Analysis Overview
Threat Level: Known bad
The file http://google.com was found to be: Known bad.
Malicious Activity Summary
Cobalt Strike reflective loader
Cobaltstrike
Stops running service(s)
Drops file in Drivers directory
Modifies Windows Firewall
Manipulates Digital Signatures
Possible privilege escalation attempt
Creates new service(s)
Downloads MZ/PE file
Checks computer location settings
Modifies file permissions
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Checks BIOS information in registry
Registers COM server for autorun
Checks whether UAC is enabled
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Adds Run key to start application
Modifies powershell logging option
Drops file in System32 directory
Checks system information in the registry
AutoIT Executable
Drops file in Program Files directory
Launches sc.exe
Drops file in Windows directory
Enumerates physical storage devices
NTFS ADS
Uses Task Scheduler COM API
Checks SCSI registry key(s)
Kills process with taskkill
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Modifies system certificate store
Uses Volume Shadow Copy service COM API
Suspicious use of SetWindowsHookEx
Enumerates processes with tasklist
Modifies data under HKEY_USERS
Uses Volume Shadow Copy WMI provider
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: LoadsDriver
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
Checks processor information in registry
Runs net.exe
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-14 08:54
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 08:54
Reported
2024-06-14 09:15
Platform
win10v2004-20240611-en
Max time kernel
1223s
Max time network
1221s
Command Line
Signatures
Cobalt Strike reflective loader
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Cobaltstrike
Creates new service(s)
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\drivers\rsKernelEngine.sys | C:\Users\Admin\AppData\Local\Temp\7zSC88EFD40\UnifiedStub-installer.exe | N/A |
| File created | C:\Windows\system32\drivers\rsElam.sys | C:\Users\Admin\AppData\Local\Temp\7zSC88EFD40\UnifiedStub-installer.exe | N/A |
| File opened for modification | C:\Windows\system32\drivers\rsElam.sys | C:\Users\Admin\AppData\Local\Temp\7zSC88EFD40\UnifiedStub-installer.exe | N/A |
| File created | C:\Windows\system32\drivers\rsCamFilter020502.sys | C:\Users\Admin\AppData\Local\Temp\7zSC88EFD40\UnifiedStub-installer.exe | N/A |
Manipulates Digital Signatures
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPVerifyIndirectData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCleanup" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "HTTPSCertificateTrust" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.1.1\FuncName = "EncodeAttrSequence" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$Function = "CertTrustFinalPolicy" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.4.4\FuncName = "WVTAsn1SealingTimestampAttributeEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2008\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.4\Dll = "cryptdlg.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.27\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2008\FuncName = "WVTAsn1SpcLinkDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubDumpStructure" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2130\FuncName = "WVTAsn1SpcSigInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.3\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.4.3\FuncName = "WVTAsn1SealingSignatureAttributeEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2223\FuncName = "WVTAsn1CatMemberInfo2Decode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2001\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubInitialize" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubInitialize" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2007\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPVerifyIndirectData" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$DLL = "Cryptdlg.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllFormatObject\2.5.29.32\Dll = "cryptdlg.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubAuthenticode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubLoadMessage" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.26\FuncName = "WVTAsn1SpcMinimalCriteriaInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.2\FuncName = "WVTAsn1CatMemberInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.4\Dll = "cryptdlg.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2009\FuncName = "WVTAsn1SpcLinkDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.27\FuncName = "WVTAsn1SpcFinancialCriteriaInfoEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.11\FuncName = "WVTAsn1SpcStatementTypeDecode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "HTTPSFinalProv" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15\Dll = "WINTRUST.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2004\FuncName = "WVTAsn1SpcPeImageDataEncode" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllFormatObject\1.3.6.1.5.5.7.3.4\FuncName = "FormatPKIXEmailProtection" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Stops running service(s)
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\Bootstrapper.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7zS07D8F3CB\BlueStacksInstaller.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7zS408408B5\UnifiedStub-installer.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.210.1001_native_41a08b21e1f7942cef12f5af6066d4f0_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.210.1001_native_41a08b21e1f7942cef12f5af6066d4f0_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ThreadingModel = "Both" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ThreadingModel = "Free" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32\ = "\"C:\\Program Files\\ldplayer9box\\Ld9BoxSVC.exe\"" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxProxyStub.dll" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ThreadingModel = "Free" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden" | C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" | C:\Windows\system32\rundll32.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Windows\SysWOW64\takeown.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\SysWOW64\takeown.exe | N/A |
| File opened (read-only) | \??\F: | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened (read-only) | \??\F: | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\SysWOW64\takeown.exe | N/A |
| File opened (read-only) | \??\F: | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Modifies powershell logging option
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A3D5BF1283C2E63D8C8A8C72F0051F5A | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\storage.json | C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07A7CCFBD28A674D95D3BF853C9007C6 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FC68FB72D4FBC7E0F151BC2282D75E47_367FA2447481C3DB640CE44BE2E5A181 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_96B11076AA4494A4A6143129F61AEC8B | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_7AA1872B10F7F2428A1288E96F0B99FA | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\86844F70250DD8EF225D6B4178798C21_44AD5D0C299F1D4EE038B125B5E5863A | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DA3B6E45325D5FFF28CF6BAD6065C907_C33468BC5883F8C26A2F912726D45EFA | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0972B7C417F696E06E186AEB26286F01_30B4D916E12169D9CB0BC7A11DE46EA6 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File created | C:\Windows\system32\storage.json | C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94D97B1EC1F43DD6ED4FE7AB95E144BC_1FBF5CC64736DEDD3EE6301DFD848080 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_7AA1872B10F7F2428A1288E96F0B99FA | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D84E548583BE1EE7DB5A935821009D26_5B98B6CD6E69202676965CF5B0E2A7A7 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_38924EDF39D8802D6946FB22E5DD0835 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_466BAFE78D4077069B6C3828315C7C8D | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\86844F70250DD8EF225D6B4178798C21_44AD5D0C299F1D4EE038B125B5E5863A | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_C4502B2ED7ABD16FF1FA41F55DB2B363 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D84E548583BE1EE7DB5A935821009D26_5B98B6CD6E69202676965CF5B0E2A7A7 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_96B11076AA4494A4A6143129F61AEC8B | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_0FD7C8CB35A5508C225BD37696B3744C | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A3D5BF1283C2E63D8C8A8C72F0051F5A | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0972B7C417F696E06E186AEB26286F01_30B4D916E12169D9CB0BC7A11DE46EA6 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77003E887FC21E505B9E28CBA30E18ED_8ACE642DC0A43382FABA7AE806561A50 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_C4502B2ED7ABD16FF1FA41F55DB2B363 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\117308CCCD9C93758827D7CC85BB135E | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0E447C3E79584EC91182C66BBD2DB7 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_38924EDF39D8802D6946FB22E5DD0835 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_686A447EF0220EBC1D36EF897F31F606 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_0FD7C8CB35A5508C225BD37696B3744C | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0E447C3E79584EC91182C66BBD2DB7 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77003E887FC21E505B9E28CBA30E18ED_8ACE642DC0A43382FABA7AE806561A50 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FC68FB72D4FBC7E0F151BC2282D75E47_367FA2447481C3DB640CE44BE2E5A181 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DDD60D479047B9472722C3115985BD00 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94D97B1EC1F43DD6ED4FE7AB95E144BC_1FBF5CC64736DEDD3EE6301DFD848080 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_686A447EF0220EBC1D36EF897F31F606 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07A7CCFBD28A674D95D3BF853C9007C6 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DA3B6E45325D5FFF28CF6BAD6065C907_C33468BC5883F8C26A2F912726D45EFA | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_466BAFE78D4077069B6C3828315C7C8D | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DDD60D479047B9472722C3115985BD00 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\image\Gallery\close_pressed.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\image\restore_normal.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\translations\qt_ca.qm | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\System.Net.Http.dll | C:\Users\Admin\AppData\Local\Temp\7zSC88EFD40\UnifiedStub-installer.exe | N/A |
| File opened for modification | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\chrome_100_percent.pak | C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\image\CloudGame\TitlebarBack.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\plugins\audio_filter\libsamplerate_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\plugins\video_output\libwgl_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\plugins\video_splitter\libpanoramix_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File created | C:\Program Files\BlueStacks_nxt\HD-ComRegistrar.exe.config | C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\7zr.exe | N/A |
| File opened for modification | C:\Program Files\BlueStacks_nxt\Qt5WebEngine.dll | C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\7zr.exe | N/A |
| File created | C:\Program Files\BlueStacks_nxt\QtGraphicalEffects\BrightnessContrast.qml | C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\7zr.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\rsTime.dll | C:\Users\Admin\AppData\Local\Temp\7zSC88EFD40\UnifiedStub-installer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\image\Search\DefaultApp.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\translations\qt_tr.qm | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\plugins\video_chroma\libi420_rgb_mmx_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\rsEngine.config | C:\Users\Admin\AppData\Local\Temp\7zSC88EFD40\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\image\MyGames\mgr_pressed.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\image\MyGames\NavigatorForward_Disable.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\CloudGame_hover.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\language\vi.qm | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\api-ms-win-crt-time-l1-1-0.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\plugins\codec\libspudec_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File opened for modification | C:\Program Files\BlueStacks_nxt\QtGraphicalEffects | C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\7zr.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\NAudio.dll | C:\Users\Admin\AppData\Local\Temp\7zSC88EFD40\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\dasync.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File opened for modification | C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\fi.pak | C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\image\close_pressed.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File created | C:\Program Files\BlueStacks_nxt\ProductLogo.ico | C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\7zr.exe | N/A |
| File created | C:\Program Files\BlueStacks_nxt\QtQuick\Controls\Private\SystemPaletteSingleton.qml | C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\7zr.exe | N/A |
| File created | C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\id.pak | C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\7zr.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\System.ComponentModel.TypeConverter.dll | C:\Users\Admin\AppData\Local\Temp\7zSC88EFD40\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\TraceReloggerLib.dll | C:\Users\Admin\AppData\Local\Temp\7zSC88EFD40\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-crt-heap-l1-1-0.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\cef\locales\en-US.pak | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\cef\locales\pt-PT.pak | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File created | C:\Program Files\BlueStacks_nxt\QtGraphicalEffects\private\GaussianMaskedBlur.qml | C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\7zr.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\Microsoft.Win32.Primitives.dll | C:\Users\Admin\AppData\Local\Temp\7zSC88EFD40\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\Qt5Gui.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File opened for modification | C:\Program Files\BlueStacks_nxt\Qt5Quick.dll | C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\7zr.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\cef\locales\pt-PT.pak | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\AndroidGame.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File created | C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys | C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\7zr.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\amd64\msdia140.dll | C:\Users\Admin\AppData\Local\Temp\7zSC88EFD40\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\amd64\vcruntime140.dll | C:\Users\Admin\AppData\Local\Temp\7zSC88EFD40\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\rsEngine.Performance.dll | C:\Users\Admin\AppData\Local\Temp\7zSC88EFD40\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\family\malgun.ttf | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\image\MyGames\addApk.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\language\ru.qm | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\www\css\index.css | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File created | C:\Program Files\BlueStacks_nxt\Qt5RemoteObjects.dll | C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\7zr.exe | N/A |
| File opened for modification | C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\vi.pak | C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\7zr.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\ui\app.asar.unpacked\electron\node_modules\@reasonsoftware\windows-notification-state\prebuilds\win32-x64\node.napi.node | C:\Users\Admin\AppData\Local\Temp\7zSC88EFD40\UnifiedStub-installer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\VBoxGuestControlSvc.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File created | C:\Program Files\ldplayer9box\api-ms-win-core-memory-l1-1-0.dll | F:\LDPlayer\LDPlayer9\dnrepairer.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\nl.pak | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\imageformats\qwebp.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\plugins\codec\libvorbis_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File created | C:\Program Files\BlueStacks_nxt\Qt5QuickShapes.dll | C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\7zr.exe | N/A |
| File created | C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\kn.pak | C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\7zr.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\image\settings | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File created | C:\Program Files (x86)\BlueStacks X\image\settings\remove_hover.svg | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BlueStacks X\plugins\stream_filter\libadf_plugin.dll | C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe | N/A |
| File created | C:\Program Files\ReasonLabs\EPP\EDR\System.Globalization.Calendars.dll | C:\Users\Admin\AppData\Local\Temp\7zSC88EFD40\UnifiedStub-installer.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Windows\SysWOW64\dism.exe | N/A |
| File opened for modification | C:\Windows\Logs\DISM\dism.log | C:\Users\Admin\AppData\Local\Temp\662E7075-020C-4183-8BF0-F091D1E2E05C\dismhost.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000\Control | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\LogConf | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000\LogConf | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\Control | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\BlueStacksInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \Registry\Machine\Hardware\Description\System\CentralProcessor | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\runonce.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\BlueStacksInstaller.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\runonce.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
Enumerates processes with tasklist
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" | F:\LDPlayer\LDPlayer9\dnplayer.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\ReasonLabs\EPP\rsWSC.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E78-11E9-B25E-7768F80C0E07}\NumMethods\ = "26" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C196-4D26-B8DB-4C8C389F1F82}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A862-4DC9-8C89-BF4BA74A886A}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-44E0-CA69-E9E0-D4907CECCBE5}\ = "IGuestFsObjInfo" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9641-4397-854A-040439D0114B}\ = "IGuestScreenInfo" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\AppID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ldmnq.ldbk\Shell\Open | F:\LDPlayer\LDPlayer9\LDPlayer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-07da-41ec-ac4a-3dd99db35594} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3534-4239-B2DE-8E1535D94C0B}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E8A-11E9-825C-AB7B2CABCE23} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-08A7-4C8F-910D-47AABD67253A}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-A227-4F23-8278-2F675EEA1BB2}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-486E-472F-481B-969746AF2480}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-FEBE-4049-B476-1292A8E45B09}\NumMethods\ = "29" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-42DA-C94B-8AEC-21968E08355D}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1F04-4191-AA2F-1FAC9646AE4C}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-647D-45AC-8FE9-F49B3183BA37}\NumMethods\ = "13" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-44DE-1653-B717-2EBF0CA9B664}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-92C9-4A77-9D35-E058B39FE0B9}\NumMethods\ = "19" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-00C2-4484-0077-C057003D9C90}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-6E15-4F71-A6A5-94E707FAFBCC} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7006-40D4-B339-472EE3801844}\ = "IGuestKeyboardEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-AA82-4720-BC84-BD097B2B13B8}\ = "IGuestAdditionsStatusChangedEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C71F-4A36-8E5F-A77D01D76090}\NumMethods\ = "18" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B5BB-4316-A900-5EB28D3413DF}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-CF37-453B-9289-3B0F521CAF27}\ = "IStateChangedEvent" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-6679-422A-B629-51B06B0C6D93} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E87-11E9-8AF2-576E84223953}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1640-41F9-BD74-3EF5FD653250}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4BA3-7903-2AA4-43988BA11554} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-93AF-42A7-7F13-79AD6EF1A18D}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4974-A19C-4DC6-CC98C2269626}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-800A-40F8-87A6-170D02249A55}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\Ld9BoxSVC.exe | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-FA1E-4CEE-91C7-6D8496BEA3C1}\NumMethods\ = "14" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9849-4F47-813E-24A75DC85615}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-70A2-487E-895E-D3FC9679F7B3}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4C1B-EDF7-FDF3-C1BE6827DC28}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-416B-4181-8C4A-45EC95177AEF} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42DA-C94B-8AEC-21968E08355D}\TypeLib | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-92C9-4A77-9D35-E058B39FE0B9}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-659C-488B-835C-4ECA7AE71C6C}\ProxyStubClsid32 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CC87-4F6E-A0E9-47BB7F2D4BE5}\NumMethods | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-92C9-4A77-9D35-E058B39FE0B9} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B855-40B8-AB0C-44D3515B4528}\ = "INATNetworkCreationDeletionEvent" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1A29-4A19-92CF-02285773F3B5}\NumMethods\ = "13" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxClient\CLSID | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-92C9-4A77-9D35-E058B39FE0B9}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8084-11E9-B185-DBE296E54799}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-32E7-4F6C-85EE-422304C71B90}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8084-11e9-b185-dbe296e54799} | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxClient.1 | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-D8ED-44CF-85AC-C83A26C95A4D} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6989-4002-80CF-3607F377D40C} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4974-A19C-4DC6-CC98C2269626}\NumMethods\ = "24" | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4289-EF4E-8E6A-E5B07816B631}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C927-11E7-B788-33C248E71FC7}\TypeLib\Version = "1.3" | C:\Program Files\ldplayer9box\Ld9BoxSVC.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8690-11E9-B83D-5719E53CF1DE} | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-92C9-4A77-9D35-E058B39FE0B9}\ProxyStubClsid32 | C:\Windows\SYSTEM32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-CC19-43FA-8EBF-BAECB6B9EC87}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9B2D-4377-BFE6-9702E881516B}\NumMethods\ = "15" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B4A4-44CE-85A8-127AC5EB59DC}\ = "ICPUExecutionCapChangedEvent" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf50f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f1030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 1900000001000000100000009f687581f7ef744ecfc12b9cee6238f1030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e2000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 0f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob = 5c0000000100000004000000000400007e0000000100000008000000000010c51e92d201620000000100000020000000e7685634efacf69ace939a6b255b7b4fabef42935b50a265acb5cb6027e44e7009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030119000000010000001000000091161b894b117ecdc257628db460cc04030000000100000014000000742c3192e607e424eb4549542be1bbc53e6174e21d000000010000001000000027b3517667331ce2c1e74002b5ff2298140000000100000014000000e27f7bd877d5df9e0a3f9eb4cb0e2ea9efdb69770b000000010000004600000056006500720069005300690067006e00200043006c006100730073002000330020005000750062006c006900630020005000720069006d00610072007900200043004100000004000000010000001000000010fc635df6263e0df325be5f79cd67670f0000000100000010000000d7c63be0837dbabf881d4fbf5f986ad853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07a000000010000000e000000300c060a2b0601040182375e010268000000010000000800000000003db65bd9d5012000000001000000400200003082023c308201a5021070bae41d10d92934b638ca7b03ccbabf300d06092a864886f70d0101020500305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479301e170d3936303132393030303030305a170d3238303830313233353935395a305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f7269747930819f300d06092a864886f70d010101050003818d0030818902818100c95c599ef21b8a0114b410df0440dbe357af6a45408f840c0bd133d9d911cfee02581f25f72aa84405aaec031f787f9e93b99a00aa237dd6ac85a26345c77227ccf44cc67571d239ef4f42f075df0a90c68e206f980ff8ac235f702936a4c986e7b19a20cb53a585e73dbe7d9afe244533dc7615ed0fa271644c652e816845a70203010001300d06092a864886f70d010102050003818100bb4c122bcf2c26004f1413dda6fbfc0a11848cf3281c67922f7cb6c5fadff0e895bc1d8f6c2ca851cc73d8a4c053f04ed626c076015781925e21f1d1b1ffe7d02158cd6917e3441c9c194439895cdc9c000f568d0299eda290454ce4bb10a43df032030ef1cef8e8c9518ce6629fe69fc07db7729cc9363a6b9f4ea8ff640d64 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 37703.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs net.exe
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\fltmc.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbab7ab58,0x7ffcbab7ab68,0x7ffcbab7ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4324 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4192 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4620 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4792 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4916 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5060 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4680 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3188 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5268 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3468 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1888 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5400 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4732 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5592 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5556 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x394 0x38c
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5868 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1564 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1004 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=1004 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4980 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5576 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5508 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4996 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5020 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4596 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5988 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2392 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4360 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5704 --field-trial-handle=1896,i,3377917292000622511,13297250497159618874,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcbab7ab58,0x7ffcbab7ab68,0x7ffcbab7ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4428 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4684 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4968 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4432 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4576 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4600 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3236 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3212 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5220 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4976 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3264 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1640 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5600 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5632 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5864 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5876 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:8
C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.210.1001_native_41a08b21e1f7942cef12f5af6066d4f0_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe
"C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.210.1001_native_41a08b21e1f7942cef12f5af6066d4f0_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\7zS07D8F3CB\BlueStacksInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\7zS07D8F3CB\BlueStacksInstaller.exe"
C:\Users\Admin\AppData\Local\Temp\7zS07D8F3CB\HD-CheckCpu.exe
"C:\Users\Admin\AppData\Local\Temp\7zS07D8F3CB\HD-CheckCpu.exe" --cmd checkHypervEnabled
C:\Users\Admin\AppData\Local\Temp\7zS07D8F3CB\HD-CheckCpu.exe
"C:\Users\Admin\AppData\Local\Temp\7zS07D8F3CB\HD-CheckCpu.exe" --cmd checkSSE4
C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe
"C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.210.1023_nxt.exe" -s
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2668 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:2
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\BlueStacks X\green.vbs"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c green.bat
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="BlueStacksWeb"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Cloud Game"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="BlueStacksWeb" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="Cloud Game" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\Cloud Game.exe"
C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.210.1001_native_41a08b21e1f7942cef12f5af6066d4f0_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe
"C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.210.1001_native_41a08b21e1f7942cef12f5af6066d4f0_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe" -versionMachineID=fdc42122-f966-4433-b938-af71bbf92129 -machineID=3dc4b33c-603f-431c-b1f6-5193726a09d9 -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bsx -bsxVersion=10.41.210.1001 -country=US -skipBinaryShortcuts -isWalletFeatureEnabled
C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\Bootstrapper.exe" -versionMachineID=fdc42122-f966-4433-b938-af71bbf92129 -machineID=3dc4b33c-603f-431c-b1f6-5193726a09d9 -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bsx -bsxVersion=10.41.210.1001 -country=US -skipBinaryShortcuts -isWalletFeatureEnabled
C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\BlueStacksInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\BlueStacksInstaller.exe" -versionMachineID="fdc42122-f966-4433-b938-af71bbf92129" -machineID="3dc4b33c-603f-431c-b1f6-5193726a09d9" -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName="Pie64" -imageToLaunch="Pie64" -appToLaunch="bsx" -bsxVersion="10.41.210.1001" -country="US" -skipBinaryShortcuts -isWalletFeatureEnabled -parentpath="C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.210.1001_native_41a08b21e1f7942cef12f5af6066d4f0_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe" -md5=41a08b21e1f7942cef12f5af6066d4f0 -app64=
C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\7zr.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\CommonInstallUtils.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\" -aoa
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5328 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\7zr.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\QtRedistx64.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\" -aoa
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5248 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3388 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6036 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:8
C:\ProgramData\BlueStacksServicesSetup.exe
"C:\ProgramData\BlueStacksServicesSetup.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq BlueStacksServices.exe" | find "BlueStacksServices.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq BlueStacksServices.exe"
C:\Windows\SysWOW64\find.exe
find "BlueStacksServices.exe"
C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\HD-ForceGPU.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\HD-ForceGPU.exe" 1 "C:\Program Files\BlueStacks_nxt"
C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\HD-GLCheck.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\HD-GLCheck.exe" 1 2
C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\HD-GLCheck.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\HD-GLCheck.exe" 4 2
C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\HD-GLCheck.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\HD-GLCheck.exe" 2 2
C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\HD-GLCheck.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\HD-GLCheck.exe" 1 1
C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\HD-GLCheck.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\HD-GLCheck.exe" 4 1
C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\HD-GLCheck.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\HD-GLCheck.exe" 2 1
C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\HD-CheckCpu.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\HD-CheckCpu.exe" --cmd checkSSE4
C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\7zr.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\PF.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa
C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\HD-GLCheck.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\\HD-GLCheck.exe" 2
C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --hidden --initialLaunch
C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\HD-GLCheck.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\\HD-GLCheck.exe" 3
C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\HD-GLCheck.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\\HD-GLCheck.exe" 1
C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1684,i,6249530682647770742,11230797032288158421,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\cscript.exe
cscript.exe
C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1996 --field-trial-handle=1684,i,6249530682647770742,11230797032288158421,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\system32\cscript.exe
cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices
C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\7zr.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\QtRedistx64.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa
C:\Windows\system32\cscript.exe
cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices
C:\Windows\system32\cscript.exe
cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A
C:\Windows\system32\cscript.exe
cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A
C:\Windows\system32\cscript.exe
cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id=com.bluestacks.services --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2616 --field-trial-handle=1684,i,6249530682647770742,11230797032288158421,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\cscript.exe
cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\cscript.exe
cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKLM\SOFTWARE\BlueStacks_nxt
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\7zr.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\PD.zip" -o"C:\ProgramData\BlueStacks_nxt" -aoa
C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\7zr.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\7zr.exe" x "C:\ProgramData\Pie64_5.21.210.1023.exe" -o"C:\ProgramData\BlueStacks_nxt\Engine\Pie64" -aoa
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\SYSTEM32\netsh.exe
"netsh.exe" advfirewall firewall delete rule name="BlueStacks Service"
C:\Windows\SYSTEM32\netsh.exe
"netsh.exe" advfirewall firewall add rule name="BlueStacks Service" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\HD-Player.exe" enable=yes
C:\Windows\SYSTEM32\netsh.exe
"netsh.exe" advfirewall firewall delete rule name="BlueStacksAppplayerWeb"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\SYSTEM32\netsh.exe
"netsh.exe" advfirewall firewall add rule name="BlueStacksAppplayerWeb" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe" enable=yes
C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\HD-CheckCpu.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\HD-CheckCpu.exe" --cmd checkSSE3
C:\Windows\SYSTEM32\cmd.exe
"cmd.exe" /c "sc.exe delete BlueStacksDrv_nxt"
C:\Windows\system32\sc.exe
sc.exe delete BlueStacksDrv_nxt
C:\Windows\SYSTEM32\reg.exe
"reg.exe" EXPORT HKLM\Software\BlueStacks_nxt "C:\Users\Admin\AppData\Local\Temp\olkqw5ar.yxf\RegHKLM.txt"
C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\7zr.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\7zr.exe" a "C:\Users\Admin\AppData\Local\Temp\Installer.zip" -m0=LZMA:a=1 "C:\Users\Admin\AppData\Local\Temp\olkqw5ar.yxf\*"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cloud.bluestacks.com/bs3/help_articles?article=valid_cert_update&oem=nxt&locale=en-US&guid=3dc4b33c-603f-431c-b1f6-5193726a09d9&image_name=Pie64
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc9c7c46f8,0x7ffc9c7c4708,0x7ffc9c7c4718
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5532 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x394 0x38c
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6100 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8592 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7952 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7424 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=9244 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9820 /prefetch:1
C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3516 --field-trial-handle=1684,i,6249530682647770742,11230797032288158421,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10416 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7016 /prefetch:8
C:\Users\Admin\Downloads\LDPlayer9_ens_com.supercell.brawlstars_25567197_ld.exe
"C:\Users\Admin\Downloads\LDPlayer9_ens_com.supercell.brawlstars_25567197_ld.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=10064 /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7720 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8880 /prefetch:1
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnplayer.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayer.exe /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM dnmultiplayerex.exe /T
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /F /IM bugreport.exe /T
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe" -ip:"dui=493e16413f5666d55b0af803212e974c661a06a3&dit=20240614090385286&is_silent=true&oc=DOT_RAV_Cross_Solo_LDP&p=bf64&a=103&b=&se=true" -i
F:\LDPlayer\LDPlayer9\LDPlayer.exe
"F:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=25567197 -language=en -path="F:\LDPlayer\LDPlayer9\"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Users\Admin\AppData\Local\Temp\2q2s0jj5.exe
"C:\Users\Admin\AppData\Local\Temp\2q2s0jj5.exe" /silent
C:\Users\Admin\AppData\Local\Temp\7zSC88EFD40\UnifiedStub-installer.exe
.\UnifiedStub-installer.exe /silent
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10324 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10164 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
F:\LDPlayer\LDPlayer9\dnrepairer.exe
"F:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=1311330
C:\Windows\SysWOW64\net.exe
"net" start cryptsvc
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start cryptsvc
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Softpub.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Wintrust.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32" Initpki.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" dssenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" rsaenh.dll /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" cryptdlg.dll /s
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "F:\LDPlayer\LDPlayer9\vms" /r /d y
C:\Windows\SysWOW64\icacls.exe
"icacls" "F:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
C:\Windows\SysWOW64\takeown.exe
"takeown" /f "F:\LDPlayer\LDPlayer9\\system.vmdk"
C:\Windows\SysWOW64\icacls.exe
"icacls" "F:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
C:\Windows\SysWOW64\dism.exe
C:\Windows\system32\dism.exe /Online /English /Get-Features
C:\Users\Admin\AppData\Local\Temp\662E7075-020C-4183-8BF0-F091D1E2E05C\dismhost.exe
C:\Users\Admin\AppData\Local\Temp\662E7075-020C-4183-8BF0-F091D1E2E05C\dismhost.exe {E89C37A6-1AF7-498A-A04D-D09132AF4834}
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10496 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf
C:\Windows\system32\runonce.exe
"C:\Windows\system32\runonce.exe" -r
C:\Windows\System32\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xml
C:\Windows\SYSTEM32\fltmc.exe
"fltmc.exe" load rsKernelEngine
C:\Windows\system32\wevtutil.exe
"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\elam\evntdrv.xml
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i -i
C:\Program Files\ReasonLabs\EPP\rsWSC.exe
"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe" -i -i
C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe"
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe" -i -i
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe"
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe
"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe" -i -i
C:\Windows\SYSTEM32\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe
"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe"
C:\Windows\SysWOW64\regsvr32.exe
"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
C:\Windows\SysWOW64\sc.exe
"C:\Windows\system32\sc" start Ld9BoxSup
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap12440:104:7zEvent20308
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'F:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
\??\c:\program files\reasonlabs\epp\rsHelper.exe
"c:\program files\reasonlabs\epp\rsHelper.exe"
F:\LDPlayer\LDPlayer9\driverconfig.exe
"F:\LDPlayer\LDPlayer9\driverconfig.exe"
C:\Windows\SysWOW64\takeown.exe
"takeown" /f F:\LDPlayer\ldmutiplayer\ /r /d y
\??\c:\program files\reasonlabs\EPP\ui\EPP.exe
"c:\program files\reasonlabs\EPP\ui\EPP.exe" --minimized --first-run
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" "c:\program files\reasonlabs\EPP\ui\app.asar" --engine-path="c:\program files\reasonlabs\EPP" --minimized --first-run
C:\Windows\SysWOW64\icacls.exe
"icacls" F:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2252 --field-trial-handle=2244,i,3451713906941884790,13934806522206539906,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2508 --field-trial-handle=2244,i,3451713906941884790,13934806522206539906,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2728 --field-trial-handle=2244,i,3451713906941884790,13934806522206539906,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3800 --field-trial-handle=2244,i,3451713906941884790,13934806522206539906,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4bUcwDd53d
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ffc9c7c46f8,0x7ffc9c7c4708,0x7ffc9c7c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=10000 /prefetch:8
F:\LDPlayer\LDPlayer9\dnplayer.exe
"F:\LDPlayer\LDPlayer9\\dnplayer.exe" downloadpackage=com.supercell.brawlstars|package=com.supercell.brawlstars
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10500 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
C:\Windows\SysWOW64\sc.exe
sc query HvHost
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq BlueStacks X.exe"
C:\Windows\SysWOW64\sc.exe
sc query vmms
C:\Windows\SysWOW64\sc.exe
sc query vmcompute
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-54d7-bbbb00000000
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-54d7-000000000000
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Program Files\ldplayer9box\vbox-img.exe
"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-54d7-000000000000
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe
"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6508 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1260 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1080 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5648 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4944 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5436 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4536 --field-trial-handle=1852,i,16651950169082797480,6571294697028447043,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=10600 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4772 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8040 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6560 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6532 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\program files\reasonlabs\epp\rsLitmus.A.exe
"C:\program files\reasonlabs\epp\rsLitmus.A.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\You-Are-An-Idiot-main\You-Are-An-Idiot-main\README.md
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1676 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10632 /prefetch:1
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4256 --field-trial-handle=2244,i,3451713906941884790,13934806522206539906,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\You-Are-An-Idiot-main\You-Are-An-Idiot-main\README.md
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4312 --field-trial-handle=2244,i,3451713906941884790,13934806522206539906,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11008 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11140 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9928 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4312 --field-trial-handle=2244,i,3451713906941884790,13934806522206539906,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4628 --field-trial-handle=2244,i,3451713906941884790,13934806522206539906,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4780 --field-trial-handle=2244,i,3451713906941884790,13934806522206539906,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4940 --field-trial-handle=2244,i,3451713906941884790,13934806522206539906,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4892 --field-trial-handle=2244,i,3451713906941884790,13934806522206539906,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4912 --field-trial-handle=2244,i,3451713906941884790,13934806522206539906,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5236 --field-trial-handle=2244,i,3451713906941884790,13934806522206539906,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5164 --field-trial-handle=2244,i,3451713906941884790,13934806522206539906,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5484 --field-trial-handle=2244,i,3451713906941884790,13934806522206539906,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1956 --field-trial-handle=2244,i,3451713906941884790,13934806522206539906,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=5356 --field-trial-handle=2244,i,3451713906941884790,13934806522206539906,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2272 --field-trial-handle=2244,i,3451713906941884790,13934806522206539906,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe
"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe"
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11252 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NetWire.exe
"C:\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NetWire.exe"
C:\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NetWire.exe
"C:\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\NetWire.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4484 --field-trial-handle=2244,i,3451713906941884790,13934806522206539906,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Program Files\ReasonLabs\EPP\Uninstall.exe
"C:\Program Files\ReasonLabs\EPP\Uninstall.exe" /uninstall
C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe
"C:\Program Files\ReasonLabs\Common\Stub\v6.0.1\Stub.exe" /products=epp /uninstall
C:\Users\Admin\AppData\Local\Temp\7zS408408B5\UnifiedStub-installer.exe
.\UnifiedStub-installer.exe /products=epp /uninstall
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Users\Admin\AppData\Local\Temp\Stub.exe
"C:\Users\Admin\AppData\Local\Temp\Stub.exe" /products=epp /uninstall
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\UnifiedStub-installer.exe
.\UnifiedStub-installer.exe /products=epp /uninstall
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10308 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Hydra.exe
"C:\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Hydra.exe"
C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe
"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5668 --field-trial-handle=2244,i,3451713906941884790,13934806522206539906,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10984 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3787674703008879321,13804898793216256215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Melting.exe
"C:\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Melting.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
C:\Windows\system32\tasklist.exe
tasklist /FI "IMAGENAME eq HD-Player.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:80 | google.com | tcp |
| GB | 142.250.178.14:80 | google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.22.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.22.107.13.in-addr.arpa | udp |
| NL | 23.62.61.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | support.google.com | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| NL | 142.250.102.94:443 | beacons2.gvt2.com | tcp |
| NL | 142.250.102.94:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 94.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pornhub.com | udp |
| US | 66.254.114.41:443 | pornhub.com | tcp |
| US | 66.254.114.41:443 | pornhub.com | tcp |
| US | 8.8.8.8:53 | www.pornhub.com | udp |
| US | 8.8.8.8:53 | static.trafficjunky.com | udp |
| US | 8.8.8.8:53 | ei.phncdn.com | udp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.17:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.20:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.20:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.20:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.20:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.20:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.20:443 | ei.phncdn.com | tcp |
| US | 8.8.8.8:53 | media.trafficjunky.net | udp |
| US | 8.8.8.8:53 | prvc.io | udp |
| US | 8.8.8.8:53 | cdn1-smallimg.phncdn.com | udp |
| GB | 64.210.156.18:443 | media.trafficjunky.net | tcp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| US | 8.8.8.8:53 | 41.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.156.210.64.in-addr.arpa | udp |
| US | 104.21.56.52:443 | prvc.io | tcp |
| GB | 64.210.156.20:443 | media.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | ss.phncdn.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | eg-cdn.trafficjunky.net | udp |
| US | 66.254.114.171:443 | a.adtng.com | tcp |
| PL | 93.184.223.43:443 | eg-cdn.trafficjunky.net | tcp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | hw-cdn2.adtng.com | udp |
| GB | 64.210.156.3:443 | hw-cdn2.adtng.com | tcp |
| GB | 64.210.156.3:443 | hw-cdn2.adtng.com | tcp |
| US | 8.8.8.8:53 | 18.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.56.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.223.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| GB | 172.217.169.91:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | 91.169.217.172.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 168.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.180.14:443 | encrypted-tbn2.gstatic.com | tcp |
| GB | 142.250.180.14:443 | encrypted-tbn2.gstatic.com | tcp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | f.nordiskemedier.dk | udp |
| CH | 13.224.103.49:443 | f.nordiskemedier.dk | tcp |
| GB | 142.250.180.14:443 | encrypted-tbn2.gstatic.com | udp |
| US | 8.8.8.8:53 | 49.103.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 104.21.56.52:443 | prvc.io | udp |
| GB | 64.210.156.20:443 | ss.phncdn.com | tcp |
| US | 8.8.8.8:53 | ht-cdn.trafficjunky.net | udp |
| US | 66.254.114.171:443 | a.adtng.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| GB | 64.210.156.22:443 | ht-cdn.trafficjunky.net | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | ht-cdn2.adtng.com | udp |
| GB | 64.210.156.21:443 | ht-cdn2.adtng.com | tcp |
| GB | 64.210.156.21:443 | ht-cdn2.adtng.com | tcp |
| US | 8.8.8.8:53 | 22.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.156.210.64.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn3.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn3.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn3.gstatic.com | tcp |
| US | 8.8.8.8:53 | www.bluestacks.com | udp |
| CH | 18.165.183.56:443 | www.bluestacks.com | tcp |
| CH | 18.165.183.56:443 | www.bluestacks.com | tcp |
| US | 8.8.8.8:53 | webapi-cloud.bluestacks.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 34.120.235.88:443 | webapi-cloud.bluestacks.com | tcp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | cdn-www.bluestacks.com | udp |
| US | 8.8.8.8:53 | cdn.now.gg | udp |
| SE | 184.31.15.59:443 | cdn-www.bluestacks.com | tcp |
| SE | 184.31.15.59:443 | cdn-www.bluestacks.com | tcp |
| SE | 184.31.15.59:443 | cdn-www.bluestacks.com | tcp |
| SE | 184.31.15.59:443 | cdn-www.bluestacks.com | tcp |
| SE | 184.31.15.66:443 | cdn.now.gg | tcp |
| SE | 184.31.15.66:443 | cdn.now.gg | tcp |
| SE | 184.31.15.66:443 | cdn.now.gg | tcp |
| SE | 184.31.15.66:443 | cdn.now.gg | tcp |
| SE | 184.31.15.66:443 | cdn.now.gg | tcp |
| SE | 184.31.15.66:443 | cdn.now.gg | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | cdn-icon.bluestacks.com | udp |
| SE | 184.31.15.59:443 | cdn-www.bluestacks.com | tcp |
| SE | 23.201.43.99:443 | cdn-icon.bluestacks.com | tcp |
| SE | 23.201.43.99:443 | cdn-icon.bluestacks.com | tcp |
| SE | 23.201.43.99:443 | cdn-icon.bluestacks.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| SE | 184.31.15.66:443 | cdn.now.gg | udp |
| SE | 184.31.15.59:443 | cdn-www.bluestacks.com | udp |
| US | 8.8.8.8:53 | cmp.inmobi.com | udp |
| CH | 13.224.103.110:443 | cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | 56.183.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.235.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.43.201.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | tcp |
| CH | 13.224.103.110:443 | cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | cloud.bluestacks.com | udp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 8.8.8.8:53 | 110.103.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.cmp.inmobi.com | udp |
| DE | 18.157.128.118:443 | api.cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | 118.128.157.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.86.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| BE | 108.177.15.156:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 34.120.235.88:443 | webapi-cloud.bluestacks.com | tcp |
| BE | 108.177.15.156:443 | stats.g.doubleclick.net | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 34.120.235.88:443 | webapi-cloud.bluestacks.com | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.15.177.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ak-build.bluestacks.com | udp |
| SE | 184.31.15.123:443 | ak-build.bluestacks.com | tcp |
| US | 8.8.8.8:53 | 123.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cloud.bluestacks.com | udp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 8.8.8.8:53 | ak-build.bluestacks.com | udp |
| SE | 184.31.15.123:443 | ak-build.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| N/A | 127.0.0.1:55413 | tcp | |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| N/A | 127.0.0.1:55420 | tcp | |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| N/A | 127.0.0.1:51519 | tcp | |
| US | 8.8.8.8:53 | wallet.now.gg | udp |
| US | 34.96.124.47:443 | wallet.now.gg | tcp |
| US | 8.8.8.8:53 | 47.124.96.34.in-addr.arpa | udp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | wallet.now.gg | udp |
| US | 8.8.8.8:53 | wallet.now.gg | udp |
| US | 34.96.124.47:443 | wallet.now.gg | tcp |
| US | 8.8.8.8:53 | fcmregistrations.googleapis.com | udp |
| GB | 216.58.212.202:443 | fcmregistrations.googleapis.com | tcp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| BE | 173.194.76.188:5228 | mtalk.google.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 188.76.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| GB | 142.250.200.59:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | 59.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cloud.bluestacks.com | udp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 8.8.8.8:53 | support.bluestacks.com | udp |
| US | 104.16.53.111:443 | support.bluestacks.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.53.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.zdassets.com | udp |
| US | 8.8.8.8:53 | use.fontawesome.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | 9.24.18.2.in-addr.arpa | udp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.18.70.113:443 | static.zdassets.com | tcp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| US | 8.8.8.8:53 | bluestacks.zendesk.com | udp |
| US | 104.21.27.152:443 | use.fontawesome.com | tcp |
| US | 104.16.53.111:443 | bluestacks.zendesk.com | tcp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | udp |
| US | 34.160.86.181:443 | cloud.bluestacks.com | tcp |
| US | 8.8.8.8:53 | widget.kommunicate.io | udp |
| US | 8.8.8.8:53 | bluestacks-zendesk-com.disqus.com | udp |
| US | 199.232.196.134:443 | bluestacks-zendesk-com.disqus.com | tcp |
| US | 8.8.8.8:53 | 229.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.70.18.104.in-addr.arpa | udp |
| BE | 108.177.15.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 152.27.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ekr.zdassets.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 104.18.70.113:443 | ekr.zdassets.com | tcp |
| US | 8.8.8.8:53 | c.disquscdn.com | udp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 151.101.128.134:443 | disqus.com | tcp |
| CH | 18.165.183.52:443 | c.disquscdn.com | tcp |
| US | 104.16.53.111:443 | bluestacks.zendesk.com | tcp |
| CH | 18.165.183.56:443 | widget.kommunicate.io | tcp |
| US | 8.8.8.8:53 | 134.128.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.196.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.183.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.103.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.kommunicate.io | udp |
| CH | 18.165.183.11:443 | cdn.kommunicate.io | tcp |
| US | 8.8.8.8:53 | 11.183.165.18.in-addr.arpa | udp |
| CH | 18.165.183.56:443 | widget.kommunicate.io | tcp |
| US | 8.8.8.8:53 | api.kommunicate.io | udp |
| US | 3.88.80.70:443 | api.kommunicate.io | tcp |
| US | 8.8.8.8:53 | 70.80.88.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chat.kommunicate.io | udp |
| US | 52.204.19.47:443 | chat.kommunicate.io | tcp |
| US | 8.8.8.8:53 | 47.19.204.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| GB | 23.206.78.251:443 | cxcs.microsoft.net | tcp |
| BE | 88.221.83.227:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 251.78.206.23.in-addr.arpa | udp |
| BE | 88.221.83.192:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 192.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| BE | 88.221.83.210:443 | th.bing.com | tcp |
| BE | 88.221.83.210:443 | th.bing.com | tcp |
| BE | 88.221.83.210:443 | th.bing.com | tcp |
| BE | 88.221.83.210:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 204.79.197.200:443 | bing.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 210.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| SE | 23.201.43.89:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.43.201.23.in-addr.arpa | udp |
| IE | 20.190.159.68:443 | login.microsoftonline.com | tcp |
| SE | 23.201.43.89:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 151.101.1.91:443 | en.softonic.com | tcp |
| US | 151.101.1.91:443 | en.softonic.com | tcp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | sc.sftcdn.net | udp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 151.101.129.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.129.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.129.91:443 | sc.sftcdn.net | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| GB | 2.22.100.250:443 | images.sftcdn.net | tcp |
| GB | 2.22.100.250:443 | images.sftcdn.net | tcp |
| GB | 2.22.100.250:443 | images.sftcdn.net | tcp |
| US | 151.101.129.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.129.91:443 | sc.sftcdn.net | tcp |
| US | 199.232.209.91:443 | softonic.com | tcp |
| US | 199.232.209.91:443 | softonic.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| CH | 18.165.183.89:443 | sdk.privacy-center.org | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| CH | 13.224.95.222:443 | c.amazon-adsystem.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.datadoghq-browser-agent.com | udp |
| CH | 13.224.95.222:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| CH | 13.224.93.118:443 | www.datadoghq-browser-agent.com | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.209.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.183.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.95.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.93.224.13.in-addr.arpa | udp |
| CH | 18.165.183.7:443 | api.privacy-center.org | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| CH | 18.165.183.125:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | notix.io | udp |
| US | 151.101.129.91:443 | sc.sftcdn.net | udp |
| NL | 139.45.197.253:443 | notix.io | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.183.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.183.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wct.softonic.com | udp |
| US | 8.8.8.8:53 | a3f057da5902912a1dc8255ac086ad7b.safeframe.googlesyndication.com | udp |
| US | 104.26.2.63:443 | wct.softonic.com | tcp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | shb.richaudience.com | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| GB | 172.217.169.65:443 | a3f057da5902912a1dc8255ac086ad7b.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| IE | 34.243.42.107:443 | ap.lijit.com | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| IE | 52.17.40.72:443 | id.crwdcntrl.net | tcp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 178.128.135.204:443 | brightcombid.marphezis.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| NL | 185.89.210.180:443 | ib.adnxs.com | tcp |
| IE | 52.51.2.157:443 | ad.360yield.com | tcp |
| DE | 46.4.139.58:443 | shb.richaudience.com | tcp |
| DE | 46.4.139.58:443 | shb.richaudience.com | tcp |
| DE | 46.4.139.58:443 | shb.richaudience.com | tcp |
| CH | 18.165.181.3:443 | aax.amazon-adsystem.com | tcp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | ampcid.google.com | udp |
| BE | 108.177.15.156:443 | stats.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| GB | 216.58.212.206:443 | ampcid.google.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 104.26.2.63:443 | wct.softonic.com | tcp |
| DE | 178.63.248.57:443 | push-sdk.com | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | uidsync.net | udp |
| DE | 157.90.33.122:443 | uidsync.net | tcp |
| DE | 157.90.33.122:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | 63.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.42.243.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.2.51.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.139.4.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.181.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.135.128.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.248.63.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.33.90.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| NL | 185.235.87.234:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.128:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | 128.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 142.250.187.193:443 | cdn.ampproject.org | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 193.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | adclick.g.doubleclick.net | udp |
| GB | 216.58.212.194:443 | adclick.g.doubleclick.net | tcp |
| GB | 216.58.212.194:443 | adclick.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| SE | 23.34.232.193:443 | ads.pubmatic.com | tcp |
| SE | 23.34.232.19:443 | contextual.media.net | tcp |
| US | 8.8.8.8:53 | sync.richaudience.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 151.101.65.108:443 | acdn.adnxs.com | tcp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| DE | 162.55.233.29:443 | sync.richaudience.com | tcp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| DE | 3.120.50.71:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | cacerts.rapidssl.com | udp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| US | 67.202.105.24:443 | ssc-cms.33across.com | tcp |
| SE | 184.31.15.75:443 | player.aniview.com | tcp |
| US | 8.8.8.8:53 | cdn-production-opera-website.operacdn.com | udp |
| GB | 2.22.132.239:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 2.22.132.239:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 2.22.132.239:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 2.22.132.239:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 2.22.132.239:443 | cdn-production-opera-website.operacdn.com | tcp |
| GB | 2.22.132.239:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 194.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.232.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.232.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.233.55.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.50.120.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.132.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.1.250.178.in-addr.arpa | udp |
| GB | 2.22.132.239:443 | cdn-production-opera-website.operacdn.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | brawl-stars.en.softonic.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 131.253.33.237:443 | bat.bing.com | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | 237.33.253.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| US | 8.8.8.8:53 | 6645ad6356ecddaf5681f49b81047613.safeframe.googlesyndication.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| GB | 216.58.204.91:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| GB | 172.217.16.238:443 | syndicatedsearch.goog | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| NL | 185.89.210.180:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 178.128.135.204:443 | brightcombid.marphezis.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| IE | 67.220.228.201:443 | aax-eu.amazon-adsystem.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| NL | 185.235.87.234:443 | ag.gbc.criteo.com | tcp |
| FR | 185.235.86.128:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.228.220.67.in-addr.arpa | udp |
| NL | 139.45.197.253:443 | notix.io | tcp |
| US | 67.202.105.24:443 | ssc-cms.33across.com | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| FR | 178.32.197.52:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| IE | 52.212.171.213:443 | match.prod.bidr.io | tcp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 54.144.178.48:443 | sync.srv.stackadapt.com | tcp |
| CH | 18.165.183.37:443 | api-2-0.spot.im | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | sync.aniview.com | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 3.235.200.90:443 | cs-server-s2s.yellowblue.io | tcp |
| IE | 54.171.168.223:443 | jadserve.postrelease.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 192.132.33.68:443 | bttrack.com | tcp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 8.8.8.8:53 | match.sharethrough.com | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| DE | 51.89.9.253:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | spl.zeotap.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| CH | 13.224.103.32:443 | s.ad.smaato.net | tcp |
| DE | 18.158.126.136:443 | match.sharethrough.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| US | 216.200.232.249:443 | sync.mathtag.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| FR | 149.202.238.105:443 | rtb-csync.smartadserver.com | tcp |
| FR | 149.202.238.105:443 | rtb-csync.smartadserver.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| DE | 35.156.10.230:443 | rtb.mfadsrvr.com | tcp |
| FR | 154.54.250.80:443 | ads.stickyadstv.com | tcp |
| US | 104.22.51.98:443 | spl.zeotap.com | tcp |
| FR | 149.202.238.105:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| GB | 2.22.101.110:443 | secure-assets.rubiconproject.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 8.8.8.8:53 | 52.197.32.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.171.212.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.183.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.178.144.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.168.171.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.186.46.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.200.235.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.33.132.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.126.158.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.238.202.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.250.54.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.51.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.10.156.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.103.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.232.200.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 209.54.182.161:443 | s.amazon-adsystem.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| SE | 23.34.233.229:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | 110.101.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.182.54.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.233.34.23.in-addr.arpa | udp |
| CH | 18.165.181.3:443 | aax.amazon-adsystem.com | tcp |
| US | 199.232.209.91:443 | softonic.com | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| US | 8.8.8.8:53 | 631aaec681f6563cab7cd467a4e1c17b.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | udp |
| US | 3.227.185.131:443 | prod.us-east-1.cxm-bcn.publisher-services.amazon.dev | tcp |
| NL | 139.45.197.253:443 | notix.io | tcp |
| US | 8.8.8.8:53 | 131.185.227.3.in-addr.arpa | udp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| IE | 52.212.171.213:443 | match.prod.bidr.io | tcp |
| US | 54.144.178.48:443 | sync.srv.stackadapt.com | tcp |
| US | 35.244.174.68:443 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | bh.contextweb.com | udp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 8.8.8.8:53 | 131.169.93.208.in-addr.arpa | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | leap.ldplayer.gg | udp |
| US | 163.181.154.232:443 | leap.ldplayer.gg | tcp |
| US | 8.8.8.8:53 | www.ldplayer.net | udp |
| US | 163.181.154.237:443 | www.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 33fd62ba260f2b099af449e3b6a9b962.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 232.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| US | 8.8.8.8:53 | cmp.setupcmp.com | udp |
| US | 8.8.8.8:53 | play-lh.googleusercontent.com | udp |
| US | 104.26.4.6:443 | cmp.setupcmp.com | tcp |
| GB | 142.250.178.22:443 | play-lh.googleusercontent.com | tcp |
| CH | 13.224.103.82:443 | cdn.ldplayer.net | tcp |
| US | 104.26.4.6:443 | cmp.setupcmp.com | tcp |
| CH | 18.165.183.64:443 | js.adscale.de | tcp |
| US | 8.8.8.8:53 | prs.sftcdn.net | udp |
| US | 8.8.8.8:53 | articles-images.sftcdn.net | udp |
| DE | 178.63.248.57:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | ih.adscale.de | udp |
| DE | 18.193.251.59:443 | ih.adscale.de | tcp |
| DE | 157.90.33.122:443 | uidsync.net | tcp |
| GB | 142.250.178.22:443 | play-lh.googleusercontent.com | udp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 157.90.33.122:443 | uidsync.net | tcp |
| US | 8.8.8.8:53 | 6.4.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.251.193.18.in-addr.arpa | udp |
| NL | 139.45.197.253:443 | notix.io | tcp |
| US | 8.8.8.8:53 | cd.connatix.com | udp |
| US | 172.64.146.152:443 | cd.connatix.com | tcp |
| US | 151.101.1.91:443 | articles-images.sftcdn.net | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | cds.connatix.com | udp |
| US | 8.8.8.8:53 | 152.146.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | capi.connatix.com | udp |
| US | 8.8.8.8:53 | ins.connatix.com | udp |
| US | 8.8.8.8:53 | vid.connatix.com | udp |
| US | 8.8.8.8:53 | lit.connatix.com | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | img.connatix.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | apien.ldplayer.net | udp |
| US | 8.8.8.8:53 | invite.ldplayer.net | udp |
| US | 8.8.8.8:53 | usersdk.ldmnq.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| CH | 18.165.183.31:443 | apien.ldplayer.net | tcp |
| SG | 8.219.96.60:443 | invite.ldplayer.net | tcp |
| SG | 8.222.229.130:443 | api.ldshop.gg | tcp |
| SG | 47.236.4.49:443 | usersdk.ldmnq.com | tcp |
| SG | 8.219.96.60:443 | invite.ldplayer.net | tcp |
| SG | 47.236.4.49:443 | usersdk.ldmnq.com | tcp |
| SG | 8.222.229.130:443 | api.ldshop.gg | tcp |
| US | 8.8.8.8:53 | ldcdn.ldmnq.com | udp |
| US | 163.181.154.237:443 | ldcdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 31.183.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.96.219.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.4.236.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.229.222.8.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 67.202.105.24:443 | ssc-cms.33across.com | tcp |
| FR | 178.32.197.52:443 | ssbsync-global.smartadserver.com | tcp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| FR | 149.202.238.105:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | oss.ld-space.com | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| IE | 52.212.171.213:443 | match.prod.bidr.io | tcp |
| FR | 149.202.238.105:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| US | 163.181.154.147:443 | oss.ld-space.com | tcp |
| GB | 142.250.200.2:443 | pubads.g.doubleclick.net | tcp |
| US | 54.144.178.48:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 142.250.188.227:443 | csi.gstatic.com | tcp |
| US | 142.250.188.227:443 | csi.gstatic.com | tcp |
| GB | 142.250.200.2:443 | pubads.g.doubleclick.net | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 142.250.188.227:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | 147.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.188.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p4-edrumsgovihxy-5xly44audm6gxeoo-if-v6exp3-v4.metric.gstatic.com | udp |
| GB | 172.217.16.227:443 | p4-edrumsgovihxy-5xly44audm6gxeoo-if-v6exp3-v4.metric.gstatic.com | tcp |
| GB | 172.217.16.227:443 | p4-edrumsgovihxy-5xly44audm6gxeoo-if-v6exp3-v4.metric.gstatic.com | udp |
| GB | 216.58.204.91:443 | storage.googleapis.com | udp |
| US | 8.8.8.8:53 | connatix-d.openx.net | udp |
| US | 35.244.159.8:443 | connatix-d.openx.net | tcp |
| US | 35.244.159.8:443 | connatix-d.openx.net | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | 8proof.com | udp |
| US | 52.116.53.150:443 | 8proof.com | tcp |
| US | 52.116.53.150:443 | 8proof.com | tcp |
| US | 8.8.8.8:53 | m.media-amazon.com | udp |
| CH | 18.165.191.159:443 | m.media-amazon.com | tcp |
| US | 8.8.8.8:53 | 150.53.116.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ts.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | ox-rtb-europe-west2.openx.net | udp |
| CH | 13.224.103.34:443 | ts.amazon-adsystem.com | tcp |
| US | 34.102.143.98:443 | ox-rtb-europe-west2.openx.net | tcp |
| US | 8.8.8.8:53 | s2.paa-reporting-advertising.amazon | udp |
| US | 8.8.8.8:53 | images-na.ssl-images-amazon.com | udp |
| CH | 18.165.183.5:443 | s2.paa-reporting-advertising.amazon | tcp |
| US | 8.8.8.8:53 | assets.connatix.com | udp |
| US | 8.8.8.8:53 | tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev | udp |
| CH | 13.224.95.91:443 | images-na.ssl-images-amazon.com | tcp |
| CH | 13.224.103.58:443 | tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev | tcp |
| US | 8.8.8.8:53 | 34.103.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.143.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.183.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.95.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.103.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.191.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p4-edrumsgovihxy-5xly44audm6gxeoo-951998-i1-v6exp3.ds.metric.gstatic.com | udp |
| US | 8.8.8.8:53 | p4-edrumsgovihxy-5xly44audm6gxeoo-951998-i2-v6exp3.v4.metric.gstatic.com | udp |
| GB | 142.250.200.18:443 | p4-edrumsgovihxy-5xly44audm6gxeoo-951998-i2-v6exp3.v4.metric.gstatic.com | tcp |
| GB | 142.250.200.50:443 | p4-edrumsgovihxy-5xly44audm6gxeoo-951998-i1-v6exp3.ds.metric.gstatic.com | tcp |
| GB | 142.250.200.50:443 | p4-edrumsgovihxy-5xly44audm6gxeoo-951998-i1-v6exp3.ds.metric.gstatic.com | tcp |
| GB | 142.250.200.18:443 | p4-edrumsgovihxy-5xly44audm6gxeoo-951998-i2-v6exp3.v4.metric.gstatic.com | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 8.8.8.8:53 | 50.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d19mtdoi3rn3ox.cloudfront.net | udp |
| CH | 13.224.98.219:443 | d19mtdoi3rn3ox.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 219.98.224.13.in-addr.arpa | udp |
| CH | 18.165.185.196:443 | d1arl2thrafelv.cloudfront.net | tcp |
| CH | 18.165.185.196:443 | d1arl2thrafelv.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 196.185.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| CH | 18.165.183.101:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| US | 8.8.8.8:53 | 101.183.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.184.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.185.165.18.in-addr.arpa | udp |
| CH | 18.165.189.160:80 | ocsp.r2m02.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 160.189.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | p4-edrumsgovihxy-5xly44audm6gxeoo-951998-s1-v6exp3-v4.metric.gstatic.com | udp |
| GB | 142.250.179.227:443 | p4-edrumsgovihxy-5xly44audm6gxeoo-951998-s1-v6exp3-v4.metric.gstatic.com | tcp |
| GB | 142.250.179.227:443 | p4-edrumsgovihxy-5xly44audm6gxeoo-951998-s1-v6exp3-v4.metric.gstatic.com | tcp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.136.219.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| NL | 185.89.210.153:443 | ib.adnxs.com | tcp |
| IE | 34.248.247.14:443 | ad.360yield.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | brightcombid.marphezis.com | udp |
| IE | 34.248.247.14:443 | ad.360yield.com | tcp |
| FR | 185.255.84.151:443 | hb-api.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | 153.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.247.248.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.84.255.185.in-addr.arpa | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | s.richaudience.com | udp |
| DE | 178.63.241.79:443 | s.richaudience.com | tcp |
| DE | 178.63.241.79:443 | s.richaudience.com | tcp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 178.128.135.204:443 | brightcombid.marphezis.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | rewards.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 204.79.197.237:443 | rewards.bing.com | tcp |
| BE | 88.221.83.218:443 | th.bing.com | tcp |
| US | 204.79.197.237:443 | rewards.bing.com | tcp |
| US | 8.8.8.8:53 | 218.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| SE | 23.201.43.66:443 | aefd.nelreports.net | udp |
| SE | 23.201.43.66:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 66.43.201.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | shield.reasonsecurity.com | udp |
| CH | 13.224.103.35:443 | shield.reasonsecurity.com | tcp |
| CH | 13.224.103.35:443 | shield.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 35.103.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | track.analytics-data.io | udp |
| SG | 8.219.136.97:443 | middledata.ldplayer.net | tcp |
| US | 18.210.46.60:443 | track.analytics-data.io | tcp |
| US | 18.210.46.60:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | update.reasonsecurity.com | udp |
| CH | 18.165.183.53:443 | update.reasonsecurity.com | tcp |
| BE | 88.221.83.218:443 | th.bing.com | tcp |
| US | 18.210.46.60:443 | track.analytics-data.io | tcp |
| US | 18.210.46.60:443 | track.analytics-data.io | tcp |
| CH | 13.224.103.51:443 | electron-shell.reasonsecurity.com | tcp |
| US | 18.210.46.60:443 | track.analytics-data.io | tcp |
| US | 18.210.46.60:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | 60.46.210.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.183.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.103.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 172.64.146.152:443 | assets.connatix.com | tcp |
| US | 8.8.8.8:53 | track.analytics-data.io | udp |
| US | 18.210.46.60:443 | track.analytics-data.io | tcp |
| US | 18.210.46.60:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| BE | 88.221.83.178:443 | www.bing.com | tcp |
| US | 172.64.146.152:443 | assets.connatix.com | tcp |
| US | 18.210.46.60:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | cdn.reasonsecurity.com | udp |
| US | 18.210.46.60:443 | track.analytics-data.io | tcp |
| CH | 13.224.103.50:443 | cdn.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 178.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.103.224.13.in-addr.arpa | udp |
| US | 18.210.46.60:443 | track.analytics-data.io | tcp |
| US | 18.210.46.60:443 | track.analytics-data.io | tcp |
| US | 18.210.46.60:443 | track.analytics-data.io | tcp |
| US | 18.210.46.60:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 49.4.219.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 172.64.146.152:443 | assets.connatix.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| SE | 23.34.233.128:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 128.233.34.23.in-addr.arpa | udp |
| US | 18.210.46.60:443 | track.analytics-data.io | tcp |
| US | 18.210.46.60:443 | track.analytics-data.io | tcp |
| US | 18.210.46.60:443 | track.analytics-data.io | tcp |
| US | 18.210.46.60:443 | track.analytics-data.io | tcp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 8.8.8.8:53 | config.reasonsecurity.com | udp |
| CH | 18.165.183.27:443 | config.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 27.183.165.18.in-addr.arpa | udp |
| SE | 23.34.233.128:80 | www.microsoft.com | tcp |
| US | 172.64.146.152:443 | assets.connatix.com | tcp |
| US | 18.210.46.60:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | logziop.reasonsecurity.com | udp |
| CH | 18.165.183.63:443 | logziop.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 63.183.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.reasonsecurity.com | udp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 68.9.67.172.in-addr.arpa | udp |
| US | 172.64.146.152:443 | assets.connatix.com | tcp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | mc6.reasonsecurity.com | udp |
| US | 52.43.110.0:443 | mc6.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | 0.110.43.52.in-addr.arpa | udp |
| US | 172.64.146.152:443 | assets.connatix.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | track.analytics-data.io | udp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | 113.236.22.52.in-addr.arpa | udp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | capi.connatix.com | udp |
| US | 172.64.146.152:443 | capi.connatix.com | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 162.159.135.234:443 | discord.gg | tcp |
| US | 162.159.135.234:443 | discord.gg | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.137.232:443 | discord.com | tcp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 234.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.137.159.162.in-addr.arpa | udp |
| SE | 192.229.221.95:80 | cacerts.rapidssl.com | tcp |
| US | 8.8.8.8:53 | en.ldplayer.net | udp |
| US | 8.8.8.8:53 | cdn.ldplayer.net | udp |
| CH | 13.224.103.82:443 | cdn.ldplayer.net | tcp |
| CH | 13.224.103.82:443 | cdn.ldplayer.net | tcp |
| US | 163.181.154.232:443 | en.ldplayer.net | tcp |
| CH | 18.165.183.22:443 | ad.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.183.165.18.in-addr.arpa | udp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| CH | 13.224.103.82:443 | cdn.ldplayer.net | tcp |
| CH | 13.224.103.82:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| FR | 52.222.193.204:80 | ocsp.r2m01.amazontrust.com | tcp |
| US | 8.8.8.8:53 | sw.symcd.com | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 152.199.19.74:80 | sw.symcd.com | tcp |
| US | 8.8.8.8:53 | 204.193.222.52.in-addr.arpa | udp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| CH | 13.224.103.82:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | ocsp.thawte.com | udp |
| US | 152.199.19.74:80 | ocsp.thawte.com | tcp |
| US | 8.8.8.8:53 | 233.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crl.thawte.com | udp |
| SE | 192.229.221.95:80 | crl.thawte.com | tcp |
| US | 8.8.8.8:53 | advertise.ldplayer.net | udp |
| GB | 79.133.176.235:443 | advertise.ldplayer.net | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| GB | 79.133.176.235:443 | advertise.ldplayer.net | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | res.ldplayer.net | udp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| CH | 13.224.103.82:443 | cdn.ldplayer.net | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 241.154.181.163.in-addr.arpa | udp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| CH | 18.165.183.81:443 | encdn.ldmnq.com | tcp |
| US | 8.8.8.8:53 | alliance.ldplayer.net | udp |
| US | 8.8.8.8:53 | 81.183.165.18.in-addr.arpa | udp |
| CH | 18.165.183.32:443 | alliance.ldplayer.net | tcp |
| US | 163.181.154.241:443 | res.ldplayer.net | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| CH | 13.224.103.82:443 | cdn.ldplayer.net | tcp |
| US | 8.8.8.8:53 | 32.183.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | apien.ldmnq.com | udp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| CH | 18.165.183.18:80 | apien.ldmnq.com | tcp |
| SG | 8.219.4.49:443 | middledata.ldplayer.net | tcp |
| CH | 18.165.183.18:443 | apien.ldmnq.com | tcp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| US | 172.64.146.152:443 | capi.connatix.com | tcp |
| CH | 18.165.183.18:443 | apien.ldmnq.com | tcp |
| US | 8.8.8.8:53 | 18.183.165.18.in-addr.arpa | udp |
| US | 162.159.137.232:443 | discord.com | tcp |
| US | 35.244.159.8:443 | connatix-d.openx.net | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| GB | 142.250.187.206:443 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | msedgeextensions.f.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| SE | 184.31.15.42:80 | msedgeextensions.f.tlu.dl.delivery.mp.microsoft.com | tcp |
| GB | 172.217.16.225:443 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 239.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.15.31.184.in-addr.arpa | udp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | edr-api.reasonlabsapi.com | udp |
| CH | 18.165.183.75:443 | edr-api.reasonlabsapi.com | tcp |
| US | 18.210.46.60:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | 75.183.165.18.in-addr.arpa | udp |
| US | 172.64.146.152:443 | capi.connatix.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 172.64.146.152:443 | capi.connatix.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| N/A | 127.0.0.1:6463 | tcp | |
| N/A | 127.0.0.1:6464 | tcp | |
| US | 172.64.146.152:443 | capi.connatix.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| N/A | 127.0.0.1:6465 | tcp | |
| N/A | 127.0.0.1:6466 | tcp | |
| N/A | 127.0.0.1:6467 | tcp | |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.64.146.152:443 | capi.connatix.com | tcp |
| US | 8.8.8.8:53 | capi.connatix.com | udp |
| US | 104.18.41.104:443 | capi.connatix.com | tcp |
| US | 8.8.8.8:53 | 104.41.18.104.in-addr.arpa | udp |
| US | 104.18.41.104:443 | capi.connatix.com | tcp |
| US | 35.244.159.8:443 | connatix-d.openx.net | udp |
| US | 104.18.41.104:443 | capi.connatix.com | tcp |
| US | 104.18.41.104:443 | capi.connatix.com | tcp |
| US | 104.18.41.104:443 | capi.connatix.com | tcp |
| BE | 88.221.83.227:443 | www.bing.com | tcp |
| BE | 88.221.83.227:443 | www.bing.com | tcp |
| US | 104.18.41.104:443 | capi.connatix.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| BE | 88.221.83.195:443 | th.bing.com | tcp |
| BE | 88.221.83.219:443 | th.bing.com | tcp |
| BE | 88.221.83.219:443 | th.bing.com | tcp |
| BE | 88.221.83.195:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 195.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| BE | 88.221.83.227:443 | www.bing.com | tcp |
| US | 104.18.41.104:443 | capi.connatix.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 104.18.41.104:443 | capi.connatix.com | tcp |
| US | 35.244.159.8:443 | connatix-d.openx.net | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | ad.360yield.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| CH | 18.165.181.3:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 178.128.135.204:443 | brightcombid.marphezis.com | tcp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| IE | 54.72.137.167:443 | ad.360yield.com | tcp |
| NL | 185.89.210.212:443 | ib.adnxs.com | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| IE | 52.18.49.153:443 | ap.lijit.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.137.72.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.49.18.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| CH | 18.165.181.3:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | shb.richaudience.com | udp |
| IE | 54.72.137.167:443 | ad.360yield.com | tcp |
| US | 178.128.135.204:443 | brightcombid.marphezis.com | tcp |
| NL | 185.89.210.212:443 | ib.adnxs.com | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| IE | 52.18.49.153:443 | ap.lijit.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| DE | 157.90.0.38:443 | shb.richaudience.com | tcp |
| US | 8.8.8.8:53 | 38.0.90.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | capi.connatix.com | udp |
| US | 172.64.146.152:443 | capi.connatix.com | tcp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | pubads.g.doubleclick.net | udp |
| US | 35.244.159.8:443 | connatix-d.openx.net | udp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| CH | 18.165.183.72:443 | tcp | |
| CH | 18.165.183.72:443 | tcp | |
| US | 76.76.21.241:443 | tcp | |
| US | 8.8.8.8:53 | 241.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.183.165.18.in-addr.arpa | udp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | logziop.reasonsecurity.com | udp |
| CH | 18.165.183.63:443 | logziop.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | track.analytics-data.io | udp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| SE | 192.229.221.95:80 | crl.thawte.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | track.analytics-data.io | udp |
| US | 44.193.86.186:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 44.193.86.186:443 | track.analytics-data.io | tcp |
| US | 44.193.86.186:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 44.193.86.186:443 | track.analytics-data.io | tcp |
| US | 44.193.86.186:443 | track.analytics-data.io | tcp |
| US | 44.193.86.186:443 | track.analytics-data.io | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 44.193.86.186:443 | track.analytics-data.io | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 44.193.86.186:443 | track.analytics-data.io | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 52.22.236.113:443 | track.analytics-data.io | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 44.193.86.186:443 | track.analytics-data.io | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 172.67.9.68:443 | api.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | capi.connatix.com | udp |
| US | 104.18.41.104:443 | capi.connatix.com | tcp |
| GB | 142.250.200.2:443 | pubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | connatix-d.openx.net | udp |
| US | 35.244.159.8:443 | connatix-d.openx.net | udp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 8.8.8.8:53 | www.softoniclabs.com | udp |
| US | 141.193.213.21:443 | www.softoniclabs.com | tcp |
| US | 141.193.213.21:443 | www.softoniclabs.com | tcp |
| US | 141.193.213.20:443 | www.softoniclabs.com | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| US | 131.253.33.237:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 131.253.33.237:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | sc.sftcdn.net | udp |
| US | 151.101.65.91:443 | sc.sftcdn.net | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | spn-v1.revampcdn.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 151.101.1.91:443 | spn-v1.revampcdn.com | tcp |
| US | 151.101.1.91:443 | spn-v1.revampcdn.com | tcp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 151.101.1.91:443 | spn-v1.revampcdn.com | tcp |
| GB | 142.250.200.22:443 | i.ytimg.com | tcp |
| US | 151.101.1.91:443 | spn-v1.revampcdn.com | tcp |
| US | 8.8.8.8:53 | amplify.outbrain.com | udp |
| SE | 23.34.233.58:443 | amplify.outbrain.com | tcp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| CH | 18.165.183.4:443 | sdk.privacy-center.org | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | propeller-tracking.com | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| NL | 139.45.197.240:443 | propeller-tracking.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| NL | 139.45.197.240:443 | propeller-tracking.com | tcp |
| US | 8.8.8.8:53 | unphionetor.com | udp |
| US | 8.8.8.8:53 | www.datadoghq-browser-agent.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| NL | 139.45.197.236:443 | unphionetor.com | tcp |
| CH | 13.224.93.118:443 | www.datadoghq-browser-agent.com | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | notix.io | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 139.45.197.253:443 | notix.io | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| CH | 13.224.95.222:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| NL | 139.45.197.253:443 | notix.io | tcp |
| US | 8.8.8.8:53 | tr.outbrain.com | udp |
| US | 50.31.142.159:443 | tr.outbrain.com | tcp |
| NL | 139.45.197.253:443 | notix.io | tcp |
| US | 50.31.142.159:443 | tr.outbrain.com | tcp |
| US | 8.8.8.8:53 | wave.outbrain.com | udp |
| SE | 23.34.233.58:443 | wave.outbrain.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| CH | 18.165.183.44:443 | config.aps.amazon-adsystem.com | tcp |
| CH | 18.165.183.44:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 108.177.15.154:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| IE | 52.211.142.73:443 | id.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | track.analytics-data.io | udp |
| US | 44.193.86.186:443 | track.analytics-data.io | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
Files
\??\pipe\crashpad_1876_DPZXHGDOPXNEPIXL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | fdbf1bf78621937a478cd738c279c679 |
| SHA1 | 20ba2393f761b89addaca61b0ba8c77a12e315b5 |
| SHA256 | 3c9d0091df277f9f21a085455b99a897d4d758507ed9deb0c64a42d267827d8f |
| SHA512 | d047dc6c0621f1bdd1ad01b13f0c5a6f9a09502ea7d62dd75b39e0f24468f2101ca3294d8a4abf753b9ccc6b8ad25ba2ac57bfe41edc97fd43ca36c323b0d9df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3e3ed2af4f130fe540ab3540434cfe23 |
| SHA1 | d974f13edfd520ccac03a05ec8c4fc1f116b194a |
| SHA256 | 07680091b16acf2f06d997da5d907e82485746089ddedf12b4ee7a57752f57dc |
| SHA512 | 0dd67e47e4f94cb573ae3420066b5e2d359b5cc0360043d3f8e6a4991d0ccf6be2323fa6a5309482e77324a9d385ffd2ba9f19f0cb2c0b761f29f08e2e9f3f1f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 51f9305d862018e25d7cfb6cd482a4e6 |
| SHA1 | e14ea9cd0b27e3edd4047a162ed606aa12db2687 |
| SHA256 | 096ab56b88773409fa3e3a2b6b5567809c3a617de7b0ef895c806ee4b0d91b63 |
| SHA512 | f683eb0e4b314f14c9fe93ecc3890ebfd1dd7eab2d433c24e15a43f846b40cff90d68dd5f35d9e497f8c2016abeefc6d4a775fa293665d11548690309c06093b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 661bb1ceb802a09c17ca91dbb027a991 |
| SHA1 | 600d716b9ceccd4eaed7357a7038be189c8cb4a3 |
| SHA256 | 992c52e11269ef55fd04f1f48fa6503244c9ae67555675cd7048a6bf68446252 |
| SHA512 | e7d5557d7c85adfd315a7b64200d6fd60e494d03e68b0be614e47b093206a9c9f3c6b60671bc822b41a0457d6e26703db534d770239d556bc9a894162af7b1cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 623bac90e61d514b024fd4f5e5e1a37f |
| SHA1 | c8f9d8ca4b6486ee9cd35a9ebf730c779353063e |
| SHA256 | d655b82438ba7d0ce0d1d5eb3b7bd6468d72ccac7ef7a8f7d7403c43b49cdf87 |
| SHA512 | 41eec8f4df9268d7e3e0eb37acc428eab4790e4834582afcda0a19d365fdd0b190a829a3175187478dcf3e8205f13963c1d59377f42138be59ba8f400504bddf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 836076933c3c35bf36e6704b83225232 |
| SHA1 | 60f896287fa04c0fee63496c9ca95fa136c5af37 |
| SHA256 | f374af4338dd7b1c6aad7c21e35fb579cc9914b77acff54c51802fc3829a1b19 |
| SHA512 | be7475a4f73b3c2fccecf1889ab94e240d4daa221afb16021a413ff4b3c9fa4c67ff6772f40a180a66b743eb252882d1b51c8e927e014a866ac158146a48e580 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\829cc011-bf0d-403c-866c-ca4e7abaab34.tmp
| MD5 | c723084a6725b87b7d2c2ac67c8c02cf |
| SHA1 | 90507e75949a65b033472fdf1d54e298c784d1e3 |
| SHA256 | e98b106f3a562aa6c411881b8c1f852e5b7119d77737e6b200c3dc2be932531f |
| SHA512 | e428c949754161d4205ef66f7c2d3472f1a641ee9462415322c8e405a11c093f4e9eea09eee4ac24f7beb897de6a1c3971d4e246481194c60633dc03acd2c02e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4e08363ed36c75b343e9332c30564866 |
| SHA1 | 73a18d9dc1b7695f9167398b7ed6739eb0db1c02 |
| SHA256 | 20a0af49ce7f95a5eba79695d183f30cbc82bedae4b73d97c07cd4693636fcef |
| SHA512 | a15aa07ec00064f2104e88767b5f96bbfda154872891aeb9164eb24dc8b13a554074f5f019cb7d61aa44235744bfaa5a7664ae0e26d5f5e07e600c3fe5c4cbaf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c79040819f8bca7a3d809797d2c33a8e |
| SHA1 | 2dd72eccac70424e0e9624d99c51a9cadd8bc872 |
| SHA256 | 78c2c731997c1b075c47ab74af457f97dadf824d8823723a5b5a746e1b98c832 |
| SHA512 | 8046616117862e1567543b5794211969bebc88a7b2d7df70362be0f7fbe077a883284e51b50a6228e05dacd2244684b992cc71d65d69959a2e3a3c4ce206ba95 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | a2b8d22f1ab90e35d7bbaae7f265aaa4 |
| SHA1 | 51aaa4c2bccb9738ecf135aa12b56b2e6aab7cf5 |
| SHA256 | 86f34c040e7e25bd0a9dcfd95284e68d65e9dc16daa57a45531553334b3655d1 |
| SHA512 | 625de70021a1f78cec739cec5003c8f5d6623932a350cb1cb5dfe15d458d455b5a036a08daed1d9903941908e5a7acbf8ebf97af112fd4af16995324069bd878 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57bd06.TMP
| MD5 | 4f404d74f87e83ca9b6bb267c2f28519 |
| SHA1 | fc283403a1d385fc3672f569129e1f7777b24dd0 |
| SHA256 | 444b2f26774e18dbab1ed1bcf9d3e9bd282774b28649f07d9c5b01243a74c7a2 |
| SHA512 | 84b4df6ac360ceafc68021697131e3b5c207e17bcbb2f207c3ed4a0e5a8ff748b7c940812092af5b13b5e6125e7018e46d00e849121b92964fc492ce47a94f84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 049e042484130aab4ae08bac5c0e2280 |
| SHA1 | dcda2a8d28359fc15a47b68189eb4d30dec769f2 |
| SHA256 | ba3114201e932133294ca9809f8e07e884085a9b3529e865e3e85d25b16ebf89 |
| SHA512 | ed4b3e14483599f6edd58519393ba3aa5967ae8817869aa7fca21e8da695584af5254e5fa31ba3a7fd71ca6e3be9574fa6b367da4c58821270121932911fc1ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5e07dffea9ae1d764e60c86e80ff8c3c |
| SHA1 | 421b99a0adf7373e94563528db165bfee752b11e |
| SHA256 | bfc0bd1797cf9ab332f81e99e26d5476984701f59b5497ce92c0b4ec9d8a3f44 |
| SHA512 | 9aa85763e039cf721ee481003830c90318f565ba4d99cdb3c04615e9e211f86fe10a1cf94c9e192af2ad884782738e3a3f12cc4ae5ae9c6b70e211deb8f42647 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b58510321c4b14f5e7b6cabf7bf72c39 |
| SHA1 | 849210dfd51054d189571c39140b150257ad64cc |
| SHA256 | 178b16f1f44a1e2e5c2d5771db00fbf82e74a4945ef7bbd9ae5dcae04ba6307d |
| SHA512 | 1e4cd3e585e5a52a7ba6685b90940be58e2013f5767d07c7e0cdead760c838273b19f8a6041b07c35dab717587d761f57ae48f5729e4c898005965e736a865d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 57a255ed388c2310dd0c04beafb11e45 |
| SHA1 | aea5a808f04e63f53189bb62d2c6f4b2c78d7738 |
| SHA256 | f83a925dd47528624bfe433f7c0de74e0f9ccaa87780808e62ea940927a2c98e |
| SHA512 | 3f48e3a7e8841de33aab135f6f1a3888d0cb2e39bc2738219981c52d559ed1c4adc5507acd1b21997383973a46dd77f5bf1ed86a644f3313d5ea39099a227049 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8e02c208516069afe27f2f5b2682c960 |
| SHA1 | 2a97a9cc25c065021fb7bf1b426a96d38f611b98 |
| SHA256 | ff1b477cc4d4239bbbaf03458798d1f2e36077fb945704f2c000031e4b08c594 |
| SHA512 | bad626273997e94f9079b195ec162f6afcf21701437f437754f5f937cdba22eaf936a72849e8d1e9889f93cff48c86ea2cbce22baae2c0733e2d18269c84ae8a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4f8bdd300e4d28af55eb2913d5e063a4 |
| SHA1 | 446b3f3431544c7a3be933707ef386ac0612199b |
| SHA256 | 6cc9be60cc785ba39331225f5b6215370521e52c7d8fded45a049648b90dc1b4 |
| SHA512 | d3adefbfa9ef3afe8c7aca1d7494e0e66801e6cf688ba0fb15c488042d38add8139123cb2da0a0263574b2c11c75877a5b445e33f022c41ea81b425e0763d071 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8bc7899cda262f77ec066334c443e25a |
| SHA1 | dce3a8cf6fae9fcd32f0f5385de8561a99c388a3 |
| SHA256 | a928e32a23f6acab7d26454d4fdbbdf3ebbadbe72b9bbe3a4e6796871bfea15e |
| SHA512 | dbaa52cbb70a3b2a5927a9dd1c13d9aef4521d94e0143e553ae7643f8b2307cbaad5b52a1e0eb0949f72c9c44c5b5fb42b30efdede2348c7620a876be03ee112 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 5a7e1a5f0eccbeccb9bf701216aa8ab9 |
| SHA1 | 2b2037053b124eef8d719b7dd80ba3086ad56f5e |
| SHA256 | b70245e6558cfe45ed1e49fa97eace3888e5b54ce75df340c49c2c5d7c1e41d7 |
| SHA512 | 15dacb8e4311065999342f0bc532cf2f1df2764ed21e8aadbe001a133c3643ce97731d6c0beed8854b0a2470e579d070180fde97d6559d0cbfbc9de1df9245f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | aba9485c362518c1cdd4682a0cba24eb |
| SHA1 | 0a0a20bc12ddb236132be1864012e65c3b35d4e9 |
| SHA256 | aa929e80d233919de25c3bb3c122b5debc905e864175f58d356d33714ecba682 |
| SHA512 | 3d6550ecffa9524ce68653c1ff28eb87b600f322a9512a42cc52d33f76e483635db2e6b4aad9dcc179225fced669041ef054925fcd49c54d36e41cef14996239 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d3f7411f9e83354894e8f2ce92185f4d |
| SHA1 | 38a14966845666cf0b979d310d91ec2744ceb881 |
| SHA256 | b8f23f63663d5781061956cf8ef31687152d4db74e32085097863f6cddf499a7 |
| SHA512 | e1a6d9c7f78b3e6857c67a1398d3ac56c7460626ae4ae29d8b6fc52cb1237f212c581c174fb985a8b3655ade251846352ae52ceb474c3524a3fa8cea6f8a426e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6bfe78821cee6a9de42b37bd8458e335 |
| SHA1 | 899ee6b357423fabd602f1bba3a0e95d5a239c46 |
| SHA256 | 5694c515c2430722882e5038c81429404b9fbbae7a3afc8d0044a7da296c6863 |
| SHA512 | a0d8d8038bbf8899b462a69d19d5dfa91f4ec7cef3f86fcb2cae048ddc38602e7dc92db571c96b7a99654bd6fa04b027c6b433887fa1751bb1d5bd499ae7ba38 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 869e419bb193d22e01333f79ad72426f |
| SHA1 | b404d3c3928ef82907d370c76a8be94e16418981 |
| SHA256 | fdccf751a3a55b25bbcdf3b9f9c76719f61655f5b0f5b0a50fcda8fb96effea2 |
| SHA512 | 614526bd3d234ab45b79471c0d9e000a280e58378a074268655fb28a705d9dbf4fe38e698a43d1bd68a39432987b298802e557ce239f7bb0fc644cad6d97dcc1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6a44a9c20b5db7b62a947cae17b22a76 |
| SHA1 | 625d2e1b71a96fc8d8ac91bea3e4f5c131f0dcf0 |
| SHA256 | d7291f2d23a1d0ea8af3f683810f048e30b9508ceea051f86b377d060d1b9862 |
| SHA512 | a0123c08b2fd1616a983b6137bb7b3055c0ed3cc07f1480539c8bab8020ac77cb9b28a9457513047875ba5ecc276f8744dcd6fb9bc54b8daf0f2f92e7edca5d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | cd484f1c22949131b8d7aadb2e527f27 |
| SHA1 | cebb2117698843b71781bcbf22f272bcf4e06716 |
| SHA256 | 2872701b7e290870d97870154228fc75d6d3b72a9a48607f9f708c060140d01a |
| SHA512 | e69fb73f9b778ae121535c5b08eaf6c6e1ddd2cb1e42f0c4668c63690e6aac61953752a7b1bf213eb87678a3d197eb4361121e106e225fc6430297191d553024 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1b5f3e1de9f32dfe52b3667df71859e4 |
| SHA1 | 835129029eb7fcb1a739245fe5196b49bc5c8d57 |
| SHA256 | cd38ca3ab18e6c1cb01ec93488c4f866f2847adbeea1a8232e4207a15851d045 |
| SHA512 | 7b9fba6a2a7dd2aac22f483b654962d8dea5ae0b0e8b7f28860698f5817f1e9b358be1df7d64a06f901b2879496d504c59aaf567b54ad5f78b5b29e6bce3f4fb |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | b455b539f4d1c8c0d136a341c4b56e68 |
| SHA1 | e07b392763fb843e74f42585796a77e3dfc806bb |
| SHA256 | 9da105fcd43dc6f5da77f8349e66e5b69c14beee226aebf993c2b733abf8f007 |
| SHA512 | 1cce960d759936ab2b2854a88fc3aca5a3c864de9641bbc614d57eb2a7d9b5318b1d7056fa4654b3f31b05cb3993ca06497553bd183a54d1da24719dcab8bb2f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | e567c1d3dd19eb0549701e003ffbf4c3 |
| SHA1 | 22ba9090ce892552c34e79ae316d6b42f47b6d86 |
| SHA256 | b84904c2b3b798c122a90902add4e4b65c9f4be2109f0c7604335ab514a16341 |
| SHA512 | 9b6f9e03e4268830e98966544346a51f8ca17d2448adace61915cd9a3c1a62d97ad29fbbb43aff3c81b09d7428e90a11e8164f63ea0b0aad41e3b8c856e1934e |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 2095a48908653ca154c174d5b2c9629e |
| SHA1 | c21dc8543139098104164d0155fd51fb97f6ec90 |
| SHA256 | dc0888c737d2298a4d90e0dd0a60d44f8d3741181a41bf64fa821d3ea067afad |
| SHA512 | e69fcf566316e65c6453ab579a059683b2e32aa4049a1c587b8787333946baa1f35aaba97c4630f0cd59a0817c6059a317a87b3c2c97d5110a905a1f337a4bb4 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 61271165ce8d9a1b56adca85b7d4f6c7 |
| SHA1 | 9364e2b72cc6a8717bda2f804b686972238a74a0 |
| SHA256 | 840533a5c2026d1c91a0dc59b1d7ecef9eb2d1c9d800c7b4f31387f290544750 |
| SHA512 | d7de53c2352daa1352fd1d5f0b53c837d8f63a8d0bdf76c0280d0e057a03a977b5c52ac8545c262ed06815d8ff0844b4ccd7fec199ef46debe4b2578f4e1d5d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 151f75bdd39735e3ced3c5cf7a7f1579 |
| SHA1 | dbe6c1fc12dbb065c566f8002d21c1a1b61e1627 |
| SHA256 | ff93eabe2e20ee068b4417dd78a66be8b85cd16af5897f1942c66a72f0b77ede |
| SHA512 | 0974c67c17a6543dd1f3eee37bb6fa85854cf55c3ba9809d741cfc3204217cb6d4cd81bc7d7ce11253eabce2b2ea18b4d832c22feafec2be7727dc3aefc69127 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2ce305b57feb84042f58f78e21db6a20 |
| SHA1 | d87620a2993e1dea887222f3da6da2fdcf4c0e4d |
| SHA256 | 186d6f5842004c5273fa713a2da9ca034c79bd68618038b7d2899792166c3469 |
| SHA512 | b5a688431b1b7ada48119ff3deeda37ed01bc42a3a943c6f40b3dc63e47443e73752453f5ce3975b612d2e5020dba5e8ceccbff16a09e50f4080e5e3835043bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b0b674937520b4b2f1c2cccaf38663a1 |
| SHA1 | c0b8a302e3a65c71d7c2944a9e9069ab27ebf3bb |
| SHA256 | 2ac1e3a7d9ce1c126b57a3e9bf291e2406f4a16ddb86f41f4bbf5fef03fa92ee |
| SHA512 | 3902c7e3bca1160b6d116e9a48e331d43ee232ec41b113d6dbd9dd77c6cd5f36edc8d85839573db885380eff6d137ca83c330cb8d0b92549564d061269a83422 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | fedb71e427129ef704cebc96f5b6d9fd |
| SHA1 | fc7f3ef29fb219b5462723de8a0a27f2d4776ce1 |
| SHA256 | 7d54a66f8d0fea45664879683ce79637ecd123ef690ba921537ce3429e3c2ab0 |
| SHA512 | da0dcfb0b5e14c337bd5dc95145e23fa34f140077fb09fe4202c641962b5a27482977657bee09896df356095abaad5f95b4aa1445d7245c10c0a2aebc3ddec52 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 518e456b7d79263100e9e6e6b52e1547 |
| SHA1 | abc7d209522ea8d00aa58923a4f94685c1d486f1 |
| SHA256 | 94aa6306064efdcc3c6890fe8645a2996122d667529449cfc74d7558099d1caa |
| SHA512 | cfd5991b5e9c7ed97d69ec7275d1a70db3ae5e255a1f75e1c6af746e2c62b57dee5bf2543da6ed3d601f11b870ac549186be937af95be0c2d378b0eb08062282 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
| MD5 | 87c2b09a983584b04a63f3ff44064d64 |
| SHA1 | 8796d5ef1ad1196309ef582cecef3ab95db27043 |
| SHA256 | d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0 |
| SHA512 | df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | f0c27286e196d0cb18681b58dfda5b37 |
| SHA1 | 9539ba7e5e8f9cc453327ca251fe59be35edc20b |
| SHA256 | 7a6878398886e4c70cf3e9cec688dc852a1f1465feb9f461ff1f238b608d0127 |
| SHA512 | 336333d29cd4f885e7758de9094b2defb8c9e1eb917cb55ff8c4627b903efb6a0b31dcda6005939ef2a604d014fe6c2acda7c8c802907e219739cf6dab96475b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
| MD5 | 391369a6b580fd55d9d513d6669b275f |
| SHA1 | 7119a26e99af9c808a15c07a552110cc08949ade |
| SHA256 | 1f7f81a18acb0e68ea61f686038d264c6fc586c4217292f9d1d13e6d29ed1107 |
| SHA512 | 0edb70bdc5265456673bd9fc54b519d87966295d0a09ce87fd364c38a1570d2e01a5a1726aae14b8af54ba82f34298e08b9f7ea3a5900f1b36929cb705df99a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
| MD5 | 494a9aac523545dd48a1deac1e1568e5 |
| SHA1 | 70933ec927803364799435da564abe97a97c828c |
| SHA256 | 96ebbbd91d7b93fe9cb8b20f6756dfca0026ae02b40e1ac3f347e55d61857f9a |
| SHA512 | cf0b9a7fac4c2783bb5a3b335180c8a5045ea450c6ab1fe3bcc491624c26b2e765497672d3ca5ad2cc5974b2186ae2f7158e7280652ab34a9ee9a20a601386f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043
| MD5 | ddb5aae56512bde702903090de4ca66e |
| SHA1 | d1c4303a481831bea856b6ee97d2cc94bbfc2f1a |
| SHA256 | c1d8145d1a8f8701b11a8a1b05bcf71c4f6619694d6213d9da3d4b5a00993eb3 |
| SHA512 | e921288755bd3dba908e0be9aa2b470301e737aa1a91b6d6ec9413592a8b95687c7f485358189d15e1f0a8a56e7f99126bbc11ec24f7c3dacdbd52c76802f154 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f01d69a74d20cb01c59499e6246e5429 |
| SHA1 | 63feef1507ae0f6309ecad76e169dd9aea307550 |
| SHA256 | 68fc184371c9262f6da1bad5fcd6e879bdbacd7844bea05c01579a10808b35d4 |
| SHA512 | a0b3b97f81cab22a080ac49e99f165424d08f53cb48160183e5902282590eec30c1916503c1eb93858f5d05eacef70c5a0c86ddc4a0d22e49776bf5276ef4958 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 046cb04e8d6d62495457a3dd2bab2686 |
| SHA1 | c6a70258e99b240133a7b09c66eb985e56591520 |
| SHA256 | f798247d464496fcdbebbc21fe47e592ff9a6d84d7c21212531a94e3e38261f4 |
| SHA512 | 5332cf5c1d92625a1af66a9662dc7226ebba6542bfdd867a8c98127fa78aa8679ae976b92c28d28bf1c5757ae0d43571e54125db3cf90548114f9210208e2403 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000054
| MD5 | a0c542b5e194157658948af4c425475b |
| SHA1 | 1b1cf0b7dcb8f90d06aef54f5da7238864877577 |
| SHA256 | 6863c583e4e25272a7674ff2e668dd79eb543141cba7b2f5d129eaaa8c5affeb |
| SHA512 | 67ca9b559ea02a8318b7096c25ddacfe2701bfe006f3e313683760e009f3578716189ca59521ee745bf5c8d1866d1b7fdc3c64221c38f3e06d0cfa56c1efe091 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055
| MD5 | 651860cc7821bd79694b6721f1b3d78c |
| SHA1 | b224e9f27921b915a83f34e387d07baee4b15b71 |
| SHA256 | a3973c336717517e8c653c978caadfe17ba743ab0e25cb306f50a37254022ab9 |
| SHA512 | 75e5eec472396a4597ec5b271ca23b8881e296809f3e91d5c856ef8edb3fb2a95ea33babad10f28c44a7293349b4778b37eac0d7431688f85e180b3b2021300e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000056
| MD5 | 693c29b2c5037b6af644b651df136b2f |
| SHA1 | cc7588a6671134dffdf3dc6b053b32b3883c79e5 |
| SHA256 | 3b96849c2f194714ce89fbbd9265cca9d66ff67631edec78127d65dbb39ae09f |
| SHA512 | 48feae845a5d8078ea9785a24dee591ca42c71283c8dd1673016528a142f4cc2a08ba8b55bc53e443b1cf7e88baf05e5841707d90b0ea5ece8bdce47098708e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e96da05cbdf0d093c8b55a99edfcc4b3 |
| SHA1 | d3c8f37f8e4e8983ed9d96e1782a75b1f3f5d65a |
| SHA256 | b624605364841be9280574a85b188ba9636f768562b7114a4d031fd6bc2ebc76 |
| SHA512 | caa5a3f202697f742c89b71b98d2aaaf0b2a0150fd6b6e27878b0188811f3885e45537911d96d24d83eac8edcb771e0b0edaa7ef8633a11697f7fd702c679ae5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a6a7b7258570901671893e685944315a |
| SHA1 | ba418d8ad8062d11851f1e50f4b270e07aff64aa |
| SHA256 | dddd40a93403418c881f961594955a402e19cd487d6209c4a646aca0c40188ae |
| SHA512 | 982a0a856ed6dd73f751ea44d686417d2dc0395d6066440f0fa3a48d2ebc968d88abe00ba05eaf42f0381aad7aae3e9b2a1649d1255e128b897ba3f70abe848b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 5fe522092766d9b7ddc7b848d6471c80 |
| SHA1 | 7c31c764eb0d16203d20a0541a6907eca7dfa772 |
| SHA256 | 5efc75d3bda95365e763e2c3b2b8b85c6049b49a7b53988a9ef2563f8b04f104 |
| SHA512 | a160b808591d06d47e961c097b31cef0b623463e5483be56956a9b26911e52f0450a457a82bbfac6285a8fd84270139caa7b4a6a86d5202db0d32a8a893ba5b5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ee2f6b6df4a06018519c42a94ce41683 |
| SHA1 | 8a16e1c2afb2637ca80ff6f8c2432990ccba2450 |
| SHA256 | 8095bfc0c09548a4323d09762ef8c30c05361d0c03a7f3bde8d5aed98aa5e648 |
| SHA512 | 6dceafb7fbb6ecc275001c6454d4b9e245b482a1ab710122079ddbf3fab3a83ab67224b13019e5de3ffae4911f3d59fbd42c994155794463a0c60f3e67b5a653 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e974ea03b52f8e0aa500ef2e116442b5 |
| SHA1 | 551e3496f594547a44689e3671783dc002319e89 |
| SHA256 | 2fb0f9a92573db6ccf896705dee13b62d7c9a773effa85580c4ad233a7236a27 |
| SHA512 | 310b1a7cbfa3903b9e7f8d8937bd15a0df9865a9f764bdb72b707a1604690103a47ada2de0ba8ceffcd90625f101a0af1a4d76e6d7832b771d9f6ec7ac8c4570 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 12692b0907729a86bc78aef2a503af79 |
| SHA1 | ccf681a601ce000116aeba87e1aea785d73d7846 |
| SHA256 | dd02eb162398e827d6c5f274c31e2dc26c5559628ec7cb904d64425cfbca7bc7 |
| SHA512 | ee9630dd3f5152837aff1f521479b53c42388faf2f242ebb9f08532f8b9c446144eea0fedfdf90743a752791fdec5e0490cb2fed4e94aeac112e7381f8bfeca7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | 7579ce3cfe19c90c1938d15d58d5a48a |
| SHA1 | 7f16016eec17c4b43d9de84d62025c688c3672d7 |
| SHA256 | f386b4a4dbf3b82f2e286e7b571bc33ae8324b73e7d7aafff8a0d68794355179 |
| SHA512 | 5e8fd0a780d4437ac1a659724a73678d6e895cf4d66f017763fec5b2f84a20ab3fd166856d66409203f61d786aa0a31b9b10f7f27c1baa3d99044093833ae99f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 59b33393f79d6b2739962ecede5d2600 |
| SHA1 | 6964782036fef08504dcc7d213f21bad71c4957b |
| SHA256 | c208be034f14889af4bf6163de9930af6b4fbd75a25cf0937b8af9022f2f1ee3 |
| SHA512 | d9245fd00afedd2a4618b5a7b069d4ed97642a81b090280a4a08ebd43352fc897af635102b74913dae63dd7af52be720e24d02b524b5825c40c27dd52f6f0708 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | bc6142469cd7dadf107be9ad87ea4753 |
| SHA1 | 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c |
| SHA256 | b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557 |
| SHA512 | 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 7316d24f2f06ea16d85da1a96b79b7c4 |
| SHA1 | ea354ee4eb9a29349bd4b742a6ab49ee9080f6b3 |
| SHA256 | f5f3943c9c971a481187f736ba9cd29b8687f36734c871bb0445af90e7d6cb91 |
| SHA512 | 413ea06a906569bf0e0abcfffed16f9fa1dadbeccbbbf5e2a95a192914d89f8c4953e9a3d1bfb7433e53942965c9f06300023378697371be9851824ed2fa697e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
| MD5 | 0c3594a39ffc386266a74a0104605456 |
| SHA1 | 3fb2b159170d6146395f077c54bbae6cdb0c9de7 |
| SHA256 | b2cbb150b038c6931c3a32f932f23f005dd1e3d600066cc2fa2660f293b1d3b8 |
| SHA512 | bbfc65e94b9107478cf46776c69939bc5025ec633fe0020e2ae89ab640fd31e52d390dc394a0c273a1046ba0981e172f40281a63fdc1bc1bd2a4aecaa524ff41 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017
| MD5 | 3e06fea280dd95af4e9e647c7ba79499 |
| SHA1 | e15010c2daf9c314275960af7f4f13b2c29702a1 |
| SHA256 | a3885730d060ca9edbaaedc28efc95aeaff75ec5bde5ea2c6a66ce8c52df8b63 |
| SHA512 | 52a046a33195be10ed89e3dc9e5a1efeaf9379d0acb7164eea20d4cc89ec6918ab1e5e3a8b65a53920a86f9341f9bd25bb8a5e0a7752a3a9b023fb3b220dffc9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
| MD5 | f61f0d4d0f968d5bba39a84c76277e1a |
| SHA1 | aa3693ea140eca418b4b2a30f6a68f6f43b4beb2 |
| SHA256 | 57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc |
| SHA512 | 6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015
| MD5 | 425b39fb43d7b5fc2dcc4f6a1eca6b3a |
| SHA1 | b8b882269b45ee03f6999a3557aaeedd7039de81 |
| SHA256 | e1a4496b345c409fc20c45de2f647f540938e2d164b477eb1036b9cf5ddf1c72 |
| SHA512 | 403da3d3e17f31f7712f9aa60070feee72827a32c82543620c062c2abeada8f0f377be8016ec5358d621c149776ad69908b8d8e680de54e1e0964555aa90e12e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
| MD5 | 339a11bd1fb09485726aefc90eeb2d95 |
| SHA1 | 7b35a42fe8593b072286b1542fe190cc6520f795 |
| SHA256 | 7c568784439b0928037d5fe54d05da55f84e05069eb3cdedc78994b6a4be4bad |
| SHA512 | 0fca9120eb4a8562c7b89cdb37e7f5430fb6b7c2c6b5d4ff30092e8747561e78a96e7a064d61b57e73ffe246e7b7c9eed63c850cf17aa938139f7b0508597aa6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
| MD5 | b3af461d890d89b2e3e208ac026c050e |
| SHA1 | 7379ebddaca7ddff1d5365dd7ae3446ea9b4198f |
| SHA256 | 1bbfcefed9e13d83ddfa07f48763f9176253830758b470e63d8777cc00401f5a |
| SHA512 | 87a7e69dd358a5f86d88776b2812eb70686a74381d5a4f3bf672c02169e29ad53b375fc3bca5b70c79df4b68111b5d284279a21e096f99af9f287ee4c05d70a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
| MD5 | 6e26354796600c5f88f1fe622bab1ff6 |
| SHA1 | 249331e0dfc462c86fbff12d35be68e87e901d32 |
| SHA256 | 9a7a8e90aa050a59605f8768b441ff65424731d48d858bc964d7f9de196b4ced |
| SHA512 | 9f818c67da87177fc5ba2e15623c87e1f12cef2b2c1264dd037ea0deb793fa8fc8785e9df85a800face6d5bb5e45044e5b0ffbf4fc6a066135042eef575ecc71 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
| MD5 | aa12ea792026e66caab5841d4d0b9bab |
| SHA1 | 47beeba1239050999e8c98ded40f02ce82a78d3f |
| SHA256 | 65fe153a832452e97f5d484440a7047e314d3a83cb61ad2508fed48a820e1de1 |
| SHA512 | 0b2b1bb8851c60c9d4ab1d039b990a4de5799c97c50b45f64e36a21849c14e785f69196f674ac225b1419d7f501338054074cab6203d041361a4fa1ed8802b27 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
| MD5 | 304f98b9c1f1d2e656f1d4b3f8434362 |
| SHA1 | 6c5a94fdd70d0abed0b4c38b9f4bef06df420241 |
| SHA256 | 80742f33b0ceb4edc23198240b5eb5e7d88191f2fa7442a96cdaed16358de379 |
| SHA512 | 8ba5157f5cfee797e828976e1c89bcb43a7bb40fa3804ea900adecd44b1962e315d7faae0837c591d7dbb5bfa7cdcc0cc8d1ce2d54fc13b811b0a218450643ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | b55469bb289545cc1cd0127d19552d77 |
| SHA1 | e5209795fd2c68d60bab73832be9fb911028d2fe |
| SHA256 | 04b2d7ec05b4b1187beec607b5553f4bde0ab12f9f6ee4178f42d779b498eea7 |
| SHA512 | fde40f98b0d89988d8569ce1c6be67b4413cab47c35ce4f97fc8f48ccaf887572fb6d49cc28d9cd18bdbcc5468be6a250a2e889c03cd2c59fdd3429d1085d650 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | 715ddb59152997229f6adf6cca87934e |
| SHA1 | 369d11f9cf5752e525786cf86f62d91304c4ef4e |
| SHA256 | def04c86ef81b48ee702322981012f50f288648bddf0a3a417c0c24c375c6c8a |
| SHA512 | f3871ab5a9e2b84edf7c674c99c94286dd0a6a870649aa4d96e57e53ade026e2aedbac5ed6a7d918eee28af291edc4584354c473463764a48f82ce545be2cf18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | 1843251da048331e2641fea37a806c4b |
| SHA1 | b5707974d14477ac80d4623d643c67dc9e30316c |
| SHA256 | f0cfd88b67f9412469bd3e44ee7d9a6c91a68f188b0cf3038a4ca4607778b7b1 |
| SHA512 | a2d0e15b55ba7f598dec38844debd5f1432fa75a87aa8032ac86afa9754a9e41069bee974fe48ffad2a34d46606eafe7fa23711587efd835c3c631192b20490f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | 7f9acbbb7049eaed87f791bb8ba85abb |
| SHA1 | 273a4124ff92a4225b158a87a7cfb6fddfa46922 |
| SHA256 | 35694a41eaadb5cfb02433bd24334b2f5e280e377213b9d8af3a76973d17a203 |
| SHA512 | 353dcaace5a103cb00bb99b1b255cbe726332bc3a49a6f078baab874c695ada7aa6aba8e830ce1e885c569870fd8defec8df214b968787f0b3876ce092cbcb9e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3
| MD5 | 5100561cf23d412c92eb76f49ba4865c |
| SHA1 | c1d28e1c36ef194d6251401adcbd109632524142 |
| SHA256 | e4513bc7ea95caf693fa61fc7f703720913a88862baae7a1a22d5a5e61fcc196 |
| SHA512 | b4d04348aa23fb10b100ddfc437699b3d72e53fde128d8be41eabfcd492da51f1dae7552e116ba1dbb74eae3010368bd56e6b368c168bd9e2f5e9f26982091fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2
| MD5 | 9364e19f5c1529d8664d65d07fb3e186 |
| SHA1 | da2d84423c9459985f78ea315d0518668144112d |
| SHA256 | fd627b062db38c0ac97f32873b81cb18c614abfe64a2d236ace622ea82c3995d |
| SHA512 | e456756955d04a413c3aff2d3470aa5258657110a6172e58d69bd2935e03ab7cb67692c022ce9815eb4cb09a3f0cee4acc0e76e40db137aa80300a20d241b5a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
| MD5 | 2df83165c918cbc1369bbc42ad502a67 |
| SHA1 | fff941c3061c163d7d212df9926a7b86310573b2 |
| SHA256 | 9df1c386921a82563aa25787b61c5f186812ad42c5973c8396368670c92a2e43 |
| SHA512 | 465039d7ec97bc8bc27b072984dcffd369c818f2e902dbbcc9b7f4168d8c8513ffaf3fa54e8b7294a0c865002752e5973638cc75503db0df71abd49c86076813 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
| MD5 | 1f18472f9c8e721b7b2354315db61d91 |
| SHA1 | dadfb9686a370e4bccc6d907bafb6428576d67fe |
| SHA256 | eb5f70ac32b73a0e2a83ceae40897daa01c9608ca303215f2b29057d7c56f7a1 |
| SHA512 | 0d79911d258623dee8ae484e82a5bb7c2449a8d95f7d7bf6571173bd3c672d44625ae96c99499214ffd3df3de2cc504c2b5d0f2ac84345fce7f7a40467019504 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 009b9a2ee7afbf6dd0b9617fc8f8ecba |
| SHA1 | c97ed0652e731fc412e3b7bdfca2994b7cc206a7 |
| SHA256 | de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915 |
| SHA512 | 6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4cff4ca1aeb52aa6399ad580a91299b1 |
| SHA1 | 8e531afcc495a8e861f09074a0d46ad9a1481365 |
| SHA256 | 451f7337544504f28c620de47a3d4a6948bef324409ea61ec4cdd65bab647daf |
| SHA512 | 0cfdfe3db7c5427fd6a0d6ce29c6ad5e5a87bdd8f5de3604adb7db73dc00b57b13c1ef4e3424c7694419e55f4330567fb0a202d2ea8588e83a4be497c004f9b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | eb56c0930d69793092bcb71bcda7bc4a |
| SHA1 | 91de272234dbc3e5c4631de8d471c15c9edadd28 |
| SHA256 | 2af046689fd965825558c23a712df164ab55cda6d0337d9aa05c50b5ac110d04 |
| SHA512 | 63005658ffc438238a8d03df45002feaad6dd5f4326bf590f8171293b9cde5de0d1836d91a108cc547a0a4257d89b3bef591c05dfd3d1f2570ae8045480f8c37 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 08bba004d53f4bfd24cc6ac97cf64117 |
| SHA1 | 1ffab693a2c6253fbcd0608ae1d38cc47380fcf0 |
| SHA256 | a01075b0e95ffa14406c85e04cc2385858faaf8cf4cc426d3b1c9d681c8932ab |
| SHA512 | 216bf7a45bae7f1d4ca3919761f0eda562f260d85b7830205360071176b7322b9b3a7fbd620692d79e14d33418d59a176416840b932e2a05a5bf4a373ce4d45c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | b742a1635f8406ec18a4a8e3491a7d95 |
| SHA1 | ebd17ff319263664a5f6665d218c85f7c54d2c16 |
| SHA256 | ab0430b03493f53bd1276f20ef324457ed6bb9fca9dec49b055c9fe37f3225dc |
| SHA512 | 891b9582b87f9542771ad552e1b9096950d65e7519ec53f8816186228ae625bf059da00a1c2db61670fa73a91a13aece75983bfc98b4e77af3d8a8d9bca6957c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | bd1b0fdd4547019e03fdb09c6c56ae82 |
| SHA1 | 935c91c3ae9dfce63c54fd1f8c400fa588be6c0f |
| SHA256 | 1b9ce0903da53178d51f62a6fe1763c98cac1aa28992934a008e6ded7bf38004 |
| SHA512 | 5c509209aa9fc796f42f3ed22975aa23a02d731a4cf133eb3518565ad5ebb7b2424736643504dd05228317b7290d15699313d4666231e577df0ad5a3d3e01f2d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e6d982f9c423176040724a997dd7cfc2 |
| SHA1 | 50a9eb54a8e98d92dc64ff32e12242ac9d7eae59 |
| SHA256 | c59044d814a9d1e08ae2c4f702edc23d4f7eafd30c70c5874c4150f5a1fed1ea |
| SHA512 | 3fee54791c7e9311ebc9c2a019c8e48c6fedd437ba1cae24d7ef6141f5b7a410b6e0442acd95de65e1239aa53b5499185edea3da1199b1825c61c07c734dfec1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 19401d31ed27ec5138aa1387a754ed7b |
| SHA1 | b9c7b613cd64daad7576284cf7cf7feb68f11828 |
| SHA256 | 9580e96f955b5d5edabd54f880ef5f133211dc37310274bda92a1323ffbcb5c2 |
| SHA512 | 8390daef3802ee43900d5c4b80ef3aeb7ec69a4b869a5b055ae86faf5c9111c62e8b00c548ea98e0840f25d5dd2ca1364c2e8514998097395462eb1b68945ae0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 38c2f1406136f174ce221d1a17592373 |
| SHA1 | 417a055eca8fe747b02dbaeb03528d840f554cd9 |
| SHA256 | a551a7ee3b1897f795024a2dc900bc0c9b2bed67720646daa866d4b7dd2a3af7 |
| SHA512 | ddcaa05e367aed49eeea4f8d24fcc84f9078458cdcfb1a134790febb63859637a892ab10e3baca8c377ebd0a0d6e7f26006fa06aaffac259ccbb0e276c4bd48a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1e99da5041a920a5880cdc9ce197ddc7 |
| SHA1 | ffdade31e6acd25c8904c727fcebadfbf8258e17 |
| SHA256 | d0af74901d24d140ca5df4c5794277931a3d0df549167365ec51b8df232b25ad |
| SHA512 | 879c8e5d21f29b8905ce99649bdb73af6959f604800df9f313bdbe7f097320826ac9f7b7ef4a223c4f112f4ad728e6676451a8b250ca50221a9cf1c4cda5b522 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000087
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\Downloads\Unconfirmed 113280.crdownload
| MD5 | d2c72208f8783ec83b123324e8093cc1 |
| SHA1 | 4afbc9f19f8a194bccd5216e05083e0d7617fff0 |
| SHA256 | 52ed4671a31c8529f2ba3027e25080c842d09f0517fe64e844f93d619cb4dd26 |
| SHA512 | 03b7c6511e32f9822a42182776b2f862bae7627a2df374f874df05f3d46f90857a37afaf12d7d29a960f5d22536878dea9240c5872d84c9835663d219c5d531a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | deef60a1994ba9bcd69c1abb5a5ecd4e |
| SHA1 | a7d54b0d024c37a359a32720d7cb09275b750a6b |
| SHA256 | c6f686c0658893a0411047c9334ec7a20436b4801d2900f7173d578238f2ea3a |
| SHA512 | 46aaa6a400cf0120634faa4d9346738420b5d4a75432c68241a279b6f066d660dfdff46800e323a94cc85398d7e94d6ea76045329db41769268ed231ebdab33b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fe167c58d9f7315ba0424b3da711980c |
| SHA1 | 8be8b44dee1660921f9b2bdf5218495e1c90b224 |
| SHA256 | 3ff9b5f5e64a7c7f2d4ad998f713249c61cae0f7b6aacb7782c6eeb6f7cefd63 |
| SHA512 | b46de2603b3e0174edf3182d0e2a32ca637cc232880a52c4da590322a1702a63b0dd80f91e5d3dd7fb933d5d6a3c698d58ae23ce495cd63266f9d10cbbfbf9d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 566767f2e9934c52a6a77067eb060ab8 |
| SHA1 | df64dfed2f7d7a649568434284f43781b359963e |
| SHA256 | 35b9f34ba98dae3b6747db82c4a88b49b64edf68c53fc1d9e9af853e87dbe99e |
| SHA512 | 2cb0c7235b7ebd0600f7b503d6f804a521c05b89bbfe762c4998757abaf3b6726949941d68154e0008768bc80a2f6cf365467a460e70e466509441ba02a8ce41 |
C:\Users\Admin\AppData\Local\Temp\7zS07D8F3CB\BlueStacksInstaller.exe
| MD5 | c8ec5e0af9329936df1fb6382f092687 |
| SHA1 | fc8a59149198e5acef2ca6a51f01d1e3ff0f50fe |
| SHA256 | 7b3fcbf635508cde1dd74e41b3914f5b85bdb8de1bcece745ac6a05ddfde63da |
| SHA512 | 1bd43948428d964b94befe7e2b9cd74e0cb5d6af76f5adb166323510b2f775ae479e781df104222197ac5e04e83e885cf6a5ec65c7bb3c5aebd45dead24439cf |
memory/4560-1490-0x0000000000D40000-0x0000000000DDE000-memory.dmp
memory/4560-1491-0x000000001BB00000-0x000000001BB68000-memory.dmp
memory/4560-1496-0x000000001CF10000-0x000000001D438000-memory.dmp
memory/4560-1497-0x000000001CE90000-0x000000001CEC8000-memory.dmp
memory/4560-1498-0x000000001C4C0000-0x000000001C4CE000-memory.dmp
memory/4560-1499-0x0000000020800000-0x0000000020808000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 90d3e98fa07040afe422449414e3646d |
| SHA1 | 97df3c1f0bc374a888e55084275e1ba27787a0fb |
| SHA256 | 9b77e169f3eab3a946cde3217ad1e5cd66b2b9036a08577998c11514b6223849 |
| SHA512 | 5554c3cd64731308525782d8722505654ffc2bf8888e3eac54be714bf09e43ef37cabf0940b990d09d7fd006ae74b7961364572d7d9e91497c6ac840e2231024 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | bdde8a93f96ff5d80493f8ccfa14f73f |
| SHA1 | 8a8565c62fee4a0e02327e90a07227567c5dc62b |
| SHA256 | 811cee67488c5ea927c1b0f3a83b44449668cb46b9506816510b6e4b9e2057ce |
| SHA512 | ac45cc3fc7d2dbd30f6e3cf9d273b74888f1bcbfcb8267da63469b02e97ee3577361d3c576eb0183d098107602de471a7e8302b78b025f5f9c0721d978550b19 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | eec753dfa2fb099c8d0fa239fc162a5b |
| SHA1 | 08518aedb2a0b28b90bc1dee1fa13831cb3d4b84 |
| SHA256 | 5a5ce8195727aba115208348f75cd18fde41d699b4973c974780a35ce2cda72d |
| SHA512 | a503cf8c90aa394678b7a0f284076a4046982ba0db347b03ac0bcd64887aff1ee87dd6633c87fbab69be61012bfc7acbc7c1f7f8e5670e7baa821be2afa0bfc1 |
C:\Users\Admin\AppData\Local\Temp\nseEF3F.tmp\nsDui.dll
| MD5 | 97293a34cbd5897ee92dd96bb666fbbf |
| SHA1 | 06d39908d3ac86332758159d5e4accb80753aaf3 |
| SHA256 | 8b08f564483fc6f4e61d0dc33ee8da4572055ecfb669c9d73645130aad17b4e6 |
| SHA512 | bd3688fed0397f19bef1f831d889a8f2d168262d243b9dd388ad77ab6422eca6907dbcac670092b3d7d1f3a4c0c524a68d7f10942d67f591931cfb7c9fa3046c |
C:\Users\Admin\AppData\Local\Temp\nseEF3F.tmp\BgWorker.dll
| MD5 | 36c81676ada53ceb99e06693108d8cce |
| SHA1 | d31fa4aebd584238b3edc4768dd5414494610889 |
| SHA256 | a9e4f7ec65670d2ce375ffaf09b6d07f4cd531132ca002452287a4d540154a38 |
| SHA512 | 1300de7b3e1ac9e706e0aad0b70e3e2a21db8c860e05b314a52e63dd66b5dffdf6be1e38ab6ede13bfd3a64631cc909486bf4b1403e7d821e3b566edc514c63c |
C:\Users\Admin\AppData\Local\Temp\nseEF3F.tmp\System.dll
| MD5 | 959ea64598b9a3e494c00e8fa793be7e |
| SHA1 | 40f284a3b92c2f04b1038def79579d4b3d066ee0 |
| SHA256 | 03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b |
| SHA512 | 5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64 |
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_pressed.svg
| MD5 | dfddf8d0788988c3e48fcbfb2a76cd20 |
| SHA1 | 463bb61f0012289e860c32f1885a3a8f57467f2e |
| SHA256 | 9585f41eb6202e89f2087266fa31852d7f41ca8cc659b907c96753fe165f937d |
| SHA512 | e708c5114c60f7574589d6a56c9faedda26ee4a40f0eeb25f5e12eadcf790f24fdbf393fa0aa6ad449b5337d625b092d6f8822472fa8a6ce1339aca59c50c3ca |
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_normal.svg
| MD5 | 3221ac69d7facd8aa90ffa15aea991b0 |
| SHA1 | e0571f30f4708ec78addc726a743679ca0f05e45 |
| SHA256 | 92aeae68e9e0973d9e0dc575941f1cb2e24afd0574341a46b870be7384eaa537 |
| SHA512 | 5e2de0abfe60a4db16ea5e8739260c19962fbfc60869a77bde6ab3547ad8ee3ad88e74e97da31fa23be096afddad018e431d152d6d0fa21a75357a11dacb1328 |
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_hover.svg
| MD5 | 76166804e6ce35e8a0c92917b8abc071 |
| SHA1 | 8bd38726a11a9633ac937b9c6f205ce5d36348b0 |
| SHA256 | 1bca2e912184b8168ee8961de68d1d839f4f9827fde6f48ab100fb61e82eff90 |
| SHA512 | 93c4f1af7e9f89091a207ab308e05ddd4c92406c039f7465d3b8aca7e0cc7a6c922a22e1eee2f5c88db5e89016ef69294b2a0905d7d6a90fd32835bc11929005 |
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_disabled.svg
| MD5 | e7fdf6a9c8cae1fc1108dc5a803a1905 |
| SHA1 | 2853f9ff5e63685ebb1449dcf693176b17e4ab60 |
| SHA256 | 8ee5aa84139b2ea5549f7272523aeb203d73954c5ccdcf6f7407bf1a3469f13e |
| SHA512 | a6388b24926934e20ccf7fcab41bd219dc6c0053428481d7f466bf89f26bf1a36fdff716a9ddd9ab268df73b04dff1449c6bac1f5c707e31ae2ee71c2087e0d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 2366c57fe5669e6134e7debbe5647405 |
| SHA1 | 515f07d71778d0d3d64c3cc583e3352cadb26aaf |
| SHA256 | 46be4d721d844df5b983c5be2c17a2ca214a4737cadf2b5855d0fa2a9c961964 |
| SHA512 | ec8da1fe9e48f1e1c43e623e062b6dad73b40146ba71095e69118504044839efda27d0288263bd2294463d9ac418c07aa6292fee5eca1d40f9d767a81e494ea3 |
C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe
| MD5 | 31619556ed6d5ca481cfcc3b8a5b6a80 |
| SHA1 | 61fbb30965a5b11b6d8d26e85f0aab14868fc97b |
| SHA256 | d19ed921fe898222fc2bf4260820d58315ef30f178e87bafffd41b9602b791e4 |
| SHA512 | 1a5725d88a8005a62cb2c229235752b63698323e7c5facb564d62c7b6e09188d75935c319b91c0e82e40eb6118d7fa9bcf048065f485b7e61e47523447bc06d9 |
C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\Assets\minimize_progress.png
| MD5 | 1504b80f2a6f2d3fefc305da54a2a6c2 |
| SHA1 | 432a9d89ebc2f693836d3c2f0743ea5d2077848d |
| SHA256 | 2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6 |
| SHA512 | 675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94 |
C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\Assets\exit_close.png
| MD5 | 26eb04b9e0105a7b121ea9c6601bbf2a |
| SHA1 | efc08370d90c8173df8d8c4b122d2bb64c07ccd8 |
| SHA256 | 7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157 |
| SHA512 | 9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68 |
C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\Bootstrapper.exe
| MD5 | e896caa05303bdbd59395225248889bb |
| SHA1 | 85681e927d9c44b1260609ee88d12eed9a612100 |
| SHA256 | b96937b386fdd06060a61756d3c0e2cf0b99908833cd91490fe88db6a44d394e |
| SHA512 | 584611be4bf3574693c2fc9d835379d644cb568fef177b420e74548483b41f89ea8ccefb55c4464fca60e2db9fa2e0fd40d7d3da1c2de5cc25e8c4822ceeaaa8 |
memory/8952-14177-0x00000000003F0000-0x0000000000418000-memory.dmp
memory/8952-14178-0x000000001B080000-0x000000001B164000-memory.dmp
memory/9024-14179-0x0000000000840000-0x0000000000894000-memory.dmp
memory/9024-14180-0x000000001D090000-0x000000001D110000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS4E03856C\HD-CheckCpu.exe
| MD5 | 81234fd9895897b8d1f5e6772a1b38d0 |
| SHA1 | 80b2fec4a85ed90c4db2f09b63bd8f37038db0d3 |
| SHA256 | 2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c |
| SHA512 | 4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16 |
C:\Users\Admin\AppData\Local\Temp\nst42A.tmp\StdUtils.dll
| MD5 | c6a6e03f77c313b267498515488c5740 |
| SHA1 | 3d49fc2784b9450962ed6b82b46e9c3c957d7c15 |
| SHA256 | b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e |
| SHA512 | 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 512eeae70f4a421b24aa775e3257df70 |
| SHA1 | bf44b60fc301bad49c2d3b982ea6fb0c8453833b |
| SHA256 | e8e824b5d40ae6320d82fd6724e81c9f3a67cb0d9a01f44989b33fe35a9a2a93 |
| SHA512 | 61732b1582e0b06f11709cde48df7c551adf7e959578e8c373cfbc56938a9a764df414ef5e1392a1acd8bbbfd925ea2dc38f813e6e12389d8269923dab08ff2c |
C:\Program Files\BlueStacks_nxt\7zr.exe
| MD5 | fbaba140f30a11e5ff4f97d921de6d45 |
| SHA1 | d12360b79d9fe7ddc5380a22539dc7d4768ff5f3 |
| SHA256 | 4889c0826c633c0291264d37834363be90ee39d07fcea228494ed151386dcb16 |
| SHA512 | cd18bb1b057b1b077fde372ca5f98701614b196b692ac42ec56e5b839535022d884a2cd9b6bf644a520c6f48f12f673574a24e60580c70c695067b66442ea7a5 |
C:\Program Files\BlueStacks_nxt\Assets\close_red_hover.png
| MD5 | 5ceab43aa527bc146f9453a1586ddf03 |
| SHA1 | 88ffb3cadccb54d4be3aabf31cf4d64210b5f553 |
| SHA256 | 7c625ae4668cc03e37e4ffc478b87eace06b49b77e71e3209f431c23d98acdd0 |
| SHA512 | 8a5c81c048fb7d02b246ed23a098ae5f95cdf6f4ca58fd3d30e4fe3001c933444310ca6391096cfaeed86b13f568236f84df4ea9a3d205c0677e31025616f19e |
C:\Program Files\BlueStacks_nxt\Assets\close_red_click.png
| MD5 | 6db7460b73a6641c7621d0a6203a0a90 |
| SHA1 | d39b488b96f3e5b5fe93ee3eecb6d28bb5b03cf3 |
| SHA256 | d5a7e6fc5e92e0b29a4f65625030447f3379b4e3ac4bed051a0646a7932ce0cd |
| SHA512 | a0e6911853f51d73605e8f1a61442391fad25ff7b50a3f84d140d510fd98e262c971f130fb8a237a63704b8162c24b8440a5f235f51a5c343389f64e67c1c852 |
C:\Program Files\BlueStacks_nxt\Assets\close_red.png
| MD5 | 93216b2f9d66d423b3e1311c0573332d |
| SHA1 | 5efaebec5f20f91f164f80d1e36f98c9ddaff805 |
| SHA256 | d0b6d143642d356b40c47459a996131a344cade6bb86158f1b74693426b09bfb |
| SHA512 | 922a7292de627c5e637818556d25d9842a88e89f2b198885835925679500dfd44a1e25ce79e521e63c4f84a6b0bd6bf98e46143ad8cee80ecdbaf3d3bc0f3a32 |
C:\Program Files\BlueStacks_nxt\Assets\checked_gray_hover.png
| MD5 | ea22933e94c7ab813b639627f2b38286 |
| SHA1 | c5358c5cb7fb1a0744c775f8148c2376928fb509 |
| SHA256 | d7c79677d2ef897fa0ad1efc90e916c46da29f571208f78f24505603b7165c20 |
| SHA512 | ba447a1aedec49419e2b4a8de85c6047886f1a5ebb94f1c45e205a3780c6826f412a3892e97115b35e43839f43e346f3c72ffbf0c57d57f6d26b360ae61b3964 |
C:\Program Files\BlueStacks_nxt\Assets\checked_gray.png
| MD5 | ce144d2aab3bf213af693d4e18f87a59 |
| SHA1 | df59dc3dbba88bdc5ffc25f2e5e7b73ac3de5afa |
| SHA256 | d8e502fab00b0c6f06ba6abede6922ab3b423fe6f2d2f56941dabc887b229ad3 |
| SHA512 | 0f930edd485a0d49ef157f6cc8856609c087c91b77845adeb5cc8c8a80ebc7ec5416df351ffa1af780caad884dbb49dcc778b0b30de6fb7c85ffef22d7220ebe |
C:\Program Files\BlueStacks_nxt\Assets\installer_bg.jpg
| MD5 | 3478e24ba1dd52c80a0ff0d43828b6b5 |
| SHA1 | b5b13bbf3fb645efb81d3562296599e76a2abac0 |
| SHA256 | 4c7471c986e16de0cd451be27d4b3171e595fe2916b4b3bf7ca52df6ec368904 |
| SHA512 | 5c8c9cc76d6dbc7ce482d0d1b6c2f3d48a7a510cd9ed01c191328763e1bccb56daeb3d18c33a9b10ac7c9780127007aa13799fa82d838de27fbe0a02ad98119d |
C:\Program Files\BlueStacks_nxt\Assets\powered_by_bs.png
| MD5 | 7a2e5c21140aa8269c2aafd207f5dbaa |
| SHA1 | 4e0d9e7e1b09e67eba10100d73dc51623517821e |
| SHA256 | 3d2afe5236ec813d9e8063bc43eb34b88c2155784e1bce19c6a533c32767af35 |
| SHA512 | 63f512559f2068a9702c7c527c126f6017cd8d1d16af52e41b884aa9a64ff4294a57243ec78c3a416f70fb6178a79877d68345357725ff92c935709a2ef8adde |
C:\Program Files\BlueStacks_nxt\Assets\unchecked_gray_hover.png
| MD5 | 62d7f14c26608f8392537d68f43dece1 |
| SHA1 | add4f30e7c3af4f7622e6bc55d960db612f3bb0a |
| SHA256 | a631e26bd5b6ea19c8c65b766a056c92ba8a47e1483768dcf12b05293c9a7a0d |
| SHA512 | e41210a78e6076954f75a2f73c0f7628e8604a09ecbb1d2ee0972741d4ef1d814b366828977c02944736b03ed116bc559a2ae47ddb7cbc6f4e54578c8263edf4 |
C:\Program Files\BlueStacks_nxt\Assets\unchecked_gray.png
| MD5 | e50df2a0768f7fc4c3fe8d784564fea3 |
| SHA1 | d1fc4db50fe8e534019eb7ce70a61fd4c954621a |
| SHA256 | 671f26795b12008fbea1943143f660095f3dca5d925f67d765e2352fd7ee2396 |
| SHA512 | c87a8308a73b17cbdd179737631fb1ba7fdaeb65e82263f6617727519b70a81266bb695867b9e599c1306ee2cf0de525452f77ce367ca89bf870ea3ae7189998 |
C:\Program Files\BlueStacks_nxt\Assets\installer_logo.png
| MD5 | e33432b5d6dafb8b58f161cf38b8f177 |
| SHA1 | d7f520887ce1bfa0a1abd49c5a7b215c24cbbf6a |
| SHA256 | 9f3104493216c1fa114ff935d23e3e41c7c3511792a30b10a40b507936c0d183 |
| SHA512 | 520dc99f3176117ebc28da5ef5439b132486ef67d02fa17f28b7eab0c59db0fa99566e44c0ca7bb75c9e7bd5244e4a23d87611a55c841c6f9c9776e457fb1cbf |
C:\Program Files\BlueStacks_nxt\BlueStacksUninstaller.exe.config
| MD5 | ca0a329097316832e4a6ea5d870c9268 |
| SHA1 | 4a36b93361d3dc9df9b00313f2c2b394be9e1e72 |
| SHA256 | 4b7df915d706af6459c38d75b09c5e14f951842ae0678078400f204ad1c7a7c2 |
| SHA512 | 51f9a874e84f130be4fa29fcc4bc934105318234b5dd9ceedaf569e3f0e6b38e29f3bec056044724476ae24295a510b16d8a737b994fd6f1268609defa315271 |
C:\Users\Admin\AppData\Local\Temp\nst42A.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Program Files\BlueStacks_nxt\HD-ForceGPU.exe
| MD5 | 69457c9a9974ab32264fed54bceb4b1f |
| SHA1 | 7b00b9860fbb9fde7edaf6cb35a7070f79554dec |
| SHA256 | 115ca4c71da3c6f6cdf74247fedec9830b7e9490ec6358d77a301be27bf69e5e |
| SHA512 | ccfc6597b2a34923f9f2162a4ab743d56486d169802772dd8ca87dad9c1e04d75330a960eac380e5af5e1db9a9e44b66221df1f583b0425dd4a91d0fea1d71dd |
C:\Program Files\BlueStacks_nxt\HD-GLCheck.exe
| MD5 | 4be4afddacc41422970834d7a0d4d1d7 |
| SHA1 | 82ffe2b1d535f2550ab63cbab450a6a3b6b034f5 |
| SHA256 | 24552a2080acfe8022dcb0afbe73896a4b781bfa49007e2fa6022f368265565e |
| SHA512 | 228b79f571b459f7a968e79db2d2c78da103db5956f19d7e13e167bd3a4783d8f967dd055df73076e362194be67a2bdd25dd4af99e22d59ab451c5c767c2572a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3364a099630af0c40ebcef946e9f090b |
| SHA1 | 113402bca3c6666808b53970f96d21cd5a622e3f |
| SHA256 | c4d5ee425bfff98e25e21b5305dda44f5a5ccfeaa3e7482b21734a7bfac432b0 |
| SHA512 | 6fb9c35a01eb12762062680a8d45bf41373a4e523e9d044329de348b88d6961a4b692e3c85874e0c306a8fbc50b572125455832a4e814382a472778a7696bc29 |
C:\Program Files\BlueStacks_nxt\ProductLogo.ico
| MD5 | 169706218f98a42594a8c5c5a65771fe |
| SHA1 | b8ded94180212578d86a031eb71ef93dcffe1a26 |
| SHA256 | 3803045963af064936d7071c178de8e40854968b3d3f9171c57a182c869f3697 |
| SHA512 | 1c3f18ed0a24ffa78fe938826eb88531eb8be134d6f209b87d7af5d0e8c4829f01947d7b0048996b9755562bbb7f52e000bcd15d07d646cacb2989ac881ce448 |
C:\Users\Admin\AppData\Local\Temp\nst42A.tmp\nsis7z.dll
| MD5 | 80e44ce4895304c6a3a831310fbf8cd0 |
| SHA1 | 36bd49ae21c460be5753a904b4501f1abca53508 |
| SHA256 | b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592 |
| SHA512 | c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df |
C:\Users\Admin\AppData\Local\Temp\nst42A.tmp\nsExec.dll
| MD5 | ec0504e6b8a11d5aad43b296beeb84b2 |
| SHA1 | 91b5ce085130c8c7194d66b2439ec9e1c206497c |
| SHA256 | 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962 |
| SHA512 | 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57 |
C:\Users\Admin\AppData\Local\Temp\nst42A.tmp\System.dll
| MD5 | 0d7ad4f45dc6f5aa87f606d0331c6901 |
| SHA1 | 48df0911f0484cbe2a8cdd5362140b63c41ee457 |
| SHA256 | 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca |
| SHA512 | c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9 |
C:\Users\Admin\AppData\Local\Temp\nst42A.tmp\Registry.dll
| MD5 | 2b7007ed0262ca02ef69d8990815cbeb |
| SHA1 | 2eabe4f755213666dbbbde024a5235ddde02b47f |
| SHA256 | 0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d |
| SHA512 | aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3e4b46e230efc83624488b05982e1b6d |
| SHA1 | 962f3b7dd1b227272db9afc3f86e20b0c6dd2c7b |
| SHA256 | 4ea9a0c14a16acee286a25ecd3aab47e719b708c99c9fcaf4094a6cc25b0bcf9 |
| SHA512 | b58ced66f0ae7d05ae822116da291fda622d81744691293d7439affc4aa0690dab3e76425bcce58793d61746bb8203d5f7def9ce340dc82fc820752167b39995 |
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json.tmp-83556946713f4dda
| MD5 | 5a6782df9bd6c59a1011eafdbb20f3cd |
| SHA1 | 0cfebd573b7d75084fba1155ce5da3732b8d46f7 |
| SHA256 | 05924354d9eac72ee93e3c1057e5a7beafe775b6f154119ca1192714fc386c9c |
| SHA512 | c86ee6df35a3ac9b54da38752ee5f6166b755ae4fc6916d236bad5b7a0d60c236127c94d36bf2ed2bafc42f2849ff3a31bd3591e6387681c5f8ebe22b11dfff9 |
memory/6348-15274-0x00007FFCC7C70000-0x00007FFCC7C71000-memory.dmp
memory/6348-15272-0x00007FFCC9850000-0x00007FFCC9851000-memory.dmp
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json
| MD5 | b02fc5742bf4e00feaa101c7e0007704 |
| SHA1 | 5e5b511d020f9c6c94648d737896c027ada2aa18 |
| SHA256 | cf129d439368caa113a50026259c7145aa6a159cbbd5cecfd33a92a1c5210614 |
| SHA512 | 661b33f41b9e9d81fb902693df3aa9c331ecf8ab6f77a42a178133aceddeb7b9c7ff9e11aa8e43e48eff67738ca8b077766f8c47d8334eaae83d34c3e6568258 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Program Files\BlueStacks_nxt\resources\icudtl.dat
| MD5 | 03205e5952ea7b803839ecfe3bb000d6 |
| SHA1 | 74146e76e31fd1e75ae1c34fa8194bc291b34a40 |
| SHA256 | 8364e6c6bf5744357199de0de3f6ba30846ccda70288675b75059e6fd52241f3 |
| SHA512 | badb8843f9a483329cc4f559f95bd07a8cc1f9383e0e67dddacf74e586541067ca452a7fc28b63dcd28edc434c3be8ddc733dcbad0e06d973dafc99242f0b192 |
C:\Program Files\BlueStacks_nxt\resources\qtwebengine_resources.pak
| MD5 | aed2766cd70116ab1e0c430001a30b8f |
| SHA1 | a06c62b35c333412dd61c493d6a6520a8c04537c |
| SHA256 | 4ed3a10f1bbc40b9a2ce3b8cb6dab6f00fe922d0c0e1c6ab5adfd8617cec9389 |
| SHA512 | a1ca058b88c1a6839b2e329b08423ee115800864f580f832bbc4f4720f0965984f893d210437951bd79dcfd3b917137b0b2e8f381e50d2a1bc2de37ca5555961 |
C:\Program Files\BlueStacks_nxt\resources\qtwebengine_resources_100p.pak
| MD5 | 8615f18dea34c152e8aeb8f4e01fd17b |
| SHA1 | 032b7bab09943cc5c8a380b0aba29652d5539153 |
| SHA256 | e7e2cd13fa9fbaa33c537e8eecfd542e4ce4a621bc0b94159ef9e6e4541652a6 |
| SHA512 | 2a68ba854d473883f20e1a26375fa39b689cd39d2e284a963b07f25fa3eb6865ff3d8fea2241af23ffc731b83e20ec5b8147486de0a507e83413f75d71eab248 |
C:\Program Files\BlueStacks_nxt\resources\qtwebengine_resources_200p.pak
| MD5 | de5e6a97c80d698256369b10255ce45d |
| SHA1 | 8d4b979a8c2ee33c2dbc01ed13a165b455a5fdfc |
| SHA256 | 669f9d3388438377c440419e5c62973362e33e84a5b247ddd0dd4568da75eb13 |
| SHA512 | 5609ca5053f581e636c0fe10def704f076c7acf5d958e235991fec32a2ddebd72b312f36a6648d2462766d1cb141f3df12d39df1a344e0dfb4a9e2946dcf1206 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\am.pak
| MD5 | 2a8ca8692a60fe8d33d51d99c9084a9d |
| SHA1 | 919d8adacce240fd394d6faf2aa41d2e5b8460ec |
| SHA256 | 73f0a7c7632313613814b3ccf5962962aff99de940e084e0b609ecbad1ec1d44 |
| SHA512 | 080e56cce041226592e7fa816fe8c5e362a1f172a8c671bda4092ff127f0cbe8238c40d41751099f6bac8f02c71faccc011df270b1c1bb8b772286ab95f5f1ea |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\bg.pak
| MD5 | 154217351d415b13dca71e28727902c4 |
| SHA1 | 096a1640b5e83a7b20afdfa7cfe2507b4128e0a5 |
| SHA256 | da4bb8513745180a0eb26228a315786a6bfb98d6594173491d25cdf9d59c5bcf |
| SHA512 | f1676a8b05c00588308c57b2290c00a6d844811e9ad4495ba94d62ae71a8c58d504ccd2697cfbf822fd5c2ce6423f76da8a901b4eae55095dc4b9667d9c2a8eb |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\bn.pak
| MD5 | 304432105fbe28b1625f0d7b6be3e7bf |
| SHA1 | 2d5474854bc0bca3f3ead1b9199d76ef533f0850 |
| SHA256 | ac282f17c5f25b55d368d06b305b89b614949d41c2a1377f1dd5aecb57d1ca8e |
| SHA512 | 8ab35cf2069f70a3a99dde98a7b7782821000abcefa97eaeb07b8a717d26a7b6c5461d5bcd39110b47db98aad9c56e463ca2707b7e6b71cda1092b8cf3a91ab8 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ar.pak
| MD5 | 143ffa8ca3ac0e6dca9a8b3e8ba3f3f5 |
| SHA1 | 6186940350b3fdd936f6ce41f3091bbca397e9a2 |
| SHA256 | 3f35466a80f4ca5a5167b2d3a3278e75afd90821206ac98801210a2117c913e2 |
| SHA512 | a12b5e3ae821e08aa76657cf84bd79def6f8fdb413e908b13944f6c2bc1aa9724193d0a9a0abd5dc0b87e0845d61b021d39024a5048443531dafa19de707944e |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ca.pak
| MD5 | a2c61a98fe7407ded9ece126c4c9d057 |
| SHA1 | c7d64d8bdc2fd9e7f1c62dff79e0e56e13f9cd69 |
| SHA256 | 4d583b753104ae98a1e5858bfe38dfa3195d477128441ca59c882d158d52ebf8 |
| SHA512 | 7522ee10397140b5eb45ec3d5cb32e9212a7d3cae8fbc377b270872aaf6c7077e7b13465f6005a85b5fdd4d2e86b1731c3366ddfb2e4bccae4ae2d1a178e0b1c |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\cs.pak
| MD5 | c0bb82986abc67281d8067e5f20625c7 |
| SHA1 | e7cc8888dd95d9edf226893f0e4c12e572bf6bf8 |
| SHA256 | 217718dd6d64f45da33db0629e6d56da8084ae0fd8123eafda909e662a5e5b50 |
| SHA512 | 80f4542345cc6e0d3589aeb76e0e5f19a824f2d3186d397c8fb71c1e9d6c056108df7f9a192a6515eb9ee43505b7844c0bf76b77596adcaa3c0ee783dd590ad9 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\de.pak
| MD5 | 01cc5b8a05a435482dc692baef032d3a |
| SHA1 | 229a4d1c9aea9111bb46895d096dfcaf488b8d4a |
| SHA256 | 53d5743a2606d6b553e8dbff871f2f1d3d53666baeb9ecca5b1ed624d48d5835 |
| SHA512 | 082654e8385811d4e0f35544c017704b0f13638f850947d76c9abe093333fdaf9d1d08c184bb8107d16b0eae6ebcbe0c522ed18138dcee30a71d9d75ea8c3488 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\da.pak
| MD5 | 5eba7377be8e34dd03db766300039ed2 |
| SHA1 | b3460fa050b93454b9e05586d86d7cf67881f557 |
| SHA256 | 94157ad608b35b29dd176a3106caa4613ed6d4c20268ce00ac4ccf13a9950f94 |
| SHA512 | 7d24210b60fe38b42fc6a4437ffb1e06333b7084025efe462b66e086cdee953254a1d6fec69ab3c8569118156f3a4a957aed5259e1432772ab46cf7905aa4385 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\el.pak
| MD5 | 26afc001a706679413f5deaa3c6603e4 |
| SHA1 | c9d780d930775cfc17cf9160712a2e90ca55106e |
| SHA256 | 4c2a3552e84fdd08852073d25c99727c4270160260d159572715c7d37e5861bc |
| SHA512 | 743380b99f6d55ad892296e8361b74cf90254403fef15de37c3e5fc302bae2991f5bb4ae21ba84bddc30da3b5b31fb4e741b0c524feede1656bcd2d531d76ea1 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\en-GB.pak
| MD5 | 06da37b66f4dbbe8c5ae1bd7e4addc99 |
| SHA1 | ac190bbb14b76d14143dcc088f460d1be2ba2886 |
| SHA256 | 60f87ec2b06329bdea7f835a61e9893fae147343f133caa2bfa5215797881ee0 |
| SHA512 | c436359e259c0a1cdc0dea1bb9ecd2bc22fe1124d76b9deac7e8c7751d97d66cbe61739aecef650908ed05363156fa11453490a9c9f23c74c683ac4e8c7c8c3e |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\en-US.pak
| MD5 | 1e958f35257ef1e2e5115d860602a593 |
| SHA1 | 688afb781ce3c4c9a55fee9696145260d2ce1400 |
| SHA256 | 4a65112f4d03cf38abf2ccff5e3fe8e161cb3e47d588b510504007c9bb876b37 |
| SHA512 | a996e8708f4e92794cf3eb6b7780d9ac8e567b1359aface4fd50d427630e4219678f4cdcd58764123ab6baf12a9c87a08b6ba5767fa8f6042a7319fb45b72a27 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\es.pak
| MD5 | 03265b1a7f6a996513067866d55f3bcb |
| SHA1 | 427eecd7810cf24c8758dc9beae18afc9d8969a0 |
| SHA256 | 516234550bfda93687b28c5cb3b7b5362212bf41b900d790ade52747bcf766da |
| SHA512 | d6ace0340666eaffe28f57fb070eb4504460bd47517cf3c0b9c07671a605ec017c4fb45a38fbb96b9c54887dcee639b41ef03b2fd85ed9a666af56dbb73023dc |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\es-419.pak
| MD5 | f21b0783d062082ee46aa573eff68df0 |
| SHA1 | 84f62d15eb68858245e56bef0cf317e273918044 |
| SHA256 | 859cb8ad8666e97a47f0e24df4ae85aad80002fbf842b4e68afd0a308d6597fe |
| SHA512 | d87e2d51cedba8ba4eba3b0fd390bfb32b25c5cda98a0d6465b5ae351dc745a67ac174c223e7def8b02c9f00729244026e895791add2611680579dfec4b7b07b |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\et.pak
| MD5 | 73e6f20f0c75a9beb72798167f8c6f91 |
| SHA1 | d01932a69626d23e8ce9e9bc240f6d99dd155fb4 |
| SHA256 | ff1b0d50f6f067b291199578b6a7757797bd7fdc6b0ac472c9361076bf9eadaf |
| SHA512 | 98966566211bba402352607a0622dca7f64ad4c056cec2b40cb70572cd1ce5ed92556490b4399a32ed1c04a14d80a3841fd1a758225120ee416c68e9314316db |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fa.pak
| MD5 | f913ea1db8c9c99bff701ceeaf8138f3 |
| SHA1 | 6bef3ff865b3a95dc1900ba3c94c5bf556c695a1 |
| SHA256 | b4e0d3f7cb858ce12b5a75a71ef14f2a36494cd4138181b29f6fb3d6bd386c4c |
| SHA512 | edca9b945c6dc90586f6d20e73316f620d5fff61f3ad4fd35c7e9064f55b1988cc77d372a97d100cbf572a2906cd193777a18ace98fabadea1604df42c8823a5 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fi.pak
| MD5 | f55358f58eb17b4bc6abb19592c1aba7 |
| SHA1 | 6dc1d99757bc5a447b9761a4a0c90a2be521c6b0 |
| SHA256 | cf3b9a857c63022d671f4cc335728c270935628f085ac9a17568a2529daeb4c1 |
| SHA512 | d7cb03ec31a3cd8c7f13e1bae1439fbba3b76636f1f254ba5376c5da82b9a98e93684fc3cab3bbe8a4c892ba42f17c0db1eec1531950e17932aee16007081aab |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fil.pak
| MD5 | f5257136ed900e1715979c9a96de292d |
| SHA1 | 217cbe02931f6466bdbdb27c85c876b851610b23 |
| SHA256 | 98a20cd0e9fae36f22de4a4db7b515532b4327e6d475d4e39ae93ea45b76cd90 |
| SHA512 | c38828d2736ba26ad0bff9976adc9d3910df7a417aad8cf6e3cf6383688a56ad2581cbda520403d44b010562b56d6107211385fc80988ac57e930199415ca654 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fr.pak
| MD5 | 75575474726cc8d98def90e0dbddcb0f |
| SHA1 | 3e62e3b73bab73597a01c3ece5871c64b142391f |
| SHA256 | d37509844342371b4026b720dc00f77ff88fe2e7c2b27861e3ca66b10e76ca94 |
| SHA512 | 37e8e5cc44ee4433b0206cd1baedb955947d0fdf172e69a28fb7bc09f2a57c4f27fb45c12a0a49753281cb2e2a92792b67d568f3cd4f90c9c87337249d031fc0 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\gu.pak
| MD5 | e245057bea15117bed15bc3ee2911d74 |
| SHA1 | c8e2d5f85a974fa989c0d0f64121d2836a13bb84 |
| SHA256 | 4ea64678c7c551c2b2088b9417bcc76218822f3213e9b8028d618864035b97a5 |
| SHA512 | a72a1c259332f279f976403034c9d2356a437a1677c0e20c243f23ac246a8ab65bf150a610867687eef48a0b7c87d23f0e357ef21bb1791386790243803ee70f |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\he.pak
| MD5 | 8c02d30c68c4abb4b1a7c2493d8fde51 |
| SHA1 | 2cbe2f537d59971296f2180d146d9c2905d2a76f |
| SHA256 | e37f0e2516799f320e4ac1a872d0ab7108c4f63d9ad33a17a4008923c7f93e9a |
| SHA512 | 9155cb07b6a23d7f73bf8f68af44ee3bc1e25c6ca643c2f8d64a808d3f78076e3ee60f68d3be9cfe3a6dcfbbfd4595e58c897cb4f8b92272e8ffb443cdf6f3a6 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\hu.pak
| MD5 | 3c70ba470c8503cae9407540d070f506 |
| SHA1 | 0b841228d28e8605c37df79f1a3714402d2b18df |
| SHA256 | 0770854f32f041df5ee0190164aa24a1ad06e199c79efd46f3ab65e12129023e |
| SHA512 | ded69524127431d1b6a68bcf85119079a57d3aae5c5be7fd8f215090ecc74570b899e8ec70d6cf74da49833d903f8ec2cbb06738a1c917efc5e19a44167183c1 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\hr.pak
| MD5 | a621446d9e94b0d47935bf3310c385b5 |
| SHA1 | 5cb954846bd2a2c477cb28b99545cd9bc0fbe990 |
| SHA256 | 93f7fbaf2c7e5f52187fc4a2b5726387e84decebd1efd8b922665bb831e5b842 |
| SHA512 | 80c5ddea81bf8d1721a2c6cf094cb2c99a10a9aa443193bb2942360de9783da75292eaa341711700281626cc0c8a8f9dc071bd8bb589444f764ea307c4b9de37 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\hi.pak
| MD5 | 61838bdf13a1d60545d15e9cc49866be |
| SHA1 | 64bec7fe42caf53f192b58e4e5b068e56d835cec |
| SHA256 | 9a399dd9dac62ea30d700f94e83dd79d54827eac8b9cbce0343ad2dc0f4809a1 |
| SHA512 | 7e9e0c3aabebd6f0c221918b6790d096824ee1c5f7338a21ac489952b8260b1e59be423005ce34bd5039cb38fa7c9197cf48b77974ed8f6b7ab2a2472e3daecf |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\id.pak
| MD5 | fc2cd7f4af1976579f6b0eae3ab2d874 |
| SHA1 | c4e434b9d0d95a505947c97d396b05c9a18f3983 |
| SHA256 | 48b670c94216623a0c81ad611cc3b47a47dc9368215e065fd02448b4ebf808ef |
| SHA512 | 9e355bcfcc31535755233cdd7a521b0bc68f897d85a22da658e3fe5bfa388ce8d8dfa7c01087ea04cd268d44d43862c5acf5b305e45b4572dcb25884e45a4535 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\it.pak
| MD5 | 56c13472d7efdb4466d5189af2d06ce6 |
| SHA1 | 84025c148e10e1885125893dd286d0f9e751e101 |
| SHA256 | 7114d3e0c7de30f25c789a1dcc7c50e85985b8ff35afce4600128e85318b4af4 |
| SHA512 | fa9b17d387585a281ef1582b8596cb61dc79658bf3b121f6fb6355bd6584c517d938e21d1a0b1be6491c01e5c15c2da666d9f77000a12a2da137c040046957f8 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ja.pak
| MD5 | 9705a8fcead214aa619f1be816135ea0 |
| SHA1 | f10d22cdbf5d7960aeaa13c98cf8f7de41034760 |
| SHA256 | c8db5560edd42f1a6acc4efd10865ce39c15dadd3b7dbdaaa28922e1f9c86320 |
| SHA512 | 6d82ae6023e48ef54d6903a13b6f07069fdd5c87aa0e7b1219c0797bf49cc789170b3677d572fb1b63feda138e624f71e7175022eb7928db0dd413cc8652c6af |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\kn.pak
| MD5 | 2e9a1e91aa149308dde43e0b357e1c8a |
| SHA1 | d657811a3b3dabe519fb7b5fad46977674234f51 |
| SHA256 | 2a0411a1368fd5f342581b00fb3b451f89ad593fa49f0f79fd9abd5ee0d5f5e1 |
| SHA512 | d7b612562fb04a89dac28f51e691f42af39cf61bbd2199c4f652a3096330a99084c0f410bf0c449403031b9a264769ba2932cdae8b0c49bcf92b5ae7a4e8fe9b |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ko.pak
| MD5 | 2a0bc83152bfbc0f365d3a85fd1e1832 |
| SHA1 | 9b972a8e823ff6f161ca2aadac11043b054b3146 |
| SHA256 | ae1cdf9a4cef3a86d3550f7501e5c650cc1e0924c9ab84900df702ea7e351f8f |
| SHA512 | 2c3ae97d3c78310cafe92620c0438dde4c624353cd682f3087c92050870d768e6f7071248e55d03232739a2dd94c7694975b0b329f1ffc6148221a18effa9088 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\lv.pak
| MD5 | 17b9ff8c299fff962e9b9bc0d5f2f15b |
| SHA1 | 6224d9bf81c4771033e14477da0a652336326036 |
| SHA256 | 7e4a42d3cc06b7c9cfebad08391de3a275ec129ac20d36ec90ac136ee88223f0 |
| SHA512 | 8bd3f102b933b94cd0da09e77c78369a156e2ac22f29888ac0c9db8d9d4e2a7e4eeac99942ae7a8785c6207a0277c374c1727712a932922c10646e3fec609963 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\lt.pak
| MD5 | 7769b6273b1519ea1a8ac9f059e78c93 |
| SHA1 | 6d8807f4af484041bac83d5d8873d639d5f07d0e |
| SHA256 | e88897c766d8746b9ad859123742dc84b4dc9e6bd05d10a9262b15055a67758a |
| SHA512 | 9c91942cb73bc0c2dfdd94a93759520d9a3ac7f6b43ac826d00d2ff46c6335ed87126024bfa955e9c9e744d437a832188d66ad238ae66378a23210b9d1e740ae |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ml.pak
| MD5 | df01088842b8c05568fce402a69bb595 |
| SHA1 | 4b97c244ee85efb9c35b69f65f64d9cfcb2d25aa |
| SHA256 | 9f1fe59eb3d0da8d36715d63da958b5773ced3967e04c5314b3d5aaad2f3c579 |
| SHA512 | b434a12884f7a1d417c02de2fd27955e6af2329d8d8d0db9781675a16396556b89e2f46dc951e070c4077073e126d492a5db7a077b7ac3b1f80fe4fab4d68125 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\nl.pak
| MD5 | 884f7faf0e79d04c6536506d6f95eab1 |
| SHA1 | 39334913aa447b35012a8d7100e7f91e805c7e9d |
| SHA256 | b4d9d873df0ab126f4a312755fde331d4d246519f1757f32087b36714ef4249f |
| SHA512 | 77a4379e148c7886950b92bdf8959c12c8695b7121be89142f4d4190cf32c43b8accb77f0c40718cd3c7e3ac0f90e99f3dcf5992140a5769821fc2adac988e18 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\nb.pak
| MD5 | 5c901b43287edab65f05464dbad3e301 |
| SHA1 | d76444677a7eeafdfe0bc27a0ff892f028144d67 |
| SHA256 | 0bdd86ed3444e7e5508dfe4ec483673c2744925accaa5529bff4037cd1b0c2ed |
| SHA512 | 46fbe41905a44fe034f3b0798459a2b5bfb4ac408bb90fb5f0f9e82c91407e4b6eddaa82173c0926784881acee514da71284ed02decb49d99cb235784d072da2 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ms.pak
| MD5 | 901240b9cb3a7a635c2d56d6ff1b3966 |
| SHA1 | c1fdd4ccf213bf1822696061d64930f47a017cdf |
| SHA256 | a750d091e4ca00bdc647ca36c2a22cf9199126c69607fc14f468f6b3b588e55e |
| SHA512 | 2b316bc8d5f27f6f90434fa61d270a28f5aef2b9808b1467697c5671aedcfd99d7cf99d72f11d05dee06e73949ab2b22627ea1e925ce8b1ec65b4cd43d03eca4 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\mr.pak
| MD5 | f40f6817a07049b8589310b7dba04534 |
| SHA1 | 93afea27adbd165aa1e3261cb67d5ab719ea02db |
| SHA256 | 5429e2696d32638253c4372cc427b3fa154d7c997dc13aab90411fdf98c8f6d3 |
| SHA512 | 450039cebfebd9b5dd012c2980587e78b64e777bb2ed7cebd1f3174b5e88f0a018cbd60af18ef3eaeeecf9729b420a0216a0b167867be4a2814744217bbf84e6 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ro.pak
| MD5 | 14ee5c1a362e753a5c44b11343430fdb |
| SHA1 | b87e4750d5319c5c695f1581feaacdd71abe0cda |
| SHA256 | ac3134a201073f6482a4cceb29a745104325ac76b7ad0d262ac7567584f450a1 |
| SHA512 | ed647aa3f3ccd5033e41c8cbb8f85d1bd0dbf783472668abb9a7e83ce5ce05706b9d67d5cfb4c28791414e77b5ea9ca5335189545ee79475d3f7cf58c1f12377 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ru.pak
| MD5 | 3d28ef9e25426b08409db5379cfd55e3 |
| SHA1 | 25fefc87d6233da5b287dbbf04a63c34cb9c5571 |
| SHA256 | b81a0b0175225dbdf35150dcc0c36154cfc042c1525df216d68034f0ae609057 |
| SHA512 | 210b8bf28519c1e1576dfaa76260ceb6fe5dc46d23a6c74f1eaba9e08abb310b34989f0e667b6839999f765cb9bb77d35636db63ba082d471c6b73819b357995 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sk.pak
| MD5 | b37b81799942fc174e05b6aac03ea4c3 |
| SHA1 | 788d6d10c82614465628f79bbe1f2346839a582e |
| SHA256 | 579a167528badf2a6feafbab487bd2314dd6107d0cc87df17a88ae325ef16319 |
| SHA512 | 31bb82eb4434665a1b22a21e3e91b48fb2fe78913aac18475f8f328f05fafb2e4bffdd1565b8f48c67061fbf760ad217300882b5871d1753255d969be2b49b44 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\pt-PT.pak
| MD5 | 0db54f0f25ec3a19dff541ba223bd5b4 |
| SHA1 | dc1f0c9b1c2578490af5923df179a92814c04904 |
| SHA256 | ff89da2b21c03475373f3839615c570d15b9929fa2cea991105915ef4e648d69 |
| SHA512 | 96060c6c548085f019f3f127c4250ae6620c2b4f206da9203db94a7d2146c945b5384a661494ad886ceb35cf3f45500302b01009e08b43e549e17ddc318bc48c |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\pt-BR.pak
| MD5 | 4792f1e39c6875d8aa5e911f16ed638d |
| SHA1 | c04ecb497096be4173f9aae3f0ae6accc8324156 |
| SHA256 | a39bf79dce50c0ef227c3f326728d12c7675a79ab5d4b891fc56913bcbe83e5e |
| SHA512 | 5fabf0e030f94c959eac797ae401f28b76ad63816e88d26e3875168978d7448317e3f86aa99b15c0ff266505c5dcb30124c796c6c46c0b90e09ce21b77324d69 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\pl.pak
| MD5 | 41ad390a8cc5fbd5b1f352e838b42ce1 |
| SHA1 | 9efa8f2e5a0312e83f737929765a86112a874272 |
| SHA256 | 979c4336b428df84e37a2a51a7c5f311ac33ef6e4edc309c138ab2866dd065c0 |
| SHA512 | 1beb3c66c5b4f9d128e8badcaa8b9dfa9908d74ea910c40a7cde8be3b9b704525e7ddf1e646013cfecf7c66585975b8a8e640b43b27771335bbaa90158f45d01 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sl.pak
| MD5 | 4138dc422fc6a5afb1a855ffe0caba32 |
| SHA1 | 8b23cb3c91167908e181eb0ce9d730ca5b3179e7 |
| SHA256 | 7904fb9153a65105690d76ebda6e9edef2852b868f6a8d2e989b2013d40ffc3b |
| SHA512 | a578919421c6458fd187d5985d721257cfb7bc3404f174dff413c211f29cb2d4552699fe10f0c01a651e224c1c7f3189706aaf71107187120a4260214881e531 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sr.pak
| MD5 | 97ef86fc3b66a0a3aa4e1be4555369f0 |
| SHA1 | bbe68527d0c4c9e6624920d548c0ab0c09dbac88 |
| SHA256 | d5a48e324fba0fe6ad0b08da12fa2f4b9279b6271d36710663b3462794a0c7fb |
| SHA512 | fd7802060a8891df3ad2df1252e0fe09f227c7ca81715917fe0020277d28788326d9798cb62acb8820f4701fb18627f78b6d22d9ee8ee402abcfeb4704718ef3 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ta.pak
| MD5 | 48554783d89587fe96d94cc1afb58248 |
| SHA1 | be0843e27225df82cbb27f017acb7bac27c92c5e |
| SHA256 | df0d976ad84bd0dc165f341ca9c5dfe7995a4f676c1c0a09d7a4716747e94896 |
| SHA512 | 2ec38646a550e86bd6634247de2a49be20e9f3c09820284da82f7aaa6ceabe32920c4395d3bcd728e3370f8342627a9a9f12b6a222de145213efe57239183784 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sw.pak
| MD5 | e99bc71c3caeae580ef7060155ddd0ff |
| SHA1 | d6986e1fe1dd6c110b05f44f84e956ecac188b97 |
| SHA256 | 4282f200af58345ac756dbf88d0b898d26750f5aa16b7d2557b4d31c0ec126c8 |
| SHA512 | 6bef16c9633387a3a0557cb644f152210d75157ac9b8ab1af6b94bdbdfb48b2511d0adc84d269ad16a439415ec46b78ff9a2e743bf72238cc5f25a4ce5bbd7f0 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sv.pak
| MD5 | f2bf46d97477489d80659d0be53d9d05 |
| SHA1 | a76378ec45dcdef0c596aebe8a4cf36dd3f9c01c |
| SHA256 | 196265eea8a2d8746953564b11d64dfc38acc9b17d3e38965f3ae1ba78841e32 |
| SHA512 | d65d27d04beacb20d3367af016ef55bea774c782475271e0a0573d2bff2912835d96a803c216ca5f43b56d142e6a77b41a67f35c5bc704c10f5e2aee5d6b7348 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\te.pak
| MD5 | 079fbd6adf806504199dd0b05c87c697 |
| SHA1 | 4fec8c3bae9b48f92e35b609fc3977eda5de2039 |
| SHA256 | ee2697e8850803f08bee80e461833bd9f4232532c3f569f56521b1320c99e5e2 |
| SHA512 | 722c6f3f6f61a8eea6965eae290e580a3263b894e07f7aac08fb6cca67e668db92a874728e32764ee0c10f5307b753d1589b8cae5c8a39edb29c7253591c017d |
C:\Windows\System32\storage.json
| MD5 | 75d803935059785011954267bdb0814c |
| SHA1 | 2e7c964d7f6d9abae2aee4bcfc2c3a64f9fb4b38 |
| SHA256 | 1245552f1e44239aa0dfdc7aa0af24ac1e588d66abaee3ad10ddcb82a229f2ef |
| SHA512 | 6bd607670a9f1702c193f672802678e790bbf3fa385043c08f5eeea7ea7598ee20cc8660f36711e1ecce7c29090b505a938b5b4ab23d1bddad7d94f2c22f39e7 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\th.pak
| MD5 | 433dbeabe2d4c70255f1685ece8fb97b |
| SHA1 | 966c16c364b4f3ae6ccb8c5019c0b6bca75b593e |
| SHA256 | dedb178d79730bb0282605f7bbc6e410b03ee7bdcee1a64c08d9e9c442f49942 |
| SHA512 | b5f3d434f71b62136647700e7d4c4e207bafeeb20cdb03019c6cd6580e61f88f596a4f2a0ca77b010f38b41a3eaf5df8e2a00e06764db17244083cb95703213c |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\vi.pak
| MD5 | 561050669f78bd04d0431de3eb98d160 |
| SHA1 | 028a78bbaabe19ac338648ac95a8b944254e8d3d |
| SHA256 | 922eb514cc20dbb44f41745c9e793756f8b46892504207e75de188be0aca6333 |
| SHA512 | 2df7ff472a616c9271da813a66c6bd98809d788c7dc752ff0f3f68423f245cadd6945a5424af740b17d14f4f6935a2f2bf030b369dc8a39fa6e968d7f2a1897d |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\zh-CN.pak
| MD5 | 54415acf2d54c65718c99ed78b4bf3e5 |
| SHA1 | 311937480b01256a1e50d0556df9b4f9f9a46424 |
| SHA256 | 3648945ec3205f590da62f76af957d8a4175890e6ddb5fd1103beeaf66728c7a |
| SHA512 | 4eba5d0f1be81e72699d8429252877096524b4e27fd7d8ac480ec13cb60a83f4b8288823299c1c4e210699278588662e578814b8061bd5b72b5179b956624fc9 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\uk.pak
| MD5 | e21f45d7685b75be483013e1e8dc8237 |
| SHA1 | 8f4cdd3dea580d7671117e9c49891212ab950686 |
| SHA256 | dd57df6e7b591b3bd6663743c52f4c5f3a7a24e90fd8045b03479707f25702b3 |
| SHA512 | b29d8c67a259e4221e9cbb082f41a1b008f665e18dac568c7ac75fd40ee1e1e00df8bcd65825fbac63d51b1bf555c5c3752b96a9c8a4a153cd325377a165a048 |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\tr.pak
| MD5 | 1a505f3f30511c2b05eb29ee0e0bff26 |
| SHA1 | 08d4002d32dc5ea8a9476495786f5d5c1bae7ea6 |
| SHA256 | 27627a61c6857b80b5eec4f6720b585f82b38271b7470c00a444735beee254e0 |
| SHA512 | d925f59cc9af4d55ad5daee42094ddf5d120eae816cddb56e906cd8da47039502f7608e9c4af77994ee7db585697fb26dbbd1c2e7c0bee4e3b194c9eee80eeff |
C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\zh-TW.pak
| MD5 | c709c2e92d4c0a1a2fd30f5350bed636 |
| SHA1 | 31c8463300bdfe0238f167451a1adffc4fa899a3 |
| SHA256 | 37a8707ce5a07b4363579e2d411a1c641913ed1e0377ae1e8cdf70146cee889e |
| SHA512 | 38f8da72ecbf73f10a8109ba51f162e77b0f567f7415fe2fa17a2bd7677d9562ff8bd5c136251f44c192c7618cdf72684dfe11070f478255828a5bcc5df8c01d |
C:\ProgramData\BlueStacks_nxt\Client\Assets\exit_close_click.png
| MD5 | b09525b48c0023f893d6b64d06add4b1 |
| SHA1 | 10ecd439ea04e02eefe17f6c110d0c0a78a1db21 |
| SHA256 | caa2a8fe9b282939a21b86f8f61fb0c9452222cc3409f06cbb0dcc45613aca8e |
| SHA512 | c6f5a7014c24133eb576708ca17d15becf2b45ec278b3f94e5275e47c78cf0f2eb8bb1a17d277d1a665039f38f2e25faf830e275f426b0a94c6a3da096b6204f |
C:\ProgramData\BlueStacks_nxt\Client\Assets\radio_selected_hover.png
| MD5 | 47ff3e4cc15b8c4a07e3ceb6cb619b62 |
| SHA1 | 0318e54c613b8ff00f54d843e90ef88310c1a96f |
| SHA256 | 4786cfb7c98edcf01d6b670abf19c50891d56a4de87b96a5e17be142b1af666a |
| SHA512 | 0212bd7f6cee390d3bc221a22189b75407fa660a0951c7f768645bf97e7b61ee86fa9b1de6f546ff1151560dcb3b071db8c14a7b08b0e771b539a817b31b154e |
C:\ProgramData\BlueStacks_nxt\Client\Assets\radio_unselected_hover.png
| MD5 | 22efccf38e15df945962ac85ac3aa3b7 |
| SHA1 | b94a8615dc92982e1637680446896080f97c2564 |
| SHA256 | 0ec39ed4bf89a341f1b5aea56d0e99ff5c923b9c3a6a81adeb9ff21764136f92 |
| SHA512 | 41a4dbb57abed1a16aa84c72c202da461ca45cbaf68f69a10cb3e5529e8dff659e89f7f4459d1e2e8f3549c6fd51f23fc8422f86667577ebed5ab5df149c79ee |
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ar-EG.txt
| MD5 | 7a7d65e41e785a7a848f0b021cc0c0d7 |
| SHA1 | 9d61357d9aaec43adb92b95dd63103c566aa2083 |
| SHA256 | e02e378326e351980325f9cbf4e27327ac03aabf85286e7636c99220da950806 |
| SHA512 | 8f67d2e4ef55abffdc1062997cab7a44cc81e42b16174d88dad41939992903b7a9ce9c7775db10835d30cf4aaecfac7c8d6f2cd1611f17e40d3c66ee0fb928cb |
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ar-IL.txt
| MD5 | 9fb07e066cc2f213a64d35a97a8c2922 |
| SHA1 | a70db989f5c562bc69caad89a1402c8ad7c9b80e |
| SHA256 | 65e7b0f37b5e2aa805ac8d57969804d803430186f34e9703ca9fa09ba908ef90 |
| SHA512 | 81680bff55b475a62a4bf29a8c219230b84894c1165f60e372209a5aacdba8e4819c3dfb76f3b55c15d472ababeabf0cd4b30c04e7daa26df63c8a5101970c3c |
C:\ProgramData\BlueStacks_nxt\Locales\i18n.de-DE.txt
| MD5 | a9ce4896a111f0ea2149e25ddfcf27aa |
| SHA1 | 5f242727905a3f30263793e3095fff8fe7a3a0f2 |
| SHA256 | 941d60fe4e4f1a66166e8fe75f885ab1086a4037a4627004e391d7493e3e8911 |
| SHA512 | 05d0f13214d60fc4533652f5b1dc161f3f14c8b194d74e45a34412f97267fd69b7b19f1f647f348ebfbbd2551c4060e36e746a6a79963db7e78cd95c92dc4d3e |
C:\ProgramData\BlueStacks_nxt\Locales\i18n.en-US.txt
| MD5 | 206562eed57e938afe21fc6942fa8e59 |
| SHA1 | 779e90fec866c0fd2f47da020651db71c89ec3dd |
| SHA256 | 27d611a71edf36307a7ed0651f6c5910292ac7e2b68074a7e33d306b3d93ec45 |
| SHA512 | 275c3192a7aee28fad31beb521cf5e7c66010e7562ce244ba9fc4de352f35b4ab63180ed12a56ea0b1458c185e076e2d07ba6d8797467177d3c5b2ac14371b26 |
C:\ProgramData\BlueStacks_nxt\Locales\i18n.es-ES.txt
| MD5 | 5f5cacda94bb2384f9d6bdece58ac526 |
| SHA1 | c10f095a312e623b79c42ab7ca3f48130b348d62 |
| SHA256 | 2b698fd5d6f4fd959c4a24b47b02c2e1a9f51a72a66cfab3ed72d8f667d221cd |
| SHA512 | 1ca9373b2eff0620d02249ab82fe46644f6452db36a2b61334cc258d2e9910200c33543f7794e0bdc69761f5b86aedacca0fe6491293ecd1df2992eaa5aaae99 |
C:\ProgramData\BlueStacks_nxt\Locales\i18n.fr-FR.txt
| MD5 | 6b1fc0b4e861692c83e8f36848e7faad |
| SHA1 | 79e064008b2c2bcc63146664cdf1a63f1d5ab58f |
| SHA256 | f5684f68c50b3f8f5c1ce0e1266e003f2099d3ae401c848b2cd30260a998feed |
| SHA512 | 0a15eded536ea683c4493af1f45f8bcfdc24ae69747386a6747dfb2bd3475f88f4d15d2ac77515eb5ce75b65870f2fe2337bdef0fae5758edd72684683a9180d |
C:\ProgramData\BlueStacks_nxt\Locales\i18n.id-ID.txt
| MD5 | 623b1aacfbaf85b09a4e0c180e9ef178 |
| SHA1 | e41bfa201d627d093bf446eb39fab268528e5e32 |
| SHA256 | ce6bf3cbca52a1ae369199ee190272f6842a45e64da9ab6cac8b48842aa099ca |
| SHA512 | 83b91c326561b725483fa703d7bfc66a3eafc55a25772bb22251bc88869a30bf11c2c5aeabd5a07da8fd7f2d2b93ab2ba47edaf025f8055f6ebf07df99f9b77e |
C:\ProgramData\BlueStacks_nxt\Locales\i18n.it-IT.txt
| MD5 | ea49ac9605d0ddbff07b0e19d6d34517 |
| SHA1 | c17fef2467a8973db193de95f7b66e6f511529d5 |
| SHA256 | 408c2ff8977fd6fba4ece99f547182394ab62d22401454344f48ea085707ebbf |
| SHA512 | e45a6d19a570f496a30eb2b39991a04743d491ff85b29390e52be2a5e146f7819c2197cd0b0357120a0c5ad9c792059584e6c4fe8f8098ecaf435aad6a44731f |
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ja-JP.txt
| MD5 | da7a6902f658d02dffe24e7b29ae25a8 |
| SHA1 | 2942cfd645e7de104aadb45d65976c073dd54a64 |
| SHA256 | 0c28d5d9178465b76fab0f5d736962095ecd333d7b2b1775c31becd38aded023 |
| SHA512 | 1079fc5da14e53157486609ec2faac6c88272c74c2acaa8a02f7cc698cd078f118bbdc9d979a40b183055dfd3104d1792d530b9bdeff4b1d1f12131a7f3253e4 |
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ko-KR.txt
| MD5 | 21af008aed42c6654b0a6eadd1fca98a |
| SHA1 | 9f1dd90654b10a1d56c0b7345de9226deafeac52 |
| SHA256 | 7f9e11fcb9567e432cacc5ec0b399fcbfedcdb0838f21ee84641cc4eb7794155 |
| SHA512 | da2bcca88b89caff19edfc38cae25fb8aaf1805dc80c28b0e1a51f5de64ce7b5c671bceb2ceb897969906fe80477e47efb9df7cd377d62f8aa3ae9ae1200d440 |
C:\ProgramData\BlueStacks_nxt\Locales\i18n.pl-PL.txt
| MD5 | 1d824987054f6109e386a2af3a2930ff |
| SHA1 | f0103827d00e343161463cbb436a751135ab7c68 |
| SHA256 | a5c2f911ae2e891f152d08203e8e99e78735f09de4b7421fc6cf343987b48e34 |
| SHA512 | df45abf4e8b24683eb3314478bfa9820caa83799e7d685473ec963bc9f07d72e763eab14a80aaaa7e1e44232223efb43cc6e9ec777c028516e7831694994d8f2 |
C:\ProgramData\BlueStacks_nxt\Locales\i18n.pt-BR.txt
| MD5 | 35c829fe17dd39d16ed9ed9d3c3a423f |
| SHA1 | e2f498fb2ebd74647eea70edbe29d49dec3856f0 |
| SHA256 | a3a3183e5f85ef1d84f386deab1052871fe8ee1cfba2800cd6443459e3609346 |
| SHA512 | 4a9db0e592d62cfec1ddf7fb1a67d2ed9338af50edce9582321d9ca798548cd65c53b810631cd862791c925cae2075a10f3183b02b5851cdb2cb2f54db229698 |
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ru-RU.txt
| MD5 | c14b9c7f08c0e2a57ccfee06a7c5a05d |
| SHA1 | c630e7233059006b1213807f8dfcb38295dde240 |
| SHA256 | b61b82dbc223e35f7451fb848978a79703b345c7a7728d60d59fb95171e11969 |
| SHA512 | 15e3fe85a248c065429cfb52b5fa3f454d2440ac39612452974c7fe1fc890316c57a2b6c4137de36b3642276aa6791345e1b41af6628e80c4e7a3c6247dff6d5 |
C:\ProgramData\BlueStacks_nxt\Locales\i18n.th-TH.txt
| MD5 | 19402422b374354b36b182df60197aba |
| SHA1 | 75b68c2f7f9ef4730f0fe738f9477c543feb46c8 |
| SHA256 | d1de34e55cdb1a8abf9ad3bdf0c875b8f14825ac25df5526da98ced87588aefb |
| SHA512 | c2f6991d15bc870a0998bfa74a939c66131f2d17485b3771e41fe876cee02050ece0c8a25cbca6720254ea8e25542fcab6ad569864a8443b5e3a0e266282490f |
C:\ProgramData\BlueStacks_nxt\Locales\i18n.tr-TR.txt
| MD5 | 3aeda0b485130bfc9dedff4b8fef1961 |
| SHA1 | ace8100a277ea0f8e06902d68c1c39061a44fb26 |
| SHA256 | 3c465dcb8fe7197b0862637548d7c383574965666dd8305f5eb617444e9acfc1 |
| SHA512 | 319cad94c82fd188103a0178a4aaa6433d57358a7fc99348522336fdc786946f2b08fd405fd104573d7aeab62248577a7ff6a27ad35cff50790d0eada45440f4 |
C:\ProgramData\BlueStacks_nxt\Locales\i18n.zh-CN.txt
| MD5 | 0d168bc28c89f0fd4bf3b7f2d9c65eda |
| SHA1 | 733690096aabff107a7b9a8d8a45c7a68aa9335c |
| SHA256 | 9a5032c277e2af24fc596e1d2f535dd8873530cdf055ef7b9a27b84a1e4bce88 |
| SHA512 | bb1e632e0c6aef6915ff178e9fb2b71173d1a3a00bfb294b59933e2d84f05642001d4201e42a2cbb7716cb4df039e4acc9ee24f91c784a48521039a2deedcdc1 |
C:\ProgramData\BlueStacks_nxt\Locales\i18n.vi-VN.txt
| MD5 | fcbbad664f3eb4d57764f73eb0765942 |
| SHA1 | cfb0601f07f12a78993d701168aa93109fa891c0 |
| SHA256 | 401a8d87d3057dc1b2dae6338c93ad8f5a5f7de628ea2d5fb94ab781f9d1a776 |
| SHA512 | aa077fa7ddf698ba5e619239025775ce81972af515d82d1211039e0c65e5a30524ced698dcc1b7a1e1c943992ab6ea8fd5d28dbdd5abf57ba0c246360e21f08d |
C:\ProgramData\BlueStacks_nxt\Locales\i18n.zh-TW.txt
| MD5 | 35dbabb7d08aae38d44bb326ccd10eea |
| SHA1 | 193c8df23ae63107227a1faa03658c91635af058 |
| SHA256 | c5ad750e534b3a1ef73e2b8b8aacdb5f591a72c366583f9ae1ca8138eae5979c |
| SHA512 | 75aa4b75b3a9d76d0306360c6dbb49b86a7ecf7c88d8f31f28918f5a93d623e578f8e5faeae95c11b82d17f161834f65970088fbd293a12fca9f9322b5fad3af |
memory/6348-16269-0x0000025C78710000-0x0000025C78740000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\olkqw5ar.yxf\BlueStacks-Installer_5.21.210.1023.log
| MD5 | 7a6aabfc1e8d705487884b679a8b229b |
| SHA1 | 671a651a273eff0ded530aeee3377fe6756ca10b |
| SHA256 | 4c430aaf80c27247987412c6463474594382eb38ac6f8615d1e7982608f4e8e1 |
| SHA512 | 04c8c4bd934e1c9e1aeed940fa880139661b0ea5f70d953d8d223a9523b1c242f3d50bfaeb07b5d02938ba074ef28ffc6ab55f0f37064b53f5ba3b5262ba9092 |
memory/9024-16308-0x0000000020E60000-0x0000000020E68000-memory.dmp
memory/9024-16309-0x0000000021AF0000-0x0000000021B12000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c39b3aa574c0c938c80eb263bb450311 |
| SHA1 | f4d11275b63f4f906be7a55ec6ca050c62c18c88 |
| SHA256 | 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c |
| SHA512 | eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2ae3b22f-f6ac-4f16-80ff-93465d2dc995.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dabfafd78687947a9de64dd5b776d25f |
| SHA1 | 16084c74980dbad713f9d332091985808b436dea |
| SHA256 | c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201 |
| SHA512 | dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e58b7f4309862c0f9aa7c037230457ee |
| SHA1 | 70a1d620f4f8da0951518e2de974c90aaa52ba27 |
| SHA256 | 47ed7f02f0be74b7b6674513168ef5b655f2000f7ef0300bda85934c6f4d930a |
| SHA512 | 33df30588ae551096eeb422afc53d8722e281751619652811ca25584e07ab47c33b623c9ceca469adf0794dd343f4e0f975c31daae3c0bee052854a4025cca6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ff91abcc5c22d6659f94cb15626f1dee |
| SHA1 | f0c14b60c839e81e40313eff37617795c628cfd0 |
| SHA256 | c9f82f79d866491831729dc6b2e1bcf338c45f1b6c069e68985d7458060b65c7 |
| SHA512 | d94e02d523dda14b29aff2c1bbf32b6cce7907788bcb9f35df7036a5003705402f8bbdc1fdc35a057be2f4bbfeb411fdace5439eb2114bf11090b8aeacd971da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 02ec94f753aa755570193940b289275d |
| SHA1 | 98279579da701ff9853d4533913f8b243e583450 |
| SHA256 | 8cce3f905298cc4771a9e13b280d1dcb00dffd212466a32cb8e155c96cd77259 |
| SHA512 | 77feec01c641e365f2bb31f6b14320f6537b539d70d12d165fa7887f6681f12c98989611aac3c369d2adec0e626083aa6cab3351ea7ae39bdc9ead3d4edf4653 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6f9f5fe38f3252bbc0f646af492ced5f |
| SHA1 | c1a7c81ff66743716bcc8c766c411defe0e0956f |
| SHA256 | a9ae622ef649fa265cd60dec68808f2b2aa67f3e8c320227f8fd577ad78f648c |
| SHA512 | 9d02daa6fb03e9a0fa5558705c9f6d9553aa52bd90441e0e0c82ad6474a4736ab7be3e8d8570af206c4a462a180d1b3f166b95d0686fde0cb843d44019e365ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0ba8feff210baa9a7ffbb9c946fe5eca |
| SHA1 | ef0338d4b4c5ced126316f773fb62a81e83bc45a |
| SHA256 | eee19a02e622b2d151bbe643d906a4613ae56323e7a4904aaf319d20e93a0367 |
| SHA512 | 67dd2e6de5c99cb9a6294ec5d01994be8723df91a573263a83a9992b4b73c201228cf9bb55a56c5dd0fcb318cb2e8282ab154034597a0fb20dc53df54aeb53ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a5e6b87e451aed45dfefb03225d8f487 |
| SHA1 | 355702c704e15aa75c0d3672a89d8370fca99f3d |
| SHA256 | b84c4b7dc4298636cde979f8a5d8d737870178dd6e4743b48e3a4dd98aec0b99 |
| SHA512 | ebb8798e0340c7176bf4917f07b1fa2e19fac03f0eff3d788b65d9836bd242ff55ff6046d97608c23d20538de3415798d0070a41f3e13e85d26f9459f987037e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 646da3b8fe5d6c35a06121851c6a13fc |
| SHA1 | ae81bb016bd4f985a461fb5366d24dd4134d7ba3 |
| SHA256 | 06a99f907d1a12e816aec9075058f842e308db1c0d3097e87b0612bbb561e492 |
| SHA512 | eb06963bbded48e32667afd429f5e0144be6e96e4ddd3a6f70cda220a5859683a94deb8f28b15a71636090f8b4f05cb88ffa035d0a3534eea4046ca9a071ebfb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 39efb3d40c4e79e930e0168c40e8a5b0 |
| SHA1 | 966d5002e72c348f0b667476b2084e0e870eb909 |
| SHA256 | 54bd273ab63440ad9b779a30b0fd32c9843698e1097697904ef279d24f3e33d7 |
| SHA512 | c72e594280a9bd25bedcd9362d70570c894bda22657967aba36f74928539f8e68c5f7367b4846d1599b428a8a0cf9e811cff44dcd00ad370951590089050839d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5e35a4.TMP
| MD5 | 036eeef9f1549ac57046e0801aec4d5e |
| SHA1 | 2a21f4e90014f420f428957494c4ab56d37257e2 |
| SHA256 | e96b33576a6961f8dee6661631fab79e3cabb944a36d8d193d92d026e8efc2c8 |
| SHA512 | 17973f65f01fe4a4816a3935585b1fbe1ead7a365067f3a44e4928ab3d8889dbb35df81656a01348b77f05b3af88480594ebb8c6d93db4371d106a71676efec2 |
C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\Network Persistent State
| MD5 | a891044762d6c41abd35475de75254e2 |
| SHA1 | 71dd7ed5631ccbb27f27e7dfdbe5c978385a5d7c |
| SHA256 | 4a35e649f1ceed4f7ec2218656bb1dc3be33f7071376a494f6fdbae5b9788d65 |
| SHA512 | 274c4e06cdaa7fa2fe1f646cd5cdf0505f71a3fdc6e626377781dbb8378474ef4123044e8da82b18ae40e26b836cf60e02a56c5adbae6e1a3b33201563f589d9 |
C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\Network Persistent State~RFe5e3873.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6b6c27d0e9a10beb294196d86bf159e2 |
| SHA1 | 3d3d4870d9856261bdf1fef7c1e68179935d122e |
| SHA256 | ef6117cc901f94c86262ba98c500c790a058a96f9b3d3dc4aeaa191bfc57595c |
| SHA512 | 4dc89a73c9626d314b50453516b5f430df3d56c6354d542613737aed3714c1039466de565e8e3db5b087946b547f0077ea4a7622c0d94d9f1157a595e8776c8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 12b56bfb14f4a5e384f55576c5a53bdb |
| SHA1 | 3d0642c8687ad4e7dcb7305beea214fff32d2977 |
| SHA256 | 1a8aa5c5ff07a8159bc5c0aed9a4499db3662e2ff24e5a4b613617566cbb9ee7 |
| SHA512 | 355a3f65bc8e222ff0cff1fbc5ade509300b4ec5c2e8cdbdc9efa5580697e2b51fcd2aae2cc63ba65d92928228c5ecb022c7dabd52f1b07758e094afb44d6f9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044
| MD5 | 92356d0513ca1b8d064a32ed5c03f331 |
| SHA1 | 9d115a0eef9a38663c9df6c8f3fae605edb37114 |
| SHA256 | 0033a94154e5b25943ce930a90d066f29c49e174e1feaf241d56c1be3514514a |
| SHA512 | 631d8da4b0df3143a2910ea82355718fb8c926600b3bdabaf19953f5209ec26df7710bb5cb64d420a40a635f93fdc90ae7c9e8b00f80bbeae4eaa9a620526013 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041
| MD5 | bb30ea3b46964f49ba85f475efd1fb6f |
| SHA1 | 1bb4aae7781af8b933e1dd4dee56879a3ef92d38 |
| SHA256 | 7a5bfdc2463dfde6b169ca4555ce9f5a0fb21c15c3ac807967590df27dd800e6 |
| SHA512 | bc52e8de4712d416aebf1d403d6ee8dcb6386a93dfc6727613af487f73de69db90913a9e9781660d8dec121d720ceec9c84b260c76f0f6f565ae80967eee7474 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a792000839d5cb32_0
| MD5 | ad8a4773bc2fbed0ff61289ffca10823 |
| SHA1 | 120da74983f6aacb64e9dd2f45ebd7bef61eb932 |
| SHA256 | fec341de3773924dc5db9f8a20949d4ca69a669ddb7ae2e3d25858025ea76a4c |
| SHA512 | 8d3f3725f5cf6f5ec90cb5c053f966e394893002c7d131307dbaa2970cb834b2c8a80fbb640578ffa0188c72a0b228b1f46d5c4ed4918b63d0c35b39592b05df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045
| MD5 | f0c0412e4f7e8ebf6e1c8738622abdf4 |
| SHA1 | 7e5433f4d55ff103426fde504031eea535b3d55d |
| SHA256 | a67bd5961e1d3fba115d8d04644accb4df135aefe880d03d7e66c404c85b47de |
| SHA512 | 5d228fe7f147e41b874a167942c017c130cccb61fa05f80cdab0911dd5e0185b8974c93ae9877c5d0beace13fb248bfdf717b29d450b12e08e2230c806232638 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a355a4f263d33d0e5ae012d13799b514 |
| SHA1 | a81c7f10eb2fe60d5882cb0010de0b315feaa388 |
| SHA256 | cb7ae4166131ba10e05055697241a9d8f8f77ac2049bb8ce7f3c80b27ba6f434 |
| SHA512 | dd55519e7724045e0bce1423d1fbfe2e89e041ea2da8a120b0d2857757cf375d3f63c798af5373f6a379c63be8fc9c74fbee5394b8ec7b67471be21ecbe068db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
| MD5 | 0818f2670acc2c745fb186c35a010006 |
| SHA1 | e6a27eaf2f057a0d89c50736fca6c111d826e957 |
| SHA256 | d710b83fe220f716d9bcb4c392312a814f3170c6c3c4af66b4bc6550d77a248c |
| SHA512 | a77baa7f81cb0701488dfcb5b45b1f19ecd2d5a20bd753fa096299884f83d7cfb348deb5c8db104e941d85733940ec427d67cf3b62c4323d71f6e57b26bdd57a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f
| MD5 | 7651b1187bb58ac4c7be625337b35e5b |
| SHA1 | 307d969ef4137a66fe2793737dc1c546587c7f43 |
| SHA256 | 0632850d01a46bc2f8c223155a4bf6c398b33596bb711e098440623f118c3968 |
| SHA512 | a81d2f768af155bdc642941404e7ddf95a2cea33c9374acb5fe32f6f5266e337fbef32f904551f61fcc9f9ab5a1c6a5ad130ab85b38bc2258e2f82c0ca1e9c7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e
| MD5 | f1c15fd1136f8a783409555b7adbe2f7 |
| SHA1 | 7a7815e80d9afdd02bf56e90e6fcfa7df0fffe38 |
| SHA256 | 43dcbab6a35044ac7fee05b7f776601b1cfae2c098763b9920561e975cd1ff4f |
| SHA512 | 5df3eff6abc3ec25e4543bbcb904d1e2ccee5ff2c7e627b1c02213825df5a45e342341cdf495093b237f298e0cc1bc07e2df04d2998313d356eb0a68ad83061a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029
| MD5 | 67e30bbc30fa4e58ef6c33781b4e835c |
| SHA1 | 18125beb2b3f1a747f39ed999ff0edd5a52980ee |
| SHA256 | 1572e2beb45d2de9d63a7e7fe03c307d175b2b232bad2e763623dceb747729ba |
| SHA512 | 271d4a65d25b0a5d2ff2fe8f3925fc165d9b4345893abfd919061d78ffc5ffe8890ded35e41274ad8b860f06264b027cfea6030ec9411a4e03bc6d7cb4d4d228 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
| MD5 | 82cbfe1dc0904f2e67c61e032d61de56 |
| SHA1 | 3a8f58a96da494298be0803e107cd7034e033dca |
| SHA256 | d2bb6213f4627c588add983a900aba2b2399032a5753c1ff6dd5992d6a17a651 |
| SHA512 | fda61c9b9d30e0617e28e2bcddeddca111ca5c1b0147fbb833386def4b26e2b90fc1ea1c65372fa0570d59f5f93ecdec845d1a83f2ce37df6f8f74559c5792c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
| MD5 | 2155f385101771026a23f3dc2808c97e |
| SHA1 | 550ba8b46e714011059de97b0f672f0349dcf8de |
| SHA256 | 4641db11da9224b6da70ab3719915060084de315ad9037ca51c566d7d161dcd1 |
| SHA512 | 653fa69902507e82f884910143a60305e2b3c6e4d7ef411273c4ca2a67cb144ef9a367963bdefb1f45e21af4193393bfcc16ea599289b6f45c923884b3fe39f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
| MD5 | 5eb4716679f65c82dcdfdf50628ff444 |
| SHA1 | b4d1f5f3e85a50f46e3af93f9fbfe1f4e5aadf83 |
| SHA256 | 2aa9c3692eff4ec6331be48602af2fc2f8c4dabf9d9ee4cf3e1c0d759a48e2ee |
| SHA512 | 5b68d7199f3919960f30b73a92c0c3e555ed0754108ef5cd74541468c21d5ea7db560025d60beaf4f4a32d79c828c36a1b7534fecfe1e3a0ea89152258119d46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033
| MD5 | ee6fbebf1a9aa793e43cc477afe313ea |
| SHA1 | f501f5ed93a9e44920c698ec48863caa2d2c9112 |
| SHA256 | 5a21d54dc3fe7ef406c6beaa92d780b962f83b8b300a52eac6f079fc36d4704f |
| SHA512 | b4ee701cd9d76dc0b9ba1a97e172a39a7668132b53d37875a4a5cba40ee5b0f2d65fa509b9ef484f3b37d83c1dff055f6e6e077b035db0c9b244155ce83ac999 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
| MD5 | 838001fd850e3d963a126142df710b62 |
| SHA1 | 093da7af84592dfc01ba37d7ad8f9e40e48a2f98 |
| SHA256 | 260178046bb6a7d0caca3332836aef02ead30597d4914c383949adf7c8d5990a |
| SHA512 | 54fc79478805eadc6febb6cb6ecf271bf83debf0136393ef2dbebb7416d3929647e8c7cd683b1b83a39afc78b610dca5641425b5c9504c8c62fa2bd6f6f1c536 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | 9a0519c01db2f7e389cdc1147539a854 |
| SHA1 | 3d0478924b460d5304895f44739aeeaa21172978 |
| SHA256 | a971bb910961a6ee61d1575178db36b5229364c2dc16a8cb5979afd0c1800a9f |
| SHA512 | 29a4c43a55908ebf4eecf9b48bdb66a214b5f37f8822bce69a564d12a266d992308f522a9ceadcf972750a77e44b0a3b423122eee35e1e79c7b2b18f17cbdc93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
| MD5 | a3e87450db1309155a4d830bb7095f1e |
| SHA1 | eeb9e7f2c991847c371ca6caa661ddf911fe6ad4 |
| SHA256 | 9d956815ed5d48df74721d374c7c22197fbe58d595e51104d8fdd35d280cadeb |
| SHA512 | 3b57e900cc9fcabdac2fae6aafa9d34f8d6c5e914c7ab7800c586c6f9f82f29a9896bc90a8bf900ce20747ba30fdfeaea9bbb577075a7b4a4c1d3848f7bfabd5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036
| MD5 | 307ad046892eaa2fbfb47c5a1c35d472 |
| SHA1 | e14a4fbfbddb85a6d8dbd88e741670698a1b4f99 |
| SHA256 | 0ce3258a5de63e8dfcb5fbbd834da1bb8cd0e2151d05a048c83838b4e837c623 |
| SHA512 | b3d07439d45ca302b71dd944fbf567ec1f3461e32212965aecf9d143aa9f7c0d458edd10be715ee20560aca2c6952ed0ba98b5e8ddc03529ad3c47e7c93ef3ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037
| MD5 | b20aa323cc40714a5c7f6c136ed7e6d5 |
| SHA1 | 338423d25893565290866c3f8f79bbfbc0b7f7df |
| SHA256 | 73189d896573869befb24659e53ca2cf9171d2600dc1ead051f59a9acbd18dae |
| SHA512 | 0ffd6b31ff5740064786ffe6a2be12834d621971df806def5b0684b757a9d994530078209a8ad222c780febde9172a7d451012ce9d171a30dd44c214878ca3f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000070
| MD5 | 0fe32905a6f02925bed2ca730ffa41d1 |
| SHA1 | 369bb0a2b5874ddecc59944ebc6e9cf812d5ee47 |
| SHA256 | da0f2459dad98fe0dfb710a56c85b845b4b124054f0fbd6f3f95d0f3e3b2951b |
| SHA512 | b9351d14c99af893771ef85d336f0fd7ce5d5abc2c4fcad4a861abbb498e66ff44a6d64053086fe7d178453bd06463f3eacb9059104e53335a19d1872b9dda8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\482e8abbef9c0889_0
| MD5 | 6af63d64672ea4259980215161aca9e2 |
| SHA1 | 5ad659ae72d0d8bf443ee8847e717e245fdf0637 |
| SHA256 | fa094b1f399cd8d1b9e7b9c09994618eb54b567a2023fa3d32efb47079a459f7 |
| SHA512 | bb0eba1b1ed965105671ffd0d99f6e4b0bb4da52fa7275950dd5ec628f84db4d353c8cf3f87587e5f1964e37ba71cce4cedd01354cce016c829d5ba39983b2d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5716962567dc0ffeafe878d4a169aa3b |
| SHA1 | fed013962cc9d6ec35f1930681c4ea88ac7a8846 |
| SHA256 | 8fefeeb3f8333922334f44e9bd705a128c06eb27822376fb51d18c2dc3ec4eb9 |
| SHA512 | 71b9a59ead3f45597318eba8e693df09e8216a525beb5ead3fc7556f69a99893764cb7299bfafce9fc49f1b0156e2c28065341426fbd4c357b277f771cb33625 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d
| MD5 | 9c6b5ce6b3452e98573e6409c34dd73c |
| SHA1 | de607fadef62e36945a409a838eb8fc36d819b42 |
| SHA256 | cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc |
| SHA512 | 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
| MD5 | bd17d16b6e95e4eb8911300c70d546f7 |
| SHA1 | 847036a00e4e390b67f5c22bf7b531179be344d7 |
| SHA256 | 9f9613a0569536593e3e2f944d220ce9c0f3b5cab393b2785a12d2354227c352 |
| SHA512 | f9647d2d7452ce30cf100aeb753e32203a18a1aaef7b45a4bc558397b2a38f63bfcfe174e26300317b7df176155ae4ebaee6bdf0d4289061860eff68236fe1bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
| MD5 | 19c73397068ded824edd2c5b13d0a9da |
| SHA1 | 7f0f149b66309aaba41974d524ca69390a34e4f2 |
| SHA256 | 8c93e33fb098c30a82d774c6a9db9aa92ea0e34586e907ed7d9d2935582c6100 |
| SHA512 | 8795cd26570fe65181d49676dd9cc9a8012bc22c3e505ac8ed8c1bea68ac7db7f77d6bade360a403a8d79cc4126ac18c2c10e3b83a163e3b42f2e3f60c32426e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b
| MD5 | 342e152ce9d9ef895fce298a61a52570 |
| SHA1 | c2cadef1ca66600d5c2c6dcbee3355bbf901a591 |
| SHA256 | baa20b7c5a3388f6da66e839b2b187662d3ffc570704a0b9382cfd0874922394 |
| SHA512 | 10196f93f2d8fcf8e7a7ff6e9706e42be64c075833331cb48d938fd1be321e8c4f926a9c888add217540380773ca2c4b269230227af8fe945344ceb6b26e40f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9027fca72bd71e4c629f69175ea02fb8 |
| SHA1 | 35734d8b9a30d5ceac8cbdc4c70a4c67161df98d |
| SHA256 | 6c4c5385eec221b5766d2deed415cfe8debee502e557e972de65ac665ba0f370 |
| SHA512 | 990f924b2b37c0af9f18340b2b9bf2cbcad87a26cbd16a92db5f4ce30e44e5bb62fd3742bb2896da6cf9dc1cfe8df88d5a0e44fc3a5071de1c8249bba5516c9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039
| MD5 | f07644c10cde3060251549eca564d8ce |
| SHA1 | af233fc2b0760f64e69712bd3023598fdc056eb6 |
| SHA256 | 1beb7b61002cf98df998dc41fd5bceb01860b9c037b6ee9a514da33fa021c331 |
| SHA512 | 4186c3db281b5a189b1a9ed9f6d98a7fb269421136bf9455f1bc0de8721a3e885b1a3b7b7efa2cd1383ebebce29e1a9a9de3ee704849ea91ca871a7f8c5752a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038
| MD5 | df5c56e27aa0a43a1e52b2e4e80c4168 |
| SHA1 | acb27e9213a390809051f65ffa703610805c7595 |
| SHA256 | ebcef7f379749a4058db5e7242e9d6e40a79f3b31682e2d8c675e4d184c73858 |
| SHA512 | f282bd310b7812e4b409286be506c088fa531178c8183f0636fd17f2f47558d26048a59f8c0268843c34c1826c0b25cf94b3e01024c4633122069deaf1cb2f91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a
| MD5 | a1559e8d71bf51de6e306d29ea76b7cf |
| SHA1 | 743bdf8b2d7fb59662889c8677ef055979541053 |
| SHA256 | b3af0d713c18db7984a473c031ae6a1476ef99bffa776641103f088eb5f1081f |
| SHA512 | 1316105ec8573c201b58aafaf128fe05e70bcf41e93fe701ee4569546e42ec978d4e09232034992263229e9637bca7f56e4d77e3571820a84bb159b7bed00c05 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
| MD5 | b6bccb44eee52c305e15fc4ffd07f25c |
| SHA1 | 42253c60ddfbd6a2042c67ab33669d8f71ca53f7 |
| SHA256 | f6600fa5a55813db44f67fca9454794b9cad4350e3df34046d8f26fcfdc71558 |
| SHA512 | c9e1b9c1c2357f7624e78af8c27631c02fd67a2f744126d6a5f1cada9cb74f2020eb633cbb81897736af1f1b676b26fd2174eea9ee1526e9971d4255d2257213 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d
| MD5 | f3172194a6bc6bbff79f4dde01a6b8f7 |
| SHA1 | c82a57c12fdb25bc5dd1902c1a113682f9107e41 |
| SHA256 | dcf34acfc61240a4f2012d872f02fe7f04a758f803ff0b2c0f21dcf2ea9eeebf |
| SHA512 | 92863931612946aaed04cda16d62b75ad894479c122daac6280a3977a13ee706ef36bab645a338bc59b79405f944e4a12459833e6c8ecaabb1146d492516fb5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\deb5a2dee70390a8_0
| MD5 | b5d7a9709760f1fa1bea24ecae77ee9a |
| SHA1 | f52afbbbc3d70e83359c7fc0c4a848b3d43c722a |
| SHA256 | eab4c8921d9e179625e311ba73001e73be924e2a8806841a004ac1b8cd3f02c2 |
| SHA512 | 6fae35eee04f890d6c3dc04fd268318e186393cfe7269f010b367ffea9d94c3c5ee07a65a89cc0f2d82d27cf441445a79ebb9aee85e8e465534d773f08378574 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4463dc7bd4efd6a1_0
| MD5 | ac1c53f2cec3db4b4f9e117774d4a57b |
| SHA1 | 11ee8c4f28c0fd9fa8d0274b14ba1defac7a2d1b |
| SHA256 | f031f75ee8109e813cbed1cad461d25f4d06362aca681599b40d99416ab81c27 |
| SHA512 | fed227211f0ca08a71947bdcee5fb44d329a672dbcf88cda1513a3ba86b81674962848c3fd2355af3aade88df3e6d65cf5e275e9da28623228f784759648b993 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d3c796ab9ae53b81728f19c61c036f5f |
| SHA1 | 9306181dc9ba3bc216bf869effd1a2a192cbe33e |
| SHA256 | 8978c10e3a5b1d719f382a970918a646c9721b5d0a7fdb1c59c677ed0c1ad24c |
| SHA512 | d179b549cb0fb1d179cff7820d9ad19850cbec9beee83926fa4fb8bb674ea9b12be90b179277446edc1978199eb77b337b100f659c65937f90fe6d746310e272 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\064e14d50e6d9fdb_0
| MD5 | 148456e44a7aeee105a2a3965ed58b12 |
| SHA1 | 47057a84a1249bd399a1b7193d9138506a25829a |
| SHA256 | 54e8c9f0ca4970e38a30107724cc163c050460f38408094cc253e9785687e8b3 |
| SHA512 | 3c7c083e86ca3bf0afa42274137342ae0ce6729a550681a6c1af1cf545d865e31b0d6c66df13d42584147ba3463f5d16b2ee7171537dbeb155f43555a38fa6aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47c0459738d82233_0
| MD5 | ddc2e03c8c8ba4165f822d40f67c5b0f |
| SHA1 | e4b496907852d741ef0479e606ddb1ea9220c860 |
| SHA256 | d1865d3a23e29194fe2d5824cdb404f63b21e376c0d4241ce190dc123810fa95 |
| SHA512 | df117390796a6cebbfb944623e9ab06a2d2771799fbe8e8d43eba20e2c882ed81f0ff2b5d37fec90f89aa172f45800e7d95492b56bb6c3d27b03b425fe1e491d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b
| MD5 | 42d9fcc7172456834d9e05605cfb999f |
| SHA1 | d1df0982a953011482b7cc5e97803a5fae290ba7 |
| SHA256 | 5029f1471e648ecdf5518199b5d7a6fdcf2dab7b9ba8367331b0836de3064575 |
| SHA512 | 5fc471dfd6cf0516739b40db211b4f1e0d3e27e7b53eb1e0c8d34f7ddf5d09ff520bd4c3b7baca993857fd462f184621391fed363a548bc7b50eee3b7ef6ade8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c
| MD5 | 60140bc834da90837a9a4d1530484677 |
| SHA1 | d99868b0693b332681b4db7927f3f11b3ed37607 |
| SHA256 | 29c0ba2fb11f5bbedff938e0d0a97da59f725cd153bc0c04f052419e779f134e |
| SHA512 | 448ddc49ab5128dfc0dc91ebe388d447e748848cd2f7dc15fe1fd0380a5436cc9872c32606d9d161d3648b20bff5eda0e48e8fb77c9293f3c0924ae89589eb37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 94cb6c521d017e5d3cfa568dbfe1169f |
| SHA1 | 2efb3c3f4fc6db10c6696ac3184cc45383da25f8 |
| SHA256 | aa27209d1aeea03ed1e8ffc192cb76998916bf015c5a0583d55cd15309c2bbf6 |
| SHA512 | 5f13ad4bf2e4784f4a0a4f6adddc6e4ae4d88474ce8505a13e628df83042057f4c0bfe6d3a358a5e959b9c82cb37314d20d8e321e1bc1400aa8a0eb09890c018 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a6
| MD5 | 5bb6fbaf0c60d8484054db863ddace24 |
| SHA1 | 9f2a1ea4f12ad8597a87ffbcac09ca169af93189 |
| SHA256 | f52acb3f9a347bfe5cdc32bb2512e2fa49e6609c99b4646e002d487012203a55 |
| SHA512 | ab2c63d85ed6dbebdb494762eb40e8f8bcd782e7b7061e2be4c84ce6ff14a4bfdac938148e0c4ed92f2e79e667128c1b1d5325becb562baca9776da02f037a90 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000bf
| MD5 | e11c810c086df83c0876dd59ed32ebcb |
| SHA1 | b89fe2ed6d016f81af13b35797ad2b0e2e5c6822 |
| SHA256 | acc5497e76f832d950d14fcfa047dc3c864f7a0aae4c7a20521c0c655a53033b |
| SHA512 | db93e7e4818b40c7b16c241441a5bbfcd335121a89a737611aca4e5bd1f22a7d8fd9a1e79e0d0a7701a497cf6bbc238a7417d5dac3480d20d4742b9b9717a15c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c0
| MD5 | 965bbfea8a5db5aea3a63da8c5b3d570 |
| SHA1 | ce645f4adf18c4ff26251610878969c9562de69f |
| SHA256 | 92a7f8224a1ba2ccfa92d3e1fc55ee5aa7ae20a0fcd80d3331bd660878a090f5 |
| SHA512 | 17bdb764f190f97907462b8d0526474e0ba903a07a3fa3e71968115cc5e2d9e1629979398c6b6e664580b8f294d62f855f8bbf5f3fcccf3a40d90521e15b186e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5473c2a35572769d8951a7f4c0e9d3dd |
| SHA1 | 55090b0854301146d98f1202e7209bfe1c9419a5 |
| SHA256 | 84f0de204c8b76ab7fd93278d706a7eee74b7168a840c66c758e24d95e4b7dd9 |
| SHA512 | 1aff1a945ebafdc95c762ed850dc29dcb909bb1efba70f9c3f83232e011ba6072c7b3b50f513eab663c9b3b2d91f8bcf8e26e25d9f9919b57b742f585ad3fb2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f78a5dd4e2a0e1a02394e8bb6c6dc099 |
| SHA1 | a1b000dc3adbfed67011ee715e18a32efd006ca0 |
| SHA256 | 275b8f110702b207ff1c0285cb2726c1f75656e322f08a373b0336fa06140c21 |
| SHA512 | 8c3cebc7633b877d57fa6f371ddd7e6df2a8baa3acd77b86aeed2efb884675f7f3ef5bd647b127d0a550bb16f28a48ce6b66862537398c6c2f2c56bf91ce2f01 |
C:\Users\Admin\Downloads\6951e794-7c7b-478a-876a-9ad15fce92c9.tmp
| MD5 | 86fca06e090f8017dd323ccc516a7ed9 |
| SHA1 | 720fd4f4d0ac09308d19d229c8fbfde71313ce7d |
| SHA256 | 5516ce5826c34dc1d89b1373f09a5eb490cf1dab55f98da02bdc53a73b772874 |
| SHA512 | 05f6ea47c48a2da3304a2d14a741403200ccf47e1f1b7155a2eba3fe694e4f42b8a327010fbc20b720ba06e4f84ee96b39d885989ae7cd20cc459261cd02b34b |
memory/5952-18141-0x00000152A79A0000-0x00000152A79A1000-memory.dmp
memory/5952-18140-0x00000152A79A0000-0x00000152A79A1000-memory.dmp
memory/5952-18142-0x00000152A79A0000-0x00000152A79A1000-memory.dmp
memory/5952-18152-0x00000152A79A0000-0x00000152A79A1000-memory.dmp
memory/5952-18151-0x00000152A79A0000-0x00000152A79A1000-memory.dmp
memory/5952-18150-0x00000152A79A0000-0x00000152A79A1000-memory.dmp
memory/5952-18149-0x00000152A79A0000-0x00000152A79A1000-memory.dmp
memory/5952-18148-0x00000152A79A0000-0x00000152A79A1000-memory.dmp
memory/5952-18147-0x00000152A79A0000-0x00000152A79A1000-memory.dmp
memory/5952-18146-0x00000152A79A0000-0x00000152A79A1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 950378e7dd593ff310cc3efa71107376 |
| SHA1 | 0b0a9af42cadf66f08a24c6895d7f8480136d24a |
| SHA256 | 9701996989c276b477fa573272d3ccfb79906812df16f1117cabfccb60fb0208 |
| SHA512 | 97d959d295c16dfb3111048ca24ea2f84ed62c2f3ae3131d07b1eaa8685de3c287adce1ec73ff3f49e095e487e589a09285c64f15dc32e5bc845f85b2d1bbf11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 00bb1fdd9cd02c769be39443ac169ab6 |
| SHA1 | 12f270775dbbe03290b195ae40d9b5b96a064368 |
| SHA256 | 0d373e4b98bc78578c47fcceb0b221d630594097c89b63b3d1889caecdbefe40 |
| SHA512 | bf5579f198b0e0bfa0be8008aaaca146b980ac21c32e32bf0504813dd72f378855482e79293d22f5ace91524c735bae2ce793a083c549f7eba830c2e5efa177a |
C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll
| MD5 | d9cb0b4a66458d85470ccf9b3575c0e7 |
| SHA1 | 1572092be5489725cffbabe2f59eba094ee1d8a1 |
| SHA256 | 6ab3fdc4038a86124e6d698620acba3abf9e854702490e245c840c096ee41d05 |
| SHA512 | 94937e77da89181903a260eac5120e8db165f2a3493086523bc5abbe87c4a9da39af3ba1874e3407c52df6ffda29e4947062ba6abe9f05b85c42379c4be2e5e6 |
memory/8872-18218-0x0000000006320000-0x0000000006336000-memory.dmp
memory/8872-18219-0x0000000073580000-0x0000000073596000-memory.dmp
memory/8872-18221-0x0000000008CC0000-0x0000000009264000-memory.dmp
memory/8872-18222-0x00000000087B0000-0x0000000008842000-memory.dmp
memory/8872-18224-0x0000000009C30000-0x0000000009C74000-memory.dmp
memory/8872-18225-0x0000000009D10000-0x0000000009DAC000-memory.dmp
memory/8872-18226-0x0000000009DB0000-0x0000000009E16000-memory.dmp
memory/8872-18228-0x000000000A350000-0x000000000A87C000-memory.dmp
memory/8872-18229-0x000000000AF00000-0x000000000AF0A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d448cb86247432474373f95106369366 |
| SHA1 | 1a349602280263941b904f3887a763a69d83eedd |
| SHA256 | 923eddc2cffba1bb4a09dfb80e5016187d4db1977e367c233a61b76a2276b323 |
| SHA512 | 90ba46c4369f1ef9e7e745384ba8b66b716d8ebe2c4bebb1eb795b72824d1d13689edae022575e537f24f235a8a9207cd42d4e818ca064bbdf396dbf569089f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1043972af59430752a71e34fd23fa749 |
| SHA1 | e9665ccd8dd751bc33aa871fed2a48e417959adc |
| SHA256 | 45d5e4b8f335d32be28b1caf201eb215e847037617f3f9507e36818186044ab1 |
| SHA512 | 6d4b3309772d33b66284b11da56ef0a931dfbc87dfe8b17244f3e3773eada36896edf090f29cab1f4c185192f62345d52288080bf676415a0dad9331e812c337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 77d9abfbf8a97499b3c08f3b2101b35a |
| SHA1 | 0e3f4d3175ca4db84badf1b4d14b3b4b6951c620 |
| SHA256 | 28da80b24bcea05e32acf1666cde866cfd843df9bd01b0cc0549f6eea3be08dc |
| SHA512 | 154295401f5567e3d8b172cdb70492a843e724cea54937bc6e0df0adb9e4097e072eae0863832ee8427eab2411880fd9d951e5185786e17544c680c3ad1eb234 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c5634dff5705133db7e113f76ab5b072 |
| SHA1 | d5b9d0d82131dd91ac10d536bb569f3746435243 |
| SHA256 | 51a89338fb578abc0607cdc20d517a37b3b4bef0348aefc68042da5863cc7171 |
| SHA512 | beb795ae57eae7a5814a04bbab655c7b00f559d1b4017c95c4f92452a30fb33d4b1d59d539c01e3416ef8514a279f41995c8d0394bff806d9fc8b516b7d0506d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 69121b8b5a76149d51509ee2dfc601de |
| SHA1 | 756285a94d3cf2d8716cd1c612b69a91c30d0090 |
| SHA256 | b9b81cc75e9dcaa771b6197e3c02890a422b7535b3e6919aa014df65f309fd78 |
| SHA512 | 99f2de91f0a6cd2bbee09d2e63b91a9f4ec4000dcbcf61b28c2f2eeb856aeccc763134be16d4916c64aba3bb3e125076ffc0ad210c5b19912d2dc896c6a095d7 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | b07955ca519a30b3d90c6cfb3f7448ff |
| SHA1 | 410c270cf7b147ce053b4da228da3d3f576ae0f4 |
| SHA256 | 289968aa58bf9ecf18ebc88f4ecd82328be0821925b71932cea47e9b80edae6b |
| SHA512 | c8779d840fd858a8debfd776790a427b370b98a2bb33b3d92296ee32d854aa0cc29e47f70ea179332db72067477d81176d052bfa25f1435772a3d8fa7c60bf33 |
memory/8444-18582-0x00000204E2020000-0x00000204E2028000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d891071f6e5f74335f64ae8a479db7fd |
| SHA1 | 50f42eb92e2c3a443abb8c97f4e3b799d58ce6b0 |
| SHA256 | d4027407de64f0529b9d8735f28480ef1c3188c87314786be3de0e1f01e43ee3 |
| SHA512 | 0d485812836fc4ca7c1960e7e9aed6b92e5397df0ef29878f32ad81b764fde91da144eee34ec872ba06aeadbeb55ae08016b464dfef684f6d622202609274fdd |
C:\Users\Admin\AppData\Local\Temp\2q2s0jj5.exe
| MD5 | bb678446f3d470dda9cf8c70e3ba7b55 |
| SHA1 | b32ecf8db398c8cebc671fb29bee73fb5bc3058d |
| SHA256 | 6693037b6c8bde559e96dc3e736187b40ffd14d58758b293a1761454490db9f3 |
| SHA512 | 2a3195782259e48e2b202a8ce06897d189a8c7084f68395faa87f7b33bf7108a8ae3d3abb179814f25573486e251c4a7875d9c18415074ff63ad7b54845d65ee |
memory/6280-18714-0x00000253B68B0000-0x00000253B69C0000-memory.dmp
memory/6280-18715-0x00000253D0D90000-0x00000253D0DD2000-memory.dmp
memory/6280-18716-0x00000253B8660000-0x00000253B8690000-memory.dmp
memory/6280-18717-0x00000253D0E20000-0x00000253D0E5A000-memory.dmp
memory/6280-18718-0x00000253D0E90000-0x00000253D0EBA000-memory.dmp
memory/6280-18721-0x00000253D1550000-0x00000253D15A8000-memory.dmp
C:\Program Files\ReasonLabs\EPP\Uninstall.exe
| MD5 | 8157d03d4cd74d7df9f49555a04f4272 |
| SHA1 | eae3dad1a3794c884fae0d92b101f55393153f4e |
| SHA256 | cdf775b4d83864b071dbcfeed6d5da930a9f065919d195bb801b6ffaf9645b74 |
| SHA512 | 64a764068810a49a8d3191bc534cd6d7031e636ae306d2204af478b35d102012d8c7e502ed31af88280689012dc8e6afd3f7b2a1fe1e25da6142388713b67fa7 |
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
| MD5 | cc7167823d2d6d25e121fc437ae6a596 |
| SHA1 | 559c334cd3986879947653b7b37e139e0c3c6262 |
| SHA256 | 6138d9ea038014b293dac1c8fde8c0d051c0435c72cd6e7df08b2f095b27d916 |
| SHA512 | d4945c528e4687af03b40c27f29b3cbf1a8d1daf0ee7de10cd0cb19288b7bc47fae979e1462b3fa03692bf67da51ab6fa562eb0e30b73e55828f3735bbfffa48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
| MD5 | 04dd9b1f3f81fd2e3e6f401f44c64c80 |
| SHA1 | 1ffc0e8800ff70dc9225e26a8065ef740c5e923c |
| SHA256 | b3693e256e4ba3b9ae56110961646f4764ae29369ded175aa3ebe88d54e2ba95 |
| SHA512 | 2b5ba57eb96c9e19f84f74ff8b8fb10a6afc33a1523b520b0e1ac817c05f03705776bf36242901f54292f9961afd745101fc22604c0f8b8eae2a6384403491a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cf
| MD5 | 2fa413749c8fc80fd915111a499ea6b0 |
| SHA1 | cf9dacf2451cfa462d573c454c24b9b209b31faa |
| SHA256 | 411ccb79eca67e7f61ee68ff2d0160771ed049590c35a747d2e6341eae05099b |
| SHA512 | e4de0203a3680d9d694b76379e5c82549739ff51bf783624ac73bf4b622c69d08c0473de7f7d85a33c80354bc507d5ddc87cc8b0643e22cc661c4537711a705b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cd
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d0
| MD5 | 74e33b4b54f4d1f3da06ab47c5936a13 |
| SHA1 | 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c |
| SHA256 | 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287 |
| SHA512 | 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d1
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cc
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ce
| MD5 | 2c5d4af27f0e230c62198ade697d92d9 |
| SHA1 | 325d8f28b44c70726baa862fbb4ede8180589eb8 |
| SHA256 | ec6a2d5277ff4de593b08873db1cd9d5b87793e1d6c7d579842255f29285f978 |
| SHA512 | ec8b16f9020211bebeab1a4cd10df2735525586859e6bebcb34144012d4c64b3985e291a4a142bb9d18b7fa7a0d3f2d3b0fcbfb2935c8454afc134ce987d3562 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d2
| MD5 | 57b0be737bcc15c1db1fe1930d6c4616 |
| SHA1 | d917e5c80c307ea8e77f0ff33fc0550ee939f471 |
| SHA256 | 3f333be09c028ccb2b4d6a6a994f6f55000c220aa164000b8257084693cdc5f9 |
| SHA512 | 5100834421de2327292e0f84a6494796e67d4894507299c48b1585d8fbdef2ea0e30e1cd866d9992aab3ba0fb5dc6eeb20f3543841b194ea3ef23d2f69afaa4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f65121c00d90c8515a93f3430cfa88ee |
| SHA1 | 1dfbfa1acbee10aa3395678db28e45cb1cb40542 |
| SHA256 | 98b0588ba9035d72d2de370a116bed202b2b7e96025d59fa25f3313c0fc8d392 |
| SHA512 | f9e8b6a7bf1cb4d74d576b2a0520dc8bbc6d4b7d25f0c7d2dbce48db9f059f0ce49a693f9929fc69e1d83f0ef7b2141db46862a7223ef06aa7d34b681f629b55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 135c9b1b100159778b4a50472c19f783 |
| SHA1 | 1e624afcf7923cd06f2909d2c2f0e83872de0bdc |
| SHA256 | f162483d6f72511ffec8b06b1b773fbc84533b3853bef4ed861e8e324c918544 |
| SHA512 | eb85a815cfd454074cd89e0dff66e8aa31f6ac9f85635bc421051db8403e8436df73af88bd8303f51e1dc551bf100ff6cf31ab039b22c84ce2d9658fac83f0a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ec
| MD5 | 7cae6b379184f1cc5444ca2fc9a8ec75 |
| SHA1 | 9a68fb4fed6c6f633275480ac481b7d24a1e60ad |
| SHA256 | 4b6edb96987da0a7714e705a7af8516ee7167c8a616eff6eb3ed9e54f6d02ee1 |
| SHA512 | fc81537d3fa0aa4fdc56ebcbc13bc43167cf1cd5424077c65292d7c86dd1e7aa11c44a5c78d8ca6fb31d942c034c1a9ee309aa8ee8a75a39dea0d3ed65790604 |
C:\Program Files\ReasonLabs\EPP\InstallerLib.dll
| MD5 | 135353974cbebf94b8bc48d682f8f5d8 |
| SHA1 | 0d8911efa7759516fc80961ec42ed6e15764ceb8 |
| SHA256 | 3da6db19e909805066bb41b1674b76b9b1946e99aefdee3ef96a0ee73b9914c1 |
| SHA512 | 1896e77b05162f9624ecc2139866186260b1adfb6a1918f04f9696dde2e7b5b4c2fb64533c20abc44ea0bc42afed692381cff956a458b1fb420e5b490f26f998 |
C:\Program Files\ReasonLabs\EPP\mc.dll
| MD5 | c85b6e5cbc8cd0cd668a95378cf2339f |
| SHA1 | a53d71a00a4d1ee74de71543846ddbeb568b29a1 |
| SHA256 | ef6f5493f21fa5fdac8b6b669ac6dbc0923e5c7c794f075413f27ca6ebeeb4b1 |
| SHA512 | 7067887375c5aa40b1732d648185a0d231b8d87a43b63fb3670dc5099a56c7c7356cce43dc48cad6e96c1585fdb2955afa8a50d3a1c7df1994e80705f76aaec2 |
C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll
| MD5 | fa16d0dc50b77c9f8703b5b36d774107 |
| SHA1 | ec426639f3bf3a563491ac53b70bb5eb92e5c314 |
| SHA256 | 94ad9f2b387a5e6cbd0f7b2259e37533ca80aaa69ba044db6a022661eaeb606d |
| SHA512 | b2e50634a6a7a116c71bb56dc045f29f79abd5d831ed1ac4a4fb7ab6a452321a814b9877b1c98cc0e185c6b6cab5bfe3e9435a43f9f4d1ff4d515109779372cd |
C:\Program Files\ReasonLabs\EPP\ui\EPP.exe
| MD5 | 4be222b0796df9d496e9ff02c389c304 |
| SHA1 | a50131cc3683aed3c32847cdd0b8b976951296ba |
| SHA256 | ae6d512a1d4f0f4b91a699c80eb6b97acd3bc59b22375a3039d74b58b31e9c2d |
| SHA512 | 26cccea83b3f1dfe84c63cacd4698d9eea373219cdf810f5dbc1ace313b1478d753eb5547ca186076e878883b462364dd80136805d7aadabd5917cf485a55eaa |
memory/6280-19880-0x00000253D14E0000-0x00000253D1536000-memory.dmp
memory/6280-19910-0x00000253D14E0000-0x00000253D1534000-memory.dmp
memory/6280-19908-0x00000253D14E0000-0x00000253D1534000-memory.dmp
memory/6280-19906-0x00000253D14E0000-0x00000253D1534000-memory.dmp
memory/6280-19904-0x00000253D14E0000-0x00000253D1534000-memory.dmp
memory/6280-19902-0x00000253D14E0000-0x00000253D1534000-memory.dmp
memory/6280-19900-0x00000253D14E0000-0x00000253D1534000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6e567961ddd8a4155c0d98bfaaee7472 |
| SHA1 | c4bc4ef3f7f44754e0c9eae554fad849bc4373ba |
| SHA256 | bf854922c3f9124f2509bca7cc65c95d642f586379a4e85d1bf99aa1933a9a4e |
| SHA512 | 1cc0304231b129f938a4713638338dd53da737d03e7b030da5273f505d7f376bc98b65701724de57f8fbd3cd4bc81c5a5d5483b3d0620e75b10b1c8fa6205cab |
memory/6280-19898-0x00000253D14E0000-0x00000253D1534000-memory.dmp
memory/6280-19896-0x00000253D14E0000-0x00000253D1534000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zSC88EFD40\d02ce52d-2eca-4323-8ee1-c8f1f09c9cf0\UnifiedStub-installer.exe\assembly\dl3\1e211e52\58fc47f4_39beda01\rsJSON.DLL
| MD5 | fa63504382f4f3f92fa86841d9e97f29 |
| SHA1 | 0bde02c98741bb24eaf501bd8e2d9738742cd042 |
| SHA256 | 5f0764e1998464f63c6583f870dd3784921b752b91d8e450fe2c90153cb5e58d |
| SHA512 | c8483d9060a6800c8dedb4d5fea7cda346f742ca1a149c3eb608823209aff1f00bfcc5b0caf9c482c7b01d75f6e198edfae3b0100cb0dca6e5b5f18336abdee5 |
memory/6280-21497-0x00000253D15B0000-0x00000253D15EA000-memory.dmp
memory/6280-19894-0x00000253D14E0000-0x00000253D1534000-memory.dmp
memory/6280-19892-0x00000253D14E0000-0x00000253D1534000-memory.dmp
memory/6280-19891-0x00000253D14E0000-0x00000253D1534000-memory.dmp
memory/6280-19888-0x00000253D14E0000-0x00000253D1534000-memory.dmp
memory/6280-19886-0x00000253D14E0000-0x00000253D1534000-memory.dmp
memory/6280-19884-0x00000253D14E0000-0x00000253D1534000-memory.dmp
memory/6280-19882-0x00000253D14E0000-0x00000253D1534000-memory.dmp
memory/6280-19881-0x00000253D14E0000-0x00000253D1534000-memory.dmp
memory/6280-21508-0x00000253D15B0000-0x00000253D15E0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zSC88EFD40\d02ce52d-2eca-4323-8ee1-c8f1f09c9cf0\UnifiedStub-installer.exe\assembly\dl3\1ce0b2bf\58fc47f4_39beda01\rsLogger.DLL
| MD5 | e3fa0916f33bee8a14f28421d2dcdc9f |
| SHA1 | fd3dca4db55e81ebffc7609c5d63a4ffbd6629b2 |
| SHA256 | 29aaff11e775c800575b1a5d4160daec749dde528e68bc3b6e9b340279ed991d |
| SHA512 | fe96efd3cf162bbb766634c3d90f707d868378dd04e47aa9d55c03e03130f54827f781639383b053c9335d022ccd6b244b67e586197c2b40d193dd58a4ee8cb6 |
memory/6280-21520-0x00000253D15B0000-0x00000253D15DA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zSC88EFD40\d02ce52d-2eca-4323-8ee1-c8f1f09c9cf0\UnifiedStub-installer.exe\assembly\dl3\effcdc50\23cc42f4_39beda01\rsAtom.DLL
| MD5 | 044d60780b0c40d3f9b0b5a3fc040948 |
| SHA1 | 2e16c926f11ed5faae22d9af5d935748c57ec1f8 |
| SHA256 | 7493f645bb04092aee30a47a681494251c79a38a941c9a3d2dee4293a265f428 |
| SHA512 | 7653a0a46e3eb9331e92a09937754302f939100adbfb283242c25bf0f73f8508d6f7e9d5aa08dbbefdd14bf682ad7d0d77f4999b3274d329d281e22934c445ea |
memory/6280-21535-0x00000253D1690000-0x00000253D16BE000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsEngine.config
| MD5 | 0195b6f2d3e0f5a4947f353e48e15d8c |
| SHA1 | f29fb502b68a486ffee0c55ed343c15e5110e6f9 |
| SHA256 | 52b9ff10c412162ce0ac5ece6cd56b1164c209af1ad8b3b8e334149ed6e4ea56 |
| SHA512 | 65ba63d1645a1c507c2a8c4728df0f1f660f3574333925386f1b5b07f11e4e894d8404767a478a384d6a5910915ff040698c6c761047a4ce53a9fabd2d788bef |
C:\Users\Admin\AppData\Local\Temp\7zSC88EFD40\d02ce52d-2eca-4323-8ee1-c8f1f09c9cf0\UnifiedStub-installer.exe\assembly\dl3\cffc9c1a\472348f4_39beda01\rsServiceController.DLL
| MD5 | 8dcd92de516608670f57193d74824a3b |
| SHA1 | c67c347dfa47c2db1628fab8bf9906c353f33dd9 |
| SHA256 | 96db49db4dd12b9f86144fedf83ac7dc12d855c5d7e3c863fd5b1696966ac345 |
| SHA512 | e5fde81ae57e68df69fc7695b9e16d8c7d188a30a4d68ffb682a3dcfedf2c028874145815aad2f957a02b0ead6ad8f1442635dfa580339816110e7b1cdbc0c0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fd500b888f947638c0dcb3f175dd8d90 |
| SHA1 | 762b2d20bb019b71c43d8c7471c2e9bdc9dd0c3c |
| SHA256 | f54240722627e61a920de9d91eba9dfd85f166354c359ab4c633aad644d93e6b |
| SHA512 | 9452710241bed98be2af7744dc39f57db6de02ae7ece69472e0f6eaa58418f5eb99cacc61f848ff863c80b2e1b1f59b184bcaf11886bb23ba2c5cbe63479b540 |
C:\Program Files\ReasonLabs\EPP\elam\rsElam.sys
| MD5 | 8129c96d6ebdaebbe771ee034555bf8f |
| SHA1 | 9b41fb541a273086d3eef0ba4149f88022efbaff |
| SHA256 | 8bcc210669bc5931a3a69fc63ed288cb74013a92c84ca0aba89e3f4e56e3ae51 |
| SHA512 | ccd92987da4bda7a0f6386308611afb7951395158fc6d10a0596b0a0db4a61df202120460e2383d2d2f34cbb4d4e33e4f2e091a717d2fc1859ed7f58db3b7a18 |
memory/6780-21571-0x0000019425D30000-0x0000019425D5E000-memory.dmp
memory/6780-21572-0x0000019425D30000-0x0000019425D5E000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog
| MD5 | 1264314190d1e81276dde796c5a3537c |
| SHA1 | ab1c69efd9358b161ec31d7701d26c39ee708d57 |
| SHA256 | 8341a3cae0acb500b9f494bdec870cb8eb8e915174370d41c57dcdae622342c5 |
| SHA512 | a3f36574dce70997943d93a8d5bebe1b44be7b4aae05ed5a791aee8c3aab908c2eca3275f7ce636a230a585d40896dc637be1fb597b10380d0c258afe4e720e9 |
memory/6780-21585-0x0000019427A20000-0x0000019427A32000-memory.dmp
memory/6780-21586-0x0000019440180000-0x00000194401BC000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog
| MD5 | 43fbbd79c6a85b1dfb782c199ff1f0e7 |
| SHA1 | cad46a3de56cd064e32b79c07ced5abec6bc1543 |
| SHA256 | 19537ccffeb8552c0d4a8e0f22a859b4465de1723d6db139c73c885c00bd03e0 |
| SHA512 | 79b4f5dccd4f45d9b42623ebc7ee58f67a8386ce69e804f8f11441a04b941da9395aa791806bbc8b6ce9a9aa04127e93f6e720823445de9740a11a52370a92ea |
C:\Windows\Logs\DISM\dism.log
| MD5 | 07ec50ad28d02b04fea01883ee5feecf |
| SHA1 | 31eb1648f1340ac0309f391c1816dd4cc73c0488 |
| SHA256 | 05fefcad2f98bfb97db84f25f6c19abf5c0db35ac2ad852df5ef97da6900ef81 |
| SHA512 | 0869cdf1a4f565868de228b8ca71992d0007402195f116a894559a6c16fd5cc1efb07383854421773a9721f5845f9cfa05277f66b02ef0b87b3771b99f894a18 |
memory/6252-21723-0x0000016660860000-0x0000016660BC6000-memory.dmp
memory/6252-21727-0x0000016647CB0000-0x0000016647CD2000-memory.dmp
memory/6252-21726-0x0000016647C60000-0x0000016647C7A000-memory.dmp
memory/6252-21725-0x00000166606D0000-0x000001666084C000-memory.dmp
memory/468-21762-0x00000191C8A00000-0x00000191C8A5C000-memory.dmp
memory/468-21771-0x00000191CA7A0000-0x00000191CA7F8000-memory.dmp
memory/468-21786-0x00000191CA740000-0x00000191CA768000-memory.dmp
memory/468-21791-0x00000191C8A00000-0x00000191C8A5C000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog
| MD5 | 2afb72ff4eb694325bc55e2b0b2d5592 |
| SHA1 | ba1d4f70eaa44ce0e1856b9b43487279286f76c9 |
| SHA256 | 41fb029d215775c361d561b02c482c485cc8fd220e6b62762bff15fd5f3fb91e |
| SHA512 | 5b5179b5495195e9988e0b48767e8781812292c207f8ae0551167976c630398433e8cc04fdbf0a57ef6a256e95db8715a0b89104d3ca343173812b233f078b6e |
memory/468-21817-0x00000191E3730000-0x00000191E3D48000-memory.dmp
memory/468-21801-0x00000191E2FD0000-0x00000191E3002000-memory.dmp
memory/468-21872-0x00000191E3D50000-0x00000191E3FAC000-memory.dmp
C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog
| MD5 | 705ace5df076489bde34bd8f44c09901 |
| SHA1 | b867f35786f09405c324b6bf692e479ffecdfa9c |
| SHA256 | f05a09811f6377d1341e9b41c63aa7b84a5c246055c43b0be09723bf29480950 |
| SHA512 | 1f490f09b7d21075e8cdf2fe16f232a98428bef5c487badf4891647053ffef02987517cd41dddbdc998bef9f2b0ddd33a3f3d2850b7b99ae7a4b3c115b0eeff7 |
memory/1276-22017-0x0000022AEC820000-0x0000022AEC850000-memory.dmp
memory/1276-22018-0x0000022AEC8B0000-0x0000022AEC90C000-memory.dmp
memory/1276-22019-0x0000022AEC850000-0x0000022AEC888000-memory.dmp
memory/1276-22090-0x0000022AEC910000-0x0000022AEC942000-memory.dmp
memory/9904-22142-0x000002D814010000-0x000002D814038000-memory.dmp
memory/1276-22107-0x0000022AECEE0000-0x0000022AECF64000-memory.dmp
memory/1276-22143-0x0000022AECE50000-0x0000022AECE76000-memory.dmp
memory/9904-22144-0x000002D82E7B0000-0x000002D82E944000-memory.dmp
memory/1276-22145-0x0000022AECE80000-0x0000022AECEA6000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5d2a2c64fec769264c242953962bfabd |
| SHA1 | 1076c13df84e8d9f3fbbea5b0db015df17d3be4f |
| SHA256 | f24a570a9f0cd39cf1ed87fe85196f1261f4839dc709f76bdb36db915ecc65ed |
| SHA512 | bfd4a673f95d5fcef4364746750b83374faca23c03abca4c7bf5fb27eceb7ae18916a06c2d0f6c2f441c50372fdfe893f0041c0ecf69641db67d47b715356664 |
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog
| MD5 | 7c9b77fe49d24ef989c12e52bba2b7bc |
| SHA1 | 37b9ee5a72f1387776e3dc67c7c3ebeb2effac7a |
| SHA256 | 2dd1c9e0e4cd57cda19b20412556e7b6d536c1e82b7913976ad6e4774d52ca60 |
| SHA512 | 9f52be631ca374c090639c4de41d6bd64805870d39545a40d7567a80e936c901a4123d9e42eb92f83e1504de6dabcadedf59363b8ccbb9ccc909794903fae529 |
memory/9904-22155-0x000002D814010000-0x000002D814038000-memory.dmp
memory/1276-22168-0x0000022AECFB0000-0x0000022AECFE4000-memory.dmp
C:\Program Files\ReasonLabs\EDR\InstallUtil.InstallLog
| MD5 | 789f18acca221d7c91dcb6b0fb1f145f |
| SHA1 | 204cc55cd64b6b630746f0d71218ecd8d6ff84ce |
| SHA256 | a5ff0b9a9832b3f5957c9290f83552174b201aeb636964e061273f3a2d502b63 |
| SHA512 | eae74f326f7d71a228cae02e4455557ad5ca81e1e28a186bbc4797075d5c79bcb91b5e605ad1d82f3d27e16d0cf172835112ffced2dc84d15281c0185fa4fa62 |
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog
| MD5 | 6895e7ce1a11e92604b53b2f6503564e |
| SHA1 | 6a69c00679d2afdaf56fe50d50d6036ccb1e570f |
| SHA256 | 3c609771f2c736a7ce540fec633886378426f30f0ef4b51c20b57d46e201f177 |
| SHA512 | 314d74972ef00635edfc82406b4514d7806e26cec36da9b617036df0e0c2448a9250b0239af33129e11a9a49455aab00407619ba56ea808b4539549fd86715a2 |
C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallState
| MD5 | 362ce475f5d1e84641bad999c16727a0 |
| SHA1 | 6b613c73acb58d259c6379bd820cca6f785cc812 |
| SHA256 | 1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899 |
| SHA512 | 7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b |
memory/1276-22191-0x0000022AECFF0000-0x0000022AED01E000-memory.dmp
memory/1276-22192-0x0000022AED080000-0x0000022AED0DE000-memory.dmp
memory/1276-22193-0x0000022AED430000-0x0000022AED799000-memory.dmp
memory/1276-22194-0x0000022AED020000-0x0000022AED06F000-memory.dmp
memory/1276-22195-0x0000022AEDA30000-0x0000022AEDCB6000-memory.dmp
memory/8804-22200-0x000001922C7E0000-0x000001922C80E000-memory.dmp
memory/8804-22199-0x00000192458A0000-0x0000019245B90000-memory.dmp
memory/1276-22198-0x0000022AED7A0000-0x0000022AED806000-memory.dmp
memory/1276-22212-0x0000022AECEB0000-0x0000022AECED6000-memory.dmp
memory/1276-22211-0x0000022AED160000-0x0000022AED19A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zSC88EFD40\d02ce52d-2eca-4323-8ee1-c8f1f09c9cf0\UnifiedStub-installer.exe\assembly\dl3\b99b806d\47105276_eeb0da01\rsStubLib.dll
| MD5 | fa4e3d9b299da1abc5f33f1fb00bfa4f |
| SHA1 | 9919b46034b9eff849af8b34bc48aa39fb5b6386 |
| SHA256 | 9631939542e366730a9284a63f1d0d5459c77ec0b3d94de41196f719fc642a96 |
| SHA512 | d21cf55d6b537ef9882eacd737e153812c0990e6bdea44f5352dfe0b1320e530f89f150662e88db63bedf7f691a11d89f432a3c32c8a14d1eb5fc99387420680 |
memory/1276-22231-0x0000022AED1A0000-0x0000022AED1C8000-memory.dmp
memory/8804-22238-0x0000019245090000-0x00000192450C8000-memory.dmp
memory/1276-22239-0x0000022AED850000-0x0000022AED87C000-memory.dmp
memory/1276-22240-0x0000022AED8F0000-0x0000022AED956000-memory.dmp
memory/1276-22241-0x0000022AEF200000-0x0000022AEF7A4000-memory.dmp
memory/9184-22290-0x00000000045E0000-0x0000000004616000-memory.dmp
memory/9184-22291-0x0000000004C70000-0x0000000005298000-memory.dmp
memory/9184-22294-0x0000000005410000-0x0000000005432000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_z1f32kpy.wqa.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/9184-22295-0x00000000054B0000-0x0000000005516000-memory.dmp
memory/9184-22305-0x0000000005710000-0x0000000005A64000-memory.dmp
memory/8804-22306-0x00000192452A0000-0x00000192452FE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a41710561c6f88eb7ef1609df3993cda |
| SHA1 | 2ba6cd6d12598c86bf439991e01f7b3216b7e9c7 |
| SHA256 | 63ca59b34059dcf34d04694a0d9b3a7175e50df455a6e9c8d20aa3abb5a9005a |
| SHA512 | fa92b2f64de166d833e0fc3347bb31c1ff6eea2a4c77c534ae47b0bb5ec7d3102384be05cce1787946fba254a6bf6aaf1c2a961d6d408139a34f1b4b3c474d40 |
memory/9184-22317-0x0000000005C70000-0x0000000005CBC000-memory.dmp
memory/9184-22316-0x0000000005C20000-0x0000000005C3E000-memory.dmp
memory/8804-22318-0x0000019245760000-0x0000019245776000-memory.dmp
memory/8804-22319-0x0000019245750000-0x000001924575A000-memory.dmp
memory/8804-22321-0x0000019246A90000-0x0000019246A9A000-memory.dmp
memory/8804-22320-0x0000019246A80000-0x0000019246A88000-memory.dmp
memory/8804-22322-0x0000019246B40000-0x0000019246B90000-memory.dmp
memory/9184-22324-0x000000006DF70000-0x000000006DFBC000-memory.dmp
memory/9184-22335-0x0000000006E20000-0x0000000006EC3000-memory.dmp
memory/9184-22334-0x0000000006E00000-0x0000000006E1E000-memory.dmp
memory/9184-22323-0x0000000006200000-0x0000000006232000-memory.dmp
memory/9184-22336-0x00000000075A0000-0x0000000007C1A000-memory.dmp
memory/9184-22337-0x0000000006F50000-0x0000000006F6A000-memory.dmp
memory/9184-22338-0x0000000006FC0000-0x0000000006FCA000-memory.dmp
memory/9184-22339-0x00000000071D0000-0x0000000007266000-memory.dmp
memory/9184-22340-0x0000000007150000-0x0000000007161000-memory.dmp
C:\Users\Admin\Downloads\You-Are-An-Idiot-main\YouAreAnIdiot\obj\Release\YouAreAnIdiot.Form1.resources
| MD5 | cd7dbc7abeda9893ce25793744443958 |
| SHA1 | dbbbbe2694d4b9b990881f279b4313574dbeac9b |
| SHA256 | e13ed2c59366d0eea74863fd71a81f0cb977cce1edfde304fc538690a4f6ac89 |
| SHA512 | e880f131ff460384940248ab2ecd97189ae0b7169fe5246440dfbce32f295cbd7697ce2ee65b434a0e40be91b91c21b2c14b1f446b2b1650d0a5d94c0d4f37ef |
C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp
| MD5 | d13bddae18c3ee69e044ccf845e92116 |
| SHA1 | 31129f1e8074a4259f38641d4f74f02ca980ec60 |
| SHA256 | 1fac07374505f68520aa60852e3a3a656449fceacb7476df7414c73f394ad9e0 |
| SHA512 | 70b2b752c2a61dcf52f0aadcd0ab0fdf4d06dc140aee6520a8c9d428379deb9fdcc101140c37029d2bac65a6cfcf5ed4216db45e4a162acbc7c8c8b666cd15dd |
C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp
| MD5 | 10a8f2f82452e5aaf2484d7230ec5758 |
| SHA1 | 1bf814ddace7c3915547c2085f14e361bbd91959 |
| SHA256 | 97bffb5fc024494f5b4ad1e50fdb8fad37559c05e5d177107895de0a1741b50b |
| SHA512 | 6df8953699e8f5ccff900074fd302d5eb7cad9a55d257ac1ef2cb3b60ba1c54afe74aee62dc4b06b3f6edf14617c2d236749357c5e80c5a13d4f9afcb4efa097 |
C:\ProgramData\ReasonLabs\EPP\SignaturesYS.dat.tmp
| MD5 | afb68bc4ae0b7040878a0b0c2a5177de |
| SHA1 | ed4cac2f19b504a8fe27ad05805dd03aa552654e |
| SHA256 | 76e6f11076cc48eb453abbdbd616c1c46f280d2b4c521c906adf12bb3129067b |
| SHA512 | ebc4c1f2da977d359791859495f9e37b05491e47d39e88a001cb6f2b7b1836b1470b6904c026142c2b1b4fe835560017641d6810a7e8a5c89766e55dd26e8c43 |
C:\ProgramData\ReasonLabs\EPP\Logs\err.1.dat
| MD5 | 0dc525f026ac370c8a37849e80e0b10d |
| SHA1 | 434efbc7e07ba8af8bd7bb4f453263ac2091db57 |
| SHA256 | 902185bd33882bc42dfce541088bb7d3671662262ff1d6b3615928fba7aaaf41 |
| SHA512 | 1095f92d94623e3e10555d94262303a15e0143ff13e3d3b5fabc73bef603ae6cc5ca6a44460addb518ced287a579d8519e27e3be5f26832b4d9a8a6c9f56ccba |
F:\LDPlayer\LDPlayer9\dnplayer.exe
| MD5 | 2061141f3c490b5b441eff06e816a6c2 |
| SHA1 | d24166db06398c6e897ff662730d3d83391fdaaa |
| SHA256 | 2f1e555c3cb142b77bd72209637f9d5c068d960cad52100506ace6431d5e4bb0 |
| SHA512 | 6b6e791d615a644af9e3d8b31a750c4679e18ef094fea8cd1434473af895b67f8c45a7658bfedfa30cc54377b02f7ee8715e11ee376ed7b95ded9d82ddbd3ccc |
F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr120.dll
| MD5 | 50097ec217ce0ebb9b4caa09cd2cd73a |
| SHA1 | 8cd3018c4170072464fbcd7cba563df1fc2b884c |
| SHA256 | 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112 |
| SHA512 | ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058 |
F:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf
| MD5 | 4acd5f0e312730f1d8b8805f3699c184 |
| SHA1 | 67c957e102bf2b2a86c5708257bc32f91c006739 |
| SHA256 | 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5 |
| SHA512 | 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837 |
F:\LDPlayer\LDPlayer9\fonts\NotoSans-Regular.otf
| MD5 | 93b877811441a5ae311762a7cb6fb1e1 |
| SHA1 | 339e033fd4fbb131c2d9b964354c68cd2cf18bd1 |
| SHA256 | b3899a2bb84ce5e0d61cc55c49df2d29ba90d301b71a84e8c648416ec96efc8b |
| SHA512 | 7f053cec61fbddae0184d858c3ef3e8bf298b4417d25b84ac1fc888c052eca252b24f7abfff7783442a1b80cc9fc2ce777dda323991cc4dc79039f4c17e21df4 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll
| MD5 | 0054560df6c69d2067689433172088ef |
| SHA1 | a30042b77ebd7c704be0e986349030bcdb82857d |
| SHA256 | 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750 |
| SHA512 | 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll
| MD5 | 4ba25d2cbe1587a841dcfb8c8c4a6ea6 |
| SHA1 | 52693d4b5e0b55a929099b680348c3932f2c3c62 |
| SHA256 | b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49 |
| SHA512 | 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp120.dll
| MD5 | 50260b0f19aaa7e37c4082fecef8ff41 |
| SHA1 | ce672489b29baa7119881497ed5044b21ad8fe30 |
| SHA256 | 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9 |
| SHA512 | 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d |
F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll
| MD5 | 3e29914113ec4b968ba5eb1f6d194a0a |
| SHA1 | 557b67e372e85eb39989cb53cffd3ef1adabb9fe |
| SHA256 | c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a |
| SHA512 | 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll
| MD5 | e8fd6da54f056363b284608c3f6a832e |
| SHA1 | 32e88b82fd398568517ab03b33e9765b59c4946d |
| SHA256 | b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd |
| SHA512 | 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b |
F:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll
| MD5 | 52c43baddd43be63fbfb398722f3b01d |
| SHA1 | be1b1064fdda4dde4b72ef523b8e02c050ccd820 |
| SHA256 | 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f |
| SHA512 | 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll
| MD5 | ba46e6e1c5861617b4d97de00149b905 |
| SHA1 | 4affc8aab49c7dc3ceeca81391c4f737d7672b32 |
| SHA256 | 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e |
| SHA512 | bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll
| MD5 | 2d40f6c6a4f88c8c2685ee25b53ec00d |
| SHA1 | faf96bac1e7665aa07029d8f94e1ac84014a863b |
| SHA256 | 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334 |
| SHA512 | 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll
| MD5 | 01c4246df55a5fff93d086bb56110d2b |
| SHA1 | e2939375c4dd7b478913328b88eaa3c91913cfdc |
| SHA256 | c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889 |
| SHA512 | 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\dnresource.rcc
| MD5 | d4d2fd2ce9c5017b32fc054857227592 |
| SHA1 | 7ee3b1127c892118cc98fb67b1d8a01748ca52d5 |
| SHA256 | c4b7144dd50f68ca531568cafb6bb37bf54c5b078fbac6847afa9c3b34b5f185 |
| SHA512 | d2f983dde93099f617dd63b37b8a1039166aaf852819df052a9d82a8407eb299dac22b4ffe8cab48331e695bf01b545eb728bec5d793aeb0045b70ea9ceab918 |
F:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll
| MD5 | 66df6f7b7a98ff750aade522c22d239a |
| SHA1 | f69464fe18ed03de597bb46482ae899f43c94617 |
| SHA256 | 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f |
| SHA512 | 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e |
F:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe
| MD5 | ad9d7cbdb4b19fb65960d69126e3ff68 |
| SHA1 | dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d |
| SHA256 | a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326 |
| SHA512 | f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7 |
F:\LDPlayer\LDPlayer9\dnmultiplayer.exe
| MD5 | 330013a714c5dc0c561301adcccd8bc8 |
| SHA1 | 030b1d6ac68e64dec5cbb82a75938c6ce5588466 |
| SHA256 | c22a57cd1b0bdba47652f5457c53a975b2e27daa3955f5ef4e3eaee9cf8d127a |
| SHA512 | 6afb7e55a09c9aac370dff52755b117ad16b4fc6973665fce266ea3a7934edfb65f821f4f27f01f4059adb0cf54cc3a97d5ff4038dc005f51ecee626fd5fadd1 |
C:\Users\Admin\AppData\Local\Temp\cbbc8dec-6d55-43d3-b8c9-dd5949bce8f2.tmp.ico
| MD5 | 85d49a7f82ddbde5598829b755b84261 |
| SHA1 | c87770057fc05f5e3088f2d5c0f38f4aeae7d516 |
| SHA256 | b79838b15a988ea1aaaead3ba1353d54085cc76008489fb42f614e96f8b46aab |
| SHA512 | cde6caf5817b5a47abdcf89448209b14b28b4e69f5968fa52dbca65a89ee8aebbd786c465ad0683a0fcb5613cd41649cf6c34f550a1b5e63c86ec1f250fd47a6 |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\DawnCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\DawnCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\DawnCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.30.4\Code Cache\js\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 449065990d6d876962c1041cf536fc82 |
| SHA1 | 8ff9e36805db8b4a1a819ae79f554c0e186300ba |
| SHA256 | fbe4262f0edb5e269f0c1985376b05294f5f992b37900880660660a3e42b56a1 |
| SHA512 | 40152c1a23247905999490bd0e59933069b1d90cb2c2ef7420d3121376b60a1b16432ddf2935d5fa4034746bb9a66e0f0065c47c761b4a4796b4c851ef71a8cd |
C:\Windows\Temp\Tmp253A.tmp
| MD5 | 226b9e8c64dc0dc891cd9b641cd1ec8e |
| SHA1 | d9a44379faf42ab0313a20a103c5e04294ab9928 |
| SHA256 | 1edd5aead2ea9b2532ca888d6eb93a1335918ce8fbffdd26920927135bc74db2 |
| SHA512 | 436bca5e65716e642f93e8afd6c8b2b38f78259278a6e127af3c2571d2d666af249f8c5d95f28b455a2f5a29c9c05da9d97ee638b8f43f1aba88efca65225fb6 |
C:\Windows\Temp\Tmp254B.tmp
| MD5 | 730c73d003d05fd0d3538d6e5ea45252 |
| SHA1 | 61f5d28b343765cdae7cdbf4f8018ff96bb6b5db |
| SHA256 | c01597b3a56dc98c7e71106e366d9c2c6e18ab0c8888ac7367bac6e4e71f3442 |
| SHA512 | 906f2ea34a3d3550cb2b06c39e8c6eb7ded374d7f3f84988679229f2f59f2319f7dd00d508cf1ddfd55b96e56ace34f005c494eb2831cdded928f7fb701c452e |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.30.4\2191866d-5e26-4c93-8d86-1805f736e93e.tmp
| MD5 | d11dedf80b85d8d9be3fec6bb292f64b |
| SHA1 | aab8783454819cd66ddf7871e887abdba138aef3 |
| SHA256 | 8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67 |
| SHA512 | 6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0 |
C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll
| MD5 | b001f88504c8c9973e9a3b4dc03e6d1a |
| SHA1 | a54b3046a70a4f2c792ad6a382b637b599f1dc48 |
| SHA256 | 8ee4cbed114a588e934b5043f95c9c06f40468c2300fa0d1d938d16c1d46a8fd |
| SHA512 | 390e53be657fc35fb2e9f41b76b3b07c161a860d72445a4b1425ca973a6d8c0f32f6de6844719c6e9813e8d949ab65263642dea01c800a00285bd45595bed4d8 |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F
| MD5 | 5bfa51f3a417b98e7443eca90fc94703 |
| SHA1 | 8c015d80b8a23f780bdd215dc842b0f5551f63bd |
| SHA256 | bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128 |
| SHA512 | 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399 |
F:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk
| MD5 | 4d592fd525e977bf3d832cdb1482faa0 |
| SHA1 | 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef |
| SHA256 | f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6 |
| SHA512 | afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cf45d78911bbbf25f06290ac1507c99e |
| SHA1 | 5c23e80f8e3f81a8e8bf9063134d5725c50266e7 |
| SHA256 | 797a36ee72f7182dd1aafd5294c7fbe86af6adc2a3446901360fb61c73edf878 |
| SHA512 | 2e91a27d05eb847bd3550ef143a3bf6695c64b426660cfacee37fbc300e8af7eecbeeb50d6855f9677c2102af1524eb380dc11503cd5452da2370238687a8031 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 178181abede2e6a0952dc0051d324827 |
| SHA1 | f3a7488fa89956e1035f29857cbfdac46704a06d |
| SHA256 | 9039d7122824ee456d4b8088ffd23cef2a44d1d8070ef4c00ddbe27c3d3347fc |
| SHA512 | 61492c931d47a6fe8b9a5c0d3c36d3d7ddbbad3b1e19f9b311f3b45e18865e99402de33d2d839f4fb7a0be33f7a0d0a13e3ca61163c564d840a4ee8e275a4b45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ee85a3e9410e88d220a5252dc8d85c6a |
| SHA1 | 9092916eccb8f8e05cb8819aea54f56357d82892 |
| SHA256 | 95cb8e910f8dbf57179138322dae6a06087759a5aec05ce110cb56c77e8d2bb6 |
| SHA512 | a1dcbdfe7f17c60b1c04ca9a7d07877299788a2ab2cc5735b370b230ad85fcd3e94d6177a5fa68dd50d61c8ccd8d3fdf1f0d47a61998fd7043b0217b1086c0a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jcpgbnbdnakoblgfkbgggankeidkfcdl\6.0.0_0\contentScript.bundle.js
| MD5 | b5420e42524ff930ce283a078768460e |
| SHA1 | 505dbcb230b71985e0b75e1e323ebffe3b15f295 |
| SHA256 | a5d2108a9097c9f3fa821b3b90d79c5e4824f74ca21a18c5ff7271b05fda83c5 |
| SHA512 | 3e8df8ad43c6dc59fa551719057f631d197402d7009b09be898454f28e56378c8539994a22c6141ea527f37549554dfe74e3169eb989d21e9ceb0637d22f61a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jcpgbnbdnakoblgfkbgggankeidkfcdl\6.0.0_0\assets\images\crown.svg
| MD5 | e2e93bf6f4365635d8d01a854caf31d5 |
| SHA1 | 33502919a2f609b8ef7c8a18f7722d3ce337360b |
| SHA256 | 7bf49e91bda1b6dd05b94288fbd86391500557f272b4f8e0ad3a69549e7a6104 |
| SHA512 | 5548d7fc0faff4ecae85888dbe938438390d478110c26db26e27f9764a3dfc3e5faf91789f84e9e76575b8f371a6cc0cd90feae6b8e3dbf317e59129b71cfeee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jcpgbnbdnakoblgfkbgggankeidkfcdl\6.0.0_0\assets\images\close-white.svg
| MD5 | 1fe8bf19c860d2e13f6e9f1ebd2778cb |
| SHA1 | 3a47b23b93a3b89abaee6b57fdb597a742be1d23 |
| SHA256 | 39c46e8e2da43cc6f31ec85120a8879bee0eefdde9b20ce92d1f5e8733b6eb40 |
| SHA512 | a3b13146700e148dd855df06045b374ad0f887c3e7452daf480ce913e47d199425741553d9c56e01721739829a1f741d27bdb564882499b908d55af55f57ea71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jcpgbnbdnakoblgfkbgggankeidkfcdl\6.0.0_0\assets\images\close-blue.svg
| MD5 | 8d8bf8908be87508c56d626e0a776978 |
| SHA1 | 3cad5703edacdadf1dc6fcb48fe921712b16fbf0 |
| SHA256 | 9c5c3329378a3bfba29911b873f1d94239f6ac54dffe6bab113b3d51d8dc0ae0 |
| SHA512 | fc0b25c71d69c3721c104afd9ce6af91d89a92a37bf47f97e7df96187e45ed25ac08651e564a09281906e678f7df25af11aeff44b80a3fc17bf2c25c78e1236b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jcpgbnbdnakoblgfkbgggankeidkfcdl\6.0.0_0\assets\images\check.svg
| MD5 | 0b2e057ac7229a93f0c0815343c57ff9 |
| SHA1 | 4c99a278bb5dd30203fb4f33f8d3dcfc5aae5a8e |
| SHA256 | 98ce9f3ebf75b2ca71e096bd01988540667d9e9636d5512fe17d099d9eba91ea |
| SHA512 | daf1f0ac010b53f48a1769201bb48df13ef40531e55d3b0736925fdb81441af75f6d3f4e068090feaa6c8ece9f5168c8e44e1dc18c171aca6ef3596a596e067a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jcpgbnbdnakoblgfkbgggankeidkfcdl\6.0.0_0\assets\images\attention-icon.svg
| MD5 | 5232d122e13560c86cf3ff0c84ecc3de |
| SHA1 | 7c0a78dd1c15e4b50943e1101f0caa8c0405f2c6 |
| SHA256 | 616cff0cab3ee3e3b69aff4423a541daba199172d2eb2b0f5e7d83e1d6e13f99 |
| SHA512 | 619222dcc939be36477504882d3a6689a58f9ede708c135fc621d1b8c9d3d9bb4bf6abbecfe7c13bbbbcd7ae2f0f150baa3ac5cd5358db0c057453042484d7a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jcpgbnbdnakoblgfkbgggankeidkfcdl\6.0.0_0\assets\images\arrow.svg
| MD5 | 8a4011cef8b4f6e1fe6dfd28c497ad69 |
| SHA1 | 395ce130677ff0b579f1f3c7f8b45b8489490094 |
| SHA256 | 31313b5ae51fffa0684dcd10537b9534413f105cfcfc3a8a39890bad5f3aa3f4 |
| SHA512 | e25314ee23995bc6d8cec92bd969b9b7e956d46e8bcf8d3ac209445c6f551d311468382f145f8017f6ab26d7cb8c9b6a0c4b3b41c5e7c3f03384116bf720ed85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir7280_1951223241\CRX_INSTALL\_metadata\generated_indexed_rulesets\_ruleset1
| MD5 | d7a63ccfe52eeb58faa0f0aa441ab878 |
| SHA1 | 050ad45533af7c85a5369c48e0ce49634ed62d65 |
| SHA256 | 3a68db4a7ef75fa420da4db273d62feadf29e863800b584f97460cc6584d1f56 |
| SHA512 | 583c464b95d9abe2ca9504f44bc3030c0698913470cf7a3890f1f9ae79b2477989b27b4f16cc9e61a991ca1af8b507eb9d4b812d766d6f1f0d2200a32d41c80e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jcpgbnbdnakoblgfkbgggankeidkfcdl\6.0.0_0\assets\fonts\segoe-ui.woff
| MD5 | 9a2931180d6b1dc7b33052657eef554b |
| SHA1 | 77b8f3cb5410c779206782a310990c19af2b02ca |
| SHA256 | f424915a692bc5a458d6e7d9c99e4fe0cf5cb8883bd3516b01d4fef5da8d3663 |
| SHA512 | e839eb6fa727c6a604da142e7c823c5d8b7d8e33b3d19937da7bc1948c32893b08f0ace35c020e391ab0a9694b479b28282024c3518dac995eb87fd7aa18c631 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jcpgbnbdnakoblgfkbgggankeidkfcdl\6.0.0_0\assets\fonts\segoe-ui-bold.woff
| MD5 | 52382539737f4e9913e4bf6b9966bee3 |
| SHA1 | d58d3dc5ff86fe8ff594134df53ea9b8074f6bc6 |
| SHA256 | d711a54cb4822ccf7926b1a95b7a43107fcfe8ef99a817e6906a1063657c7b28 |
| SHA512 | 55f1767cfb589eca775f2849b975d8311295951f8e457be58de34983531961ce4fada3a856daed8d7cd712bd8b5fad53ceecf438949deaafb7d5cb87114ecb4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jcpgbnbdnakoblgfkbgggankeidkfcdl\6.0.0_0\assets\fonts\noto-sans-semibold.ttf
| MD5 | dfad8b708bc7b6911ed49a6f35680b10 |
| SHA1 | 44bd4f1602342642f6bbfc019cca65852d9f3ee0 |
| SHA256 | 6a27c11bf011fbe565c4d5be9ab49d8535c7cfefeb3aa44dad5d1339f68aad1b |
| SHA512 | 0ee222bb6dd7882ec802fb21193ec49e814014f0ece7303c16c2fe24f94735f8d420fba59c9cd689748e89519880b723dfcbd4bbc635d2b89261cc336498e1a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jcpgbnbdnakoblgfkbgggankeidkfcdl\6.0.0_0\assets\fonts\noto-sans-regular.woff
| MD5 | 0a66f097fb9215e828bc0ada73d19e45 |
| SHA1 | f962197011fa900ec29b4bd14f624a3309854626 |
| SHA256 | 8e5f3060067847d71c398a897b8f8aecadbacadec3324b41d6eec5b3014fed89 |
| SHA512 | 060d79916429b617f950a86ef6783198ceb844f26e65b7d26fd667a37c577c5913ba4ef183d2ca0e7f46b3d6e13c128a5bf8c4ae7e0f543c53c051bf13a92fd4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jcpgbnbdnakoblgfkbgggankeidkfcdl\6.0.0_0\assets\fonts\noto-sans-medium.ttf
| MD5 | 09dc02dbe8133545806d275a2fec2ca7 |
| SHA1 | f85d0a08f987df19288a61f18a22519ce0551c3e |
| SHA256 | 9d0511ca54de389e3ef4e8a8accdd94e6fdf73eb144f7bba2017e55924092822 |
| SHA512 | afd4ad23eaee89cdf729c8645f3d51ead449d8f9fa943a0158270857141d40c8619e3da98163b17770c09c0409536cd60c367736938645e119e60a11ea93dd53 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jcpgbnbdnakoblgfkbgggankeidkfcdl\6.0.0_0\assets\fonts\noto-sans-bold.woff
| MD5 | a65fc7725f81daa832e2ac5d4820c2b1 |
| SHA1 | a5602a3cb911cdb6ed538c22f451763d884092f0 |
| SHA256 | 5adee3972bb1a6f74b582f79a5d3b4735e665c00b2e49938a4fb68755e56d9df |
| SHA512 | f8b07d9d46733c8820cf2466a14203710f10ceba789f80fb700b00ff950e5c1f30fb035939911e4d1a4e7ab92f37ce8f6fb47f5d9ab58f5eb5031804e4ad96a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jcpgbnbdnakoblgfkbgggankeidkfcdl\6.0.0_0\assets\icons\icon-upgrade.png
| MD5 | 8f0dbfccb36007d663b552bb84db01d5 |
| SHA1 | 709b15810f26fe075d1037b7d90e196f4471d574 |
| SHA256 | 07b43077658e1bbc63ac5c7431fd1940f74e8231a532a055de9e2fa0ae79b0be |
| SHA512 | 064962f997821ab44b523dc6a7524b6ff21352d90fb9e13281a72ad4d09d3431173d96c71277c92cae023f91d435700169113f14171446d52e65e48b1a44f719 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jcpgbnbdnakoblgfkbgggankeidkfcdl\6.0.0_0\assets\icons\icon-threat.png
| MD5 | 02e2204d82355dd71f3e9a493087ab40 |
| SHA1 | dd3e5c7ba4d4f7d4784bb040718ced43b0ec6d57 |
| SHA256 | d6c4b23336f9539c8dfb12a44282aebe1c052a8bd2a808587c08b01809a755cf |
| SHA512 | 035814b7e5ecee257c897e4ce0aee38839760eba0b745df3258e2544429e3ba0a351eed5596ac6125b2c3ab13aafb8d3b97383c2fadb56ed315d7a0b7dd92a54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jcpgbnbdnakoblgfkbgggankeidkfcdl\6.0.0_0\assets\icons\icon-34.png
| MD5 | 15b14e66c46e0a83449fea81f4d0e59c |
| SHA1 | c3512dc47f25eb700e21a04f0925aa9d6996f08f |
| SHA256 | 10a9008f1b5e61a13f2fc225e9444f17a30036f76855826ff0f881de880db15e |
| SHA512 | c0296a9252e9ea8336a28a73fdeb6d90a3fbd13cb5699f9b90e8b2e3858f041509e8886d056b402c5444e9b36a5950fdb8dc93dd46c15a79d84e1e579b5cd887 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jcpgbnbdnakoblgfkbgggankeidkfcdl\6.0.0_0\assets\icons\icon-128.png
| MD5 | a3c4a97b3abf5c40532df4c73b6a0aed |
| SHA1 | 487bcc26a31f4545cada98e13532510784f3d9e4 |
| SHA256 | dc9ab4985526d23074e9cf2ee176e68dd7a5cd282c147df32733da083b7ce8a6 |
| SHA512 | 71c82630413b7d9e8f2541bb036b1884c2e88ba5abee2e6abf79744951f1f2e65f7a3d82fb59c274ad7f02b3e49ee5fa2f20973410db3cc2ca92e6bb3dd42fbf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jcpgbnbdnakoblgfkbgggankeidkfcdl\6.0.0_0\assets\images\logo_with_name.svg
| MD5 | 7077be1629422619bbe5057dea2afcf6 |
| SHA1 | dccf730b9bd0ba9fb7c505f350aa2428457bc952 |
| SHA256 | 0d28843ed45447345a2437b02ac99a6426de73143015d70bf2eb43ccd4fc75fa |
| SHA512 | 48da879c4223098c02814106279abcd6e5cd4a4379baf4cfeffa2fa7a961c4d8791ce10bb79a6643c1fc63d9b57e969f4fa2e5a2dc47e2ac60a1970b2f67f24f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jcpgbnbdnakoblgfkbgggankeidkfcdl\6.0.0_0\assets\images\logo-white.svg
| MD5 | 716872be17ae1eabffaafacfb8c0d518 |
| SHA1 | f2dd6d573d2fefe6ee189dafebc829098e6c973c |
| SHA256 | 824842f23358a42597e09fcc04efadd083e1bbfd6a75a863fabc413713013cf1 |
| SHA512 | a54c370a019f85be810337c5550392cd55c6c208b8ce71156c670cd6d5a62c6708f9c4a2d7370c76b0bff3c4dbdf2f99df3dca043084d3d1b552011f0688de40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir7280_1951223241\CRX_INSTALL\_metadata\verified_contents.json
| MD5 | 1b01ffc2bafd0a464913805b97e1dd6a |
| SHA1 | f64210c6b06215c5d288f26b3195c557951db428 |
| SHA256 | f14934357881f8c7340890752a4fdc0e5440c7ddeb29660ac642c9a972e5f551 |
| SHA512 | 0d26c87a86371b26bdee126c4ea37fa437538391f88cd263c058e3aa64edaca91efaab01bf93f5c81d4d8df92e73469fffccf403dfb4d49267653e851fc6da20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jcpgbnbdnakoblgfkbgggankeidkfcdl\6.0.0_0\rules.json
| MD5 | 5736d36e31b7bc0d59788d30260281ea |
| SHA1 | c2810c0335d1760d2ab337db349c362596df06be |
| SHA256 | 79ecc25acaf4d184958e339a9e48a1f0d187f82a676843dc6a40ff907e1853f3 |
| SHA512 | 046686a280f60d50791ff8bd13989ba4bf058f402bc3d45c3688bc60e8ea91e6e44ec3ae8bf66f1e47b66b336ea8b0f70f20ff1279f6dfb377d662d633296c7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir7280_1951223241\CRX_INSTALL\manifest.json
| MD5 | 36c7c3d8f8d37e17ee06d7a4ce3099d0 |
| SHA1 | ea7a3d54e78ddbb80a05888412b2f079a75e5b7f |
| SHA256 | 1b594fb15c701e51f960bbb9efdfa72198cb3b6c3aa122ad759524e2c82a2142 |
| SHA512 | 990a66fa225c7f63804a5c0ca9d4d1af87bff0c1ddf55cce2557d14ebfb17f8639dca12f544fc2c5b218723622fb1be6f7779d5ce8755a562957e5361d6fc9c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jcpgbnbdnakoblgfkbgggankeidkfcdl\6.0.0_0\index.html
| MD5 | 336fd61de62addda84cc9e5c283b7e67 |
| SHA1 | 6b5985b920c40c61fb320f70be5f89233754699c |
| SHA256 | 6476c7b35152cbbe4906e94dada4e68faf052744cb0da74589679b86d49edd15 |
| SHA512 | 2f641a563c6283ee3582c597c10be2336a18cf5e4a1e0c1a3c8b661e1ef49774145f15630b90cb5c1f9bd9439c6d64dc2bfc160763ae3d949eb0eca805bfbad6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jcpgbnbdnakoblgfkbgggankeidkfcdl\6.0.0_0\index.bundle.js
| MD5 | 21a57bcfd8166f1a78e93ff075073dad |
| SHA1 | b222925084dcb825c56a1f4d061ce60d73b5e697 |
| SHA256 | 5fb95e4a8b1ee5fdf974bf4fa3e0890b3d973b98598ced1fd5f4cbfa27e7babb |
| SHA512 | 5de66932e9868b16eba364c24052131fa8bad2e097c72bc51f8493b91e8380df4b4717ff97536fb3789a6cffedf198c8b5bfba395572ceadf32fa1eeb130417a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jcpgbnbdnakoblgfkbgggankeidkfcdl\6.0.0_0\background.bundle.js
| MD5 | a0f181524d2f89830b233309e578191b |
| SHA1 | 5112f2f12100b01f242b0690a3aaf5f7e729cd9f |
| SHA256 | 727de56a3efb2b77feda4ac895cd5ab0e7f24b28ebec029b0b3460ffd5912eaa |
| SHA512 | f4324039feb00e2109372a40927d69aa2f739d2dc8383f929689c510fc1a14bff653fe179810daa5d2a4c5518c846020ce8fdfdba403e400535a49f6976b8c59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 901a4d845c573b3172fc460e45a8d1ec |
| SHA1 | aced577208da16ec8a8045b29551183b69a62ed3 |
| SHA256 | cadc7b97ff288b4e5168142d7981067effc2de505b83f6d757d0fe7b9a94a4fd |
| SHA512 | 519c6517e52ca75d84047a3c755407bfee0e1337042b1a61a1e8a4798d95b3403bcf1fd4832c2f3a1c6387d16e7a8e077b3421d31f774ad100092ab3c1118a9b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9578e9978ef7535efdafd03583dab4e1 |
| SHA1 | 6ee7487c734838f5218a826a95d9ceb061d4c621 |
| SHA256 | 01b5110fcbfb93563c804a01ddc9733bfd406cac4f6bf6da7f45b58d3e50b11c |
| SHA512 | e981fdf2bfc822d1b0aef11ab0f43bc4ea7ca584ea92d16aa42295a6da7d92fb3f9bf32b93a07a7f0851efe30c7bffdacd0c830d690042fa9f3ec8553c246c49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 50c342011760396d9f3496585a753170 |
| SHA1 | 9a4589432df075683f4b11ec4ecb40fbe21703ce |
| SHA256 | d6ce9de57215a55112f9555b37a4ef9bb2e2b9647f8c49a34a9209738969c96b |
| SHA512 | d92d89f47e95100b129e350dcf1070b44904076d049f2ef8e77a417f77e1f8e315f37a1c4e820b11eb12e6e0a50e32f5a3866b9715f47a40a907c173d1ff6115 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7dc6904f9c70c2b1d45513609da8d775 |
| SHA1 | d998b310e60775e3ad3baa0eb5f5c7924ce2cdaf |
| SHA256 | 2eb28e78e5f226973969478b68e97ec59615d4f5dd14b4d3418a88847a381089 |
| SHA512 | 8466a54ee2c9ad62fa472e5609de21c23194c17de31a36b3df03a8100050ff3ad422307720ab6c82cb224d4244e75317254ae5688c0139b4b8e3a406319c35f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 953ce8e4a4e452b35ceb439a233f2f53 |
| SHA1 | bfb50ee398dab38fd6ec63ac93f7a4135eab2a60 |
| SHA256 | 59af82e7bdf1cd4586adde8ca5b99dd46d38baf78eb5b1dd474f6a8e40deb5eb |
| SHA512 | 2e137ec6753faddac5cc0609e1c4e082b49288aae3079812afffcac091f28aeb21a05537e1f9dec8ce5be3eeab7e871fb0301a9d62e484f8d71b2357bb5c6d72 |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Network\Network Persistent State
| MD5 | 4f8fe57cd6b42416318490ad08303e9a |
| SHA1 | 8d608d88a4bad92a466637e4602a50e34b301fd3 |
| SHA256 | 34be731f5190a6195c31a2fa1ac441743c4b3d90a10e14dab508cb714b66c1cb |
| SHA512 | 97c0046d474eec7bcd1a223bbf769946944e96bcf3538f55258eb242e1d083bbacb94a1f0838087446b3d6607ce65875e324e0311b0776979a35e6a0aad686a8 |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.30.4\Network\Network Persistent State
| MD5 | 7c47338b85bc1d07985008cad3501052 |
| SHA1 | af8d700f138ecd96f9220883df0662c2fe1fa549 |
| SHA256 | 90abbb6b21c30bbcfe64038f2acf53199e42cc26a08b7ea1543bbe45a94d1d54 |
| SHA512 | d4b97ee3fca0a80cefca04889aee60e38ed6ad560215ac423a541f18714c95e26fcd02fee91ff7b3f4b157cb479ae877364a53b979d216216472c2e99c95dce4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1f8a39bd0c97abf6adfb33ff13e63dc5 |
| SHA1 | e4f19c0d96bef77c35e36f5658b87a2e251c013f |
| SHA256 | 676c133dd3b5705a39a0e8b5f9d5ba5a7d80906cbd30652be35a0924e2c03c66 |
| SHA512 | 1db07e85db9064787056051bc51515fdf7ef2e80a9e32e52c92708d74dd0229bf025938baed060841ccf6ea0dee45318b8cfb7baacf097087752a576cb3ef4f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | 57a09a381255b716f97d35162e6d03cf |
| SHA1 | 2c3896bd47340403f67d2fd834ed396609806b58 |
| SHA256 | 91762de21a32bf7714921e215cf564232ea09afc529b620584de7e16dadfeaf0 |
| SHA512 | b10bbbc4c552f31aa18458d0eeef6ddc656d7e9b9d99290e764e4a60c0f26f118969bfc0050cf3b710c7cf75486739499c7b9ea9fefe792a20192a67bccfba26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
| MD5 | a9ee0092a50e4443e7cd01cefdc6d95e |
| SHA1 | 18614eadee202eae00c3f22267d18cf648446b93 |
| SHA256 | 78c268c35b00d23224cb9ad9ee70426c943d41d4635d558756ef83f985e7cc9b |
| SHA512 | d4db3c81cd081d582017bb678ecc7edac4641c840300b802c88d433a9f79fb709176bb8c11af35d55562ac0a82b25763477e3a6b2784456a5f4b8be625d165a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
| MD5 | 2923c306256864061a11e426841fc44a |
| SHA1 | d9bb657845d502acd69a15a66f9e667ce9b68351 |
| SHA256 | 5bc3f12e012e1a39ac69afba923768b758089461ccea0b8391f682d91c0ed2fa |
| SHA512 | f2614f699ac296ee1f81e32955c97d2c13177714dbd424e7f5f7de0d8869dd799d13c64929386ac9c942325456d26c4876a09341d17d7c9af4f80695d259cfea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
| MD5 | 635efe262aec3acfb8be08b7baf97a3d |
| SHA1 | 232b8fe0965aea5c65605b78c3ba286cefb2f43f |
| SHA256 | 8a4492d1d9ca694d384d89fa61cf1df2b04583c64762783313029ae405cbfa06 |
| SHA512 | d4b21b43b67697f1c391147691d8229d429082c389411167386f5c94e3a798f26c2457adf6d06caec446106e0f0aa16d895bfc4e8a1ff9e9c21a51173a923e3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8b65699df1ca4d26b4f694d1b669cb03 |
| SHA1 | fd4d9a57f4d3ecd788157fe8cedbf20554d5f056 |
| SHA256 | 84224431378c04efb1c9ace8ce2fb720d8da60529dddb220db3fed1a8b98e7da |
| SHA512 | 77df644cee0f767c18d25cbfb9382bc4233dd264a622ba0f3e09b04d7645ff97e85e18eed434a7e25ddc911721666c15779076f30904388fca8acefbbb9d88cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | 5d0e354e98734f75eee79829eb7b9039 |
| SHA1 | 86ffc126d8b7473568a4bb04d49021959a892b3a |
| SHA256 | 1cf8ae1c13406a2b4fc81dae6e30f6ea6a8a72566222d2ffe9e85b7e3676b97e |
| SHA512 | 4475f576a2cdaac1ebdec9e0a94f3098e2bc84b9a2a1da004c67e73597dd61acfbb88c94d0d39a655732c77565b7cc06880c78a97307cb3aac5abf16dd14ec79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
| MD5 | 77e89b1c954303a8aa65ae10e18c1b51 |
| SHA1 | e2b15a0d930dcc11f0b38c95b1e68d1ca8334d73 |
| SHA256 | 069a7cc0309c5d6fc99259d5d5a8e41926996bbae11dc8631a7303a0c2d8c953 |
| SHA512 | 5780d3532af970f3942eecf731a43f04b0d2bdb9c0f1a262dbd1c3980bcc82fe6d2126236ad33c48ea5434d376de2214d84a9a2ccec46a0671886fe0aa5e5597 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
| MD5 | eb63aad3cfbfc8e4570b89c9f2f651c7 |
| SHA1 | c4ae7ad4c021508f7721b16e82efd60826b1e96a |
| SHA256 | dd2ae4d6b1cbf32b75433ea22afa1022f8aba05f521447bfd9b186694a022467 |
| SHA512 | df0ee255da8abac46386a70ae562d30d7e898bf7070e9082ded20546cac552ef951b77b5fb8b12f907828c65409f6450258791eaa1e0739c89810cfc3ad07db4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 71a148a7a0c90b7d7b2dd0817893c83d |
| SHA1 | 7736d67ecc4803a1eb3ceb5294359bcd2936980d |
| SHA256 | 12cae4e5b65b7f5e4860020ee65e121c185d73a9417b5b21ebe6d681a589e502 |
| SHA512 | b2183df87566b26b1b5f832c2fb31726c2d59136ec51ed9f12355310472f028b86cdf8951d68db1fab642305297e72de63e35f7eb6c7c9638ceec10b6326e647 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 17df549a28e9215b7e4724f98e3568d9 |
| SHA1 | bc424ecfd92bb5a00c4967b33f88a4b56db08a8b |
| SHA256 | 6e8f9a65f89f6a2fd8a36e6eb96a18bb0c736e9d131c68748e54ebd66a000ca9 |
| SHA512 | f46209b59758f9fb8b147ce18f5aefab0180f1678ba4ece6f6da88c7fc25ae31125380c4459984905a2502a223c3f1d7d9a51591c6c847b48e500ff21697ef41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 820c448793703c41e095e639e87f87a3 |
| SHA1 | 9c6764c72dabf9d07148772737aff751a5102209 |
| SHA256 | 629d376b129f46602d932dfc85f82c614ac03e949666486672a0241848623da5 |
| SHA512 | f12d3e427f21a236387d525258a2dfe607ebfd27be67292d42855ba985a670445be5733de1eccf82f6d3f0bf396d57a53e3c5ff3f37dd3dc961f05459e8249e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0505f6fe5b03521fdbe5ee59b72ea050 |
| SHA1 | 3f59f6190440a66f9ddece9c1801ce78847131ff |
| SHA256 | 6e5c7d4d586968fd19043130e7b44b2bb7aca8a106ebbfa326228bedad0513fd |
| SHA512 | ecfc78d706576a24ed19768c6583b4d7ada25d06ff4bd4ec00d9c761c4eaf9f9731ba3e6148f8dcea650ffd6df908c8b998f01289a8e7b22bb95390c22ed2424 |
C:\ProgramData\ReasonLabs\EPP\Quarantine.dat
| MD5 | b7b4450e1fe94517943ec3d0708a2088 |
| SHA1 | 0c6772a613a8bcb8e49ff4e76c667951d3150918 |
| SHA256 | f4fbc432241490936beefba7a1cfc0981acad9ace5d21491979622914cec1ce9 |
| SHA512 | 51e19add4e308a686fc7a6f36e7b50aedf1ed41160d7e98165eee75dbf6c1ed3fd27f2a8acb04edb7570413404b6db7e99c8f05f0d4343632526a5267159221e |
C:\ProgramData\ReasonLabs\EPP\Quarantine.dat
| MD5 | 9b18001922d4261e51a6fd52f6655cba |
| SHA1 | 045ea24e1d7efd2d5f4b1eb049a05dfc36d2faf6 |
| SHA256 | 127aa0524c94b6e0a63a931ac187b55879196a727b6fe56a96fd00bcb5c3ee68 |
| SHA512 | 9babf19b3ff5b76f4d8299fbd0da1b7b893f57c441eeb0f63de96cd5c05546dce96fa58e85533038b4413da1009f9f3d13bb026349c9327001ff99b69f64d5e4 |
C:\ProgramData\ReasonLabs\EPP\Quarantine.dat
| MD5 | 2a7e15c43d89d597351ddb312ea250fd |
| SHA1 | ae53253f60be60e869998c8e638f1b4613df717f |
| SHA256 | 03c5e4d35fe73029d3c7803f3d0f121adb2944e05f35904e73b2dea4b55a3590 |
| SHA512 | 29baa0bb284b7a111ea0d782c5b2a6ba9c1ad050e19b70df5b883635765ff9e2cc8e8c7889520570ab4cdb50148b225eef7056d17eaa3f2497b03780049bd66d |
C:\ProgramData\ReasonLabs\EPP\Removals.dat
| MD5 | d957e94928db9a65e6896e958a778929 |
| SHA1 | e8e52d75dcbd6aaee56a974c6647b3cd34ac02a4 |
| SHA256 | 14c281f7f130d515e9ef2e176e8d648fcecaccebf8eef9bdad186461819b3503 |
| SHA512 | 626d41021b02865cd2eb1d483193072f0587440e99811b598466c6c968406a98b8ba328ccc5316d367f895d116915ce119c4c07475181944eeee80c57130f6fb |
C:\ProgramData\ReasonLabs\EPP\Quarantine.dat
| MD5 | daa22a2a56b5f18e0949b81b4b7c1d14 |
| SHA1 | 79cb5863b4540adae84f175a69671d5e18b1b9ad |
| SHA256 | 7de5a2ebdd68e1b86dde9be8ed2ab7d85d6c7536be06e7f4b6fc056706b38304 |
| SHA512 | 44c42b61b496365b9b89c193ba4389da5eeb21ab05143f93b44417e0ea7723c08acf5fae15acf65dcca816d1b693c47aaaac2e1e7109e8b6ba84178562964e93 |
C:\ProgramData\ReasonLabs\EPP\Quarantine.dat
| MD5 | 9e7a3611bd883f7ce030b11552bff06a |
| SHA1 | f597fc7ebd78148ae0f24be3555031f8b74bbe54 |
| SHA256 | 4cc65bfe3f16aa6353055d30269c5c1f7839cbdcd602f9b3b113457bdb357592 |
| SHA512 | 08bbc8ba1d87878ad41f9c9436a326f4c7253436f8255760eeb85f83f6d24c20a919ea1eef4dec4845d182f8a76f697f421a30577ceae6d87a4970de40b450cb |
C:\ProgramData\ReasonLabs\EPP\Quarantine.dat
| MD5 | 8eb643ae04667cd04feae08b9736592f |
| SHA1 | e9e6c943abfc5f9f378fbff50372289b90d973e8 |
| SHA256 | 599a45292137817d37da4255388861cb7e9b232496078480b2dfda148cf2abc5 |
| SHA512 | 4cbd6bef23defe0a1f613b386974e97b7028bb36453df706d44c3381f5b84a8929a0d0a2945aa73c69a555f8420c4d778f21eabf138e0aa110266c36cb66e84b |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Network\TransportSecurity
| MD5 | d73c506924f0ac9d2e268a857944d0be |
| SHA1 | 63face99e8a6446e01dc6d595293dd59718c4a6a |
| SHA256 | c1635dae00aa4ec251eecf6db36e4e0af116134e8810563cde6c616d1f2ce5f4 |
| SHA512 | c28d0146e86cb713817289396995b1cbac3626d5674d46186f19073da25e1f2d7909510733049a627a9ebacd3d462462aa21948e6f016d578d91e9db5d80e343 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b52f9183-3cbb-4b7d-9fd2-5f8d82cd2622.tmp
| MD5 | bface57db53fc081fc449e98430c560e |
| SHA1 | 3fac14d3b3a868ee4676da17d32a46985fd27684 |
| SHA256 | 26b49b9d47e7320352b824263f783100dd09ef9defea7fdf6d39826a3e3cda3f |
| SHA512 | f54fac485ecfad2621c2e32361359e1dc6b97d93e8c28b59d1a6696ba766ff6bd3ee9a52feceb54364ddfe01b3bb68f1e93941033d9be1ab4ac7f2c00f9f1bc3 |
C:\ProgramData\ReasonLabs\EPP\Logs\err.1.dat
| MD5 | 3284a2acf474f1c737a704e91df2152e |
| SHA1 | cf823ea473f0ffc03c9122b5a9e60f3881852094 |
| SHA256 | 39a277655b43cae9df79f7a40db96af8f9e8e4f4127e84a853e2595d913a7048 |
| SHA512 | 0893f665e068a260318b1de1aa61cc52b7056a103333355e2cb116c12769ada149793567b14f13883b4669a1619a5c8a833e594c9f63fafd66e6e6d225b05343 |
C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat
| MD5 | 6c954a0c7d0d28beea1cac4c65632253 |
| SHA1 | 008957f6d1f4a65f21713eb84203825f1b82b789 |
| SHA256 | 68cbb1d6ee0dc57072e6d5c29a6f30ef2d2373a8fb6a5f17a1e860886267aad7 |
| SHA512 | 527dda878c68878e9570431d824c2a7bcb3bb56087576488e7a881012b6f5b1d5818779e5c5087aea4e262e57932c5bd9afec198fc7ce9a077a66c659c17cdf3 |
C:\ProgramData\ReasonLabs\EPP\SignaturesYSS.dat
| MD5 | f1ebaaed07561200badff25c9eea5010 |
| SHA1 | ed1a95703b6dc80668307e1efe3b93bf00dc55c6 |
| SHA256 | 70ca8aef3c32361a376e9687f2876cc166dbc5c429b70a1d01801c5a51e0ba78 |
| SHA512 | f8b71d8658ac74a6b1830f1cb74a07636b26055585d178df35a4b76926bafd16d2cbfc3ce96da3f8fd6bfd93daa053d867b9023c0ffebe9955e980ff5d224318 |
C:\ProgramData\ReasonLabs\EPP\SignaturesYS.dat
| MD5 | 8de77a5ac1a0cb41f096b46ce93f86aa |
| SHA1 | 0f247215053bbe9799c18b5e2429d3e1f3f17c36 |
| SHA256 | b8a4ec881932f0387aee3b5fdb50bcef6c28c1952e99e06ca6136cb8bc978a72 |
| SHA512 | 644bc1ce3ac4431dbc1efb67de09ed370d0dba488181ca334077f422c9493b8f1dd5006bb6dcbd02d4712998f6777b15d41e62ca429d2e4ffc3b24376b106fc1 |
C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat
| MD5 | 973a460ffffaa07b9591ce64f3301328 |
| SHA1 | e3427ccb5682afdbe67fa22a77886b2204031af6 |
| SHA256 | a2048698e2d32f61bf51b0b5c83d9bedb4013e2eccda047c6c249e0a82e70150 |
| SHA512 | 2ebb052fb0d18e06f422cd1e5e1d526aea77fb0f95bb2c9724210dc4ba6c79f6f156b2b5e5cc7e4934c072a83b20eed838de4324de3771915e5e0e690672a5cd |
C:\ProgramData\ReasonLabs\EPP\SignaturesYSS.dat.tmp
| MD5 | f371cf8dbadd17e03393aa21f3963401 |
| SHA1 | 8b7a906b5d6ab57a3bf7b32401a286e812327813 |
| SHA256 | 287e1aed9f449999e9852477960f8b67b2b77869463e1baabe63bec75142130a |
| SHA512 | d910f4d48f4f34c0d9a68a89fc846e9c776081975c8d0bb14478c7978d8be43e4e2666f957deca1ea411032d08b9b2bed19849fe284e4a2ef91806c730cc570a |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\GPUCache\data_0
| MD5 | 6635f0fd7f4cd8dc5d4add91cc923f5e |
| SHA1 | a99f5d24b5745e383f9a010cc35464fdb7703d80 |
| SHA256 | f0256e49861be1090e0e51417e7b24b3721d5003761d02621c73d9357a0f01f4 |
| SHA512 | d8b9ca6620d5c4aa80d45aa6d43fa7c827b6c9ce7b8ea3193948ef0e58f9158b99a52e69a3e11ea3ae8fcba5237d5594bd60616dc87b5c83129ea54c3454cd7b |
C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\GPUCache\data_1
| MD5 | aa3a4fe08de9f150e0cbd710bd70c1a4 |
| SHA1 | 1b686f0ae6b032bf3b9db52a546cc6fc004ca304 |
| SHA256 | ffba5791bf65bb15f1231f2d2791ad3e986123c3df6e2597b3586bb8d5f9922b |
| SHA512 | f7863e199fa6376b0122578b7a9056526813acb27271ecabd805b8efb053c887d358e29ffcabb319a1b042c37f3257df31040027f1b3a22ebad544fb2a85d161 |
C:\Users\Admin\AppData\Local\Temp\7zS408408B5\UnifiedStub-installer.exe
| MD5 | c7fe1eb6a82b9ffaaf8dca0d86def7ca |
| SHA1 | 3cd3d6592bbe9c06d51589e483cce814bab095ee |
| SHA256 | 61d225eefb7d7af3519a7e251217a7f803a07a6ddf42c278417c140b15d04b0b |
| SHA512 | 348a48b41c2978e48ddbeb8b46ad63ef7dde805a5998f1730594899792462762a9eee6e4fe474389923d6b995eca6518c58563f9d1765087b7ac05ce2d91c096 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\ArchiveUtilityx64.dll
| MD5 | c70238bd9fb1a0b38f50a30be7623eb7 |
| SHA1 | 17b1452d783ed9fae8ff00f1290498c397810d45 |
| SHA256 | 88fb2446d4eac42a41036354006afadfca5acd38a0811110f7337dc5ec434884 |
| SHA512 | dd77e5c5cf0bf76ba480eb4682c965d0030171a7b7a165a6d1c3ba49895bc13388d17ddbb0fe3ac5d47b3d7d8110942c0d5b40e2fe3df0a022e051696ec4feb6 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\rsDatabase.dll
| MD5 | 72689b177cd84ae5260532f5c7a10ebd |
| SHA1 | 4129fbab0f99f8420f25d772d2d62a26b1fadb3c |
| SHA256 | 062fd8045911eaab4b5f505dade6c0e23e6200c1ac1fdb86ea73e69ab801e037 |
| SHA512 | 8649eb139ae3b695463210ea2e6061c35cd3580c0ad6a5d2d859835255dd6acd334d791bfcc0d00d1b60573960c91c29009f3325eb8b37dacfbb7cef401ec4ee |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\de\Microsoft.Win32.TaskScheduler.resources.dll
| MD5 | f83d720b236576c7d1f9f55d3bb988f9 |
| SHA1 | 105a4993e92646b5dbb50518187abe07ca473276 |
| SHA256 | 6909a1c134d0285fba2422a40ea0e65c1f0ca3c3ef2b94a1166015af2a87780f |
| SHA512 | fd8a464f2bc9d5b6c2efa80348c3a9362f7473d4d632b2addad8c272e8874e7e67c15b99b67e6515906b86d01d57cd42f9f0f1e9251c0af93a9391ccc30e3202 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\da-DK\UnifiedStub.resources.dll
| MD5 | c2819ae6db238f0d9fdd865347819a40 |
| SHA1 | 35f19d2aec295fd7f98ce039da95a0a556517b2b |
| SHA256 | da090057b5388ef09ca5f6e72c729f0330fc3cc0352e2ee704982e979dc4e1f1 |
| SHA512 | fd015ce397d556a669b1d83cfe82400998b7484a1f50d8683af80edc1533784196df9092edb4f6e727c45df8b8430745ded57f154833626cee7c778883074385 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\cs-CZ\UnifiedStub.resources.dll
| MD5 | 999c5174344e3af9ccd1e17299448e76 |
| SHA1 | b66455deb863b0a928d4e55acd886e3c16506de6 |
| SHA256 | 0748a7d73f44acdc027abf5177da04dd69d773299138ea0b25d3dbe4c00ad4a0 |
| SHA512 | e4f0c9c443070bbe348ba142ffb28631d4b86ca9d4dc1aa18e0711650cf063f590e2383a54c693eca4cba57eec946bb5dfd2ffea45820682d2c49dbc3acff612 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\System.ValueTuple.dll
| MD5 | f34410b23b973ce915c40345c96dd82d |
| SHA1 | 57b1d2dd6600cbcc64062549a925a4548cf9a47c |
| SHA256 | e461cd2f7700fd28a3869d7c65f805058e0c30d44d9bcaf390adf1896548b0d3 |
| SHA512 | cae7d1cdfc68ce705d6292be1a60c074f1e5b56e58d1558c958fc1022465626669d38cde891152247c8877985c63a4806a4f0f82664e40f3ae173bf2b1280702 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\System.Data.SQLite.dll
| MD5 | ffbb71041c9a01da9ea90bdd4c0096a2 |
| SHA1 | d4e9e5b70b356489f1c6eefccd58b343f9d79e44 |
| SHA256 | 178570575291b95c767ba304d71c5310a94e93b6c1f673b9179d41a75a48d0e8 |
| SHA512 | ae7926c6ce85464b66fd73c1fe046f51dee1739dd7476c8fbac39d8479e7f8cb891c216ddbb160e5cecf828efdeb2bf1c10a630ba57adcf302aa7a2d83cc9728 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\rsTime.dll
| MD5 | 167b304c9c615be2852ac0bef86e6f15 |
| SHA1 | 7c38a8af0de07b41d5e5af771274b0d46b87b0e0 |
| SHA256 | 6d5ea04f978e429c5cf0065a213bf28d8af36540493c6564218ea51b0d5b961d |
| SHA512 | 557cf71b939d5f388e17b432db5d2a15ede76e6abcf0476b985bba0de4fc22cb130a1a240fe92f41de03b60e7edbc9445be2461079e28ebe985ff523b32eb456 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\rsLogger.dll
| MD5 | f55948a2538a1ab3f6edfeefba1a68ad |
| SHA1 | a0f4827983f1bf05da9825007b922c9f4d0b2920 |
| SHA256 | de487eda80e7f3bce9cd553bc2a766985e169c3a2cae9e31730644b8a2a4ad26 |
| SHA512 | e9b52a9f90baecb922c23df9c6925b231827b8a953479e13f098d5e2c0dabd67263eeeced9a304a80b597010b863055f16196e0923922fef2a63eb000cff04c9 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\rsJSON.dll
| MD5 | 927934736c03a05209cb3dcc575daf6a |
| SHA1 | a95562897311122bb451791d6e4749bf49d8275f |
| SHA256 | 589c228e22dab9b848a9bd91292394e3bef327d16b4c8fdd1cc37133eb7d2da7 |
| SHA512 | 12d4a116aee39eb53a6be1078d4f56f0ebd9d88b8777c7bd5c0a549ab5cff1db7f963914552ef0a68ff1096b1e1dc0f378f2d7e03ff97d2850ca6b766c4d6683 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\rsAtom.dll
| MD5 | f5cf4f3e8deddc2bf3967b6bff3e4499 |
| SHA1 | 0b236042602a645c5068f44f8fcbcc000c673bfe |
| SHA256 | 9d31024a76dcad5e2b39810dff530450ee5a1b3ecbc08c72523e6e7ea7365a0b |
| SHA512 | 48905a9ff4a2ec31a605030485925a8048e7b79ad3319391bc248f8f022813801d82eb2ff9900ebcb82812f16d89fdff767efa3d087303df07c6c66d2dcb2473 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Microsoft.Win32.TaskScheduler.dll
| MD5 | 87d7fb0770406bc9b4dc292fa9e1e116 |
| SHA1 | 6c2d9d5e290df29cf4d95a4564da541489a92511 |
| SHA256 | aaeb1eacbdaeb5425fd4b5c28ce2fd3714f065756664fa9f812afdc367fbbb46 |
| SHA512 | 25f7c875899c1f0b67f1ecee82fe436b54c9a615f3e26a6bec6233eb37f27ca09ae5ce7cf3df9c3902207e1d5ddd394be21a7b20608adb0f730128be978bec9b |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\hu-HU\UnifiedStub.resources.dll
| MD5 | adf094f101ca6b84bb7e2296eabcb05d |
| SHA1 | 1c6f38fcf1e072865118803df5c7f356456d23eb |
| SHA256 | 85241cd496e646db4eb9df9c8808cbd1384964f61b7cb4fedb1b812fc913e9f0 |
| SHA512 | 89249c151395ab1d2e698221553634d1fb39b48a667a46139b4cce5b890b6b1c66f646d0229a31699949f07336042c9a5604a10c0b51246091825cc01700d5e9 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\uninstall-vpn.exe
| MD5 | 410d4e81be560d860339e12ac63acb68 |
| SHA1 | 06a9f74874c76eba0110cdd720dd1e66aa9c271a |
| SHA256 | e4a8d1e07f851be8070dd9b74255e9dd8b49262c338bfb6ef1537edd8f088498 |
| SHA512 | 4bbffeef276ce9b8fdd6d767ba00066309eee0f65e49cea999d48d1e8688c73d7011ed1301a668c69814457caad3981167a1e3fe2021329dd8fc05659103fb3a |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\uninstall-dns.exe
| MD5 | 772e66bf2ed9ca8f60c413576b9bfba0 |
| SHA1 | 91a274e4b66966eb5d036835f8c99ffcd3e74f35 |
| SHA256 | c3a505a0bf9bb525dcfe981a5cb60d3b4dc4163f1a1179aa55ddb66e569cf2cb |
| SHA512 | d3c5742fa5f0e663df7809288b3159465323b9f8942ea684caa1b98c912245c151e9f1c909129ab3eafd5f6282b2b4c0bb983e929e945aa92eb6bc506cd19787 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\zh-TW\UnifiedStub.resources.dll
| MD5 | 142024abf19a89ed6df37c56ce927361 |
| SHA1 | b818199bb5d275f7e583d9e20f99cf7a393ed226 |
| SHA256 | 9678e0d14bac32c77baae8a4b697051e3ade12b91278d7b01fda00ed471167e4 |
| SHA512 | 0ff2f4570f35df7b44901e982d3d15fa1da6d8d41eb6d98b8eccb920a8345acb5a2e89d400f6ac1dd0df3dd0f70cd1fd4ad38dd4b613f7e72d07d49f7e045c33 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\zh-Hant\Microsoft.Win32.TaskScheduler.resources.dll
| MD5 | 833f269ba6f0c34f49273da7fbd7dce7 |
| SHA1 | d0253d322dcdf7f54e37c7e8911a8b77670d2967 |
| SHA256 | f8c769a357e6cd27452835e5288fe515fb50bfeec83ef3969975171174b467e5 |
| SHA512 | 4fa315e23d985affb46f6536cdf2ddc1b882f47098ee2d5a4b954ddeeb8904d1c83182b1598e4948a59728339945307b699a147ecd813c0f91986d95bdc57184 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\zh-CN\UnifiedStub.resources.dll
| MD5 | 93dde9de1910ec7c10caf6a2a950e6e6 |
| SHA1 | d9e977b3153676c2422374ad1d314046e1318806 |
| SHA256 | 597fc5d537f33a564cdb2d467d2f588ca25954d6e758316d4911ca97c2a1a7ca |
| SHA512 | 300b6b873cf5c5487ad813d27823b4e899da49342db6f83fc0d23919a629aaaec53334dad63beebad4d92372a76636f8069cf054d08c755a4c7ce76aa07c65d2 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll
| MD5 | 3cefec17baac089c54c8102a4cfd160c |
| SHA1 | a54cd9bd4181a591937a99be88beb006279837de |
| SHA256 | aafbe48966dbc5372a308ab9501245ce261d2715f336ad1908c799d354c981a2 |
| SHA512 | 2d45193662c7ce2854ce2d3ee53ae199e094d09bc76d8d8a8e36b24ea60400a5f064ca16ce0078fe6cbdf4117c22565c04e47b99cd99868254c915db6d18700f |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\vi-VN\UnifiedStub.resources.dll
| MD5 | e224e6925c4274296ba7bec71ff953a4 |
| SHA1 | 1bf409839d76edb70b88426ac2c17106105ea3c9 |
| SHA256 | 8cc2eae4d338cc29846144136702f717e1379468a07919975fe6eeeb9007c558 |
| SHA512 | dafabb12f383bd99cf0d1f1bd949cee2f922c6cb03ffa51cd5583e45b2ff6b79c7b88b26ccd5e8dc0873388b7c61de39de968fc8e4a3e8b63c3b3d94711ac309 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\tr-TR\UnifiedStub.resources.dll
| MD5 | 0082f8e3c82e3bec8fa2ec9b8f62030a |
| SHA1 | bd9790d90d940da82015b1a003ddde0e6a814388 |
| SHA256 | 8094ad142ab016533528eccceb49182d1af3bf0bfd34ddd940f3714d7d17a145 |
| SHA512 | 5b737d66475dc957e53a2f88ceaba78db7d76be7b5184b75d8516c5a97161131ddcd3130200ba0df2c000f46658ec01a5cb2ed60a876266db4bac95986bd763b |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\th-TH\UnifiedStub.resources.dll
| MD5 | 912ef860f4acb26afa205a91956990d3 |
| SHA1 | 8db790876785fe61d10f4e8e4d32722b5ad35679 |
| SHA256 | e49f80929f50c19e430352b21851f8359d7061b3ef4cdc9264bcc1be3620b987 |
| SHA512 | 0e89322265a7b8827302dd91dff85e82df7ed87fc8c1f04f2b13c23ffd8471a01cd52a172c008d0aa40288322c2f1ef2913a7039539ef5c9d9ed06f90b8d57cc |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\sv-SE\UnifiedStub.resources.dll
| MD5 | f26f586f37f77c4040a1110cd09c1a04 |
| SHA1 | 9511a7124b27ab89bdcb25f4d373cc08c25e06bc |
| SHA256 | 0c709cc4e21d236600dcb400713d93940bb96bfcc3be184abc27eaa25c50853c |
| SHA512 | f48821c805e4359cd6fe1571050248dbb6496040528eccc313c1acc67088b91e391c412023c37e2b2f1bffb2704ec6d25982819ff6487298e4e17ebb1f43e18b |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\sl-SI\UnifiedStub.resources.dll
| MD5 | e3d94c18654b6e3a630a7932298e989d |
| SHA1 | a46151d16a43728fc905578b04c97a6034beec48 |
| SHA256 | 4a6897e25bea93bc47a166ae7c02cb2858c6399a9360f12e6ee56c4fe110b537 |
| SHA512 | dfcf6207f5d1ee1ca490ece1cefcc0b4c073a74d9e7ac0c1e865181173328421115bab4530af995df2b04893c801d5f8d58b9867905fc1f59a6416e4cbfd5710 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\sl\UnifiedStub.resources.dll
| MD5 | b84137a373b458bfdb8e37bf68dbc93b |
| SHA1 | c66fec010eda81a93608892749f6ca44e01828e9 |
| SHA256 | cc83edebf62a1c0f0698c97180ab13d96301c531c7270d4bde4c43fa96129728 |
| SHA512 | 5cefd56822a084b7ac139a306640474ff82b106ca8088991ff58432867a405ce5091d11f465ebea4ea1f30d102854ffa79424b0430e5bda88fa9494fd8d23e00 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\sk-SK\UnifiedStub.resources.dll
| MD5 | ef403938f8fdbfb9638f378774f93d97 |
| SHA1 | 020aad53feb53dd763ca422ce47bc75f0a06f426 |
| SHA256 | eda401dc462fab09262874a61915d30f7721fa7f3ffca7242461d978c54e76ba |
| SHA512 | b40a0f1cc1c0c9a99fafb1f96bf44da543364dab15a1ba4f564b9d3014c3031881e67700240bbd5df280439901ee36a9345a32ec83daed80203c115712820db6 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\ru-RU\UnifiedStub.resources.dll
| MD5 | 566a9e0ceea6c3cbf82b05c4f8470c27 |
| SHA1 | c24f42ae5fc9a326b6526557501ea98150409f85 |
| SHA256 | cfb04dd1a62a3c5fe6d9ae898df507b7567abeee7c871fa9aad1a0d2475968ad |
| SHA512 | aba8482414b1d98313d37c58c4d19d7d197a440601175c9e3f1aec5d7a86c53a43a289f843a3eff85c0fee043334a25e9d215a54fd4ca3dff6e8a786e6fe85c3 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\ru\Microsoft.Win32.TaskScheduler.resources.dll
| MD5 | dade13e423762bdae745d57ca3dc86ef |
| SHA1 | 7b4122cbef771c5548a7cb5641b6db6743c8c3f6 |
| SHA256 | 1a1d5fdac027144bcaa0e8110f4de717e80944420c59708b3dd8e2bd31bc7ed4 |
| SHA512 | 77f5050ba87e8abeb92298d16897d6cec087ffb7b4c38442c854a0993b398de529c15b5674adaacfb3e39ce05165f05a38337b2dbd41e8a7d806751542f6e8d3 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\ro-RO\UnifiedStub.resources.dll
| MD5 | 5f6e31693aff46fbdbca6aabc5ed7e40 |
| SHA1 | d1460a56fd08c8ee10d6e4e470b72bb53d3955a8 |
| SHA256 | 31aa8f7d10891db8188a5fb8999ee0cb8564253d8c91a39ec432764011bf42c8 |
| SHA512 | cdbd5c9c488bf31c0c8f772819d41e36546f8caa7e0ab75281daf59c401a60629df00f1d6c85fb396a6fc1610ad5c24f17d2436397688e348fb55c312428e7b8 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\pt-PT\UnifiedStub.resources.dll
| MD5 | 2955126ec370bb65ee76e53dcf1fbcdc |
| SHA1 | cffcc8d9d2414863fd45da41f03030878a7f8769 |
| SHA256 | a5fe29467cfe179efa29c1a4c1dc39247517150e734acb20ab29c3ff817ccd3b |
| SHA512 | 56f6164d09baca5d86844d126bf557410f15b442d43dd072a102f78bc02192f2ed734012bb1127dd09c0821115decb6e6b3e0bb637423febe7069ba8bf275617 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\pt-BR\UnifiedStub.resources.dll
| MD5 | 81f5b0997e189fec285acd3443fd109b |
| SHA1 | 0306ec1169e196997bf196ec985105ef1464a2c9 |
| SHA256 | 0f4397ad0fa9627df4b50baeb213edb790aaedfc1862708b8d4d401620c6d47f |
| SHA512 | 156f7082e24fb87765f83859834da4027ab473821b7e39c92e206d0f1df827ea17f243a913c5ffc890ecb7506ba4a7e28986272a988a38d05619c7034b329adb |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\pt\UnifiedStub.resources.dll
| MD5 | abe4a7998f99c8bdd303be6ab09dc20a |
| SHA1 | 577a7fdc5dbbf1bc231c8665603f48c15e674edd |
| SHA256 | dc166ea7286c26be2ccf0a44677f228b660bfb6d9dd4c78fe0409b08327536df |
| SHA512 | b28ab5f36736aedcce65099734813e3260d95908ef457f67aab96089ec3d50e2fa0562ec1454e4e1320433b50847001909e28f27ae87c3a7cbe66abc24a5fd75 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\pl-PL\UnifiedStub.resources.dll
| MD5 | 046d8a330f45efde3eb3f83f446663de |
| SHA1 | dac7e590c64a39332fd6527cdd21b194257234d6 |
| SHA256 | 1332f9d4f4189c94e25b7755d8bdb779c4c016229b93c10d8cfa978b1b41a6b4 |
| SHA512 | bcf70c1b1751d5dbff1a6a97c07b04749603db246ec40b3658f1e673be4c80d1ffaae1e3a8a70a1c949494b12531237fef1ebb647ef7b2df1c617f458a56caa6 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\pl\Microsoft.Win32.TaskScheduler.resources.dll
| MD5 | b60817a69e314b22f746917c826da53e |
| SHA1 | 7d2785a6d1a53a0717c986b959af67de6f9300e4 |
| SHA256 | 6e58d86c42b61226dd7af35d7c9432ce6f0982d1d0d5a2f4120e8abc5c787a02 |
| SHA512 | 9a8f029329ce105b3f72fee623e3ab8c88e1af45f86fab61f81be418b2d70f83e4c0466010d312240a01e1ef8f9b9926ebf43e25bdc3c364c2d28ab9b0e5f6fc |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\nl-NL\UnifiedStub.resources.dll
| MD5 | 3f2522d425b3cc674925c117f5eb7984 |
| SHA1 | e43d21ebd065bb42c0d66fd09e741f3fe75d04a4 |
| SHA256 | 0f2d18d4ea34e514bc0865ee2c4db488e44ab96a6f60d8666fa1cbaa50f83ba0 |
| SHA512 | dbf57878a763147e2312badc78b3fe3a35d9f06f03681b071c5d3dfd84eefccf8877693d591c63a8d92628b1cdd59a8c30489d2094e9f59bffdfa9920721fa2a |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\nb-NO\UnifiedStub.resources.dll
| MD5 | 58afb3ae460111832f87628a55578cd1 |
| SHA1 | 9e43ce2918e003b67b80c7a2abd314d8c489bc35 |
| SHA256 | 0eac601a33c74e373eea3b72c6826e9512154852d9eda174f5959eb8551dedc4 |
| SHA512 | 9f95fa0eb3ae3e2400a1a399d2821f6bc40d065c1e182304db67b55e03d934a54153524d67d73fb5302781a988a7a87eaa23040c44c598298e078239c3ea938b |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\ko-KR\UnifiedStub.resources.dll
| MD5 | 6935598916af67879ea1bfb9e1d1fc50 |
| SHA1 | 54ee67cb95c349f5286cf5e9b2e5c0b7e01e1875 |
| SHA256 | c4e8dbd22a2bc4db1844b75e600dfb8810ec1bd79ae9244e9bf95d6cd07ba593 |
| SHA512 | cfbf6c99640064c04d57e7f01f44ec378dbebb42193b375080b2bd6e413111b1ad5d3cda30e40a7cd2c0d5e0668372ade5a9b71de825dc0f337d9d9c2cd732c0 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\ja-JP\UnifiedStub.resources.dll
| MD5 | e77665402f7750bfa2b38018e5ca72da |
| SHA1 | f3974f0f8f7e2fb60b41b77f08d226fc8787c324 |
| SHA256 | bc57c5f54a2cfd2212504e19d84c2e5facf29d940b8631538ce82207244c8bb6 |
| SHA512 | 59682d579a6458902e7208cae06492081a8233c2d2a383d65c2ef5a40d4dc36211d14005b684587aff08e8b32dd83fd81c3c454441dd905f94ae967a65b08844 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\it-IT\UnifiedStub.resources.dll
| MD5 | 9d5cebb0c561e0da0bce75e527465bc9 |
| SHA1 | 2851d4995d9e9a37a0c1404c8e215b204871204e |
| SHA256 | 35bd747676e8512899d56a80276ca1835e6fcb17b309f80e709860363dfaa52f |
| SHA512 | 0a276428145e9b42e88757d8d1ba5c20a54ad7e1a287f9a9bfacceb319901822d17c0d28dd96895b752a14867b19e2907e49e5968b77a8114a1d41c2f431bb0a |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\it\Microsoft.Win32.TaskScheduler.resources.dll
| MD5 | 1c331da4bce2809e16913c02e385576e |
| SHA1 | cf8e71e030347749596a53d1b13b9e9583ec0527 |
| SHA256 | 1d0493e38d8b3fcc7efa4916fea1eea69ee6449bf435e1869c1bc3f54d4090c5 |
| SHA512 | 2871119690f3df0f244384a3f5f65ffe7cf17f1f00f6b530512aedeb8397c9e357079e8fba76d2a5bf6be4e2b18e4ac1ac104ea2d29f8f40cef6f30a905ecf83 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\id-ID\UnifiedStub.resources.dll
| MD5 | 6863eb1b4658ac9d04729cce4e70480a |
| SHA1 | e0731b472f8d535aff29be240659d601baecfb3c |
| SHA256 | 80e43d515959f4f7ee8138c74fb5bcf1f3dd7bcb19666760812c5bc46af94b98 |
| SHA512 | d84ec0bfc778ab0d3f066129eb2bba4e13a60c1e7b66994f1087790ac9da635da0c7f506fe92c6e46a76756686566aeb83eb81899c5fbfe23503632b5b076673 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\hr-HR\UnifiedStub.resources.dll
| MD5 | 4d275ef7ce5f02c9c92f2d10a90b78cd |
| SHA1 | 319785221773ddbaffbbe29a9b04daf37c517bd5 |
| SHA256 | a3b7d4a8462021f7dd05dd15273fb41eebeaa566be106cd71c9b8a28a03dfd8b |
| SHA512 | 45800341e338301ff27f6d6f1eea52e12941883b3ffa45ca96dd76ffb9bccb5af8138c724ed078846f9ad5370ff2b5c1d9c5f584b5d121115c4257f6889c34d1 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\hi-IN\UnifiedStub.resources.dll
| MD5 | a9854641a26f4c67f43c62808ae321ae |
| SHA1 | a89d6b3abed21270b6311161d4118aa26d82a69f |
| SHA256 | b91aae7b8d476828108fcf99e4348ec533a7fcd2654f630b3b6255fef2b32da8 |
| SHA512 | e8291b1be4f00cb41857cb5ca83d617369e9af1aa58829a85d6a696c78e5cfa1b0b0cc5cb1041961a05b85c512ce7e2f15978dc62032eca6899b9664472c0881 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\fr-FR\UnifiedStub.resources.dll
| MD5 | 49308946adc1c1565024eab211d2a703 |
| SHA1 | f0004dc3e436fee811a79618d6029db0497d4a42 |
| SHA256 | 82c2f6f6a3f4870f8486efb70bebc6ba085838a051bd465ac2c638079c14b891 |
| SHA512 | 7a17afb06ab0d036c0d80d3326695f17e52c8365c4b7f86fa668f090ca5a4416b4881c2110d075c22f650cde6b8d04135669b886aebeb030da9aba74b796cfcf |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\fr\Microsoft.Win32.TaskScheduler.resources.dll
| MD5 | 3b4621370addcf4306669c9e7e45c865 |
| SHA1 | ea1ab3c499e946e152c1fc4a63fa99e1f9be94b4 |
| SHA256 | e3ee50e08124a7603be7d996dcf596eb0d3f9c603768e86e003f7b942d7097f3 |
| SHA512 | 586755f32d16afd937bfc1fe3c52210ab815d5d4c904de101150fa052a94babfcbdc465669ff8c2537b782474658d7912037ddb76d8c9a8fd34715d1fe7b2857 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\fil-PH\UnifiedStub.resources.dll
| MD5 | 119609e491507bf1ac03571959dfb46f |
| SHA1 | 5bfa87b946f8ea2559dd3039edaab1f710eb7c67 |
| SHA256 | 68b32c96f048be6fdf16050a5d5c073e2f9c5b76a4305cfd0e0a7ac9a45e6726 |
| SHA512 | 3daf79b9c30bc7a64fa388b35c750951874ed114697ad9a9f4e8ab733bacc71770983a007c837989526f1f45a2d60d87a58e395e27864fd16bb545110519937f |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\fi-FI\UnifiedStub.resources.dll
| MD5 | 2d4061061af403d74af69eec9dfe6ba3 |
| SHA1 | ed9f6f00a4f2ada56485294e6be527bb155edf9e |
| SHA256 | 3f3d9dd8a18721304cb4bbe992ba0f4f5429a848b1b07fca1919223dee35161c |
| SHA512 | 2ce44fa04fef89295ab0729c2a6eaa03818d77f14e700700cd6c54ba25ed3f07793f575cb88c9332ad65d46e8124d81453035d4c097034529fad43db3afd1f93 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\es-ES\UnifiedStub.resources.dll
| MD5 | 648ad011c505a34a9a756209ff749753 |
| SHA1 | 4325fbb69e9be4b38de9bfc81f91cc851fb16145 |
| SHA256 | 0ca79ae16990c66ce642475ae2c48edd9c7d93d1ca361a84ff67b046e3db1272 |
| SHA512 | 980c68cb78807190911ced7f013faab3036c39ba1cb45eb41aee9010c048e2f149303e881d7ae6c8a7494d51e5760a6ed0039b0e13502e28ee4b76cbefa2c52a |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\es\Microsoft.Win32.TaskScheduler.resources.dll
| MD5 | 15db634b70d6d9d6cd41baae3f02eb14 |
| SHA1 | 1456ffe09df896271a746f9cb40a230f188ad397 |
| SHA256 | e893c6907da8d68c03b1a10e68b554ad5a8c0533f15912106f32e925f2beabf0 |
| SHA512 | 1230e5368d4dab9776d57056993669327e95fe72e262efa541ed5d43abc1bcd3618db13b6bd6b3a27da053c103e3fb647eae759ccaeb443f7d9ffd1ecaa1122b |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\el-GR\UnifiedStub.resources.dll
| MD5 | 765162c01b6a1d4b1ef68832658f4eda |
| SHA1 | 0054503a01721f374796199f2202f308baf0b280 |
| SHA256 | 0ef2b0e94d98919186598312218a6bdf5e5c58d7bba15e85c08cc64454081970 |
| SHA512 | 6cee1ee72e0af4246ef6df458cf68ea66c3987f915fba642610c00d1c7cf3f23596471b9176adaefdf61e7891462665588056df0a51835130965b148246237c1 |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\Translations\de-DE\UnifiedStub.resources.dll
| MD5 | 63db7f10882d9a963496a27ce65a6f35 |
| SHA1 | ded19c471c9139479f25fb5b5b42c48163491763 |
| SHA256 | 50a5af3023a6be366350730d9962da94daca926cfb5f9c5c3ef04c5ab5a06103 |
| SHA512 | 04e7a081cc7814c93e10a7d21768f864026b2df6fb58d3d67cdbe8d643b7497b6fbfc2064a75f8ca8c6147e12a04a9ce2e9e492ce7906ee0eda6e71a2690d51f |
C:\Users\Admin\AppData\Local\Temp\7zSC87676C5\1157a691-1550-4648-8b83-4d3c1908228d\UnifiedStub-installer.exe\assembly\tmp\2XQIX6T4\__AssemblyInfo__.ini
| MD5 | a48b5d6bc4c6eba7838da11c463e8e3a |
| SHA1 | bdb1b53a14f9ce9c09e49ea1b638d4b9070794ae |
| SHA256 | ed431df41a2aa0cde91f675ba4a50702ab0376c11c0900574149e915eeb50efe |
| SHA512 | 408225764b2c870c3d065f5994b8ec78ec0e4846bcac530b344d9b6cc5d50394bc6b397bc7982d1baea29086e047409b63e262a6422b3c5d3cd190901874beb7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | aa4e2793cbfebefa56decfac33c0fe38 |
| SHA1 | be3b9b4eaa618695a8b84d30922599b68b3704f3 |
| SHA256 | 95ee19af6de7660f3046a3cba8627136bcba6f979627d9616096626c11cd2ae1 |
| SHA512 | c302d0dd1fef5812c18aae810ce1e3b66c7ba9d0c2bdd6f55dc46bae61110af36b181cc7fcc1a6f044ef3b7682405fcd6bc09786c6142e1246bcf516775d7e75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 59881586a42632673644e729afc3e578 |
| SHA1 | 66946f2443ef501391dd647a63fd00d495b4fa90 |
| SHA256 | 2e0e98a69d75fd8f46f45884378de406412138f72c6ccdba7129f608d8692d4f |
| SHA512 | 3eec57f1d5abae9e5d9e3c72a489d9a587e97bd43e7a24d453b86722ad098df7deb18d59bdbe1fa84eed88016606175541aacaabb842d3cef1d886fdbaf4b4b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9daa227c1b579335ca9e88292c25775b |
| SHA1 | 63af8803ffad7c6c6b37e544b8eb219d804b593d |
| SHA256 | 977f631ddf1d2baa6e94d87e39bf3e65d23d8b925a3e85c7cf40ec2e8850db1a |
| SHA512 | f0a92750670bc25cb8175a17b38be449b9f5eed698557381318cbd2dd6cade45687af9a8c2635cce057e4c89435fac32389ca4d6774f1c73edeb686c9fe980fc |