329835cbbca618c5b0ca81709de1d67aa968ab5ac6b993695593b6480ea1a76c24155055825e6ae6e8741f08bac0397b276c5 |
C:\Windows\Installer\MSI4C98.tmp-\ManagedWifi.dll
| MD5 | b4130361f0edba34394a59f5d434ac88 |
| SHA1 | 58061bb6dcb6f4bcc9d341730923207645184169 |
| SHA256 | 3ffbc36eedbf1222c2b4034530ee258b654e7e7f2c23900b83c01454e0a4f80f |
| SHA512 | c95a60d8701699d8ac5fc0431ea8402c11b31599927c83cd41c7e7076111702eb904f638f4b4f37749bbdf801b8b62bb876c95211d18dcbf5c8af75bb4f81a57 |
C:\Windows\Installer\MSI4C98.tmp-\log4net.dll
| MD5 | 8594e528cbd4b9b81cdf98ad39a7f7da |
| SHA1 | 51c67d26bbc287ce39c892eff1a6178dbc2c1219 |
| SHA256 | e6b5667056e67787e77a10be1ba134f46c1af8d4977148aa7829c9222fea80de |
| SHA512 | eb6685ad13dbce6049fb38e15f17854a8fd5bf797d1a45fa7264db5e1ae6094a480e7a6ddb0d02ce5fad4e7394cbec3f1e5d9cd4eed0cf3b8b0eec18384a8608 |
C:\Windows\Installer\MSI4C98.tmp-\LaunchDarkly.Logging.dll
| MD5 | 5c0c31190f09f6da14d16a9f1c01378a |
| SHA1 | 8cbe5d3a83b91d55b5bd511fa24904b48002eb57 |
| SHA256 | d8c514832108b4defc03968c375e4b263b0ef0fffdbb85d30d3522c07fc6372c |
| SHA512 | a65d490717d09feff5894cee7fbb00a8d88bae3601b89f2dc45c73eb3fd85ba02b80ff73686dc8bf5f854675b7569c2eaaa4aa87047e4898c6a2003cc306c327 |
C:\Windows\Installer\MSI4C98.tmp-\LaunchDarkly.JsonStream.dll
| MD5 | a6364c20196dea022227564b830ca058 |
| SHA1 | 560bc6572892014b5cf43dd91cb10d2f3c39de92 |
| SHA256 | 7c49cdc1202e3691fc2848546e267136cfb597b7f50533a1b2c7e8c755389f65 |
| SHA512 | 9ab37ae34c020e0cc4a9f2f542e9a11f033911578ff730139c73687f2efa96a7899e2aac68e1ccf4fbf6dea4ea8e29cea19fda607f38c54978b371633afd0b29 |
C:\Windows\Installer\MSI4C98.tmp-\MissingLinq.Linq2Management.dll
| MD5 | 3a41ddea7a6ced7d4a1af988064350ef |
| SHA1 | 43405986af7602d8ecae222e34825e469d564c6f |
| SHA256 | a52086b39a18146dcb27a492d2429b6f70fd12044e50d56b8b17d172254f6aa4 |
| SHA512 | c789bc85f8fe77600bc5723c92a1fff4e75924db6cfc7eede22ad08d6fb3675b396e627f1eb271b372bf28384322f8ab3326bb7ab22e7f50fb35b022b2e2b798 |
C:\Windows\Installer\MSI4C98.tmp-\LaunchDarkly.InternalSdk.dll
| MD5 | 37f3ffd5ec2276e591cb3e47e6fbd2be |
| SHA1 | 75cab5c4c5fbe168f0030af5836d267ca5ca67d3 |
| SHA256 | 12a8f93a53951d7adc792753839064d79a4338475327f49d61372761ef0b0959 |
| SHA512 | 9f36711a94e821bd2eb0d9ab3e7c296f5ab28f492016748849384170c8b4ba3264a84e14ee860ab574a1e784d10235709c197859907475370e245377542c0999 |
C:\Windows\Installer\MSI4C98.tmp-\NLog.dll
| MD5 | 6553bba76b42597080ffd54cb12a33c4 |
| SHA1 | 661357b08128507a34fe75466ecb5d7e3a522454 |
| SHA256 | c73881b442220f671bd35873999483777ebdc95b5123feaa5813fd9d55268b64 |
| SHA512 | ed9180002c30a18b5ac73224b8560163a1323a878d6b5698aa76bd0e5825c28f525d3f0080d1682224d24b739425d6ddccdd9f272cabb4e28a21073100589f5b |
C:\Windows\Installer\MSI4C98.tmp-\Sentry.Extensions.Logging.dll
| MD5 | 8f826963e958bd0816266db056b049b1 |
| SHA1 | ee1e08065a5ece32e0783e36653db25abeb62173 |
| SHA256 | ac278dfa3187a5c2480e5c60df999890390d35260c39f0e2d74d25d166672e14 |
| SHA512 | c58fdbc9b474f1a84098d14627d0a1b44b463a23b772da79bfa269bee5dbd7bbafa1cd72eb3dcc8db3cf42a103781d0de787bae00d80bbe5f18481a5435fdccb |
C:\Windows\Installer\MSI4C98.tmp-\Sentry.dll
| MD5 | 2e7dfe826fbdb73299d37722206fb29b |
| SHA1 | 268056d5f8519db888bbd2ec274128333b81b6d2 |
| SHA256 | 73e9de1f6002f9ef0df14f9a934e4ef87578a7dd67012cac0acec593832f824f |
| SHA512 | 36ba5406343acca303792702ebae768f7c853d3c651a181d8e897dfd20c71f21046a16a0ae2773dc182ca853cfd45cae6e442e9e5b4c39fe4154f2cc483ef5e7 |
C:\Windows\Installer\MSI4C98.tmp-\LaunchDarkly.EventSource.dll
| MD5 | 88e4c62a290c1b92a5db9dfaea8b27a2 |
| SHA1 | 40924ee10f8fc47a4b0e155f94ae63d84c38be09 |
| SHA256 | 62d279ad27aba29a8dc9e8d74ceb509e11bf88fa8f3d2d10f8a7d0d581f85754 |
| SHA512 | 69c838ea49bde60c7ea6b56a597a86a14654dc2262f515ec82f5362ae157f4395a0ce4d72d8150ac2c43031f8e1a4d55b6427cdf07091cd838489406dc95bbc5 |
C:\Windows\Installer\MSI4C98.tmp-\System.Management.Automation.dll
| MD5 | 7bde1e64b59b1922baf74b6a19b8fc32 |
| SHA1 | 2daf4971be94dcdd811d1bf799eb5d08502a87ff |
| SHA256 | 1fa048750cd62df4e1317d9fc054a95d49b6b142b2825ae15d983f43af91528b |
| SHA512 | 0c5a2279ceb52798a8f398a5c498e67a606275e75acef5627c2103db54f920c567e92d4adf7b2050acbfb1de33f118ff34d85ba7db0f08133f89efd633aa235d |
C:\Windows\Installer\MSI4C98.tmp-\WixSharp.Msi.dll
| MD5 | 92a1f1ab887a8099eebc0a646a0455d4 |
| SHA1 | 8ac9e007e6a18fd238781fc80a4887b2d3fe6375 |
| SHA256 | 7aac4d32402119d5226fd414e8449dd5bef70592ef29a2c5071350eb5d77d2dd |
| SHA512 | f17ad09f6e9cf03f24d24bd3407e4fb57789b29d0d876798b01d2305ffc3a8b5176a463d9db6ce12a86314c2686f7a6195239dd1e901116ce602f72e3a88b09a |
C:\Windows\Installer\MSI4C98.tmp-\WixSharp.UI.dll
| MD5 | 4cb9b80d4790c5ecc3ec5718a8345f10 |
| SHA1 | 949c3128e65606899550831bf824214030710971 |
| SHA256 | a4cabea22c6d3e0a4e1b640b97705c448400bec6945830b6dedc6e85ff54e96f |
| SHA512 | d5e96c7124a12735e40cd6960caedb8c7f64c379d3f823cf7d556a0cfb467763695d3355074ed586580c91aea73af857e314e3e7b293a42c025931c0f041a4f8 |
memory/2900-3092-0x0000000000E90000-0x0000000000EA0000-memory.dmp
memory/2900-3093-0x0000000000E90000-0x0000000000EA0000-memory.dmp
memory/2900-3091-0x0000000000E90000-0x0000000000EA0000-memory.dmp
memory/2900-3094-0x0000000000E90000-0x0000000000EA0000-memory.dmp
memory/2900-3090-0x0000000000E90000-0x0000000000EA0000-memory.dmp
memory/1764-3271-0x0000000003190000-0x00000000031A0000-memory.dmp
memory/1764-3272-0x0000000003190000-0x00000000031A0000-memory.dmp
memory/1764-3274-0x0000000003190000-0x00000000031A0000-memory.dmp
memory/1764-3275-0x0000000003190000-0x00000000031A0000-memory.dmp
memory/1764-3273-0x0000000003190000-0x00000000031A0000-memory.dmp
memory/5160-3444-0x0000000005260000-0x0000000005282000-memory.dmp
memory/5160-3445-0x0000000005050000-0x0000000005060000-memory.dmp
memory/5160-3446-0x0000000005050000-0x0000000005060000-memory.dmp
memory/5160-3448-0x0000000005050000-0x0000000005060000-memory.dmp
memory/5160-3447-0x0000000005050000-0x0000000005060000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7ad2e7ba040862e30d94b388fc095e7d |
| SHA1 | 09fa459449166e83147552b0dab19c218a822b6f |
| SHA256 | 66bf262c26d51704828cf42b455030a130fe1b54969d83eca6ca1f5799a64b69 |
| SHA512 | d617d9c09ab55c8e02b1126ab8e9db8da5db875e9919fc63ae70a2928c8de18c12cef781e2d01991958162a4d10bff16ab892a02b51d4a4418fad32b696f2051 |
C:\Windows\Installer\e57a079.msi
| MD5 | d5e72c30c8383525e3aed1f1c2f1caab |
| SHA1 | 453c6b82989d62d7e3d9e1c805b5d106c1f5463d |
| SHA256 | 59efe52b08ee6c4cef658510eeb2be1b4f4701d162ff581a57a2997421652c57 |
| SHA512 | f8e67557af9e9053498460a32401b0b9f20cbe771d14189df112db505ba2f9330c7f89fa4aa61f486a4ab7867115a0c1909cbf5b5b5546cc70c61280b49ee867 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1a1e72d9eba6e1deec86d8222e3f10d5 |
| SHA1 | 1a89aebeb5e64b35dd6c696ef51828b876ca2503 |
| SHA256 | ae39161e9b5e17bf7a9998caa87477411353495f370f45d6d0cf8adbaeabc1d7 |
| SHA512 | 5069f953aa88c3fd61d0a9d06cff9578d4168ea624bd412e3cff7f99a9461113b9b34cc6147a5a2c3a96b350079be242134c802a6fcebf74975719d3cb2a4bf2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 2636df9f69d06749733cd5318ff207a5 |
| SHA1 | d01f4ec36d52e5d64540986cb96ba0083f0aa70f |
| SHA256 | e65219a32b413fa7ce617f11dcca6c0ede34f649999fc6921a94a904cac25915 |
| SHA512 | 98b5710a8dcbaef588ee084a61696dd0b8abc56171c97399d2a358239f6177855b571217785aa4473ece805d14fb972ddebf395275b7948fe80ed1a07be3bab3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586f01.TMP
| MD5 | b69ea3b97f74cbfdff998db4f373d700 |
| SHA1 | 4c762286625fa20521573415342137ba4fae5705 |
| SHA256 | 8f708dafd14b0ba2c7bb647cf160993ba1f9ea351a4210bf8e807d6de8555305 |
| SHA512 | 2308ce3aa838c095c3b68ba166b9fa2f9e45cb0467e3a8786178d17f0e2d4e55a0b7bdbb82607bfe4be8426a735114d0f052d460cdc4601ee400f8713891d395 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | d5999e8e1211d6f9ce3e574ca3b670d8 |
| SHA1 | 7590d1b0de400cdf96f064f2e96906f114e124ca |
| SHA256 | b6e0fe7e9fd7a4c9728c6bf00273de9bd95f501ca56d4868c0aab46eb8cff0b7 |
| SHA512 | a10994b33598204209f74a220f61e34b8e5aff37a533276eea433c3059f71d8d449629966f7235230a9bc101b74c5da61e7beb25c8ab07ab2227d39d5baee373 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe586f7e.TMP
| MD5 | 4a05f91f217c820df347d4837cb54e9f |
| SHA1 | a1b676228c506f8e3a27c8424951c34cfad7b7d2 |
| SHA256 | 15ae1d091075f6ee289cc0a3a1ca30e3775d1c437a32ba0d64ad79da7b598ce8 |
| SHA512 | 1855edcaa8e35b9ed8a78ffa6816508a47b77b19df1fb14318bb97aed5a72bac420d29ef214613f8115463fbd12673403839a1a604108a9fa940b051978521a4 |
C:\ProgramData\ExpressVPN\Config\p3d0hfrs.bin
| MD5 | 2438ffbd144ce0a702ad1683097b3ab6 |
| SHA1 | 9c76f62e511aa4dcd7efb07c2fcf0bcb23b3743f |
| SHA256 | aadeaa54a88d4d95081060728c437fc87b389e9376b93f5e8e1fc9a93c7f00de |
| SHA512 | bbd332f2eef1b51112a18813ac4ff75dfeb939fdd63f0c399e4d728a4865618158ebff00c445b6e440e0b82fc80a6dbb904263b0d444ccdb40ef221e38d28f92 |
C:\Config.Msi\e57a078.rbs
| MD5 | fec9a35f4888082c99fa8faa5f128a2c |
| SHA1 | e960ee84aae9c22657445d5f399016ea32783427 |
| SHA256 | 962f75332ab97cbbb6f52a706613133b4bed54f8a28fe3a05613de1a2cd31ad3 |
| SHA512 | 9902c891586c658f0687b5a5cd97280948a28deb10981db2de2d5d335a8caa665823fda9f1559f1be22d7095b8826ad8bd4e7cfe1a645340a956be2fc8084028 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | e753dcc2ceac54c6c5b0619a7126f04d |
| SHA1 | b4a85d46ac70dbaef2bf98e8fad3033777f00510 |
| SHA256 | 2567f11fd0788cbea9ee96dde5b7b27fc77242a97a90c960a947aaa9a9f38e0c |
| SHA512 | 1ff65d9653e5372860f4f27c2baeaa5de15c1dff9fdec5e595c7b165a0923a90615ccb85c16034fc8ac02650773e2567dbf1d6ff2fbac94724018f00f13b5cbd |
C:\Windows\Installer\MSI792D.tmp
| MD5 | a3ae5d86ecf38db9427359ea37a5f646 |
| SHA1 | eb4cb5ff520717038adadcc5e1ef8f7c24b27a90 |
| SHA256 | c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74 |
| SHA512 | 96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ecc4e8b3-ba0e-4aa2-ac7f-4901bfd3cc49\index-dir\the-real-index
| MD5 | 07bb39b5934a8a913e64d88e2a0a5876 |
| SHA1 | e04619b8f7706655604f1e38a9b3413ae7faca64 |
| SHA256 | 85b99c05b4c5f55a707019568c014f81dd8da3139e0d6c94a0b9c8f16e087666 |
| SHA512 | e44260a2a0c8474ea41fdd8922ee405bd9ab717ead3b67f6b24482642deb9a8a5ec856dc4fc265c736c54bffea74e80dfa68e81b3c868d794d71aa4c6fefb8ae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ecc4e8b3-ba0e-4aa2-ac7f-4901bfd3cc49\index-dir\the-real-index~RFe587b65.TMP
| MD5 | 1fb3fb02ada79e61e1c07b0429ae39d0 |
| SHA1 | 09dff2264a484286f8b0fb7826a5f6f5e8cc1ea6 |
| SHA256 | cf0f9210edb62aa6d44884915a695cc6e2c3f47020108f7df8e680fa041d404d |
| SHA512 | dcd128e2ea2c321c274e7da4140bf2be6831cfee2544b0fef4ae9932645da9e26a8881e67b9dcecb9e4f53f2cbaac1a0f0f946256da35edc168b0ee8cdb6f624 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ca874aa1-c8e7-4aaa-ad66-342063748953\index-dir\the-real-index
| MD5 | 5632443fe0a509bcf8139070f2cf9823 |
| SHA1 | 1fad27c071c10a967535aa87892641ce6829abf6 |
| SHA256 | 53f94bf61762edc359f4ae1a252edceb026043b42010bb49bed4535007c0289e |
| SHA512 | d4fd5989880554e93bdc794b48b6bbabec91a90e54b5cfaeb510321026c60f8dde819045034ca5553f71fd42cdc55addd558d2d7dd3e2608775056ce74f81d2e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ca874aa1-c8e7-4aaa-ad66-342063748953\index-dir\the-real-index~RFe587ba3.TMP
| MD5 | 6b66885690944444bfd21a36bbaea50e |
| SHA1 | 1cdb49d66725b5c5d811182b8f2b1714e60daab1 |
| SHA256 | 072a0e0936199bdb16cf67497b097981c44ba147edca484f5549ea3acb268e42 |
| SHA512 | d6181ded17c344386284d7c49ba60695c88198fa7f8e1711c65a2584bd9651d922809a7b88e436d2f7b8ec9366a4477507875d807f84fb2856f4424ecbd2e1d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 095c8f334e40499021f4e5b6a0732518 |
| SHA1 | d138e6799a9096fb01485828f9264e1e2a91a690 |
| SHA256 | a14d954383898d0e911e75010986b63b74ec7f3a8254ee13b40d98b1af7b5dcb |
| SHA512 | 61930e96bff5f34b1046c55f1e63487622537da2bea8bd02248a98e6b6ca7117db055ead3b17a4d1b4257dfae74310f315454e8322809c82b4c437e535749d85 |
C:\Users\Admin\AppData\Local\Temp\DEL7CC1.tmp
| MD5 | f162ee7a69d27493bd375907f666ca94 |
| SHA1 | b79c97c0cdb592f7ce01f3b4bddf5ab5db252547 |
| SHA256 | a8609434e1d3481f153b811e5f7c1a0a98b205a0a6d5a176b45b4b8b1ff1b95e |
| SHA512 | cd32829c002d236014e45d14232f7104f4518291c39fa0dd55b5d29a1c5bf991b287b1ae3c6f16e5e8d31efba5f27e61d3c7241648936f1157d0564a1a47d32b |
C:\Users\Admin\AppData\Local\Temp\DEL7CC0.tmp
| MD5 | 8d3bd603070c5341750804592de30739 |
| SHA1 | 19b27c7834ad7cbf1b9d6a396dfa0a5fa5588112 |
| SHA256 | 74fd8ff3b37e161c04c4a17ada1138cc44f52b4af93f946237affb040b0c916b |
| SHA512 | 8c366f1a037e448edec3d324f559ccb56ac184c5f504764c8afec8cc56048d4532b8a0926e10316d6d41fc2b21a9bd673899ff459c665e6d3d8e371bce980c35 |
C:\Users\Admin\AppData\Local\Temp\DEL7CBF.tmp
| MD5 | 988912a8a5ae0cafeb29f80b4e3af6d4 |
| SHA1 | 1ca87bea628fff4c8995d92168e736ef7fffd1ae |
| SHA256 | 5c67aca3caf64cb4a2ca3111ce00da9aa1364583344896dfdcb6d85c5050f43e |
| SHA512 | 2d58cde0d8f2d2aca423a612c77f34a146f46c64f8e5c877e7395baf2669ae1537bcff6431c7c0c01bb0889ced875604f9c4743b0974c2f89e300aaa13b01d3f |
C:\Users\Admin\AppData\Local\Temp\DEL7CD7.tmp
| MD5 | a1124e760bc0cbf9e261cdfe7a418832 |
| SHA1 | 0795b0adf6cf467fb7942b1f7405bd0ed754a9d6 |
| SHA256 | 0502f8da948a642e4db4cea611ce28dd3da8c2928d3626ce530cfafbb4d11f7a |
| SHA512 | 5ff54162d73559133b64bf35bf07da1d3ee064ce32c071caf137f9eea41d0fb30879e7835b6cf537639cd2442c9117a9cf68d4a5e89b8af5d1319b82f9f4afcb |
C:\Users\Admin\AppData\Local\Temp\DEL7CBE.tmp
| MD5 | 46e1d39b4319db3517b9fa2d7d0b67c8 |
| SHA1 | 33af5ab0df4b9d690fe283fb8a8bd63508f3ada3 |
| SHA256 | b509e2c677b73b4cad4f09d0c3f94724bf3fd952b3f4c24c30985636ff2ed30c |
| SHA512 | dfedfc09ca7c1dbe611015c19464918d1b13b0f9828d504ac11598be442d61ce3ef8038f0d9c9ea0275fa5d95630e41ffe6a0bb1b0b67f955a46a858669a345e |
C:\Users\Admin\AppData\Local\ExpressVPN\ExpressVPN.exe_Url_gwqkjzvdy3xpznw2dfneavuubxdnvnis\12.38.0.60\user.config
| MD5 | df2ea154c113c86c064714b3b0b5555a |
| SHA1 | c0b1a1a0a78a372d9fdd7ba4a029cdee42a0de65 |
| SHA256 | c2cf2a4af9784fca26bb94e650209bfdf1decee29f02e1398b902ad49182588d |
| SHA512 | c7cbbe4c79af3c2a246ba361842d1adcdd541e1eeadffa1ea55e9be75ce5099b90d020864def8f449b8fe472a3576454809f036533404e706b1baa142402a0fe |
C:\Users\Admin\AppData\Local\ExpressVPN\ExpressVPN.exe_Url_gwqkjzvdy3xpznw2dfneavuubxdnvnis\12.38.0.60\ehcqzq4u.newcfg
| MD5 | 26e3e068ccf44f130f40a158db8c4526 |
| SHA1 | c5f43d44ddadff0fd11a4f6285b54329196d668f |
| SHA256 | 18c2b162e66a3fe5edfb24eb6215dda7c075cc8afa9eb69cd2bcb0785f400e79 |
| SHA512 | 7720c82b2464879668763cad16963de5d4ecc5ac377b641cc8675d113c91a462c46733396be023417be05ac3b3eca3a8749c1e91fe191bd697db092df14e6856 |
C:\Users\Admin\AppData\Local\ExpressVPN\ExpressVPN.exe_Url_gwqkjzvdy3xpznw2dfneavuubxdnvnis\12.38.0.60\0gz3r2eu.newcfg
| MD5 | 286c05e5e213d7e97069184c0c44c85b |
| SHA1 | 009b760165d9332fc7af6bfa05a826fb87964f9e |
| SHA256 | d29a7bc5b1f30f8d9dde55e417e89eb86b5339613910e293405b5aaf50fea7ed |
| SHA512 | eaf3ebf413e08b111a6937947da7b29100737d6c1b4c21783392d1093db3ec9e28371f1afe203c3335f866bb09a213000d48a60e71a7c54d2750b1582c033b1c |
C:\Users\Admin\AppData\Local\ExpressVPN\ExpressVPN.exe_Url_gwqkjzvdy3xpznw2dfneavuubxdnvnis\12.38.0.60\h2ryqczs.newcfg
| MD5 | 0b5a51b4d5c666f5df3161ed1bc62511 |
| SHA1 | 362568ee7b81c337f4abbc2179682346445785bb |
| SHA256 | 95eaf9af9ccb14c33daeb04c498cad14f7b4eca49e890cb0c6debdb189a0538c |
| SHA512 | 947d1717325db18bbd7782929b018ac54660a8465d52c9264fa0d4b2521682ffcadb15bcc93c9bd141ffa3c7d9ee3397b4b7fcae74a9511bb404d244eb660b12 |
C:\Users\Admin\AppData\Local\ExpressVPN\ExpressVPN.exe_Url_gwqkjzvdy3xpznw2dfneavuubxdnvnis\12.38.0.60\mofochyx.newcfg
| MD5 | a39f8f3cf32aa2eb6b8796db17cb4717 |
| SHA1 | a656c39987cd4d044105ac3665a414e0970aff49 |
| SHA256 | dcbe2d0f8514213217fef33467208772f9b6c9c0d28b1bdfd3d1a6f829948cae |
| SHA512 | 735b305f0adcaee25981a16c960352e78070132cb0ffff010027a8fc8441da8720b6f905a8966478a4c9f9a885114e8d0957b2c61c1bae2ab0de21789ded1847 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f56c747195c50f6a4bdbda79f493d047 |
| SHA1 | 07074169f5a167cecd75a9e5faa9c08e1b9b1c35 |
| SHA256 | 834c2812636fc23b9fda8da4081d929d407e3459a3b301459d8e70ede166f446 |
| SHA512 | bcc5f3420bedd96a3580ef5cb4a010a47c2362e36cf0675ebfbe2d10ee2d94e13021b94cbece0d22b1d76467fb13614a5b6b07cdd428fcf0b0339eeb3cd1f0d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7833479352d7df09c877de7cf28f2c44 |
| SHA1 | 883ddbcb75a74b8cceed81401bac3ce87fd4aca9 |
| SHA256 | 12c274e253a52fa92d472f72575cfee1e579ed82c2cd1969e83086cace1f0884 |
| SHA512 | 10a19e1d70f404880a6b72d3cadec8f2dc77db5d1422d859b0ef6efb5bb0ce291b1408282e73b3009a1060a43e9d03a23c9832e3e2754b9c58448d0c5e69d344 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 112bd1f57a5f0e3581bf99479355e1b4 |
| SHA1 | f21fda221f28a0121cbbffd37041e7b18a1cded6 |
| SHA256 | c33bd34a4cfb52823250b510e05b6a8c130b3bb8c1aeb199ca1c21e105568543 |
| SHA512 | ac816966352b685ecd3d7bc291cfb15dd6e3389ff33d3acbef5a66555783687a469bc29874f890d93015ed3cb79789101e9346107268e6d3ad2da0afc7f1fc51 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bce005637d4809663ee734240f15235b |
| SHA1 | da53877695445af32f4cfffe62cdb071b44ee1c6 |
| SHA256 | a536a370a193d23784540c83af6a9ed5b5fe9312c0c3a93ed140fabcd2691ea7 |
| SHA512 | a6ff2d90bf3d651eb0694e215169086c7007f1f00bed67042cc2e95698825fae0e020348f87e68265952ba39c15ea1708e94c7b54c5a751bdc601a815c7d807c |
C:\Windows\System32\DriverStore\Temp\{bc5ff136-34b3-3d4d-ba91-52bfacd2a1ca}\SETB32E.tmp
| MD5 | 9f21d84f9a3aea8e7caac61a6ce039ab |
| SHA1 | 0204dd21800cf1b3529735ca4800fcb09c973a06 |
| SHA256 | 6e520a11e243e3298f5d11dcef49f23311a481a40ce5f3bde3204deb3df77075 |
| SHA512 | fa9eae2283bcdbf5d31713edc4e4fcaf578aaad47d990744fefd8d2c046c9f373e98095f0485b53af8edfc79a83a9557ead407b4a11e775571f109edca020dbd |
C:\Windows\System32\DriverStore\Temp\{bc5ff136-34b3-3d4d-ba91-52bfacd2a1ca}\SETB35E.tmp
| MD5 | 4bd1a31fceeaf553140842a3fd8747e2 |
| SHA1 | 346f78c0f112c666fd9557782a966f46a4eb16a0 |
| SHA256 | f420cf15041c06075eb7cf1edf4d5401fa0b5904b06f3f006c6d3732961ae9c6 |
| SHA512 | ef2980cf7529fa7f50e48481fb86e58b47358ef686e8b4fcbf4717f4f1932600d3762e5cd4afca637e6a915d20e1487cd4e64e6e187cfd3a79b5dbc38bead6d7 |
C:\Windows\System32\DriverStore\Temp\{bc5ff136-34b3-3d4d-ba91-52bfacd2a1ca}\SETB35F.tmp
| MD5 | b8fa093624da23283f743bb28a8ced2b |
| SHA1 | 2c531829807ccfb13180f881452a4f6c6647cb99 |
| SHA256 | b969c3940c90f674173e6a0788dc6e232f24240b1e83d175d6fdadf0e23d6195 |
| SHA512 | 32367377cf57ca44edddc378a6508f3a3d3b61f016c5912fa9891c0abfd10833db478526fabdfbe029e6889444adc38b2a3359e6916344c760e3876dfe706fca |
C:\Windows\System32\DriverStore\Temp\{8c550c1f-a539-ab4e-a20a-01674f20ffde}\SETC1B5.tmp
| MD5 | 30393ccc41eb110f731411391027856d |
| SHA1 | 29bc442c8b7f943d2097a5f02d83ae475ba07e8b |
| SHA256 | 884406ceb5ac1f4958738f2311fe85d46897392f11abe02c2a6db6f684367a04 |
| SHA512 | d74d6bf3bdc6bb91986a7d7deae81759f630e2c9ebf115bfdd7c23a7df5aaf451d806d175737fa3210c40d46df7860a36adf94c2079c37cd4d4a28b8b4dcd81d |
C:\Windows\System32\DriverStore\Temp\{8c550c1f-a539-ab4e-a20a-01674f20ffde}\SETC1D5.tmp
| MD5 | be19a353723ceb54e03ce34b864a9af2 |
| SHA1 | ae655c16708dc6b6e93b1341f1b9757c1101010f |
| SHA256 | 8bb3acec7c503cd60e24f367c647cca90345295d6fc954c6ec80fb41b56f6182 |
| SHA512 | a2f990e70c31c37f27860d9aff9e06bbbb3054474d0fdce8e57cd6d23da2ab1b875788c74d602b65e669cb98b47c64ca29fe1a22b32dbba3d2f39bc4c921a151 |
C:\Windows\System32\DriverStore\Temp\{8c550c1f-a539-ab4e-a20a-01674f20ffde}\SETC1D6.tmp
| MD5 | d2eeda960671e459a34237f5a2adaac3 |
| SHA1 | a3db9e0118f8ff28d9d48d43fc820ac9cbfdc6bd |
| SHA256 | 02385be3f7256c7e7e71b0e81e5c98bc696a4077de5cc7d5b34f96dc997d6db9 |
| SHA512 | 5785b80823f22d10b6bf5b77aa4663a77bc508a6eb5c6008dcb012ffc8dcb616344e703d47e21ef2b7356368ca57ce0a7f819abe5f0522b43c1ad12c3961dc6d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 06afb6bf0e92df93599c6392571fc4a0 |
| SHA1 | a8072a4de2af4e00fc53bb9e596822f076e98be6 |
| SHA256 | f46f6271ef300f0b01b83e5f1d5ce67e829ec2968276097c72bfc9366883e778 |
| SHA512 | 7b026b38e5a8c40eaaad8f85f6c2cac2818f36797e4ecc63cacdf8a75447a0cbd60a2ddd92bced2fff0ecb5d1264ba65575d0168dd86a592d0c99d5a2e24ec76 |
C:\Users\Admin\AppData\Local\ExpressVPN\ExpressVPN.exe_Url_gwqkjzvdy3xpznw2dfneavuubxdnvnis\12.38.0.60\ghgt1mal.newcfg
| MD5 | b17e73b19568a084875bec4883d8e077 |
| SHA1 | 617438d8784c43f99584f533e1a21b3b5e05ab7e |
| SHA256 | ea9400ba57a160617c9b909b3d1241d1bad24676ebc44bc2a9204df864ee20ee |
| SHA512 | 7535c93b9413e994bc8d35f4cbe6dc97d923eeb51f120f17079d9d323da2b734c1d6a1569f5db494a3b55dc09132de613a3a2294447aad805e543e47c73d3651 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3215f85d7ac188cf868233f2f830143e |
| SHA1 | 2bcb136467827d095a3ab15bc8fa2146c799e312 |
| SHA256 | 7cea145d5fcdee52fdc7a89793a1f2602b8270ecb9abdb04143269d82e0da8c1 |
| SHA512 | 3ecf9111d75d1cfabd6252cbd91428bd7cca1d253f517d44798f2bde635c1956c7e80749b26b244a9488dc7fb4f4822765e4c305a54fcc076c3fe4629710f37a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 694457d67f2761042ea3bee20e46134b |
| SHA1 | de9f2f816c11deab674c91e307c3002202bb2afd |
| SHA256 | a30b8cbf7403067a1a1cf00bb128c88313fa4a1f581a8d4b7cf40ece80f7d58a |
| SHA512 | fe9fa19003dc99d23b232a9bf63663d3fd32f2390b4504d727b8e27721bb3e90164e35b08b36273bf11feeae00890e38bb3f4ccbb766739eeef911a8088ee334 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_googleads.g.doubleclick.net_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 13e0feeb8a4fff9efe354486ce6f7c76 |
| SHA1 | 2d3a6ca2681b18da32ce6563f4a01edb1eb34528 |
| SHA256 | 5d9268d8355211ea16384364f0da2c82e3855b60bc6af38b57e802fc9a5637e4 |
| SHA512 | 095a5560bd562b897330bfe12c51d6e5691bc49650deb539f334c78799964aaee80c2cfa630be027e5dd7bf88e7b5c4254bb4f2a356e28a1638260f20bac4540 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 696cf509b726d9eb5c2bb70abe005370 |
| SHA1 | a9a49be8a61694f6f74b13623ae7118be731dbab |
| SHA256 | 2b25f1075bc24816bd203a93cd3714e284b6e6ed3fe0d8d26ae687faaef885ee |
| SHA512 | cb1724327d6b0d023c45acad32eeb94d52cbe99d270bf004102130f45b692772fdcecf2d7e0541ba083b1707c4620e8ef3b6455db6c3db15edac4bad3b122443 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 33da8de86eedff6a7f56763aec23105b |
| SHA1 | e495cad28eff85f7bd72413ccb9d64ca8a3cf84b |
| SHA256 | bca8bb8fda0cd6dc3839d3d0c811187e12cbb8533c6b98e00672f24d20692f11 |
| SHA512 | 0dd2e38b9e8a99fe6a6366f6b10c5eb1031ea50b734eeacf25f7961268398fac4a5748f3aacddd37fb554b94e6b0218f0a4363b22901f277cdfa5102b800f868 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0c9c7b3eb07f0f1f142f1fabab0fd5ba |
| SHA1 | 6f89b0c38320168b2252a5132ba4a1077c94fca5 |
| SHA256 | 52530a8db5faed6f632a17d8be67e8f30e49bbedc7743382d7e27ef428b91dd7 |
| SHA512 | ffdab82c450c6ec3df59ba5350eac24119828ef666184733b486f289a7ea36c67c29f1bce60680c9307814c559e75c8ef47f4c300be779cfede7b800897e501d |
C:\Users\Admin\AppData\Local\ExpressVPN\ExpressVPN.exe_Url_gwqkjzvdy3xpznw2dfneavuubxdnvnis\12.38.0.60\user.config
| MD5 | 8d26910e7ea6671aec22bc078ae48493 |
| SHA1 | ae47d94d6d899a177a3a544d90fd490746651a13 |
| SHA256 | 79508fbd810afdc81aa07c0f14ee892b3d3a68d14d7bbec96283648eb876fc35 |
| SHA512 | 178eb3e8325251c0f9721f9b143cfaebdbcadb932cb3ddece8ad0e3825ed6060d5ffae9941837d34cec40a68fb5cf364c58f89c6333c558c1ee051b136c416c0 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\e0cf5cbb8e886d22.customDestinations-ms
| MD5 | 71e64b53a31b6f904d7af10ad8c9a01a |
| SHA1 | 2c273968f7f33a8063e6a6fafedaee7387ab5574 |
| SHA256 | 3311cf147fbab9a7beb84ec4778aab5934e75b173933bc4c0e1869e4c8d839a0 |
| SHA512 | 9a76fde35b8eeb09ecda829cad03d0bfef581ed72bdcc4d7344d5eab547736a6248adec8ba3689cdd56aae6bb3a53d7b294a0d92f0433dd3e17dc45c0f4df29a |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\e0cf5cbb8e886d22.customDestinations-ms
| MD5 | e4a1661c2c886ebb688dec494532431c |
| SHA1 | a2ae2a7db83b33dc95396607258f553114c9183c |
| SHA256 | b76875c50ef704dbbf7f02c982445971d1bbd61aebe2e4b28ddc58a1d66317d5 |
| SHA512 | efdcb76fb40482bc94e37eae3701e844bf22c7d74d53aef93ac7b6ae1c1094ba2f853875d2c66a49a7075ea8c69f5a348b786d6ee0fa711669279d04adaac22c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 82da29ea87791fb1f5143f73fcc88b08 |
| SHA1 | c0dfc36345113f491152f0e83f69e6f565531cab |
| SHA256 | 1bd47dd8221ebc78a85dcbb6351de208f0ef6f355d1c300734d65990495d25b9 |
| SHA512 | 1b086d62c7e33f8242a07b8f3437d27977a0a91ddf266d75254e6961c75f0c158fb53e34953fae27f8e8b5e7c6ff48e6fa0e47c7f2f25d9ef407eb738225c62a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 269519ccf1f31e39906c9ac15288c5cc |
| SHA1 | c3e74575e2a1e0d1250a0dd965362427622953f3 |
| SHA256 | 10802a663f101abddbbdaab1489b34b08387fc39cc9b6d73be4eda8060ff881b |
| SHA512 | f6537bae69db86632da9da26078a8e0a57d9efd3070899742fd6764b43c7d5f7a14c09288a814a6e81635aebed9d3cef96941bab0b46f420dd2a1d18abda62ea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 85c6fda667528787c89028ca2cea6700 |
| SHA1 | a8b2fde6c13465932dfdb1fafdb9728c11b4d04e |
| SHA256 | dc95424e36c53c512f1a4da2a794fa292ddef9f132f1ff51357f38cf119d6fb3 |
| SHA512 | 68b5d1efb5c7c6704e423d5b98c2cd1fcab27c26028ea6f0bdbc416948a118b45dd86c144439df211beb031850ed3f1010b149ee8813f333f9afca1183d4513e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 0cf59b8f3fc900b6911a16ba27f96246 |
| SHA1 | d37d9e001c92bbf8df2e82b26a1e47be29351ecd |
| SHA256 | 612f0e98a4d954e8587842213ef8581ed41d207a61969f6d68e4becda6615c95 |
| SHA512 | dfe7157e0268fd4de6530c3ab168177f4d8b886d013d0abfdec36049073fa6c92e6b350ae9282de497b2811f663f598d3aaa2d99a733e36264f59df9918540ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
| MD5 | c40bfb376b8f725031fd09311c4a86b9 |
| SHA1 | 1746db62dffea7b3fa40021391df7ffdd3855659 |
| SHA256 | 2cba6c9b5931001fe4c52e9fbcd3bb979dec85b286eb9a666dcd2efeb3bd9167 |
| SHA512 | b64b8f31a0876b837d6d75f5528277adc7be9399afa86e544f3cd6d7c00764143fa028d0e58537ec71de20b5e66876587e2b06b7e3f808e177b4c8e8b8ec0500 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
| MD5 | 139540953e8f38618c8ab93335204289 |
| SHA1 | 6e243b8a4b9ac1d7f9184998691edf4dac904e4a |
| SHA256 | e352eea95b106038e9f6df7f9a5f87499d28d4270fe8c77ed58a0067c4e60dc1 |
| SHA512 | 1bd802b3179b8930009bb40c81ab6d21559dfc2a9036123ebab1e935a8f252094cfc57bb1aec320001f6e906cc0d63fa7f1ab9de7dbf1a71cdbcf12196648b79 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
| MD5 | 9008db35d545875768f51c498810db68 |
| SHA1 | 324c4fbd184dd92a77e61b9e1397c8d6bf41444e |
| SHA256 | 6ffe03abdacb762bc1070ff69528fea107d33b9d13042501192eaf0c693f97c5 |
| SHA512 | c5d3179df0b8ee2af6374832c57279b555fb27c4ef6ec00860a74eb79b240d8b3e1e36e0e0551186de157e4d99037f4546e63958c2852b5d043137826ce44876 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 403ba81ac18859fc92a8671b612b3687 |
| SHA1 | 19d70a81c9927e5644e5d2bb78d567b2c0996185 |
| SHA256 | 9640a50011c211ca586b6a8de635769f75422f5ebda67a32c0a3aa58b7fdc825 |
| SHA512 | 83ab82161c3ddfab13a0c9e2bb1807340b0b28d1d4ae4a293ae507290ac2bc53db938ad8de2c94d276aecfc6c951062ef8a85501940237b5ad310c3dd2c3b17c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a3ff101db4cd5782e5a2be26df2affa9 |
| SHA1 | 835ebe52f4d49785a261102818f265b216c6843b |
| SHA256 | 4ad0a65c4854c6c4c734d11f84a6b0b8fc3157bfcd633f95ad0a79ffa5ff1cf8 |
| SHA512 | de9e0bdf14257830eeb35fa2351b859ca08a5f0c3561f5ed50481fb4050356f90e0d003e92f659ec507b83b5c2b9be346ced3066f1710f9e205a6f65e474234d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | cceafb4c81f85c54d45867c180e6b25c |
| SHA1 | 1eeab404fa2ac2b3e334ceebe5f8f79227ee6d6a |
| SHA256 | 140e0644e4d5d571259c8fad973cf98265bbad377f4355f5a511e9b4bee5878d |
| SHA512 | 18cb4030e03d01d856c94f404c3669b4a413e216e1205b1cb754cd71813a8985274eef9a6935b6486ec91e43aca9d6fb39174d33e8949ed9dfe7a62a66c00397 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b87867ab65926183a0a79fd23ed12d8d |
| SHA1 | 9a808a1898908ed0253ddb4e86299a69d7ff39c6 |
| SHA256 | 7ffb34eab14fd4604585489082831c1de96f50b56a0a3cf94a3b9d5697894bec |
| SHA512 | f900e7962767a485ec5a4bf17c5ab8f774eddc8757fd88dadc10f6df763d867ff4be56038281b711b56df2ca36e4e8c88888d3e70569f38ce1ba3d25eae1f791 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 15cc4a34187c73ba12aeb17a23b7e5d0 |
| SHA1 | 4e144863c441489625544458ef77374bd9c670b3 |
| SHA256 | 61df0f267cf52d999d47d37d4b2295a62edf49842f1fc1c0c5ea53eda5b8b0db |
| SHA512 | d01a680691985e4e1ec272572a01c8fc58085dfb77e04dec34c742e165244e766159f0e47ed202f315033520fc1378258d21218ae39d82407a876b297ce59b4e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0332140a29a02f60292ebb19c6ab89af |
| SHA1 | 453e88ced582d34899b1b8a09e3a85fb6cebafd2 |
| SHA256 | 4a82aff4040ef6e85c38ab34aecec807228f4a266f21806c8b517e17deaf7d47 |
| SHA512 | 4ed0793cc346fe699bf067329cc1d21f916387f24cbb1b573c9c01ae2564c39a4c7514f32b03e2348d9ab82fe9f270b73471bf9b840231ab8e722d0f4717b5bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 15e5b485711231984d8c0049530f9a7c |
| SHA1 | c2c1be2f9ca20aba16dfaf5cda53e1b8679141b0 |
| SHA256 | bdb0ebc922741648ed3933342678fd2006676f5ff707e414f71058839de1c1a6 |
| SHA512 | 66469c67ab433e97c4631af5f1183d602ad6fe19468104c8b4ec3c2e6a58746dc5712f8c2fe7a5cefdddb3fc4c06ca993ff95f9a69bc786fe8da344fc07505c5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4b0902e22d0f71b5036a0a8841de303f |
| SHA1 | 9dddd329e4a6842bf3558681c9173c021965eb91 |
| SHA256 | 6ea050feff2087ac62d5f3b2d3acc50a9e0445dee318d3b697af3048516e7f13 |
| SHA512 | 84089ea127ba4261ae4337f2e30992aa6a5e66b353801c6438ec033f322fa345b084bac221b5e757929cd6b3f312fbceb3d9cd073d491572eaec90fc0fe1ef99 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d7
| MD5 | 8991c3ec80ec8fbc41382a55679e3911 |
| SHA1 | 8cc8cee91d671038acd9e3ae611517d6801b0909 |
| SHA256 | f55bacd4a20fef96f5c736a912d1947be85c268df18003395e511c1e860e8800 |
| SHA512 | 4968a21d8cb9821282d10ba2d19f549a07f996b9fa2cdbcc677ac9901627c71578b1fc65db3ca78e56a47da382e89e52ac16fee8437caa879ece2cfba48c5a6d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 05d0e56b425681b166b4614041ecd2e4 |
| SHA1 | f89088253d7f986537f0d018a91bda87feb6d165 |
| SHA256 | 10dabb1a37f3ce29bb640f7eb93a760c7b2fa3da6425f66b97668c2d7730cef6 |
| SHA512 | f7e5186392c0d81b52a9371bf3cbb3fcc789ed9666951882799d023577701081d26da839c5002961a5bb717feb58ea9c2066e1b93560adc3421ef2216b398c12 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000dd
| MD5 | 5bb5b01117aacd71cb1955ddcad3d156 |
| SHA1 | 865f19011ddd428c748e4a521c7d545d31d72dac |
| SHA256 | c5d4fa262a24ae6af1d6412eac0325f8806bff684240ab0a19ca3554b9419beb |
| SHA512 | 3d4af1d7e75efc7753e773784aef05462571826423345b343dfc42927001c963232cc5568e5102c417aff9aa15e589247f550d62b72a8a72e73c5ffb3a9817dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 00a44645ab6f8feccc06d7dd95d00634 |
| SHA1 | 4a14f742ce549490acf1657df4bd53d146fcb4f8 |
| SHA256 | a81db9e578f1a80136d3c527505c46d997f14d3a91dac56b4a35abc51980108f |
| SHA512 | 82c1242de2cffe253c2f899304e67ceb2ea888298be91c9222967d600e6b7ee2e8675c2901dd286ea5700d482e1bfcb2f3a1ccea14f1e3150b42250d934a3a08 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 170ee0544c0ab7a49f69c20661fe64a8 |
| SHA1 | 874e06151b9f155e307124095747db66c5b2ba03 |
| SHA256 | 61930a008e449dd36db1a53fc0d9061290ea2cc78831bac0c8e7b1c80a941f37 |
| SHA512 | 1e939f42d90d451d736ad94ba3089a684daa0c98adcc43b900897e951e0972b1e858136068a1449fe1f75bd899ffe66fd3cfeb10c57f988ac25fb89ef51a8ccc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 2a5cd33c7a713261f41a627e31796c89 |
| SHA1 | 8cc8359cae41ab8cd3b78565b63753e1f5d6def9 |
| SHA256 | b3cd72f97790e92f04b653c40e7daaba870917a6fd154a314582ea283be772c6 |
| SHA512 | 7b3fc89323162d1111cdc4bceab46640f6c544c823991b9d0e1addce7ef507cbf8bab27bea8eab9bc7898c052b95cb4845bbf427cbe64160c499b99194905cb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c2562df7262a12796dda7bf9a09fbc4e |
| SHA1 | 856c30a224b07a613a5bf82543a283a6d14499e3 |
| SHA256 | 3a81555ada6fa25d592db26fd33275bbea6b92d3d52ec7a8199b1df54043c5ac |
| SHA512 | ab8128da7f53eed962e87427fec4b1bf84cab921bab1f20077bd1db75e6ad8e40c9a5be8d1b12b83b0264d3d249e36407220eb42aaf692236058cb4e05683a08 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\de7ca7744244c9be_0
| MD5 | 06fb20ca021263398a60bb5517936a9e |
| SHA1 | ffc5d2713d894dd4c646351331fbc05ff90406c0 |
| SHA256 | 11c41a1251f16f8505fe8254e92ad67be90ceea6db4e9c6814ccc1d1a6dec989 |
| SHA512 | b49e10e7d0ce2d6bf24d823a2b80bb66a4527e33fe97b46929981ee63e09fabb8af608d255bf3e610832076229ac57be1d3208fbcd659e08c1384d0298b50ecb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\56cf58e31d04cbf8_0
| MD5 | 4df81b284904375eadbac03216a46dd8 |
| SHA1 | b1e532d219a191c7b312a7ae5cf70cd61d0c838c |
| SHA256 | ca47003f6dea6b2c8e9870e6bf0110cafc0511b3f1b1259103c554b89416bfe4 |
| SHA512 | a3a2bce63544ff287e4671c0d649e590ccdab9a428b72d5bd77730590865613e5fd1526667cef0f57f5c14369aba3419924cdd24f7ca2d1df1d4d35226edf428 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\75e1eddf93bfbca4_0
| MD5 | 7ed3b82ae61b543f46d075dc73bc054e |
| SHA1 | 892b10ba42da0cdbaaef82522a560c74b3d2f5ab |
| SHA256 | 31f47f4b2ffa380e5cc81ecb35c882662290d26b2de0ad40f480059cc6525d2c |
| SHA512 | 96610160fee785fbee31ff0f9fefa17c0f081513f41fc436ea098d4753ffd912d0d76605adfb1b3a714bb8ab473de7a1d43e68670ae48f1eeab4bda7a4e3f594 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\875d69f125275e45_0
| MD5 | adef8c2674c76b8e33e1172addd39435 |
| SHA1 | 27e193aae5ad3f910d0ea10f67c859ece62cf85b |
| SHA256 | d5078a794a8cd5bf585fe47538c78ea452a18b60cc91fa3ebb0bc06e01a176ab |
| SHA512 | 31470b046e3e71ecae627ed18e4805365c7c9a8f57191801624c28bf321bde830328e3815d7ebf03dcf41793d07d6e5b48834cfe44bc079a5c66c2601a75179f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019
| MD5 | f28a0375ed51538ef3ebeca6a23f4277 |
| SHA1 | f415ef0bbd9e9e4346586250f50391086e5cbc91 |
| SHA256 | 47d5847517d6f1136cc3f0c989760699ac0eda54e7aad18b9420c62a475cfdaa |
| SHA512 | 46c409f3fb3a088399544190ead012ffd372c324261b8bc2fa61383db9b7136527825684fec32e837ca117acea48b3a5bbeef6591588bc996749897f24fc9a48 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
| MD5 | 764093f9f56de3c58a10dfcb6de1b04a |
| SHA1 | 280c982cd8a56f486df4da816fe7063b2ea653f7 |
| SHA256 | cd95846c4eeae1340e14ea76d06b7f215e204f5e8f2b60cbf2da0f24732a28bf |
| SHA512 | 675f8119969fb62c31e4fc6bc93dcb7cbbf2f37c87a48f3a1ffbc8ce01c8bd32704151e0601ea56495bc75fe41ad7d60e571dee68c6746e4a7a96c794f7a57e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ca874aa1-c8e7-4aaa-ad66-342063748953\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 8a0e042d4b5b9c466ac70709bc7ca092 |
| SHA1 | cf267596bf8ff0c14fff1b6753345bacbe54ec21 |
| SHA256 | a6da44b9cc302dc71c1256480cf28e5031f8ca17bccfa162dccd90082631e4ed |
| SHA512 | b5e4414364bbca617d0a3a3aa6defe801f2c8cd7b1a742cb1a3548d0a57b5e9b44dba8419cef81660a9e6a0274621d79ef89df8557825df42391c31c4535dfd5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c8
| MD5 | 2cb0d3831a5c488d563cb81dce95fe32 |
| SHA1 | 750aee5bf6b01f9e32e8a8a56b7fd9cf58311660 |
| SHA256 | f781f6571d1f4210a3635e89b8b72a823a0be466b1b13c950a2b7ac2465efb6c |
| SHA512 | aa7249f02998952dc373504989f92d72b2cc6936db9350d9cc7915c61714e1d2f3acc87d7b3ad2890a124659f4a02da4d5500fa2060bc37235b46145d28361a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c3
| MD5 | a63f55cd19376ca24a43a13864d13382 |
| SHA1 | 6b11d3f0392c3ff44486fae4bceb7cefc3c9b068 |
| SHA256 | 1df1f5660045ef7345694bdc6769b2d51d8988d2454fe3b9a36a4fcd0403d78b |
| SHA512 | 348de8f128d27e5a6970d25a183896635fa7cc45062d2ffde5687aedd7e25c69bbcd9631e9807c3fddd0f077237e5f50d39556310ee84a01f07ad3a3aaf887f3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c7
| MD5 | b12909e69fe3ce3fe56091a1c4ec1383 |
| SHA1 | 841a3789ec05d6913195601dbfde82deb5c12241 |
| SHA256 | 9efad0efcde01b9f458eccc564f16b069ab086274582933c0f30d74af6f56a7f |
| SHA512 | 376ad27ab5c7a3347e1edb3ddc8b77cb8160df2d5bd10500ee15d63cec02a223d4ead518e28b47ae8824561b224738e857f740b72c991e0a60a74bd531aacc62 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c4
| MD5 | 0321191b9016b265a2f6eadcfdd57d8e |
| SHA1 | 9f3756b28a49f32a78b79c7d9005a23c0369ca60 |
| SHA256 | bc00d8be48550558cb1a86275f6433951216812997054650aedcd778ec6f7eda |
| SHA512 | fd9dd30b092c31f31d57a3f62f1471a4124b4c28ffc1b97c4e1bf499696ae7fd9adbb9462a6cf185b5ec9d2262e53989007d89c500a88db9daf797db90ac278d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000cc
| MD5 | 1103e325ec7308b8edbc5fd6739076bc |
| SHA1 | 35159f0d6c8a25fd24e626e48475f2ff5179d667 |
| SHA256 | 79ee3956173072b0a83d38a19ac159d4720b0a9f66fa88cda84f64f5122d85c1 |
| SHA512 | 04dbba7f51927bb933c7542782dd57167b48353b31fb1f11ee455e0242dab69e679fab8b92000e7febfb8fda702d8293fc0252ce8151004693af28ff16442374 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d8
| MD5 | 4e60263428fe0101efeeaf6ea3807ac4 |
| SHA1 | 57bc27add3982fd33446acfc9f6eb6ecc8567a4a |
| SHA256 | aaf063ab303912bfb76f9a5fdff2fa0eff49a41db0180b9bf357696bd7d2e129 |
| SHA512 | 9fb6359eaaa12ca79d07bc0412774362c222104dfc1b7e21d31ad140a7c352abda26c350082556e44ab93598037faf498abc4e6c3561af56992624f1e8113964 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6e33c38230b87a5eb7d877a7a5e55200 |
| SHA1 | 9d0b29043f69b8ceaeafa071c91508574e71cec7 |
| SHA256 | 6c26e36ebf200f5ebee0dbf3527ae36fb1c921277c13784cfb72cf8f0be0f0aa |
| SHA512 | ce92d25398cb622303d99b5529cd3ba8b4608a54866e21799d1e8acb70aad880a75ab313348fcbfcdf70b96fcec26c6911879852566db6f95213b61a09d1bc1f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 40b47f6959e132d28525e069100f2180 |
| SHA1 | 78ed24c4ba678ecb115f99c5eb55e8867b305ace |
| SHA256 | ddedb6c7c4d8cf4dd4a9ae94aed1c8d6838a9a9dd89057010d84b3376328fa0a |
| SHA512 | 971861aa6f84232ff487931f30749c88707c3bd7d2d69d4259a8ea56874b6d90a7ab55f28930040f523185d84ecc5d3ef6f7687af51ce1360fb2f0642ffb4259 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000db
| MD5 | 18cbdb4d408d86c1ea8a90dd1b48f68d |
| SHA1 | 7e973165954de624dde7c3d2405946a5c38de317 |
| SHA256 | 246a57a9ec6c889bc2f687439d5cab8ccae8104836f858f74e79062f959675e7 |
| SHA512 | 342858ea48ce0d527e324a2e18b8ec338c55d52b6a83ccf0a93c15dca62c1199bfb4978f0ca674781d199d726e36ef30ef482467dac1ea1fabf77a42ba494db1 |
C:\Users\Admin\Downloads\MinecraftInstaller.exe
| MD5 | d03193d3a30ceb126904df28abc953bc |
| SHA1 | 9ad806e2ebe4a6f6dd2d48cec1b598505d6e53ea |
| SHA256 | df166846ab3a86b2a797e81ee48377ee5dfb8a2f3091e6344816cfd63316e72b |
| SHA512 | a51d29b1eb3936fa3447aafe365dcee28f18fd6509cfe5d83e66b5ab7f1e0029ef8367c1203944ec93e1289570cc42b656d2c74b35e003b841f43efd336987eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 218626d5a03cec53e3549dfa15965fa9 |
| SHA1 | 05c0921d428d94cd35b98dead711927e603c1df2 |
| SHA256 | 58021f7e58216e745ad9900644ea7c47a841bc3d167cbcfa4786faf91204b262 |
| SHA512 | 98df5a550d96e545cf7647837f65f929b4f06f274ac67f76d0557637cf2d127ce9e608d1050c95257898920d9d1af537dc0dad48f808d7b024b4ff86190a3f68 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f7976c139ebf85429068f5727e3a9c79 |
| SHA1 | b2febc651aba93cf15767f570d4efb3b03ad0663 |
| SHA256 | bc4912615a30f25263b87f0da91d7bcf437ec63da8816fae7e1e633b55be0127 |
| SHA512 | 17f4a4eca66405612f77856fd33e8a8a2216edd91f154469a62d4894f9f2ea36e072219eb53e5009f26f6ab4feae4b5c6f5639959d6d0c9b50866be9a06b2ee2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 0dc0ec58731aba803a9e1d9a61182cb7 |
| SHA1 | 33798ce1c403d86992af48aa4decfb01807ba345 |
| SHA256 | 0537f04d1294806777cdd3e6725a3c7a73c83ad0d8294b7020f845b331c6ae8f |
| SHA512 | 1e8c11c04d7ab1ced2b5fd4a975f3d8813e81f2b6f4255ba62c9a4f5a76e2af501b5eb1977c986054c240718c8d9ee32b95f564e06c46416ef9b2294ceba8066 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cb714d24f52220aeadb789052fa53c13 |
| SHA1 | 86188c2304467656019caedbbde0b6ff2ce18bc7 |
| SHA256 | 4ec009037ecde3c893e8e863f54eadf5981c060c6e63c99e5a6b51fb6656fff8 |
| SHA512 | 1497fddae285bc4d144897a61bd818f04a53f61d0d36c3bf32deef3f7ca70906ee2cfcc7bb10f0acc07a21842378a0ea238888fe40006fb45cdbbd9b77921911 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | d1fb8fc0871da0f4983c3ac84630e022 |
| SHA1 | d5fcadac6ef932baf33c0de9950b59d8cdf5ada8 |
| SHA256 | 937d172a6606cf380fbfb25157b36c7a4aab4538ef77234102523bf16abca8e1 |
| SHA512 | fed61290ca1a7426d12840553ae337e317024279b8aaf65772cd7b6d7569c26a49aacfbb201489fa474297472447103548374cf34f847a178840700136ef587c |
C:\Users\Admin\AppData\Local\MinecraftInstaller\deviceId.txt
| MD5 | 2e61a88d1b1229a34a0a75d31e7503ea |
| SHA1 | 5ba901d565072f677e1ef9176b40ef39a8d13418 |
| SHA256 | e1b4c76f8cb9e1cc4894df3e71ee5d69f4f5d1e790f873847895b0b76d572b59 |
| SHA512 | 866e1c353fed16b4cbae9d9ee4469225df100b736c231942fb8cdcce7351a6748184e1df9413d646dbde3f1c9c13899b0812c34bbbee8b5ef13179d02bec77a7 |
C:\Users\Admin\AppData\Local\Temp\GmingRepair.exe
| MD5 | 4c15abea139342edaf5cf161fc1100a9 |
| SHA1 | 498225859a606fa7162317b150b43185e389685c |
| SHA256 | 604bd7e4b0395b3424bbc8e82f52248fc5ff0d33349d07fe424f6301a089d939 |
| SHA512 | 818f01f8925f2b625cb4a894b1ee073ed92675079b6d6ac862f579cb5eace8e0490fa238175fabc105582b6addd7a369dabe3055674f8938759e8913e83e0553 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d2eeae395b5209ba15df394a396caa01 |
| SHA1 | b2fa00df7683e9021738be05f65a81278894dbbe |
| SHA256 | 723e57d83ace5317edb4da5240b84af903423b5298fd706ef0e054948c9ee30d |
| SHA512 | 601f444ffd973d6a746092408415a999ce1d200da6c6b6b1876853c57f5a7b935094fda96cdbf97057a56b015fb05c3e65675ed26399ccedd2f6074173eabdf5 |
memory/6584-6458-0x000001AE41840000-0x000001AE41850000-memory.dmp
memory/6584-6474-0x000001AE41940000-0x000001AE41950000-memory.dmp
memory/6584-6490-0x000001AE49EF0000-0x000001AE49EF1000-memory.dmp
memory/6584-6491-0x000001AE49F10000-0x000001AE49F11000-memory.dmp
memory/6584-6492-0x000001AE49F10000-0x000001AE49F11000-memory.dmp
memory/6584-6493-0x000001AE49F10000-0x000001AE49F11000-memory.dmp
memory/6584-6494-0x000001AE49F10000-0x000001AE49F11000-memory.dmp
memory/6584-6495-0x000001AE49F10000-0x000001AE49F11000-memory.dmp
memory/6584-6496-0x000001AE49F10000-0x000001AE49F11000-memory.dmp
memory/6584-6497-0x000001AE49F10000-0x000001AE49F11000-memory.dmp
memory/6584-6498-0x000001AE49F10000-0x000001AE49F11000-memory.dmp
memory/6584-6499-0x000001AE49F10000-0x000001AE49F11000-memory.dmp
memory/6584-6500-0x000001AE49F10000-0x000001AE49F11000-memory.dmp
memory/6584-6501-0x000001AE49B40000-0x000001AE49B41000-memory.dmp
memory/6584-6502-0x000001AE49B30000-0x000001AE49B31000-memory.dmp
memory/6584-6504-0x000001AE49B40000-0x000001AE49B41000-memory.dmp
memory/6584-6507-0x000001AE49B30000-0x000001AE49B31000-memory.dmp
memory/6584-6510-0x000001AE49A70000-0x000001AE49A71000-memory.dmp
memory/6584-6522-0x000001AE49C70000-0x000001AE49C71000-memory.dmp
memory/6584-6524-0x000001AE49C80000-0x000001AE49C81000-memory.dmp
memory/6584-6525-0x000001AE49C80000-0x000001AE49C81000-memory.dmp
memory/6584-6526-0x000001AE49D90000-0x000001AE49D91000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a5f2e24ca4fe34fe_0
| MD5 | a42c4ed4cfcea8bab49a3ed5b637fa56 |
| SHA1 | 3be9c96ac2272ae167e56992dfe3a38218b2c40c |
| SHA256 | 47e341b0de270aeef3104976e194f977b4b0a7aebd44454f5019b9f4e2571d5c |
| SHA512 | c03eb408b552e5ce0339345c40dcc1b051072d5d5b89c5edcf08c1f35a34cb31416d4948f25d05a3c985c70ac5f1999caf3eaffa75bdac8b96149a21377bc373 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bc7c0fe7184df195_0
| MD5 | 93ee7f897c29fa6870b056a310b786ff |
| SHA1 | 43fdcf6123665a02be1c3a1f38974a8662a70578 |
| SHA256 | 66e97a52e4a7aa1a028af5a612a412fba4b3231fb64232065ba57d0482a2e4b6 |
| SHA512 | cf1d14bd9129fac9fe4f51bb4c2522610a6b21c2b5838adaee9aeb227b4c8d9a1f7e94f14a201b12b597624fcb35b517fb0cbde24ddeb1b9611ac6f52e695eae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
| MD5 | bd969b6e4f4ffdf90bbc344ef831cafb |
| SHA1 | 668a7a0922724f5f24a4846425a3ab76b9dc3600 |
| SHA256 | 518744dbfec89b8e935f41bc06ff328547105037f5eecd57b1f7dfebb47d6f30 |
| SHA512 | 2379999a05b477a6281fb2e71000b8c50896e1b5c3ffc0bef58d52507dcf02679fa3151dd493614aa84b0cd8dbb4de7602c9ec08f8ff2eecef9b2dc57fa1e42b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
| MD5 | fe1772946f3f9e7f1306c25d2ebf973f |
| SHA1 | 0c06a17027583c8d0838013e35685b64f618ce30 |
| SHA256 | b1b72a5cd1632b9eeb459373d74eafecd6485e6cfbb20beab4004edab3f1ea05 |
| SHA512 | f5118832fa7760b1b9ca47ee9cbd060117e97dbef1709ba8d89af30189e589845cdd2f4d158ab66f8208cf3d00b5fc7d6a354ac2a7d8bd3fb49b10e27e507d4b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe5cd99e.TMP
| MD5 | b5435ae9cacfc00a79b5f1556ada23dd |
| SHA1 | 8b6522d9c4bb5a488d6b3d9d1ef6b6f97a3ab2b1 |
| SHA256 | b47781580e833d24e9b465edd91affa7c58165d07470afca36b8cf5739c4edaa |
| SHA512 | 56655302df8d28732c81dfe15edd810ebfd52ee13f9a3e749bbd50daaba268104e9019f45954c9f1f6b0efb33f5cbdee1b39713dd3e7d9cc247bb7719f41a097 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
| MD5 | 9a2c9a50b907df7522dc51b5e6ac4570 |
| SHA1 | 52ec73d4defe88f2ee47276d71b5f40c5bbbe5a2 |
| SHA256 | 6c4d8cb9ca85269836e8867bd53093eabb8bbc51d1e9d349f0ea0e1ba7a84996 |
| SHA512 | 158466238adaecef08a23345e8b072dc6762f5e245ae13fe74533711dfbe5afd1b34fc7dfd80ffc8c727b239f7cde18c293648044e4ddc2ac78176fbb2341376 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000129
| MD5 | a659d25ceeadc7285e578026d3c39326 |
| SHA1 | b926c8e1dac895c1ca548d4f836c9e74f53ad1e4 |
| SHA256 | 238e878d68072d454e594ca2bea403c9a9efaac6276192ff43e112f311eafc22 |
| SHA512 | 54ec7c22b62b348d609f85291fe6d930cfc499733971964e82f8322aef2321f55a5c402957366f76a2ebc47c7364bac61370c7a9c5214e86e7f94f2f22560eab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017
| MD5 | db2823fec968ce51650bd6c51127e129 |
| SHA1 | a9e1a2ace1e991a1791bd0fe700dc57b7e4a5065 |
| SHA256 | 11f130a77f34cfa2f81c71b8667ba7a074841e8be1e8fd4aadf31363fcbe7253 |
| SHA512 | 94c91ce03d1d0b44bf0a6d228844040df25e34d1056652d515b2e718f355ec35c8ae2ded4d6f047c112c18c1539dd9571c20d99aaa4c20c8ec8dbed5d56e0e0d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c2
| MD5 | 4d5370d18198b410d652c109ab20303a |
| SHA1 | d24127e115416349308def5503e1efa68d132a4b |
| SHA256 | 5d374426c9d46a8894bcfef4d490907c4023e1a6305a061366a4367cf7c6fe21 |
| SHA512 | a2ab6fb3dbc9145a28a803658d9d8754c57c455d7828f4048f0626c6a9793fcba07108b4a02aeb47ce9aeb1397f31a07b8fa006aef7bd2170ee05102436e3486 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
| MD5 | b63bebcd6b8591b01e87e3dbe073c5ce |
| SHA1 | e4f1cfd996736e9353649a9c38ac737017b4dee2 |
| SHA256 | 9a1606fea2bc126eb4d22771998dc4c13a717a7c47b3d07f47a04d409c3fa703 |
| SHA512 | 45c1899e67318131542e721b021cc9383cdf7857b5505feffced4a47d10d7ff9b57bfb02f2c247229dd747d1c60fb8e02904e14cc992dbeac7ff86383833c738 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1
| MD5 | 9b303c07327fcba3ccf659c3b2220c6d |
| SHA1 | c6108a87d70865ad0e2603b6686e2fe22e25a3c8 |
| SHA256 | e7535bcdc16527c8e425ff365f920273b3500b3161e0cf5dbe149c46f44323df |
| SHA512 | cb6a1cc2bf8538091af8a29dd6499038a98ced537e6cebce604c6f51001959cfa3e7d4b2a37943e0d4e6d3ada2cd85cb124c674b21ef4fa18ca940da2c3932c0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020
| MD5 | 094c6def326357bdc59945e3fbf04121 |
| SHA1 | e0aeee5b5e84936c0c717091c5c6dac805f3f5d4 |
| SHA256 | 35fdb03baaabe7e52c7962a82cfa7a8a2278d42ce33741ad21762fc9a372a0a4 |
| SHA512 | 4480c80ae4cc67a9a46d267484c65f5988a8cdc958b39cedd56f982eca0fbc8b605a75515669242f74000a1ef0e4146c6ca241c2783ee31ff3c774970d5ead6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7836dfbb07807271264b2c83f0ea81ab |
| SHA1 | 5ae72fdd20c610a7950d802e6312f263e25a956f |
| SHA256 | 5087f40c4240b34bf0823e4b418fff5fc6f4ccb32d5e7044bad151909251c6db |
| SHA512 | 736155a53776250e5b61025b92b12885df72ffb51903cd710cd30d6b24013ad018f6dd54020dbfccbe3b7996ad34fd5d23ed04cbd01a4e117cd5b705d781a741 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6d0b05d1e051a3fff56b8f6a0c26cac1 |
| SHA1 | 9f18407b0d798257cd6957e086850da52b0b2ee1 |
| SHA256 | 6989faa53376b834d2068d46cabb8c22dfad86bd2d779d07da4696ff558690f4 |
| SHA512 | 3a2ebc70c22fde45a25ad7816997d8e24754d04b93ac0da938aa8ebbc8d8f9b31465ec7c6ca07cf5dd0453c1335694bed9c7d4181fa64a779dc7e689740d9908 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | fe5446732feac1b0e7894978872dd870 |
| SHA1 | 246786c7b7eb13d866d2fffb3fe8359b9681ffaa |
| SHA256 | 9bb48aaf7f268b29143b18cc7a6a9fb6b59e8418787174675ed57246c25cf898 |
| SHA512 | f67d0b14a2b8e069650c4bd4bb0fb89e14abd1b1038b4803ef071d029c4914f2cdaf24542221a528dc3df0f0f6e59db791ada88f1adcb0d4712932de041b8a7c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 646bf1d10858a2fcb1c966f38f15a592 |
| SHA1 | 629793c6a5f40a505588b0b39512c3936b6e9b1c |
| SHA256 | b9555bd20944e02ceb439ab4eec778dce864872b14641d4dbdfc9a05e5525e46 |
| SHA512 | 0da5c8f93074499d470ec38f5cb18456240e3e7a82bfad138e92ecaa6bf2e681543502a57c4536f185dbc418145c5e2dfb51239bcac198d8968a10ffe224dd5e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8e15ca921072882d457c09f6924df924 |
| SHA1 | a23362bdd1dc57856ea00bf3eea42286dad5f28d |
| SHA256 | 60baf096e5796b025bbb30df0fec5642d958ef8ef225b6d66be21747813018e6 |
| SHA512 | 0d6aeabfd8f5f027b181ba99f16414aad34e79fd8f63060412f9efdd8ff0c50070cf112f339f998a550e1d7baf061a3769474e9f53664c9407b388b96fa50ee9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4cfe1fa51e8ee39738b8849259fb6023 |
| SHA1 | 529a5265a75aeb9dffc021f9df7d6ed64a53892a |
| SHA256 | bfe1f7a2f264b328070bda8af4165a2c470f6795ca3b52d488b7c8aa9d0972e6 |
| SHA512 | efed35b4ff2ed9da977f1eb969bc4096170e6cf64b4fedc621a36613bac6a174190b52e0f1d4cb139bafc87e12e88af9a629018e2a159214f25aa94d8a791bde |
C:\Users\Admin\Downloads\Feather Launcher Setup 1.5.5.exe
| MD5 | a8130d85ef43e42a33fe1064a4f135ed |
| SHA1 | 1ba835089ac121f3141663ca4a253f86adc64b3a |
| SHA256 | 327c129fa0d9b80666eaef565d13709a82d8558f9e9d525e4eb2b6b1ded512be |
| SHA512 | 73afb6ae38f6087dbbb3014c3d4e3f759643dfbbb5d8960ce1521925ec172504af78ce3c7afcc51478c258ef792e4755c094c0845e20a221596863706a2afb0a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log
| MD5 | e3b7ba8b286c90a44e8000b5394c7796 |
| SHA1 | c6955da78f7f3ccd5445cec327a366ddc53a7788 |
| SHA256 | 654a149d1a07da929388faf509b2001fee707289a461f4ef1d56feb3dba3914c |
| SHA512 | 65fc66e98a37a749efb77fdbb1457e6ab6f2d74d1cd05694fac059353f332ff936f99a196a9294f22a1ab0cd51e0901ea05c2bbf007ddd45096c914ee874fe08 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\nsProcess.dll
| MD5 | f0438a894f3a7e01a4aae8d1b5dd0289 |
| SHA1 | b058e3fcfb7b550041da16bf10d8837024c38bf6 |
| SHA256 | 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11 |
| SHA512 | f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7 |
C:\Program Files\Feather Launcher\chrome_100_percent.pak
| MD5 | a3d4515d3a33a407d313a62818e82a5d |
| SHA1 | 967ff9a6774a66f7b3299af4fd5d70961ed54d79 |
| SHA256 | 662a9db6ef4197cb4b6c50648a2cafceb7fd903015828df3fee605a602370be0 |
| SHA512 | 0c757e1beccbca1ae0791fa0c51a9e2019696bd0965c73de67b364fba6f317ea2cf20fa65e4fa7dd22519683528e5112dc8c530049170f4e702e0c8d4e065801 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\chrome_200_percent.pak
| MD5 | 3bab45c70f22646cf8452c30903810cb |
| SHA1 | 40b31d4c79b5a2b8d12f8cf8b6c49c962c31f766 |
| SHA256 | d4282ae977f23afe252e19e421c8d09696ea3b83a1e73a6aaebaaa5547c74cbc |
| SHA512 | 85eda055494f0233c963e821906cf69d94e664d8396e8b08e7a8f412e1c16af71252fef1bfe3ed43cfad157aa90c0dcbb375626e2ddf0e807c9b23ad27e61d9c |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\d3dcompiler_47.dll
| MD5 | cb9807f6cf55ad799e920b7e0f97df99 |
| SHA1 | bb76012ded5acd103adad49436612d073d159b29 |
| SHA256 | 5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a |
| SHA512 | f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\Feather Launcher.exe
| MD5 | fe25f9cfc1df95770eddb8090f7d0b8f |
| SHA1 | 001b7ceb9c1bac8fcce45d80fd0dbb96879b8695 |
| SHA256 | 112abb0dfc8f76ecb80c4bc9c7bfc01ba8e7d6bae2d48cb12b47d32428029bc9 |
| SHA512 | 257c396c1acf9bb6f964d5f4deda7435a72832f9147a49dc06a1818cf77ea52ae7778248a250695b12e618adfdec3c78ca57568da15973dfffc95ddf7a554b8e |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\icudtl.dat
| MD5 | 6690f2b2384e1bf8961fda96a4d07691 |
| SHA1 | 111f6dd9833c653908431621fe8fbc87f1135632 |
| SHA256 | cb73d42d36839708013393ad0e4e932fdda9a1acda9275ecdbe74fe89eea8366 |
| SHA512 | 6a5242fdc0ba09e339151feae1b3f7a9f00a09288b6f4ea9305d1a09d8bc3015c074ee91de35b8d6fc765c2fb55ec37dd91b8e66b7a7bb3148cbc305de19b088 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\ffmpeg.dll
| MD5 | 68ea02ddbfdd0aa3a694789ee6d95bc2 |
| SHA1 | 326354fda27d5de1a7bf23b440c6eeb889c7c00d |
| SHA256 | 0c4e27571b2b7c2f50fb6c6d9746fa978079bfb3834bd69ac2f36123c41a0c99 |
| SHA512 | 5d517890cfa9782eb5e78ae9bbec54c25b7db1260bc73e39e6b96fc5482b5d7908e25b8b0571eab7129ce78963bea601fecc6be1efda6376addb1c0240e7276e |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\libEGL.dll
| MD5 | 655672c205e37b079c34a4427118479b |
| SHA1 | e1d595a25e76f2f1be50f0ac3046e82462790d69 |
| SHA256 | 498fafb59d3d1a91fa24f95a59411dacf3fb373408e8ea5f931e2ed6b2732d36 |
| SHA512 | a5ad3ac4e382d28d2d95cfc1b02ffca2ba1b5277567c1db81e14a87891e6ef9e5b8b2b56f4b63f8512c0b527dc3de7a5ebf5bb479dad827dfa17294f5874ab92 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\vulkan-1.dll
| MD5 | 58871cf606db440509b56a3f764e72e3 |
| SHA1 | 312e810cfcfb663b0da00eac3b87294c0b035cfa |
| SHA256 | ea1f3a66f9322d20da4542c42595eb789e532a224a0338dc488e998ae00e59ea |
| SHA512 | 07279c40721414f6ab345f83d9189c3c7012a54fc839359cb33cf4793ea771507535518554be99bac339463b7bee89e263e7a5cdd3f443a550ca6476c350a2a4 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\vk_swiftshader.dll
| MD5 | 17bb7a2a7cd8ccd96ed19753cfc75bec |
| SHA1 | 7c996eaa179fd472a572a0efb3e243a81b283977 |
| SHA256 | 070c9bb970f13a47e3246fbeadd4d2d3916273e1ae3db2059d806691bfeaf6d8 |
| SHA512 | 80ff7ba1b32e3de374e8637852b96c12882a5f7d32651ff0e1c2cb97898a44aee46a569a42b073a4e368f364f0daae2e86eca36068fe6794eb5ba55cd3ca5ee4 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\v8_context_snapshot.bin
| MD5 | b978b7e83b574a43fe766af2b670c1c4 |
| SHA1 | ab0d1211740fefe3b8ddc8bcb2400e68cc88ba4d |
| SHA256 | f59fa568139442c7f547fc8a5a0fd090ddc8427cc409e2fcef0518a9dcb47a96 |
| SHA512 | ac0f297b128e83d55788aadf5870849781d81cc61461117c5cf22f757e20089acb640b3ebc2f3bb2fbe1659e75da73a63cb884be4a791a90702758e6c52dc706 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\da.pak
| MD5 | 528f37f3f0f7b145a979d5c241b4fa0a |
| SHA1 | 553184bd357c6493e73c1a1dcc5d142e1a36f0ff |
| SHA256 | 19444d709ff0b9343aef93a640c505566572a0f3121012716d2af937c08d6dd1 |
| SHA512 | 6a58016bd952dd93026e81bd240a5d02b0538c61b3f0422ce4439a719d4c0d76caada1f3177d4c4942c0b573844c7e42d202285758dce8bdd8c44115ea4b068d |
C:\Config.Msi\e5d7302.rbs
| MD5 | 5a8f4b27db9efc1f5e3e3a172957693a |
| SHA1 | bee949cc6b7930507e0eb38c4cc3cd7414357a5f |
| SHA256 | 3db4549abadb4b32f217889412a9f428bec3dedc3570c628f55769995ba2945e |
| SHA512 | b45a262e0f10fefeb50226d4a82aee590145cf9e0f2e09159160485a84a6dacf586387e3e92e38b0c4403b382fe916cd5fb814c94fcce9b7ca84bc4c5a15064f |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\de.pak
| MD5 | 8ae896d9d42d65ae82093eefe5dba356 |
| SHA1 | 57b6175fcd23ae0dafc7eebbdaf7cc26c1ead0bc |
| SHA256 | 6e8983727e035e77652fb453192871e435dbab03ffb3088a86ec918ef01b7f37 |
| SHA512 | 6271a6e21fca7793964199489d21d1fb8d93eff2cf1979b3da7ca6eb22d4786a28a6e62b6ba0b8907a6be7487d5c9c45d8d372eb34ec16ddddbedfd49dfc475f |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\cs.pak
| MD5 | 11a76a16e2f94290a6671b2fa7c782bb |
| SHA1 | ccaecdb49758bcff8fe31ec0907b3a4a0f1ee6d1 |
| SHA256 | dee2f88b85753600284bb4acc844be1f0edd5688f98340770bc042aecbd73fb9 |
| SHA512 | a19845703cd2af109c085383307eff88e8f2ea4f6446541ba1f0bba89522e714d43cfa355af149a9a12ead96ab389b27c273a53dd15a93b401f6f7eb4d43886c |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\ca.pak
| MD5 | 711098caf9322fa49fbe4ee2ba794a7e |
| SHA1 | d567f076ed6b8b1479c566efb155ba491401f140 |
| SHA256 | 95758e3b0e83067a8eb8f135f1a9f6112db18ab6a21981c5ec32c899c729a159 |
| SHA512 | bcbff969d9e3ed54f6072b359f911c0c9ed875b12fc7a29002e9a251331b4d47b7c0d740ef1c596bbc8828d6e32f216f41bdadf0873a0a85ea5b65bc8770158f |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\bn.pak
| MD5 | bc688ba7dd2b0f9946ac98a1df15131f |
| SHA1 | b453ec6785191b3dbd5d78e7b25b9481b6522b32 |
| SHA256 | 6ad844d2b22c8fbf3587ea603140deb1475dab934ac62e402dbf1c6946dc882e |
| SHA512 | 3d60102975a6acb39ad5f750128ab4967bdb5a64eeb398c5fc71e5fcca860eb97487df4e85269a5ffdc1f030bae2ff1c03d61b08565792f84696693aef8119ba |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\bg.pak
| MD5 | d9291d2f1e816471f691f37c5a4635a0 |
| SHA1 | 201f26fff690b95f559d57866d7db519364ac27e |
| SHA256 | 4a7d229dbd7ca53bac0438d5705a8ecad9e33213f6752e58624da1b9e9cd571b |
| SHA512 | 074b46011bed5750dd49ec5e021b02850d11b235730c27bc2d0910a69f2f1d03c79dbe692b5dc34b7be28ab071b8af6c639151ebb10364f04b8acf4615c54270 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\ar.pak
| MD5 | f27d0b588bfb76f541e9a8d83c74fc58 |
| SHA1 | 23d01bdf7e1a7d9cc34a53b5d0e9a221395d0f67 |
| SHA256 | 88645be62d0421ace7b2c44df7de67a4a83b04977049bef82b465f60f06d5560 |
| SHA512 | 9406a3150e40a5c93c9a2ba82030b334161273ec3d66c8812cb7328340cafd0ce549f178cddcd00bfc227a258e8aba64305be203fb6502fd87f76f224d0a7126 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\am.pak
| MD5 | 1ef5cb04c40f553fad6dd74295ff4588 |
| SHA1 | 9065653dc4ec508b657fb86f45a69114d1ab4be1 |
| SHA256 | 9aa0bee97cd6957d3fa1dc43e3bc45b7fc4f55df6df9a33faa7aeaf6e2c46a71 |
| SHA512 | fe766d0841a1a247442e85b5e4890fd3f83c76686e61c2243ed93a373d7c4b9a79558200583e58fb17cfa64efe053d61c582d83beb078a62ef232376e4741ead |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\af.pak
| MD5 | 3ab2fcf223a5fefe8a186741b3507e14 |
| SHA1 | 9e851c09c08415a228fad02ba87a9caeb29e3b9b |
| SHA256 | e6db19247e92d007323f9e0ee776c423a6a8a64ab321c9d5c964cf137e390a4d |
| SHA512 | c1259f7953191b7c89694d826f4e45564d4c7b6be2aa7e85b73c5a6f723894b139ba62d215def008f45a95215fb3da7463e229c8ed014a6db4b03e64133891e9 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\snapshot_blob.bin
| MD5 | 17b5a28e6aa7ef49bea7555843937313 |
| SHA1 | 8c740e68f009c3d03db74edc347cc5d1fac7b1b8 |
| SHA256 | 2590aa136bc101f1075e42cd8939c7679ceb35b773c989be2ada49acaffd01a5 |
| SHA512 | af7efffed22246389d6a834cc8d8467e965849ffb8fbecd4d192c0596d1a026c6ddbe49cd2029163fd77bad22906e80446512bdb918875a7fa96c6ffef65cfc5 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\resources.pak
| MD5 | 2cccd68519bff7f6a45380607940ca9a |
| SHA1 | 107ed8e7aaf2ea4d8b290afc023fdede16e47254 |
| SHA256 | 44387afe96c6d1cc6b24e6e05e42e92eb51d6c520743fc8e2eab06c683ba27e3 |
| SHA512 | da3c67f10ff1d741f6c4d5313f8f1887ad3232b33935d5576d321e2d0622f601fde3f3cae24b23f00e8e7f7f48aea49fcf4fde12aef2b396ea5697566f8b7128 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\LICENSES.chromium.html
| MD5 | 997768ae7eb8c036425bed10f766e823 |
| SHA1 | 2ec99026b977f6603a8a7890bc05594a9a4f13a1 |
| SHA256 | ab30ee348b3257ec2f19fb5733e64278438be792f1280ce0f28eae0c9cb8943c |
| SHA512 | f408b817b68861cbad62425e0bb8726f876d36a2212186a8f948d5c825c95ed819dcc41284d8ad8ac11e7ab7ff6141588fededd01c287780f84269846515f639 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\LICENSE.electron.txt
| MD5 | 4d42118d35941e0f664dddbd83f633c5 |
| SHA1 | 2b21ec5f20fe961d15f2b58efb1368e66d202e5c |
| SHA256 | 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d |
| SHA512 | 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\libGLESv2.dll
| MD5 | eb2b911d33f5ba82109a0d5608c28334 |
| SHA1 | fbc578fbcfc88a132438b38e97bb87c16a9f698f |
| SHA256 | 2404be88c798b43499ab7466e2b04bd58510f0d3fa59049aba6ffb932b65c977 |
| SHA512 | 19becd2003702813898893f7b1fcd1db179a76fbd201fe34471254b75ba5e98af262922adafe5ef0672302cdf4c0b1e2f8910fd2e51ded0f3c4d6c5a43de489e |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\id.pak
| MD5 | 437540fba9de2809d42dfc66ad78d664 |
| SHA1 | 0ef84382147c9ec2c1f8f248f7234506d0f3785c |
| SHA256 | 788a4e41a8e6b70e714913b4894a48fdf24799f7a20320565c523b233a41a8be |
| SHA512 | e893b418457b2aaef7605e36a61351b43b18b38ba675b2377bbf7744c7ba83fb66db151faf28f9bf0361f874cb4dc93e4bb1066cb7a5fb6a41b1b97f907c1dbc |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\nl.pak
| MD5 | abab4a5f1afd809d2e7d5cad3ea17e70 |
| SHA1 | d57dd02b63849f7798b1ba11efb889075fed10f3 |
| SHA256 | 361d54411d890d26fbe6d1f8e8f8258e72afca143783f9f16145b9f4f5f9333d |
| SHA512 | 076a061a9278d83c76048696d14120310b64fe41a0300a0e0588e1c7ae933026d8994f9672d85c5c76046a3d7eba5fea6ce70fa7fb4cde0990777e3965fb1d8c |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\nb.pak
| MD5 | 9cd8697bbc2b78dc3fe4c022d1fd5ee2 |
| SHA1 | 9b0cc62586e391af46899464dc22df60746b53df |
| SHA256 | fee60b6eff88716fd8ad4a9b2da8b16827753c819671831e2d7dc2723aee3bf8 |
| SHA512 | 30db548a2bc7af38ffe0a1970a52afce2fee04c02b4b61b277d875f068c86fe46fe537303cbbbbb66f3f715268b43cf3b2cdfcd90c2a4157393d6242eca79c37 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\ms.pak
| MD5 | aa1d4538fd06a6663ca213e059592f90 |
| SHA1 | 4197b4bdd58b09ca8caf76d0c22e3eda358dbeca |
| SHA256 | d51d9f4fd2be492a751db6898b4c2843b2b6cbfe893bb66ffa4eb8e1a66e7e5f |
| SHA512 | 718d3ed30f8f8052b2c52e8458188880a050ccf14f2929e953e18a551f6abd4fbc87af525ccd2efa353bbee00529cdeb7146373023d598cb6430e16465bf1cae |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\mr.pak
| MD5 | a72af6ed3bc9c364cdd096d65e3b5349 |
| SHA1 | f652a7d21e8cafebcd72cc38891d4b7b908444c8 |
| SHA256 | c20543bde56b4ba78b7efd8a1fd4d6990e751ea7e243c91a2e83ca78dc0d9289 |
| SHA512 | 3d0523ac8ac9e1d9f2e3e802053a14c8c3ea0b45cac0865b10efb23e869236b8103824777b5efd45eda7d6da128e9ec15bc68963bb60cc46a034ef357fd66b77 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\ml.pak
| MD5 | 68ba8ab8cdb6bcab0650324a9b2736c4 |
| SHA1 | 5cb7dcae00cfaba7e621373273dc80144319f031 |
| SHA256 | c990dd02ea8ccad94f5002b2b05e74ad258a9b13ec1168732cde06d0723e2a91 |
| SHA512 | 7b4b75d2a67b32c0232b05de4085196484bf52cfeb109f2543c4cb184456601afafe3e05ae7ec9c37666499bcb424346114fc9fd08af65a7af853e42cb16f5cb |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\lv.pak
| MD5 | f0645d37826c1e2923240b745506b7f6 |
| SHA1 | d41a06f30cb4aa187b6f02320db9c743058551da |
| SHA256 | 1af1ac2692035d502e772f976c977936d0feb42f65a9096e0af2fcf8b7df03bf |
| SHA512 | 29ccd6915aced1680eb0ab6ce4554ccbcfcc196a7e1398ae5da1433205c7b2e77ed2bc7349704d1dffafd108403bffe53c36bd018bacf6faf7363f8e35c32a9d |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\lt.pak
| MD5 | 2a21c3d432c272f81edf923308858802 |
| SHA1 | 7dad07b28eaa2db09c341a4670a17016702ea1d4 |
| SHA256 | da21c47633640002d0eb397d9f2685df542b6f5e53ee3ca655340750de2f3217 |
| SHA512 | 8f646dbceb6a13568364f194f1ab95055378404e0ac21a3b4e609bfc1ab3b41869fb3ef4700aa0161ef43e4a394666437c17cf49f7bb0bb1d27fcdfb252ac782 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\ko.pak
| MD5 | 2f216c3e58b73f7981d61034d707b53e |
| SHA1 | fd47331e07c8575057aaa58b1068e82721073300 |
| SHA256 | 7b87b2795f4bee5d4ea37b959ef9d7815b4cc39ba3470d97006370337c3e5997 |
| SHA512 | eb07bfc41b76e4ccac9346f9540208d184291cc443028ce74cefdead0b2c63cef6c92862eb5c5479810cbfc98ad2a60d9281a6286d25a78ee12e8dfcb2522288 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\kn.pak
| MD5 | be3dcd0f8dd4275662a01a381bf294fc |
| SHA1 | b97dc0e112e1b66ab3b9b7679cd9b2e8d9e40cba |
| SHA256 | c06445ffccb52fca884686db4eda33d315d8340fd653c199c0fd8a07d1872720 |
| SHA512 | a9b00474ab5d1ab88bc005ff53c8d7e33a103d87c2794e38bd6819de629969d9dff06bd4bc7c2318ada4de5a61d68462bf5e0464c7f53a4250b4f617f99ad32b |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\ja.pak
| MD5 | d453d6bf0d493cf8a28dcc7e32149cde |
| SHA1 | fe164f188b61c6b0c243262df7fda8fc612d9e82 |
| SHA256 | 1b3bcb7b6482cd9b005aaf30ccde3b4f3603f0a9e1d0f2209d70ecc74f7353de |
| SHA512 | 1588071999065dc93959ac36557e321881e7f244b2166c0af76deb4083d3e9580e6d0dac1fe474a49cb43cebc76a3f0ed400e750c090886c77e85ad0dea86c2b |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\it.pak
| MD5 | f21eee789d7b89f4c1ac03bcc95b6391 |
| SHA1 | 754ddc787e22378c3034c78dc126e49d952c1ffb |
| SHA256 | 94652279dd554461d91613fd2cf295e0c68a7fa46855c53172781b15a5b2bcb7 |
| SHA512 | 588640b61bc8ec60d9d6a6110544b0d191cf0d084e17bc79ab19177eaf74899c1eccd7b0f0f6852182b48b19596446e819ef0c1d64fbffbc87552a8d0eddf49c |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\hu.pak
| MD5 | e74277eadf72ef7164e03a0a38d8f6f3 |
| SHA1 | 0085e77f0a9bf30d290f1eaf24466a12789a1c6f |
| SHA256 | df6c21a38bedd4c6d02ab60650f4c34537e238d4c72b96b2857973027542c3d8 |
| SHA512 | 27ef60832a863c4ad3ff0816ee03b8bdeb584fc83654f4b1061786014aea92334ed44482321a370836aba7e08cc4b0992a8ece81cf8b98e42cdc76813470ecb9 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\hr.pak
| MD5 | 5858fdf0f665ef6dba8a4e68ae175974 |
| SHA1 | fc8085083e4b38462c42e6ca5ae67fea408f18a8 |
| SHA256 | 66e85a46152b7baa26b2fd8d6af3df0ca67f54b75281aa08cf6a0f7e769aee8c |
| SHA512 | 6b32b62749b2e1a8921faa425ffe69f1d3bb3d8ebceb74f5215c355a35aac8220ae8a0624c68ec45123430cc731812504fc22bfac1d50e810168f3b3509176cb |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\hi.pak
| MD5 | d0b36880a50bd87dfab2ebaff24c0ea9 |
| SHA1 | eb1f30d0092b4900f332cc2162f9f1c52ccf4da8 |
| SHA256 | b23dd1037a3d133ef29b73f5fd90765a7af9f0f69b24858343acb084a59b01c8 |
| SHA512 | bb80d1ca39707b96601433f9b10d7857950aae2075d173d5650af2e3a6e6fc795ba4a6ab55888933b9f0e62bd03d362af42357ba22c75a1ad599d153582f6bab |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\he.pak
| MD5 | f7f22a75ba2cc2a2d1094ecdc60a208b |
| SHA1 | a631ebc0d180fa994b3856f706ea75714292a7f6 |
| SHA256 | 4e972808f0a25619462a0390105e8a869037341a30b3481b3c80d918009efdb2 |
| SHA512 | fa7e27d931421fa504c6731e4aebfec0908c98f72c2ec7341195ca907420dfedf30f68e0949e3824b6368d64244de3bba6a7183d3fae424a0e1de69bbfa9d71a |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\gu.pak
| MD5 | 9ad27f9e3aa9356d8398a823a5a90762 |
| SHA1 | 65a3b8b786a245e307bad3966d9ec02094c06cde |
| SHA256 | 984aed687408ebdeb291a57893034490d6acfe9d34546dcc3715f33c8907ca61 |
| SHA512 | 46fa7165714cd1b7c1e2389c85e2ed73f40125491959cc458ac621f5e156963f0fc141deb1c973996a15bb2b7b835ba36806db762ebe97b02159d64d002a93f8 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\fr.pak
| MD5 | 0b0722d0c9187ed3bb445e66b9f73668 |
| SHA1 | 426b41bc9677861b61daf77e235c20ca70b5deb8 |
| SHA256 | b7b3e4f04dadde5c228408c32c55f088372181cad5b71df515cdad8dd1ef9e6d |
| SHA512 | 4d5e3d6054cef9f903844a0822906c612def3d4c3319a7114a54421ff1a4d3c523d02d457d5a2ef8636d6f4183392f64d821c6ab2e8b79c9930e95f7a36a891b |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\fil.pak
| MD5 | 850333b9705ef8ea07a6a9ded5904040 |
| SHA1 | 12950aeb4d7f13ff335c5012e1d0af0da50ba541 |
| SHA256 | 742705b1c87900f6e8f02fa112d2cf13ffaa6c09c62a7dc34a2cd6a29608dd10 |
| SHA512 | c464725f7f9702c9e94a7491e963664fbfb2b07507ade4f32fe2372eb9d0313bb229fa8eada511b338d094780341c24cfb59f745471b0b82fbae94ebdc8ef4e8 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\fi.pak
| MD5 | 71f7182ad054b5294d1a3c8fb91d1612 |
| SHA1 | 13a210397d6352912c35ffcfceb0e2ba3910f7b4 |
| SHA256 | 0b41ce33c0036aee83989ce4ffc2d096b2f6fab77634e4bb500ec70a51b4e0bd |
| SHA512 | 157f11807cdf4667efbc93cf2f3134d9d48b6eb08b941eefb7b085dd3e110efc42c78ef554c0faa2b46e0155903342c6b5b6b20f796907138619b880bcb2d2f9 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\fa.pak
| MD5 | d7051343f1cd16379689a2a28a614bae |
| SHA1 | 7dfb720048bcde2282c682d5653fdaf3b55d89cf |
| SHA256 | 4c00aed6cd9f9f6d2a98c157cc10a07f4f09fcc18b72c048eb6777a2600181ce |
| SHA512 | 3d4284a0c4c528be1b9466582bfaf2cc1acf9a03ce9cdcb27ba2481c31cd841b0a70912ca388dfe1d3cdbc58c82e095baa961707a344d03cb0db777a61b5cdd3 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\et.pak
| MD5 | f6b7f59ef4eadb505faf6f939adafecd |
| SHA1 | 738f208a717786f23d124201aa16b377b686cf50 |
| SHA256 | 8e75989893f0d59f6ccae2042231ec8e7dea6fbc78210700d0d1d3a67f6b1d59 |
| SHA512 | 195bec3a111c498cb4b791bc7d15b459014717fe4270cd82d01e6e4d1b12bac03e267b7699b12e43db5c6cfd8625b6358bcee039aa18edf593f824fb27bcb38e |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\es.pak
| MD5 | 85e0afd9c09f97cecc025f31fdb6269c |
| SHA1 | 13b9ec632e465c31fe6e88b1e3c186a2eacf5de6 |
| SHA256 | e1a9180677d2989137e8dd381e6c847c47b385a6d3e965a047829479317736ae |
| SHA512 | 0371b816522bc43b124ab8dfba3ac55e63c435276031f7035075a0767a11f3d73b5991156ee6ea1770d0115c09cb653c9d3fbda4b2d9f1e00b068c9d7a2f8db4 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\es-419.pak
| MD5 | 637dcfd56428fe96bb0a778b0cf8a660 |
| SHA1 | 1bad857d600d00864edc3d31529cf4ef6a49b580 |
| SHA256 | 45f136986a226b1385189997aad2f660d0f518cc9871862250736237e0b105cf |
| SHA512 | 66b5c92687e97326af47258d38ec523184ced00855ca385515c64bfb9a7e3eb8dd1f885c4db5891bad680c670714bf9e5574483e34265c1f7781c8a7e7af9301 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\en-US.pak
| MD5 | 1e9b12891461eefd9db12e537965329c |
| SHA1 | bf2346e045f79a70218890764b9318fa86886b36 |
| SHA256 | bd67fc968d75e77f2bae7ad552c398ccc4dad8635d74814c2046f813010c45e7 |
| SHA512 | 3f01b9fc7e07bf6f3f8cda357debb83f73bb24179f6926d0b24114ac0078f42941a68842453bd7ee86cb759ef76e240b84278ebe1541cb659fb7caf3cf5b6820 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\en-GB.pak
| MD5 | 0444defa8f211ac4eabcc760b14a5b8a |
| SHA1 | f143e080ba73f83c77d6c095ab8be1f71f763532 |
| SHA256 | e252661d412a068610ac2e2a64609f21f71c64602c579a14d7e6ee59d08fdfc1 |
| SHA512 | ef4977e477c3c39c2915e82162bf44370a3e2242a2fe57b43a0c2342171d02278adcec9d602ad4d4021a6554ad85a55d4635ccf3cf97405bda30626379d875b6 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\el.pak
| MD5 | 79077480619d88f5d4d0c349e86de169 |
| SHA1 | 3b05b9de0d79e6cf82ff5e482dd1626f58d1c858 |
| SHA256 | b4bdd19191dc4bc22f8a3ecab032f034b0c0c0669e9a5ba1b42717ec0b5b418b |
| SHA512 | 1fc5697c798c83f70345700037af7aa22acfac5a3c7e319dd57d587a35b7e907ecfdf175e283df365e31c0f824713743a96cc56b60e9c1f335bda80fcfec38ee |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\pt-BR.pak
| MD5 | 8bef64a4500a00f0e72944a4a4b6556e |
| SHA1 | 13724500fabaa1c452a253bd43572d40d74f8e43 |
| SHA256 | 1054376071aba92b165cf561b7931a18ae0b29c9ca22eda85c5c9c7e6721e49b |
| SHA512 | 8590fbb13913342c988a7bfbe7abe1483cefca90b801152ba483752804879a30b5f8aa4f7cd55165978984da68937006b675a65d7c6ca93e770ea2586a35ab02 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\sr.pak
| MD5 | 7b929206486e740b4c9299112186a94a |
| SHA1 | b52a4c8eafa2d9439d525a167cb3482f31d7a6e1 |
| SHA256 | a0ef17a572ce510796886b844226b65991bbddcc71b763b91569a07ef23d2070 |
| SHA512 | 91f4676cc8eeee6f3d643f13c27602ce05639b3707bbd950fb0f745242e92d053b74f575d87522a43f2135662870ca3e3eb6ca894737a5d14900b9e48c837673 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\sl.pak
| MD5 | 1dbb16fa2da8c13145420e85cda509c4 |
| SHA1 | 6bee3ddc96a98c1e658299dabf6457fcf90c67cf |
| SHA256 | 5015c0685b66ef38c92ffc4963e144e913b646d8e855f3976e50c8039879cccf |
| SHA512 | a98b086bf9175b7c2b5c25e1208c8f7248c6eed2bc9acc095a52479550b58bd22dfd9a09dd3674f59ce9ef537f27b0dafcdab194158438d0e68d3c120fb97e34 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\sk.pak
| MD5 | ff48eea350d1fe820a47c2cd0f9a93ac |
| SHA1 | 1a069d1f9b278be78cefd290670dcecc463aa7a3 |
| SHA256 | fe43904bfb0072add943ee8d44e9f92a80eb2aa55ce7157de52ea625c277db53 |
| SHA512 | 507ab138d8b6dbabdeacf3031fe4c63687fd91d04d0eb5e27b12ffe1d84c93ee40f69e48853d6bebe177d614e4a14f034024f93397a0e9fe5779ccd01760caa6 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\ru.pak
| MD5 | 9cbc09a3aad1ed164062db66c31b5031 |
| SHA1 | ea8fef1cdaccec36262c65f09b4448128a5ad2bf |
| SHA256 | f6b76bf79ea9f03d6bf8a399778a387029baf9a94ad274788514b2086b612bd8 |
| SHA512 | 02b7510ae112a28aeabff0833ef997b1fe0d7ea23818221da8df16db392d4b85792fb60bbb3f3157c912269f5abf0db0aa82364e2cdeaedaf8b2d8fdce2537f1 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\resources\app-update.yml
| MD5 | 9300d1436965c7c0933f53bd16bd332b |
| SHA1 | 96246ceebfd51faa9470f9152d0925f6cc1983cf |
| SHA256 | 53c824fd08de03ee221296cb75ad6e8c3cff5b8254a467180197cb308666377b |
| SHA512 | 9683ac45be9771e053fa11a0b13b7fe6866c44385046c3f7b67e77e1fd068f5903bdb1987209cf68432ffc021f8366f6fb002c360e3ed6ae030a8fe3996415f0 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\resources\app.asar.unpacked\native\cleanup.feather
| MD5 | e249fba7f4de1b7113e1d04d9101ff99 |
| SHA1 | 953165b75b9f6d26a9a309fe68c7415f004a35da |
| SHA256 | 82319ef7ae02d653342df75c099b00d96c83db831fd0b22a462f5f1c52ccf2e5 |
| SHA512 | ea53592726bcf437692abe1490509acc9560c49e9352f3ca9e6d3c60a79ab0361e53fce47f0d758d8d872866499df3a8f5417bc4ccf0b6856e775566b56c2904 |
C:\Windows\System32\DriverStore\Temp\{b1a0db9d-69f9-9444-8c6b-186ee7cd918f}\SET8C56.tmp
| MD5 | da35554449881ab09f3692b4f920bc84 |
| SHA1 | 97ca96471c153404a303835b931e8f9fdeaacbdd |
| SHA256 | a7f1fceb672356038d63f1658ed7ab700b300ef2c389fe1e96cd169a0a448c53 |
| SHA512 | 91e4c7aab14327f7581c5f1c238a8533ff366897c80437d94265b8ae6b400e311c30da5997e471d75dce0a7c578d740072da2582b416147535859b3d512607e6 |
C:\Windows\System32\DriverStore\Temp\{b1a0db9d-69f9-9444-8c6b-186ee7cd918f}\SET8C55.tmp
| MD5 | a91b525f9686fe6c3bb30ac95c1928e1 |
| SHA1 | dcda9b4ebf7a2c024518292a44a07639179dc220 |
| SHA256 | bd5c2632d4d29645debdbc51238bd5de6b4fba5d30fb2a346ede60713ec6f01b |
| SHA512 | ed933cc1db3c29dbb57de8ca44ae162f012d4820cf5e836a588fd9dc8dc959c03b1ac0fe9569a89ab16ef5af30862882aa2504d1f7838ea16c3a7c37c4098628 |
C:\Windows\System32\DriverStore\Temp\{b1a0db9d-69f9-9444-8c6b-186ee7cd918f}\SET8C54.tmp
| MD5 | af3c920c92f0688febb19b4805200d4f |
| SHA1 | c35515e4798f560e217ed9208881156b4606b4fd |
| SHA256 | a7d560904523a020f5c2ab82632b3a91692a2bbfb7ce06bd9bbc0cb9fb1949dc |
| SHA512 | a51aaa6d260cb54cd30f7a80d95a1f0d3919f203627d8eaeec6422c70520adee6455f6c0cc2dac468a3e389846b6337673dad937eacb4ab8f73fda4ffbd245b8 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\resources\elevate.exe
| MD5 | 24961e3eacf61323cf8717924f4c2314 |
| SHA1 | 74196223e4dd6f0a08eafeb6af1781a11fe49697 |
| SHA256 | 7817a3f2c665eea26f1f16715a00dbe7810d9955ac041a05921b285c507df54a |
| SHA512 | 8b3303f22c1183541a4dd7a4d23e62ca05021a07f4a674e4aebd1123b564b452294237f383b4678f141bd8e1534e490a13283e3bb0f1d9537144b4e3d462caef |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\resources\app.asar
| MD5 | 8369d9fbfedb113095eb402c4e3a82fb |
| SHA1 | 789bdf48d048391ae8d49c903d0f8fa5f5bc78d2 |
| SHA256 | e878d22ac49f49c53b939c5a7065f057c73c39674422cb74deaaa039ac31c5aa |
| SHA512 | 97828d662a348a10344cfbd83de5260c2e6c6aedb5b99dfc64050611267494d0e1e8e6ed42d3ed3a927cb03122925ca84fa53b4e7f3c3d3d1123163e8f0e555a |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\zh-TW.pak
| MD5 | 31b1d4dc9c0fbabb29c2e32c759e7238 |
| SHA1 | 45810ead9541adbd12f15eb63bf33f932f7e48d1 |
| SHA256 | 54469b7be7f1c7cd972e77d9853813d41b515b2ef8a3824e7fad2646b3ebb3a4 |
| SHA512 | 10e76d0226cda5541a3352c8111b16d59d563e91512be4e0ddcac9b71e0c2f5953ac170d8a23fa1c6d523d3214057950ccb7a67f922921d6c34d475590055856 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\zh-CN.pak
| MD5 | d9be21bde24de1026279aeb67999b1bd |
| SHA1 | 0a0e090bebc5e4e7550152bee739f220f8ad9e9f |
| SHA256 | 6c364baa231f41c668fb15da586568a985fee2b4bb3e611c07ba97675336c013 |
| SHA512 | d376aaa1d38f20e0cf89131452df6d67489711950a3c89aa515570588797c4d83c5dc467773d3af525a551e0f6087fdabbd2ec3d2b48db4b961f2c1e9932f0db |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\vi.pak
| MD5 | 34f3d7788e213b731c0495b2fe45c78b |
| SHA1 | e7a2ed024e61375077973031e2dc82d924ed75ca |
| SHA256 | 2ca9eb9d04ab45f479b392ca9067d353e5472f863d3b784acfcb1361c6da30d7 |
| SHA512 | 48400842614a31f65278e667b43d188dd44e4e9101c7d3d01ad75569d1182cb603ad07168195364ae53dc598f544f438f846ccfc604db208fb29998b292febdc |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\ur.pak
| MD5 | 77ce70fb50d1de7cfdd6b13161a09809 |
| SHA1 | 09d08cfaffbf255a013a8b9727d40c776be51d37 |
| SHA256 | ae2457b6f347d34fa8ecf524d91154ba9b80ee160196d774546c1b8924049495 |
| SHA512 | 7fae3a792a2d64ecbf60ba2b694ddf2b40df0e1fb81b602b878ede856912579b7ea78488bbe998151350df814a8d8b0f3f1299882c9b330d214f9db05de86b56 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\uk.pak
| MD5 | 987144e7837f63de1889492166f4330a |
| SHA1 | f9b5055572eb238b357a7c977c4ceb6f7a768232 |
| SHA256 | d10af321c33d48f5e97abb1c74b76e43e63390b9022bed58437fa4d271283900 |
| SHA512 | 32ae4c6d7e90cc0723ca385fddf36ae88fc803bec790d844eac4c7a67493352c3aa85a49b095178fcbfa4485b9167b6f4dbf0034e7784148383d0084d63fb9e5 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\tr.pak
| MD5 | 8faad383bb39fa15ccc8d07beffa5a34 |
| SHA1 | 5bcd907923c04b310dda718b5eff4115cf42c6fe |
| SHA256 | e31a9cefcbef64d082b77a16a2d5dff11673f74363cf9fc34e36004a62e308d6 |
| SHA512 | 9a604a1e4cbb23d48203d02950465020c6dd5a3556ac6e5ef7dceb0491b8d5c5722b6b73226642f2234885a36dbdcb1f628503b6cf63c84b4a28408d74e82764 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\th.pak
| MD5 | 73bc88a210dcdfb14b6f29d8f86f4f4d |
| SHA1 | fb3392a03cc355aae318902122b7245f2fc13d01 |
| SHA256 | bb8b656b1d2c4cf5f361f59b44abd4809cd774e664dbd0f90b62b97ea125e3c6 |
| SHA512 | 671b90bff006b22ce714971bb8ba87acc4d887f9893709a090a85a8dcabb1ecd72edf54775c77378ae22dfd5ad2880df10efb201b1d4c11a1d304086b8ed3c8f |
C:\Windows\System32\DriverStore\Temp\{225121c3-8708-ec47-8d38-5b025bfa099e}\SET909C.tmp
| MD5 | 5b7b08550e6301040c9f44944ba40e52 |
| SHA1 | 0630f4a65932232bf63d9261b1013f355bc78d8e |
| SHA256 | b138b2b591cf030604976d33c010ff2d5b845b265c6c8c0507b7beb0b49e6c59 |
| SHA512 | 9f8bad98a9e6cf46ea977638a3e2827c4d14b263f4dadd6f3d91303d618b80429fd67ef00388b2c324ad334e7fb4d73527e27a5fb28317b5971098449ab8f02e |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Windows\System32\DriverStore\Temp\{225121c3-8708-ec47-8d38-5b025bfa099e}\SET909B.tmp
| MD5 | 887f0d14c8a2b33281ec31033ac35a0e |
| SHA1 | 26dcf1ea5e9cd19cbdbfffe49ff935c21159f94e |
| SHA256 | 7800b0f48e0fd1b17642307af27c89d1cbaeb199203455ee48b0ce178f090d6c |
| SHA512 | 3ed0046d46482d47f580c0265bd12c8421894c67a3c80e0db39c2452578654785e51d1315ecd98b2a1b83f387e9fd7ce51b626ab8c2ae04b68d637ffad161407 |
C:\Windows\System32\DriverStore\Temp\{225121c3-8708-ec47-8d38-5b025bfa099e}\SET909A.tmp
| MD5 | 2b0aef3f4efd549637bfe7091c813ddc |
| SHA1 | 65b8d07bded90a4f9bdde04981cd5f86e741421e |
| SHA256 | 8d75f1481d117755f9d7fd44ce14a1f5dfae46a1c1cde7162a93eb4ad21443f2 |
| SHA512 | c6be56cdf131496e819798fa0fc21bb04e2224c6c84809ae0f9a0197b104b99e7729eaa486eed1d67044743798c2991182efd68d27366a18121f97adaa8c3c5c |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\te.pak
| MD5 | d7f858c12123e975b4a862c3df05c0f4 |
| SHA1 | f8d2ffbf76883f5f095e10f3de5694c209c47b12 |
| SHA256 | 29e4d010c6b951c129633aac0f55b70107fd24dcf1062c20e263611e30ab4b93 |
| SHA512 | 1d44549e83b0af8d9c1b5826c970eb8dba5e8159c0ccc3586022d65d1e5234b06cc97ee4a9d45d7d944e882f4c5a12947bf810f73c8c064255ac0f46e35799a6 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\ta.pak
| MD5 | 2204d0005209a5a2fe25bb44b8e5ace3 |
| SHA1 | 161d7d4e286d7bff25e3f096923a5a7c7a3cd30c |
| SHA256 | fafe173abc2ca773026b0caa24e693a0ac4c9d0ad7c40258bece10e4714dcb15 |
| SHA512 | 8dc654487702636e28a1fcde05b8b9d2ec71a640c48233dbd5ed0aa174a875e275e310973f7e993908919affb7671282d40a8dd280b24a1c5cd29dc66e4f9abe |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\sw.pak
| MD5 | 8e490ee67f6c53f9916715b0d32257d2 |
| SHA1 | dbf51ece8c770f38019f497bb10966feffde0ea9 |
| SHA256 | a8d904e4871efa01c72ef64bab601e6cb1de216db4a696966e90fe1b733bef17 |
| SHA512 | a5774b930e4d5f6d91049fafdb6a743fda32f670e9aad9000740010d1b271a4c3c881d138e40abfcdbc6bf98f37fb3791007a74d38ac507b8bf86ebe0ee00c15 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\sv.pak
| MD5 | c5bd14d64a64ac7f361e49035405852f |
| SHA1 | e2484e58f524464fadf898ee0a3c972db19fa9d0 |
| SHA256 | 21c7d459c55f255c6da5a6454eafc836a3bcdba9c99c76bad0f0d6fbbe7a33ef |
| SHA512 | 74443233e16ec24814ebc4e16aa5108ab447c4b1d095c2e18ae4cd2d25fccb13a182fda1dbcc286b9f8b07e80e19ab19544fe758efd90910a4eb1d05c3ce3393 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\ro.pak
| MD5 | 3e9f9e59dd4a782ff7b1f1106df6c88c |
| SHA1 | a0694aa9cc39e1aa5ee6b0cccc0de76b14a8f808 |
| SHA256 | d56825b2ad81fa419b428855d8b3cff01015a446b7cc989d7b17fe1b3b5f45cd |
| SHA512 | 7e03875cc9b5c01838af6b470c541cf7f2402fbbd1b50bf0634a4c26fe417c85d59f53112e1013425d26dd2664c83181591baca502c259e513445a6ea2fdd18c |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\pt-PT.pak
| MD5 | a0e1ae3d3ee87f7031fffd278cce007b |
| SHA1 | c36d4e8db6913f021a0be1d9b8a3e8a13943359b |
| SHA256 | e5c382258030217591f439a4020069378c3362677258d5129c69ef8e25abd6c2 |
| SHA512 | bad63254f3a4fb65a9e7cf00587985cbbc93fb3fc2b48735b59fed3c98ebc1c51fd5e8394209f86c6040d05663b677b6d468cd98920f9b088c6fe1cdfea7b47d |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\7z-out\locales\pl.pak
| MD5 | b5fa6aa430ac5ffbaf172627733d0a28 |
| SHA1 | 22179851889ee0f30097b0ca7417575f91c9b7bf |
| SHA256 | fb1dc5b556f59b6ad642167f1df9e654517ad494559eb3f441ca8f79d56a86e0 |
| SHA512 | 80dda2de947cf5e2084bcda6623b83ab7cabfbcf5e6fe4d36d3290ee10f18f7be897b29bd3ac9f5be72572e04a7791e008532dee68bdb9647b20532fa38cb386 |
C:\Users\Admin\AppData\Local\Temp\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}\.ba1\logo.png
| MD5 | d6bd210f227442b3362493d046cea233 |
| SHA1 | ff286ac8370fc655aea0ef35e9cf0bfcb6d698de |
| SHA256 | 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef |
| SHA512 | 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b |
C:\Windows\Temp\{7BCBD610-83F9-4224-A570-BD5524A1001E}\.be\VC_redist.x64.exe
| MD5 | 464799b58f1090430afa4aa6183bedb6 |
| SHA1 | f2b3d878516031e4d968fa8d7b160a14e51688e8 |
| SHA256 | 42305b0bdfc29a9b03bbbf17b0adc12146cdb37031ae51029b440d537f714571 |
| SHA512 | 7ab70eb7fdcc107bc41c345b8ca7414ea40f7c3b566614d7767d5d9d93b84cb73d14e447b8a885ce71fb1c46a2469b825a56946a1ef7ac0f8ffdd3110f08d97b |
C:\Windows\Installer\e5d7314.msi
| MD5 | a074f9ba7166e1f8ad9db84ce76d843a |
| SHA1 | 2a36a3d8707f8b4fec94e26ec6e2a5df721591eb |
| SHA256 | a3ba9b962f0e5ecdcfa3f9ff7b25bf7b61d78abe5f393ee45f71ef7ce0d9d497 |
| SHA512 | 8ef81f2680f2b2de0453f2f2e8f209257c38f0e243a55d478a0085415af1483771741b09009eee3b1b78530016ca53c38b00918c5a6a91d947576d3b061bd31f |
C:\Config.Msi\e5d7313.rbs
| MD5 | d2653c10ae41db734bc3aae5bbf678ce |
| SHA1 | 37c5c8465f56dd9fedc57b24cf3087f80259c454 |
| SHA256 | ba2bcf9f67664a6814fd9ded322672829ef256588a995a3419da05435ef8e366 |
| SHA512 | df44461a7ac3e87672e2382d79684dcc648e6deb84ddf1ed073cf80f1fab022a586c315b224a256d89f5928eb8733b13c46e5dc2011a30971a21cb94f41ccc90 |
C:\Config.Msi\e5d7307.rbs
| MD5 | 718c4936a6508e9433e2a868987e9b3d |
| SHA1 | 9a6de8d47d87687cab1e33ae7159623f7026654a |
| SHA256 | 3a73c9578c89544af3752157998b297c1ab873f032404cf02358257d476ee07f |
| SHA512 | 3f830e55ab92fa72b67aaa739c91ae3ccdf7097289832c4b967f91ded5e109b94722a6376b258a0d02185c1d4be7313a42b440db2100c030777ea48303f4e8fd |
C:\Config.Msi\e5d7318.rbs
| MD5 | 14803ce479eb102bd6681bcd97f382fb |
| SHA1 | 161fb9442b84084dc0592b7d25b591647584607c |
| SHA256 | d6ddda3bcebc16decef7d47ecb8f593d30d1ddfe924ab99dacf6dec103cc4f6f |
| SHA512 | 21c2a0a53215ee270d15b08e5aca2b85c1e80070196b456539d08da0594d2b0ad64f4a71b3dcda8afb74b517f57e5150a5304d752bd5a3e817141d3a8cb9d84f |
C:\Config.Msi\e5d7327.rbs
| MD5 | 4eb97406d0ace45590d2b911358dc7d6 |
| SHA1 | fd9f6ee35b97fa1a804f2961eda94138a61e99f9 |
| SHA256 | 7f854b8e9e95acd3ba3db6d0f222989cc02e113175482542f3c9058e80d1bb33 |
| SHA512 | f44fd2a3c44b01597351712f6931e7bb42d394aa017c0ddb179338162d902d255b6c3e71bf8ee49aae7002ed6d5ca5e7fb7c89c88d311373f1bbe20129fc0e65 |
C:\Users\Admin\AppData\Local\Temp\REGD506.tmp
| MD5 | f42861b81e83483cfc09d908f07221ad |
| SHA1 | 4b25216d23dad0fcb82064b855ec4bfcc896128c |
| SHA256 | fd82ed8808aed6aed3520877ec80a53d92511193680caf13dc3ddc74a895041a |
| SHA512 | f4c34f9d4b420307188e10ff39d4a669056bcf34488b8ec93c4db858dfb58e3c2fa6a222f974081c871a5bd0044cc5728a7bc4477104bebb19e5acb8c8756805 |
C:\Users\Admin\AppData\Local\Temp\REGD554.tmp
| MD5 | 1dcabbad0bc2c18ace0bcebdfaefcf7f |
| SHA1 | 4eb32e363cb6b707693cbdd39395e6cfd64e0786 |
| SHA256 | dd748e062c99392c060afda9a9e1587bb14f7499c59f6d0108d4d0d65b4ac893 |
| SHA512 | 459d72662b4010dd4958ea0781635da8693fc68901c89ceaebd8f4896eacf8ceb50e8a053cf0901f344f8a87e803cf7161aa6220d8bf3be53950d941ba29c34b |
C:\Windows\Temp\{063F7EAE-D7C4-44FC-AD8C-490029E3285E}\.ba\wixstdba.dll
| MD5 | eab9caf4277829abdf6223ec1efa0edd |
| SHA1 | 74862ecf349a9bedd32699f2a7a4e00b4727543d |
| SHA256 | a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041 |
| SHA512 | 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2 |
C:\Windows\Temp\{063F7EAE-D7C4-44FC-AD8C-490029E3285E}\.ba\thm.wxl
| MD5 | fbfcbc4dacc566a3c426f43ce10907b6 |
| SHA1 | 63c45f9a771161740e100faf710f30eed017d723 |
| SHA256 | 70400f181d00e1769774ff36bcd8b1ab5fbc431418067d31b876d18cc04ef4ce |
| SHA512 | 063fb6685ee8d2fa57863a74d66a83c819fe848ba3072b6e7d1b4fe397a9b24a1037183bb2fda776033c0936be83888a6456aae947e240521e2ab75d984ee35e |
C:\Users\Admin\AppData\Local\Temp\REGD68C.tmp
| MD5 | c79ee81cc081ec96c4b07562584e9431 |
| SHA1 | 0232f6fb9b7b980a3c39c3a88d05094a79cbabb2 |
| SHA256 | 3059e3fa7a25c503e4133b2dd7ee91d70c63f29c0c67b760d4c3f3ea6cdae040 |
| SHA512 | be5992ef82487e75cd45375221f3b984b8291910cc1c6f939df4ae6eab5cfd3c79fb391d877f72643a6174607522ec3bbc40817086b30a6fe09668f9fcb30f87 |
C:\Users\Admin\AppData\Local\Temp\REGD767.tmp
| MD5 | c3047ec19fe673d02a9d74d9a9d4deba |
| SHA1 | 87a9a959f02252fb5226333fe7b197aecc9dabb5 |
| SHA256 | 6f9fae20e0186b6a5b6946538d57b4ded658ab804f72e6e385e9ee717cfe3fbd |
| SHA512 | 3c65a1fe5ac2f3418dd1acc74e671dee1caaef5b44b1843f522670640fc09116db58e968274cdee461f9776bfbd60684628613680d2d71fa9d24fdf99c85d33a |
C:\Users\Admin\AppData\Local\Temp\REGD7C5.tmp
| MD5 | 53436c54d16643d3b8392ff1950d7ad0 |
| SHA1 | 5d424e8bf8a124027e6a5b6ca8f906ef362be36d |
| SHA256 | 15974ac707fae6699af8272c359b92feaa7e3f26a686db8dc8681680d6744c01 |
| SHA512 | cbea6970d29ec256fda4bd1c9acd9484af6cb748ee06cb41d56c1be450fd975b03ec08ad4626d5f5223cdcc7c3c27415736399c5c5749259ff55db1514c3f648 |
C:\Users\Admin\AppData\Local\Temp\REGD842.tmp
| MD5 | 728b57667503be88e891a7bf65cc5415 |
| SHA1 | c925a86437174659764cace89f7647ae54e2ce13 |
| SHA256 | 2e143832731a0893e404e38449c5d5749124b3ee622024471a4953fbc790afc5 |
| SHA512 | 025d29432057b24f40e8f4ec579f103dfc4aec4017ac1c79948ea10bc07ed09494d94fd74316afdd8caec870bc946c170b6a0be5fad0618c07664f9611232102 |
C:\Users\Admin\AppData\Local\Temp\REGD8BF.tmp
| MD5 | 84b4cc3601045035b52a2655e7978ec6 |
| SHA1 | 0a5091a61928e5cd971dedaac06ea4ca1913d7a2 |
| SHA256 | f210e60e8556ecd1e530765d8411cee1bfaf71accd7f9160c9a9f8d6279a7c5f |
| SHA512 | e970959d2a3d06056c428ff6163fc5b512217beefc0676e602a56ab985084780e2de5886102c75e27e92ce47a4f13d011b21119662d4707189e5f7e0abcc3623 |
C:\Users\Admin\AppData\Local\Temp\REGD97A.tmp
| MD5 | e42c48c8d41e7dcead3eb97bb12b0f67 |
| SHA1 | 5ef9deb6000a41ed7445e4dcd6bc1458d623e18f |
| SHA256 | ee9ec015124ef5408d8a560ed740b8c6a6dd1adfee340a865aa40d42945723b7 |
| SHA512 | 98ea23b7c27c8c9947c43aca988739bd5b1dee945af7d0ed8d55c0e7ab140c714c50e3196804d3aadbe5d52cd5109aeeb2e52d650317bff83b078a650b40b16d |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\SpiderBanner.dll
| MD5 | 17309e33b596ba3a5693b4d3e85cf8d7 |
| SHA1 | 7d361836cf53df42021c7f2b148aec9458818c01 |
| SHA256 | 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93 |
| SHA512 | 1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298 |
C:\Users\Admin\AppData\Local\Temp\nsh596E.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
memory/7308-8033-0x00007FFCCA820000-0x00007FFCCA821000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
memory/5756-8089-0x00007FFCB7880000-0x00007FFCB788C000-memory.dmp
memory/5756-8090-0x00007FFCA5650000-0x00007FFCA566B000-memory.dmp
memory/5756-8091-0x00007FFCA55C0000-0x00007FFCA564E000-memory.dmp
C:\Users\Admin\AppData\Roaming\Feather Launcher\Preferences~RFe5e172f.TMP
| MD5 | d11dedf80b85d8d9be3fec6bb292f64b |
| SHA1 | aab8783454819cd66ddf7871e887abdba138aef3 |
| SHA256 | 8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67 |
| SHA512 | 6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0 |
C:\Users\Admin\AppData\Roaming\Feather Launcher\f8925a10-4c1e-41fa-a32e-e5d432c6aff0.tmp
| MD5 | 58127c59cb9e1da127904c341d15372b |
| SHA1 | 62445484661d8036ce9788baeaba31d204e9a5fc |
| SHA256 | be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de |
| SHA512 | 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a |
C:\Users\Admin\AppData\Roaming\Feather Launcher\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Roaming\Feather Launcher\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Roaming\Feather Launcher\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Roaming\Feather Launcher\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Roaming\Feather Launcher\Preferences
| MD5 | 76198dd44d1c97b1f437780e85609e40 |
| SHA1 | 48de9d4f3cecfdbbddf2e5ab06c05baa3916c43d |
| SHA256 | 741b0a738d8d7a5840b866d90032cf7ece7d9d7565d3726a7a71ead3e2d2f949 |
| SHA512 | 5da4f0e3568260a56abc234e32b4df88fdac43dab1422f56695121eab41f496698f1fbf1ea53584bb9ddf758d41a2b0de1945c9c3e42f20da38971f730073052 |
C:\Windows\System32\catroot2\dberr.txt
| MD5 | 0a17ff16905c9a930e634ef76f2f7a69 |
| SHA1 | a2606a850b25179c5bb343c29fde4a84d5125862 |
| SHA256 | f2fb0b9234cf219dda745d59c39985cb4cf60c49b5c2e352f7de07c62a86e91c |
| SHA512 | bd95068e26e936e0a82ad976b8af3767620555c83ddb8db2f08ce7dd120490927a6f546504d26475746f3685b8b2b67900008cc6d56ec5380276792d02c75a4f |
C:\Users\Admin\AppData\Roaming\Feather Launcher\Network\TransportSecurity
| MD5 | 70b1b0d699317e8ec06193f1b5c8f87a |
| SHA1 | d21ccb50d2024118fccbf84390189bf570ca1ec2 |
| SHA256 | dd8107d64134419bafaa46d8288a7c7abbb063d201420a32f750e1a5505d97ff |
| SHA512 | 57456119954ab1555ab9fb495b4fe7ca72afee07d5af4dda88fab7b38ac3d971ae65e43a9f3c19cc1d67eabff784235c2535da3c0bf204a2c52a60513f238cbd |
C:\Users\Admin\AppData\Roaming\Feather Launcher\Network\TransportSecurity~RFe5ef5c8.TMP
| MD5 | 0b79a5832f1204fc864389944bc90593 |
| SHA1 | 05fc79e6f88999737dea471544fae71ba57819f3 |
| SHA256 | 8eecd08eda6a90f22938d7dc27518174aad1008b379c5ab665e5403b480c9d07 |
| SHA512 | 5ef5ac637df6ae9bbe37ee36d657b810cf28614f36c797e4a7b887006bb0c7ae416e84bca9236a606261bf42b2045419744d38e660acd4ba85926e330f15b42e |
C:\Users\Admin\AppData\Roaming\Feather Launcher\Network\Network Persistent State
| MD5 | c7e3450897198bb6600fe0ebcb19cc3b |
| SHA1 | a20e9d5babbd583803fb8fbc2a33294be8726151 |
| SHA256 | cd344eb6865d34b157961db21d646459b20c2a54c02734a05167d7d6a9a01d33 |
| SHA512 | c7871a4707987c96b5df87ad6ba161eee42cfa73292f964edfb56c10ccf3628c5369c8cfe1a0cc6a27e3c68296bcf6e1b04ffce7ce4051f2fd130024f7c1c030 |
C:\Users\Admin\AppData\Roaming\Feather Launcher\Network\Network Persistent State~RFe5f00a5.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 002b5847cee71c089328ca6cfe8e5377 |
| SHA1 | 2f2296a9e9b54f5b53ec0243ee6ab273773245f8 |
| SHA256 | 7dbe4734e4d43573d2519c63a59a34fd5064753c47cfbf74c3478fe506a4f89e |
| SHA512 | 57f7f8bca1eb9b23f0c7a9f786cc01e699492c519197e45352a11d75eff9beb998a238aa569ec87093cb661c928c2ef3083581e999f2e3ac430abd8a3a8e191c |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 8dd134728bb0fa32cc865f934d9abd64 |
| SHA1 | e1843d3ae1059d3c7061e47d9c6956c72e79b891 |
| SHA256 | b12130e28259e5efe82aa3e1123031845369275c48d2a74cc8a5147524ac2949 |
| SHA512 | f882fdcbca5c75db81164c3b6bf8d02fae1eeac7205b82acc36f1968ae1b965936bb39faabe80684f6a0086187b844a5d16ebd48656cb51a216c6a311285b601 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0b5312ac28e770f500448c8eb14c055b |
| SHA1 | c60cb61ddab1403e0e2a2ac689cfa66a1319b93a |
| SHA256 | 24951a8b1407c521b41f7f9d45b0561a537631a29d8043288189fa0fdabd9936 |
| SHA512 | 2f457d9a91b318d5b03b62a0ae02d2b75241b9650025fb9e0895cf9d5475645cd1423fa8e5ca8e0537a069c5280d8a72d13392cb566b9599d70f0cee33fff735 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8f45a9af935399ff40d76bf086b218d9 |
| SHA1 | 9af1c062be3da5927aa73dd73297b2c22ef9d43c |
| SHA256 | 6aaf0531613f19f714283226ea72665a38c7dd741524d145a798701d6b18f990 |
| SHA512 | 18aae1e717affa777b04a1c1c846cc2c4faf069c61d4513ab030b34f94a9d2691c79297e54f3d958049b2d2f44445f92b0fae898a626b9451829beacbdd218f7 |
C:\Users\Admin\AppData\Roaming\Feather Launcher\Network\TransportSecurity
| MD5 | 449663b534d6e9c038b3e91d8d83daab |
| SHA1 | 91d63d451bceec7ca0c60559cdd981c718f5f7a5 |
| SHA256 | 6d683cd26359f578d61e22b66170dec2b033d3fe0c12797f648913b81c989d28 |
| SHA512 | 60a3714a4d526c94fb95848836e68b0d20b8bbdb41fbd19732858515ac00264c50dcb66f6b6f6d157a996b6dcfc39d2ca02d94ea79749fad68b545ab9b7db3e0 |
C:\Users\Admin\AppData\Roaming\Feather Launcher\Network\Network Persistent State
| MD5 | 9eaa60018cc1f49601cd4b5ed4ba2099 |
| SHA1 | f62f18396b3101fe4869f4ad8c805168eccf1d8f |
| SHA256 | fb2f590d9c7d08d1c992392b957ecd254974223012328371d3357fae2c239bf5 |
| SHA512 | 5c2f77699a4dbe25adb68796ba4753b54726277bfca3b93636978023095c18c2e1a5a18e22c7b490fa0ecf8d9e36191a426eda54651d8ad254dba9e67ec7aa70 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ca874aa1-c8e7-4aaa-ad66-342063748953\c31431273c7b90b5_0
| MD5 | cf39eb736d1da5035f035f38f84585f0 |
| SHA1 | 022ca781adc6cb8214c8b357bee009733baccdb5 |
| SHA256 | 2b25170f26b228b017ef7d78f7a8b0b1f36fca92e6ce6a1942d95ede7b07b4eb |
| SHA512 | a1153959adf03ec46c38cd12d7e406f0358b8a2f62449e68ca22945b8757013162bedea9e4b69e7a9864a38f6e90ba01655d97ce9058673b324ac148fc9e7d0f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
| MD5 | 6c014803bdf26dcf574689a822b8c59e |
| SHA1 | 37e4ae331aceb576b9ba5d4d1f965f4c08c31e48 |
| SHA256 | fd9553aa6dd036333771d334b131aed773faa84ebd0e491581dd53751041f876 |
| SHA512 | 97977ab67c327a63a20be6800795bb351da0713240ef30e843d4004eb18a80ed3f88b00f5c14729da1e50a374c1e3960c004492096ae1a0fee555074854a81e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ca874aa1-c8e7-4aaa-ad66-342063748953\23c2bcaacc07d8d5_1
| MD5 | 14fdffac497957f76b607509d79be383 |
| SHA1 | 77fd74d44dd55e7677cf07c9d5f29ba560f7caca |
| SHA256 | ed3b8a691d488292750bf6b1e338b63993c7c863e07c3f29d73a45926412e956 |
| SHA512 | 4fbb1706d9bb63cb8814a93b6f0a046bf71b70dcb5ca3a48824b4fdaccbdf0c2d78a81f38dc80f8485a86345f52da807644917b039be16e149f6021e148b2943 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ca874aa1-c8e7-4aaa-ad66-342063748953\23c2bcaacc07d8d5_0
| MD5 | af730d95c1b7c98ea042565b0435d066 |
| SHA1 | 02498511ec8a16a26c64095c474877d1d9e5ada3 |
| SHA256 | 3a4680bab7ece2c16b7e2aac730cd175d92e8b91c5b586a0121d6c5ca86f1b8d |
| SHA512 | fa370536834cc5d25cfd85c7bb14d824a64fa909ff41a790735cd4c935ad0f349feecfe0230ea54f7ee468210302618127bc1819e93a489b05a3ed7eed79376b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 49093b5d5416d3cf90f6f9ed04716802 |
| SHA1 | 3891735423710acc7204c061b3ed2160edc12a4c |
| SHA256 | 9f81879873413ca0810e1a26fb0fabf847e21393706fe4e43ede8dc88a20b074 |
| SHA512 | b2b3311ebf381922c73b4f69e953280c0ff6ba55471e01f588377fdf4e8b82e09d37a102cbec4df12548c554e0a6b3b8e2fb6c224ccbff21ce7b3cf291d6edf1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 28c4b9d5b7dee93b448a1d5c467f075f |
| SHA1 | ea872dbf37712a2dc01d29481fc9e7a578b6079b |
| SHA256 | da9df256f19d770513af343130b40026bde9baa9c27e51361b72ac67c28afca0 |
| SHA512 | ff55c1024572b7e2e5d98467e20957a51dd5d08f1c89ef982b554a98aee93e62523ab251655b5f8fc25ea062027097af44f40df7ef3a77217253dc6f47a4c217 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 89ae41bb33fad63e3d4808322f6d0776 |
| SHA1 | 70c782c99a6ac59a86163bf1cc0713e584c56d19 |
| SHA256 | 0ea995a16c01c0fb9c465d10271e9c8533b7f4191a0a7ba4deb0d67c4038e8f5 |
| SHA512 | 98d8e5c76250f02a17756b627d56a3e61bca0ffde933e0607c9fb775686464af40385d08d274472bedb704707f263352c601ab973943fda76a9e1f50b306b2e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 47f0c8d6fa44f68bd1d28cebadc09779 |
| SHA1 | 818e19177208eba68ffeb029836298f71ec981cd |
| SHA256 | 0c1db589b1b64cef73cfd5eef6181a2dcfc025bc0522f16fd7b6e5606273991a |
| SHA512 | e560ec127d76805bcdb820f2c777b1ecff60fea7b98d3d5838136cb7910aa969a98aa8688829e4a7641d9c220ab5ad7685951abd6060398c8f3b77a18abb26a9 |
C:\Users\Admin\AppData\Roaming\Feather Launcher\Network\Network Persistent State
| MD5 | 1111f26531817040c5c3bcce2b210d8e |
| SHA1 | 2c7067ea7ac96b16c836f3c4f2bbafe9a8ed5896 |
| SHA256 | 8e83f0c4166d08b1f9e922ef8028c3a2dc7d86388f4cfe76a99bc43957f39eb3 |
| SHA512 | cae2f1aefef10222bc4285156f404a94958a3da4dbf1ca200a75ef9341b50d162fcf9478815146488a51a987292e984930ad4d67f6a613b5ab78e6d2fe5c1f1f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4fc31585b5b0b80a9029cbfa09108ed5 |
| SHA1 | a523dca876f192c11a16a74acb50b875d9ddf1cb |
| SHA256 | 36a2d7ac2ac32d49b412472dfcf61b9dde090738a9991bb13c38f5aaeae87050 |
| SHA512 | ae5996bc36ccea2cabed2956faebd14d4caa1dedfe63d4af22aee2946125bc148c2f7706a7df1cfefa9d83fce7887f263a6048ad4b846834936c627f5d12ce19 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 80e4f4c93c6ce18340fdc47ce90d2794 |
| SHA1 | ce0d4dc732f3d31be1fb4c3e3d0446fe1dffece8 |
| SHA256 | b783ca2961ad4dacb7d82d73a5b9d8c15a326e710e146093bb4a3f6b93f43537 |
| SHA512 | f0cb41a50cb58349b146236d74de3dd47cf67432d7e3d370a63b9bb502e3e746ec5898a07565f89b1f39a15c35e22f568e39442b944436b7b4c4b5d636265c0a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000168
| MD5 | 6983568534e8cd4d346a2638a0892bf2 |
| SHA1 | 2df1d616ae8f4989dbe9427848e5974b195e0a5a |
| SHA256 | 02043e5d2b23f9582ee2645e55ac26e556496bf25f15d146eda049af1f8553b6 |
| SHA512 | 11a02ae3e51eea6768f8274178feae2da5398e6c5f62a5d34146ca7edbdd484ff85e59a2e1c61a8c0e1a1eda8af8f9fe9d5470cd357c2b424719b41eb7effce1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 89c9d67e734a15e9fd86c0a4145da8aa |
| SHA1 | 1fc4ef5c1a4710a59aca0da88310773a3e45512b |
| SHA256 | 85a58c25786d22d293e5cc290c87e8b9d54b82ef62b5fffd767851c05f95a4b7 |
| SHA512 | 9f199f4f3a613415ec09b8dbc84f2d07f034dcece7cb75e9fb69f22f384c3a753b8ea9445e5d0941eaf3dcb667b754e3ed85265ced40601f93a79d4138612615 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d19766b9cc03c307f5b41620bcbf1459 |
| SHA1 | 91cefb3285d8a8cd443957dba85af10f2c12dbd9 |
| SHA256 | ac86e3c7f3c973aa7db50ff01ed28a4e8bb7b5cca66c4a4292c098eabc0d476b |
| SHA512 | 6db01a0feaf879d616f5648fcedf679362d8660eefcc3492a57384954a9fc89c7731f8bbca1b69614e629a70b45856861c2b235777303de56f6ee8e717859a30 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | da3854402f56c6df3944885431c4aed8 |
| SHA1 | 0f29f088ebeac3d91485605d9290e46800af3158 |
| SHA256 | 29fad9b9128dfe4d0a82dbe5c10fca9a4735783ebb7627fd7ea82b7f22e199ad |
| SHA512 | 5f63a21e46fb799d18f1e2b763a14d62d34b4835cac6bd59aeafad01bb5b1f1c63fdb0a65921daf9f5c120e07df29ffa85838884b6de151b10bd80b8d3ca3455 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f3258c697f6957a2515f56d963e2881a |
| SHA1 | 3422756cb1be6c60c63c950b8271241034e8e5d6 |
| SHA256 | 87244d4f2c69d03222eae4a4486b66138a91bae220bf6e92e52441479875a14d |
| SHA512 | 81c5f9abce2f306dadd893bb5da2575c87baeb6a4dfd54bc9b5d11482cb61b17386e03b4e408c2ec9e085d48005b04593818ab8e207ddcf42be2f2d69b0d7988 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000147
| MD5 | 4db5ed265b89eca18f703bcb8a39ef2e |
| SHA1 | 9fbeaf0375e32ef2eb6a52677ce39cdbf7618670 |
| SHA256 | 5b31205b36dc55af6f85ed761eaef9c18e0712bfe59997ab291c9ef98090948c |
| SHA512 | 828e3f3986a33c882dbd467c298c4adc0b29bd56d717468c27b5ca06b68d7e92e4e6e65f19a4be991a5eb18908d29b53853d23cc2596d47f83ae7a0d7cca450a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000158
| MD5 | c4af52263ab18fec54aea9918acea1d3 |
| SHA1 | 166dc27530074ff818ea293f041dae3ee563738d |
| SHA256 | ca788ffc18fad2b1109bbfdc5986bf5d27bc087fe83e5b301b16098cf6b0dcb8 |
| SHA512 | ab6ccf1780d21513af20b702f3b37470ca0358e48bd70ce402e9a878aea476ac7a97caf1902a5bc0b98b5e66505b58792a4ff14dfc3f03bb4357db8a7cf48c54 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a892985fe2a20052a9748b2736bf9fa3 |
| SHA1 | 88fb8a40c40cbb978756ab5217c40f39e0968f13 |
| SHA256 | 53acd79524af2cdcbb2efef8be99ec6e789b9a14752ce492f7224fd5edc32fcc |
| SHA512 | ab61fa23ef43193ac6b46c7dd91ad69be57591e558e21b67349080aad178269e131b836d520f3533dcee844111f5ab2c1c2b264dd1391da48d091258eef2b43f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5e567f8be59b760dc9a49bfe66d8ed47 |
| SHA1 | 06a2db2225d38429929bb69aaa03dc01c168deaf |
| SHA256 | 04e2e3365de2dacdeb53a1dda24176c2b1797cbad5984110b117085fa15648f1 |
| SHA512 | 8eb9b3de721686e6b17ceca23bf5736c75325f688451b6db14803979e29def98003c099558d5905c446d296fded395647f110321b3b01a9b1963b86c2cb24ec2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ee3579f1fe09e7bcec2e5ff704f67786 |
| SHA1 | a05e50a71ab9201c62e530a10c8e6200454dcacd |
| SHA256 | cf6cea994ebac6f412df2a1d6d8c178901e76a3fc590707424dee5649d518e5b |
| SHA512 | 419379aac28d31bb68ec85f316d8a73a365be9df740b440f24151fee19af1b44db230930d38169114b20fc5537ccd8ed325c46b27197f5c4c0a64568e1f6093d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000164
| MD5 | 01d5892e6e243b52998310c2925b9f3a |
| SHA1 | 58180151b6a6ee4af73583a214b68efb9e8844d4 |
| SHA256 | 7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d |
| SHA512 | de6ca9d539326c1d63a79e90a87d6a69676fc77a2955050b4c5299fab12b87af63c3d7f0789d10f4be214e5c58d6271106a82944d276d5ca361b6d01f7a9f319 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0001e8
| MD5 | a96ca75ab398b0e3ff07bf947cc72cd0 |
| SHA1 | 50d67ed2da8f79b6e4a4431a0e881acbb5faef07 |
| SHA256 | 762ed5358929d4facf87afec42b21d88dba6374c7f21e2b6c80eb31ffa186731 |
| SHA512 | 51e17eb2a79692956b0cde9ba501b05b03f49d53cdd2f6cbde7d37874cdf379ec4a803442c68a01c14d1592e37de360baaed93a67a7b2334f481adade9bbdb76 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0001e9
| MD5 | ed7de27114ad06dd53ef89708ded646b |
| SHA1 | f034401ad056ea6f1e96ca2014f6f36289c6a371 |
| SHA256 | 037155352d2553f37e170e68bf022b18be7bffc5821077852d792e885f6552ca |
| SHA512 | b769bdc91469bc8e28b37c192f5243b7bd4d3780557e69c1ac6101756d770ae139b3455fa31a26265d888b443cf84178123fb14ff5a2c09e6c56df31ba24ae2a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt
| MD5 | f135c79b490938186451f815e178c5c4 |
| SHA1 | 0377ca60a1149ef2e02923dbf1415f1827b788fe |
| SHA256 | fbad4e8a2c4e45b06c5ec840e68ce1f896cbdc8db24eef04770a7db8ec9964aa |
| SHA512 | d77466a2ed057616df41f6d684ca308a76dfeac02448753f59875d6a9a37f1a90ce8a602b3a84895f41686a73fcdb9a3e56a0c829689a68283452436b0a4885a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe62dbd4.TMP
| MD5 | dec2527883990ffbaa93b30dff7b0639 |
| SHA1 | 71b491c8db08460d3753d659a996c9b1647c474c |
| SHA256 | a62c7958700c38c2010e2c8a5c63ed6d47154b0f911eab2da28dd49dd49b8899 |
| SHA512 | 7a189ad11e074aa8b33fe51de204b56b6521553d62a88928fe1801f705e80bfb0815c2f1049887a5ac2f1fab70cf05e7933495c0f37c1f5c661b46543320d756 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8c289e8c0b610577127663e8d2ae80e9 |
| SHA1 | 392248b2593a524df59a658b2ef254c40be87f49 |
| SHA256 | 05d415455259879bbf21380edef05a91b7818756caf062b0cb03e86a961e4599 |
| SHA512 | 29d3cace6b52b7a906061587fb218b6613e3d56dde875cbe76d6d6022f55136dedc7bd433ed471313370ba471e301f7525a7723f1cfe3faec0f041ffdae68f24 |
C:\Users\Admin\AppData\Roaming\Feather Launcher\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 13ac2f582d3a3add470af6411cdbba7a |
| SHA1 | b285d37808f03635e80c839d75b192fd37d16258 |
| SHA256 | a6a4bb2879e2a3dde3fc8836c8915ba6c8724cbb8527d7f8e287b6ee156698e4 |
| SHA512 | e7699ab8c37bf55c9360cff422c4a416feabf83929dce64d88d393cbff8779b6eba44d510e68e75e75fcc2464bee3c214e1f04090fe75836cce42ca9b0fdf74f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 351360c3eb510a79f009bb98bee79d8d |
| SHA1 | c9fb97302f72bdadbe5b5b830f2a47b1234c1d7a |
| SHA256 | 95ea975928049f1c8b9ddc051cbff93dbafb208bccc78de2d567e818338c10b4 |
| SHA512 | c29a0539d7b6ef1f22e0a587f80a3ce875fc2044ebf74df2e097951451c2731ae5d7a2e360fb6751e7360399979be3b1d806673fb7da2ec90ab2afc8d18d0521 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c1f4eaa7b0ccbd8ef7952490d62d88c3 |
| SHA1 | 7e4cf7fb1d2b82ea76229992b06580a2b679a071 |
| SHA256 | 4e719a460c8f7688324d30291551ee0743cbb8be49e123187d58f956e29f4439 |
| SHA512 | 219be035df0485a7f85ab99d167168e9004f0f28919f940a7c855864c576f38e8f988084317ebbce4bad1fba9cf9532f9f3549fc176ce1c15b536b33e1c6acab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0056319488e0fbb63305763852820347 |
| SHA1 | 17f8b482aee8e06ec594f2ec8c6dcfedde885f6a |
| SHA256 | 33876f913d633590fae5a4f2baf38851e6535abc3a724de46c53d9c39c467d65 |
| SHA512 | e425b171182a1454c7375857290cf388f7b3b3b3cdb68faad6f18fc22b523737ffa8ed921bd70b13bfb42c7cb2fff6f9052281b96e396113ec279ff314d332d6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a81c6b34418dcedf8c4bb5c56ae23c54 |
| SHA1 | c988d942611f81d51e5123b16c4f4b9e19c5d7dc |
| SHA256 | b250c4cba08cf4d50c7d6137080db7d2e060d5e0b30d5d3a0019df5d02f79767 |
| SHA512 | 703339452517d65b15b1cc7f3b7f4475cfbe36c6ba49faf5bbd691a0a546d9a3ad7605096c441076bf210960563d78fd7c2b7db9318470880070abf9c0e393dd |
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
| MD5 | a37cac76cc02bf62462a514281e29047 |
| SHA1 | 5b430683926059ef58df924fd87638abb2d82eab |
| SHA256 | af4f0da458195e016f0a5e395df89c36f005bf24ca1ddd68a35373ba8ff66734 |
| SHA512 | c94ffc5ba4a4abddb437f46115f1eb83e3b6a51224860e337f4286edd0e8442676f3b999a28234c34f61f983cbbc2363fb953306dfe1ef98d710752e0e29ef51 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | df2f351166813b8f59f060a11491e218 |
| SHA1 | 4aeffb2dc0be42821d74891969f1f07c6c18352c |
| SHA256 | 59ffa56ba9a3da9417401005f32ec80880ec7fcd66e6aad85aff8f96b3b46ee6 |
| SHA512 | 5735737fa33d8ba4bd40a3384770ee301d545ffb7b34d84b3125d94f032a09c44593421360e03e6fae50ea3749f58942e20dd188b4845b802bca59da848661fb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKFP9JBL\BatchIncrement[1].json
| MD5 | bedbf7d7d69748886e9b48f45c75fbbe |
| SHA1 | aa0789d89bfbd44ca1bffe83851af95b6afb012c |
| SHA256 | b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61 |
| SHA512 | 7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bc49c32802efe4045ecaeeda8bd18929 |
| SHA1 | 3b4e00184a3cb955ee0e0aa236040fccec8ea87e |
| SHA256 | cf53639a322f6bfe0c86ff79228ec30606b74800d8bc22a626363ebdbf0fbeb5 |
| SHA512 | 03751395473b3c638a897a9bc3e559753d6e4d673c170386e6e148521886637509277ac20e3caa46425f2931317298aa84393b4adee0318baba6c2072262546b |
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
| MD5 | 4dc57ab56e37cd05e81f0d8aaafc5179 |
| SHA1 | 494a90728d7680f979b0ad87f09b5b58f16d1cd5 |
| SHA256 | 87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718 |
| SHA512 | 320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | 0924122cee858cb755590b92c2ea0caa |
| SHA1 | 988346bae9305900099848a9794596611716e185 |
| SHA256 | 5d32283e240c80da06a10b5f35b62e67db2d72e5c1f55993ef36c08251a257b4 |
| SHA512 | 3e31b909484970ea28bab95f05b0e3ee6127e795f0e478c232570670661f16d01ddfcd312e6df2a80935bf9b84ea2f688196222e5419494c3ed0794338beda84 |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\114.0.1823.43\MicrosoftEdge_X64_114.0.1823.43.exe
| MD5 | 98d0fcbbe8c9e1a5bb9d0a7a8ee8294f |
| SHA1 | c53ae3208919e43a4bf3e7bedefeb8a915d177ca |
| SHA256 | fb6af04add2dc7627135325efa7eaa2b4d83c78d4fe0eaf0e0a67d45f7e81387 |
| SHA512 | 3d20bf8ee7d3300689f422820ea9dc6c3db89cf633691f8781c229bd8aa034cf9cc3afc4c6dfa40d382c785667116f84b35ae7e22dffc24fb0d9e00b655e4def |
C:\Program Files (x86)\Microsoft\EdgeCore\114.0.1823.43\Installer\setup.exe
| MD5 | f50898b32e6015acc79c2d51e0d71c2d |
| SHA1 | f2ba0aded11419cfeb194cf3d4563ff824748b15 |
| SHA256 | d78c5bc9972b06ce256c5ecf9f63be48baae41d5b65250733b56dc4ddedf7cb1 |
| SHA512 | dc28bd07283e265e94e67b016b543b02c677ab54faa80c279013f262d398c58c6c54c403b44879ea6dee750287b1b9652c7586b8c421efed0097292f3be6d056 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old
| MD5 | 0128d1dcb4d7ddfb65a6cb1197fa9375 |
| SHA1 | afe62b9971aa5962a68e17ea07c81878f9d58cbb |
| SHA256 | 4a6b38138904e107198d69a3bdba108487675804c069b7b34f85e670ce6c691a |
| SHA512 | 0267684939c3d9bc8fd60a440bf39dc94162bbbf2f0db298ccf4a7396a251b6550ab2d4afd4f3215f3a158d050eb850a65c089896268aa2acb20c4b151356ba5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe65cca2.TMP
| MD5 | a44cb43a7719cc3eb33f7509124c81bd |
| SHA1 | 8a0980929e3bcc2cede9d4de140807690554f851 |
| SHA256 | bca5587ec797c5deb47f8c4ed8d6e8c49be66f3f0c1be95e5ba95bd985d429d9 |
| SHA512 | 13cf350c1617107338fa8c7cb4eed2cb3b07b8d1d6e518ca646d7c001542d9c5ad68b79ba0de7db18e61415df76b0c0940a72db2e5bd6ff4ecf4043582f3b340 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0de931dd285b2f75b7e5cafef3befd55 |
| SHA1 | e109d44f7d384ba5851224e01aba495d7e8c8e34 |
| SHA256 | 823b1d50a262c587e463fee222daf2e32ddd8be75c157f496ce9024d07c5fd11 |
| SHA512 | 0e0798b119ed9e8fd319dbac45a8a7c2f7d44475fe5de74e8a1713eedc3cc37490098cb84d94d34f59fa2e2290f4c7d44ddec49487703377467cee5efdaaec25 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | f89c8450c6df8aa7f356b71b5e455004 |
| SHA1 | d92efa979f4539e8a7020a16023f1bdf5d3f6fd3 |
| SHA256 | 534282908e5a4e66dd43ad7978f57d201ad1001304ab7bd5480975d38bba0097 |
| SHA512 | f11d34ec1a76adb7ad4cbcb20e4cee1d3f658362bafe04c497964f6ded05c701db5f0509951726405ee492451e7c8922ff2a80afa66171f3553c1583d89c0f01 |
C:\Users\Admin\Videos\Captures\desktop.ini
| MD5 | b0d27eaec71f1cd73b015f5ceeb15f9d |
| SHA1 | 62264f8b5c2f5034a1e4143df6e8c787165fbc2f |
| SHA256 | 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2 |
| SHA512 | 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c |