Malware Analysis Report

2024-09-11 05:38

Sample ID 240702-zbapwasbnk
Target AnyDesk (1).exe
SHA256 1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499
Tags
cobaltstrike backdoor discovery evasion execution exploit persistence privilege_escalation spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499

Threat Level: Known bad

The file AnyDesk (1).exe was found to be: Known bad.

Malicious Activity Summary

cobaltstrike backdoor discovery evasion execution exploit persistence privilege_escalation spyware stealer trojan

Cobalt Strike reflective loader

Cobaltstrike

Manipulates Digital Signatures

Possible privilege escalation attempt

Creates new service(s)

Drops file in Drivers directory

Checks BIOS information in registry

Reads user/profile data of web browsers

Modifies file permissions

Modifies powershell logging option

Downloads MZ/PE file

Drops Chrome extension

Checks whether UAC is enabled

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

AutoIT Executable

Event Triggered Execution: Component Object Model Hijacking

Drops file in Windows directory

Checks system information in the registry

Loads dropped DLL

Launches sc.exe

Checks installed software on the system

Executes dropped EXE

Drops file in Program Files directory

Enumerates physical storage devices

Program crash

Checks SCSI registry key(s)

Suspicious behavior: GetForegroundWindowSpam

Modifies system certificate store

Suspicious behavior: LoadsDriver

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SendNotifyMessage

NTFS ADS

Modifies Internet Explorer settings

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Checks processor information in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Uses Task Scheduler COM API

Kills process with taskkill

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Runs net.exe

Modifies data under HKEY_USERS

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
System Services
T1569
Service Execution
T1569.002
Persistence
TA0003
Create or Modify System Process
T1543
Windows Service
T1543.003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Event Triggered Execution
T1546
Component Object Model Hijacking
T1546.015
Privilege Escalation
TA0004
Create or Modify System Process
T1543
Windows Service
T1543.003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Event Triggered Execution
T1546
Component Object Model Hijacking
T1546.015
Defense Evasion
TA0005
Subvert Trust Controls
T1553
SIP and Trust Provider Hijacking
T1553.003
Install Root Certificate
T1553.004
File and Directory Permissions Modification
T1222
Modify Registry
T1112
Credential Access
TA0006
Unsecured Credentials
T1552
Credentials In Files
T1552.001
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Peripheral Device Discovery
T1120
Lateral Movement
TA0008
Collection
TA0009
Data from Local System
T1005
Exfiltration
TA0010
Command and Control
TA0011
Web Service
T1102
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-07-02 20:32

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-02 20:32

Reported

2024-07-02 21:18

Platform

win11-20240508-en

Max time kernel

2700s

Max time network

2679s

Command Line

"C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe"

Signatures

Cobalt Strike reflective loader

Description Indicator Process Target
N/A N/A N/A N/A

Cobaltstrike

trojan backdoor cobaltstrike

Creates new service(s)

persistence execution

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\drivers\rsCamFilter020502.sys C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\UnifiedStub-installer.exe N/A
File created C:\Windows\system32\drivers\rsKernelEngine.sys C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\UnifiedStub-installer.exe N/A
File created C:\Windows\system32\drivers\rsElam.sys C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\UnifiedStub-installer.exe N/A
File opened for modification C:\Windows\system32\drivers\rsElam.sys C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\UnifiedStub-installer.exe N/A

Manipulates Digital Signatures

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.4\Dll = "cryptdlg.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2009\FuncName = "WVTAsn1SpcLinkDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2002\FuncName = "WVTAsn1SpcFinancialCriteriaInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.12\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.11\FuncName = "WVTAsn1SpcStatementTypeDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.2\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "WintrustCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "DriverInitializePolicy" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.2\FuncName = "WVTAsn1CatMemberInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.12\FuncName = "WVTAsn1SpcSpOpusInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.20\FuncName = "WVTAsn1SpcLinkEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.27\FuncName = "WVTAsn1SpcFinancialCriteriaInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.2\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.26\FuncName = "WVTAsn1SpcMinimalCriteriaInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2005\FuncName = "WVTAsn1SpcLinkEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubCheckCert" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2001\FuncName = "WVTAsn1SpcMinimalCriteriaInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.27\FuncName = "WVTAsn1SpcFinancialCriteriaInfoDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$Function = "CertTrustCertPolicy" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2008\FuncName = "WVTAsn1SpcLinkEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2003\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPRemoveSignedDataMsg" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2221\FuncName = "WVTAsn1CatNameValueEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubCheckCert" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubAuthenticode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "DriverFinalPolicy" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.3\FuncName = "WVTAsn1CatMemberInfo2Decode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.20\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.12.2.1\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.3\FuncName = "WVTAsn1SealingSignatureAttributeDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2008\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "WintrustCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.15\FuncName = "WVTAsn1SpcPeImageDataEncode" C:\Windows\SysWOW64\regsvr32.exe N/A

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\Software\Microsoft\Windows\CurrentVersion\Run\TaskbarXI = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_TaskbarXI_1.0.3.0.zip\\TaskbarXI.exe\" -expandspeed 600 -shrinkspeed 600" C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" C:\Windows\system32\rundll32.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A

Downloads MZ/PE file

Drops Chrome extension

Description Indicator Process Target
File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\llbcnfanfmjhpedaedhbcnpgeepdnnok\6.0.0_0\manifest.json C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\8.1.0.5236_0\manifest.json C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened (read-only) \??\F: C:\Windows\SysWOW64\takeown.exe N/A
File opened (read-only) \??\F: C:\Windows\SysWOW64\takeown.exe N/A
File opened (read-only) \??\F: C:\Windows\SysWOW64\takeown.exe N/A
File opened (read-only) \??\F: C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Modifies powershell logging option

evasion

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0E663C78920A8217B4CBE3D45E3E6236_FAC429BFCC14A89D4D351DF26B2C8FD0 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_66F532634EB780F86B16CC279B9366A2 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77003E887FC21E505B9E28CBA30E18ED_8ACE642DC0A43382FABA7AE806561A50 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_96B11076AA4494A4A6143129F61AEC8B C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1401C7EC8E96BC79CBFD92F9DF762D_E35D496D1CD0B884BEBCAFED0FE61600 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\206932163209AD483A44477E28192474 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\206932163209AD483A44477E28192474 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_66F532634EB780F86B16CC279B9366A2 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DA3B6E45325D5FFF28CF6BAD6065C907_FBEAFB4EE7383EC8E0A3A2C1EC7FCEAC C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\117308CCCD9C93758827D7CC85BB135E C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rsWSC.exe.log C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0E663C78920A8217B4CBE3D45E3E6236_FAC429BFCC14A89D4D351DF26B2C8FD0 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_96B11076AA4494A4A6143129F61AEC8B C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1401C7EC8E96BC79CBFD92F9DF762D_E35D496D1CD0B884BEBCAFED0FE61600 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\86844F70250DD8EF225D6B4178798C21_1FB605FD2412C4F94AD934D8134A28AC C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0E447C3E79584EC91182C66BBD2DB7 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\229169D96B9C20761B929D428962A0A2_E724097EF7BBA8B1CB3228AA4D2ED312 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\229169D96B9C20761B929D428962A0A2_E724097EF7BBA8B1CB3228AA4D2ED312 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0E447C3E79584EC91182C66BBD2DB7 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_466BAFE78D4077069B6C3828315C7C8D C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\86844F70250DD8EF225D6B4178798C21_1FB605FD2412C4F94AD934D8134A28AC C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DA3B6E45325D5FFF28CF6BAD6065C907_FBEAFB4EE7383EC8E0A3A2C1EC7FCEAC C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77003E887FC21E505B9E28CBA30E18ED_8ACE642DC0A43382FABA7AE806561A50 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_466BAFE78D4077069B6C3828315C7C8D C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\ext_install_handler.luc C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-es-MX.js C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File created C:\Program Files\ldplayer9box\crashreport.dll F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-sr-Latn-CS.js C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-de-DE.js C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast-bing.html C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\about-icon.png C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File created C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\transport_mosaic_api_v2.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\sk.pak C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\UnifiedStub-installer.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-file-l1-2-0.dll F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\Temp2393047171\jslang\wa-res-install-ja-JP.js C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\McAfee\Temp2393047171\jslang\wa-res-shared-de-DE.js C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\Microsoft.Diagnostics.FastSerialization.dll C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\System.Reflection.Extensions.dll C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\UnifiedStub-installer.exe N/A
File created C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-it-IT.js C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-tr-TR.js C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\eventmanager.dll C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\System.Collections.Specialized.dll C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\UnifiedStub-installer.exe N/A
File created C:\Program Files\ldplayer9box\comregister.cmd F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-sstoast.js C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-pl-PL.js C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-de-DE.js C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l1-2-0.dll F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\Temp2393047171\resource.dll C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-nl-NL.js C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File opened for modification C:\Program Files\McAfee\Webadvisor\Analytics\emitter.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\ldplayer9box\api-ms-win-core-synch-l1-1-0.dll F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\Webadvisor\Analytics\Scripts\logging.js C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
File created C:\Program Files\McAfee\Temp2393047171\jslang\eula-en-US.txt C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\events\transmitters\transmit_aws.luc C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\System.Threading.Thread.dll C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee_pc_install_icon2.png C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File created C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ro.pak C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\System.IO.UnmanagedMemoryStream.dll C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-dialog-balloon.js C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-nb-NO.js C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\uimanager.dll C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\contentsecuritypolicywasm.luc C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\EDR\System.Collections.Concurrent.dll C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-hr-HR.js C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxSupLib.dll F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-fr-CA.js C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-da-DK.js C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\checklisthandler.luc C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ss-toast-variants-rebranding.css C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\rsHelper.exe.config C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\rsEngine.Extension.dll C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\UnifiedStub-installer.exe N/A
File created C:\Program Files\ldplayer9box\GLES12Translator.dll F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\tooltip_img_2.png C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-ru-RU.js C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\taskmanager.dll C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File created C:\Program Files\ReasonLabs\Common\Client\v1.4.2\LICENSE C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\UnifiedStub-installer.exe N/A
File created C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ta.pak C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\Temp2393047171\wa_install_close.png C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\ReasonLabs\EPP\System.ValueTuple.dll C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-checkbox-unchecked.png C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\nps\wa-nps-checklist.html C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\smarttoasting.luc C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
File created C:\Program Files\ReasonLabs\Common\Client\v1.4.2\locales\ms.pak C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\UnifiedStub-installer.exe N/A
File created C:\Program Files\McAfee\Temp2393047171\mfw-webadvisor.cab C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxPlaygroundDevice.dll F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\McAfee\Temp2393047171\jslang\eula-de-DE.txt C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
File created C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\freesysdrivespace.luc C:\Program Files\McAfee\Temp2393047171\installer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Users\Admin\AppData\Local\Temp\84A47519-B561-4E2F-B563-22E18A3E7512\dismhost.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Windows\SysWOW64\dism.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\x5rwk4ex.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\UnifiedStub-installer.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe N/A
N/A N/A C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Users\Admin\Downloads\DiscordSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84A47519-B561-4E2F-B563-22E18A3E7512\dismhost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\driverconfig.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
N/A N/A C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
N/A N/A \??\c:\program files\reasonlabs\epp\rsHelper.exe N/A
N/A N/A \??\c:\program files\reasonlabs\EPP\ui\EPP.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\program files\reasonlabs\epp\rsLitmus.A.exe N/A
N/A N/A C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\updater.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Program Files\McAfee\Temp2393047171\installer.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
N/A N/A C:\Program Files\McAfee\WebAdvisor\UIHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\UnifiedStub-installer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84A47519-B561-4E2F-B563-22E18A3E7512\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84A47519-B561-4E2F-B563-22E18A3E7512\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84A47519-B561-4E2F-B563-22E18A3E7512\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84A47519-B561-4E2F-B563-22E18A3E7512\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84A47519-B561-4E2F-B563-22E18A3E7512\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84A47519-B561-4E2F-B563-22E18A3E7512\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84A47519-B561-4E2F-B563-22E18A3E7512\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84A47519-B561-4E2F-B563-22E18A3E7512\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84A47519-B561-4E2F-B563-22E18A3E7512\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84A47519-B561-4E2F-B563-22E18A3E7512\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84A47519-B561-4E2F-B563-22E18A3E7512\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84A47519-B561-4E2F-B563-22E18A3E7512\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84A47519-B561-4E2F-B563-22E18A3E7512\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84A47519-B561-4E2F-B563-22E18A3E7512\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84A47519-B561-4E2F-B563-22E18A3E7512\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84A47519-B561-4E2F-B563-22E18A3E7512\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84A47519-B561-4E2F-B563-22E18A3E7512\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84A47519-B561-4E2F-B563-22E18A3E7512\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84A47519-B561-4E2F-B563-22E18A3E7512\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84A47519-B561-4E2F-B563-22E18A3E7512\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84A47519-B561-4E2F-B563-22E18A3E7512\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84A47519-B561-4E2F-B563-22E18A3E7512\dismhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\84A47519-B561-4E2F-B563-22E18A3E7512\dismhost.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SYSTEM32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\Temp1_taskbarx-1-7-8-0.zip\TaskbarX Configurator.exe

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\Control C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000\LogConf C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\LogConf C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000\Control C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key opened \Registry\Machine\Hardware\Description\System\CentralProcessor C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files\McAfee\WebAdvisor\updater.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-477A-2497-6759-88B8292A5AF0}\ = "IEmulatedUSB" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C6EA-45B6-9D43-DC6F70CC9F02}\ = "IGuestProcessRegisteredEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B855-40B8-AB0C-44D3515B4528}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-F4C4-4020-A185-0D2881BCFA8B}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C8E9-466B-9660-45CB3E9979E4}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E8A-11E9-8082-DB8AE479EF87}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-BE30-49C0-B315-E9749E1BDED1}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A06-81FC-A916-78B2DA1FA0E5}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C8E9-466B-9660-45CB3E9979E4}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4453-4f3e-c9b8-5686939c80b6} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-00B1-4E9D-0000-11FA00F9D583}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-D612-47D3-89D4-DB3992533948}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7FF8-4A84-BD34-0C651E118BB5}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-35F3-4F4D-B5BB-ED0ECEFD8538}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-800A-40F8-87A6-170D02249A55}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\ProgId C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0126-43E0-B05D-326E74ABB356}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-81A9-4005-9D52-FC45A78BF3F5}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8690-11E9-B83D-5719E53CF1DE}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7006-40D4-B339-472EE3801844}\NumMethods\ = "13" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F1F8-4590-941A-CDB66075C5BF}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-30E8-447E-99CB-E31BECAE6AE4}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-b855-40b8-ab0c-44d3515b4528} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E8A-11E9-825C-AB7B2CABCE23}\ = "IChoiceFormValue" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F7B7-4B05-900E-2A9253C00F51}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-93AF-42A7-7F13-79AD6EF1A18D}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3188-4C8C-8756-1395E8CB691C}\NumMethods\ = "13" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3346-49d6-8f1c-41b0c4784ff2} C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9641-4397-854A-040439D0114B}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F7B7-4B05-900E-2A9253C00F51}\NumMethods\ = "28" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-F4F4-4DD0-9D30-C89B873247EC} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A9E-43F4-B7A7-54BD285E22F4}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0002-4B81-0077-1DCB004571BA}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2F1A-4D6C-81FC-E3FA843F49AE} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-1EC0-4C0F-857F-FBE2A737A256}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E254-4E5B-A1F2-011CF991C38D}\ = "IVirtualBox" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-1EC0-4C0F-857F-FBE2A737A256}\ = "IGuestUserStateChangedEvent" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-5FDC-4ABA-AFF5-6A39BBD7C38B}\NumMethods\ = "64" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0D96-40ED-AE46-A564D484325E} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8384-11E9-921D-8B984E28A686}\NumMethods\ = "37" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-647D-45AC-8FE9-F49B3183BA37}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox\CLSID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F4C4-4020-A185-0D2881BCFA8B}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F7B7-4B05-900E-2A9253C00F51}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B5BB-4316-A900-5EB28D3413DF}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7006-40D4-B339-472EE3801844}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A06-81FC-A916-78B2DA1FA0E5}\ = "IAdditionsFacility" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3534-4239-B2DE-8E1535D94C0B}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6989-4002-80CF-3607F377D40C}\NumMethods\ = "21" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8CE7-469F-A4C2-6476F581FF72}\NumMethods\ = "14" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-30E8-447E-99CB-E31BECAE6AE4}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-BCB2-4905-A7AB-CC85448A742B}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0D96-40ED-AE46-A564D484325E}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBoxClient.1 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-35F3-4F4D-B5BB-ED0ECEFD8538}\ = "IEventSource" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6588-40A3-9B0A-68C05BA52C4B}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8079-447A-A33E-47A69C7980DB}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-23D0-430A-A7FF-7ED7F05534BC}\ = "INATNetworkPortForwardEvent" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C8E9-466B-9660-45CB3E9979E4}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-42DA-C94B-8AEC-21968E08355D}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-00A7-4104-0009-49BC00B2DA80} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-26F1-4EDB-8DD2-6BDDD0912368}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-6E0B-492A-A8D0-968472A94DC7}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 0f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 1900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e2000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c000000010000000400000000100000040000000100000010000000be954f16012122448ca8bc279602acf5030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files\ReasonLabs\EPP\rsWSC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\TaskbarXI_1.0.3.0.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\taskbarx-1-7-8-0.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\DiscordSetup.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Runs net.exe

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_taskbarx-1-7-8-0.zip\TaskbarX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_taskbarx-1-7-8-0.zip\TaskbarX.exe N/A
N/A N/A C:\Users\Admin\Desktop\TaskbarX.exe N/A
N/A N/A C:\Users\Admin\Desktop\TaskbarX.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\UnifiedStub-installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\UnifiedStub-installer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\fltmc.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_taskbarx-1-7-8-0.zip\TaskbarX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_taskbarx-1-7-8-0.zip\TaskbarX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_taskbarx-1-7-8-0.zip\TaskbarX.exe N/A
N/A N/A C:\Users\Admin\Desktop\TaskbarX.exe N/A
N/A N/A C:\Users\Admin\Desktop\TaskbarX.exe N/A
N/A N/A C:\Users\Admin\Desktop\TaskbarX.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXIMFCGUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXIMFCGUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXIMFCGUI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXIMFCGUI.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\driverconfig.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3120 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe
PID 3120 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe
PID 3120 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe
PID 3120 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe
PID 3120 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe
PID 3120 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe
PID 4772 wrote to memory of 1804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 1804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 4332 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 1596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 1596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 1208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 1208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 1208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 1208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 1208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 1208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 1208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 1208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 1208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 1208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 1208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 1208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 1208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 1208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 1208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 1208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 1208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 1208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 1208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 1208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 1208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 1208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4772 wrote to memory of 1208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe

"C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe"

C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe

"C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe" --local-service

C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe

"C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe" --local-control

C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe

"C:\Users\Admin\AppData\Local\Temp\AnyDesk (1).exe" --backend

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x0000000000000448 0x00000000000004DC

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff97197ab58,0x7ff97197ab68,0x7ff97197ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2196 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4200 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3824 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4364 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4616 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4384 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff745a6ae48,0x7ff745a6ae58,0x7ff745a6ae68

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4708 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3348 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1584 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3316 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4104 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2752 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3332 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3940 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4116 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3276 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4484 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=1904 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5156 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3392 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4104 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=2744 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXIMFCGUI.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXIMFCGUI.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4232 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe"

C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXIMFCGUI.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXIMFCGUI.exe"

C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe"-stop

C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe" -expandspeed 600 -shrinkspeed 600 -createstartup

C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_TaskbarXI_1.0.3.0.zip\TaskbarXI.exe"-stop

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5600 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=4268 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6124 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5644 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=2296 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4316 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5100 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=5400 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=6128 --field-trial-handle=1920,i,15851185402904258166,15056392356871811072,131072 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\Temp1_taskbarx-1-7-8-0.zip\TaskbarX Configurator.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_taskbarx-1-7-8-0.zip\TaskbarX Configurator.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2196 -ip 2196

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 1064

C:\Users\Admin\AppData\Local\Temp\Temp1_taskbarx-1-7-8-0.zip\TaskbarX.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_taskbarx-1-7-8-0.zip\TaskbarX.exe"

C:\Users\Admin\Desktop\TaskbarX.exe

"C:\Users\Admin\Desktop\TaskbarX.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff97197ab58,0x7ff97197ab68,0x7ff97197ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2196 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3460 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4280 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4440 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4368 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4680 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4736 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3424 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3820 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4120 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3144 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2100 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4264 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3052 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4720 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4572 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4076 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4604 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4132 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5116 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4904 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5148 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3328 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5404 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5780 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5948 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5764 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5756 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5616 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6496 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6536 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6772 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6932 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7180 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7172 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7520 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7636 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7868 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7708 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=8144 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=8004 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=7656 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=4892 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8696 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8896 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=8748 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=7336 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=5812 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=7052 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=6980 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=6016 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=5496 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=6032 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=5896 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=9380 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=9584 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=9508 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=9800 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=10004 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=10024 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=10208 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=10364 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=10684 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=10704 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=10824 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=10528 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=9964 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=868 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=5384 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=5372 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=5368 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=6244 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=5108 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=8836 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=5316 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=6484 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=8452 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=7952 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=7384 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=6744 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=5156 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=10620 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=8876 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=9720 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=6860 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=6716 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=8284 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=7628 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=7892 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=8084 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --mojo-platform-channel-handle=1184 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --mojo-platform-channel-handle=7648 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --mojo-platform-channel-handle=8004 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=5324 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --mojo-platform-channel-handle=7672 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --mojo-platform-channel-handle=10896 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --mojo-platform-channel-handle=8868 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --mojo-platform-channel-handle=7420 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --mojo-platform-channel-handle=8172 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --mojo-platform-channel-handle=7476 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --mojo-platform-channel-handle=8508 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --mojo-platform-channel-handle=10132 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --mojo-platform-channel-handle=7108 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --mojo-platform-channel-handle=5180 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --mojo-platform-channel-handle=9820 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --mojo-platform-channel-handle=8140 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --mojo-platform-channel-handle=5772 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --mojo-platform-channel-handle=6232 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --mojo-platform-channel-handle=6212 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --mojo-platform-channel-handle=9948 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9424 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5816 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9096 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9308 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8892 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11092 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe

"C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6068 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --mojo-platform-channel-handle=10320 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10896 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5224 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1452 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11208 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10444 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Users\Admin\Downloads\DiscordSetup.exe

"C:\Users\Admin\Downloads\DiscordSetup.exe"

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnplayer.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnmultiplayer.exe /T

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM dnmultiplayerex.exe /T

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe" -ip:"dui=4055b4b749ea533f6a1b0d8c14dbbf17d9dfdefe&dit=20240702204491684&is_silent=true&oc=DOT_RAV_Cross_Solo_LDP&p=bf64&a=103&b=&se=true" -i

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /F /IM bugreport.exe /T

F:\LDPlayer\LDPlayer9\LDPlayer.exe

"F:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=25567197 -language=en -path="F:\LDPlayer\LDPlayer9\"

C:\Users\Admin\AppData\Local\Temp\x5rwk4ex.exe

"C:\Users\Admin\AppData\Local\Temp\x5rwk4ex.exe" /silent

C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\UnifiedStub-installer.exe

.\UnifiedStub-installer.exe /silent

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe

"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Program Files\McAfee\Temp2393047171\installer.exe

"C:\Program Files\McAfee\Temp2393047171\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"

C:\Windows\SysWOW64\regsvr32.exe

/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"

C:\Windows\SYSTEM32\regsvr32.exe

regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe

"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"

C:\Program Files\McAfee\WebAdvisor\UIHost.exe

"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"

F:\LDPlayer\LDPlayer9\dnrepairer.exe

"F:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=787362

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Windows\SysWOW64\net.exe

"net" start cryptsvc

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start cryptsvc

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Softpub.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Wintrust.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" dssenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" rsaenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" cryptdlg.dll /s

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "F:\LDPlayer\LDPlayer9\vms" /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" "F:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "F:\LDPlayer\LDPlayer9\\system.vmdk"

C:\Windows\SysWOW64\icacls.exe

"icacls" "F:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t

C:\Users\Admin\Downloads\DiscordSetup.exe

"C:\Users\Admin\Downloads\DiscordSetup.exe"

C:\Windows\SysWOW64\dism.exe

C:\Windows\system32\dism.exe /Online /English /Get-Features

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .

C:\Users\Admin\AppData\Local\Temp\84A47519-B561-4E2F-B563-22E18A3E7512\dismhost.exe

C:\Users\Admin\AppData\Local\Temp\84A47519-B561-4E2F-B563-22E18A3E7512\dismhost.exe {127A6300-6D2A-4EFC-A97D-54B4AF87BABD}

C:\Program Files\McAfee\WebAdvisor\updater.exe

"C:\Program Files\McAfee\WebAdvisor\updater.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngine.inf

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\x64\rsKernelEngineEvents.xml

C:\Windows\SYSTEM32\fltmc.exe

"fltmc.exe" load rsKernelEngine

C:\Windows\system32\wevtutil.exe

"C:\Windows\system32\wevtutil.exe" im C:\Program Files\ReasonLabs\EPP\elam\evntdrv.xml

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe" -i -i

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\SquirrelTemp\SquirrelSetup.log"

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" start Ld9BoxSup

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4340 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7940 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=538CFFF16BFFC894F4392FD7ABEF6F89 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=1CAB895179697EF2CDB298FECC74A2BB --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=1CAB895179697EF2CDB298FECC74A2BB --renderer-client-id=2 --mojo-platform-channel-handle=1820 --allow-no-sandbox-job /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3F04812A0820BCED2AD746CCFF8E145A --mojo-platform-channel-handle=2464 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=52AB964D920BF3A38AC9F093F1E2439A --mojo-platform-channel-handle=1804 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6EAFAF588A89ACBDFE1949E55AC5B551 --mojo-platform-channel-handle=2500 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6152 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3780 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=11168 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8912 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'F:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow

F:\LDPlayer\LDPlayer9\driverconfig.exe

"F:\LDPlayer\LDPlayer9\driverconfig.exe"

C:\Windows\SysWOW64\takeown.exe

"takeown" /f F:\LDPlayer\ldmutiplayer\ /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" F:\LDPlayer\ldmutiplayer\ /grant everyone:F /t

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C81F7E63608BE3A1214B9A6849032A37 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C81F7E63608BE3A1214B9A6849032A37 --renderer-client-id=8 --mojo-platform-channel-handle=2484 --allow-no-sandbox-job /prefetch:1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F00E7BE9203B26410CF68AEE79D7F5D9 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F00E7BE9203B26410CF68AEE79D7F5D9 --renderer-client-id=10 --mojo-platform-channel-handle=1940 --allow-no-sandbox-job /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4bUcwDd53d

F:\LDPlayer\LDPlayer9\dnplayer.exe

"F:\LDPlayer\LDPlayer9\\dnplayer.exe" downloadpackage=com.roblox.client|package=com.roblox.client

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x120,0x130,0x7ff96e9a3cb8,0x7ff96e9a3cc8,0x7ff96e9a3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:8

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-54d7-bbbb00000000

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-54d7-000000000000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-54d7-000000000000

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3980 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3996 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ldplayer.net/blog/how-to-enable-vt.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff96e9a3cb8,0x7ff96e9a3cc8,0x7ff96e9a3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6256 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8396 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1340 /prefetch:2

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7396 /prefetch:1

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files\McAfee\WebAdvisor\updater.exe

"C:\Program Files\McAfee\WebAdvisor\updater.exe"

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Program Files\ReasonLabs\EPP\rsWSC.exe

"C:\Program Files\ReasonLabs\EPP\rsWSC.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe" -i -i

C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsClientSvc.exe"

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe" -i -i

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe

"C:\Program Files\ReasonLabs\EPP\rsEngineSvc.exe"

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe

"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe" -i -i

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe

"C:\Program Files\ReasonLabs\EDR\rsEDRSvc.exe"

\??\c:\program files\reasonlabs\epp\rsHelper.exe

"c:\program files\reasonlabs\epp\rsHelper.exe"

\??\c:\program files\reasonlabs\EPP\ui\EPP.exe

"c:\program files\reasonlabs\EPP\ui\EPP.exe" --minimized --first-run

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" "c:\program files\reasonlabs\EPP\ui\app.asar" --engine-path="c:\program files\reasonlabs\EPP" --minimized --first-run

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2144 --field-trial-handle=2148,i,1577015302590529243,2754800039444644920,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2580 --field-trial-handle=2148,i,1577015302590529243,2754800039444644920,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2800 --field-trial-handle=2148,i,1577015302590529243,2754800039444644920,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-user-model-id=com.reasonlabs.epp --app-path="C:\Program Files\ReasonLabs\Common\Client\v1.4.2\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3916 --field-trial-handle=2148,i,1577015302590529243,2754800039444644920,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3796 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5420 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9056 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3088 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3152 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6128 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3104 --field-trial-handle=1748,i,1574386735722369608,14780951212091312892,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3956 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3616 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6740 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4976 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1928,7107530321117773541,13686007006565012836,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6240 /prefetch:8

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\program files\reasonlabs\epp\rsLitmus.A.exe

"C:\program files\reasonlabs\epp\rsLitmus.A.exe"

C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe

"C:\Program Files\ReasonLabs\Common\Client\v1.4.2\rsAppUI.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1428 --field-trial-handle=2148,i,1577015302590529243,2754800039444644920,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\McAfee\WebAdvisor\updater.exe

"C:\Program Files\McAfee\WebAdvisor\updater.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul

C:\Program Files\McAfee\WebAdvisor\updater.exe

"C:\Program Files\McAfee\WebAdvisor\updater.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 boot.net.anydesk.com udp
NL 185.229.191.44:443 boot.net.anydesk.com tcp
GB 195.181.165.154:443 relay-98c428ee.net.anydesk.com tcp
US 8.8.8.8:53 44.191.229.185.in-addr.arpa udp
US 8.8.8.8:53 154.165.181.195.in-addr.arpa udp
IQ 5.62.132.83:40872 tcp
IQ 5.62.132.83:7070 tcp
IQ 5.62.132.83:7070 tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.200.14:443 img.youtube.com tcp
GB 172.217.169.46:443 img.youtube.com tcp
GB 142.250.187.238:443 img.youtube.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.180.22:443 i.ytimg.com tcp
GB 142.250.180.22:443 i.ytimg.com tcp
GB 142.250.180.22:443 i.ytimg.com tcp
GB 142.250.180.22:443 i.ytimg.com tcp
GB 142.250.180.22:443 i.ytimg.com tcp
GB 142.250.178.14:443 img.youtube.com tcp
GB 142.250.178.14:443 img.youtube.com tcp
GB 142.250.178.14:443 img.youtube.com tcp
GB 142.250.178.14:443 img.youtube.com tcp
GB 142.250.178.14:443 img.youtube.com tcp
GB 142.250.180.14:443 img.youtube.com tcp
GB 172.217.169.14:443 img.youtube.com udp
GB 142.250.180.22:443 i.ytimg.com udp
GB 172.217.169.46:443 img.youtube.com udp
GB 142.250.178.14:443 img.youtube.com udp
US 52.111.227.13:443 tcp
GB 172.217.169.46:443 img.youtube.com udp
GB 216.58.213.6:443 tcp
GB 216.58.213.10:443 tcp
US 8.8.8.8:53 id.google.com udp
US 173.194.193.94:443 id.google.com tcp
GB 142.250.180.22:443 i.ytimg.com udp
GB 216.58.213.10:443 udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 173.194.193.94:443 id.google.com udp
US 51.81.2.247:443 m.majorgeeks.com tcp
US 51.81.2.247:443 m.majorgeeks.com tcp
US 51.81.2.245:443 www.majorgeeks.com tcp
US 51.81.2.245:443 www.majorgeeks.com tcp
US 51.81.2.245:443 www.majorgeeks.com tcp
US 51.81.2.245:443 www.majorgeeks.com tcp
US 51.81.2.245:443 www.majorgeeks.com tcp
US 51.81.2.245:443 www.majorgeeks.com tcp
US 51.81.2.248:443 ra.majorgeeks.com tcp
US 51.81.2.248:443 ra.majorgeeks.com tcp
US 8.8.8.8:53 img.buymeacoffee.com udp
GB 142.250.200.14:443 img.youtube.com udp
US 8.8.8.8:53 matomo.majorgeeks.com udp
GB 18.245.187.8:443 cdn-images.mailchimp.com tcp
GB 108.138.217.59:443 platform-api.sharethis.com tcp
US 172.67.75.15:443 img.buymeacoffee.com tcp
US 51.81.2.252:443 matomo.majorgeeks.com tcp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 248.2.81.51.in-addr.arpa udp
US 8.8.8.8:53 252.2.81.51.in-addr.arpa udp
US 216.239.34.181:443 analytics.google.com tcp
US 216.239.34.181:443 analytics.google.com tcp
GB 64.233.167.157:443 stats.g.doubleclick.net tcp
GB 64.233.167.157:443 stats.g.doubleclick.net tcp
GB 163.70.151.21:443 connect.facebook.net tcp
FR 18.245.175.87:443 tcp
FR 18.245.175.87:443 tcp
US 151.101.128.134:443 tcp
US 216.239.34.181:443 analytics.google.com udp
US 185.199.108.133:443 tcp
US 52.86.229.235:443 tcp
US 8.8.8.8:53 github.com udp
US 52.72.140.222:443 tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
NL 46.228.164.11:443 tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
GB 18.245.143.28:443 tcp
IE 52.17.106.70:443 tcp
GB 157.240.221.35:443 tcp
US 199.232.192.134:443 tcp
GB 142.250.187.238:443 img.youtube.com tcp
GB 18.165.201.52:443 tcp
GB 142.250.187.206:443 img.youtube.com tcp
GB 18.154.84.3:443 tcp
US 199.232.196.134:443 tcp
GB 172.217.16.225:443 tcp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 142.250.178.14:443 google.com tcp
GB 216.58.213.10:443 udp
GB 172.217.169.46:443 udp
GB 163.70.151.21:443 udp
US 51.81.2.248:443 tcp
US 51.81.2.248:443 tcp
US 51.81.2.248:443 tcp
US 51.81.2.248:443 tcp
GB 18.165.201.52:443 tcp
GB 18.165.201.52:443 tcp
GB 18.165.201.52:443 tcp
GB 18.165.201.52:443 tcp
GB 18.165.201.52:443 tcp
US 8.8.8.8:53 udp
GB 64.233.167.157:443 udp
GB 142.250.187.238:443 udp
GB 172.217.16.225:443 tcp
GB 172.217.16.225:443 tcp
GB 172.217.16.225:443 tcp
GB 172.217.16.225:443 tcp
GB 172.217.16.225:443 tcp
GB 172.217.16.225:443 udp
GB 142.250.187.238:443 udp
GB 142.250.178.14:443 udp
NL 35.214.168.80:443 tcp
NL 35.204.74.118:443 tcp
DK 77.111.240.167:443 tcp
DK 77.111.240.167:443 tcp
US 185.199.108.133:443 tcp
US 104.18.25.173:443 tcp
US 104.18.25.173:443 tcp
DK 37.157.3.20:443 tcp
DK 37.157.3.20:443 tcp
US 13.107.42.14:443 tcp
RU 77.88.21.90:443 tcp
DE 91.228.74.244:443 tcp
N/A 185.98.54.153:443 tcp
SE 23.34.233.33:443 tcp
DK 77.111.240.167:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
RU 77.88.44.55:443 tcp
GB 184.28.176.26:443 tcp
US 52.182.143.208:443 browser.pipe.aria.microsoft.com tcp
BE 88.221.83.226:443 r.bing.com tcp
BE 88.221.83.226:443 r.bing.com tcp
BE 88.221.83.226:443 r.bing.com tcp
BE 88.221.83.226:443 r.bing.com tcp
BE 88.221.83.226:443 r.bing.com tcp
BE 88.221.83.226:443 r.bing.com tcp
US 131.253.33.254:443 a-ring-fallback.msedge.net tcp
US 52.113.196.254:443 teams-ring.msedge.net tcp
FR 20.111.36.173:443 par22prdapp01-canary.netmon.azure.com tcp
US 13.107.253.254:443 t-ring-fallback.msedge.net tcp
NO 51.13.112.137:443 f8c3499082bf372341cc430196a43a2f.azr.footprintdns.com tcp
US 4.150.240.254:443 arm-ring.msedge.net tcp
US 8.8.8.8:53 45b5dd655a8c8f77c2883b5b60a07ace.azr.footprintdns.com udp
AU 20.36.77.107:443 45b5dd655a8c8f77c2883b5b60a07ace.azr.footprintdns.com tcp
US 172.202.64.254:443 arc-ring.msedge.net tcp
US 52.123.128.254:443 dual-s-ring.msedge.net tcp
BE 88.221.83.226:443 r.bing.com tcp
BE 88.221.83.226:443 r.bing.com tcp
US 8.8.8.8:53 254.128.123.52.in-addr.arpa udp
US 8.8.8.8:53 107.77.36.20.in-addr.arpa udp
US 13.107.246.64:443 fp-afdx-bpdee4gtg6frejfd.z01.azurefd.net tcp
GB 172.217.16.225:443 udp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 142.250.178.14:443 google.com udp
US 8.8.8.8:53 clients2.google.com udp
AU 35.213.232.93:443 e2c38.gcp.gvt2.com tcp
GB 142.250.187.206:443 clients2.google.com udp
GB 216.58.213.3:443 beacons.gvt2.com tcp
AU 35.213.232.93:443 e2c38.gcp.gvt2.com tcp
GB 142.250.187.196:443 www.google.com udp
US 173.194.193.94:443 id.google.com udp
GB 172.217.169.46:443 play.google.com udp
GB 142.250.178.22:443 i.ytimg.com udp
GB 142.250.180.10:443 jnn-pa.googleapis.com udp
US 151.101.195.52:443 img.utdstc.com tcp
US 151.101.195.52:443 img.utdstc.com tcp
GB 142.250.187.238:443 www.youtube.com udp
US 8.8.8.8:53 btloader.com udp
US 151.101.195.52:443 img.utdstc.com tcp
US 151.101.195.52:443 img.utdstc.com tcp
US 151.101.195.52:443 img.utdstc.com tcp
US 151.101.195.52:443 img.utdstc.com tcp
US 151.101.195.52:443 img.utdstc.com tcp
US 151.101.195.52:443 img.utdstc.com tcp
NL 188.226.136.4:443 geo.cookie-script.com tcp
US 151.101.131.52:443 img.utdstc.com tcp
US 151.101.131.52:443 img.utdstc.com tcp
US 151.101.131.52:443 img.utdstc.com tcp
US 151.101.131.52:443 img.utdstc.com tcp
US 151.101.131.52:443 img.utdstc.com tcp
US 151.101.131.52:443 img.utdstc.com tcp
US 172.67.41.60:443 btloader.com tcp
US 172.67.69.203:443 ssm.codes tcp
US 151.101.131.52:443 img.utdstc.com udp
US 151.101.195.52:443 img.utdstc.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 130.211.23.194:443 api.btloader.com udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
GB 142.250.200.2:443 pubads.g.doubleclick.net tcp
US 104.26.4.120:443 ssm.codes udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 6.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 120.4.26.104.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
DE 65.108.188.9:443 consent.cookie-script.com tcp
NL 146.185.171.19:443 cdn.cookie-script.com tcp
NL 146.185.171.19:443 cdn.cookie-script.com tcp
GB 142.250.187.238:443 ogs.google.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
GB 172.217.169.65:443 0ec455f68ca2098b70ee93df4cb5fce0.safeframe.googlesyndication.com tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
DE 18.173.233.10:443 tags.crwdcntrl.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
US 34.120.135.53:443 oajs.openx.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
IE 52.211.254.3:443 bcp.crwdcntrl.net tcp
US 34.120.135.53:443 oajs.openx.net udp
US 35.244.159.8:443 google-bidout-d.openx.net tcp
US 8.8.8.8:53 10.233.173.18.in-addr.arpa udp
US 8.8.8.8:53 167.35.18.104.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 3.254.211.52.in-addr.arpa udp
GB 216.58.204.70:443 s0.2mdn.net tcp
DK 37.157.3.20:443 c1.adform.net tcp
IE 54.216.115.77:443 pm.w55c.net tcp
DE 37.252.171.85:443 ib.adnxs.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
IE 52.208.101.151:443 match.prod.bidr.io tcp
DE 37.252.171.85:443 ib.adnxs.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
US 104.18.36.155:443 htlb.casalemedia.com udp
US 8.8.8.8:53 85.171.252.37.in-addr.arpa udp
US 151.101.195.52:443 dw.uptodown.net udp
GB 142.250.200.2:443 pubads.g.doubleclick.net udp
FR 51.210.117.80:443 dw.uptodown.com tcp
FR 51.210.117.80:443 dw.uptodown.com tcp
US 151.101.195.52:443 dw.uptodown.net tcp
SG 142.251.12.120:443 csi.gstatic.com tcp
SG 142.251.12.120:443 csi.gstatic.com tcp
US 173.194.193.94:443 id.google.com udp
GB 142.250.178.22:443 i.ytimg.com udp
GB 142.250.180.10:443 jnn-pa.googleapis.com udp
GB 172.217.169.46:443 play.google.com udp
GB 216.58.213.3:443 beacons3.gvt2.com udp
US 64.233.169.94:443 beacons2.gvt2.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 142.250.178.14:443 google.com udp
US 142.250.69.3:443 beacons5.gvt3.com udp
US 64.233.169.94:443 beacons2.gvt2.com udp
GB 172.217.169.46:443 play.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 172.217.169.46:443 play.google.com udp
GB 216.58.213.3:443 beacons3.gvt2.com udp
GB 172.217.169.46:443 play.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 172.217.169.46:443 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 142.250.187.206:443 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 216.58.201.118:443 i.ytimg.com udp
GB 216.58.201.118:443 i.ytimg.com tcp
GB 142.250.200.34:443 googleads4.g.doubleclick.net udp
GB 142.250.200.34:443 googleads4.g.doubleclick.net tcp
GB 172.217.169.46:443 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 142.250.187.238:443 ogs.google.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 104.103.252.222:443 answers.microsoft.com tcp
GB 104.103.252.222:443 answers.microsoft.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 216.58.212.195:80 www.gstatic.com tcp
US 151.101.65.91:443 sc.sftcdn.net tcp
GB 142.250.200.34:443 googleads4.g.doubleclick.net udp
US 151.101.65.91:443 sc.sftcdn.net tcp
DE 13.226.153.80:443 sdk.privacy-center.org tcp
US 151.101.65.91:443 sc.sftcdn.net tcp
US 151.101.65.91:443 sc.sftcdn.net tcp
US 151.101.65.91:443 sc.sftcdn.net tcp
GB 142.250.200.34:443 googleads4.g.doubleclick.net tcp
GB 104.103.241.197:443 images.sftcdn.net tcp
US 199.232.213.91:443 softonic.com tcp
US 199.232.213.91:443 softonic.com tcp
GB 104.103.241.197:443 images.sftcdn.net tcp
GB 104.103.241.197:443 images.sftcdn.net tcp
US 151.101.65.91:443 sc.sftcdn.net udp
DE 18.173.229.115:443 c.amazon-adsystem.com tcp
US 151.101.65.91:443 sc.sftcdn.net udp
DE 13.226.153.80:443 sdk.privacy-center.org udp
US 172.67.41.60:443 btloader.com tcp
DE 18.173.225.115:443 www.datadoghq-browser-agent.com tcp
DE 18.173.229.115:443 c.amazon-adsystem.com tcp
DE 13.226.153.13:443 config.aps.amazon-adsystem.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 104.26.3.70:443 ad-delivery.net tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
NL 139.45.197.227:443 notix.io tcp
DE 18.154.63.15:443 api.privacy-center.org tcp
US 8.8.8.8:53 ad.360yield.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 shb.richaudience.com udp
US 8.8.8.8:53 brightcombid.marphezis.com udp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
IE 52.209.249.92:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 ap.lijit.com udp
US 34.120.63.153:443 prebid.media.net tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
IE 52.209.226.177:443 ad.360yield.com tcp
DE 37.252.172.123:443 ib.adnxs.com tcp
DE 46.4.139.58:443 shb.richaudience.com tcp
DE 46.4.139.58:443 shb.richaudience.com tcp
DE 46.4.139.58:443 shb.richaudience.com tcp
US 172.64.151.101:443 dsum.casalemedia.com tcp
DE 108.156.255.231:443 aax.amazon-adsystem.com tcp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
IE 54.77.10.154:443 ap.lijit.com tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
US 172.67.74.173:443 wct.softonic.com tcp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
DE 18.173.233.95:443 tags.crwdcntrl.net tcp
DE 18.154.63.15:443 api.privacy-center.org udp
GB 172.217.169.65:443 5fbfbe850c3e2598e1db6aaa8298b0fa.safeframe.googlesyndication.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 35.244.193.51:443 lexicon.33across.com tcp
GB 216.58.212.206:443 ampcid.google.com tcp
US 216.239.34.181:443 analytics.google.com udp
BE 64.233.167.154:443 stats.g.doubleclick.net udp
US 216.239.34.181:443 analytics.google.com tcp
BE 64.233.167.154:443 stats.g.doubleclick.net tcp
US 172.67.74.173:443 wct.softonic.com tcp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 58.139.4.46.in-addr.arpa udp
US 8.8.8.8:53 231.255.156.108.in-addr.arpa udp
US 8.8.8.8:53 154.10.77.54.in-addr.arpa udp
US 8.8.8.8:53 173.74.67.172.in-addr.arpa udp
US 8.8.8.8:53 229.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 65.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 95.233.173.18.in-addr.arpa udp
US 8.8.8.8:53 204.135.128.178.in-addr.arpa udp
US 8.8.8.8:53 51.193.244.35.in-addr.arpa udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
IE 108.128.102.239:443 ice.360yield.com tcp
GB 142.250.200.3:443 www.google.co.uk tcp
DE 178.63.248.57:443 push-sdk.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
DE 178.63.248.56:443 push-sdk.com tcp
US 15.197.193.217:443 match.adsrvr.org tcp
DE 178.63.248.56:443 push-sdk.com tcp
IE 3.254.11.96:443 rtb.gumgum.com tcp
IE 34.245.243.254:443 ce.lijit.com tcp
IE 34.245.243.254:443 ce.lijit.com tcp
US 151.101.130.49:443 rtd-tm.everesttech.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 49.130.101.151.in-addr.arpa udp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 192.178.49.163:443 beacons.gcp.gvt2.com udp
US 192.178.49.163:443 beacons.gcp.gvt2.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
GB 142.250.187.193:443 cdn.ampproject.org udp
US 64.233.169.94:443 beacons2.gvt2.com udp
US 172.64.151.101:443 ssum-sec.casalemedia.com udp
US 34.120.63.153:443 prebid.media.net udp
US 64.233.169.94:443 beacons2.gvt2.com tcp
GB 142.250.200.34:443 googleads4.g.doubleclick.net udp
GB 142.250.200.34:443 googleads4.g.doubleclick.net tcp
IE 52.94.222.140:443 aax-eu.amazon-adsystem.com tcp
DE 51.38.120.206:443 onetag-sys.com tcp
SE 23.34.232.193:443 ads.pubmatic.com tcp
NL 89.149.192.245:443 ssbsync.smartadserver.com tcp
US 13.248.245.213:443 eb2.3lift.com tcp
IE 52.94.222.140:443 aax-eu.amazon-adsystem.com tcp
US 34.98.64.218:443 us-u.openx.net tcp
US 54.144.178.48:443 sync.srv.stackadapt.com tcp
IE 54.77.108.145:443 pr-bh.ybp.yahoo.com tcp
US 52.72.140.222:443 sync.ipredictive.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 169.197.150.8:443 match.deepintent.com tcp
US 50.31.142.31:443 b1sync.zemanta.com tcp
DK 37.157.6.233:443 c1.adform.net tcp
GB 142.250.180.2:443 cm.g.doubleclick.net udp
IE 52.210.15.1:443 usersync.gumgum.com tcp
GB 142.250.180.2:443 cm.g.doubleclick.net tcp
GB 185.64.190.78:443 image6.pubmatic.com tcp
US 172.64.149.180:443 js-sec.indexww.com tcp
DE 162.55.233.28:443 sync.richaudience.com tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
US 151.101.129.108:443 acdn.adnxs.com tcp
NL 35.204.74.118:443 um.simpli.fi tcp
SE 23.34.232.19:443 contextual.media.net tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
US 104.22.51.98:443 mwzeom.zeotap.com tcp
DE 162.55.233.28:443 sync.richaudience.com tcp
NL 198.47.127.205:443 simage2.pubmatic.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 192.132.33.67:443 bttrack.com tcp
IE 34.252.197.139:443 match.prod.bidr.io tcp
DE 18.66.248.68:443 api-2-0.spot.im tcp
IE 52.48.220.237:443 jadserve.postrelease.com tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
JP 124.146.153.165:443 tg.socdm.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 8.8.8.8:53 1.15.210.52.in-addr.arpa udp
US 8.8.8.8:53 78.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 180.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 108.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 19.232.34.23.in-addr.arpa udp
US 8.8.8.8:53 152.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 98.51.22.104.in-addr.arpa udp
US 8.8.8.8:53 221.129.111.34.in-addr.arpa udp
US 8.8.8.8:53 205.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 139.197.252.34.in-addr.arpa udp
US 8.8.8.8:53 237.220.48.52.in-addr.arpa udp
US 8.8.8.8:53 68.248.66.18.in-addr.arpa udp
US 8.8.8.8:53 67.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
IE 52.210.15.1:443 usersync.gumgum.com tcp
IE 52.210.15.1:443 usersync.gumgum.com tcp
FR 51.255.68.171:443 dsp.nrich.ai tcp
US 35.244.174.68:443 id.rlcdn.com tcp
GB 104.103.201.8:443 secure-assets.rubiconproject.com tcp
IE 52.210.15.1:443 usersync.gumgum.com tcp
IE 52.210.15.1:443 usersync.gumgum.com tcp
JP 124.146.153.165:443 tg.socdm.com tcp
US 209.54.182.161:443 s.amazon-adsystem.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 64.158.223.140:443 casale-match.dotomi.com tcp
SE 23.34.233.229:443 eus.rubiconproject.com tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 69.173.146.5:443 pixel-us-east.rubiconproject.com tcp
US 67.202.105.24:443 ssc-cms.33across.com tcp
DE 51.38.120.206:443 onetag-sys.com udp
US 54.156.110.223:443 cs-server-s2s.yellowblue.io tcp
SE 184.31.15.75:443 player.aniview.com tcp
DE 116.202.167.133:443 inv-nets.admixer.net tcp
US 34.98.64.218:443 us-u.openx.net udp
US 216.200.232.253:443 sync.mathtag.com tcp
US 80.77.87.162:443 cs.admanmedia.com tcp
NL 154.57.158.116:443 ads.stickyadstv.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
SE 23.34.233.229:443 eus.rubiconproject.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
SE 23.34.232.19:443 c21lg-d.media.net udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 8.8.8.8:53 5.146.173.69.in-addr.arpa udp
US 8.8.8.8:53 161.182.54.209.in-addr.arpa udp
US 8.8.8.8:53 24.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 223.110.156.54.in-addr.arpa udp
US 8.8.8.8:53 75.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 133.167.202.116.in-addr.arpa udp
US 8.8.8.8:53 116.158.57.154.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 172.240.45.78:443 sync.aniview.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
IE 3.248.68.207:443 cs.yellowblue.io tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
NL 81.17.55.173:443 rtb-csync.smartadserver.com tcp
DE 18.173.233.71:443 s.ad.smaato.net tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
NL 35.214.199.62:443 csync.loopme.me tcp
US 209.54.182.161:443 s.amazon-adsystem.com tcp
NL 35.214.199.62:443 csync.loopme.me tcp
IE 34.240.242.158:443 pm.w55c.net tcp
US 104.18.24.173:443 a.tribalfusion.com udp
GB 18.134.84.15:443 1f2e7.v.fwmrm.net tcp
DE 18.197.12.221:443 sonata-notifications.taptapnetworks.com tcp
NL 81.17.55.173:443 rtb-csync.smartadserver.com tcp
NL 81.17.55.173:443 rtb-csync.smartadserver.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 172.240.45.78:443 sync.aniview.com udp
US 34.111.113.62:443 pixel.tapad.com tcp
NL 198.47.127.20:443 simage4.pubmatic.com tcp
US 8.8.8.8:53 173.24.18.104.in-addr.arpa udp
US 8.8.8.8:53 158.242.240.34.in-addr.arpa udp
US 8.8.8.8:53 15.84.134.18.in-addr.arpa udp
US 8.8.8.8:53 221.12.197.18.in-addr.arpa udp
US 8.8.8.8:53 62.113.111.34.in-addr.arpa udp
US 8.8.8.8:53 20.127.47.198.in-addr.arpa udp
DE 91.228.74.200:443 cms.quantserve.com tcp
FR 54.38.113.7:443 pixel.onaudience.com tcp
DK 77.243.51.122:443 uipglob.semasio.net tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
DE 85.114.159.93:443 dsp.adfarm1.adition.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
NL 35.214.199.62:443 csync.loopme.me tcp
SE 213.155.156.164:443 d5p.de17a.com tcp
NL 64.227.64.62:443 match.adsby.bidtheatre.com tcp
NL 63.215.202.137:443 pubmatic-match.dotomi.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com udp
GB 142.250.200.3:443 www.google.co.uk udp
NL 193.0.160.130:443 p.rfihub.com tcp
US 35.186.193.173:443 ipac.ctnsnet.com tcp
SI 195.5.165.20:443 core.iprom.net tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
FR 141.95.171.141:443 green.erne.co tcp
FR 54.38.113.4:443 pixel.onaudience.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
IE 52.215.155.11:443 cm.adgrx.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
DE 162.55.120.196:443 matching.truffle.bid tcp
GB 157.240.221.16:443 connect.facebook.net udp
US 13.107.21.237:443 c.bing.com tcp
GB 157.240.221.16:443 connect.facebook.net tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
GB 157.240.221.35:443 www.facebook.com udp
US 13.107.246.64:443 www.clarity.ms tcp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
GB 142.250.187.251:443 storage.googleapis.com tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 54.221.221.83:443 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev tcp
US 35.244.193.51:443 lexicon.33across.com udp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
US 20.114.190.119:443 x.clarity.ms tcp
NL 139.45.197.227:443 notix.io tcp
IE 13.74.129.1:443 c.clarity.ms tcp
NL 35.214.199.62:443 csync.loopme.me tcp
NL 63.215.202.169:443 inmobi-match.dotomi.com tcp
GB 172.217.16.225:443 lh4.googleusercontent.com tcp
GB 172.217.16.225:443 lh4.googleusercontent.com udp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
IE 34.252.197.139:443 match.prod.bidr.io tcp
US 54.144.178.48:443 sync.srv.stackadapt.com tcp
US 35.244.174.68:443 id.rlcdn.com udp
US 67.202.105.24:443 ssc-cms.33across.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
NL 35.214.132.90:443 u.ipw.metadsp.co.uk tcp
NL 81.17.55.173:443 rtb-csync.smartadserver.com tcp
NL 81.17.55.173:443 rtb-csync.smartadserver.com tcp
US 199.232.213.91:443 softonic.com udp
GB 79.133.176.223:443 www.ldplayer.net tcp
GB 79.133.176.166:443 www.ldplayer.net tcp
DE 18.173.233.106:443 js.adscale.de tcp
DE 52.59.19.64:443 ih.adscale.de tcp
NL 139.45.197.227:443 notix.io tcp
US 104.18.41.104:443 cd.connatix.com tcp
US 104.18.41.104:443 cd.connatix.com udp
US 104.26.4.6:443 cmp.setupcmp.com tcp
GB 142.250.178.22:443 play-lh.googleusercontent.com udp
DE 18.66.248.5:443 cdn.ldplayer.net tcp
US 104.26.4.6:443 cmp.setupcmp.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
DE 18.66.248.5:443 cdn.ldplayer.net udp
US 104.18.31.49:443 stpd.cloud tcp
US 8.8.8.8:53 49.31.18.104.in-addr.arpa udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
GB 142.250.200.14:443 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
SG 47.236.4.49:443 usersdk.ldmnq.com tcp
SG 8.222.229.130:443 api.ldshop.gg tcp
DE 13.226.153.85:443 apien.ldplayer.net tcp
SG 47.236.4.49:443 usersdk.ldmnq.com tcp
SG 8.219.96.60:443 invite.ldplayer.net tcp
SG 8.222.229.130:443 api.ldshop.gg tcp
SG 8.219.96.60:443 invite.ldplayer.net tcp
DE 13.226.153.85:443 apien.ldplayer.net udp
US 8.8.8.8:53 prs.sftcdn.net udp
US 151.101.65.91:443 prs.sftcdn.net tcp
CN 14.215.182.140:443 hm.baidu.com tcp
CN 14.215.182.140:443 hm.baidu.com tcp
CN 14.215.182.140:443 hm.baidu.com tcp
US 151.101.193.229:443 cdn.jsdelivr.net udp
DE 108.157.4.43:443 tagan.adlightning.com tcp
US 151.101.65.91:443 prs.sftcdn.net udp
US 8.8.8.8:53 49.4.236.47.in-addr.arpa udp
US 8.8.8.8:53 130.229.222.8.in-addr.arpa udp
US 8.8.8.8:53 60.96.219.8.in-addr.arpa udp
US 8.8.8.8:53 43.4.157.108.in-addr.arpa udp
SE 184.31.15.187:443 articles-img.sftcdn.net tcp
SE 184.31.15.187:443 articles-img.sftcdn.net tcp
SE 184.31.15.187:443 articles-img.sftcdn.net tcp
US 172.64.146.152:443 ins.connatix.com udp
IE 209.85.203.84:443 accounts.google.com tcp
US 172.64.146.152:443 ins.connatix.com tcp
US 172.64.146.152:443 ins.connatix.com tcp
US 172.64.146.152:443 ins.connatix.com tcp
US 8.8.8.8:53 vid.connatix.com udp
US 8.8.8.8:53 lit.connatix.com udp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
US 172.67.36.110:443 cdn.hadronid.net tcp
US 172.64.146.152:443 lit.connatix.com tcp
US 172.64.146.152:443 lit.connatix.com tcp
US 104.18.41.104:443 lit.connatix.com tcp
IE 54.229.28.67:443 bcp.crwdcntrl.net tcp
US 172.67.23.234:443 a.ad.gt tcp
NL 64.158.223.146:443 proc.ad.cpe.dotomi.com tcp
US 104.22.4.69:443 a.ad.gt tcp
US 8.8.8.8:53 156.174.53.23.in-addr.arpa udp
US 8.8.8.8:53 67.28.229.54.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 146.223.158.64.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
IE 209.85.203.84:443 accounts.google.com udp
DK 37.157.2.229:443 adx.adform.net tcp
DE 52.58.138.83:443 match.sharethrough.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
US 104.26.9.169:443 script.4dex.io tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 rtb.openx.net udp
US 104.26.9.178:443 prebid-stag.setupad.net tcp
US 104.26.9.178:443 prebid-stag.setupad.net tcp
US 172.64.153.78:443 mp.4dex.io tcp
NL 147.75.84.158:443 pb-am.a-mo.net tcp
NL 89.149.192.241:443 prg.smartadserver.com tcp
US 35.186.253.211:443 rtb.openx.net tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 104.26.9.169:443 script.4dex.io tcp
IE 34.252.197.139:443 match.prod.bidr.io tcp
US 104.18.22.145:443 cadmus.script.ac tcp
US 54.144.178.48:443 sync.srv.stackadapt.com tcp
NL 46.228.164.13:443 d.turn.com tcp
NL 35.214.174.141:443 a.sportradarserving.com tcp
DK 37.157.2.230:443 adx.adform.net tcp
NL 35.214.174.141:443 a.sportradarserving.com udp
DK 77.243.51.122:443 uipglob.semasio.net tcp
US 34.149.40.38:443 u.4dex.io tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
DE 178.63.248.57:443 push-sdk.com tcp
US 35.186.253.211:443 rtb.openx.net udp
NL 64.158.223.137:443 openx2-match.dotomi.com tcp
DE 57.129.18.109:443 ws.rqtrk.eu tcp
US 8.8.8.8:53 145.22.18.104.in-addr.arpa udp
US 8.8.8.8:53 13.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 141.174.214.35.in-addr.arpa udp
US 8.8.8.8:53 38.40.149.34.in-addr.arpa udp
US 8.8.8.8:53 230.2.157.37.in-addr.arpa udp
US 8.8.8.8:53 137.223.158.64.in-addr.arpa udp
GB 216.58.204.70:443 s0.2mdn.net udp
DE 178.63.248.56:443 push-sdk.com tcp
US 34.149.40.38:443 u.4dex.io udp
DE 178.63.248.56:443 push-sdk.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
DE 159.89.25.223:443 node.setupad.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
NL 147.75.84.158:443 sync.a-mo.net tcp
BE 2.17.107.219:443 csync.smartadserver.com tcp
US 104.21.48.215:443 adxbid.info tcp
BE 2.17.107.219:443 csync.smartadserver.com tcp
BE 2.17.107.243:443 ced-ns.sascdn.com tcp
US 34.96.105.8:443 tr.blismedia.com tcp
US 104.19.159.19:443 assets.a-mo.net tcp
NL 46.228.164.11:443 ad.turn.com tcp
IE 34.240.0.83:443 ms-cookie-sync.presage.io tcp
DE 85.114.159.93:443 dsp.adfarm1.adition.com tcp
US 3.229.202.201:443 pxl.iqm.com tcp
FR 45.137.176.88:443 sync.adotmob.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
NL 81.17.55.173:443 rtb-csync.smartadserver.com tcp
NL 81.17.55.173:443 rtb-csync.smartadserver.com tcp
US 34.96.71.22:443 s.company-target.com tcp
NL 81.17.55.173:443 rtb-csync.smartadserver.com tcp
NL 81.17.55.173:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 201.202.229.3.in-addr.arpa udp
US 8.8.8.8:53 22.71.96.34.in-addr.arpa udp
US 52.72.140.222:443 sync.ipredictive.com tcp
DE 79.127.216.47:443 id.rtb.mx tcp
US 8.8.8.8:53 ads.betweendigital.com udp
NL 188.42.63.48:443 dsp-ap.eskimi.com tcp
NL 188.42.196.115:443 ads.betweendigital.com tcp
GB 185.64.190.81:443 image4.pubmatic.com tcp
US 8.2.110.113:443 as.ck-ie.com tcp
FR 54.36.150.182:443 cookie-matching.mediarithmics.com tcp
US 34.96.71.22:443 s.company-target.com udp
US 50.31.142.31:443 b1sync.zemanta.com tcp
IE 99.80.243.182:443 dpm.demdex.net tcp
US 100.29.154.22:443 rtb.adentifi.com tcp
NL 147.75.84.158:443 sync.a-mo.net tcp
GB 89.187.167.9:443 vid.vidoomy.com tcp
DE 52.57.150.20:443 ps.eyeota.net tcp
NL 79.127.227.46:443 id.rtb.mx tcp
NL 185.64.189.116:443 ow.pubmatic.com tcp
NL 185.89.208.11:443 prebid.adnxs.com tcp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
GB 89.187.167.4:443 vpaid.vidoomy.com tcp
ES 212.36.83.245:443 a.vidoomy.com tcp
BE 35.210.53.219:443 pool.admedo.com tcp
US 8.8.8.8:53 116.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 46.227.127.79.in-addr.arpa udp
US 8.8.8.8:53 11.208.89.185.in-addr.arpa udp
US 8.8.8.8:53 4.167.187.89.in-addr.arpa udp
US 8.8.8.8:53 180.201.192.209.in-addr.arpa udp
GB 142.250.187.193:443 cdn.ampproject.org udp
BE 35.210.53.219:443 pool.admedo.com udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
DE 18.66.242.180:443 d19mtdoi3rn3ox.cloudfront.net tcp
CN 111.45.3.198:443 hm.baidu.com tcp
CN 111.45.3.198:443 hm.baidu.com tcp
CN 111.45.3.198:443 hm.baidu.com tcp
DE 18.173.226.141:443 d1arl2thrafelv.cloudfront.net tcp
DE 18.173.226.141:443 d1arl2thrafelv.cloudfront.net tcp
FR 13.249.9.34:443 encdn.ldmnq.com tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 192.178.49.163:443 beacons.gcp.gvt2.com udp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 192.178.49.163:443 beacons.gcp.gvt2.com udp
CN 183.240.98.228:443 hm.baidu.com tcp
CN 183.240.98.228:443 hm.baidu.com tcp
CN 183.240.98.228:443 hm.baidu.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 104.18.48.115:443 dl.discordapp.net tcp
US 104.18.48.115:443 dl.discordapp.net tcp
US 192.178.49.163:443 beacons.gcp.gvt2.com udp
US 20.114.190.119:443 x.clarity.ms tcp
CN 14.215.183.79:443 hm.baidu.com tcp
CN 14.215.183.79:443 hm.baidu.com tcp
CN 14.215.183.79:443 hm.baidu.com tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
CN 111.45.11.83:443 hm.baidu.com tcp
CN 111.45.11.83:443 hm.baidu.com tcp
CN 111.45.11.83:443 hm.baidu.com tcp
DE 18.154.63.68:443 shield.reasonsecurity.com tcp
DE 18.173.226.131:443 d1arl2thrafelv.cloudfront.net tcp
US 100.20.9.137:443 analytics.apis.mcafee.com tcp
DE 18.154.63.68:443 shield.reasonsecurity.com tcp
SE 184.31.15.112:443 sadownload.mcafee.com tcp
DE 13.226.153.36:443 update.reasonsecurity.com tcp
GB 142.250.187.206:443 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
US 44.209.141.135:443 track.analytics-data.io tcp
US 44.209.141.135:443 track.analytics-data.io tcp
DE 18.173.233.59:443 electron-shell.reasonsecurity.com tcp
US 44.209.141.135:443 track.analytics-data.io tcp
US 44.209.141.135:443 track.analytics-data.io tcp
US 44.209.141.135:443 track.analytics-data.io tcp
US 44.209.141.135:443 track.analytics-data.io tcp
SE 184.31.15.112:443 sadownload.mcafee.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
GB 104.103.246.204:443 home.mcafee.com tcp
US 44.209.141.135:443 track.analytics-data.io tcp
US 44.209.141.135:443 track.analytics-data.io tcp
US 44.236.121.164:443 analytics.apis.mcafee.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
US 142.250.69.3:443 beacons.gvt2.com udp
US 142.250.69.3:443 beacons.gvt2.com tcp
US 142.250.69.3:443 beacons.gvt2.com tcp
US 44.236.121.164:443 analytics.apis.mcafee.com tcp
US 44.209.141.135:443 track.analytics-data.io tcp
US 44.209.141.135:443 track.analytics-data.io tcp
DE 18.66.248.47:443 cdn.reasonsecurity.com tcp
US 44.209.141.135:443 track.analytics-data.io tcp
US 44.209.141.135:443 track.analytics-data.io tcp
US 44.209.141.135:443 track.analytics-data.io tcp
US 44.209.141.135:443 track.analytics-data.io tcp
US 8.8.8.8:53 x.clarity.ms udp
US 20.114.190.119:443 x.clarity.ms tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
SE 184.31.15.112:443 sadownload.mcafee.com tcp
GB 142.250.187.206:80 clients2.google.com tcp
GB 142.250.187.206:443 clients2.google.com udp
GB 172.217.16.225:443 clients2.googleusercontent.com udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
BE 2.17.107.202:80 www.adobe.com tcp
BE 2.17.107.202:80 www.adobe.com tcp
BE 2.17.107.202:80 www.adobe.com tcp
US 8.8.8.8:53 202.107.17.2.in-addr.arpa udp
BE 2.17.107.202:80 www.adobe.com tcp
BE 2.17.107.202:443 www.adobe.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 ad.ldplayer.net udp
US 8.8.8.8:53 en.ldplayer.net udp
DE 18.66.248.5:443 cdn.ldplayer.net tcp
DE 18.66.248.5:443 cdn.ldplayer.net tcp
GB 79.133.176.213:443 en.ldplayer.net tcp
DE 13.226.153.27:443 ad.ldplayer.net tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
DE 18.66.248.5:443 cdn.ldplayer.net tcp
DE 18.66.248.5:443 cdn.ldplayer.net tcp
DE 18.66.248.5:443 cdn.ldplayer.net tcp
US 8.8.8.8:53 discord.gg udp
US 162.159.136.234:443 discord.gg tcp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 27.153.226.13.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 64.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 advertise.ldplayer.net udp
GB 163.181.154.182:443 advertise.ldplayer.net tcp
US 162.159.135.232:443 discord.com tcp
GB 163.181.154.180:443 res.ldplayer.net tcp
GB 163.181.154.180:443 res.ldplayer.net tcp
DE 13.226.153.27:443 encdn.ldmnq.com tcp
GB 163.181.154.180:443 res.ldplayer.net tcp
GB 163.181.154.180:443 res.ldplayer.net tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
GB 163.181.154.180:443 res.ldplayer.net tcp
GB 163.181.154.180:443 res.ldplayer.net tcp
GB 163.181.154.182:443 advertise.ldplayer.net tcp
DE 13.226.153.27:443 encdn.ldmnq.com tcp
GB 163.181.154.180:443 res.ldplayer.net tcp
GB 163.181.154.180:443 res.ldplayer.net tcp
DE 18.66.248.5:443 cdn.ldplayer.net tcp
DE 13.226.153.27:443 encdn.ldmnq.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.135.233:443 cdn.discordapp.com tcp
GB 163.181.154.180:443 res.ldplayer.net tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 163.181.154.180:443 res.ldplayer.net tcp
GB 163.181.154.180:443 res.ldplayer.net tcp
DE 18.66.248.5:443 cdn.ldplayer.net tcp
DE 18.154.63.5:443 alliance.ldplayer.net tcp
DE 18.154.68.212:80 ocsp.r2m01.amazontrust.com tcp
DE 13.226.153.27:443 encdn.ldmnq.com tcp
US 8.8.8.8:53 apien.ldmnq.com udp
GB 79.133.176.219:443 www.ldplayer.net tcp
GB 79.133.176.219:443 www.ldplayer.net tcp
DE 108.157.4.70:80 apien.ldmnq.com tcp
DE 108.157.4.70:443 apien.ldmnq.com tcp
US 8.8.8.8:53 212.68.154.18.in-addr.arpa udp
US 8.8.8.8:53 219.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 5.63.154.18.in-addr.arpa udp
US 104.26.4.6:443 cmp.setupcmp.com tcp
DE 18.66.248.5:443 cdn.ldplayer.net tcp
GB 142.250.187.238:443 www.youtube.com tcp
US 104.26.4.6:443 cmp.setupcmp.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 172.217.169.46:443 www.youtube.com udp
GB 216.58.201.118:443 i.ytimg.com tcp
US 104.18.31.49:443 stpd.cloud tcp
DE 13.226.153.27:443 encdn.ldmnq.com tcp
DE 13.226.153.27:443 encdn.ldmnq.com tcp
DE 13.226.153.27:443 encdn.ldmnq.com tcp
DE 13.226.153.27:443 encdn.ldmnq.com tcp
DE 13.226.153.27:443 encdn.ldmnq.com tcp
DE 13.226.153.27:443 encdn.ldmnq.com tcp
BE 2.17.107.226:80 apps.identrust.com tcp
GB 142.250.187.238:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 apien.ldplayer.net udp
US 8.8.8.8:53 usersdk.ldmnq.com udp
DE 13.226.153.58:443 apien.ldplayer.net tcp
GB 142.250.200.14:443 www.youtube.com udp
SG 8.219.223.66:443 usersdk.ldmnq.com tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
SG 8.219.223.66:443 usersdk.ldmnq.com tcp
US 8.8.8.8:53 58.153.226.13.in-addr.arpa udp
DE 108.157.4.70:443 apien.ldmnq.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.187.234:443 jnn-pa.googleapis.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
IE 209.85.203.84:443 accounts.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
DE 108.157.4.6:443 tagan.adlightning.com tcp
DE 18.154.64.11:443 c.amazon-adsystem.com tcp
DE 13.226.153.13:443 config.aps.amazon-adsystem.com tcp
FR 52.222.159.154:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 6.4.157.108.in-addr.arpa udp
US 172.67.36.110:443 cdn.hadronid.net tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
DE 18.173.233.10:443 tags.crwdcntrl.net tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
IE 209.85.203.84:443 accounts.google.com udp
US 104.22.4.69:443 a.ad.gt tcp
IE 52.50.240.62:443 bcp.crwdcntrl.net tcp
NL 63.215.202.178:443 proc.ad.cpe.dotomi.com tcp
GB 79.133.176.225:443 ldcdn.ldmnq.com tcp
US 104.22.5.69:443 a.ad.gt tcp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
DE 13.226.153.27:443 encdn.ldmnq.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
US 104.26.9.178:443 prebid-stag.setupad.net tcp
US 104.26.9.178:443 prebid-stag.setupad.net tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
DK 37.157.3.20:443 adx.adform.net tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
US 172.64.153.78:443 mp.4dex.io tcp
US 104.26.9.169:443 script.4dex.io tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
US 35.186.253.211:443 rtb.openx.net tcp
NL 145.40.97.66:443 prebid.a-mo.net tcp
NL 81.17.55.99:443 prg.smartadserver.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 104.26.9.169:443 script.4dex.io tcp
US 104.18.22.145:443 cadmus.script.ac tcp
NL 178.250.1.11:443 dnacdn.net tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 34.98.64.218:443 u.openx.net tcp
GB 142.250.187.196:443 www.google.com udp
NL 81.17.55.123:443 ssbsync.smartadserver.com tcp
US 34.98.64.218:443 u.openx.net udp
US 8.8.8.8:53 123.55.17.81.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
US 34.149.40.38:443 u.4dex.io tcp
DK 37.157.6.233:443 c1.adform.net tcp
FR 45.137.176.88:443 sync.adotmob.com tcp
US 151.101.130.49:443 sync-tm.everesttech.net tcp
NL 89.149.193.88:443 rtb-csync.smartadserver.com tcp
DK 37.157.2.230:443 adx.adform.net tcp
DE 51.89.9.253:443 onetag-sys.com tcp
NL 89.149.193.88:443 rtb-csync.smartadserver.com tcp
US 52.46.128.147:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 sync.mathtag.com udp
US 216.200.232.249:443 sync.mathtag.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
US 80.77.87.162:443 cs.admanmedia.com tcp
DE 37.252.171.21:443 ib.adnxs.com tcp
DE 51.89.9.253:443 onetag-sys.com udp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
NL 89.149.193.85:443 ssbsync-global.smartadserver.com tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
US 34.149.40.38:443 u.4dex.io udp
NL 82.145.213.8:443 t.adx.opera.com tcp
FR 154.54.250.81:443 ads.stickyadstv.com tcp
US 104.22.50.98:443 spl.zeotap.com tcp
GB 142.250.180.2:443 cm.g.doubleclick.net tcp
DE 51.89.9.253:443 onetag-sys.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 178.250.1.11:443 dnacdn.net tcp
US 104.26.9.169:443 script.4dex.io tcp
FR 52.222.159.154:443 aax.amazon-adsystem.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
DK 37.157.3.20:443 adx.adform.net tcp
US 172.64.153.78:443 mp.4dex.io tcp
NL 81.17.55.99:443 prg.smartadserver.com tcp
US 35.186.253.211:443 rtb.openx.net udp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
NL 145.40.97.66:443 prebid.a-mo.net tcp
US 104.26.9.169:443 script.4dex.io tcp
GB 23.214.129.249:443 secure-assets.rubiconproject.com tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
NL 81.17.55.99:443 prg.smartadserver.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
GB 142.250.180.2:443 cm.g.doubleclick.net udp
SE 23.34.233.229:443 eus.rubiconproject.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
IE 52.50.240.62:443 bcp.crwdcntrl.net tcp
DK 37.157.2.230:443 adx.adform.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 ads.us.e-planning.net udp
SE 23.34.232.193:443 ads.pubmatic.com tcp
GB 172.217.169.65:443 27a8bd79b4f7e202b517b202ccffcbf9.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 85.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 81.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 249.129.214.23.in-addr.arpa udp
NL 193.3.178.3:443 ads.us.e-planning.net tcp
NL 193.3.178.3:443 ads.us.e-planning.net tcp
US 8.8.8.8:53 gum.criteo.com udp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
IE 52.211.208.99:443 ice.360yield.com tcp
US 8.8.8.8:53 gem.gbc.criteo.com udp
NL 185.235.87.90:443 ag.gbc.criteo.com tcp
FR 185.235.86.48:443 gem.gbc.criteo.com tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 8.8.8.8:53 90.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 48.86.235.185.in-addr.arpa udp
DE 159.89.25.223:443 node.setupad.com tcp
US 8.8.8.8:53 adxbid.info udp
US 8.8.8.8:53 setupad-d.openx.net udp
US 8.8.8.8:53 sync.a-mo.net udp
US 35.244.159.8:443 setupad-d.openx.net tcp
DE 18.154.63.126:443 setupad-tagan.adlightning.com tcp
US 104.21.48.215:443 adxbid.info tcp
NL 145.40.97.66:443 sync.a-mo.net tcp
US 13.248.245.213:443 eb2.3lift.com tcp
GB 185.64.190.78:443 image6.pubmatic.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
IE 52.215.83.52:443 ms-cookie-sync.presage.io tcp
NL 185.89.210.20:443 secure.adnxs.com tcp
US 104.19.159.19:443 assets.a-mo.net tcp
US 104.18.36.155:443 ssum.casalemedia.com tcp
NL 63.215.202.172:443 equativ-match.dotomi.com tcp
NL 89.149.193.88:443 rtb-csync.smartadserver.com tcp
US 8.2.110.113:443 as.ck-ie.com tcp
US 20.114.190.119:443 x.clarity.ms tcp
GB 89.187.167.9:443 vid.vidoomy.com tcp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
GB 195.181.164.21:443 vpaid.vidoomy.com tcp
US 8.8.8.8:53 172.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 21.164.181.195.in-addr.arpa udp
ES 212.36.83.245:443 a.vidoomy.com tcp
IE 63.33.6.201:443 ap.lijit.com tcp
DK 37.157.6.233:443 c1.adform.net tcp
US 3.229.202.201:443 pxl.iqm.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
DE 3.77.84.105:443 match.sharethrough.com tcp
US 34.96.71.22:443 s.company-target.com tcp
US 50.31.142.127:443 b1sync.zemanta.com tcp
NL 89.149.193.88:443 rtb-csync.smartadserver.com tcp
NL 89.149.193.88:443 rtb-csync.smartadserver.com tcp
NL 89.149.193.88:443 rtb-csync.smartadserver.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 162.159.135.232:443 discord.com tcp
N/A 127.0.0.1:6463 tcp
N/A 127.0.0.1:6464 tcp
N/A 127.0.0.1:6465 tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
N/A 127.0.0.1:6466 tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
BE 88.221.83.209:443 r.bing.com tcp
GB 172.217.169.46:443 play.google.com udp
BE 2.17.107.112:443 th.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 2.17.107.112:443 th.bing.com tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
BE 88.221.83.209:443 r.bing.com tcp
BE 2.17.107.112:443 th.bing.com tcp
BE 2.17.107.112:443 th.bing.com tcp
BE 2.17.107.112:443 th.bing.com tcp
BE 2.17.107.112:443 th.bing.com tcp
BE 2.17.107.112:443 th.bing.com tcp
BE 2.17.107.112:443 th.bing.com tcp
US 104.18.33.89:443 tcp
US 104.18.33.89:443 tcp
US 172.67.164.246:443 tcp
US 185.93.1.246:443 www.everyayah.com tcp
GB 142.250.187.238:443 www.youtube.com udp
GB 172.217.16.226:443 udp
US 172.67.164.246:443 tcp
GB 142.250.187.196:443 www.google.com udp
GB 199.232.56.84:443 tcp
GB 216.58.204.72:443 tcp
US 13.107.5.80:443 tcp
BE 64.233.167.154:443 stats.g.doubleclick.net tcp
GB 142.250.178.14:443 www.youtube.com tcp
GB 199.232.56.84:443 tcp
US 20.114.190.119:443 x.clarity.ms tcp
N/A 127.0.0.1:6467 tcp
N/A 127.0.0.1:6468 tcp
N/A 127.0.0.1:6469 tcp
N/A 127.0.0.1:6470 tcp
N/A 127.0.0.1:6471 tcp
N/A 127.0.0.1:6472 tcp
GB 172.217.169.67:443 udp
US 172.67.164.246:443 tcp
GB 199.232.56.84:443 tcp
GB 199.232.56.84:443 tcp
GB 199.232.56.84:443 tcp
GB 199.232.56.84:443 tcp
GB 199.232.56.84:443 tcp
GB 199.232.56.84:443 tcp
GB 199.232.56.84:443 tcp
GB 216.58.204.72:443 udp
GB 142.250.187.196:443 udp
US 162.159.135.232:443 discord.com tcp
US 20.114.190.119:443 x.clarity.ms tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 162.159.135.232:443 discord.com tcp
US 104.19.229.21:443 imgs3.hcaptcha.com tcp
US 74.125.250.129:19302 stun.l.google.com udp
US 104.19.230.21:443 imgs3.hcaptcha.com tcp
US 162.159.135.232:443 discord.com tcp
US 8.8.8.8:53 21.230.19.104.in-addr.arpa udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 104.19.230.21:443 imgs3.hcaptcha.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.19.229.21:443 imgs3.hcaptcha.com tcp
US 104.19.230.21:443 imgs3.hcaptcha.com tcp
US 162.159.137.232:443 discord.com tcp
US 20.114.190.119:443 x.clarity.ms tcp
US 8.8.8.8:53 232.137.159.162.in-addr.arpa udp
US 104.19.229.21:443 imgs3.hcaptcha.com tcp
US 104.19.229.21:443 imgs3.hcaptcha.com tcp
US 162.159.137.232:443 discord.com tcp
US 8.8.8.8:53 gateway.discord.gg udp
US 162.159.130.234:443 gateway.discord.gg tcp
US 162.159.137.232:443 status.discord.com tcp
US 162.159.136.232:443 status.discord.com tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 162.159.137.232:443 status.discord.com tcp
US 162.159.137.232:443 status.discord.com tcp
US 162.159.137.232:443 status.discord.com tcp
US 162.159.137.232:443 status.discord.com tcp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 162.159.137.232:443 status.discord.com tcp
US 162.159.137.232:443 status.discord.com tcp
US 162.159.137.232:443 status.discord.com tcp
US 162.159.137.232:443 status.discord.com tcp
US 162.159.137.232:443 status.discord.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 analytics.apis.mcafee.com udp
US 52.33.187.168:443 analytics.apis.mcafee.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
SE 184.31.15.112:443 sadownload.mcafee.com tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 update.reasonsecurity.com udp
DE 13.226.153.36:443 update.reasonsecurity.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 track.analytics-data.io udp
US 34.238.47.185:443 track.analytics-data.io tcp
SE 23.34.233.128:80 www.microsoft.com tcp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 34.238.47.185:443 track.analytics-data.io tcp
US 34.238.47.185:443 track.analytics-data.io tcp
US 34.238.47.185:443 track.analytics-data.io tcp
US 34.238.47.185:443 track.analytics-data.io tcp
SE 23.34.233.128:80 www.microsoft.com tcp
DE 108.157.4.117:443 config.reasonsecurity.com tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
DE 18.154.63.5:443 alliance.ldplayer.net tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 34.238.47.185:443 track.analytics-data.io tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 edge.microsoft.com udp
GB 142.250.187.206:443 clients2.google.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 8.8.8.8:53 msedgeextensions.b.tlu.dl.delivery.mp.microsoft.com udp
GB 172.217.16.225:443 clients2.googleusercontent.com udp
SE 184.31.15.42:80 msedgeextensions.b.tlu.dl.delivery.mp.microsoft.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 104.22.1.235:443 api.reasonsecurity.com tcp
US 34.238.47.185:443 track.analytics-data.io tcp
US 34.238.47.185:443 track.analytics-data.io tcp
US 34.238.47.185:443 track.analytics-data.io tcp
US 34.238.47.185:443 track.analytics-data.io tcp
US 34.238.47.185:443 track.analytics-data.io tcp
US 34.238.47.185:443 track.analytics-data.io tcp
US 34.238.47.185:443 track.analytics-data.io tcp
US 34.238.47.185:443 track.analytics-data.io tcp
US 34.238.47.185:443 track.analytics-data.io tcp
US 34.238.47.185:443 track.analytics-data.io tcp
US 34.238.47.185:443 track.analytics-data.io tcp
DE 13.226.153.54:443 edr-api.reasonlabsapi.com tcp
US 34.238.47.185:443 track.analytics-data.io tcp
US 162.159.137.232:443 discord.com tcp
US 52.33.187.168:443 analytics.apis.mcafee.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
SE 184.31.15.48:443 sadownload.mcafee.com tcp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 discord.com udp
US 162.159.135.232:443 discord.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
SG 8.219.4.49:443 middledata.ldplayer.net tcp
US 162.159.136.232:443 discord.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 52.42.241.50:443 analytics.apis.mcafee.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
SE 184.31.15.48:443 sadownload.mcafee.com tcp
DE 18.154.63.5:443 alliance.ldplayer.net tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp

Files

memory/3120-0-0x0000000000B10000-0x0000000002259000-memory.dmp

memory/3120-2-0x0000000000B14000-0x0000000001D4A000-memory.dmp

memory/3120-7-0x0000000000B10000-0x0000000002259000-memory.dmp

memory/1448-10-0x0000000000B10000-0x0000000002259000-memory.dmp

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 a3cd45196f299ea8db3fad934a228fb9
SHA1 7417cf807c821289176207cd42811ae7478bd12b
SHA256 caca180a189e45cdaa027f1fdc4396014b57d8f8cd68be043ea74eb2c87ffcca
SHA512 2265df256f1b6bdebd0d4736e9686f633cc6c1a3988d0f462481129a575f84674242be272c94519d1b76a7f9d842a01beb18522f8493899b59012611106900da

memory/2060-19-0x0000000000B10000-0x0000000002259000-memory.dmp

C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

MD5 5605908c68dd86b17dc300e0a1e41f55
SHA1 2b7f478677b1fdba1e477ba75b8373be83861861
SHA256 2cb1c8118e1cc96af9173585e4c2eea077b95f6e7677bdc4f92574734b4c9bff
SHA512 698d2a241e4207ba95f222e34972ae9d0dcade8fda35f47bebd94b222b8f6e87e6d9f8c4976468c7f1da9f59dc37fd4616b66b39c1097dc6d23c9a9e5aff6ff8

C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

MD5 b0d4f1e03d5c276b9e13c7045c41a789
SHA1 b9842c5ad3097d213e87936cea4db0fead64e5a9
SHA256 60bdecd594e9096456661aaf034a025c6a07638c269572125d83525d89d0e8c2
SHA512 33719b23a69b9fb8aaee0c28b996a8bb66f93a01b7a70e53681d2c612f08b1b637500252ef47476d3d03a0ebb5dd4d36945fbf9d783b9ebe2c8e8649b60bd3a4

C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

MD5 0c04ad1083dc5c7c45e3ee2cd344ae38
SHA1 f1cf190f8ca93000e56d49732e9e827e2554c46f
SHA256 6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0
SHA512 6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 bedf518b6c78e527e0b45d62d643f63d
SHA1 6a546bb87683b7653649255d2fb7e373a12a6194
SHA256 35d42af0843807bdbd26c321a16f105bebd507271249b233e3e26899ec1b5e89
SHA512 4ee68be49d2fd7703d623c3c8d8a84dc2e0c8e3982e2fd5b6b1af186482786d3b83e8e1d9b497d8a383b237dfb6317d875643920918d08b11fe4f43bc18aa361

C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

MD5 6d2d4226a046536b9813403ecacda24c
SHA1 fa685caee7cf574c38847411aa86ed6bc2791a42
SHA256 16e5b14cc8be1866107b8e9f3e2b1785822e55127aadb86332dd4b7a2b7499dc
SHA512 b63da2b8e166c43512fed0dfbc1f06eefc0d95ada66b443c3c60e06f5ef5fad5ef15259a8c5185b90daca08a60d588a39df4fbe0e609ce9b62b37b74697787ef

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 636917262333cd84ced202a99341c484
SHA1 95dfdfc2430a70381a816d0e413298f9ffa967a1
SHA256 4218c2a019d34fb89bb21d1dae35a4c890cd93f9ae1353222c8911c80606fe5b
SHA512 8108b8c290cf0dd3e50ddb0e8774b2dd6239fa918868fc4cb5e1c202cee5d28854d3a441e7946469ae2ad0337e39bcd74b638d9f0d975cdd565d7dc22bfcb719

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 4d1d594f696ee5136ccea0db599c8c58
SHA1 b6de639439f7fbd15410dcf0a9db20fa3fbf3662
SHA256 19f940aa92d4042a681e5db18e1b75dbb8d8bce5993d6457eba4e4ef51161906
SHA512 d3b5a0818674beb1bc13a2757a1f3056cdb437e0010f5f6fbf0f64a3b6321e658e077bad41aade0bd8dc545793ebab62e190e1246b9c9f001ef94da7c903a8b2

C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

MD5 7d6de9bf06798a16113b33cd27961e91
SHA1 f452d9938ee4c25991be1497a0ab6ba8a0c35f30
SHA256 c586e8c8a7df379fc60a6cffbd301d64188b1453adbc1494208a272090ad9e47
SHA512 f3389c76295dc543fa2739a61deb917229bcb36864c7ff14bc1348ca8dbfb2b1166b948610d07d7d55ecbaca9d3ced094848085c942bf413ae3b4e4d643502d0

C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

MD5 a7366ce0a3effda83dd211fc63059e03
SHA1 35cee6ce67d0191fbc62e8fd5fed8dbb3d8f090a
SHA256 b136a66584e908e4eddac1cf79346ffe9f21417d79decb4e733c94a01609ed6b
SHA512 c4a6f0baff1d0b0e6795cc86651dc2d5fc077aab573f60e7e87cb77f9d1cc1830fc675586aa1930e01a70a03b96541fe9a00a68c18138e535eac4b3d435ebd8e

C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

MD5 566d4cec19a5d1e5524e491c926afd09
SHA1 1ed6a4e19fe13de1f27a642382de9beab813f99a
SHA256 e309b386a2346f382f570dc709610c0ac6b6b024b3445bdf865cba283fb057d6
SHA512 dd2c87966e383db0319fe12a7bff6d912e397139a39b63b21456c6f29c05e686f82ed91e5dd192b8afd032a7272d8d6f5b594ce37f035296d3bff85046afb70d

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 0e82d274a1abfc497a6b1f5ade2c5549
SHA1 63fe8fd3be350ec16b455a05c42c180e1d528f64
SHA256 437faf16cc8a5d24f4218e8c5462c997d7870f0bfac35d441a872a5cc033ed2e
SHA512 7ad0aa8501ceee6cb9a2316f2695469810012711af9dfdde0970dec9b0a30fdea15b544dc02979d18930279b01ad8f29bdaef431c8396a5906c46777361d4b60

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 a52fe70e31a86a4442bf75ae93a9c399
SHA1 c5bd12c2c56724bd91ebf8e2c5f4dfd4891e5a1f
SHA256 cc780a067d038bb5c11035339ed22d18a48b3b0356bf00ca3d294c923bf73aec
SHA512 df6dc5420673013cf42b4b0664f9ccb1a3f7e3007f4aaed7f2d85996a3c50d83bc1a24f82aa3a32c27bcb31a38d28c940a2366ea06c88830d4fdfaf6d4518987

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 b4419ede7b8fc87914c9f7fadbd3e899
SHA1 e0e34777d44e8df11e6c78cabdcd536b6e6249b3
SHA256 7712fd6389b2c0d7a6bfcc00ba0c2a37eb53208c9423f9cf2c6205f57cafe954
SHA512 efc4af8465fe8fee01e39485b8babfe5189193ca05c9dcf6701e675bf436af25c7948a6a09e760c24683dda629552dbbe5addbb765f9ffb35ef7e7264f1efc30

C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

MD5 f06e108a6931c0bc5555513afdff6eae
SHA1 37d980a32866a0a7e8641e88a6be5de64f7c3210
SHA256 ed0eba96755799a1f0bb6e02b3b4d4ee3a8574a800e67d9635f761584af8266c
SHA512 f9253e7e3a61e1e7f58dc3a20e3e721abc0a6bf23bd5ca4592a6afe49140b2764ea66cb01482ed5e841f16d6b5d56abc638f1fd41205e9bc821dc273c03ebcbd

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 055b44bbe6dd2bf6ad74774e7507d7c3
SHA1 9b12bfd3b12ba190c2e10feb72628129ae66f82b
SHA256 438e6ab5acf4302b2c9d140279a7e854924401e051c4c8a0d2c503ad1ebac1c6
SHA512 3d631b211b40709a9e494e8ef12c2ce461b44f18542a3d33220578cff20502a4fc2272405a982db05bf05291547b7ecc184c74b10d5a9ff89f8b284bf2eef074

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 4940226803a3dcde9b968e5849dc1b45
SHA1 4715a5d54c5e425de897919d7a9681fa1f49a0e9
SHA256 cd688d306a37e8fcc449dc316f17962010074f337681c4575501cbd03036fe94
SHA512 4e0dc68ee942a54661d5b2b147f4d34551b7db99eadb5ff9224c9a33436f844a8f739ad86d026eb2a049363ab06927881742388fdeb945c123399045195f2b31

C:\Users\Admin\AppData\Local\Temp\gcapi.dll

MD5 1ce7d5a1566c8c449d0f6772a8c27900
SHA1 60854185f6338e1bfc7497fd41aa44c5c00d8f85
SHA256 73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf
SHA512 7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

memory/3120-224-0x0000000000B10000-0x0000000002259000-memory.dmp

memory/2060-225-0x0000000000B10000-0x0000000002259000-memory.dmp

memory/1448-226-0x0000000000B10000-0x0000000002259000-memory.dmp

memory/3120-230-0x0000000000B14000-0x0000000001D4A000-memory.dmp

memory/228-234-0x0000000000B10000-0x0000000002259000-memory.dmp

C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

MD5 340608de8fe9fff48a0179a618a1d30b
SHA1 26e94b902f6366684a4f9a7e920e6e22bc177f12
SHA256 eafb13eb0ab0e0cc4ce6b011779e3ba9fa9c7f7dffeebd63d118201116e00da0
SHA512 1bbb485ff8f311bd58164e251b29635e5c67dc84f8e63d95d71e6ad92aae8aed3936dc0aba8be2ff32a0ea5b597c55968531683544c7cd495e6765c3550e7516

memory/2060-243-0x0000000000B10000-0x0000000002259000-memory.dmp

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 9328220e4f76499ed41799c7eadfbe53
SHA1 40d8ca5219cc695a3185cb2e39b35b96bfa09532
SHA256 ad1a37bfc82b697749906a4e1136eef60f86c9bfd46fbbdfd2becc4c60d2bba0
SHA512 c15f8f72b50d94743fc71c3e62e3ed97f9d7d486e012fbe06a883f06355871c78f4db6271ba4b8c960333d17881c7cdbc2fee8b819c899fb42d73c99f2dd4713

memory/1448-252-0x0000000000B10000-0x0000000002259000-memory.dmp

memory/2060-251-0x0000000000B10000-0x0000000002259000-memory.dmp

memory/228-253-0x0000000000B10000-0x0000000002259000-memory.dmp

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 3d0575a8569293a8a215b1a9bef8d03b
SHA1 e7c6076d8a1c5507401c725cc97b815531700fb6
SHA256 275672a250b77567375e3b5d5aca6c69c295fa780c2deda30ce82fec77516f59
SHA512 720fd9f8cdd3e50a98020ba0d24a5b9478a2aaba7dd51462b7184854e15f966bff935bd5a0b5d22fa6065c2e8cf4f0d7a5b92593eb14b78bb5351587a4de8130

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 5a356c632505889f90dbe5f6cec221d3
SHA1 eccc8e60d126b7e941f27643f73908744868583c
SHA256 314aab4030dfd8881c8f0a5066f116bf71bad753754c50d6bb9a9d3fbd1b5d1b
SHA512 f333d07d00636fc82f702831e1756b56321aa735ed628a87483d2e26b17073e8d80197afd2b5ff9a5552ba449d5043bd5ef0e966dc93d81b61edd467f1032f2b

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 1d3e2823f9129c525b2e86d764824610
SHA1 95804f601da466c7634028c8273e9a472e1ee81c
SHA256 62af942f6c48d72923548a5246fd28279b214fc1c21b0a810e7ccc00b5d65304
SHA512 ae43bbaef335a62e59d8446f0fb0aa3c2c9214affbb50be12bf3e7936d7d03b0dd4bb1d2d5598ad3bc979245dab2fc253e765e4e33984b4ea57221df4c37b8d1

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

MD5 e09bbcea422ebd1d9b80e3ae80e0ad0b
SHA1 21cc12338336aaa7bbf27e5b2d387f0f9bb42b69
SHA256 0ebe0d0ef9fa6f89584364ed7774d7027907cac6d8f1b116274ddbfb7d1a7815
SHA512 8f2f476c4d63d4df46e37c45db2a1264dd803535d7f57049ecb4f58877bfabaa0f4666de3d9bde7774040f73b97670ae107ab892d10a0593da622ea345fb6b3f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

MD5 cedbe35c1db88916a1822632e88ff2d5
SHA1 e60a604dc749ef3c1c6b479bf0bcd1ea4fc632ea
SHA256 9bf6e7cc8fb7d40129f22478d17aa83f287cef137751f8b58c4316d2d9b29e41
SHA512 53c05f45c3f8a815e59f9488430e3813058e673cdb4fd6fd7c3ed35bc96f0bebc6e96849a8cb0547b46baced8bb7981f6f5e27896ce72634f4ea9df1de96df82

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

MD5 7067202ba31d8b3038eece19fe579a4f
SHA1 5caf78dba78be6f0019f7d6a40facf19c80b8312
SHA256 94e9dd44dcc103160dcfc2524870eccbc0613ec27cb4ba504b3e9a0aa775b0bf
SHA512 a4a8e239f75b53b860e12da989bf04721ddc0ad10c6cd7c430cb01cd6a5974c950fe8c7c64b32f1f72f13c354dab36fc32d066ba9903b5fb712ff25b4619e116

memory/3120-298-0x0000000000B10000-0x0000000002259000-memory.dmp

memory/3120-299-0x0000000000B14000-0x0000000001D4A000-memory.dmp

C:\Users\Admin\Desktop\ResumeAdd.mpg

MD5 6b5024a30f23c80afb350b0f46d4ddc6
SHA1 8fbd9a7f9bcb41a5a362f7a82992a2e5139045a2
SHA256 6a7eb1f78c2c8f83c24260d185e234e7f47bc8a5c1c628ab161875d9124168f2
SHA512 152c90bb0f8f087608699bf7080601fa53731ab51641c9fb647d21332c5ca28ad49fcb75f7c7b5dbbe716a5b3eb8484cb144762d320c1e8a79489c3ea16eda99

C:\Users\Admin\Desktop\SubmitEnter.vstm

MD5 7016a3ad95c2672a94e8d4f2e401184b
SHA1 20e0392ea948cc7950d6f4938896f86ed032164b
SHA256 6fe838e373fedb3f504dd52718ac436b1576c4b0b5d48214ec5c751bfa51a5b0
SHA512 80cf04a09f41052ef95a81b2deb928fd07008831f567fb8c9c29f113588e0c273e3d93a04ced3ee25e8b4d8358309f3333d74471a74ebadad1ce6d393dd40b84

C:\Users\Admin\Desktop\CompleteTrace.mpeg2

MD5 e5d8af6d761f9b5e118fa3f90b44ef7f
SHA1 7262370bf95fd3f8628f9ae3f2f41ee55b8bbb6c
SHA256 66648a653f606039113c607b10d2b42c403ede603155dad6f7a6aea47ce8a81d
SHA512 af8ff1f179250fadfd288fbadd9eecfec0affbf8186249fc1395af6eff3f320edc3155d9639ea3be96ec8b1b15de2d6988a27f320bdbf8bc259cbf484daf69d9

C:\Users\Admin\Desktop\CopyMount.mpeg3

MD5 c9b1c0f18f04e3e3bef9e2e54c8aad7b
SHA1 4010208f2611c65a20c606aebe9d54405efb1726
SHA256 9c411269c56a228f89274add28a2495f11f50e7efc673c3d327ceeaa73070741
SHA512 dfaf0ed2032a9e21f5455051240be2ea8a6bef761aea49dabd54dc2527e7306c79a1c07de10e52acb4d0498fe021fb7df9a7649ac8ca5017713d78605199195f

C:\Users\Admin\Desktop\CompressRename.zip

MD5 a227c820105f0e73d31b13f1d797a4ff
SHA1 f9a8735856a9e2d925265f215267c7b9c4f50dca
SHA256 0c48cb3757af61fe51d265cb79c95266abd2f6a4c2553ce9659c9a2b6418f1e8
SHA512 2535278d6f5d4a90f30e0e2a856a6111237561e1f78e5e4f310286a7fb5389b78199f6cee61d2b121f0cfd37002105367148cec6d4fb63883c04b63a54f4818c

C:\Users\Admin\Desktop\BlockWrite.xlt

MD5 3ec9f1196508b7731d5087143074dfbd
SHA1 e9b255b65f24a94bb96e26062eedcb99692eb447
SHA256 b7d557ea3b0747e8e1e5b53cca9f2314a959fb2376e2e1c03d7157f933c34b05
SHA512 e882cd2718b0b8fe7a6b57d6ca9434aa63e66a6b572bd9eae20ab41caed72f36c573b3e8cdf7cae136c19be045412c1fa4a4087064b2124e4ed4a4bc783e01f9

C:\Users\Admin\Desktop\RenameEnter.mp4

MD5 f470046c568995e87f241461c3a931fc
SHA1 d7d92f7b3742fa2bbeadf168de7e4e89db3db8d9
SHA256 405e23a3fedbee3079ad2fe9b4ac78cb396097c31b91d94ee0132d18230a7bf2
SHA512 551336abfab4316464b772c9409d25ed8a276ee39146af57c0bb65fa31102e8b8c0b2858c4b79a126bf6b2e8b18ca7ba7b47612ff2188482b28b8e891e676975

C:\Users\Admin\Desktop\OutCheckpoint.wax

MD5 eb6671c06977c5e3111335164cdb1ee3
SHA1 b0a7a8bba10a51dffb94469986cc93c406f89db6
SHA256 a6b4405c7ee2e2e18d27e2f82a8b288db68c7ee46f26f09211d70eac740ab0f2
SHA512 e373b4dfede78ea2a9c25fd84e256e166bce11a1c0df39e063625d52b289c2dd1ae609c1bac3e9d81fbd33448a1bcdd8a7e186dc9a86ee2db24d29297d43245b

C:\Users\Admin\Desktop\WaitLimit.html

MD5 0ddf0dfed3697ca2cd4d3c6777bc8887
SHA1 3a2f4d96933cb4ddd78b06c2b48aa11d454fb7b4
SHA256 d03697026d6da6776f6de7ebb3c90015420c2684c3afe95e5c4417b300349e57
SHA512 7a19596f098c0e357c48fcbdd1c32081b64ab8a7ef84eedbe5f1d9a41e8a8b5bb117fc35cd523c519b92faf3597350535bba404534994a20db82a1982d22c377

C:\Users\Admin\Desktop\SuspendConfirm.rtf

MD5 edadbba42c4ddc1882e4b9dd81d51daf
SHA1 606065311da492832c19edecf413a06d7ac03a01
SHA256 fb79fce865cecd0fe6795e50245371db234cd1004e3af323cb749dea1b74a6ec
SHA512 aa9dec68b76c636ff78332fc7ccfe6b4c175cc05ae7abf22709007b6b77d615948cd1df10d6488cb5065f58adc88cfb69bfaac8ab4f467d8cba830f31571a391

C:\Users\Admin\Desktop\StartUpdate.lnk

MD5 b4fede2556d31bad0dd1aa3a423a47e6
SHA1 a8d7e81bf03a81171524bff1637daf8f7688311c
SHA256 83903cdb72adecb98fac5fb1700f29f09ba1e0b8cbeffeed7e86fa162f0d7d34
SHA512 ae8c1a5bcc96f60ad4ee9ac6af608d7b2c8da2c3bce553bf4a2f67f2257d67e0e60bd3aca1a3eece56df0ab4a6b04778e956c86e67b7e1a0d407fc5ff02eb664

C:\Users\Admin\Desktop\StartResize.docx

MD5 b5210ba82c5082b9e53d130823d72e41
SHA1 dd1c83fb5350b9367609d84f3a0bfded0d34c42c
SHA256 b98629250d5a8a10c100f3ca38897f23e5997adf75735ba5aeb2342e59d758e8
SHA512 32e659ce5799e42c412e3a7bf2a617dff7ba39a45de987926a766fcccc2388898597af15be225e1e40b6c7cf30b046e3e10c5111856012c054ad4dcafa0b371e

C:\Users\Admin\Desktop\SplitGet.asx

MD5 758a6b0f6c3a82eb1224b13857f8106d
SHA1 fd59c3248e3d8f1603bab69d11efae2b72e1f1e0
SHA256 353e4fdf46390c60183d150fa6d07356951615100378582cfa10ad282991d39d
SHA512 74794288589438c540c5bb757b156bdc7c4eb00d3da4a4b0be4b2a6a1289355d753dd7dad3c9f06b64e1bd9d54fc89c43e87461b6d60fbd74b7eecd38a1a5b65

C:\Users\Admin\Desktop\SetConvertTo.rtf

MD5 295d0516aae21239ed661ef3bf567c69
SHA1 1b667d51b25ae0d858d9b5634e171df0e34234f3
SHA256 cab26c945d29123cf2c249b6b457f82d7aa0931aef3c5949da708df043062e88
SHA512 c4828eac6ca6e2254d3cf901271f28fa816c122bda8a960958b72efef39513170d3682fbe4c41f32a814127695c47a9078d4f9dfe0a60ee8568dd59b84682a3b

C:\Users\Admin\Desktop\SaveSync.ADT

MD5 cf8f15821eb46119f7916a889877daa2
SHA1 1bcf6a4d65b95757cd5dc883f458ea442b15cdc3
SHA256 def416f5a65a48cc97a5a0edb9f163a2d2db223e2777ae3297c95270fd5a8223
SHA512 a9160540a25307e076261f25659a86cbddc870241642e5ae7c73893fa6db55e15d64833ac779becda724427df0cd88addcbe2d552a63ee361278ef9c36a69ac4

C:\Users\Admin\Desktop\ResumeDisable.mp4v

MD5 be1eb5e29ea634c1fd1089185a29be8b
SHA1 4b63cd5a5136ade8c1794676868ceea319da956a
SHA256 687b72c2e6ff69e0590c3441002cafb4a1efafbd43750c8adc3cfc74eec759df
SHA512 292b5e75c62ab98c588f7092592827e532ed6af8f5686937917e0625dd6756e38bd65e33b98a79f10b16ca37f4a141b86ed46a98f3ec85ba48413581be2f7516

C:\Users\Admin\Desktop\RepairReset.dotx

MD5 4d294ff429b8a412eaba434ec69cd6f5
SHA1 137a7e268f48400d8efa7ea16f9d675edb1ab377
SHA256 2e666d44c6fe11fd29adc81efaf2b0d455286d381a508117680ae07aa7e1a73d
SHA512 3d3c6071374afba66c449991d14b3ccfa6387468b19fb6d9b06515ab1f96e28c34be75b23068f5c48714d7f07bbb0118b2d3024442f1a0e7001a51438bbe7c3e

C:\Users\Admin\Desktop\PushResume.txt

MD5 459bb8a3f8da0af87814ac214e80821b
SHA1 8b0cc8f8163c198372beccf54bb2823c604da926
SHA256 a231e8b6297c201d9de717f2b89f463d852266735215a06a3ea97f00476699be
SHA512 587fb6f695f70403bc23388ab76ba14d30bfd241b47fffd8b07d0806b3503a01ae98afde53a112cdcadab3fea6c2fadfb5d8dd3677aaf9e621a30c9d29f5466a

C:\Users\Admin\Desktop\PushOut.fon

MD5 164ee3b10e48ab643c81e371e993907a
SHA1 011f5f37fdbdd6fdad6a7b12022d7f795d059da1
SHA256 fadddaca2db9c965f750710cf98560f97a3537ba536eb36c4f6bb172f0f877e9
SHA512 6c3efdd441ca0d722fc79a506294f0906f42fbdac6e9bb9090be58b238a7c7e8229a1cca137643fe80a02028f653d340e20ed1e8277a1eee7437dadde86bf692

C:\Users\Admin\Desktop\OpenFormat.mpe

MD5 8e578534e47138362084392f0b539ec1
SHA1 95cdfbea5db89ca4aa0c384a0d8b2ec0f425bb42
SHA256 faa18abce62dfa02c8c56a2d0de62ecbb09c4d7596ee6e35b880bbe912dfaeb4
SHA512 87e978a5f178f2ba907dcd7930003e030d00ab4ee18d6b7b3cf6a09ff9b3c3777a66beec3c87f55ecb025fdaf1d6fdbdd364e68ee47751b3d1865a406d8421a9

C:\Users\Admin\Desktop\MountRename.pub

MD5 76a2bb156184590a913119b00e1f3705
SHA1 e33a09161aa5c987f9ed8ac2ecf4ecad253802cf
SHA256 ce29be8a8afcb8b1a6cc0956761d9eafa791d5edb659582b4972339d51978368
SHA512 8c0a44ba18930af84bd5da970a358462c0c847e31f858907fb58339fd4f59499e84263ffcd12d8bcfce889961bba78c100a548fa72ff1f5c0ee0c4d2ca667585

C:\Users\Admin\Desktop\JoinImport.midi

MD5 a65f943c3f6a7eb3f500bc6f7da5fea6
SHA1 cb5408fc457bfe2e869566ddac5a915c75443ca8
SHA256 45ae03807e4bae88a588286464dd0e1d8412d713659f4d43bbca8eb307cc6c44
SHA512 69432520f40ca5c284f11c83bb974f3a2b3bac4d39a446280d55584bcf180aee7bc6b6ea083c773ac95541de0d299a93174b33f78769a0f225d809b17d3a33c4

C:\Users\Admin\Desktop\InstallRedo.mp4

MD5 e9ce863efff24c4614077dd6a90aba3b
SHA1 d329f9fe8f162f5e7087d9f4a7085ca2d9fcc867
SHA256 8b7ba8c5b4cc2f383ac473709ea8b1b26c17b13765530839f444ed2d6da8dbf5
SHA512 04d6a7263414de3490042a569b84dd029767a60081bb2ad25dd2769328775383d2e8f130659f45243cb042911a1763ef61546c3c6c7cb88ee86776d228948916

C:\Users\Admin\Desktop\InstallInitialize.exe

MD5 2b5d366439a648f10c18825b791343ad
SHA1 9ebef2fdd1fad35b0dd784d4e3a191ee7da9d91b
SHA256 ef89216f000526f5de0380f65d23bb1d0a80cb3d92867c80d792272483f4ead4
SHA512 9646cd3ae64ec7bdcc069ba7340c9bc2604924385e3d24abb44feec7d8c5787d4b47a109d9e97d7eae50bf991b138a42eee18b90e9b296e8edb7f42d08d9218a

memory/2060-326-0x0000000000B10000-0x0000000002259000-memory.dmp

memory/228-328-0x0000000000B10000-0x0000000002259000-memory.dmp

memory/2060-329-0x0000000000B10000-0x0000000002259000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ec2b36ec0cd4d2d73cca7b415a59c411
SHA1 0b0e49e08ee54f5adb15a248ed9e17bcd4ee7589
SHA256 9a2bbd4bcc0ed31824ab965a637c3abcf2566bb20d18d8b7be5525f22cb02292
SHA512 557ba0314793ea393c687cfe4d3f4aea8db14c8b3f1179fa05483a2ad779c606b2397e372314159264a54f31c97424491270b6b58d4288cdfae769eb6e64c99c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 11d5871087dcdffd562febc86a5027a2
SHA1 ff8a9f7b76076b6a1eb405efb3936c1df3f3dc34
SHA256 71916e330db2992351130b073d45e77ae5dc17ee29d068f6e0b2014a6bd0b25b
SHA512 49fc4fb6a9ba9a8cf116a977af9664e1b8467e7af7b133144cae50bcf7236d305da99941d12e672af99d579345827f65f87b88d1b8c025396220e6bd63ca86df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 96902bfdf039861ab487d2f771d831e2
SHA1 617a22016c730aa16052fb64b0e405f9b7518001
SHA256 50be657e9a7d7bbc5da02e9686fa10e49c3f1f91797843432de8bcf8407499a1
SHA512 23b4160bd1448a90d8bac95fa2a4205c5cb8de1393b7bd891627750949a3cf4cea30093e7c105b4b0f629ecbf7b3a0f9650a0dd13f17911f3cd0f900eff02059

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ae1bccd6831ebfe5ad03b482ee266e4f
SHA1 01f4179f48f1af383b275d7ee338dd160b6f558a
SHA256 1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512 baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58b83f.TMP

MD5 e87e290949e2d29464e1d5e551d0b15a
SHA1 cd580eae77e41d8d16e41bad4703f2b7b89f71bd
SHA256 bcf6667dccf092123559e63e522310ac411bd0f2cabfd9a94354c0df60931365
SHA512 8f55c6756cf9b3453f2c72de6e23cac8fe6bace2bdd1dfe1114b1613d7d2fa82f33a08a065d3cb11e8e064954d07900e992c49d6d620b64a55e506284e72beeb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 188ff83e1d4ad793b3d1d3d8913917a4
SHA1 91811ad433e1052848cd78f783c16d65d454c566
SHA256 651bf595879c29945214e1ca69275065cec8e615baa9bdf6e4f6779d2c9d00fe
SHA512 f9859860d0736971e178f2cbc15d3f3ed18fc41f30cde0783e4bc451f519c3c739cd0493e66a8137343286912a90340859067c246872a2ce930e07e82af1cd5a

memory/2060-495-0x0000000000B10000-0x0000000002259000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0047caf8113103170641c0c1ce6eb24b
SHA1 d82e6c723b866525ccc44902dadb936111a11562
SHA256 5d09869c6bf99dc9bce36e03a24261b1f6444e52b50a522c122926464c76dace
SHA512 fa8a0aa9c4037496bc4d14d6b8c712c772365b7aafdd435a307f164963c3d22bbc6e70db672bc2f195b3f85ab75cfee84b64a1b68ef30f49641e685b7a2f55d8

memory/2060-506-0x0000000000B10000-0x0000000002259000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8fbee95f064b6da4949f0019bea15fb8
SHA1 2078c8dfb72a125c5a78f1eb8f613b7bb7738e37
SHA256 6e04f7b458ab6d1aa01a95bc06c4c779bf8b21c02f6792f9c0648b7d0afd59ee
SHA512 a558f8c4128765d5ef9da5beb11b6924f09f7a6cf13f7ec46db4cab12cdd329cad58293a79eee156d98c50c771359ad1ea24c6f427ccaab202c31c0744a617d5

memory/2060-514-0x0000000000B10000-0x0000000002259000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 6b63b5511e8db95c192fc5c139633340
SHA1 5305a7a87e53aa401f74086b226bdb89ff971014
SHA256 eb60798d201c61ddabd13f07eac4a4da09c468e0e4fad5d0f2faa2796150d2b5
SHA512 ae89ee304bfe35bc25a863c3e9ac8450be23f2232d538d4fe0f01db796f6e30071223a635c124ed2184ece6c893f9ef7410178824a2883cb45a99c65ee76563a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 c71e661f482d2a7bfc565060281b324f
SHA1 4f66536e4d59091e4ce33e84207965c51330ecbb
SHA256 60edc95aa4f8233ce27dd1b122a78632a0b9aa5be0f183b27a08dd9fc58a4932
SHA512 7bf62c927d45ba24d1465977e8d741b2aba4faee95f7d3767fbbd781c62b3c6bc97e1fb9f525d43f3c77202ae6f8904f3389c3ffc84c306c43be876ce4a180c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 b85fbd0af36f6d4830d49aa256396455
SHA1 e00a66e77944839051733af141f171975dc95987
SHA256 b85a4dc3b41fe36a808781076eb54654c2ebd1f8a2e9b3b27e5fcdcc65dc798c
SHA512 f08345aff9fa225c9a61618ca1b76aafa4165c13fc25fb3de9fb6bcb8520e9f6f25d356164b5392043302e384065f9171440fff9a9a1ba7a9be4ad653126cf1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 5e36f283a86505fd9e8a5074f93862be
SHA1 f9ed10de98b957352518230aa60f82a4827c3352
SHA256 33cc078882df92766977cd929f0005731a6b738511db2e84a25daefacc7fb528
SHA512 461010a1a6f582067698f2832e3ece004dda2cf1ecf4bb24a4064c77522a4982af36d2b6dd5e412d6122a640248cfcbb3c5f06b29acb1cf75a06b60daf175722

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 d5d7675604340f99633218bbe4793104
SHA1 ca1df39b7a903dbb856a555db75770f6222e7dce
SHA256 f7d966e98dacbf184660988f6b4482396b517d391e4d0475ffae4fa6f40971c6
SHA512 bd202a6a44ba24d784e3a55556b02d7c20738553832bb42d7aa3205b069913e524c08cf0a348e255b6f0c697f118f190bb5056695ee9d37d37296b9675964236

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 20eafb50c1f216b06c9a0a91ede8120f
SHA1 6ae8a6e138a78ad50fa9834564e619b197283cb5
SHA256 f4ccf2be2995e07a67b3a60702dc2ad63d905b653cce7dfeb95088b406a24dda
SHA512 9f28ce9933ad85df5e40f38c9538e651b153e6279d28afafbb987f9a57abc2e101fce265bf1bd6329f2eab332029bf66cea4b9422cc80a4c594e435f1bad8dc6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 54476cef20aa3e041c5b14de32a5ab6a
SHA1 032a1be25a46f795208b0365455d34e1e3b17760
SHA256 189be432c6fdba1e70841382153b3b2ac08aee391c80f6259066364be3ec461c
SHA512 0b8ba7bec920a0b73393fdcdb8fe399473965646b32ddee7a6734fa222476780c40b8ff74e528b12b2844cc15278bf0c065ffef32c227243829950623946d56f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 4e0fd939c1a363d23ccae3d7929df599
SHA1 599ce43eebeb61aa36c08116ba84fcc81ea499aa
SHA256 33f2573ae756a04677c62a4a3953160c169226145256d90b0443f0074fe2522d
SHA512 7e269353327b150346b4601a92ff91f6ebfce2004b62f03ed55f977b9ce9a520ede65940eadb85b007e0a6778c7af48d4cf38c028c168e8962cb56388ceeb2f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 f03b625b41e6669d63dd48c535134432
SHA1 d09c27990544a1694e0541ecccd0d7095d8af953
SHA256 827f422d8f2a5181e9f316c0b7e076a45d72367c47d8b765d4e811fc75e4fa40
SHA512 d34528736eb3767d8b0a9fcc533cbaf5d87cbd0726a2e251934dd3253070848df9e3e2e1b1b54a6b1e967383b8d289bcf31cf1a9ed0b11a7f7a335dcb1592f25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 127b7a9f7009939d0ae5dd1a48386985
SHA1 f9e981f2fbc6df7e304803153fb6fe40f0dcb6ac
SHA256 9d8e3219c036313e8b27ecb7b91befc49de6a32352a5349656945a7525a89962
SHA512 b1a442d78f6adc7a67f8ee299d46817309798ff2a38a66af2ff03eaa276b3a7967fde34e801dc8488ed75b3110fd01b3a9763f792ce75e21fae190d4779c1287

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 d2fa74eca9d32a4d2e972aac6374e508
SHA1 44d505f520ec8840633b7ec0534a98a135f0c261
SHA256 ef08e7461ad13377993a74ae88ea9afcac9d54c3051fc9291cdc1df89ff339ef
SHA512 a6c545da622f610d174431ef09cd466834bf47c14fd9cfa6571a4207452844a161958adf6c30370facae99a446fb7d0a33ef0d6745024430c9c977043ab00f47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 7c91b857e9f9d94ecd493c5d2ec8fce1
SHA1 3eb4cd92b3996334df5fbbd21122c9cd3408493e
SHA256 48ef9e73aeb5baebc133f4d0da1eef12140d8640553f9fbebd1364516697312a
SHA512 3ed245dcacd412cb2e248d455e8abdd55933c4e3b39a2834bfead26f9e533a6ec5a8ad2f53a10e2f86df32fc83d8f99bfbf8fbc168a70e841f13559203aa0fc2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 f1835bee43eb0d3d612f66e06ff4bda5
SHA1 d3cfde687ff861ffe9e5eab708dafea3374eaf3b
SHA256 150991463676ba1d0dfc77e7dc1cf9820264e52aeb620558aff0cdf9ff1e1914
SHA512 499051a8b1e65ff71e27547b4ede86b8b7d96c2b43843aa44f899d32b578d4e6d5e6838201cd39218eb1720af29b5f641dde386ab81cfd948c6e28f1ff9bb885

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 51b0ad51a5aa4c7db3399ecfedf4f9bc
SHA1 6dd0b716f2f936c52f6a64e19bd5d020558125ef
SHA256 f0efe79f0f108e68ddd3fb05bbe0cdab753e1dbc3f069e119bf4efec96e8d4f4
SHA512 8641bd22663d50f83239ba2c39b3d2dc78a3ef1da3fa6c4e1facee890eeae6294edd82421a16844ed6fa5740a8aa1d2055c1f8d426c7118c971a746e6d61d668

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 088caf235b6e94b36bb6158f0c87584f
SHA1 27f6706376aaf9cacc3a14c0b9e62c393c147435
SHA256 52834ebd7fab9a5a354379c60db53b7d9ec8a6c6585b7c24b8f8281d168991ef
SHA512 13e460508d59d20abb61c29eb9ec99dfd8f24dff8d91358e70ff38fddfd59081015fd6fbbc8a20e7a5b8adc71c12cc044c7dc5a4c504f17796787298c86aa19d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d3c7aa04b9192fb42bf773e987d89f22
SHA1 fcc42f536904b6a931abc8be931cc3a37ee7c856
SHA256 2476d1b9611e88992aefefea141772855031ae75235405b02e253be882dc1352
SHA512 5cbb533f69ef63827c8ae972d150aaf5a35930e61b56e3209cd32329e20dda8e96abb7c4603e6e04a64cd42ee255821b567077fa16203075c018e6d34256cf7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f897892fd73c4847878b6e60046e0272
SHA1 02f6ca94eef975c7adbf37b3124743ee768bbf72
SHA256 3463125a56077f1ee2e8c032d0441d88e4d26305612a116a9c03d3eadab3e84a
SHA512 2aead40d8293cc3ee093b6255fb0de0427d0046cf61f10af7d9ae646b50866c94fd46492e881582e031fefca015df77dc37cac3ca72024dc87e1bb6778c076f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 15aa12b9b0f6dcb7d4d14255199e1275
SHA1 610804a7b641bb0a09a53c9eaa2bd5cea080b003
SHA256 a49e3d182f0d935df2dbc2e3b1dc4f477e53ce9e841b66f591d017b3024aad85
SHA512 8e6a06260d33b9c66875b1b62b10e334dbf73a09e6eafb657ffa2fdcba8d9bfbc5789811bf85fcca05f2912674975ee1b482f83640573e7e66a33241c9eece68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 79a9f6da593ba86a293412ade5a09532
SHA1 2533a771e8af5fe257a727b27addbfffd195c054
SHA256 29a4ebdae78efb873bec553417685699427cd6293f6503c26999d8ac0d4006f3
SHA512 320d167011828eeac286288c257fd8f5214b0ed39d3dba6c981c4b7c5dd4c494d12ac4dec11dcbe5fc0149d52e34f517cfc1f87d282a56f1027d98f989c22fa2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f69a2971-8e24-453e-9a76-eafd773113a8\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1f923d6636691de2254c6740cd9c3385
SHA1 f577f747c190ef3200ed7b7925c7329f5268bbc3
SHA256 e2170e841aae50ff4b9fd160288bdfcff4c56063fab8a962663f51cef32b1376
SHA512 220871dff68854c640e82be1f455175c04c2df50de5112e4730f7560b3015c729261084ec77c15c0ce6c3336c5ce86a8a68c70e7fb5777253f9893204345a1f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 043032bba3168a52963666ad88024f82
SHA1 86baea697bac2ce3118ab0818c2370ece1173df2
SHA256 0c044549364abbceb1549059423adf02c27dbca70ebc4fed1fefcce47ca5676f
SHA512 ecfe40d30a1a5ca443497bf2cf2cdb159e4744bc9040bb87f3185301162e640d72724025ee305ea46f61d90ae33eb4ae8b62e65e59b51a574d4a9e3989ee218e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59be84.TMP

MD5 1ad3029c267ff4c878261b6c672264d7
SHA1 60c7716f4850880c4e586dd40879b2bde18f15ac
SHA256 e26b1cc39a217e1f2b567e215359b0ddcc50189492ff4089f4228f692af388be
SHA512 557aff130dc7e7fb20bc35e896ed2a1af4e49f91eb4ac3acdb586ec706840164a14bc6e2a7caf9f66442f395f3fff3b7518be1ca909d791b09b95e353560dc29

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 763170ba44c0c2ae87c19439dd83415b
SHA1 ad39c7a4978a3c1dfcbbeab703733c68e7383b02
SHA256 a67984a9d4e72995a2dbc74caa2b7cd872382f5cdb1c4793c0c3bd8a5cee22b3
SHA512 46d9ec17ac64cfd652c4b7d79a35539f93b83a477589e8e793e17be92e47fa69cda34dcd1da32fcf88add0d4981945ee90bc41540b26d2d4422bb800509c581c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000051

MD5 9db75af2ae54430b2c88c452b4d66505
SHA1 805a267ffe69bc89075066761742682e32461a47
SHA256 921262b9d71dc673eed53926026576bdfd85b2f3192e12ec3931de84d48a8b33
SHA512 bacaa8f5afdca197f3642bb4f673321a6448c5e6c10cd10624cd214b3c0a0e8976d542efa2c9724360cfa7116f129b4f6a456dc3ed718cb8d75632ab55c89a44

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053

MD5 f101de1a7c51e656e90329f887a93f2d
SHA1 746a31d0293e4dca7e15b84cd035661551d8ede6
SHA256 4105f432042f09ec4b400a10a93fba92f37d57fbaa15b2a5eeed2fcf541f9c46
SHA512 6aa6bd5cf1d00cc90f22c1c71dcdeefde667c3db33f4baa6ed87dc5682ca3edfc911009439363a727f9a114e1ddbdd46b85bc9fb2f388f6ffc927d67f77d5b09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055

MD5 fb7c86f6c61a0a397ce059fff75ddd6b
SHA1 349cb658c9a4c0ec21f24e553830a543aa81c09b
SHA256 5febd865bb8033397cb4d07bd0539fd6ca3a5801f099f777cbf9d66b8ac699f0
SHA512 a6e77f70e5f5092cbb2d2c5eaa08aced9c71be8a65b62d39653355c05a4675e60144c4e0a6d954515ecf3c7601a25eecc51a6c0192e7642672c41d44a3aa7903

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2d9511f20b62c73d47a6088fddbfe7c7
SHA1 2f4ff9697c9381ad2354335e82efd0cb3e6e7732
SHA256 b7dbb844147274c611f92b18f389617c8a99066ea70b5e593b6d6ca255550af4
SHA512 a7d07c4971e7f444cc97b86e482f34f78248901b955abfb95089add2ae063c9e8bc9fc8fd2acb8e0ca96e64252b2ea5c3c616198c6a3baae24f08f3f12846148

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2200ca5039a516e29c45fc5473219a5b
SHA1 db246828421c4871cb4b465ef983b67816d5661f
SHA256 affad6035f4d0649c0ada2e4bad15f54a5dc8ed891c69364a72cc411d95c6a3b
SHA512 ac07de8341db88459f3d66ebca8330c1b28c57c3c1eec01a61023804de72589a07f00602f8998836802a693e56f85418c8e7e182938a6773d87a6b6b33e668fc

memory/1448-1237-0x0000000000B10000-0x0000000002259000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 86e7d0398da163df2c3260950f47ffc6
SHA1 e30e8fc30228809024eb5a4d3639de055c7ce532
SHA256 f446f83902e04686db871211aa9cd466ce36e034ced4f019082cc7654d4a3f39
SHA512 c55ad25ee07eff9606740c749eaab1ae12127413485e7884e5e59d981f84d6120607d9049d50bffd541d7e0f1e8dc0a31e259acf95595fc8774f35f1f748fd55

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7eb87152bc1b33238112960148dc89fc
SHA1 c42073a378bde91424b0c621aaeb282378d83f86
SHA256 1a4da8a88278868fedce4027852a310949c0dd332fec4355c3822771c82bfb47
SHA512 f668c5d3a791a9f49bf67307bf3b55e7daf3ebbca91e9849ee29f1840f034062e7d8d5a2cd9c8147a8f9a73428b064ff818edba1bc17e2947be70fc7e869dd75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 29e8f1c6359002b08f47a839199046b9
SHA1 5328ff02db01e944d9690df0fc1d8bf6fce958ad
SHA256 f0835ed025c1100a0a3500e6ffc41ec9ad80e5fbb7b60375a2c6e1fd59f2bb1d
SHA512 366b8d867bea52fc19af2bb6b8bc84e4f3a062a7454215485f582e67e18977b4886ae0aecf785fb5bfee1b975335e87361e8a55d9bda123278b4b8c9d3ba382d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 77cc62f744779254dc9e928d642e4f5e
SHA1 1b2cc7992b54654a19b6903b6622693d3cc45849
SHA256 78fb97a01db46479185bec98812b3e0d76a763808cbefbb1d4bf5d8a5f3aeaf4
SHA512 76215073609022c3af59b0c34e6d50fb01875ea22fdf7d790a60756e86e487f780dfc5375e75628711f329f3910d329e180888a23616f6ee8bcb99c6b0019fca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1b0288155ee9e92b8ff1af967a585f5b
SHA1 3d450cf4b814a42c839c2fecb631597d54782b3b
SHA256 6d7ba8dc6b62a2dfcad490c9f5644a209f04a509d5ee7746a025f15107253f4a
SHA512 f8e4b2318198be46dc3715efc1a0f2acff496a96ba229009ce9bbad3e38fada84a4557e5fe652645a2082daa13ac44c96ea3e4fb42a90acf51e23d1f95061dea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

MD5 71c2fd457735ad8ef715d00619f8a1c4
SHA1 d0db8605b3031dab22858b5edabe0f635044fc8c
SHA256 c842a3e2791a6783e2623de3392bea7960e6e1ec1cb6b9453a5a7ab0a7d166b8
SHA512 19265c42a07b08120d16ab5ec758a9c53edea9dc8586e6a99c0c5bc99430d412ba43ddc31fe74de9adde4b46012cbfe0bd8197630a8a95981d7f7f3ce22619b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e33620e31bad0c39_0

MD5 fee92d5c548fc3d5f8bd16d908e798e6
SHA1 56cc11602e66acba2ae8d97dc78d55bcd34fce93
SHA256 ba855a80cb34077f173326dd703dbfcf912aef64a73036dc822439b08510935b
SHA512 392173a6d5bc62b5733c69c34814bf11ff45811f38dd91aee45d6ad662b61dbc82a4f4fc0856be865510cfa1095ba6460ff6eebad336575fa879604f2014c303

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5dd0ad6188a1b357_0

MD5 98d8e2c7675e36678ebc5c11173593c0
SHA1 32477b8478e57824e530f04a375280978b642931
SHA256 67731934f9292ec0565063930283d1922105e7fcb9505681e1bc842060303106
SHA512 2b690e16a8042301d89bab98e44b153051008fb906c271ad68694b01fdc0a22064e0881e651c1ced72d4512d9ef4c831a3a4b24f66fc79c6f7ee2b1f1ea6d689

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

MD5 7e7e4171f820e0ea2d9c29a7d95130e4
SHA1 c22b5800434b3283010fc4927054a6088eb5c1f5
SHA256 df3a48d0a93b1d3db9db8c38b47e22c74f65349977ffd969d2795ae4479aa4c2
SHA512 533c09c1d9d9b18463744f517928301a40f0be42b508513bb347b4bea9e0faa09d0ddb1fbd2f769bff7ac4e6009dc0ac1b7c6adbeb50cdfe0b85ea0e093ee737

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 97ecfd8e044bb158330bf8a7b38cd1ad
SHA1 d4ee7d0f0f5aead5d7b0e04dc5b5bef7792e0a01
SHA256 dda2a5f2d0f460f5e5be5c5c83735364a031fb8a3a6f8d3f7432e75a2be738f3
SHA512 dc6585cba92e4d49decda6c4ffc5cee217fbbfe57ead0e4d7aa9a151b61172ad91829c3c9079b4287fb027faad4fec5fdc5500d97ef1278c13c9322c4c0ef652

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a8610cc50f4c9c9f_0

MD5 2079894b94dd26a2da78f45f6c713423
SHA1 9ee7577547ddfbf7ebbfd5ab0e235e25597f29c2
SHA256 0e28b98e1743425f0ebf4ed470f708b3e67665b99ec51143bcf118581250820f
SHA512 0ff415005851a8a0db2a35d9b5a0452cd935d94524fb1c9a5933a1ea797ff03c9c56e16bcb0b53c6010d3e0bd238121c446ebf66f7ab49d66112088a23803fc6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\dee4f29a7f0f5480_0

MD5 9d2b1ccd577f3126b0dbb060bae27bdb
SHA1 bbf90c40c4a77bf19702874f67f9521970ab6925
SHA256 77b378d210a93c3619482acc68e6cc87925e77084a2dd9f6b18af7a5d3a9e0ee
SHA512 2e471cc7fad65f4b3bb59841758b68b284066ee5581d640e2a095fecc49d49ec07d02712f0a80a896433cf3c7bdceb545566a59a16ff6c906e10a5ba9369e63c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\22d2ad6b7753b1d8_0

MD5 1925bd0ab57103770d8c867b040dfc44
SHA1 666d762190601f367a5af6a99f1848b7c32de25a
SHA256 1c8e8f503735851f36bfc289af727074367c86225612116f7c224f1964b40a37
SHA512 77eeb72dad5501f1c7953715ebb5cacb60edf3151fbb1883d4c4895b230fbd0c41dd060ca67295a03d3262bb895c1acaf2ffd2ab74fb16de809422444572c3c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\01d24d6051e13bc0_0

MD5 23e7fc2d8b9c443beacc1e8bd25f792d
SHA1 41346f761ab5a3cadd387c47b6847e6cd5e5edd9
SHA256 1141df2620d060ab591906d918f3befb4681e590e5092078bc0c3c0c1857a95d
SHA512 15a3d42678cbf31283f88f79971f0bce831872fb295fa7fe6c981a07da97bc63f68f90867e4b67063c59ece491d3dfab9a68f7b64e7db2c7d7d89ea3e9f6cd2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\32499183bcac3c97_0

MD5 efe915521adac3b8b9d92696d98502e6
SHA1 5fb9b264470da72c01bb1e4daf60f55e9228a16f
SHA256 9e25dfb1571dff9396fcc32c5e650185725e70d35c0dabfea8dc39887fd6aa33
SHA512 329732551695ea34613babf136bc4420e8df1098562bdca83c2a7e1d20d49ff44753a94569d96d04ecc8c0940767bd5ba0e04588627384b989c3915d36f96d2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2527dccb7f9aff6b_0

MD5 161b8d956b212ad1c2988312431c01b5
SHA1 5600da08fa2060377fcf139fe4d98ed84130ce49
SHA256 d50003b15c5ad19702137ec405816d72f10e44639c4b2a41c8b7a8aa1b986ddf
SHA512 1212134dda9ff34f63eb244ca3c96458221e25feb00e37b414d2075403eaea4975a1ca915ab6f5a1cc410da710fce064c6efd15aa4bd7597d08971d507fad2c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\503f535d81b10699_0

MD5 576f10e303a0d658dda39a5db56a6892
SHA1 35eb82725316e32e0a9300a221ea6b74dd74a40d
SHA256 53815672399c0c9582028f5c3a26c73f79ec50b95a17b779ecfb57b957842d89
SHA512 cdd3fecadf741b1b0a037754a24714e8b8ace9673a19d46e72af629bf52949d1652fce249caaf6683d5feae06cdbdca4085b3f6089dd04714116170e7d7b514c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\76adbae515c55b05_0

MD5 c756ffa4a42553027c01ca5a7530d585
SHA1 6facf4b6261036c908532809f26d64adc0ed6705
SHA256 b69b49afd26eaa13b2833261ca60e126bf750d08e9f61c44b778f8c5431844a2
SHA512 5e3ad17090c3ce17961de47bdb1c94200b0853f3a0b281b690e9796e0d4b46cd4c4c367e316c51dc1938be7370ed9e9d5da6fabaeea51e29e3eb18bd5f435e1d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

MD5 45da6501edaa13d4bb25102624b5eece
SHA1 55241d0bb5d0be72d1763eda268aa2ba5c6caa6e
SHA256 de564f4ba508f3bfe7b13e3852cd13aa3e79fdcf2ce84fa37e3465a2044567aa
SHA512 9941bb59906e183605fed91f7d9bbf1cdc78fa49af00c45ada95dcd27e5e27e86944ee0d19edf90199c146fffa7d8af4ea2e24ea97b17edee6fe8cac3e08a8b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c90e31f4a0020293bec9931191332f6d
SHA1 54aefa605c1cbe915f4cedc7af72e3f436d1c331
SHA256 525c153035eb8313e4f77ce831086901827d3cb5e415cedf3496c1c518655126
SHA512 8d25d740e095a36ee8e856c21e76241457fd96c5de74f4341eca96c6a9f6a410cbc8f33a912a91c0af5b78a92603eb6722798d0fab55c493e89658afe3732e9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe5d883e.TMP

MD5 08ce498a92bda9b80e07698cf38d19d3
SHA1 7e00d40f53a383b915028e2cc347541b5878dc19
SHA256 966cd0f71f86cadb8fe03ca004714ec6f5c171eec231f6aed44bddb6ba9ff9e3
SHA512 c06f49d0639417be9714728bec2fcdd1a5b9d8842c1d4a93748d8ef6574ccb9c3e5dafe0de1d863ce357f6b823a3baba509dcb78235ae9cdb22208d8bc24a263

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1f233fabdca56523ac4d05bc08659372
SHA1 4ab89942c47e10cbaffdd56d3be62895227e215f
SHA256 b46cca05d0bd907cd4281004402320b8437fba7baf496e944d5f0e0bfebeb109
SHA512 1750908cbf288f16e653fee23d54fd3ed06c6ecaea275a064ddfa057c4f499f002644689ca19b29d8b907d73734167a7d5cfed0bb9fb438f1e6bf1f314cbf838

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0ffb14f98499ce70b695c920ef602da5
SHA1 3e54b0924faa76fdae8b784988f2f934c67abe87
SHA256 f0627892d26249d5d0da0f0bad2ac80ba199245c40cae568ea69f399c9f437a2
SHA512 faa1bb410d3ed311c55fae6463886e285877a53880cd83d52a83845efc2867b7ac0692670934604674460081af52eb842269a70a0e14ae7a7236cdbd55d1116e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log

MD5 4dcfc599197d0c64f0a9c39c3c0b68a8
SHA1 d73b91f088c87b1972c1128d988dc90f57a7fd00
SHA256 edd5ec1aa753451f3db725f752ec25952da387d8dd725274fb578ee643170e35
SHA512 5468620b0b116032dd763c5cbc471cbfe4e2107a9a68d7d5a2237973b8f4267ff0f0ce36327de11469b51098bf29ecb531f134e3c15b552ff87986f73d77d06c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000069

MD5 1721006aa7e52dafddd68998f1ca9ac0
SHA1 884e3081a1227cd1ed4ec63fb0a98bec572165ba
SHA256 c16e012546b3d1ef206a1ecbbb7bf8b5dfd0c13cfeb3bdc8af8c11eaa9da8b84
SHA512 ff7bfd489dc8c5001eea8f823e5ec7abf134e8ad52ee9544a8f4c20800cb67a724ec157ca8f4c434a94262a8e07c3452b6ad994510b2b9118c78e2f53d75a493

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005f

MD5 f374863131a41392a1c76207471231d8
SHA1 6c1288a3d90544a95342ed5e1b66751316df105f
SHA256 2b2bb0b943c3418a976f33cbeab024b41654a05891bc6570302d9f2b48a4cc3d
SHA512 0708f95a782aa318fa73598fb1f001979a794e31f75136c68ff660e051d11769eab823425c208003eabf33f973d576fd1e08a12a383e5a717b5444b5f9770643

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000060

MD5 27e0b0d117c9b50b2dd782e77926c41a
SHA1 f6b69d3570bca5026ce8fd3670224d4f10a5d833
SHA256 f7fa3985fcc91607f1afd125a17333779a8c3e2fbae3a243b1238bba4c63548d
SHA512 632371a460db88e640f90e543bc83b3163ca3d23c474b5ebd6ede20949869886727129538d213a33549d70cafec5ff64256c743f7f87bb140ccc19da03eec002

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c19160794a0669bf54c7b4a800d67e01
SHA1 8423a052ddd185f4a6f6a3d6e8538e2d55d2a3bc
SHA256 61b8e8488afde5c4a102f45166baccddcb98668914534467ea9cbd705b1cddc7
SHA512 dc61e03291406e4d2eff283a9cd9e586b48384a372971cb306ccb2f25409e1b762ff879b5af879a84b53f83bf1b4663634e24c64bdc4f914d4c6bfcca54146c2

C:\Users\Admin\Downloads\taskbarx-1-7-8-0.zip.crdownload

MD5 7c3c13abd5815c2b35c591cd860e87d6
SHA1 b92119efd76071c3f58702a7f7c35a4671e17d30
SHA256 14d4fe288a26cbd6ec02560d7cf5e9eb72dd5790f5e4f9fa4a1a712b98ff8eb9
SHA512 11bd24c0a6a4908d5f9bc94972e68097febc9cf2b3756ef383f39d6bb6f48170db87761da9863d08ff5c489e3f0a767c87d0b7da4e1ee4aed160b37c11fa32ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5da56b26ed70f37ed6bb4231f0a3e034
SHA1 dc584bbabf82127d56d539ba058bb4a66450bdb8
SHA256 f525d49f3a7fea28c4c065645684b6b32b8b9d30d4626f1d14022bae0447762b
SHA512 7fd8abba87c78dc125520b3c34a06f17a2d9f9f4f2f2595227e554804e8cc83c21a6f3b8742407d0c4492f7b9eb15833f1348ecf37a6f55dc620ee2abe4a623b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 68fe65df8fc1e5a2663dc0af8bbe8b8c
SHA1 3dd4f36a671e2bb2c4a15b8b1e46db9e075428f7
SHA256 947e42cc9f8143b5b9163160e9890c6ad07d66b8c3c10bbda0a25794bceaa32a
SHA512 f2abc7301872c9873ed3f0df041b793eb443743b92325e0a2ea53d941df9c1900fad0c7fdee94fc39fee38e5dafac1139452bf98618be9bbc80beecc75e9f30b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9b90dcad9b5308ed3dee73082cbeec92
SHA1 285922a00858ef1a71d1f7306df8821ae61603bc
SHA256 f258f622083264bb246e45838621e3bd5cbe272c7ffc0959ae8c7a1190e57c7e
SHA512 43b5e331b6b658b69f7e2842e22a4b6cb16f7f1a5797c0833c27b5104aa336ee919bf5161869734e373802b2faa7891dc83e98a65e84f8e23390795bfb7ac2a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005b

MD5 985027f14e9ea732be658675ac6a44de
SHA1 c27bdfc65d0187421ac5ea6f15d19edc1a9e5e35
SHA256 025afc51cdbcf56b635327a4fe31143321af2952ab92397d7e47b889a51626d0
SHA512 7acb6580424a75d2d97e9a17d6e89b59b395ab2e278135af74a1aad82c95339ee4309ab49c4b543f328db60f743f2346923e1dd17e07b3bb7fad75941cc87267

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000058

MD5 af1ca7b233f15329ac6acc4488ddc463
SHA1 0980d500c2078781f58d744e7d19900ca611cf88
SHA256 c013247fd4a8ec40b9531099889a8e92d04144272dc3b708a117a72d076552f3
SHA512 d9e3fbafce2e7f06a335168922463c8a4b78255d71ad30e25dd392c70c9e19e7035ece6d577a6f5fd8fc1cfe1280aaf9dc80567597ce1f908014dee3b9f3b696

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005d

MD5 436e546689466e140480eaacc67e8729
SHA1 e1b685d0bf154fe3307f3fa408d7610fb8a4165a
SHA256 b4dd632f6bf88a74aa163ce65ff772998298c05fc78998868585f4fe4ed52fd2
SHA512 cc5fb3d0a59d50961c21314287bc827b3627344156d0f4c0e7b3bb8a3a89b75878f5cdd5462690bdd98a07f75cf1f4ab4d3af993151ed383b467f2f0207648ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000061

MD5 6fd81f8bb9440ab90beca0f45226e377
SHA1 15e6fcb8fd74434bfedbedab4f2150c6748e8958
SHA256 a881c8008909452ede10d3a95223aee2b175aab0ce2f846974cb71b9db07bff1
SHA512 b856b166e811d0a53c0b4bb2e0c4e2189bd4f1bd98917bc259209d0b0a9d7e040b7a9307cdabfd97a6ba39275e0dc7cb3ffb130a6fba4ca7a349e8aa5e625066

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000062

MD5 f61c0666bca991a070497e82f5a52605
SHA1 313e4ccbed3777e990f523b3329baea86a58e5cd
SHA256 88da884d0652d9d0b8e3dc528a351f0d3a60b509d7f89c22fcf701d04130c992
SHA512 bfffa48c93903703e2ff48ad5190f5d8ff676002892898f9c502bf2af7c5782b80bfe64951bd9f9a60f29f55c18af13e30630b2a45834ebdccf4053177448811

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063

MD5 fded53e31181c61a11c6044d680573d4
SHA1 24790dcf20e01f35d61e4a896d87eb94a30e749b
SHA256 77c0f33b39255a55470f544c3241a721f5e922fd59ddb0a46f998cd7b8b33b17
SHA512 1b80aecbdf2fba66463aae46da0251f9acfd6ba02b239993893ea3227364cc111bdf4a2655fa4e0969f034c22b1459ee32687fa403cb22e9776206b75eadbb77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 87c2b09a983584b04a63f3ff44064d64
SHA1 8796d5ef1ad1196309ef582cecef3ab95db27043
SHA256 d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512 df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\53150769611d904d_0

MD5 b21c646a9b8761c354330e1d6d749de7
SHA1 92c892e37453d03194dfddcadebcc2292d866a84
SHA256 112eb9376c8bb1f62ff91558c564fa5d2f1b273564f1cbea1672f8a654d96771
SHA512 2c784b1bd4fcfa0c7099f62a9b3962931684aef8738bf57fb3d1ab4f249bc99e6956b5d3b93fb2cdd7621824f38889b29891b125a696f2543b624277cb345ded

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b162b8cf32ee12a6_0

MD5 0ecf66b6884fdc2b3f0d6dfc02c2ea61
SHA1 f31eada794a5ac9354d19cdcd0b1e2dc2a42c5c3
SHA256 acfef677ee7c16c6b4173af339e3f077a7242fc9d4783ed0b807492511880996
SHA512 81a6e948de2622a33321b0f50607221426547ff5f9bd99a949029b7ac6aaefeca7ddd4130c5ebdb4ead1cf0fe6f171b77cdb1df65e09600c31dd23e9253915e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

MD5 976e5440680284acc322916ac782b5ae
SHA1 772b159da857ee24bc9b8648a3158825c105ea5b
SHA256 9c9be44ee63b121f523f77f5a7fb893e23b88345909ffec59be14c8663db255f
SHA512 f3bd912a9f4441875efd2db0143cbe403f29044700efbf2ff26578bf1d8f4a076a50ea2e3adca1e80aeac65f562e30122f643cef90d659f510ce38598825457f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e546afe95cdecb5f2696910d4d71d939
SHA1 ba568ee399efba0ae95661fdac53da9e5fee0ee3
SHA256 d5f66faf26733f3cddc3e0ad71e3b65c4a48dace4ae2e4d6deb2ea52c7e119de
SHA512 ab375714c3a10a3ac4638f714cb213589edb205ac4fd381f39157b6da8cdf006cd5bc7ecddd81353ef7e36be51fa0af2fff1bc0b04df9b7115ec4085fb98d452

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\335e69ddec2b9ac6_0

MD5 983608df294be2244d9d9739407063c0
SHA1 e7449a43cee5113f0215404c47d5a74f7b670836
SHA256 e28575b05c923e777fc9f73ba512cc0b7c4999ef4e699b6fb0692301765fb2d4
SHA512 4d7f16b679076807b6979b550f15a0bf333d7b2ac43bd0ebe914cf1f8ba6b55618f7541357388993bbfb5e9c9defd3694efffa70e6b5cc2d76fa8b566797185d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b5a4cbeda3f42093_0

MD5 69d3fa29e1f4efc5398dc15ddc61123a
SHA1 b494a556efbd0fac6bbe18c996455d3f35ae17ce
SHA256 20959c7dd2a9c982fd886c4e298002766851911624e85776e30183b7599588ae
SHA512 69c0c64697fdd4c867fe3d2f38394896ef464c98937ca362c104537522d7021b72f4d810de7fd4d36a78f0fa87accf0ab9f33ef47dc21854e4a2ea76d1bae7b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\db615b08f3d697a3_0

MD5 5795cc09fd75723624a1e49d32b67118
SHA1 b8d3c122645a75a444d2f75c7b4887f4733e0499
SHA256 a1052cb24ec4d973ef1d1397f946b9d246f7f93a9c440f723db40beab4c53c50
SHA512 1a7bb4061e3a57391bb24d621a06d25d0547ca17bd340f9485add0c0e38e5bc8a95f08752754c7137985e98dba9daabf13fba849d493bcf4c47a7f8129c4fa93

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 909b45ef48e326548b2ff481df298833
SHA1 550bcf40abc7b06c30a261528ec2eb3df77b0a01
SHA256 094799c2b96a355166bf1ea9de4444cf0c05118ff1774e1023da7d105241b028
SHA512 018e6168ed2469ad3208db7a044b5ee02b4fe677e326ee7c336573c1489ea9bd5a5fc147a7537c7d1a1ce7f6318ffc0693fc13a50fb35e96034421a395f06179

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 91599db50857e523d986a8cd13bb9fb9
SHA1 f256274bc7a84b4d11b44f8886986b037428cc4a
SHA256 e1d0d3d29f5cc60b23ebcdf72d850d55e3ecaee3c71be39ae177cbd4fe0e19ec
SHA512 718b9dc8eae793fe98ee2d56e5349dc8475d97a2192091bf3cc4beb14b8f70ae8546fd5e06ef665ff75f4c50b9c838cca02eeabd25a84eaf5474032cbba41766

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 eebfb51e0c8edafbf8832a46e9ef2c89
SHA1 9074a0b7b87786b7976253c2a20b654ffe8f1255
SHA256 d1f2582f02ac4891a1b58977e55f27ef8d478ad1413f233b127a56852cf35a43
SHA512 50f7a2c006e39f1bd6d4865c8ab99ab42180a5eea9e5db0e8673c7249b2f25f7e58b35d7dbbc9fee8ce54e686cc763ab280a345937a5d2481a3272c300e0e9ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0fc489fdb8cf8aba27093a53d548bf49
SHA1 6a7f1dea440ceeadac86184455fedca7fe89a9e3
SHA256 591eaa2d018bd295bfcd48253053f6616f75c4fdaca074242ab561c763d64023
SHA512 91190ea55cb5c3d0a0ba4bf82f74c4cedb4cf336b0554bef36797127bfa0f131aafacc3402753db3328a74b75b14cf5bac6f712d10a6a34118c6013399b04de9

memory/2196-1959-0x0000000000CC0000-0x0000000000D16000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6e38a1e376f14cfad13d8e26c4f3a4e1
SHA1 0cb3b920ec660e9661953ae0d1c5413323867fa9
SHA256 24f7950fc79d9ef85f0572fd8a38e267ea649841f3118663909c7b63152dade4
SHA512 c22bc0f4600543ba034fd5ced4d25111597afee905aee7ed31d3cbb6a86f4bbfa319fae70bbce8c1fc2d75596de0d873d976a6f08416cc87101849bfddef02fb

memory/924-1979-0x0000000000B30000-0x0000000000B60000-memory.dmp

memory/924-1980-0x00000000054D0000-0x000000000556C000-memory.dmp

memory/924-1981-0x0000000005BB0000-0x0000000006156000-memory.dmp

memory/924-1982-0x00000000056A0000-0x0000000005732000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3524b53317802981c35db7265f424ea8
SHA1 dd85727d7aca7c797210a2f2db545e30139aa28b
SHA256 348af148ae96cec6c9aaeae0d6eb803ec00e57f1c0b0a4677f322d8dbbee9cb2
SHA512 057d40ee4fcb8e223c7a4c589ff17adf3919545075939cb2f32e6dc9ff57a2045353a5d10d1b83674a61cb84699490c09b4bdceb990f7bdbff669e74a653d25e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8cef4f1dd13e92945f33c6a6722313c4
SHA1 0507c320e10f9079170faf61fd53b75ff26f3cd3
SHA256 6abb7e08b2c27ae663241b5814182268ecace0914a85794c8eef405e3877c15e
SHA512 8341ca615010d0b089a3eee4487dcbf9974ba4f825e1832b795f904c7caff7b0fea0dd853233b994be8ce04e39fe49542540006b9834d4d6f3177095a75cb3b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 67cdc157164dd3dedba7a992fc8d8089
SHA1 709489e8ed453b175c762c17ade4492bd316f58b
SHA256 ef280c27d91d86e75ae9b2281abfc0a9b859c1e86b599aceba584af590224503
SHA512 12f8eb20cad29aef83854be1d98310c56f975ff91f139a5b7e45ba8f6f8eb89374e72466018f30ee37dcb90388765bb6e6389c498259249482a021e0db71a9eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 1ab916a19fa067b57f8bd33f2cb11383
SHA1 577bd9b11925cc86e00d322110aebb46a0218d82
SHA256 5be146b396206d1c15b3f185da16f63c80d4ad574feef4462dfa050d1e4e4597
SHA512 c2bec19fccf07e77ed74e0d39079b2384ca33692955ff0d21b35933851ec4f29d46ad5dec9c6462156faa3a8efddc6e5e5535bf281e5c92018481ee26a376c3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 60bbc192dd26ee52247b0156ee1df427
SHA1 ac903b225dfb28bb8e1648653fb5712bc205916b
SHA256 1644b5e335173640acc6e79f9212c9b84c0498308db5168a0e9a6011f02c609b
SHA512 767dd86ede9b08cbd3a048cc93f8e0a64ee0e8924ee6272a89a3da608228e722e7872d44a066c3e2a13b8a27df9b40e46a7b28498e7936fecd8c97d13c5c36b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8411bc0a96775b1281b48e44a51b3881
SHA1 0238dd3da8ed6db1971cf16d5f97fcac5295d998
SHA256 801aba5fe9f2f719e6d5a641ace44b324bbdba16a4eb69315865d6cfb817becc
SHA512 9addda37337a20a525127e9c3bfb07381567f6c86af4950376bf59669e4a988f22106e258caf159dc38272b59c21dbfd901ca5af820f761c8d23761b37935fa9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7e2f607a6577a5a53bf0994cc73b16d0
SHA1 16900fabd83d0295f9183743d70b474b50852207
SHA256 2baeff77ca8a8e7369441a95e6dea7928853e0b896094d0f147d91324382a497
SHA512 f44f0674fdfce011b5f3840c3ffe558f1467065df871499324002549e751dfdbb8f4756f7d94766e07ca2bf44f5ea8781a7f45e17d9452904996c96efadd7bb6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 12936bf18525eb0de7e3ae037ebecd07
SHA1 6f3488e1bfc8f84b34d0c46acde3877a30808d9d
SHA256 c88ec52ccdbeff5233b3b71ba30426f5536a2c1377fa9bc2250b3e85dae2b052
SHA512 c9759072c8cfc3a7a78cddef87b71be324ccf806575474433d6c68c6b9e8ded6c63f591875f342eaac167ea6d371aa4752384b68f9baee5070d7e14ef433db0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000075

MD5 151fb811968eaf8efb840908b89dc9d4
SHA1 7ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA512 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 122ba77092beb7bed761fb3b8874dc24
SHA1 189b8ced37d696e2788efb63f6553654c00ea533
SHA256 a1a3c51306c6c50c5884f5613f215711e966b2b4c731995f7d583da0d634184b
SHA512 2f63c60ab09f8214e08c293e9790c8319c6356cf7c9d52cc9f00d4db93adf69371b4a64b25e803f1749b67dfdc33777a52b8a7ad7adc8f9706d920db4a13a084

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1984ff0af3498abe8ffa1fe90a184836
SHA1 8b0a0a8a55ad1e28123a693bd2b35c2d5d309610
SHA256 5ec5a2cf32607084e0ac004e3fc8ef4952ce6184a872a80a45c4b946eb3eaab3
SHA512 79e0c6d7f8c433540de002198dcc8b8a6c58780be946ead36c1af171f3f94dd995adaf7cf530fc35ea0082171d927be102adbf0351e3da32e8055fde5ebddeb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 29db35d711cef35eac9f2b9967e799d6
SHA1 e19381ed7b411b734f9eb86e7e855639da4b113b
SHA256 b7a38e245145142c7f6a5ece13a234e21d1b20bc69d388018317f313c9311076
SHA512 17041d5b9eea95ffc61fe1ed98b40261b4781544a050b0137c3dc637a2223d55e26dd986b5b90e17b1d208ade39b0af6e03295b2107e4cfe041b1df710b09a19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 146319adbcb15523e02f0692049e935a
SHA1 b013a935066808d2a576fe4596495ca061796d87
SHA256 a4c05e9e0acfc71a032bd8242f41cdff4a0c759dc0e60adfdf312ed03c5785cf
SHA512 0cc709c5eea8d48f1f96051f79e2e8c86f68e8357ffb59da824bc4588554f19b64c311d8c43cd3132f7a0a5180132c3657990b94c19af86113587cbadb3f192b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000095

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009c

MD5 01ad880ee50b786f74a5e4fae9ba3d71
SHA1 111387dbe885b7f3af44cdbbeea17eeb04bbf803
SHA256 9368f2d586a1d2727921605892048bf5201ef8caa044f2e939ef431aa881d83e
SHA512 d8dc47e5d55e6598988281539205936c56b716eb02b4e643fc917a68ba4407ece36a9d4115d5d0e32ac630d44eadb94ad2607330de082629fea82a9bd35fb83c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009d

MD5 13d4f13cd34f37afc507ac239d82ddbd
SHA1 6d500935a441d438ed052e90de0443bccc8c6d17
SHA256 76464e77d22532976bbe5d1829e97854d5c37ed5a46ff300ad9680876ec81d01
SHA512 152e6449d09a7b544cf6f986c9695ae07c330f4b13068cca028ab56ffdad6ff2467f371ea4385ad71da023f3beb83fe0ba1d6d413f1ddde14372efe82ae36b6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a1

MD5 1aca735014a6bb648f468ee476680d5b
SHA1 6d28e3ae6e42784769199948211e3aa0806fa62c
SHA256 e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a
SHA512 808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3febe9817c1ef7c999e080a1a97e40a3
SHA1 4151160ac6bf4a325a73f71fdbc8f622ee47ee41
SHA256 793fefe032f76da180f3985418b14a1c5d4d8d026d423953c588a66534961322
SHA512 d1bde1d3d47062cad2c517b0fe8c38d3f3147f2d0805ba028e8900bbcf7683207cbffc6e0fa83541640e8d350d5d62828323ac595704083a871c260d610bc69c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3cfa65255df2e9da084f80d4d5f0b480
SHA1 4966af0a8ca56ce7c580d5d2b8de687693716004
SHA256 20a4b8e57cc9c6c0e7e04ab2c6d742a6668daae524032bfac6071739f1542244
SHA512 a341be09fd5d0d6cc3cb48848383a971b2e7af177e5cfe3626d1c9b4ee691eaf538d0442d9445d0bba51529cf2686954244e8725061f03fe40877c2fef8de4bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000083

MD5 d946f54009595c95c5b315e0a8684c02
SHA1 5391e98fb1920ea289d022b71d81fd3bb29a9357
SHA256 203079809d4cbf08e55cabc2a173941b634eecd127c463d79e83f9b5bf1a6c46
SHA512 81ef3eda4fe0dfc10128c42b28a8ada2c209af3295a6b8e6db9a201576f6ac57ebf237dc7f97ffb1c58554a87a24af61884c2cfd86a6746a520ba53166ac0c0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000085

MD5 8f75bd9d593e560c72e4c0971b8df474
SHA1 8a567ab05fe9fbbb7506a691d0372b7baeb2f024
SHA256 fe01b3ef6abed3d27eba14f1f49716f6128d20ab02b22b1a3c9d8115c6e88271
SHA512 13d416e5099c7048bc51b970117e685e19af1f594af64db2d075429bfeb3e1b67c2bb39dab1c42ba1d351001027dcfefcd98c246e12ec3a39fc13f014410b5b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000082

MD5 e7789186ec22ea8caf2d9978b893baea
SHA1 ed0f94668dd8e43e8bc4f3c2e50654ec3029255b
SHA256 4ff5155985f6257327889a66f2974aba80fa396dd9d6245bf5cc92fe48343eaa
SHA512 d1c798badfa37be51ad621d7b2b34bffc041dbbeb38631f00765310689fca14e1a37831b209ac7332d537d4ce8893ec02ea2990de255400d843f4402564ef93d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000087

MD5 79060340cdeda872180de1a16253a1b4
SHA1 5675dc3ec886ed4c61945a5c5adaf844b75f37d8
SHA256 f44ca8e7cc4d8441b3e15dc41dc61b575284764ad76b61db0b1c2c231909410c
SHA512 dc9543111461b34dd8ae8dde0bf930555ffa5352775ec8f357318e909a14f3a3969be346439486760e52f9a13a14ef1c8a5a91e5bcd836443e85c2cbcb3a7d06

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000088

MD5 7651b1187bb58ac4c7be625337b35e5b
SHA1 307d969ef4137a66fe2793737dc1c546587c7f43
SHA256 0632850d01a46bc2f8c223155a4bf6c398b33596bb711e098440623f118c3968
SHA512 a81d2f768af155bdc642941404e7ddf95a2cea33c9374acb5fe32f6f5266e337fbef32f904551f61fcc9f9ab5a1c6a5ad130ab85b38bc2258e2f82c0ca1e9c7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000081

MD5 67e30bbc30fa4e58ef6c33781b4e835c
SHA1 18125beb2b3f1a747f39ed999ff0edd5a52980ee
SHA256 1572e2beb45d2de9d63a7e7fe03c307d175b2b232bad2e763623dceb747729ba
SHA512 271d4a65d25b0a5d2ff2fe8f3925fc165d9b4345893abfd919061d78ffc5ffe8890ded35e41274ad8b860f06264b027cfea6030ec9411a4e03bc6d7cb4d4d228

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5f737774de5413134da983331d39a2a8
SHA1 fba9c678820122e1e98cfc4a36e752ddc3996f67
SHA256 7743b8bce7f2e79be470fe18064ed6cca4fea8b2b69dc3abd2e4db65b6c0ffb8
SHA512 2c0d245967e998f6a9556353302c7b0401cfd31394c563332d60c6de31894a13ecf86114b8067ef7edcf1a180c8bdfb0d8a7af655bf63218cc2a265491d5ece6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0f41d468bdf52d3a_0

MD5 7aa58625d83f7df7661d18a2636f02c1
SHA1 c854b425f7d263effa85ad371980d94dff80568a
SHA256 37cb7bab8d5ce4832f0723eb6b94dee83cc180b5dc28148240f65e1cdb4a50ec
SHA512 702eca17079bdfe137f4b7ab4aad040a69af4c0b410484ca311dfbdbd2067f0b5372c0909a14299c32b3df800aca755576a25d940ca9c776b6245ca8d926d2f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6ed947f4fa500519_0

MD5 1a5a887527bba8a38426fd755cbb8124
SHA1 31a72f3fe69b5cdaed2877948aeb2a39cecb2d15
SHA256 d92c3b58c771b6c3d6dec35d2bc7613760a1352f64a8b6adc24970ca2d0935f6
SHA512 71914c7f23723da1fd3b46fe4361fb736a3d7083b8c10fcbac8905397843528fb52ada5ef7a3d1d3552f67e68af7505be31082a9f3f1c1aaef18316adff8264f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4509f48999738e5b8cfe628a7cb6b103
SHA1 bc018c75615ce55331394861c4156cca06ab03d3
SHA256 0b277d0e9143d79c3c26533f65a6eecdbbefc7b18033dbffee25d15dca03865d
SHA512 434f227769a55f74cbba392df44137781d6ec4051d6ac379f869dac9f4a19d0af878c49e6e4f25cf06179c5c701edc9989fb6d3026541f6ebe62f59c0a922b6e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 83df2bf6ff6a377fddd1db579a37b8e9
SHA1 a84a4c24c42c4e9eb60e1e5ec3424d42be54a778
SHA256 722573cd88160c9c79f38d55c069bffd4ce108a5af12572545ce80998d66a29d
SHA512 f7a53a1289e5816e3005645d048ed22b161808b695b5ca9b85b07e696590170e1b7a3e22e8ef3db48e0d578c102373dd6a2fbb9e4be40a6d0fd2c2ed4cfd56eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 46add6a3aafd698665db62ff44047152
SHA1 5f151b7f6bc943464a4450fb7a4fa99d79f91614
SHA256 1d56a940e85c8d9450ee2ae71fab6641816e72669994a2d95daeec409816e575
SHA512 30085ed5477a74cf38dbd5f781a355955be699ef70d959e40ff25d748206a58fe7fd1caf91da22e6a40e5a17b6b09b87d08fb0c0bc5c9420e2480f6acbaa51fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000086

MD5 1602649ee309259c61cd2efaffba9eda
SHA1 2d0f1adf56a00e8e075b447b240276b695593387
SHA256 8837328ac6f80906c239c9484705c52feebd1922620e9705c97d6d5938891d16
SHA512 0eeead4bc6d3e32fe77ec7373fd0260b757702d176ec6e0c2fa8ab5915d5b0b55554c27b63ce2d38988b45368ec10490dc073ab1a3ac2d8e7ab930aaf787dcf4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000084

MD5 bd17d16b6e95e4eb8911300c70d546f7
SHA1 847036a00e4e390b67f5c22bf7b531179be344d7
SHA256 9f9613a0569536593e3e2f944d220ce9c0f3b5cab393b2785a12d2354227c352
SHA512 f9647d2d7452ce30cf100aeb753e32203a18a1aaef7b45a4bc558397b2a38f63bfcfe174e26300317b7df176155ae4ebaee6bdf0d4289061860eff68236fe1bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000089

MD5 19c73397068ded824edd2c5b13d0a9da
SHA1 7f0f149b66309aaba41974d524ca69390a34e4f2
SHA256 8c93e33fb098c30a82d774c6a9db9aa92ea0e34586e907ed7d9d2935582c6100
SHA512 8795cd26570fe65181d49676dd9cc9a8012bc22c3e505ac8ed8c1bea68ac7db7f77d6bade360a403a8d79cc4126ac18c2c10e3b83a163e3b42f2e3f60c32426e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a7

MD5 9e45787aa32b1db762daa96109aa7a07
SHA1 f3e6a79da0a7a26c5dad676cbb414985b96fea5e
SHA256 80fa86cda71f340316bded9508098f557f9cd3af63332ce1ecca5f25d72ad7ce
SHA512 7948be2df5f99abbf3433ae08cc5f34b1f66b7f4a21683bc74c5dd34d12a57796645ef4785efd959de3435821f89a57d1ce1c06874c8ce59d9bd6ab8cca17fb3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008b

MD5 ba6ed02c14fcdf4c785c19ca5656cafb
SHA1 1af06609aea95defa1bc912ef896123cc5db2d64
SHA256 f3a26b6096d0d413fab6ff3f7b071001137f2e116f8eb8b65b8d8958942a73b2
SHA512 860fd966ff6b33588773661ee101ff2bfc626a1ff6dfcf8316293bdd57379899da604a6a36f208d753d2193af64207d3c3c4c597473baeb17a71edb022af74ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008d

MD5 c5d7df42286f8ebd2beb3a8c34dcec2f
SHA1 28c34513b719f0816352feed56996bd7b02369ce
SHA256 42935bffa0b382fb455548637d440256de61c4dac0d14d360d7db558b6fc3228
SHA512 02288e5754bd27abfce0f8608249ed4a86ecbc2bd1c395a3c92f1566d4626c31ee1a75ff14f5107ab8f3bfd8d7eecc57961935d4c038e6acd31ec60576bf5bd8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008e

MD5 d2d4840d9856e8215fd07991014f29de
SHA1 32df6d8551bee39628f5149bc6a539e288bf0519
SHA256 6988c6e4f979316977f4f30913d64ec5a3c85f2c5651d30bf898e90a63f4d26f
SHA512 22e279155339cde59879dff5bf2b13a3d2d35ae9d02a2bcf9b383af64e7f82603b233a7621660cded121db7c51f38928eee6badb5f389013ed790c5afdcba156

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008c

MD5 b128c399220cce7e4c2cde1287e801c1
SHA1 141728a2df7f9e84696e24cdfbc2d841a9aa8520
SHA256 309c08bb2f5ca60ec8daf82124b144866b7e2160a38425b777902a0cee6c6eba
SHA512 9dd3a8f4800e57fadd7d3182f5f4207fe01cea5ea1b9e0243d4ba873df477cf87c2ef3acdb8fe050a886e01c632f3bf784692e930da461176eef8c985a7909c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008f

MD5 b7a2ad9645afa7b6047557956d9540e2
SHA1 afe9d2f2c53149890784506e97057536dc39bd8f
SHA256 127539d026f851bef3cb66520c714050802898d52a93504114b74da81e197454
SHA512 612416421dffab66c38e80bb3b26884384e5029f906f1d7ef8b3f9a38948b52dc3c0e31dcd9a704f76416c8b8119addc1783d0bb229b229dcf539f0361c05a52

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000096

MD5 e3fea4bc0cdf895ca98400dd27318c6d
SHA1 f61a8b0f2a89c225bce57a6e4e7ed0ec59b64eca
SHA256 bda7c246a73546957b4dc2307d09c3ba265bac3e554f38b3b12be2375199aba4
SHA512 45148b03c698adf6a4f239297cd4dc4ef202d2c5c231307daf76853f6c9f910fa580a6960f7015d47d185e8dfc7e6815207cc548f09299277dec78e64d266dcd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000091

MD5 8eef3609d0a76f2af368adc35900f494
SHA1 469ba340cbe3f7db94d623a5b4ff810c6c6505ea
SHA256 ef3470a26020d80e14bcf4c70b20cde4d9e11269db53fa1fcd36a1bd7ec7ef72
SHA512 aa4e0fcdbcffe5f75fa03671d7c5754ed3c2a8ee3b0a0e6eb17147256a548aa201b0805b9774d3c4a1d3b7552fafc76059b3ac589335dead002ee6e05e9f019f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000093

MD5 7c59cf6d31d3ff81fdccb2d99ec88119
SHA1 d01cd27104a09ccc25a608ed28f07e26e151f81a
SHA256 a1bee363bdbeda57ba92a3bf8475a745a76de519c602b35969a95aa848286494
SHA512 0df9dd75bb0f7350a3baf06dad5043d767809cb7e0074cf53cf80a43d13673a716f336fc2d883683b0bf170cf3dadc19fcd8d2c402aca955b38887f272565701

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000092

MD5 ca475fe934df068964d54d26b5973a01
SHA1 91c20353395ade7f2a11863d1a35473185deb8c5
SHA256 dfd0ad8ea148a8f7918c84a84ce1c885b1350be8998aac2981dd7fce1314e92b
SHA512 a7770479109fe7aaff75fde27a63368c377662000e0aa0c5a295ef8e601e96b3be04acb73826ba660df2aaa558bd4dfdcb10099b05219aaa0842de70c6802fa3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000080

MD5 036b74783ce20828ebda3211e891cb04
SHA1 7db78485a24e74851b46bda99b7182c086312b46
SHA256 4e78c615a7d6e9bd891b73196de1aef20908169f95ee0506aa1b8889cc8e7cda
SHA512 603b40cb949f402480bafb423486cef83e34334f1f139e51fcc13aee5e2fd933613c26b011cc75a10a5730c4252c0b406cc24022bb5aa841d9c29b2ee8ad487e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\959067c16dc759fb_0

MD5 0f81d0bd557854b0d6b88d8814f42ff2
SHA1 67aaf0a39fbc27a2ca30c2d2fcf88ed574605132
SHA256 7adb53e898dd38f1de46fea74dcca245cdf9c6db5644c751537f0b774c3448d1
SHA512 e614aab52e8b1912c91be1dcde8ec4f977edcccb45b7a1911aa67cfcb3e6320d8d8b56bd7cbb718202464d25bcb54c40c73585cfa8caf4bf1e2e4cbcb30a1e4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\85c482a01e5c66ff_0

MD5 e29ca5b4991f52f34b87d836d21700d8
SHA1 c244b792b7b6dc9f4d3dac763406dcc26d803c65
SHA256 71fb97131b71692f6ccc7cd88ade8eb15ba836d0c7817f0191860f6fdf94c7ae
SHA512 4872d4383d60b2632dba8d0d2c6e155e19114a38a76ebde050151dd52957082f1a63d11cdf5f6438462d0889a13e952c45e68028b750b969fe37a73eb6fa3009

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\63baf16a3fa6820b_0

MD5 bb639e68a82ea49cb680198ef26d5e49
SHA1 e6635865a6cace6b3ec4d61711d411290ddd4736
SHA256 2bba9f7743596170fb10eedda62b875a19ec148736280482d405c3e6fa1a964b
SHA512 e93bb109277e6763894b07730acdd2f897f312318dcc30354d98bbfb220618489161891ce3c200e4849b5a6992b25db0b8d43128745e443e1630694d14245b28

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\29b619b657a8081a_0

MD5 160ced89f1d945cefe85a1c6b6142ad2
SHA1 ed91df13e9144871060db445d9d12bfd54989527
SHA256 d1acb988712a126871f83ab92962d4aae174966bc54c4afd1c57efcfbf3e33be
SHA512 48094fd134dc6c446e9e1f738a84f507a3b94a056818dc67802a3dd50e94b311f2b159077c588c05ab0431b1128efd124a352589a78f8eaf88bc677b6d9c2c98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\15b07e67901210b1_0

MD5 92e0d7cb45bd7e83fb8d429663ec6f78
SHA1 af3b2209b3f2ac154c0dadf3ead157de46304ac9
SHA256 5378b694810e9daf38acb594b7feda140d0e86c35cecc2c64ce3d97883fc9c3d
SHA512 13a57a660d287a83b4b168c649741ab3ca29a47c8ddca88afab148c7331bac3c46ae7ffd2e39e0f37510858670c5c1e5832d134fa4634d1fd8f4b40d480d4834

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\404291b765c5a8b8_0

MD5 c30c829840dd477c6ee148b008828031
SHA1 1cad73faa79220f619817f74bf436eddd614420c
SHA256 5b22a9484553d4b6e2858eacea36186ec167c7250e45b3522abbbffcc8b65f38
SHA512 b7fefd3b19fb131d788f0445bc5dff4663862b25a707addb6d840449b70b589b05ce2fb7bc3c8f33958e9d1b11618abc37edbeefe57b747827b69fe06a2012b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f5eeca08bfccf92f_0

MD5 d786015a10695d4e0acbf99f01dbb6c6
SHA1 38de97c62ab3bc6ab6bf739eedbdea296e3362ca
SHA256 ae773c097bdf475036f75af4b0d12ca9bbc7d6c51794c6477a69d1d7f8dca4ea
SHA512 78963fc6ea2b5f20ae63a22fc34804ef38c29f1813c417b12c29cf383598768df7caf33eda4ba67cf023bee2a5a5f6ad18872575e841e66800f09d6d954ba440

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d2a145987e8537c9_0

MD5 c868d4839f9d86049ec42a98acd2e79c
SHA1 6d4d097367aaeb9da2ab2635bbe1f188e0bc281b
SHA256 6b4b326400c33953c2e9acb5a56a73ecd40982ddb27a07550efe7bb8c925a96c
SHA512 937c919b19681fd5abc14a0da60385a68b16e3c63b7af6a8c9e50bc32811ce90dd550b98c55f385cecd4aa888b0764e057e13e42b39d7136da86ea6e68a25fa2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c95b5a5b775af252_0

MD5 7d76d6a4b7375e099aede51a2977e866
SHA1 83f6b89e765a2195ae26fc9554050739fcfa4de2
SHA256 880ff12093c445339e3962bcb421d6187e5a9136e803fbe3572779b3da7c9b14
SHA512 7ebee386bbb19d51a9e82000d13b227e133ed998c90879c9d6d33f07b5b56c3a71ad40db041b154d18a9899641d00752e70fb686154c0bf4ac307d15fc439032

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e7

MD5 1b7ac631e480d5308443e58ad1392c3d
SHA1 95f148383063ad9a5dff765373a78ce219d94cd7
SHA256 7fb66071ac6c7cfff583072c47bc255706222c2a4672c75400893f4993c31738
SHA512 15134314dfd36247db86f9b3d4dcb637e162f8fd87c0ce73492ffdb73a87492fc80330655617f165dd969812ed2ebcc42503f632d757bb89ba9116137882119d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a3

MD5 9c6b5ce6b3452e98573e6409c34dd73c
SHA1 de607fadef62e36945a409a838eb8fc36d819b42
SHA256 cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
SHA512 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000f3

MD5 3984be43550437b25530c8f53ee87027
SHA1 f41ac73065a906de660b71810ef57f28cb2e55c0
SHA256 7cb584c59b91a08cd03f371f994e53b9037f8cf19916b8ed535d7fad360a3a53
SHA512 ac3edd0f169dab2badf3d6c082c4c7db1e7412780d0147fd528419fce59e8b0e4f27b6e89fcd172ad200982e65821656318fffe010dbf1609d8947fc594208b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\54181a919e148dad_0

MD5 4d78bfedcad750ccbd595985cef1fdb2
SHA1 90c820127e33d0ea0cb4db9be638dc1dc9a9bbef
SHA256 5d60a19da99cd0ab293683cc1e3fc63b953a3e2614f2fa0ab546806f413ec77e
SHA512 833cdecfdb9bb644317681ab55b7694f4950c1f319e42a526d4bf1f0e36f6daab7e2574a69169b08b053923c3316ce3e329fde135ad401f108a87e8747c2bd1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a838658929119897_0

MD5 9ea57b01178c8155951aeb030a0b930a
SHA1 5fbf573a416d0d8a39c93b081455a14d4fb6bd81
SHA256 813d608bbb09bd4a30692785fcc3e4d1d36ab9f0b99158c36f80f97fb8fd28c6
SHA512 2a58d7faa4edb9dde1e5cf024929a111a8f0ccb00f14103e3c428cf94abd4f4c586bcb2bdca415b73f59f09e2d14ccef7a1bd0cc010cd9367879138d690a92ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d5c1551da1db2ce6d0352b7bb5a9dc5d
SHA1 a0cdc04c09157f875cd98ff741e28dc7a22e30a0
SHA256 bedc61f033f3433d8e96ef3ccfb60a26f8501982b83a0067e5d4a613e869bcf6
SHA512 aff26da570b0ef039080650f95e76b9f3e49ece41649068224e708e9e7fa379d529ae8a14e645e48fab4a7699a7ba0465d7385fc7bd9195d721c6116080ce76f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9b9db3d66f085481d34c380e7bb323b7
SHA1 0094f0818ed32b41b165d0d5930532f1459c1290
SHA256 4b0f7d3e71e5dc568809aebae366a4a785bd7dd2efe1e7ab7e6d4cd157696b05
SHA512 bb17b85d3da0d6ff778c3ba4d6487b77fd2544363dd9fce808d4844a01106cae941f825a19184c17e350d60bf82ac8538d9b9c8848267c6c2c69efc381e94870

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000105

MD5 86fca06e090f8017dd323ccc516a7ed9
SHA1 720fd4f4d0ac09308d19d229c8fbfde71313ce7d
SHA256 5516ce5826c34dc1d89b1373f09a5eb490cf1dab55f98da02bdc53a73b772874
SHA512 05f6ea47c48a2da3304a2d14a741403200ccf47e1f1b7155a2eba3fe694e4f42b8a327010fbc20b720ba06e4f84ee96b39d885989ae7cd20cc459261cd02b34b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a17c3a7078cd087c8a1b88c0cb0ae335
SHA1 b1d7e0c4fa58cf1af01c67a4a674448d37191f34
SHA256 48e17ec0ee48bb5b3a028672dcc21ba4e42da45a8866f97166ea01c461968bb6
SHA512 832a393cc3eafff09805d322074cf400a3269de0bbac57e2022058a6d49a6c227319dfcb6125954fbfe2a3d1456058d290a232d0fe1b5376078ab859ad30d2cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d0075896d53a0334f43da73701e318d6
SHA1 b4efd10e52a0dca6480bbe932033fcc410bd822c
SHA256 165fc23c7aa18e6840148de017c18ea06fa854e0e13920b679492974d01734b2
SHA512 fa33c84e312c10ee82669222c6f868d4bd55378ed9ec5e3a78f4ca49d5b413a99abe179b410e03e9f3cd384effd2b8b109b3fdbc292085de4791aa8be838bcb2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e231ab5b063bdbcddc215ee5c19d570d
SHA1 60210bb2920419d271ef4fbef839300dcc85552e
SHA256 004fc6befbce87f7bbe95f9427b80766d6fb568cdd03bebd1cbf7d3eac4a934d
SHA512 d6e9d3da63881b6e154dabb1a2892607a04968a812ece4aaabb9e11ec0d54cf772ec2626e45a54bcc2904f81dff06033abce78a91e08c372f5ca77ba7d6cae84

C:\Users\Admin\AppData\Local\Temp\Setup\ds.dll

MD5 d9cb0b4a66458d85470ccf9b3575c0e7
SHA1 1572092be5489725cffbabe2f59eba094ee1d8a1
SHA256 6ab3fdc4038a86124e6d698620acba3abf9e854702490e245c840c096ee41d05
SHA512 94937e77da89181903a260eac5120e8db165f2a3493086523bc5abbe87c4a9da39af3ba1874e3407c52df6ffda29e4947062ba6abe9f05b85c42379c4be2e5e6

memory/8128-3697-0x0000000073D00000-0x0000000073D16000-memory.dmp

memory/8128-3696-0x00000000071F0000-0x0000000007206000-memory.dmp

memory/8128-3699-0x0000000008C30000-0x0000000008C74000-memory.dmp

memory/8128-3700-0x0000000008DB0000-0x0000000008E16000-memory.dmp

memory/8128-3701-0x0000000009760000-0x0000000009C8C000-memory.dmp

memory/8128-3704-0x0000000009400000-0x000000000940A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8e6b9c7d591d3dc636fa1299974c6c26
SHA1 963264c4a716fa37f22eb32143eca6ba4dc2abad
SHA256 631fc02501e06667915ef533c70853e672d10480ee88460d062f48fbaf8f8b9f
SHA512 ea3cb50f171d0eea27a613740b8ba6b75b52fe5ec8fef646f623e7b436cdb7ea396ed265f1354a8930c7658a5347d245bf32bee47d7ff99b6edf30cf2da52b00

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 248de1643ef6866a19d57bf3cff227b4
SHA1 6d08c00df970bb53407d562f05f96d9fd8663977
SHA256 ebe33a63485cdc199f4c6a01a388902284d8eccdd3298194240589081989d646
SHA512 e88122e1b144680f9020fb287c58b85ff22c47ed92be990c2a65f49a45a851bc0190e48d6d84cc23f0d1905d4b4734deb01b25e7d4c3024baddd31e04363ed3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\7499a289-7e02-4c6b-b334-bcc4052c1b68.tmp

MD5 35092a2c96402e99478c2ecc5c1c54fb
SHA1 8bf5ac64d2781051d2d65ef081912dc7ad101571
SHA256 297cd53d098a5c830da955f4bceab61770fb1e9f402dd70503a5e27c2fc133c5
SHA512 96aa0e34ff8fa92046c826cac3848fe03ce9297f52a7e9afbfe9d69cfca4cd14882b3717174eba0f18e9a9f324ab42e5636f0ea22b749ad26a6eed0bdfc4d101

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 526db515a5846bfeeeac4b5a841efb08
SHA1 e32d0eb825794682fb55e0c8c199002087ed5da0
SHA256 beb31e12cebfab48506ed474457b2b7cbcb639bce51c0e6f69b5971efd53fd87
SHA512 d545b6e0dc6b62fc7e0a618e363286c13c76d6d5a94b9619d540e754051210c7b766605b600564b11ba197d46293c12597703aef341031129f621a6132abdccd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 edf5b4a63bd4ca89faea6f6adb484ef0
SHA1 b65af704c175a4cd05c5266a38fb2745ede8c435
SHA256 48a874c7184db0291e6b6aa3f6d225e395363791d1070f074b27f5a2bc278072
SHA512 237009569c64b3f91c367332e9f151ca41d5910ffce8dbb2a81c87270a020ac784e54b6d4b8ca3ebc7b19cc8b09c7916ee41f57accb486f6b4db2a0246f95a46

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1048140e91a51683071b05af70109df9
SHA1 86047a496196568e7a5c6c4bc35f01ebd7ed4e4e
SHA256 cf535ed573f395f18766f7124abf8f30121f7b7750aaf86cd669959f13e97f29
SHA512 9106c32d97d6a00ded8febccc5130218505bdb999f0fe7e32548521ae93c3c01d60f95433f1e04301d5e47e93e0a257b406d4a7568e10d7d5193bdc5334a44b5

memory/7644-3857-0x0000000000D30000-0x0000000000EA6000-memory.dmp

memory/7644-3871-0x0000000007DA0000-0x0000000007DA8000-memory.dmp

memory/7644-3873-0x0000000007DF0000-0x0000000007DFE000-memory.dmp

memory/7644-3872-0x0000000007E20000-0x0000000007E58000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6dce01380674e182b04a6161130081ad
SHA1 4a4b1be1c4accf1447ef4a8692a2b30007730c64
SHA256 6c338e83a6fcf91cd6ab28e03090d35c742c64ae9f06a385be3531cf4d31211c
SHA512 6213b9c13a9e8ac16af8b13aa7c65e00748ae8aef9bb788f6ad31660d0196e8b77e4943fb283554f9437efc76fbe01fb15dfbcff740a9f68ffde8b88893a494a

C:\ProgramData\McAfee\WebAdvisor\saBSI.exe\log_00200057003F001D0006.txt

MD5 a04fe146a48da8032bf7aebf5ecca9e4
SHA1 c16b416667927bdc42b009cbe943b8884987d165
SHA256 03a6370e0642add089583a3a4f9459d1b588632f6b96d8440cea4e6bddd01d25
SHA512 98af11d98bbebe3a71b69ad6b8c4a923090615e396728d4788b6c615abd5c7595a0e49dd23206572891948aa7f95711a1657faaf68a62d71f670848496bbf0b2

memory/7784-4047-0x000001BA1F610000-0x000001BA1F618000-memory.dmp

memory/7784-4048-0x000001BA3A040000-0x000001BA3A568000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\x5rwk4ex.exe

MD5 20995d0ef178e9f020a54d7877af9b86
SHA1 437a87c2b57b36a9de7103c888e207de2259a520
SHA256 19256b95888506428e56e480379a7cca49087e1179ec7e72d0eb7a0b1e17a0a9
SHA512 4aa6a0a534f9ba29789c1ab68bd6fa7302aa6c25fcfca933c23a80476d70886ee782172f45888455e0d48b0164f9d7943d10a62163eda4d822cbcdd281b9dd47

memory/5720-4171-0x000001A7528C0000-0x000001A752902000-memory.dmp

memory/5720-4170-0x000001A752330000-0x000001A752440000-memory.dmp

memory/5720-4172-0x000001A7540D0000-0x000001A754100000-memory.dmp

memory/5720-4173-0x000001A76CA60000-0x000001A76CA9A000-memory.dmp

memory/5720-4174-0x000001A76CB30000-0x000001A76CB5A000-memory.dmp

memory/5720-4177-0x000001A76D630000-0x000001A76D688000-memory.dmp

C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe

MD5 cc7167823d2d6d25e121fc437ae6a596
SHA1 559c334cd3986879947653b7b37e139e0c3c6262
SHA256 6138d9ea038014b293dac1c8fde8c0d051c0435c72cd6e7df08b2f095b27d916
SHA512 d4945c528e4687af03b40c27f29b3cbf1a8d1daf0ee7de10cd0cb19288b7bc47fae979e1462b3fa03692bf67da51ab6fa562eb0e30b73e55828f3735bbfffa48

C:\Program Files\ReasonLabs\EPP\Uninstall.exe

MD5 8157d03d4cd74d7df9f49555a04f4272
SHA1 eae3dad1a3794c884fae0d92b101f55393153f4e
SHA256 cdf775b4d83864b071dbcfeed6d5da930a9f065919d195bb801b6ffaf9645b74
SHA512 64a764068810a49a8d3191bc534cd6d7031e636ae306d2204af478b35d102012d8c7e502ed31af88280689012dc8e6afd3f7b2a1fe1e25da6142388713b67fa7

C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe

MD5 8d6d7d2b4b15a56c187288485d57f2a3
SHA1 06980d9bb48deb03fcc34734d45a12a7e73a174e
SHA256 eeed21499b9903b7d8d09392db96475c432ada134afc8ac68099bcf4238dae05
SHA512 e6c3a2d2e956ff8cba77b824e1e9daeb25bce8350c85bd26f5184d5ce9d08e0c76bbdb3772e671a87eb50daeaa45966064cce09374bd6b68985bac90dfefd41a

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 5251366fb4ff2612e120c9c94c2bebd7
SHA1 ccea99050981894d1d499c4d39414a62e9109c5a
SHA256 6544b1d4ae6c1f08f80d6c9a2ecfb9998ba4f6f3a24500b60e4ac674c59d1411
SHA512 0f0bd3a7b55da523a11b76149498963e16781f556660073c0a5265e22addbffcf9672570fee45ddd43e0bf801938776a5f7eb69b73e535a6869b90b8b98e0333

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 077459d4bedb79ee07bba16d55abd2bb
SHA1 259949d121fe109c626590f2ebd081bdb068409b
SHA256 f2d0a0606cdf454156b1eaef72d8339ee6d8c6f7110192eb1ecda919ba5daf36
SHA512 c8eb01ba9254150fc5a802f126c61656d4c9282414b9ea8297786a6c98c0895969b1b955fc1e10ee3be2840ddea5960eae0ed3bc31689eeea5148ffb2c5f8c24

C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

MD5 60243f31602e742db316b4401cfc7a1f
SHA1 5055b51ecfc079b55a1f30723b9f8cbe94883b62
SHA256 3bb187921eaf22cd02ef7a12126cc677dd5efd37802e2634fe5948821598a037
SHA512 ed3d053c898d381e78b71f6c003899e7f01d2702ce38ac843b9598f235da588212519d8bb2810762a72662a4631ee9d354ca71a0994ee967247cfad552720ce9

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 d02d52bd5a58a64a242285669f428b3b
SHA1 422a240d1b44a108989d4e656291a073dd0fae46
SHA256 07b84c479b68f3f3153ea34faf5edcc29287118385b29c35667033ba4d72422e
SHA512 f61309853fa9f752bcc0d77fdc5b45dec6b6ad2fcca85e8c383a190e33a6078f02e9234c823bb666c1f7d9f619883ffc8daf66fa8f9341a5e6427100b056c24d

C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab

MD5 582cb55f1d5488c19de8a02e5c22e1b1
SHA1 107898c4b33c797fbdeaccf0d4c73c18e30fe81a
SHA256 7740054020dd617171342f29863839b1ab9e7666ea5e5467039f30306bd409b1
SHA512 ca3abfb0ba9b34bd006dc9576b1d56294ccf2b3086483277a15e6b96ed7ed206a858acfa618d6188f76214d86b2f2f40b43f2f10b3026dc3e5bcbe223186357c

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 22333f00484e889d641ec8465ba29fb5
SHA1 f5991ec969587c6e7106b313da9a3a968009cca5
SHA256 35c1acc7a0a29004abc78cc3390b6be083b5159696d70570f3be2c65249afa2d
SHA512 539bb7d081696c1908d521a115daef9a75efbe29b4fff824c467813eaebde3ced151aba10b1816553b0fd38dc0997f10c109bb96de1a0081e726fbe80ac625ff

C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt

MD5 e82f0c2bcaf41d2682e370ccd24ec5c0
SHA1 863fbcb126a16af68f0368863d9d9b53a8a72ace
SHA256 ad60e438a2abfc26e3229c3e97548e9ce5957eaa218440310dd5e3b547fc66be
SHA512 c195ade30cd12d4d8a6269fafbc7b31329fd6463b7865648843c9663352ab0ae319f0af116df5163c9abbd6d87a6120d71cb67e1706e3515548edbebfcfacda4

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

MD5 cfd00d57506561653a0437cd9b1ecf04
SHA1 4cc7db3f73b26e331e6c119ee2a292d47ce725f4
SHA256 f83633270bbfc11887971011613dc6f1ea87e0bb3c5b900fb0cbd4eb69e7a24b
SHA512 67d28d1e93dccc62558f482884d74cea4842091a5b23625b63a835ac18e8f466f0f4aa5a764ba6a13931e7cb95a7e6bffa5da8955515b449594f3384d769cf09

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 0b1f50dec8d4869faa76aedfe8e9c70f
SHA1 449a33b7a783eb5dc88f32eed2eef7973786d8a8
SHA256 bb46927d3002abe88cb82d0b576aed41cc3ad3ed69812799ad6bdf3bb21c5c5a
SHA512 21b4d673d753346b177d6b4dcca136c33522dd9ff64625f41545d442e98b4ddfa82249ab5c07b6fcbd8f23c8f09eeeca90e9b602ea3e866ead4d1b4389b4e8c6

C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

MD5 d6a9459808a1f502e7630d4bb4b22b71
SHA1 d1513c6c183a103810c63f2026100b73cc58e228
SHA256 b32b8fd078212685a11524d4eb3ce0f8a8a717aeef01ab8e8e068aee8bdb0716
SHA512 8c364d30372c919a28e7af0f2d54a7db3cd473e64439d395dd42d850195791a1b3bb8efd009e0c4b4df1dd8868bcc7172b5bda1b752c579fd4720e207068731b

C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

MD5 5d01029b7f8cad92a15700a5fdf12f67
SHA1 cd7f02aa8c1eaa56fcc65dae54950e60a99b59a9
SHA256 20e057d10becdd6e07ba4eb79c348b79f99a4c76666c60d72e6674356dae91e4
SHA512 6217639fa6e7f09daea331ba9c7a9a3ed3d44fad95536089f972e408e21049dbaf85676f54b883701c8f423ed08219f08a356ac2dc57cee33d33f55f3f80c8d5

C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt

MD5 7442301c9963a8f3a378083089d1823e
SHA1 e8d9482beccbac36ee48fc01e1695b9a7fcab28e
SHA256 97132ba873d5430eb42c9bdc997498acb738487b329531ee894ce2bd22a024a8
SHA512 eadbc842e6879ffe9aa5320260d09c6b458bfc3ea161e0dde9339ad9d04a7c152d89f20d8bcc208990a871106f4dcda400d85fa2a57321c91498f04b7ae9f5c7

C:\Program Files\ReasonLabs\EPP\rsEngine.Core.dll

MD5 b3b1147d7bcff3698ed64b9ca31dd75d
SHA1 cfcfecdfef6103e606e6559920b0164e6ddec856
SHA256 1f260a7cf65d80332a58a16b713570054e83d2d842b17ca76262dedef69922f8
SHA512 8638c0c96ed95c6ce5b00444b7287b0017b2ad1c1aab874b9caa9210fcaf4f7e7a3aac6b261e6e2686b66bbb02d6a68827541bf7a78a922d057a0c0846884614

C:\Program Files\ReasonLabs\EPP\InstallerLib.dll

MD5 5e2b4c627d4afac7b138fb229f3ba8cf
SHA1 7b8b27bfcbc2603f7e10474d3895e6dc821992c0
SHA256 b3df61de305444755aa5c79b4a88f10d5474980db8da0d674856ba158eb1c3b6
SHA512 325d151197bce5ba7a9ba76cdaaf5f9f5a3fc546542e78dc2b3b35337654a65ee2d19d20112d82b496104f148acb6b25e8c3d27a567b5eb6f0b2aa38aa4093ed

C:\Program Files\ReasonLabs\EPP\mc.dll

MD5 5761d96590d91fa336c068269a7dbd93
SHA1 5a1b0a8b4f255680a7549b2b27c28dd65a5a3e47
SHA256 7dc02294611987dcffef0d1ce99ff316926901fc872099cbea2fb76997e29f65
SHA512 f8f5743547c96aeb579b7786fc9af64102bef3cf46a6df270cccf5d51a48467d9547732ff49f8d5258e7f28a5bf2d234d3344c2862a5a67f5054de81ec6f4ea2

C:\Program Files\ReasonLabs\EPP\ui\EPP.exe

MD5 09e2401f12f54289c04af17d90f0798f
SHA1 2f95c7a2684338f5fc66b0c20e148b2a9938b154
SHA256 3efd3ea030a60cf4c5e0c6b93fdd24f1743e56cecd3a30329375ff80ef47091d
SHA512 8337b3f7bb29f546eaefe9adb8b7674007176c0f6d429d9b51df7eacf41b09042359d028ded0c934f71ce11e308252b86846027e10e07529327a451cfe7c2206

memory/5720-6829-0x000001A76D4D0000-0x000001A76D526000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\450ec0a2-ae46-4076-ad83-ad20203bbf4d\UnifiedStub-installer.exe\assembly\dl3\3fb62148\47105276_eeb0da01\rsStubLib.dll

MD5 fa4e3d9b299da1abc5f33f1fb00bfa4f
SHA1 9919b46034b9eff849af8b34bc48aa39fb5b6386
SHA256 9631939542e366730a9284a63f1d0d5459c77ec0b3d94de41196f719fc642a96
SHA512 d21cf55d6b537ef9882eacd737e153812c0990e6bdea44f5352dfe0b1320e530f89f150662e88db63bedf7f691a11d89f432a3c32c8a14d1eb5fc99387420680

C:\Users\Admin\AppData\Local\Discord\app-1.0.9051\lib\net45\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt

MD5 d59950b9a4f149330cc285769b5676e4
SHA1 0997d32149ad89e1d8c61772d96d0ee795fe798a
SHA256 21a15ca39dc2177fe156585d414521977e6f8aa8c5827a7caf369f6568bbdb4c
SHA512 4453224f0ea7566bdaf7b0d45e78f37676dfac19111856b4a7542ecde98f9d872c0c146c4c91cc0be2a107f93b9890b06c2a139589f8eb7004af12469ca224f5

C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\450ec0a2-ae46-4076-ad83-ad20203bbf4d\UnifiedStub-installer.exe\assembly\dl3\1de47703\6edeb5d4_c0ccda01\rsJSON.DLL

MD5 8740daedb5e9ab8a48389ee3088a9c16
SHA1 4d821d8523ee72ebe2cd3e74e3c0cdcea7038d92
SHA256 8c0123b38ef50dc9aa0cb7c56028ae9c031425ab812ee0b56ff396c35b7af95a
SHA512 e847f7bd7c02662196b1bdbbd1073e21bb185c4a2d19c351b643de80c3efca661c126f9ebd834373d1baf56e8a67d03ce9624132d35f4a8deeec00d4a3236b26

memory/5720-8614-0x000001A76D530000-0x000001A76D56A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\450ec0a2-ae46-4076-ad83-ad20203bbf4d\UnifiedStub-installer.exe\assembly\dl3\0fb079db\9d05b6d4_c0ccda01\rsLogger.DLL

MD5 683e19faf979c5ab2ae5919f0b3d1485
SHA1 8453dbc5029e96e4c42cf96b327aef987b15b9e8
SHA256 60834a138a215289237b1f99c05489e7bda8e8c4357ef8e96d7914ef270e5ca8
SHA512 0b3764b1fe3b7fe10f7b78243f5a91c8563816eb19dad8d06e31dcaf6898ecfce667fe2585cff4dacc2a2650cd09428b5e4f2ff58baa54855e9749dc4f5d44f4

memory/5720-8634-0x000001A76D540000-0x000001A76D570000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\450ec0a2-ae46-4076-ad83-ad20203bbf4d\UnifiedStub-installer.exe\assembly\dl3\b6e39f2d\e5eeadd4_c0ccda01\rsAtom.DLL

MD5 f2c6d0704191203c591b7257beff2d57
SHA1 0f8e468f8c26b71c5162b33caa812fa48bac8dd6
SHA256 ea791c403f402fbe8763d1adbb3a317463562a42757aa74d96505f2a4997585e
SHA512 2637921c04e98b14085778f85716e92efb76f9a50a0a9c1793b0310043ad60413642199e49f72eccdb4d2cbdbaeccf87ed83bd49976e6409b10916ef0218be08

memory/5720-8644-0x000001A76D540000-0x000001A76D56A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\450ec0a2-ae46-4076-ad83-ad20203bbf4d\UnifiedStub-installer.exe\assembly\dl3\e649c82e\472cb6d4_c0ccda01\rsServiceController.DLL

MD5 3c11f1f4ab1b51e92af5210a25cb1a98
SHA1 f34e01f036d6279cb99ad36b7ad4f93875055ef1
SHA256 aadf52eefbc4330a9af62a2554635bc4f6d9503e0689ba86ee56c194b34d6382
SHA512 f872d8ec41c38e2c6527e4dd5285f7f877fe0714e94fde304f62b37b6f300d5bae38943df0c62dfa829886b0adbed01f6af14bdb8353ff6fdf73acedeb5ffcb4

memory/5720-8664-0x000001A76D770000-0x000001A76D79E000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsEngine.config

MD5 3149ca79d09c362307bed37960f0fd04
SHA1 f5f43f511ef581dc7b88ed194bb8e86e42f45bd3
SHA256 5481ccc72cad44173cdfbf746a701bb79e2b75927ef71aee1226e07e1265d31b
SHA512 d7c519a58bdefd24bcc26ec681b27a72a0aabbf4135d8e47a493abe1e4affd7cb5740b132d445aa9ecf66247de7406d5974557ae671d5977e40d877167b94a70

C:\Program Files\ReasonLabs\EPP\elam\rsElam.sys

MD5 8129c96d6ebdaebbe771ee034555bf8f
SHA1 9b41fb541a273086d3eef0ba4149f88022efbaff
SHA256 8bcc210669bc5931a3a69fc63ed288cb74013a92c84ca0aba89e3f4e56e3ae51
SHA512 ccd92987da4bda7a0f6386308611afb7951395158fc6d10a0596b0a0db4a61df202120460e2383d2d2f34cbb4d4e33e4f2e091a717d2fc1859ed7f58db3b7a18

memory/9248-8698-0x0000014D97950000-0x0000014D9797E000-memory.dmp

memory/9248-8699-0x0000014D97950000-0x0000014D9797E000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog

MD5 1264314190d1e81276dde796c5a3537c
SHA1 ab1c69efd9358b161ec31d7701d26c39ee708d57
SHA256 8341a3cae0acb500b9f494bdec870cb8eb8e915174370d41c57dcdae622342c5
SHA512 a3f36574dce70997943d93a8d5bebe1b44be7b4aae05ed5a791aee8c3aab908c2eca3275f7ce636a230a585d40896dc637be1fb597b10380d0c258afe4e720e9

memory/9248-8715-0x0000014D97DE0000-0x0000014D97DF2000-memory.dmp

memory/9248-8716-0x0000014D99720000-0x0000014D9975C000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsWSC.InstallLog

MD5 43fbbd79c6a85b1dfb782c199ff1f0e7
SHA1 cad46a3de56cd064e32b79c07ced5abec6bc1543
SHA256 19537ccffeb8552c0d4a8e0f22a859b4465de1723d6db139c73c885c00bd03e0
SHA512 79b4f5dccd4f45d9b42623ebc7ee58f67a8386ce69e804f8f11441a04b941da9395aa791806bbc8b6ce9a9aa04127e93f6e720823445de9740a11a52370a92ea

memory/8804-8751-0x000001F43BA90000-0x000001F43BDF6000-memory.dmp

memory/8804-8755-0x000001F422FD0000-0x000001F422FEA000-memory.dmp

memory/8804-8756-0x000001F423020000-0x000001F423042000-memory.dmp

memory/8804-8754-0x000001F43B8B0000-0x000001F43BA2C000-memory.dmp

C:\Windows\Logs\DISM\dism.log

MD5 8ad1586479e957f9091a96b125c4faa2
SHA1 0dbd782eca9b4f95002a0cf105662629134434bb
SHA256 072321774c49034fd6e4335216ba7cc25e64ec7fcb1362c69231493257896190
SHA512 d12c54461bf5000ba71600d2a7a3178731346744de87b1958f9cbada0126299d1f7c4c2e9a7912399a497c249c7e3486e81d77eb83fb2628cfce614b545544ed

C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_00200057003F001D0006.txt

MD5 074992d48b46cb0bc358d69f6c450b42
SHA1 79f7a8bb21316eebd4efb14e2aea65f7f413fc3a
SHA256 5a82a85aea506015df534b687eebd8f3099d673838fb8f3e617e7a752ecf0c43
SHA512 944f0581703b959d894496d7908c036bfe5bee36df5309a93e1d9505d888efb2c14a32122da2443c68a0a82d2215c2704d82e9c22e34a7b50cd26485c6dbbb72

C:\ProgramData\McAfee\WebAdvisor\updater.exe\log_00200057003F001D0006.txt

MD5 5d4d9f38c705263cbec2fdcd2280ed8d
SHA1 8e9d68f574006362520211555da81eff89e45754
SHA256 07fcf981a4f253345c6bb3f35f43e1769d76988fbc90ae5b92de0921ada18f22
SHA512 c5a978d8048a0fc5c96b93e5648bf7798a3519294eb637a6a7d05786ead5acfc082236e472496f31120de6d2e164e56e646e508ee4f885ca7debde6791a582c1

memory/2500-9049-0x0000000002830000-0x0000000002866000-memory.dmp

memory/2500-9050-0x00000000054E0000-0x0000000005B0A000-memory.dmp

memory/2500-9057-0x0000000005290000-0x00000000052B2000-memory.dmp

memory/2500-9058-0x0000000005330000-0x0000000005396000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kxxoeabd.h4e.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2500-9068-0x0000000005B30000-0x0000000005E87000-memory.dmp

memory/2500-9069-0x0000000006040000-0x000000000605E000-memory.dmp

memory/2500-9070-0x0000000006120000-0x000000000616C000-memory.dmp

memory/2500-9079-0x0000000007200000-0x0000000007234000-memory.dmp

memory/2500-9080-0x000000006C890000-0x000000006C8DC000-memory.dmp

memory/2500-9089-0x0000000007240000-0x000000000725E000-memory.dmp

memory/2500-9090-0x0000000007260000-0x0000000007304000-memory.dmp

memory/2500-9097-0x00000000079D0000-0x000000000804A000-memory.dmp

memory/2500-9098-0x0000000007390000-0x00000000073AA000-memory.dmp

memory/2500-9121-0x0000000007410000-0x000000000741A000-memory.dmp

memory/2500-9183-0x0000000007620000-0x00000000076B6000-memory.dmp

memory/2500-9223-0x00000000075A0000-0x00000000075B1000-memory.dmp

memory/2500-9238-0x00000000076C0000-0x00000000076DA000-memory.dmp

memory/2500-9237-0x00000000075E0000-0x00000000075EE000-memory.dmp

memory/8312-9371-0x000000006C890000-0x000000006C8DC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\f13104cb-2ef6-4047-b27f-33ee77a68c64.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Temp\scoped_dir3584_372578608\30ec52fb-4ede-4ead-8681-b6f24cf02644.tmp

MD5 cf49ded7fb421bdb57611ec6e2fa9877
SHA1 575fe64f1eb791f68764ff3a06d0c3cf079dcc67
SHA256 e50343a51c48a4b4d33f62ca9703b9e820352ed2e78b8316862bb217ef63eacf
SHA512 5784ea225a4286f6892fdb51f2ff60c0a8649b86f4b0f7968e9fe395c2ef12a03169aed806fbbe897f935ab2d25c26bd15d06412eee1a1b46f95f508f78f42a6

C:\Users\Admin\AppData\Local\Temp\scoped_dir3584_372578608\CRX_INSTALL\interactive_balloon.js

MD5 8811c08dba69f3dd5c1be93169bd13ba
SHA1 e00f8bebcffecdad1a0efd4cf297989b5424cb14
SHA256 5a1312afd6924fa1ddd84e14e420c13cb94980886a3fee322647e29a3a7325fd
SHA512 872cd6836cf9d43c9a6e7b3cedf75fa3b81f907ce322f90b6d80f5b07c28ab6ed8b70d7ff6fc2a673535c499d695ae3f2d82ee9e144e15b66cec6b78074e3708

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\foreground_sidebar_main.js

MD5 99a047caec3d5a09a4d826950f6772a9
SHA1 94be4982caa268c23c3f6b47372e0d126b1f0995
SHA256 04ffc42f5a772d1fd98a4bd059d3ecbd6f8252a5c823384c376c6ff2c3771389
SHA512 550d9bb09233e8941f1407165f5c3f91644755129ccfd87802a19b6cbab503ab53ef227f0af28e857d51c98949502b071e308269a5e247b5ea251fb6196540af

C:\Users\Admin\AppData\Local\Temp\scoped_dir3584_372578608\CRX_INSTALL\ff_policy.js

MD5 65ab95ea097eb045ede98a5a9911e11d
SHA1 4e2f7880681bae2d929d99bfd18f1c4e75b30d76
SHA256 cd09e4f07f25389e0ecb44e82ccc672c84065cfda3a09dcbc63df5eea3b926bf
SHA512 322c891114d3242cca615cce80cfbbe6f04089e7cbd8e92a83004b9e1437a752c9104e47e5926d540f45ee211681dbac3b1bb75589c47884b46f019c7ae72573

C:\Users\Admin\AppData\Local\Temp\scoped_dir3584_372578608\CRX_INSTALL\scripts\content_aps_balloon.js

MD5 8c522f603f9558cad5a9af1d4671977a
SHA1 425b1eb95b1aa43eca0e6ce4aa2cb47d76d469bb
SHA256 96b23f0144982daa0c109ff5a1970a7645f5f430dfe492f72024ea6c65549aab
SHA512 11c70997b537627bf2006ef85b28240cb9591790e1585ba28c3f3fa7f37fa32f9da6809e59b93a0deb56de0056203532d2f38a2f516a5c3bf4c60b86cce0ba79

C:\Users\Admin\AppData\Local\Temp\scoped_dir3584_372578608\CRX_INSTALL\scripts\content_mb_precheck_injection.js

MD5 3a08c629534b7fbf0a909d9e7ad8e692
SHA1 7aac3f5ce0f09c0eeab14777a0400acb1449ac88
SHA256 0c47bd76fcdeebc9f2185f2fe6fb67508c5ec6f3f4c8a230c3f2d1dc52561373
SHA512 096ae746358bd9d834365443dee82ba1b39dfa1631abde8d2112b573930e24923cdb1c8bcf511d78034846d59b6ecd6fb68b18365a9bd7a6e536bc8f4a206d76

C:\Users\Admin\AppData\Local\Temp\scoped_dir3584_372578608\CRX_INSTALL\about.js

MD5 2fdfe23e0bdf0b0d9b7d9f79c1ddb806
SHA1 427278389f92e127018ab6d3c990957d93a3a95e
SHA256 ef8d6acf796f3c3051c5a86d1c4551e2748976be9869a1c7a4f9ea9b539a040d
SHA512 cecdc80f93aa751613d6451a8b2cd7086b55be25979bda521fcf8d19cdf1cd275bbbce95c731024d68250be742ced20588ca70c80d3bc4379358e694386dd355

C:\Users\Admin\AppData\Local\Temp\scoped_dir3584_372578608\CRX_INSTALL\images\browser_action\green_40.png

MD5 844950e5c560a509d18d08fde84cae1e
SHA1 f6b9fe291596760c54ef3bda7e86539ed1bc174b
SHA256 fb5b7a7cf4511a085f10c7892c30cd6e96bc1dfcfa77130187203012975c4b32
SHA512 b9e3b0efe15fe08dc36f715379f85e4152656bfa5cfcfb68ead4053c64c7c713c7c01cfc473147ccea64c2d210b49dd9078ca37b42c56353bc52939011a6c64b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\css\site_status_block_page.css

MD5 90a02c68cb9471c313487e296572223f
SHA1 937bfa77ae5ea12772daa5332f700af632e1e15c
SHA256 ef6fcf6e424f02b5cbce437bd6fcfef2fadd11ed8188537264117fdc675372f4
SHA512 ebec11bcbd02d6dab852fa03a2fc0b6e424fab3d7d3e9238b1d8379751e8b2f38630d4cc180364acf411089b4c871cef5d1ab83f52dd007e5bc94e6bc8ee6821

C:\Users\Admin\AppData\Local\Temp\scoped_dir3584_372578608\CRX_INSTALL\css\ff_policy.css

MD5 feceb462e4133beda13a210ea234ee51
SHA1 e32e8ad6bc1d213a3b444c4f017583189c3c4e5d
SHA256 1f2923645b40e5ea60a00f29945e03144656603bc064bf10901cdad1b5491896
SHA512 28aa3eb3fa94b508f838be2af0562b19d4146aa820e264f908e221904048d47cbea4bb66dd60c161e838fa511a6f9d7e96299dd20ad92590739cc0603afc307b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\settings.js

MD5 b0d4294043139b360196075679ee59ea
SHA1 05d3176597a3caa59eb5debb4ea5c6228a83c632
SHA256 8aab291ba4b6188718ccd57b9e6c1a72cb72ce06d7f9ac57b12cc2d1b0c9de53
SHA512 b2c6b53623b98737ff35f22389f28a09df0179f94db6eda11daf2298577c3399a23e6eaf2e179a23fc76e6bb520673a253daeac123a19ee407796f1b5951df59

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\scripts\content_aps_observer.js

MD5 bdf1a5d997819b666aa4d3056024f9c4
SHA1 34b7038c0ae4870362dbb15289a189fbf8d06837
SHA256 20962b76658955d36f798c25375ea22de3105390c7a44e46a5ebb106b30dac7d
SHA512 09acd229a836f123fc34bf4e97a4786ed38f4e416c1c6107fbef713ed4411daabaddab17a0d72c75beb68cce7d5264a1501c39b161aad789565aab7baee610b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\web_advisor\mcafee_webadvisor_logo.svg

MD5 602508266d365ad23c2c9bf5e352054f
SHA1 1dc20de9ca11a5ec24017b3cc6aa077cf85cfe77
SHA256 f09f1b00347486afacaec4e9cf7755986b8bbd6ffefe1e464fd7bb9928f16b2c
SHA512 b20c2ee4c40d1e611bd9cade5e2b29a04787289e70336044240c88824e454f46379c4e5bcd94169a53fdc4782f7cb2d9af31ea07ab59507f0c1db15b8c189696

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\web_advisor\mcafee_slogan_white.svg

MD5 10f404e036b0309e755d77e4e0348d5d
SHA1 820ec8420fbf5de31ace37d22c61d23fca73d3b2
SHA256 c4f3ebf83f24aba4843a588d064fadfe68e4cfadc925833e16c1aa0e30b9eecf
SHA512 d70de232e46f3c44bc544c65a6f46e46fc465243f3061e0a450f04a53f9309f5910f67bdd736c6322901ff2fea6fb6727963f6407161125a6fc585ad7a97a2d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\action_panel\ap_jumbo_rat.svg

MD5 7d7baf0b5707fd387853c8eaeb7b2fad
SHA1 86622c1a7a867226cc9023aa6f810214b5db2b71
SHA256 3973725865c3ae769d586406ae0b8b2dce72f3e9ffc5c7d4ecd713fa4bf4807f
SHA512 a07b6959e16baa67dfc1450c535124dae50236c6759f35e4180b7bb8619b3c52357557ae63be5a8ed97672fe28c2c55bca647f45d0ec934d41688f15efe68005

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\html\about.html

MD5 dd0cd300eee1e02e3c169357b8658110
SHA1 e017f762115bf370c8b4f2f90e0658324cc8a93b
SHA256 c0d7c21c3991f53bdec8d0645fc354ecbc33d7bb65cea2767020d509d9bdf4de
SHA512 49ee5d85e927c3a9acb2ade005ef99d426848dac1a700b10b359d99ee33072831d53935e086a1c5b45f2eaa013bb3fa5de5e7fa3efdcf66985a5b29573706a63

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\fonts\OpenSans-Regular.ttf

MD5 d7d5d4588a9f50c99264bc12e4892a7c
SHA1 513966e260bb7610d47b2329dba194143831893e
SHA256 13c03e22a633919beb2847c58c8285fb8a735ee97097d7c48fd403f8294b05f8
SHA512 ce9f98208cd818e486a12848b2d64bd14e12d42d84b2e47436a3c4420a242583eefc4a9b42401b51cc204146c6133645975682e4bb5d48527b3796770efa3397

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\css\scripts\content_mb_page_banner.css

MD5 72f4d8062f45b584d87a59407346c7f3
SHA1 3a9aed3d286a1a84424cbed265554e350d2b1348
SHA256 dcade32aee263bece0b0a8ad0e19b7b7cf24aa6861dfd3a943ec4e39afb80327
SHA512 da81558eca0dd3e9698cfd17b6d17ace41a88678c1c851d0e8d77c77bec7b535bc37152293df80059ab0a839d8f0d10ff17dc5e1f9e842737735ecbd8b0e100e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\css\scripts\content_mb_activate_banner.css

MD5 db85187b78165c17f3b641165c198b1a
SHA1 b4ed668856d98b3c74f4fb446a28240f7044534e
SHA256 dd8cee2344337e1dcfcd036fe5994bef73d1b0f7d4791b6f869acafb79113728
SHA512 16359dd5b4aba395e27c0f278327ab80099805b25df8d7ce530c81808d17cd2dea5e782b9d26bda849aca9e1d73a535d0e3c5a24888b1da8461206ccb26ff057

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\css\topbar_iframe_block.css

MD5 db4682244b17ad95a607fc0fdc147c1b
SHA1 86debb7dc600df78230e790a4f43eb9289ca46de
SHA256 320e6dd481beb9edd0cace112f85ba879548541b1fce0faee2b61ea28099dfcc
SHA512 7a3302cf1128520b47014fc0003007ee7d92b118473de84db95fb0223559d7c91f68d8bb00aa10b9802d7d461ba8bc6429bd1ecd220729a7802638834aa7f399

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\css\sidebar_rat_detection.css

MD5 96f2086625cd2c9e535a567b4c946f0d
SHA1 ff3291bf60e9ce2c6264af89b54a092cf17db9db
SHA256 ec7d7ea7f7c3ad197bc275c82816bb56ab77770689f2da67b995064b97a42495
SHA512 73b857fb392c810e51007a17b5455b56571faa124dfb022b26c1de00780a8d7e38c9749c50d633d9d834eb0636d8fd1eb77a1620d147a41e11802367d22bbeeb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\css\sidebar_mb_faq.css

MD5 6941ea23d3660328dc63f8681506a035
SHA1 1ea8bb9cd6c305e3e0dc70d6bbfc40b1fd11e19d
SHA256 170774232b8bce6d229a2d675d30cfbe3319dcdb0448602b38335b7e726882ee
SHA512 59dfec1c5cd6df1f09351db3c8baa282c07c75132f87af7381cc28298bdda3276a5471bdc018394948c734cdc657d6022620bca9e31aa2cad189587c565c68e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\css\sidebar_mb.css

MD5 79b6f907801d0810df97771cb4e69ca9
SHA1 2f10bd91d26641332542153d16f824cfdde1eba1
SHA256 c560eabf6c2e650487518e5c3a6603c5145154ca71c4af142d2d08624eba384d
SHA512 051ce8e0580bf1034eb34bf1d3afca235e29bac6f1b88b31fb5580a57ab72d34bd7857b19cf3c6db84cafc3500e7bc42a9d40bbcf06f8f7c3f976a1458699da0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\css\sidebar_main.css

MD5 c7d49f9190fa4a288d3002851683c8ba
SHA1 1325190d60b20d3205d34e05b0d44966c80e2218
SHA256 4ecfd3263681555657ed907fb703d46485770e3fee2c99dc562e7b2ec4e8253c
SHA512 7a87ab3b9d4ebe6fc83a98d4a0dadc8534bbbfec59be100357854d057089712228e62fbf71bf745610ca4725464f9e2c299fb9f8b19fce32cacd6a90ee09d717

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\css\sidebar_home.css

MD5 70878ffd25bbd9fb9026ae519c46d935
SHA1 f9be3c0663e5e6d710491fba8496b9a29527d3a1
SHA256 49db8eeb3aca9a0af4d5cf2b17639f700ebadf72cf2f7521b7213b373b3f8380
SHA512 141475629a7578687ba67cabf94f8cb3265eba7ee69c101480b1f243c5ecaa3d9b64ac251deedeadfafe733b27ea455a2a40116b437a9fcaab2494df1a10619a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\css\settings.css

MD5 452891b049ed18805bbe7648d5456a92
SHA1 fbb6ace83f515f0fbb91cd54e123d1d59099ccdc
SHA256 d7d44e5b9bf10f995167283f1b321fb98d7f4871c24a4d020539eb35e03812aa
SHA512 ec56891290663136c8b2dcce88ec49712c6063dd435d2e6d91563595782203edb02d7a7d21e03de91d651eed0e9c733b515fdabad76d73519cc20d9725b02d7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\css\score_meter.css

MD5 a00989118e2b2dd8e726b8125fc88b0f
SHA1 d0a6f3306325bfd88d1abe0c61cbdcf1d8a5fbfa
SHA256 7583459d88181639e207e43c5280327cea90c1c79a03536e5cc35219802caa41
SHA512 ab16d8b672dfa52467e94b8ed9ed5bbd7a715ea727b73e69b690f24e593d4b80a4fbd96e92fa3daac24e159c6eeb5959f202a228b291255a0ffb7161e5f4be93

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\css\page_banner_mb.css

MD5 248f347ea7c6177a3691e94ab8f0411c
SHA1 c54a946d69a97e09d95e09955f58c0e4ac5c79b9
SHA256 f7c5f6ae9c7274e3c5b5121b98a0ad18de7edf3934ee32185a9c200e2b111416
SHA512 4f23668fb1ba3a82237d752ce96bcb420219f6ff12c5b1e0d6d5d81c374ca3458f8ed0b83b9adec1b1f802b4dd3a21ae4aa568aff482acd6448969100e5b603d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\css\no_native_toast.css

MD5 3720957cf83594e60cc5aaccdbd546ff
SHA1 e83d2d6a0468999b9c6bf3bd68e64efb26996488
SHA256 70c7c9f5ee97a1e770d0e055a4b8a5205a32341e61038a4df7a5eaabaed09c8b
SHA512 e9f95229112e92dfcb14aab397a5c43d872356344bc6bda1fc9bbce3cb62103d573b38c5197eab42ce6ea5c6d49d2f20e2522d4e18b14b2b07b0e488fb3be42e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\css\mb_page_banner.css

MD5 a2cb8679d79338fb125764e8a89069c2
SHA1 8a1ff2a12f193dff1cac51e9adfde0c4183e62ba
SHA256 e2315506a26a6628af1a8c42dcce91255dc2ea08095457336454b478a91e7633
SHA512 8e5817fc823c8a755285a6b5a212cbed269436c798350a5c709a24ff8a17939d771003d5bc6b409b47c45ad1127d729e24d78dfec6a542fc635cb38935b92b16

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\css\mb_activate_banner.css

MD5 a3be1b4b11b4312ef3f5635d55b6fa2e
SHA1 715d7408726f7ccc22854c9631c8040dec24bb77
SHA256 c4639677af409e7349e2873a167aff084a0240d3502b1c915d5b6f8e25c4b7ea
SHA512 363d802b040d05ca6c9f95783576018afc08815e485301ec32fd9461691493abc851ccd91c8db2aa8cc0b9d1a69d22dba080385754e8cf7c2b03afae586cc1c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\css\interactive_balloon.css

MD5 62a449df10eea0586f61bef393297f24
SHA1 fd9b3c40201457de0badd1ed6bc893d62904a59a
SHA256 c6bbf75bcc3148ea0467de755be65ecc1846c363a8a01d8072857e668464a6c0
SHA512 f991664c130e553dabd670f61368c78946aa531982a7fde98c82f65141e29c932ced2585684d3a687cc4ee0f0ceef5a8ca76b79c0fda04705ac5427d86d9c935

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\css\iframe_block_page.css

MD5 966dcfa8fc4e421e548f64033b374a9d
SHA1 b0c8c5a895c74f2f0461be8189073d7165cdb01b
SHA256 d0a4d6d80768a79c6088d95827ea4914bbc78678fdd347fb64b9fa379e935f16
SHA512 c33f05267a0b8727c355612a77881713e7373cacf95821bdbb44d5ea418319375b5e683b8fa3d2bd7464843942e5a9ed355e64486e292caeaa8704ea452d6a86

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\css\how_it_works.css

MD5 7c5f05a62cf1093ca46738ad9d8a24af
SHA1 7f0782cc644077af551e789cae9b1233b2ca2a8a
SHA256 060932fc76201b566cde5c14d59109d643f2f2a8e90b2510a10af7d6b33c4871
SHA512 52f91f34bcefa82aa87f51eb229247c8d355deb9353cb317c27ae5665461f83e31052789d42e89ace9adac4024946ba57cdc95c75eabedb592b58efa9218244d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\css\foreground_sidebar_main.css

MD5 ba2246d636b696811ef21c0ccc0d640e
SHA1 69092b44de0fffac200ac1d0bea8c465a1146a05
SHA256 e6501107e8757f4747c5e71726fc05260ff8b21ac25be1c4c3bd47977e23cf5a
SHA512 4afc01fa1f7734b8b47d7db223b1c3911106b0202908767704a1a663876ba6614ed4e21c9a42d603dd997bc37bd9ec9f1afa85c623d6fe4fb01d832e9973da9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\css\dws.css

MD5 fc74805c0a5d1d12c45e6f7a8e29f531
SHA1 8fa36758e6501e4134177f860981affe11691d2d
SHA256 d2b17716d9fcba12a5f07535a7495a3cdbd825e4496f168988e0bac8db6fcd0f
SHA512 eb2d289d0863bf84a312ff5d252dbf8736567da2952a9295f7d04e24573348fa9879656fbff8adf030b2c60f6d82d0ff87a49d3eb09e809fe4a71882925836bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\css\download_scan_popup.css

MD5 57ef6c3e83aee7c42236c15897f58bf0
SHA1 f08239802d5b71e9e24247ffc7d6a208c1f32fa9
SHA256 fad7d1df11534d51102db7eaf4494eba51688e34cfe1842bb38aa5f25682d2b3
SHA512 965704fe17a747cc9529a0d697a66431d1ca178ce4ad1d6ebd5bc99f4ac0c7dcc7496ca221709fdccc9220122f3f70eb4b44c63934316e42ba9914b1fef2fc0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\css\advanced_protection_signal_toast.css

MD5 0098e3712dea4501553cd35f14089c3a
SHA1 4b51dd6664fd38f412024c4169b20a2a94b67d02
SHA256 ac11f6fec6b713d433de92ac42cffce837ba6ae1876650ae8f1fc6bca854aa69
SHA512 e683eb82b5b8270e91bced5a1e1166d802ef7b94a9b752f92b579748762b6e8c66dd6da47aba6a886d47b2b78b9d83b37b68aa869d633ee9e80e479ad4785e2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\css\advanced_protection_signal.css

MD5 171033eb5306b468e5e4d8b3453d768f
SHA1 bc521808df219b309f3f2621d209e8b4e27852e5
SHA256 1663a2ee1f3befc83238e3572ef8429c1663cb67a07ad71bff4e8f323543e36c
SHA512 833081dc7846210523079c510d3f195de4de4219ed892d81ae4dc5abdc5937776eed1849551b46db4910a4f332029f51794571d1492503bf8b390b5ca7dce840

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\css\activate_banner_mb.css

MD5 47cf04109e1033ed9f4cfcfac24e9226
SHA1 d0bb9a333d3d58b62b50a3f5f1c7f9e2d29fa31c
SHA256 484d70fd64734cff3a05cd940780cf28a39c9b0d56ff2d9d988c7114adfd4498
SHA512 69803921aff0f60e57df320f98e9f3b0a04d3506c0e96280916f19eddfa4fa3f2c959fbf812c0b8c6287086039b5604d4edd1d09000d837e4fd7c29f356cb5b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\fonts\Poppins-Regular.ttf

MD5 8b6af8e5e8324edfd77af8b3b35d7f9c
SHA1 01d319c533f62ea29f03b5df8adfd4d93d2d2a38
SHA256 78f127277756ae464f4eb665ce214cb6315746f6f4193e95b31f18f4b3e97527
SHA512 cbe58e542d1a0d61edc5d0fbcf70aae127c73d5354d6f566c7f1887076063cc85440e8cebb2a76272d7c15558482a9524c6ca5522de89c1e093a580f204ff945

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\html\sidebar\sidebar_main\sidebar_mb.html

MD5 27dfd23cf31d9b2b519c34aa0db6e5ac
SHA1 d8e58ed1c7a03165204a9c5b1fc2f5da72ae0ebd
SHA256 06b54e071c212b197bae39ce71db2f7044bdede863b7bed6f98243420b69f56c
SHA512 493b111764da77a9d092b47505928be7d6f50fdd5eca096a76a961872cd45ee3729b6e924f028cf5aa5bbe2c5dd3e9dfd4a70bbd2d98069bd14e21362a480031

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\html\balloon_message\no_native_toast.html

MD5 f4d8a4034627ef71e909b91c4f6ec3eb
SHA1 d16a1c5894c979e8ad8a0cbeb2e6edcc5c0cd303
SHA256 581c1eb7fb4ced4f1f38acf103dac1877916b19c88e5944995a29f4a125fcc60
SHA512 7c01d7dfc99d602d6428c3506ebeb049e154ac86a5b29a84c7fe284421adabf827a5ae59350bf4ab9ca0f5942f76d52434223ea8a1b42680685e4469897d94c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\html\balloon_message\dws.html

MD5 d04478fa6b77f6a24a4fd53e204f95d7
SHA1 5f4507e7d1519fe8990971cc3b205de43fa4da69
SHA256 ab8c30846a98eae162a5018d92541b79d055d24b2b87bfec9d6a7a81db5cabeb
SHA512 5b9d98297153ef11075e764a0528bfdfdd69121e50551cb3b18f7895ff02ca1fb8ce4d8b667dde41c10c05e4ab7c677b0bfacd2a635e7c5dec1886fc960dc5a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\html\balloon_message\download_scan_popup.html

MD5 571c7ff2f447ff481a533d7b7da844f8
SHA1 a2d3f289dd9ee2adc11e26d58c2c746eeebe24c0
SHA256 ee278114755d401526f2546eb31938c59612ad0509854f48b58ba084f7872d37
SHA512 5fb2e9f29a5f8f989a943e7a0d289bd73a675698144cb46ef68502f1214c782e575398775c84cad5974e70bb44032f42ac570bed0e47c28371fbfe5391cdb705

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\html\balloon_message\advanced_protection_signal_toast.html

MD5 66fbf205033d6012ea53852489ad53f7
SHA1 16635a0da98aba32cb90f461066229278b37eb1e
SHA256 3a5a37596f87fbbec98b526c78e532e7e35818a27ec054638c9b30c138075110
SHA512 c777b5ab4197ca3519c9f9d9abfc5a766426f52bfa4acc919844d2eefd29000d85220cad6ad89b751ab4a0c79adad408ca414014693e4fa10336a3ffedaab8fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\html\balloon_message\advanced_protection_signal.html

MD5 f48166ae870ae1235ae9524556fd3ad9
SHA1 0add4427744c154e1c030b0c9191a08006273e37
SHA256 742fa6ec8afc0936124dc3e642f1241cd5750729864d4bbb1ecd7a1e806d15e0
SHA512 7b766c6994308d9a8fc3ccf5c64e611b5a763cb9424358cc8f03e7acc2dd693c1dfb3fbf2a4d34cc5a2250cf0ee5e70c990662548bdc3d1137bbe59d487fca78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\html\sidebar\sidebar_main\sidebar_mb_faq.html

MD5 9cae0a036208ebce6318dceacb239912
SHA1 9b20c3e5211f8973411712cad96755ce74e651a2
SHA256 72333366f4f931b095b1c78f22403992f5c515e8711e697fb44920b38dd83640
SHA512 fc39dc0e6e88032250f153454b07602a17adfbc13bab200507aa6b4cd2548b7e26bd3c4a332b56ae2517ca84a21aae055cba7f27861a4fb5df291e1596c58bdf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\html\sidebar\sidebar_main\sidebar_main.html

MD5 8f06f48d6b675a6aae8017a590a32e14
SHA1 2352bc49ced269971cbfc5061be0a6be19051190
SHA256 5c84f70622a7830b13be188f5eacc3cf359abfcd40a7a0faa82d65fd47effdd0
SHA512 0c0e2932bc85bd2d33c9c319f1880aed0e9211b3928e86f852c3ab50cde606cdd76811ed6c8bce1e22e55675a8e42e44da5cd43190aa472c5297f2714b00bbc3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\html\sidebar\sidebar_main\sidebar_home.html

MD5 7895011f338cd527c27b180253189123
SHA1 3f203a20e1bb719aeb0a0a17c7441535f68c3c9c
SHA256 4e655ef56537376bd6b2d3af15aeafab6d36f8d2641b6e4580a32d2acae8bb52
SHA512 b44345864f5eeff1fd778d99e82a2315121ac2878f1572320edb598ba8d13d89bd791e1902c0445de642a0f8f9bab9b831b98465a2d9fb0c21e47d4f2b1a1755

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\html\sidebar\sidebar_rat_detection.html

MD5 749a35a60dc0a330502d824155b6672a
SHA1 917c87525b5fbeb4265154f2cb4724dc11877f87
SHA256 29fc536628520061f61637badbc1f46861f53dfb489aee29658e8c1a1b46fc6d
SHA512 de8c4e7a16f51483db96518bb1b26d17d1ef9101d212e190c0e081661be8a44b8f3ad6a2ac13d2fd86f6c458d8f9e6792dc89cd30f1d32f8d40b835ae0df1faa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\html\topbar\topbar_iframe_block.html

MD5 356afa7be11255b3b53600f868e2c6cc
SHA1 d8eec6621b727f4ccb7602a6618ecefdfe9461d4
SHA256 034a1b86c206346d71caa0f48c7504cc2629645160deeada1098aca5e9bd68f2
SHA512 2f441de5fd81bc34f89313aeaf810955bc396219b8b4cad5d3b89d6beddc3b8c4f5e0139798fa3a505cb6bf033543a1f0124257e53f42fb136ac2f9767f5d575

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\html\whitelist.html

MD5 bac4d735fdabc6bee1d9353b4ad71b87
SHA1 b84c4256e556d8077113971db17c7a4575810637
SHA256 5af01e6ee63a6feedc1c3c6b6cb995325ad428f76de2d7a0815414e07561b553
SHA512 4b26e7308097546b1dcc34e99d4696efa7e510ada1bbec70f1fadecc7a8f8b2c225465256b15e69bda285a3565c7c3ffaca84764a38fb1494b0d4318d4b01def

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\html\statistics.html

MD5 0fb8b621003b72f5048bf81893b3c903
SHA1 527764d5b527e8c296cf8227ee0adda6b457de54
SHA256 e3c22394e39b89ff3ac4835ef3fa88e739f7fda118114c25898e64765f07b0f8
SHA512 cf2dc74c5d778a336c8ae25b27a33ef4f6fe806ae0694349941101b701a4c2b268942a4d4a0b665ce397e8846c5969330fcfc6cbc338b55defb95b626ef0deaf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\html\site_status_typosquatting.html

MD5 bd56f05050672aad218d979589a32887
SHA1 f0d3f2858fa531721dd84650ca08e5762a8db117
SHA256 9c2d54d1485be028008959015cad7dd1d7f9a2ecd5adaac820059c1262c13351
SHA512 c95e3fd336765595a5031f04963591c2dd7c85eb49b6877e3707b507415ef3e5caac869f719c6de29339f6fc77d3a073cb01ff12be00caeffb7473e700ba88bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\html\site_status_site_report.html

MD5 25142cccfb7232f0395190c8bb18c6dc
SHA1 176c801b72c1ef7f5b0e54492ff9a49e16a0bbb0
SHA256 574c5e03279ae4d5b842fa3fdb7324f77a95d23e76c7c06a7a12be53acb2ebcc
SHA512 3c085bdfcba35135748a7c296d3e8ef25ea5258f7738c58abc4815c61fc6119f932f68e385ebf63dc16e19edf13d58786e4d650156db3d5c10e430e003449ec6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\html\site_status_block_page.html

MD5 2d7f6347bd2a528d0938bc4ef6312bb6
SHA1 397f31e99ba0d3ea954d00bd9305369b30816e1c
SHA256 dd513b8fe8e99a5d1f72a731613e7013096a9cceffeee7689b444b1d9baa9ea2
SHA512 e173c791b354eb6ef7b56f29c5e3cb0c0294e752dfcea88b0fc72266383ee97ddaf0ac7a8b60db5951567ee19e7f26f67344976128eb6b959852d80cbe95f020

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\html\settings.html

MD5 af3000f72fdcaeaffc087902501caeec
SHA1 9034bfd6f177de5a372332d9a2fe07330573388e
SHA256 6477002e391108ee21a11b9612d5fbec5a4e2b18420de6f44331037f62679a4e
SHA512 79114a64bf5359cc48606b6a1126620d264c7101375d6e7ef2daf8284a25be0cc222f37442cd75081760c74d8e34f16e5225b425c1ec9e2f82be39d44ba455aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\html\preference.html

MD5 eabc0d18d4c835cb5aab383a7d0644d4
SHA1 1910eff32b81f64c136dc269b562015c289df74b
SHA256 276ec48998dbbeafe87ff11b751505a95fe42970275602a5ed849e75f6ac6433
SHA512 dd6cbcc98f9c722fec2367491764086861d3a1c6b1a8463cc508395d60e1eac56c8af994dd4b7b86e750e8422b670ef710934b2dd9a4d696f647694edf3823f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\html\page_banner_mb.html

MD5 0715eb9f682cd4f14b4d687579bd9996
SHA1 57e20eca87795ab406c65713806bee6915d14146
SHA256 905ab2b89978e22dd74077d178a161d67297675b3c88c84ea143966af1a0bd96
SHA512 b3cdde33bfc6b1c0b63566b81187a1f71a3cec44c356d7cd749de833f1b3912db389891675fb20befd228c252e7d282e0c7f7dcbf59c5839ea3fc59c492d8989

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\html\ff_policy.html

MD5 49f1b6807a50254e0c94706205df1ff0
SHA1 a6a3fb78cb22fb7c6220cd0db701699e324a09df
SHA256 29edb822f86f3e95b4164413c2472d779e9422fd0521aaa835e4d0d45830dd86
SHA512 b6194adf6574046c0cbb5c0e65b65bdfc96741938667c6be6de39e1a09de86776697a6afab91bcd2c5c8cb6fc64a89502a78cbb2782db54e3fdd92715e8a3739

memory/5528-12399-0x000000006C890000-0x000000006C8DC000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\html\activate_banner_mb.html

MD5 019551f173c41bfb88c78ca58cf63677
SHA1 0da39acba630ab82ef126c2a98d05732038f4b7f
SHA256 21ff588520ff9f0d15b7d37468f65c09573a442b49fd13ea5eccbc5fbf964c98
SHA512 6fe4e39ad4c9b577d39d9f31e53a3a23fc543f5391bae61aedcb32fa0f311c6a6f0e0d320af6a57bbd9390353a5bb1f46e649827a6dfd1bc7a94bd05860071fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\action_panel\x-icon.svg

MD5 7301d2e8ceb505be25e2d20ce3c92466
SHA1 46eb43711906065f56f8d97b38545b61c1b0a6fa
SHA256 40f3837b4464532b4a500380fd134826349a87c3c92b2f329b82da8bc3ce9246
SHA512 bf1de37f714e80b175b7f86be8f1607aee9bd67a3d42065f9e8e38a8c635be5e53263b86006b883e492198a1ebad668d91d0f849087307c2a3d126a3d96c9db4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\action_panel\info-circle-icon.svg

MD5 16991d6d8d07165a6bf5921d48a33c4c
SHA1 107bd9d4dfbf3c50a080d7cf16325aff0bd4f7f3
SHA256 c1f809b57c384262f0289aa2049a8fb206f897361a0b62bfab8c8ce4fabb1b2f
SHA512 230d5eb8c61dd916bb74297853ca8ba75a9e837a823304f6ab194c1b4bbbe6379fb2799cc879e5eedc3947e445ff7ca37910ca87eef4bf168c73b05d271cf0a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\action_panel\ap-overlay-logo.svg

MD5 444999a8e3a0f392e6f1cb935d89dd8d
SHA1 1c8a585bf725e32acb8ee8641a615638ce5ef33c
SHA256 d852932ea3383467c93f17faf05f90848b124c245c088cf67b8f49c0ec929883
SHA512 4247aa4e2f9dced3816fec128960f21e082e9dbee84b439b7311a07836698264860b9d47565add576b25a0ecb3e48fe904b12b24aca7a8948295c929b75b45ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\advanced_protection_signals\scan_for_you.svg

MD5 a253e8273c7184e575f769d31b8ad010
SHA1 7e6c1d0277aae08b2cf2a8f7af57a668adc60077
SHA256 19227e7f909b6b97c5b9d0f9ff2331d676a5a639664a7b25b3498d7a53187be9
SHA512 233c7de0592b1660559f952408560a6a37be46ecf438d207154af54adbc2faee1bfff0bfdfcd3dcbc99bb7c9a144e3b32898e6a742b6837b721aa60a3a2389d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\advanced_protection_signals\question-mark.svg

MD5 c32451a00fadef2efa6686e01020243f
SHA1 266282c4ff4239eed6789b4643c589b85e040a50
SHA256 0b2b264ca5fe4820ec901be1ef38703edea8ba8c971570efc6b8015808718751
SHA512 fe04b43ef03600103ea481cb9a46c20da6173ff27255baf463f694d7f7885787225e4c90fd30d66fc2d60c448f0f0b80d691d60e17096afee3f5c02a1478b3ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\advanced_protection_signals\mcafee-logo.svg

MD5 d140f7d6a0eafe2262be880ae0ce776e
SHA1 3f0d58592bf919ab021ccf516ef8faec1ec8f23d
SHA256 5c6069dab14ef36a0903556cb9205f17c82eda2bce30653955a5132345f65602
SHA512 2318e87f23e1e90c65072a427a0e5cb5234da9bde6d9c571597cf67f83fe5deaf941463404715eb220c0b038e6377bac502e2543f6f14376802e485344632ddc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\advanced_protection_signals\close-outline.svg

MD5 1cb98cb5d4f511bdaefa90948f267841
SHA1 7d6d9e297471536f1f3778dc2a10b67b3e7beee2
SHA256 0f2927ecd197e38779e06c6bb46b748dcc7f3a3a317ac5e68c5c03881e32378c
SHA512 0ea99c682884848a35d329ea03363c92b2099077db7321397f2d6e26e23a362d39534eef820ff45781b9a0a875d2ab945f321122c07aa5d07a794718a90eaf85

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\advanced_protection_signals\checkmark_bullet.svg

MD5 474522e4e9d5e6234dd620fcf9d0fe54
SHA1 e3ed75af7bf1ee444f6de9a55dcd6d83d29d89da
SHA256 2818f27403cfc7e148d6851ffc7e5eb483ec4cf1e435f0130d10ff9dea6457f0
SHA512 8a2e6733e872ffb5eb8f287e1d0e51d9e816e89f75111c957bdc50c5511e46d52bec96859463b93f97fbb29b5bc8e82c517f0de198345d3470d0d4e0299f7896

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\advanced_protection_signals\checkmark_aps_signal.svg

MD5 347fcc52fabe187dd2874ac17cc338c8
SHA1 8dd274842efd21cd8aa8a74e0b9a9d8f84d7908a
SHA256 8c2964ed5a983edc6c61d53dbbbabef568f47585da92b1ba82157a3863e66244
SHA512 10067023d68903d6ccb655e93525b81d4a11990ec3a7573bd649bf44d56daeb2bfe43359243b6e33cf88dddf6e9dd61c0bdbbe9277352bca4d087df125848ac2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\annotation\yellow_icon.svg

MD5 2077bf5b959e912ec79cb5c860e5305e
SHA1 d3f994e9b97aa55426262456a86f98e7a7b52b66
SHA256 36c77c784525e41189abc95e8a7fa29849b3ebe0aff8581a57956e4a755d661e
SHA512 1035bbe8a7e4d614a018a275427edd45f018c8faa84aa9762bc0eff3590dd051f17a0bf04f083ebca90de3672b7cc8491e581ad1d661812c2618aa044af6ca34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\annotation\red_icon.svg

MD5 6874abe7a6d62d5e2c1861fa95c66b2f
SHA1 bfdee904fc9aa92bfbb705d43356b66253826e4d
SHA256 c3f07a1bea96756dae1182ef31bd63bf02fba89d6e49165c3068d4b51f75a53e
SHA512 1786572d3525093563f60b344641ac2b0ed81e45b82220501299d3f41d5bc9bc3a0db40709e173555047f55df5e92f977438942ae35f984e73187930018d4e33

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\annotation\grey_icon.svg

MD5 fecfc0c8d736d8ff1c122bc2365fe149
SHA1 646e7a3bf5df61254e990af3f2c9bd5f69e87729
SHA256 95064660d558235d12132eb7b9e5a13bfac9c41058310a0f6f0a8fabda426efc
SHA512 dd77c12623ca8173fb5848671de026a75e704ab5b194ec5f80e4344f741502598702e74e5b00f089eee3703c789ff83285b0564bf8ac852f437c447510b96989

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\annotation\green_icon.svg

MD5 444850203d1734f8e373f38848fe0b02
SHA1 0550b5e0baea3a64e8aab94cfa0474ef2a9a5cbb
SHA256 354bb055e779ba141e877976285f98a2bef88b5920631980cc02b9bd282e479e
SHA512 43559833e5a54df05b6476c5b973b6a4851d09c5f3d00cc253ef1f1779b6118707b7e4abfc5b2c61de20d52df90d5dd4cde937b6bad86c96aed9dc3145d39bc7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\balloon\yellow_icon.svg

MD5 7040e9073a835f3d857096fd5c6b42d2
SHA1 2a578c98a38a417cba8697c43451c6d584f13687
SHA256 ac7937afc52cf9336e3459055ae1407617b6d7ae8a253c71e90b1fde6885fed1
SHA512 aeba788d17f3f083e893baf10a92d44d608b3efa2a433ba4d47278973ae869da9ad3df37d8d5edd5e84ca983893c2bbf27adabb71c604d43e4929b20b2956314

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\balloon\logo.png

MD5 b90992ca471a92779e6bfb4c3f19f354
SHA1 f50778c2068149ece08758601b157f24002e5e58
SHA256 0712a74a294be497fa3c8776e26c12a1193c8621568405c0fc9a4859e065f396
SHA512 2166109a4e68759d6515e4d893dd5d6a65187450a80fd47e4a8ea050e2ba5f0326c8ef9c54db443e1a81e8d8343c67795cd4e3ccb6965f23317c3f2348a84be7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\balloon\hackersafe_icon.png

MD5 49bb82aa46e9383807dbf1fcb4c5038e
SHA1 79ef500c5bf345e0b4fd7c2b9ce591c855960df9
SHA256 c344e776f86f369d4ceb7e38250f0626ee52967943620fda157d156ff0941ec9
SHA512 ac151702aa332ab43d7ae867d8c70770a48d7d5514a992eb348b39b0514a3938a081ef5f4beb49d1ff4bb95a7c0f768453445ff720a05c1011ccef0ca54d0dfa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\balloon\grey_icon.svg

MD5 f17cbfe43840090fe3db39c1817cfc28
SHA1 4644694faf769a48beba1a4c29dbda5c1bbacc4a
SHA256 ee84a3ae6209694503a0e7b8c8a52af52c30adf0efb33e69d89e977d8ee6bdcc
SHA512 fffdf486dfdfa7a68cf3cf15ce95a2d6872d9b5ab7af444e86826d46c7287bd4fcefb26e3a096e2893ff8f7f4ff317c636c08412338166f931c36f87551eca38

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\balloon\green_icon.svg

MD5 eb73f8788c1708065a7dcda2fe21dffe
SHA1 c09f41ff45007c4f3cb208585a56fa9d4ff0b2fe
SHA256 31d5db151bc0274362b76935a80f1e18475a8766a1dfe6acdf5f7298b43f3a6b
SHA512 5984f95c9d6d5340c961ceab6e1d906f94c20021757913b83602b2f9e2db243ec4dfa90a26b76974bb1dd43bca46c62ac9ca33534964727f69d4c2c69e75d71e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\banner\mb_page_banner_img.svg

MD5 486c4892d582de0dacc7c47c589587d8
SHA1 65fe19a9ae5a988e4f74e1ff22db18f7add1efaa
SHA256 2b03deb4d0f2f138a40cdcbf953b64c71a09193623b45e12ab572b5f1b94911e
SHA512 8f3dc1be83665ca7cc525adbb007094135c669e4ef4f481d147bdfad12a2c30d28c5c0af2abf1e50df2fe217bf0034d25d34db14b09060d2b98960310412ec32

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\banner\mb_banner_close.svg

MD5 90232aa36f6e52e814eccb4c2702e1a1
SHA1 116b7ffa63d907bc8b929375d586a6105cd75e12
SHA256 580ad10d7498531238915332142d9b5d9cf9ba285fc8ff78b4f1a1cc5526aab6
SHA512 edcff6e99e88c20d89faf3b422dc9914ee446e92ab0d2ce70961432e859cdd3c89be470275c1ab1582dd84d2e2c3c43d860b38579230c85dfd04c2f250c3251b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\banner\mb_activate_banner_img.svg

MD5 2aa0e012eeaaaee0416606e9c3ece661
SHA1 9b3e32156c52f9283b3c3800c1057ef2082001c5
SHA256 086c812859a14ec07fd40f7886dd5d6f241b2cd9abee495f5b3a666a973ff61c
SHA512 5dcb77f3fd12c9e24718c5456d8149ef3979e8ead05d62d8f37fa29f74fbd4f5dc17e365b44e9d8b9f94166d102973b5f4c28576d4cff566296bbbc308eb5c0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\banner\close_icon_white.svg

MD5 50d1122c2820dd23bca8236a7dc961ed
SHA1 d13c17cc035a4f753305688b468550b7cc16e921
SHA256 7498cb98cfb650e2c409794e7a3eb378f83f401821fb90e062754a2ca2835fff
SHA512 7dddf76bb86161987c428edc782cc7f43fdd813a60ff58e1f37750aa7be5809b763654f731ed187098bdb1f82199f219abe9ddb31f3aef4f6429aeea845bb7f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\banner\close_icon_black.svg

MD5 d94fd7f63dada80edb405ea3eb056533
SHA1 d473fe5ab2c9dcfd5073fc746fcfc1bcf8c132b8
SHA256 77f9f86eec6b539c8c6c7abfa8b0b58b7463c2eec86ff4d732fba451ebdc2f58
SHA512 24d4bdd911475493cf1dc99162f68a4fc8c2b787c445277b3e8430d492f272445dc7952babefefc027b304a7f763ee3a9996d59351ce52625e40103081f39258

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\banner\close.png

MD5 c2b58e3a8a5af8b740a61e4c054a9e26
SHA1 5bb475c29dbe19a78ca2135e5f477da375b5018f
SHA256 2df3fa9311562e80c73708e325b23a2538f2e9ce9c1315de4f459517272e0b9d
SHA512 ea35f9f1f04d55d3b55cbe2df356e2faf9d4de7ee97976c53c06155e36481c962e155a6506e0dccbcb948ff04c1c803a27a02c05a0ef0e10d0c629b3a905f39d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\banner\ai_icon_white.svg

MD5 2f5261de969a350c5a96fa46ab8b146f
SHA1 f4c3dd5f91d54da9f2fedd9c7770a6ca35516c85
SHA256 bc73fb46437c51e03044cf66de2b312bd31952025de41fe3d1949421589ff8d7
SHA512 32365bbde88698caf044bbf7525aabe6ecd5d367b2dad21ad3563e5ef479af4d9c02fde232d1d6ddf5bdc1eaf0794e05b67c1038614b75420d15f6e486b6bb3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\banner\ai_icon_red.svg

MD5 b75e3529d1c0772ca280d4a01ec6578a
SHA1 edcd6f0b7180d231aaeb36da4722d7c7aa243d94
SHA256 b26bf4226f19d52435f94d51b122f624cfb9f2110add41f5862e54171271287b
SHA512 1bcd35276cc55e3720088cfcd743719f865c1d755f8cd7853859d6dd4157584ff013f31c8825ca7b9c7191b20a096d01bd0ba4a9a61d7b16dd1185f5b1f787c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\browser_action\yellow_40.png

MD5 a0cdbcae4006b221911f15fabdf28896
SHA1 c70708f133c52629ce389191da78bd2fbe7cf692
SHA256 1d9231710b2f4f3bb8c36ca93a02262ba8d2861672c79f95960dedf9a15879ba
SHA512 0bd400cbba5d6548604e9936d1db7a4fdba28c6333ab6f1b41ac728e0c37ff5c65af112bf8c3b600ccc6a411353b56294fdb03120c2f0a4dcf1a308343a16a75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\browser_action\yellow_32.png

MD5 ccd1384dacb82fdd12fe34ad50479933
SHA1 66b271d08046b637a79c2081ad3b28dd4ce9941f
SHA256 90a6f9e02fec898468fa32a9ddc51443fba828362cda8082e7089705318a6ab5
SHA512 7ae0e187a42c8c892b10727f3c40c9ef2b1d8d8c4dbf83a9c2c2025a7ce7f9c4d8bfa566ee5d10abd6b21bdea46d3109ab6b256d15493f4a3ee9e1c91328d36a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\browser_action\yellow_20.png

MD5 626fc8d00fb42160da3429671e641732
SHA1 e18c2363a7ed0f40d764b8759da5e3179caff3d2
SHA256 836df926c2b31d262487bf03d7d39aac84b1e6016c6102d585f1590f8b3c7a83
SHA512 7ceae166761a5a06ca46ba61e0473dbcd03c457037ed68d45d7800737dd0629b6fa281703a1307ce49f4fc73d123ae74f29e6fbe48aadc9f333175acb05614f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\browser_action\yellow_16.png

MD5 882f79f6dad6ce52dd41f3996e0b2c8c
SHA1 ca9a262f6d8c45fcde2ccd174ecd21fdbff848a9
SHA256 87603c2520b498e090eb1feb2253d5f982565c958f80106e16d58e9f6411622a
SHA512 54e521086012cc1f9e73ca3bb003e6bd22550e036c2bb5dcea6ada9052fe3b96d7f49decfb8fe7ba6c223c7d47aa09d3b905e8a3530fa26ef886fa064ba47f25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\browser_action\red_40.png

MD5 ac9e077afb0a4c3a13d92992318904dd
SHA1 43c0a522abcb58349c4fa21a24a60fab6e581569
SHA256 de4fa77630c39914c178a24b44edc266c84c2c8eee14683a35b3bb083c83b3d7
SHA512 a0accac7a3c3ce3f50dbe22c57fc216a15cc72cc65ce56e1352f7d8061b3576dd1881bd78052ad1c75ceb28eddecedaa6b74d557895ba164be226314e99718ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\browser_action\red_32.png

MD5 3fa1923cb874a4138b1b07d83ff989be
SHA1 7add70363058af580edc3395c62ce1eb9206ffeb
SHA256 0734a4e584b57ee2d712fd41c5c14e8e24803cd170bb47324de7411f608d53ac
SHA512 398c815399a42154ac1dec13f47898fa0d9a1bd466309dcda13ca3628812c154c217e2e7559e90e7a7306472c8b8c05459482410f5cf2547bcc7902cd443ef13

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\browser_action\red_20.png

MD5 279a0be45f69e5c53f7424c704c825f1
SHA1 e3352d8356a4e4886e28bf3818719fe3a35f83ba
SHA256 5e3ff0bb95c60b49a9c1a91f473ba6084fd57a0cc8957eb54a2a0356d9601a1a
SHA512 8370b9392fdf45e19a5f547cc04d4868df235bd7af1b5e90452418216a7db8d377a25f00305625a7408fb14d2ea243686eb7f9613635639e4930d1ba56365d24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\browser_action\red_16.png

MD5 f0df6f75d6f90b2de500837c6627db34
SHA1 212b109b779a0885da08a0959e27c68de4aef043
SHA256 9080fcc550cad54f1a7c5b559898ca69ab9b3d762f2ab0fce0a65f5c8ed943e8
SHA512 995d28a813940b4362814670b9b94ea50bfac2eea20d26144e46e71e33796af19136c81c683fec9347856bd791f1ecf5baccf0c9bcfb9446eb0276ec16f1a83f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\browser_action\grey_40.png

MD5 bae59237da0bbbdabcce1497df6ea17e
SHA1 41af46bbedfef67ee4b78fd0a9c04f65bec08f0e
SHA256 e1eb0be733c2f45a2ddece29908830c197622a130fc9ae6a1404e01a3d7c6238
SHA512 f7eaf0862a947ed712971976f492df813d5c389322aa500fa2a1c5e9af0dc8604674b31c98680bb42ea111451d06c6ed8e8a2f20fe49a79e913c12a866305289

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\browser_action\grey_32.png

MD5 95436926367c0138f001ddc4361bfedf
SHA1 88c0e3b0525bdad6ca53a17d2b8a3c750dc9b61e
SHA256 8e8cab2fb80826fb45a9db3e1d48d05e3fdc208f02a35f68e8f26b1df841ac82
SHA512 1d5d02112e38de9f81ddf9b13239082459814e16b81422c3872cbce3f4e51b9862e8a4b47bf53d15d4615f175fc1877c35617130e916a37376b81a05fe2ef007

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\browser_action\grey_20.png

MD5 2443e421470af435608c99af44852157
SHA1 ce014d7d39e19f21b63acdb88d6778d3b4c643fb
SHA256 861af3cf0e4309b3e29b8cb71b6f031c1fb956faa2dac2a38e24b7c29d426c75
SHA512 4e8482dd242f2fbf40d3d3913bfa39670d411b7da948807b76c4ff379228ec5252c297364b2c4f81fdfeaeb5d813426d48b51d02b5ba189875d04fd98aa142e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\browser_action\grey_16.png

MD5 9296be76cb5d33fd677e956eb01bd3d9
SHA1 5a07cf95bc611cc7d6155175e2e1b3b94a44f25d
SHA256 876810fdfb23e4f010e10566b1cfdfee8a7e9d0f46f7b525f1a9d56948ac2394
SHA512 ee463e6c147d782776bca5e2667aaf3511eb9348f7cb4a4d461b624dd0917d27080f6c76fa11956b6ef37d40c3e56acdb222437f4f4e845b6a52cea42967bea8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\browser_action\disabled_40.png

MD5 b7c6e336b833c4ccbf5626ba167c9128
SHA1 b37808e3fb72ce2aa42750ea740f623b3c5c7455
SHA256 56953173a2237381de9a454fb2609a3c1eae7636e2dcb86ac497b63600b2f661
SHA512 9a059cd1b70415a0f38967cac5c70867d80561e962821511c4d1f15bee213674f646f6ef342b5c7085eb492b1443ba7809b4b062e9f35662c289c5edfd658a9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\browser_action\disabled_32.png

MD5 98a8ff669d8d435858ea606633353f6d
SHA1 2b94696a4b68ae387fc7e5fefb3229d7c07952c2
SHA256 9056c3365c956cc89b89c7ded168dfd0535bb1cbc1e667671c6766e56a40c2cf
SHA512 19400595840627925cd8a1e4c6a103a78e1a7ea424c0311c7dac6ba3289c4100025d7f2af219c62e82332b4bd01cfd8814363465b702b97538b6271d059b0f22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\browser_action\disabled_20.png

MD5 c4c8fa194823f8a6bdb4ad41b944110f
SHA1 064160fd6c5548c665f4183faddcd1277bf7b7c8
SHA256 5eab6a9e0eb02d50c2af920ba4f3021975c6a296d000fdfaff04664d7119c9a8
SHA512 b310fd0390ce28d8bda018d279c2c2e5d09c0ac7b98ff2eadbf98875c17b9d96700c8c70195ccbc9183815ee36284da6cce95d439d697c1f4cd85e670cbcf228

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\browser_action\disabled_16.png

MD5 951939ce70ba03d9fc87b01939d630b9
SHA1 d0efe77547e5fe3d4b4f03cc753b218c81214d3a
SHA256 bf8a810d14432397a6f05cba502c0e641dc05eb28409cfbf58bee4d0fa052812
SHA512 b6105d4ea576879afa319b2b6ae143e9bff0c188639614cdd1654968d5ec4d46b2288f2879f458ce87bb66cab3293e3af5aa3f47d8ee1ea710e4d4fd0c7076db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\download_scan\webadvisor.svg

MD5 aa94fe6f7192aac14be72ac6a98b437a
SHA1 e996bfe46d56845febbf638514edb6fce8457c8a
SHA256 a4279bff1bbaaaadb2f89b2dbb2c77be7daee304ebeb776885607bcb4d8613d3
SHA512 4d0ca0371558326bb18d888721f923fa83f793dd9d53b7d98c2fe7972fcce0257bbfab150c284d26d10648b2df92e8dc4cdf89709c0d4c93bb336a0fbd9003b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\download_scan\seperator_line.svg

MD5 20de99f72eed4e646c823f6683f7efd2
SHA1 98d0df7f2426563eec5584da4202216fa3d929d8
SHA256 3cd89daf88eb5ccd1fa1054fd10a872d0c01e40491125d20ec26ecf96712c573
SHA512 e3433a4879789a787f9409a3736098ac6c181d33b22d7ce830a0edf49409858097ccef28d3bfac71ed26ae6adaaf82bb52557c2630a90baa63f7648955935a09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\download_scan\mcafee_logo_white.svg

MD5 7be675b6e967d8d55993ecc5d0685e03
SHA1 1dbc9a3a299c6d88e5a51b7fea4225cc2dbd618e
SHA256 855cfdfcfca492037c9bf50e813f431594eb408750759a644c1ded9348c07559
SHA512 d28a32bfa95dfe4ab4cd42c970904b8f73f59af8f0ba1d7a2f257af2f5ab93207bb18a81f98a2025c0ac83535f32b7ba8501427cf2f2140b4cda11911b2e909b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\download_scan\mcafee_logo_red.svg

MD5 23868054d056d5052692b09fe9e4e5e5
SHA1 b3e5caa5593e87f3306afd207ec765cdb5b6ae48
SHA256 634cf5fbabb8573d98046d26efb66556a1d38a1ddd27da51e3187c785c07114a
SHA512 7cc1c3ac3b86d1bc690b1e4c86359de072cb5f62608b805ba6a3630a8f3cba78447f115974520eacf312b68be42423431cce695dc6f10ab763fbb5aaf77422ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\download_scan\download_scan_icon.svg

MD5 e152a06f544c2445e476f9245721cadf
SHA1 fe537df1b8ab747e4f69fc7b90f6e65ee57cb7a0
SHA256 afb3cb99272b60d9ce409d2db3584f29db0de5e50776db99e9118f9fa18dc943
SHA512 d2424563faf06896cc63849cf8418423c6470e36fbe23db0549ca74a927f7618bde2ac605e795a3e553941471975006eeae1b2f4a5aee12cac7366a6ce3d9dc9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\download_scan\close-outline.svg

MD5 854d9f4841f3fd6b71c8f0c216590549
SHA1 c5543d1eb7ecfb19e24e5e26d070e26d02efc3a2
SHA256 9d14b866099d21c67b28a6c870f3a4a535f81b88bd97102c32edd346d2f15868
SHA512 74278b6d68184c8e9d04fe25b4d40703d04e4d085df18a3baf0f03bcbcde20e4a1761a7d68abfe442d661ceafcd33bfe46a47cb22ecb614f8c60e1e28fba1129

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\dws\scan-email-logo.svg

MD5 ea6e8b4848adfeb2eaaa27de5962fc37
SHA1 2a0edb8bedf9d57bf39e8e028233407ce424e538
SHA256 baf530440ab599a4db465a9e41d2da8ecda41f0218aca01e9aba98f3ba81e705
SHA512 83f32fcd1e14eb840abd57ed5aa11eef415f1b3981f2efb227ec5b968388f07052d1c434f432ec0a0c337d257040928dd4efbb26aaff0d88c825c2a290049063

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\dws\external-link-logo.svg

MD5 52acb8689812d4b46cb56a248eeb9f65
SHA1 dc2cf7c46cbb87a917fdad6904547ecca0871aaa
SHA256 d3d5aac3a584ea056f6b372c2ed6e923e37c11aa5f7a529ccd0dc8ecfc2874d8
SHA512 af09ec04dabaededb5c40cd12f3849009e7d855874ddece241b1bc073324f9d6733419964c5de1fc5b7c82b41522edf3983100eabb5ee574575a085d28180dbc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\dws\error-fill.svg

MD5 3cb989496c8ddc97be225c95cc37c439
SHA1 508df201964be2d37feb6c6888c53cc639520117
SHA256 d19b7b0fe7a1344005a9fbb4c43e62067e4a7aaf648d91f6cc20bc8489870ffb
SHA512 0f2bb1e8c9438301b7167311baa2eadb55ef3c6a32e903f99e9b461150f4e5d4ca020e4ea92fc7623cf45f408a7e088f8fbdfa5b256eacde7566124cae382720

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\dws\confirmation-logo.svg

MD5 69bf1ef2983de97f65c4aa42e7472f85
SHA1 b734db797e7b53014907831b6250573a2da5910e
SHA256 7f3512a5cf0022bac65b5d70b92b63e5e92066b748371be9ae293f8000a2be93
SHA512 cd2c4c803e702b15dbec84bd2cf1dac6c9debeb96ae9a9ac491777539f9290ed6eccdf9f9595e52bd154770fb0bd66c7558c185a300bd325ac668170b5d10579

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\ff_policy\warning_screen.png

MD5 7aa3f70a85dc324c718aca5f5b7550fd
SHA1 5ea50652a9f1f03ef952b3bc8521265a9886ea6c
SHA256 82689d858aa23889913b86277a1ce2e93e61a2ef56513fa982029e18caf3ff44
SHA512 94773f73fe61e8c5b44807ca918c47ce6c6761c849b781edc26c89dfa36f7baa477ae900dbabf1eb2279152cb7b1bf76d0e200e11b3b9e2adee3833d2ccf9403

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\ff_policy\happy_laptop.svg

MD5 db6809b78d2ce694866854df42cafe20
SHA1 f194c987b33c82fe59096a4855570301e275aa73
SHA256 a99affc0df5814b03a8992d86bf91de675ff5e8a15ef45d3a536fc55317af4e0
SHA512 66f3f864bc924f7b3ba6e29fe02a783ed4e13b5c0fbec82c381b3f71919f7d9070fd2e912309192695669b929b298f0a1397ee906f703fbea1947f68999e3490

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\ff_policy\alert_screen.png

MD5 12fca4c20c37942db74987c8a0fd01d7
SHA1 52de7a95f2af5d4e529eb9eb5f62600118e43eef
SHA256 3b1a9b3aa7efbb556e23ca353cd0d05cc82384d411b4e47567f8c6968c69c3c2
SHA512 dc78ed1f6e0c23d8296c84680efa294c12b2076f7fb7cf4a8cf17860e6a110466bcaf6613e8f261e93fed3ddb3c1cf89b5b5003f4a5c5d1cfcbaa7bbc790e7d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\how_it_works\youtube.svg

MD5 da42649358713f7d5fbf23c73791c09b
SHA1 0898292dd6f3ba291230c8f79ffe0f52524ae91f
SHA256 92bda42a1ec1032c7ccd17c8c8851583f6f1caa4927db744c4c022f69e1717a9
SHA512 de0d53ad1bb9df33cdcd0cbc2ddac12a5e0aa8631bb3e8c9d337df32367d2576c7a2e770e538e1e7dd912835e064db95d78c21767c6531f2eeb7ea906f325e76

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\how_it_works\urlhijacking.svg

MD5 bc2d8ea056bdbd741342cb93079e96c3
SHA1 8caefb53af0b68f8be2328c2f4cd5c78535fcd14
SHA256 00f6d507053a8747274debb069c02501642d102e597cd5a27c3daa56568e69e2
SHA512 df05ecdfec6549c0d1fd6d9d29a822be7b69f1fe11307d9cc257ed1b9f027f603c589dccfc810b3e05c5326b751dd70f7d0f5e07d8d4c39bd0dfdcd6e1fecb38

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\how_it_works\twitter.svg

MD5 90870165c0eb49b66ff6b7a5854f2dd5
SHA1 75324bc9579b0c3c15a82c7cdf070857a64fe99b
SHA256 78c333235dfd5ac6174fcb5e778e6a3b2d6a6f3fb1c2e62f272beaef95622fc6
SHA512 5106df2f9b97e531acdcc2eb6a48e9a81d6a99baa4644ac1a41deda9ac14f9e5972d5c1c385c678094378f6c77029d0e585e69dbcf8da7112602bebd09a32f60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\how_it_works\socialmedia.svg

MD5 ca93a52102d359a45dde07653df642d3
SHA1 dfc0f23bfb27a3594829e3b91c5ea2d504211fac
SHA256 f0e67190ce067c30af0039bc1a62ba5e33701644777b329d29a2e6c2d00b00ca
SHA512 5f0c34d58d342d9358294b042a2325325e75dfd1d929d1ead9243a4b4750b46b3350140ab724ab849f2d722fa5dc2f691e6ddabad5b89ff30eaaa93de3331562

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\how_it_works\securityalerts.svg

MD5 3102cea620263b4ec9550765f201361f
SHA1 c7a6054dbbf5fd799ba4bb53a78fff8a4ae7d6be
SHA256 0446b3c4e074bb1a0b43ef9a655273f6b5033d84970ea1802a21804949d22c3d
SHA512 4965a6e37ad9f96fdf6074fcc27f0e1ba041b7a9753bfb5071fe807090bc654cb5aa29814a2b771845ec3efec560c0f9d823c8bc91d7cdca974c180142de5c64

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\how_it_works\saferdownloads.svg

MD5 535cf3e3104ca11b733ecd85c288be4a
SHA1 6204d97f515832ed77cd522b25fa197e3714e098
SHA256 e25cee5930fac5d01e23bf80a9b2159dfce55d0b99e0f001a4f65433b9eace1e
SHA512 cd6199728b48321e548366629c74a2956706a3e60c4f5e748a33b3d925449ef2b0df18ebfc4024b8d43072cd909a16cd9ecfaaee442090dcec62be58bcb7cd5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\how_it_works\phishing.svg

MD5 d5ac8d0033d0e73693484d210a1927fe
SHA1 ab5cc965daf2e715c9f95fda886cbe32bfe82fa9
SHA256 fc0d125482a0b5e7a003d92b693c636780e724c5a79db36c941a05c5d42835c9
SHA512 2f0321266f137372e6fa49e8e87916a3d109bfc7556948ce745736810e27cd3e293e4bb131f7cd93746fb5591dc61333690a34447738d5982077c9694c22e291

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\html\iframe_block_page.html

MD5 5f79955b3effeffc3bf27d356c1b460e
SHA1 caa29518c909dbeb7728834ffa80f041413252d7
SHA256 d0e292e4c787a0855e6c6531746c77fb3b857634ede424e2d1da23cddf2adaba
SHA512 4ec2eb5ca65d0b89d412fd13abb1808d5e298c25d972060257e06313829ec61b3ccdfd68ab20b00f5ae0a889166954ec15e09592b4e9d0b18a7706ccf1315aca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\html\how_it_works.html

MD5 bc2bb83175dafe065d571a352b466fd3
SHA1 8d90df48b9e6fb324562d687bb838958d2b74c97
SHA256 7ba194b337de48abb6b8044a0a7833ff12a286e6ac0f5aa71f6426592dc2a641
SHA512 3a0010a0a677dcac78b4d7d3a1ae35b0612271dc486357f484a642bd949aa54fe8f1247713ccc93f429584dc850b790cd2473ecac05ed426f087bec4c10a743f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\html\foreground_sidebar_main.html

MD5 169795a357565de1bb66348c81ebdd98
SHA1 9f0a33b3ec5c2fc05f67ae4da9361d1d776342a3
SHA256 b618545cb49087d585d37b5c0a92ad307d2f85238208f10cdfcf51204d2213cb
SHA512 dd70caabdab07f8905b780c3982194e70a3ed221c01691b74dcfc7fd983a9794f067ed6f72e4c63d7c910c0ca77154cf1620df18d754045be26da9ce09e32028

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\html\ff_policy2.html

MD5 5f77472567379524ca8a6063ac3bdcfc
SHA1 720281853b760245622e795a27b5bcad3da62f12
SHA256 18e1698c83bcd8b4be11807703fa96154cdc94938b92a96ac6c098e2ffb84cbe
SHA512 a7a17ed2f922022f3d9f879a4f1b182daa83ac383c930b5da8cf2b04ee661d94f7abf88d92bba54d1591bfd07ce5ed98a45ea9bde898d2b52e289f050d90981d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\balloon\red_icon.svg

MD5 9d8f6bb24f4b6a8ee3fcded82a37b161
SHA1 82f9ed29cf85548888bdacf1137ec129aed43bc5
SHA256 9b2288d7cfed9b567d6f6f1b9f3f7b1550fbc9157a519323d7ad4f1eaa84f5fa
SHA512 d5bc008a85c17cc4fe30e2be7ddad9c046848cce1ba0e0446d1d5cc38559effac802ae5b5cc5ecfb7c2e95d2c0615d0af04742568bcc08db7cfc0997c3b9dd79

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\how_it_works\facebook.svg

MD5 f2b7c996810fd9e7b0698fab23df1943
SHA1 3bdd4cdae9379d8262fc5c9c3a58127f8b391635
SHA256 b90b8cb8fa98bad759d6868b3cccbb99ff3404e0fe5e4371e5b422caaf95602b
SHA512 5a7eb3a3cb94b3eb21e77c0bbedb23ff144dc110e3b72bea6e5cfb22b34761f2c155b4392491c903595e0b9870021a23b314622c717b6150f3d4432a81623a14

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\how_it_works\background-human.svg

MD5 92b7e1ac77450e5eedce133729c54eda
SHA1 952f069f83093aef8eb2bb80fe76ee6c7828fd03
SHA256 77fda79cadc42c3896cc9f8912cb0a4a31380944a8220aca7b51cacf33664b70
SHA512 44350a425f2758f2c46aed2195c99ae0a32a4ad3da3d0ead6cfb42e194d4853c018f012dd690d377ec4b9960c54cc88effa5543f6e6004907d761391da1de1c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\how_it_works\background-bottom.svg

MD5 3b1a1232507e6bd4cd280944a71f1471
SHA1 171ae3970304d1911ddee40e47e5627b2d4fa197
SHA256 31ca680330d42c3a21b02b0681f077a7d0b7c9530a8236708ad21b917a0a498b
SHA512 baae280fe94e6726c879bbcf450f1c23e6a417b3d37a0e1dfee83980765b7ca7bfdc5c8145902c150384a465cc07e8618593c6019808586e9c7b4109c75f4a25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\iframe\diagonal.gif

MD5 aeeca2f21a1eb806a8fb1b305cbd8490
SHA1 1eb1534778af34c0aa2d6ddedc923e7dd4c9eede
SHA256 ebe37863c45d88a32d3b15a220a6ba3c18ec46271e4c675ea6b6d2330a6eff21
SHA512 68930ad82e8dd9ee3c5a0ca85d9b0e06df7f21ad36d33a8be516787049146b18239200f0f7600288ecefc182b12329bb1a44766f30f9767e7b03f710214c3d86

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\iframe\block.png

MD5 64a5a282d53b093562d16c27d2fb0866
SHA1 2b5d22bcf322629447d8bbf244a632918cb37e04
SHA256 b7533e7192c16c92e0efec5e38bb4c9479a487d6f6334ea1878df4b0287739cf
SHA512 84666e2811babad3cc30b9c2e068450a94fa92f0964db8668aaa85a8cb33f4f83a535d1755e90040dc97724b36283b9b00d5478bab0de14398ab4b36c383d78b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\mb_dropdown\ic_snooze_notifications.svg

MD5 2060d707414c50bd334de5b9e874528d
SHA1 f65cf8f27e6816f1a8e9ff60c0365d017cb4607f
SHA256 131ec1a59139e1993c30fd3058a900754c9d8f9dc9aad761909dbb697e121a97
SHA512 0e505955ee66b0345a8683f40a2ecd42f3dffb8dccdf5e7f5f44e6c38a5037629948b4d111cc061f259e8d116f0cfd3bb9dd1ec2bf49a4ce58167278c33d326d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\mb_dropdown\ic_notifications.svg

MD5 2b6d200b766f5a3ddfe4529a48797df7
SHA1 a38d8403d73a9d73a489b9b3af5e808bf6664004
SHA256 5b141ce171183828dcd2c8b64a32329493161e231594436d97d290521ed123ed
SHA512 8935be25e1d2dc5078dadf08f39f4fdae19d16f426230eff4026058a975f1d74b8481d60ab954b5e6ce447319a0d57dc2e2b88411c8af000f9361256c16c2801

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\mb_dropdown\ic_close.svg

MD5 3e13e2105b39165dcf85684398e8ca08
SHA1 7cb84745208025e337f7d2d63bc7048568619b62
SHA256 a613f9a6f9bb09d76160c03ab2e59db5a854ac3aac61bfa3580df49c60e9ddee
SHA512 b1380ffaddd05810735fcf1c67483ec48dba5a6a689c309b7770797cf7ec6c045e9746fd07156ab793453f15a1ad0769a7c86b576da41667912b883b7fb895f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\mb_dropdown\ic_chevron_down.svg

MD5 6dfc625c4dc5d74b20716bae8f2ba74d
SHA1 25fc7d2614e31d1f28749b7d854bb6785f470237
SHA256 9c545289402f2802df4bed38fa936e4a849f4d23b87730142322cd56e8a26dc3
SHA512 ab488e905eb89971077f6b74d2082a39f8c193930ba7c33cebd5ad6027ac845ba39e67f39217bfc8f7d589e5faec403c6431a7ba00db129e70ba803bba77b9e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\no_native_toast\mcafee_landscape.svg

MD5 de2e3d1d3d340dd79149003f9604acaa
SHA1 91e26ec2db5f9895070565f12de70d034302788f
SHA256 3fcdcaa254e6b96313bad0f31acee9e09e3bffe596b6de855a25df4b45cc26c0
SHA512 45f0bbf386cdfbf02ccacd3ff17fbbefa58f0240a0981d5246a7346b26947aafae960887a58ad4d444342cd242bb9dd41880a5f7911c0f579511d1bb45615854

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\no_native_toast\install_native.svg

MD5 ba62dbfb7b82197469739cd547828859
SHA1 278833bb0c854412a066216200225cb708303099
SHA256 7d525193664c518933def7afb44f2d8810d24aaf940e32dae5b1777d37c793cc
SHA512 99d919032bf019297612b0908a0ec9df2331fbe40b4837246047bd9297fb0c2b864808d34f7becb441583da9bb16c677cb18b4734b8f07d425a27837909a9606

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\no_native_toast\download_native.svg

MD5 c8ef16b50a70d00e82fb1b146827ed47
SHA1 3610f8b0e9d5bf0819740f4a6dcc548bb804bb4a
SHA256 0674b07783bda3911a905cd35564a8d6cae9fcd76a1bd97648da8ea46f19189e
SHA512 158d1ae406add704cbd857d99424612e22349e3370d2ea0d74fe595686f5769f7e6c5f9e164ed43bea616e3d9a4429f5d6182441930c3f554e30e36dcadafa65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\no_native_toast\close_btn.svg

MD5 2d597ec8fc3fd28cc675a767331d83a0
SHA1 5c7e8782fd64f471d030f4d20ea35b4b58c5f993
SHA256 a821b14cdb81cabaede76ccffc6494748729f561d243dea9be8b08423c3c5611
SHA512 dde4dce5f6f932a392f19f390b32faa7702b6364d13f7f92998fbb28bb3ab050a1b7549d067a05d71901c122b1431a3b4c0685d9f42f112d804af6a8918c50ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\overlay\arrow-up.svg

MD5 4cf3a1b20964ae2b7150ffb77db9d094
SHA1 99e0efb3195d3eac4b450a36ec334c1e14809a3d
SHA256 553e55b2d10285f54dd2faf204751af38f7f0da2a79060b5e82c8bfe2c2f7f31
SHA512 10a30f15cdb8a99b5d5d06a18f856a2d8f1c4b749e2821517cd0c91f373872fc89e3b2606b38cdb71916fc1f162a1e2e9a337b65f594ce9d5e99bfcf8f5a8d9b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\settings\youtube.svg

MD5 95ab7ba91f3f8d8e331bc046bb9a89b7
SHA1 877b5ba3e36585db17043357cae76516df476458
SHA256 72f99ed3d833dacb35530d45fb5be816f02a7cb19d93c19762981b4001a8ca68
SHA512 f1aa009a36a33add029c61a812a68fd415a4ceb438e7e4561c6ca9eddf3d2d8725b6cee173e4df0cb3c9273c16d42dc0003568554da1973160d6f12cf7082fc0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\settings\youtube-disabled.svg

MD5 1da29c03897d34a49a2859ee7e5144d1
SHA1 4305531e08c68d2b892d1e4eeb0e7495ab1b05ea
SHA256 59644e8db54b3d4a1fa8f71f15367fabb8d8715f8ed76b3f9c7b4a2b3e1eb565
SHA512 a559d95b5b1f6de463da0406a19e20c1ff9fe3ef42f6ec16d1217d86defe6ed454c7d85a0512e075c83f2628c520622e6c292c15a65ce230e77aece97ed2d76a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\settings\x-icon.svg

MD5 3c501ad9f83b68417c35b0c6287d6b1a
SHA1 6e8c5f254609123e6b77e0b609746fce2208a51d
SHA256 993247a60eeb729732329d8a1c87683629195a55560c91c28bceb8ffc38482fa
SHA512 c0a9388af7dacfa5b24d51ca987f539e383ee3d2503357f5453812458acc0102fb13d46fc552ff3fb057056f271a369456f3037e9b9c84e3528bfbf7bf6f6d65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\settings\remove-white.png

MD5 b14973ab6e5372cba0d017b2555906d1
SHA1 f33f0f03cda1b3689722b6edc3b26a4447728350
SHA256 d0616a4d04f40964b1d64a6a4ce419f87fc16eaba8bb94156a66abe361935b92
SHA512 c04cff1f3353fa02940a8e56fac1c5b86a266211cecbc23f0703f0a16d30f9f4ba3e188e74bd11165bb6daae895a26c6d1df29651af9166d1fad1606ebec8cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\settings\remove-gray.png

MD5 10a8b5a8a34affacae5ccd390b4cf437
SHA1 a5a7c0cab2e2531deeb0ee691fda0f4e0c0acc5e
SHA256 8a0ac48fa60727d3decba5b405df3acd05eedbefde23ecd750ef3d5bf45e754f
SHA512 ccb9a2f1be0f1a29c9f5c1146f5b05e23bc972104ef35959e726f59e302e288a454b6876216e8ee09f96c0f0999cb2eb695aee6bfc5dca58e0e5e158377a07e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\settings\reddit.svg

MD5 8d9f86a9a69c4e2362376ad038e02b72
SHA1 c55cd50ef5cb7120b40e61562b26735c0956927a
SHA256 ea22146ca6462024b2edf567ddb0b411e0f2da4838aec95771e375eedf7d12da
SHA512 0ad8c0981167746fa30640bf8dbf257cd1a5731a9de6667fced7e2e58735ba58d3ef62c460ab36be6974f7511e6582b6a4fbd13fbb71c0cf6beaa6040b921778

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\settings\reddit-disabled.svg

MD5 8a54fb9d38e1072b28619e29b430cbcb
SHA1 7cfa6c000a324064289ceca1756886ed393e95d4
SHA256 2c0d774c77336d1359467b9ae86bb69bf3200814268bf4984ada050fd5a51fb6
SHA512 88d966c0a1f4ccff61897f1d14d5570322be7d7224add262c5965859c385203f46edc074a63f4c324e498ad1ddb828cc7310392b916f50daa0658faaf188425a

F:\LDPlayer\LDPlayer9\dnplayer.exe

MD5 2061141f3c490b5b441eff06e816a6c2
SHA1 d24166db06398c6e897ff662730d3d83391fdaaa
SHA256 2f1e555c3cb142b77bd72209637f9d5c068d960cad52100506ace6431d5e4bb0
SHA512 6b6e791d615a644af9e3d8b31a750c4679e18ef094fea8cd1434473af895b67f8c45a7658bfedfa30cc54377b02f7ee8715e11ee376ed7b95ded9d82ddbd3ccc

F:\LDPlayer\LDPlayer9\dnmultiplayer.exe

MD5 330013a714c5dc0c561301adcccd8bc8
SHA1 030b1d6ac68e64dec5cbb82a75938c6ce5588466
SHA256 c22a57cd1b0bdba47652f5457c53a975b2e27daa3955f5ef4e3eaee9cf8d127a
SHA512 6afb7e55a09c9aac370dff52755b117ad16b4fc6973665fce266ea3a7934edfb65f821f4f27f01f4059adb0cf54cc3a97d5ff4038dc005f51ecee626fd5fadd1

F:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll

MD5 66df6f7b7a98ff750aade522c22d239a
SHA1 f69464fe18ed03de597bb46482ae899f43c94617
SHA256 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f
SHA512 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e

F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp120.dll

MD5 50260b0f19aaa7e37c4082fecef8ff41
SHA1 ce672489b29baa7119881497ed5044b21ad8fe30
SHA256 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9
SHA512 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll

MD5 4ba25d2cbe1587a841dcfb8c8c4a6ea6
SHA1 52693d4b5e0b55a929099b680348c3932f2c3c62
SHA256 b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49
SHA512 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

F:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf

MD5 4acd5f0e312730f1d8b8805f3699c184
SHA1 67c957e102bf2b2a86c5708257bc32f91c006739
SHA256 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5
SHA512 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

F:\LDPlayer\LDPlayer9\fonts\NotoSans-Regular.otf

MD5 93b877811441a5ae311762a7cb6fb1e1
SHA1 339e033fd4fbb131c2d9b964354c68cd2cf18bd1
SHA256 b3899a2bb84ce5e0d61cc55c49df2d29ba90d301b71a84e8c648416ec96efc8b
SHA512 7f053cec61fbddae0184d858c3ef3e8bf298b4417d25b84ac1fc888c052eca252b24f7abfff7783442a1b80cc9fc2ce777dda323991cc4dc79039f4c17e21df4

F:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll

MD5 0054560df6c69d2067689433172088ef
SHA1 a30042b77ebd7c704be0e986349030bcdb82857d
SHA256 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750
SHA512 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0

F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr120.dll

MD5 50097ec217ce0ebb9b4caa09cd2cd73a
SHA1 8cd3018c4170072464fbcd7cba563df1fc2b884c
SHA256 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112
SHA512 ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll

MD5 3e29914113ec4b968ba5eb1f6d194a0a
SHA1 557b67e372e85eb39989cb53cffd3ef1adabb9fe
SHA256 c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a
SHA512 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

F:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll

MD5 e8fd6da54f056363b284608c3f6a832e
SHA1 32e88b82fd398568517ab03b33e9765b59c4946d
SHA256 b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd
SHA512 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b

F:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll

MD5 52c43baddd43be63fbfb398722f3b01d
SHA1 be1b1064fdda4dde4b72ef523b8e02c050ccd820
SHA256 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f
SHA512 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28

F:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll

MD5 ba46e6e1c5861617b4d97de00149b905
SHA1 4affc8aab49c7dc3ceeca81391c4f737d7672b32
SHA256 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e
SHA512 bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6

F:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll

MD5 2d40f6c6a4f88c8c2685ee25b53ec00d
SHA1 faf96bac1e7665aa07029d8f94e1ac84014a863b
SHA256 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334
SHA512 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

MD5 b30d3becc8731792523d599d949e63f5
SHA1 19350257e42d7aee17fb3bf139a9d3adb330fad4
SHA256 b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3
SHA512 523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

F:\LDPlayer\LDPlayer9\ldmutiplayer\dnresource.rcc

MD5 d4d2fd2ce9c5017b32fc054857227592
SHA1 7ee3b1127c892118cc98fb67b1d8a01748ca52d5
SHA256 c4b7144dd50f68ca531568cafb6bb37bf54c5b078fbac6847afa9c3b34b5f185
SHA512 d2f983dde93099f617dd63b37b8a1039166aaf852819df052a9d82a8407eb299dac22b4ffe8cab48331e695bf01b545eb728bec5d793aeb0045b70ea9ceab918

F:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe

MD5 ad9d7cbdb4b19fb65960d69126e3ff68
SHA1 dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d
SHA256 a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326
SHA512 f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7

F:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll

MD5 01c4246df55a5fff93d086bb56110d2b
SHA1 e2939375c4dd7b478913328b88eaa3c91913cfdc
SHA256 c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889
SHA512 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\settings\mcafee-shield-pattern.svg

MD5 33a6b33703566cf94eb42b8af280aa67
SHA1 5e35b60f7ecff1cbc9c97a23b3a6bc3c3c429207
SHA256 d9b86ec7a86abfbee38265d0fa5e4fe6b5c09e3e6a8301f51269f18b7a3d4712
SHA512 eb30e52ad6181081388c41a490d8864b87eba34745a7d0f9343f67f8dfb86b08cf351d68835a4c2788860fd0743985acfd4d3f02ae1377f8e554583f412223da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\settings\linkedin.svg

MD5 3fe661e5de95005a38824476ecc23e85
SHA1 d6282115581c0e282cb0fa3134ef52ec45f5c1b4
SHA256 db2b2d6edc31e2eac165d11fc30df2932186e79d53ffec004a43225501bfb4e8
SHA512 449debfc95619b5bff6d8e3411e42918afe1269e7b23763e39b5f1205ae906b0e85aab3becc5719df016126a5d09e0ae6edaade1253625651f62e4f4aac6e962

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\settings\linkedin-disabled.svg

MD5 e03ba80f2fa98e92241d24d881391ff7
SHA1 1d9c79c6878e022ca5aa08ed63760d87fbe4df40
SHA256 725140d10f0836acd3ea352722ab08c56d45e9f69a20133ec5429035273513d7
SHA512 ca73ada6655facb3561e30a0f8f71f572b8f68f765a7450c18ec9b533dc41e7acedaeb21c905d035beb4646dcce999b456744cc0637dd77f1d30b7e0789a2883

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\settings\instagram.svg

MD5 8f4c6e3f3a5a571f7f76de7beb1054ec
SHA1 336e4ea41ca48b13fbbbff115ef77c37f2978aff
SHA256 1428af01f67f406ece2d31831f7e25d65d8eeacec04e03de96a9659d49a133d5
SHA512 dba346b78fcdc694b7c17659aaec336920e6ce116006d6f7f5fe17242e00a140d6dd1101ebdb052770c56c38de4964120e5ad0f374191ffbbd3a1139143e82f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\settings\instagram-disabled.svg

MD5 494be2e5f9239b8b4a08ed072d9d81f7
SHA1 9396526589a12e18e914c66902e0a01aad911bfb
SHA256 aeca7a435408051f8ac1be787fcc286bf422dd6d661a17155d00f2a5c1ea3953
SHA512 36accea0088b0b3a26adbc390b233a7e1d859d52dea8a8922c79e0aa7ef1f0cd84b82bc75053b5b98d4f4ac3b521a9456b73a96170ac1ee8ac30d8f6e302f417

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\settings\facebook.svg

MD5 f569bfbf7409b40b64f3ece7dfe2582c
SHA1 ad1fe2a23418896651e79422c031e96d331ee123
SHA256 0f7450652e611e8aa86e8e6b3e89e00aff6f8757d7820828d94f9d7d04f449e5
SHA512 ccc663dd354e16a3b8b0d5a381d1e49f9bf4d315416e7d37be82dca722c76503166a2d226a0fcec82495dbc3ab42294c247c7f7fcb2195b968fde4d9f4d27751

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\settings\facebook-disabled.svg

MD5 fe2b7520a61092c32badff400f00d496
SHA1 1735baeef0548ff304669d82ed537a9b6939131f
SHA256 2e6468409d66b796af3095010f94aa55e8d8c810947289ad376e4167d19afcc9
SHA512 4757dd3c666c399003a660cf5bf53b2f6fbd0c06a50bcd48e784ffa8510a4d4c4b9629d1e279adacab4f77053b9d6866666c7a5fbdabad2d96b9e0dc8b6bb67f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\settings\checkmark.svg

MD5 8252bfa40d72b6d1ed58fc100eac6e63
SHA1 a7408f4145588ee8a7b444ae6f222fba7deef5b2
SHA256 fe4a18ba692b3fbf4aefd5512cc3c9eb58b56561b3079c56b1e2b101a7023902
SHA512 0ca4ab2ab92438344a6ec7eb00f71a2433b1e2fd88a1adc055edc392dddbdda4619f71305cda21a1169d7521360b9833a278a2f2c54f5dbcc9035143155689ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\settings\checkmark-disabled.svg

MD5 1d6686bfc594e62391c7d5c2b1b3cdb8
SHA1 a8b7d88d6f2e3add358ead563a022e90a8861a30
SHA256 0e452d7cb43d92add3ae9631e2a1d32cfa042efd6a04cb71a29d0166d21cafc3
SHA512 1bfe3117f6f9ba7f5597d960d63926daab167b2697d0f608d4074447583b617ef844ff2c2c467089b5ae0939654855cb1c5c76343bd53115c42d7ed828fb3d4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\settings\add-white.png

MD5 7fa9e475ab0f70f1715f97f458399b9f
SHA1 99b9f148d7dc68bbd28e410e8c50ad85c8206a5a
SHA256 e9561a833692998f7179af1a4909b3d38c7423970b2a329ca26d7470cba4d90f
SHA512 f5e4f38e18636f3581cd0b9f8f183e2e4fd6b34a473fc3fbd882c5c3371e0a5529950a40f45b854f388c19f302f2a011e1a7b7645c8a954d2e3c3397402acf33

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\settings\add-gray.png

MD5 290866c95a92068264d23970c501e005
SHA1 8c754920f13ef23c0fef5db8e66f871c0be3a655
SHA256 7c7a7933f67fd514d67bb717333d31fc280d0c0fb46270bd45b85ce9d38e42b4
SHA512 e65639ba538c43baadd64eefc0eef0631ca14941c4ba81cfcd625bf39e40eb528e786f600a60d63c2ab0347b01a59c50684d799fb7dd29856d66de42db32f244

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\sidebar\social_x.svg

MD5 c5d67f046cde24f6b2653be12f8a0ef4
SHA1 8ef015c184c1ef3203f081b92d7ee9eb0922ea62
SHA256 fe1353a68a7d89002e60f01899e9be72184d09d7f1e32501c8da62c260f8ce57
SHA512 77bc416ac87792cd0c2eca5794a71ee80a454bb66c12ad59303cb98e5256a71755fd21dedae432d5b70b6a0dbc05d6bd072b64a4b4fe5dce29b9e05f9aec86ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\sidebar\social_linkedin.svg

MD5 244c302f18a26a287c13375c24d84c8e
SHA1 1e88b3a0a541948481eb709a5d591ac3562ec8df
SHA256 3e21583b1074d9a3b217184c295136e17872f3fe9ed6062b3d1175be5fa57bff
SHA512 56442ea4b2a730d934c010d648abeeb79672bfb21be47b6edbb6d25605ecae0bdb273d9e8833a1a4e7cf640469c75379932edd5ac70b35f9f9027bb14ae02974

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\sidebar\social_facebook.svg

MD5 4624a2e4b9b2ddf885c9680860523c67
SHA1 1404e5a0356f398fdce9cf3fb521f779800c0c85
SHA256 7c2709426e7cb36894d4874b94bdfe39fa051b3fa77c09b3eafc972232155265
SHA512 995e006208b6462f151a7658d78ec2a77276fbe25be1d1f6b13bc9dacd65f80c00af1d7c477671f98a2220c3b870faaf4df1b0e8f380c4c86d8e5429f2ed2ace

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\sidebar\sidebar_logo.svg

MD5 3e58f3f4abc887f82e200934f8f2db4c
SHA1 59208d42abf2516413648488580ee82f5d84c609
SHA256 b9c985c56c09ccf318f5301c35a37d988bc717de9de21ae4c7dd817fa2252cab
SHA512 2488442b14baf25401bae9c3bb27bd5742a538f15ac4fd0cfb5e9eb20840651118b99d1afa9553ed4acf927352d63a5a11ded840e6a2772e6c0a19a0670da508

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\sidebar\popup-logo.svg

MD5 650d3a2956d151d8cbb9b84b76f74ac5
SHA1 14b1fa01a91b5f47bf9b33c949c09d46fca877c1
SHA256 6ba2ccc2dd26ea71b6ef652fab7d3994c2641dd74c0228308c0ad6935b9f3249
SHA512 5557e53f9cd2d10fe05fe7610de5939a8075e929394a025d4c9efbc0725e56e3cef020f71306aee248eb599299f23896e432a8d906028dd2bd3b0bd94cc98574

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\sidebar\ic_settings.svg

MD5 1dab673817e0fc5c863efb0793d7b1b1
SHA1 fe2dcdb5155c5db9754e4193298afc1b1dfc1801
SHA256 2552afc14c0d44d5ed40a49ce2e3c2ee067d88298cf17bde665b021fd16613cb
SHA512 ed02f8275776df1be8aa634a280a23053ba5afccf11781d957367310dd675605d0377c73ab50f254f1c24ab7fccf00e524d62d14336c724962d340c85c44ba7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\sidebar\ic_search.svg

MD5 712dc1e4820e4b66d1197182ae159f99
SHA1 639391d0ce8b0f7bab4bb26ce8216c40f7d0f3d9
SHA256 f48d9e4eb136bb945a50085e7cf9405c188a5b3b27973542aa7f23e699d79da0
SHA512 43caa1bf725ff029455b4e184da5251f9c2c49a9a0bf7a7da84223542185557215e06c574594832195f7b455bbcdf764af72f6283470e44e662cdbcdbf44ee69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\sidebar\ic_info.svg

MD5 77df97dd24db39a6ad87eab57dfce8c9
SHA1 e1ba714b7e572fd5e7fff01dcc2409c3993d5755
SHA256 b91800791ed8fac522c1087c0f3b3bcfc09935415bf2407d1d56a32bfb867b65
SHA512 ef898580e727b4935ae8806719b1dfccd3ff43b3e790d0999d883e9f5214a56cd3d662f5fd842870da309a46b1eb6328cd1b530ffabe7f62e3aef83a429b17a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\sidebar\ic_ereader.svg

MD5 c3a8d05c5f318caa9ae7669d77a39a4b
SHA1 65c3a56a6336aee4f618cbb0c5631771adc88fa9
SHA256 20bb95b2d1d0912a4c1f0981fa32cbc0e4306b2d4c7440278c44904935c7f4e2
SHA512 62552debd41c6eb1d8d97feb0eefa47d0a652c660c5c165344f4473b6e35a1f081ac2349d5f9ae04d47bd48e7360b7c958ba77d05c1d8ba25fb9424a944fdaf1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\sidebar\ic_chevron_small_right.svg

MD5 42540256abb194eb88e97dd56de85dcc
SHA1 d712b984b1abe588cd71535adf19e139497a02e8
SHA256 0dfb82df7409da4b63c196f8937bf1490dd728ace092414fd82505f44b25a3b6
SHA512 6f2643941804f8a2051ea4badad4832ef5fea751585c8a250bd17a0df88234fc184938c52426080b0bf578dfe6ebd1933bd0e301d49dceb62430670eccd95667

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\sidebar\ic_chevron_small_left.svg

MD5 e8b741dc79b08ad9c15e9ceb0aec6458
SHA1 b0c45ae87d161d849dadcb24ad4f5fc7030cbffd
SHA256 1d35dbda1d0ae0ca61bb46974ee322b41461f9708cf9afd4fd8e8b4a156adbd7
SHA512 2a4a481cbcf15be6cb23daeda6362d4fb0a2f53a0dce22721bbb7705f148bda8cb25f89ff46005543b862901e7c899b2b800ee6bae215157af0d7c13afc26cf0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\sidebar\ic_browser_security.svg

MD5 4acfdde68ac89ada9f7b57e11f16ffa7
SHA1 83accdd30f050ba5aeb3eca943eccaf20c8c496b
SHA256 72a5529f5d2435cb99ca5fea0a343cb64ba17536bda43163af9cde90f20468ec
SHA512 e08e7808bcb9b4448305f7d2015f88edcf2d1759ed517ca5c9e132e8d8f57e5886ce1855ac6887194adbbd4d14bd35ff8644793601cb1e9cab6df851979bec1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\sidebar\ic_browser_history.svg

MD5 d293c1d1191875ddc377b994ab1041c7
SHA1 6a5dc1d7c8f518b47dba965467d44d7268d015db
SHA256 b6104d80df687b685b290ec033683f2ced3d016997d30efe302f5bf1e68670c8
SHA512 bcf62649933db50efa0de2c67fb9ee17257193e1ded73227e8d889833af96311cf9694257cb0aee5433d0b58b2e9bcf84cb7dbb05ff966bba065dbdfd44544e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\sidebar\ic_ai_detection_white.svg

MD5 6a40d677a200d395cc7498a5cc671cba
SHA1 c32aeb5acbd6194fa8f8c9bc28d3460e80de9ccb
SHA256 89d19cabe3ad5227f029745710504b714719a5fb9e7f1f30c8487328cdbb7746
SHA512 4a97ccf2ac94edeb63da3ba4225dd36c3c220163f6ec82e653e1e43a806cdfc5d7dd0f5229fa5ee1e877da9671d5e17ab79b6fcf295a8fd2ba45476324eaedbb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\sidebar\ic_ai_detection.svg

MD5 7078ef55fd90f1aac13affc6c243436b
SHA1 5b6dcd0b4b4b936054e600482eb7d60b3272ff59
SHA256 ee90e35a72b87c81550b24f6358f6c3c786128e87da22f2eeb7ca7de1f671ba5
SHA512 7905de40ba0e255eb157b78ca58ad5065263080804a6e758f7da4130daf4cf3acbae150232034c4a04a0febc1475a16e4eb1b2d93caa2c31a4a74f7eb866a8ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\sidebar\icon_open_window.svg

MD5 af40e91792c0f98fcc31a187869affaa
SHA1 4d3cafacf20902776a1e7ffb6461e20f70007499
SHA256 73a8adf17045889239c0db1c44786077910f63db755178e7b190fec37e9f2726
SHA512 090ef419626c61a4545b24d3d60bff28659efbadc15988f151e7cc2698cdf9576a5d4d59449012f81c4d77a0a810037071e7dae90c2d2dc727ce0dcfc258a455

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\sidebar\home.svg

MD5 d0ecdff375c24f74221f68225039b36c
SHA1 bbfd3c9315144f38d6097d9bd21a0c6da795000c
SHA256 f9598b5b10ea88a26757dcfd8ee2e2022dd7e1170980418505b98e837015f023
SHA512 06a21fb271c3d2a1f9bead6d0ea6f77bcf18033ab25c039ec2303b959d103277671dae386ef1905c9b68d1e710f42a499a2234b548995ca531f67711a05d4aa7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\sidebar\graph_red_icon.svg

MD5 8fd03463adb60d452df47e352f2ce4c7
SHA1 640d6e9ecad8ce1557267b76cfd6161cca28f2d5
SHA256 2ed8d54b805c65f0108c73a30cc3fa627fc79446b1f964ebe69042f89fa84e28
SHA512 06dd67654c2c8f78338e371d8375c9ff36df9225ab67f8a55324ee1214ced6b3373c9928bab716bb873e64cad72072df405a4bdbe234df296087b0f5bcc7eacd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\sidebar\arrow_forward.svg

MD5 f995441602bbfa894146b13db27a6d7e
SHA1 768243ae3d0737067883b7e21010fbaf141e13cc
SHA256 568f058d7e8ac2211d2226d2e422a3f6a9bd2fff80f870a26bed4215317a694a
SHA512 9ece1aa3bb3c4a439ed530c0015300a0dafa99602087d7e8359ede529c41a10a210a239326a4823637822d37f6d79081d388f25d1094a9f0e835ae6cf2ff9d2a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\site_status\wave_yellow.svg

MD5 11d1f40a53bbd6eb84c41caa4f18c989
SHA1 214154b9ea931c8f23e84e549fbf6de4b156da23
SHA256 e339489ec7cfc3142d62cd46c14185cc990f2a66d2833f94aaf1543bf23a9bc6
SHA512 c7e7f6ef317f874b38da86a0e29d280f77f782b6c4cf3fc8a7dd02ace2d62578fea7ed692641f9665debd9d1e9074fcafbc637411684e0b3199ae43ac0162531

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\site_status\wave_unknown.svg

MD5 59d0ed068bcdf2d9d046765ba93418ba
SHA1 ff16c32872df7cde003cd2946b0f809d8aac3056
SHA256 44aef871c7ba47dba8e8c79b921442339e1a954bde7ee52da857d11f723e76e9
SHA512 cb2463b93be53fd85c67ff6a48aff9275c5e8e4e5a04e2028d26ff1318b7b7d5e9cf5fd0993431f687900260e3a5346217701dd969907f5a158bbac7d8dc852b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\site_status\wave_red.svg

MD5 11e63557a03e92aafaf2a9e3ec1a6f10
SHA1 4963df7c26135be1d1aeeabde78efdb00e6af988
SHA256 a1dcbd3bf0eec977abc532cd32ca1ea81b3832cdc353a800413ea2b1785d8261
SHA512 639cf73e43017f5cceff9789bc26f40ecd0eb07f2a5ef79474e220f1929f1191dff98acae3a0ee6c824e8873e1daeed41d601f44305d0756fe1c938b5ce05f8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\site_status\wave_green.svg

MD5 4c5d32afdab60c45a088141dbce107fa
SHA1 964a81b73f599aa0301d9430ce006f01d4dc8917
SHA256 dc63328dd136cc3582f7dadeb580e9c00b62f937ea05d0fcc75808f1b0fc057a
SHA512 38ae34c068b538def1b742109b00bfd6524483289d62e73a854c3418572f23fb7f0ecd9aadc6028a80c9934dac9ef0424f6d25a684da3492532e3056a592ce6e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\site_status\warning_yellow.svg

MD5 c6c7c219d1f7f74addcec8ce48f193a5
SHA1 0ecc4ae1f29027928f9bbad299942fc6bcb11c60
SHA256 02584615a227a5bcffec51320549404a772df8f2d78f6e13779ec91f6da70ed3
SHA512 5410ef0cb7efe69a8dbe54d7a9c79b4233f719c893cff15b8d55a886d0ec88362be4fc707c4754aadfef9bdfee0f50facccca2ce3eea12eed83fde6d3f528a4e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\site_status\warning_unknown.svg

MD5 9b1966801500c78203a89885aaa1a528
SHA1 a3f59595c710d16a88b111ea4b87d7ae5b670bab
SHA256 298e1d2b8ea48987a2df6c4ccf0a3aa0a3feeec429ce68b66d4cac617b45f4f3
SHA512 e9b328aa214bdce039694b6936b2f55b926d0379fe01d757d870b2d303727c6349a3a0e6074d76694c6470fb95e4a3df4204863121f9531d5fe245f9eb747ec8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\site_status\warning_red.svg

MD5 c5fb6e2c21002496cf142f66ac2c5e2b
SHA1 13fa6674097eff4a7730746c5862e0067f77a1b1
SHA256 c301ddee10d154d56eed3e8e1b0d84ec685b55f1bfe0f9e12e5ef46f6589b0c6
SHA512 e1d12242e5ff6ffb8ae262fc146f8e60a6ed11117ff6e23228bb836e9c705b9c6321830aa171d77001393639bf342a4726bb25590f7c30d48f5fb6edfb388f51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\site_status\warning_green.svg

MD5 3d867c84e1e6d2fd30e61072133eeda8
SHA1 61b9740db47dea7ddc7c8929d03b9c927067d77c
SHA256 5068c87fdf7e527035dbf48e28c16e97a64e4d2e71dc869cb798b9b6cb926fdd
SHA512 96b77b9b89067a00867074dbdbbc42c84e9c529a7c0d3a70a53b8918ad76babaa953c84d98881a57be61203f44b8dda606329f41d205cb6236d15edb7c79e12c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\site_status\thanks_feedback_icon.svg

MD5 398983b7e7c9ff221847cc8916f6b0ef
SHA1 f1fc6d77f305dfbbc9c3bc1cabf254c886effb6a
SHA256 0dd21dfeb6ae5368a599f2ff0828e04a4f095394464c244a89376b854055cc9c
SHA512 3d0eaaa67f99e4beb24f15fa2f5ef86d193278774a0ad8db256e2b223dab2db9e0fc2615bc2df631df2c29bd7a9f95e131f83d36a95a3317b84da413995b23a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\site_status\smile_face.svg

MD5 f01e50bab229fa30c2780904ad2d89aa
SHA1 8de1d01e2746419a20c59adba80b7552b19f97f1
SHA256 3f0f3fd76158e1e010f4a8de042b0bd57f9aa1ab0a6ca7e076eedbfe44dc3698
SHA512 af98663da6f17a8fb47853063e36cecf992c0ae1e0777517c656a23fa161a08ae5e9e346979e5f85e1a427a38cf915bea88e55fdefe0954ae70c3637413afee7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\site_status\side_logo_yellow.svg

MD5 e16190dcf46d5a978b83fa873cf5c6d0
SHA1 a757fd5648ebce07f8c1271a58f648e7aa45ac35
SHA256 cf0f2ed2ecabe6894cf40093bdd82fac51a26ef754c3a597f6dd9f215647c454
SHA512 3984563f0d5a22e6c1bf0212e2bb46f2ad43694b5379eb44bf7dce6a701e02cb51c96350c686c65a6800561db739cd216c75b81ac73deb914ed7c6d10d0bc4ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\site_status\side_logo_unknown.svg

MD5 eef13b8c98033b4d6e7bf020fd0c7a72
SHA1 612dc1cca9b3f3e037f771efa920a74615172591
SHA256 56509f804340038f1abe9b56deca61d110a3f9020805fe31621492ac7b87fd6e
SHA512 b73e6b0fc19e688fccf5932113abe257a7bc5022fec66d596954626272a81a297070016c9d580256cd01b193354f48085a2b6c07a46ce6062ec3a1ba1a356919

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\site_status\side_logo_red.svg

MD5 f14e3d0982634c59cdf07afceaa4f5e1
SHA1 09937c430395dc2b26b22354d9c49cfd29bf912e
SHA256 c16eedb1e76ef8d8ec21fd9080e0d1bcd529c05a6565c6fb9838728194bbb16b
SHA512 48311c5740f6481987bd1c2af33fde8b4a1adc98521642f5e36c50d8e6df2e637052d0b940255fcdb2da376dce5072303fbe94719c2cc81ce31cdd7f674312ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\site_status\side_logo_green.svg

MD5 c497ec5bd201ed39d481d45806966867
SHA1 9b83d45664af236386322d3df77ac826475e19d4
SHA256 3665a2cbffd36668b06f473c2924180bdffdb97774ee62c6764c83878fb6a7e0
SHA512 a08a1b3ece19973ffe484f087c276ecb9171cc8a9d7664f880bf8637a7f5d54976053cb933fad344402d5e21f7ea4a0544d89c1546c5279a23b76aa8dcf5bad0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\site_status\search_icon.svg

MD5 60b2f7207496a45ff9d0c56d3196477d
SHA1 296727c74f6cec5223e77a1d4ed95bcb4561dbfb
SHA256 c145b6ddd558318f0cc8eeb11f6ea474c690769cde2271677e1005a0fb00f532
SHA512 7f8d46b0e52efbd7853ad50e4a0b733d155e82264664633affeafb374c906a69a8364c002eb1ab111330787b4c975403e0708ba2b9dd5f8f0b05188c7d0c4ed2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\site_status\sad_face.svg

MD5 7cb45d712d0d3da14b000209bba4dfd6
SHA1 6ba4472c9fcf1e1ff4d6b782d743493e8cdf5cfa
SHA256 c19d804fab52bc557024db7c4c0034e01fdf45cab1ba34eefc5bbca37e987d1b
SHA512 a78e8df9728b826550d986bfd1804edd7cd36da826be188f7776336197bc72a217986354fe510cc5aa9391ddf6aaf2c6395aad71f44d0161e44d04c156b26948

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\site_status\logo.svg

MD5 ed708c571abb2920ea9e8777d072d33d
SHA1 cb224b6794e7cbc6b092b874e45d057b466145ff
SHA256 c7b585a3f5d3f0fcc6d99d09b2a03ab0a47cfdf40702a5a9b0899ec2e422d95e
SHA512 942807a857b82ae22e1dc4a7205713e4365f703a07a8388ff1ac843868b2a17bc5f12ce306cc07ddc9e7a96ee4140d02b46eed334aeb229da0d2e6491ddd542e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\site_status\close_icon.svg

MD5 097943f80730cca1a88700e0d73250b6
SHA1 df6296484e33a1ccab52f477e9e3f28a53869536
SHA256 9ce40ec068ef3eb9bc375a51d80d2d10aca5fda5ba839e83e1a1b8f2eaf02b92
SHA512 6c2b23dc013fa6ab92aed6a8a8f970ef04b5c2e98623b2d1e6ce0919a94bddfafd484a44eadc909cf03d6782aa1c1d6d38872aa9da907094936d5eb9ae730aba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\socialmedia\youtube.svg

MD5 f3c95f1ee512e5b481fa664db72a0072
SHA1 517c78a4a90c91d7057fbc80bfbd1da11cd712a0
SHA256 b58a353116e1fda690fc595ad5a43c8f389edc10fe5bca49bb4375222fc72455
SHA512 a08870bee50f39df2f3517b5b6f6f11f7ce899821fa0b5761742b690fc588716b0085dbc6cb08503ca45ceb49b7b1f1900afab7ca4ae4423f2651ae94467dea1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\socialmedia\youtube-unchecked.svg

MD5 649374ed8f7b7d6f7077b08fc33361b6
SHA1 89781fe4150a9f295e56ffb1496ae8248022849d
SHA256 bfbfe1db8f3a86a17ffba3a316b31860dfac33ccbbff7da850f986bc2455a1b1
SHA512 1e7f5cfe0375116d4594ede7a239d85deb3df2cbeb323a258fb557df053948001ddd55e7f40ac75898330fd8e6c7a46fdaada6ae58c8ac2de6aebf0363888f28

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\socialmedia\youtube-disabled.svg

MD5 79dbc4016cfa7af54854fd87f17b9fe1
SHA1 f3a8dc59c9f49fed2e8ea8bf8b545dee717b99d7
SHA256 48a0372476a73e3802ccc5c923c1f59cdead04df96a9b8a3e601e97e5bff74d9
SHA512 d1f82c7074008dd519af186ece466d29764c2d0a6f514fdf37dd0d803b1750e82d7ab5aeef62d59b50f399ff9a14ac117dd4dd1d0970aa00ed7b7ad8bd7653b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\socialmedia\twitter.svg

MD5 3b61fb4e8abd2a4b48beb4e992344dc1
SHA1 99f51f7613479683b0d66299f65bdb9d94cc2f31
SHA256 61cc9bf74aa7fbefe2386868a799da9d132e826f09f17ea082b2029fb193b6e2
SHA512 a7dbdfa9218231d74a80e62968472643b38c8a35d7eb533c623aeaf9f7e865418dcbc486168463fa60bf1205adc9b83197aa2ea0d6e001ae79613ea4d2d4c609

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\socialmedia\twitter-unchecked.svg

MD5 49c4d32f0e66654208381ea6b518c921
SHA1 1867abaebb561c02316b71425ddc74cec57f6f13
SHA256 59c28fa052c96d215cc420ce2ac9fe572381206bb25a38749705595f7bb473a3
SHA512 0a4b24d9e058f78542d4b4273cdab0cb3e410463a3e827e44bf98acfedf8d6d0b84b4148e8bd5ae03d5a3e3641403f5a21ccbb727467559d25dbfef2d18166e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\socialmedia\twitter-disabled.svg

MD5 7d822b99ca9e51042ffdaede8a5a254f
SHA1 dbdccfa7ade6f0a3eb56cd7317ac407abdf0bbf6
SHA256 6f8318d5de526eb76530b42e9ce055f59cd4e47cd419c571309d215a2f65a252
SHA512 a9d33fef6183ed28e6b8f22e19fa70084bddf3ab95b6b05fcc4349c45bb86ac7e30b7743afb82218d0a8c049d1ac5ccca3290f34c81038759cc5fe07de086b45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\socialmedia\reddit.svg

MD5 fe709438d1fbb05fa19700835f27c170
SHA1 873889e53db11489adad0831d7eec2da09396d39
SHA256 1e683942e2ab6bf905719f7f5ccaab451caf8b978b63666014df66ffd25c1b46
SHA512 b14a991c57d2a627f06c2dad7fefc9d32ae6c4134c1c95649bdf02a21a3ee11d6cb4eb7c37a3025ddf35b73454082da297ba64f179bfbd51800f23c680bbd21d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\socialmedia\reddit-unchecked.svg

MD5 2e1a647ad3777312e5d7b84f70230501
SHA1 75d5e0ac26aceb125d3acb20ce668f11cb121cff
SHA256 95f3634e5c1798fb16f6b7a6b56e9b3374d4357506b48fea1999d53e97f9dafd
SHA512 aed533953cf36e99bfe551ac5759670f365cf3616b7fad36197312d9d7aeafc7c5789c6260d1427a9c7aa4330679088d98ae0ba4d17e40e99daaa07d88a5c5a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\socialmedia\reddit-disabled.svg

MD5 0a940b4fce5870418e3a07f68a205365
SHA1 a2f1adc4c0872ae151d95427ea7963042eedcd79
SHA256 9fda50b768261bb956594e4ff9aec0bdbb6c6156d530bd4ac5ad095848bc3f6d
SHA512 ebb2ebcd9eb4350d7df5e4d5e4662da49e51f1f45361963404f1ef1265c09d9a69461ef129e74af932354362cd13c89ef3e850c030add750670d2f99da4fa4f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\socialmedia\linkedin.svg

MD5 39bd4cde50ab7548ef22496b60ac253c
SHA1 b83bcddedf49f70205f3784ee311ee0288e64475
SHA256 84dd4440b78f9f27a4e3324ca111b7dae3d3d61395f3b15f77aad6eb90f9a970
SHA512 6f8e35866e0dd9c071d59cddf995421ab974e7281ef0ab1f874e8ff125c6eb94414e944da83cc702e6ec50c01702fadcbb47739ede8bf93a43f35a8b5516a2ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\socialmedia\linkedin-unchecked.svg

MD5 1fa339c46439b60bf6add8b64c4a0b66
SHA1 850e2f99d80107e5ed111da44424717cd97cfc86
SHA256 bad9131c52180e0c04e7422aa0c1ca4e74591eca508d282ff13ea1482d8ebba0
SHA512 3362e659863743e6a75f02c53c80d62cc781268f04295f77a72e4031a82b07e3f89c1719e6568c2ee11fae9ac4fa70360a4ed4208a01fa8bd850c29e975f4c66

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\socialmedia\linkedin-disabled.svg

MD5 bedece397325b64371952b71ac9c71eb
SHA1 c18a90a282a4c972e35aa8fde8b3415a283193ac
SHA256 39835ca910e695adf4bbe6757db12aa12c7a0092dc7747f9cdbe17b100ce4642
SHA512 6c222832120a822d637631ecb58aee47d5c9e3b566562fdc7fb86e5d9e6ed615533e9d23485fee0b030a476ff98ec5f02af29cbe9701b4c8f6d661c646ab7afc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\socialmedia\instagram.svg

MD5 b7e5ead698b9cf7cf78845c94e7173d6
SHA1 2f3c3e38b0941c2cf1106bd96d53b06fd6e4c127
SHA256 e6912780b400cd01f5d9f9c2e99a8f5720c45c772ebfbd4417cad15d5d481f9f
SHA512 f2effc116ba13c21d5cf5100ee00269127c490c84cfcae1221b08ab11c9fbf62a59831c10a78735d12bdd42547e55bfb0827545820752ecb134aedb229c75b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\socialmedia\instagram-unchecked.svg

MD5 ecf3516cf67f667176040cc186fdcd2a
SHA1 581c0905c382039489bf98f8f9386ef73076ad79
SHA256 b3bb02e9a212d25fb481f46ba2f3255aa59d5f954ae71d52c6fb8babc5122d4c
SHA512 a77cdac57c711bba2e570535ca8bba5b94285989eaa462b62fe7feff7f26244a1e92d39ff028ec900d3d54d4a57041ba24423e5133c72794115e3acda874b706

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\socialmedia\instagram-disabled.svg

MD5 600c76c70ca6b17faaac5ccfdec7c478
SHA1 23a1ef44bbab865f4dbc343178a66a2f8cead620
SHA256 054bf6ef7441312c83965511cad648c27bdeda82bcec365ff7a3343f4c374450
SHA512 8a5515343736da079db4ea0bec0d5bb6d0272be6c4f04ff5ca41286b76fa29fbba7d7b9c59b4e0d11b5be4fba1589b30da8bb5c726c7c8f74880e6939ecf1e19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\socialmedia\facebook.svg

MD5 763803444f3005e0faf8f4aa76bdca80
SHA1 352a65debde91eecdad9040c7000bede3c102403
SHA256 bb7dc0e71bc5cc7f5d979b00837855653aa0582b7d8d2bf3866246123ff44ee4
SHA512 4120b60be1f40acf8d64ee7a9528ea8a147820dc069a4cc3376b4272e76cc494e6c1a5a32d697cc03074fc8461139a1f107498eb58e4a439bbf9e3d42d99d55d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\socialmedia\facebook-unchecked.svg

MD5 c37f963fd30c8fd6c1bb752364107183
SHA1 cbd1aef0c5b99a158f7befdbfb2d8999b441995b
SHA256 b0e118aa819ff4db65b841b3b205bd90e90348a05ce6bb350a1b7548a2c9251b
SHA512 78253ebee64fb79405c207614fc4c0d4eecae7f73b748a084f9c15ac6857b9fae7e7ae9e9e339c007ce25ebdc6d7bba7bdfdf7d2638d79b4706d3dc658164fd2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\socialmedia\facebook-disabled.svg

MD5 814d8b8c7e574e45f5d52f19f80b75e3
SHA1 97a5a7e4dd6db4c4a9cb578a721deb653e18f21d
SHA256 64ee3637e6c7aef16e327ec6934b90466170d35d5c607076eea93cc7ebf9325c
SHA512 b102e8c6472cb5821d7b5a9c8b3304bf104ea62858de090e12113c48956fb6d32690e1cb686269de4a0bba1f78b3414a3d25da9ab30a843d210d87fd453b109b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\statistics\pages-scanned-icon.svg

MD5 9f74e34b99cfe1c362f09f5142836939
SHA1 44c714a4441f0a7a130e6cab0e75cc811545a66f
SHA256 05c700272b683ca1670a5e039cfe5098b58b4a33b64e19e639e68e9f61f47b8d
SHA512 91b80315a53e0809b801067eab17c5eb38e44d7214be778cd2522d5a198d2b63b2cf3db2552d02e779dbe3ab70313da8dade61dce096105f9bfd20647c1b9bc0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\statistics\pages-blocked-icon.svg

MD5 711a2cf02bec3f69dfe89909861a62e4
SHA1 6ad9f51a9f2713d17bd93f78083702c9a5c9cf7b
SHA256 31bfdd4098f6606a017d6c598a638ac5191186c0c7ea491bf38e59dff249d97e
SHA512 387aa3ccce05b92b21c455ecfe725411e1258617e610b00f53327a53c63be3ec7c016b5f03a631287183c94d6eabc2c20a7e8382f78592f1132dedc00ff237d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\statistics\downloads-scanned-icon.svg

MD5 6ea0c55b5563cd9feb4cc13c8e5bad8f
SHA1 b21a5cf2dd61bb95b156b24c56e6a311458dde35
SHA256 3e6482187200fe72e4b063d0f25a5f14b4492047f90aba44fec9be64ab68772e
SHA512 899a6054aac2a06f285a553ce6c76a22b8653c4b8b8ded429b1f5a2be002176574c3c63b8aa21b2c2dc8c02c4f778cff6f8ced027cf13105c9b25a8443c0219a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\statistics\downloads-blocked-icon.svg

MD5 160550c817acbf5cabbdd3b20e903e37
SHA1 1c771f935ae29004400dcd83dfa8db1adeeed9d3
SHA256 f330184ef8b79ada42f82c0b0bf77a24046c6b74a69fec0fc2605224a12dd062
SHA512 b8d746e3a3dcea7685eca1f9cbbb44dd8b18343612ac0ce4aaa4a2d19ce318af3fbd6a746ca23d5fe1d2b2bbf1bb36f9345037cac84a2352a1b27efc8d368be6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\web_advisor\x-icon.svg

MD5 15c44de5bf34f917db329b931143b02d
SHA1 73e7f9fcbf7d139a6e701ac0c1c8971d29ffc72f
SHA256 d04bc6cda16e1e3d292bfb19148d7f0cad21cb96bfebe0ed9e2a0341d3750953
SHA512 e42e9725a5a3c80eacc070f6b8e1c4d304b136c4ba55353d36e6e8af8ece534f7325b1e835ce3ae844584f346247070b6180dc35728cdef7b97336059e3970af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\web_advisor\white_mcafee_icon.svg

MD5 7c7f3d088209c673b10b2825c943233e
SHA1 a844ffb567f9d730814df4cad20b3aef7643829a
SHA256 50229fc494498f88523c723063e67490dc1e4776b6d3b0876fd7931c1e1b5c75
SHA512 9da0e3ba21bf441b7a07a0b6f66f550e00cf686099cb00ec9e4684370cfee3669951793af4aff0bca5b2595f0932852027bf56e6fc4e3d6f7f71c530e53e27aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\web_advisor\search_icon.svg

MD5 51a47620b1c48b4c432921d35d02d123
SHA1 14297a9827ce5ba874e4097ff8840f06b109ba44
SHA256 ff1a4e5ad768282559f2c0575c36a49e3c5c846bc5717ee07853e34fc7494235
SHA512 35a9fb65204eb66ea548f6aba6bd468d8d24f6fcef9633211dfb88bcd81084a799c5bcd26b73cf74245b11117c0fa74b980065f0927a291c2724cda64d81b711

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\web_advisor\mcafee_logo.svg

MD5 9bcc6f675f54cde7cafb533091009f32
SHA1 3cf028339a1627fec086a438ca4e7718d890fc91
SHA256 fad79478bad5e3484804e956f3678b2065525f26e032939a4e03af0e274553f6
SHA512 a80072b5a697b81aa6019ced2c501584e2330c8d4f4fa8675133f161dd1e181507ea8a6b375871c28cdcfef1166e5cab92b7906baeeac9f30c218824d651fc97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\web_advisor\mcafee_brand.svg

MD5 16405c6c43a4537a23405324de6ec0b3
SHA1 b5995e25af58e19deb9fd85b739d10fd8cfbdca3
SHA256 db412f891da3f9e41bea3a05dbe5d013cdcb21bd3091b7f4780d1c51b1ec44bb
SHA512 66bdc7349964f5a08d52a437a22ab2c806dc86f62bc06e1cfa6b863ff7de0000cdfaa340fa1d6b17f26c5a72f0e7c49993b0109eb82c86570ba9b1d88a94153f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\web_advisor\info_icon.svg

MD5 805d40b882a7ca79ad60df3d018b0e6f
SHA1 e65a069d1bff4ab4b0eace108a6a47e039ece7ad
SHA256 5b036dfe0243742aeff3f5ef525ec9d0c4c25d30591a1f5b7b071c72332a6f84
SHA512 3b250b00041ded9b0d87dd74eaf5f05843375ffbc1b3e4f45e76d29ff78e663abbd944b41d845f820bff541fa6c4a6aadce83e6619cc731b72079ed86fdc26b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\web_advisor\danger_icon.svg

MD5 d25c35fbd95038c5c82f2372980faf48
SHA1 76d0c8c5c5c3cf89a17a5d2cf04c7948230d1dc2
SHA256 9c5f1eca9c4e95c817a9fe4f581c607318150d611f08107f612b7adc366ae7c4
SHA512 0f7d90cd13c38fb2bb1eaea574e7a6887ad8221596818612a3405971bfed169c951614946f1500cd98f439efbad34bdddc3bdaa3e8dc612248dd64a6b99531e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\images\webadvisor.png

MD5 1ae7fbba1feccb37caa95e2c74f37ff3
SHA1 e3440dbb7033624732270614a14b9392d12f28a4
SHA256 0aeb375f23e40fdc2a1b99d934cca3ae3b4e596cc9e40f7ef733308f0956fa72
SHA512 b7fef47df6b372a65652745bbc08ca2cc07c613806f84432c6b6edab90091f2d5f2c2ab41dae7a827c91988dd10400755bcd988da182757cbc751c9937446bfe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\json\engines.json

MD5 0d22d490f8cdf1d378ebc498b29ec5b5
SHA1 f0d718cd5c96a4bf85d75bcc4e182386251328d2
SHA256 b0cba5a43e4598d3dc9aa5ed344dad5bb8e66c04a495226f7bb2102f437d043a
SHA512 da28cfce1f2d3a374207aaca5f40838af0b0a0a9d1f60ac738b0d821e222913ad952466d3622231b6704da19f3492e961b9904708cb68e3f1f17d291015d91a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\MockingBird-Package\scripts\worklet_processor.js

MD5 2fb6d21c7e7236b5b41b081a546d994a
SHA1 2e87f26e15231787b79361a85b9bff7435c6454b
SHA256 c64e5af37b6e98ff2b864faa3367292bff08d9ed3b74d74a9275831cb3749c4a
SHA512 a089c541fbd6937ed701ded702a8d34bb7fcce057daba326f420bdd1addcc4c1188ae3564355d4f53efd925ad32ca7337cc05d403c67e3027b39915a74e4b3e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\MockingBird-Package\scripts\mockingbird_content_page_inject.js

MD5 f473935d76520616924d804b1db97506
SHA1 03f5103a59f3fa0221301bece2d9f1c6819534d1
SHA256 b8be9a0b30785ad5e3764e775fb3d94ff4c3583a1877b143e23b485effb11dc1
SHA512 bcb5dfc1c2bc6fb423477247d6dc7dae780d4578d70b53ac0a5b26f4070cacd79b9f9fc57d0d253b60fca99910483fe93a6168f3f05109ad26b28671c7df303e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\MockingBird-Package\scripts\mockingbird_content_main.js

MD5 4409a41e66298b6690afa99b3b04fc88
SHA1 65fc833a415e4022b680fc77c3a30408aa13c781
SHA256 7f7e630cea6d8d6d0d3ee99e51e28af2caa674f310ee6e5ec1a10c5da2b58ea1
SHA512 23d3a575681284e71a080c1d03534b259ea70593224feee4def375dc8873473546454018727cbbb2d0b1cf78d732171cebcc781700957e4054503201ebb66f5e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\scripts\Sailer-Package\feature_collector.js

MD5 78d57885e5e4d3f8aea5b2ec1635e965
SHA1 abba46a8d2ed14d38dd004d866f472da80b6b79d
SHA256 d29f575650cf543ce89dcd43e657c1a97f6dc8c0af8f85248cac4b3ad4f36954
SHA512 18f1c3880c5415872b2f443431f55a632e3d8f3952d3b8eba3d72e367ef16dec803ea1404d598c503a97931c0e7242cfb53124699a839e248374259b128b63b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\scripts\iframe_form_detection.js

MD5 fa6ec08702aea0862e8bbda5313e2a8a
SHA1 726ded59f9696d66b9a810d0907b3d16d3e1112d
SHA256 642e07b8b34850662660e4e44e5b24fda8693dbe3c673bda6d7c8af07eb51ec9
SHA512 0459d6463e0d8d33cb008a6eebaa71f9050e4d301c99ab84f1a7ada06a909db96687a7dbeac77cdc581b1628e5710c83d6570c4459cf5ac0816dbd4b8360a691

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\scripts\iframe_form_check.js

MD5 1581267b777304e77cefd0db60c03128
SHA1 558dd38b77ecd340b4dd037c869746aee20b2c8e
SHA256 c1647bc29d310e642f0c40c0e444ec69ed869774cd36a318f57accd93e8e1fa1
SHA512 1cd276de14c796796425af14bd270bfba6eae86e8fd2cb4d440690ee69ddcaf85bc56e7a1dfa33ae53a331bf9ca991b0d3a25e0ef488d07c5405dc5c888fd4d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\scripts\iframe_block.js

MD5 248531ed5a983e430fff1579a14986ed
SHA1 c69df75c32b2ed3816fe8da1ebd67d12f08c422c
SHA256 59961a7b89936b95ddddd4951fa6ad7860cb4c53c83d6dd751d38d9055e77ea6
SHA512 caef2bd37bea0ea1039a71866d4b9ddf70617b510e71d159c881f5ad84abeef975340ed10c7fd208a0f1ef72259f6ade76dd2b22847361aa8c1909abaae74655

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\scripts\content_site_listener.js

MD5 5477408b9d99e05948d3c2f8c1805e3a
SHA1 7906db08c2bdb5e850b6e0d7839466a26862aba6
SHA256 6b45066e494a91626bde9e1d0c4c27306ccbf86195195b8a9308dd797b18e203
SHA512 0d95b10eb6fa82d6f44ea7532011841f0a9b6bb2b350587bcdcdd5348c1b1fedccee99eaf3286d5bcb95363db620788ccc70678ea64e5de52377ed7dc556c606

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\scripts\content_mb_video_check.js

MD5 e97f5acb8d64a922b30cc9bb7f13467f
SHA1 b757cd9a7188b6242f9579d2e523e7b4aa56b0ae
SHA256 bb10f7a635e72ed2ea640c3e37ca4d709d9bcb0c7e7de0a57c8e9504e32641a1
SHA512 db62d1dbfe5dab2490eab298435f4dd658e7a17d4d36b05c812720d872a72a2c6c25fbac7c948951b1fd9cb129a6edee0e66287fcd5d130899898c22a0b619d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\scripts\content_mb_page_banner.js

MD5 37fb32077ff78dc43a1f86a58eee6bd8
SHA1 5df27112c36a3ebf48fdc57a8f6a714804e98073
SHA256 dcc5a7a03796fd955e1d60a1243f7c1354c5db5c6a1e7ef6f882169b73cbbf7d
SHA512 d5b2b704f2ddd8df6aa651f2a9ab358f0cdf7630b4e8a78529ef122909893962440f248f663caf986c93ec41b8903e9d767c43e11be4d5af800ab074fe7291db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\scripts\content_mb_banner.js

MD5 edebc1d5189548ecea304bf23cf14bab
SHA1 ba96af37d02616c687ce7fdfc91304145f7132ce
SHA256 de9388f50960053db488378d0899ac2810a1fe9875d0b6472545a3290745e4a2
SHA512 d2b6837c2a3a0c4965d4de7fd1feeaccf4dead644c52e6d014f12057181be1c1f6560d25d6cbabf512df61a596082537fad0fd2174481cf838fb919edf345698

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\scripts\content_mb_activate_banner.js

MD5 5864718a2f60d180f3a26d2d0a76f3c9
SHA1 008fa90b3625b6c10e3dad9992db2c756e9b4eaf
SHA256 a2b7a8ca69c80f8217b5d1f6a282cbeb9795972388d201508742e3e5e80569c2
SHA512 3e1e42f10229b6d1c531537c7ac2464b1d34961a358e5080ccf353bba0b2593f8a67ab4e4a8775672453c2b349ca0d1cbf643fe95f61744cd8ac85c525a292a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\scripts\content_injection_check.js

MD5 9ddf0288b1c8668ff55fdb38f3072c02
SHA1 e76add5f884b7e370bb2dc7005b8a63297151348
SHA256 9350dd08e265186007bcea995ddacb0b2afb603ea042a9da2c6f256a0e5a47a6
SHA512 df4057cbfde2f4cbfa7dd5353011e1b870abe1088a5b96bc8797491d5af5d49953353b05138153497230dc2f6085525c1b358793de7424adf1a14112e8437903

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\scripts\content_iframe_helper.js

MD5 39fedb52b253744fa6ae5ef84107a559
SHA1 c4b6241fc57f1846385ae539b98a877af7608e4d
SHA256 65cb7f832d180b069eabe53a0befb1b801655d5e825a206bd9bcda582212e563
SHA512 d59d4ccb24167bf3ee9e9215966a9d12e6b0e6f54b13c3ef87f64dabd779bc62f6ae6e2ea62cc6ce425b95e66324ef312635747da95465036838843b43564772

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\scripts\content_iframe_banner.js

MD5 eef63268b72677b87f63551b56e6fc23
SHA1 899f147dcd17af3a21f56d92f13e9a0fae49ab14
SHA256 f116f6d81344df7c8789865cefac459fbd21983eefb84cf702689982c292c7c9
SHA512 7694c940a39770461ffb8c575df319b4b5fb34d84d1fedd5dbdfee0c1bfc00c245640db8f4e0fd911f22b6517cf37138412166b8aa960198e24f87e1d1ecf6c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\scripts\content_idps.js

MD5 a640865f8980fa0fcd19d57bd03e4bfe
SHA1 32ada0e78475c62881686810b6308918ca1d9c25
SHA256 787e5415ae33e4660ee07e20ba23eee459abd590160afb97db15f7906a6aaa52
SHA512 0e7af6ce0aba386accd3891bb43d90175719387a8249b181100e3cb8d48103fd76a7bd58eb306a1b2eb3c396996c013f408fbfa9739a3ff9115be7634af7e690

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\scripts\content_autoplay_detection.js

MD5 9b9ef5d54afe700b9045609c421e8cb1
SHA1 fecca08fed4e4e46bf187bb8a99d73a3cbd8a7c9
SHA256 d3f3715e9a81dd68b791cb58238a7e959d3457de85de93faf863f4ce4f830cbe
SHA512 66ad45ed89ea0395a7cd6264dbaf35c57fc69dacfa681ae08439d885f701a22053647e16fc7de513deffa2fe8e6bc520603472ffeca9e0f74494ae1e7dc7c1a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\scripts\content_annotation.js

MD5 69a8b3c47f119eddce68789708f3e05b
SHA1 e067183f226116b901a23482667fddaad55189e9
SHA256 0c8a6bff85f4375b1656b123580cf0cf2d50e49ddd91c6c5b242f036f7475c0f
SHA512 bd00b5d7a109d38cd47d3c0aab8e2c6fcf233d0e3b4c9b089a762426cf867ecd5fc4836ca65d86535eb444fe62272528a8648bfd2eda699414f0f021b1311956

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\_locales\cs\messages.json

MD5 8c5c6fd0ff5566b17891299e6ec912c6
SHA1 1ac1fd6eab6652963f187cf038a3c3cdd41b3515
SHA256 2f66acd9e90fe321372c9d81bfc8192b6c88d07179432f88218fbb522c49966e
SHA512 f2efd6d802fa283a1a1c3373888db8bb4f0e872d4f15145311fb27958111ce839b748ba7ab226f6ea8debd8903a8b3f447e7282ba692c6467998d317cc74a296

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\_locales\da\messages.json

MD5 64823d82253e95f7d072ff7d2ddf557d
SHA1 7d8a7ded1061ceceb7bf2f2e05818d4bf3a845eb
SHA256 55d7aa51e49c0ad85518c0325ef9cf8d20ab408f8e27ce70bfac41678696846d
SHA512 e2c489e125573fb60699a7a698299818ba338d3c0dc3210558b633dd5d890c100943407e0ca86ac3a5fce5fc09b38cacd3348cf0c3eed0977cc63b23c8eb5c87

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\_locales\de\messages.json

MD5 b5e14d7aaff68f904ec70524d48de4cb
SHA1 33aece14c75c7945e5efcac84e5f3ca0ed2d9a8c
SHA256 7c5b5d309d44dea032097c915d522acb44c748b02a573d3d5782634b406b6705
SHA512 dd4a67e9b4a0c7ba57454884695a9e0bdfee5da5b03377547772c5c3022a44cd020e821c2b738f96af99c1ce0945f33aa587ea890f244c8c35c82b3ccbbdaea7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\_locales\el\messages.json

MD5 b97e385a1fdb8f2dfe3026b128348d42
SHA1 729ac5da03cb8e3ba18ae46dd8721604dfb328b5
SHA256 7baaeec52068bfd9672ca378a29d22898aba080a46eb649fd6101f86461f919c
SHA512 464e2767d71d2176b0989adae313a0c5cbd826ccf089f6deea7180fdfdf1c1bbd3b956b068dc6d52512a2a5b2408f2675bde3712c70728767535d316efe57c83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\_locales\en\messages.json

MD5 61d544ea0120868f710dd819f43c960b
SHA1 175dba601df6079163bca7fc48a91d7190f346b3
SHA256 d77b4c094176a8da13a5986cb8c818f89111d55d87b942e3538f4b957037c6b7
SHA512 34da15641c38088bd408133e5c0fa419345d2de7f87aa717b6fa6b176c7695aa6887409cf7886a8647f841083f306b034c39946e32094cbf103cd693ea0afada

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\_locales\es\messages.json

MD5 e784323ec9c9690491f2d62141836c2f
SHA1 3ccc50fced47b08183671a460006a32c5b4513ac
SHA256 87a0a5aa4b27e12a1fde8263017e929668a1f0880b54f456d99a5559806aa1e7
SHA512 b42a4fbbb9d90a4f97c6fa4e658f1d8c5920750c3d0aba91c78820d318da121ef0e5741aacc83988d06fd4500c237fe873eed2cce2fe8e1de93f1114986049d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\_locales\es_419\messages.json

MD5 3b5e05ec5d73c1e55624a6c7f51af10c
SHA1 296c5c266295cc47ce1d13fff9f0dcddbc715df9
SHA256 9fafa0c86ca1c5ac3bf1f23a30212f2069fb67b042c6975084b40503807f3b02
SHA512 5a0ddc285ea459f319da866a1566319ea95efbab52e106415b3dff776df1a7f8c3ed66ffbfe3cf0d1376e1979b729bb99e07e3086e734889bc7fb847e03dadf2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\_locales\fi\messages.json

MD5 53ff5c711f362dd30205cf93f1f51f86
SHA1 611b9937413ce70d10be0ac606f004d9bb716dbd
SHA256 f5e0794e60dd0fe149f34916518802bbd528bf4cdad9388e70eef13946995f07
SHA512 4dec49f2026466b4c2108b68f645a6aba7ecbf30ed696a731e96962f966b18534c58e9196383d9c34c52f86dcd6723731245281f9e80d3b2abad2af98d584f74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\_locales\fr\messages.json

MD5 0d0edd8e008c87577b52783d8e9a1646
SHA1 f4855dd21f9cb1324488958f3519fdb0ee9f9fe3
SHA256 4f30803138ff93735d812cbd3a1e8c1fa0cd5d3384089aa1bc20d27786439ac1
SHA512 489d38d4c291159e8d6c15fde89fdad4c92d56797d720e91485478d018eafefb7ba0b08f8f31c93bc23979bd63de7da143ac938011583dbcfa87eb8053327b4b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\_locales\fr_CA\messages.json

MD5 5c5db79d5444a9d7f6fd800bcc23fdb8
SHA1 48bc08c2fe2c71d0593cb600e9ea6d68df992346
SHA256 bee534eb4364a49fcc7bdc07b3ce9eb537e95edf0fe254b7ff870fa185cc3e51
SHA512 00a0435104a0e0601dc1d5033dead78b80840bd2b5694aea2e9debd8354819f89139d74826450aa8107d7a70c5455a836f452b4a1335a33f82ba5938b8cb7288

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\_locales\hr\messages.json

MD5 0a79ba9ff40da35fbb8e48b11c0f2b14
SHA1 8995930877aafd26615642e1dbf1737a90ddbe68
SHA256 2f3e9c8f641430e8f53db65080a9460c80f43c0d0833db17269570905de2afdf
SHA512 764e0f962ee424c6015eed694dcbba16cb82f62f14a72e250e0f26abcdd127de5bdfa037d7d24612fc2df710fb6171654b9cebbaff1427f2a70ead97dc9f38df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\_locales\hu\messages.json

MD5 c4b6fb1715907c06d905e05eb99ad256
SHA1 ae993d7f4b9da0e7bd774ef2063e211841bf46c9
SHA256 c0a65a9c1ef5230359ab6c2d74d9bb69a658d38c5949ecc322b896e8b95ba1c7
SHA512 fe2a7beecddf0976181343efce0d15f0ce5e2087fb3a8941452dce718e92f2c9d7f56e42804e25bfcda5f53a07170df828cec949cdaa0bc9d42ea3ee96fd0dde

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\_locales\it\messages.json

MD5 bc20290b3c8d90a8bb7da36d970946ad
SHA1 c510948167c51e4a2919fcfae50e84ab3cdaa456
SHA256 33643d3986e8ed6ad656c10cae4662c92a95903a00233e56b2ba43a094a38b48
SHA512 850319e579f49242a2f775c672daf882df116b0d38ea9cac6d6288359811e64e5423a0d0c3611e10a7f64e9569417146c7c9f69c21eb56eb4b82c4216218d72f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\_locales\ja\messages.json

MD5 e276fade2b07dffcd458e0f2fe31022d
SHA1 a94e31ea67e1d1f9dfa12fc0da3d5abdfe4b25ad
SHA256 9562fefeec3e975b8da43a82746581fb4d4fdf2f61d37f5afc8af3c23e12057c
SHA512 b337c02ba6dd27fe5ee0d8c3eb2c3d67ffbd6a6e36ebf09f3674e42308f2c99a4dc977334295a4f435cc7ee64c6f27a74dff48e74493fdc1dc4f64def6163a87

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\_locales\ko\messages.json

MD5 ffabe1cf4dde5600bc747c44ba4983ab
SHA1 8137e8f8681e13c607bbd150282360c4f6e79092
SHA256 de486faa3fb52b712e8b3befd0c47a5a6706abe255ada23361277580fc732143
SHA512 f0299dcaf275fdf4e1c0d403ef11f4556636a72cf6d086ae3f8c4b09ee2a7d4ebb4e028b8f69e1a8797baa80c0826b6ec73478d107bfc63643df8da7747b9e66

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\_locales\nb\messages.json

MD5 6a65cc4806bf067b9a2ee7e3c4c14e61
SHA1 79827a4756d6cf45aa638879d00c5dd50b2e15fc
SHA256 d191db06a165cff18fca6d2f73ffb58f3ba5b10c52ff77d089c97a5e4892a5e6
SHA512 549885e78b0d28cf39bf8763c8a044780a63ae681c1297c0387d6e4f1dbd4ac3335081453f89863afe33c628e317f8eabae81d31ea5f19bcc55fc21e5a8cd6f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\_locales\nl\messages.json

MD5 bb11132a94d08b0388ee4fe7f28f532e
SHA1 904a70c5d035d4455e63aa063cf9fe1e0a30d012
SHA256 5df5b5b278eafc00ec19e349a8f2c68cdd6c43f914209b14c8f59e816ecc98fb
SHA512 afa94fe7a8cbdb848d24c5c1f0efe296d3892988ae9b00d4bcbf72a45225e459a419c0015aff1f7683dd5465915b17439b406095763776ed27cebc44ebaac290

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\_locales\pl\messages.json

MD5 88eda8badc680d9bb6b11f0c1bf36d82
SHA1 669da6e8c49b1e5769d932ac00b98fe33331208a
SHA256 936695715f05e73c3242c79f9c9a87676edefcfa1ade03d319eb375952c9c205
SHA512 55834e310ed3bab2e7c7c3f1aa07145b27c14978dc2d8457a456937b69cefcb3882e63b748d2e760b0ab1b97f6012b3c2686259c442a9394e9bd34202617d729

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\_locales\pt_BR\messages.json

MD5 70e55405dcebe4772576aa0e10e20d32
SHA1 a5dd3f96b70a98c2f19ef37868daa941de37d68b
SHA256 fd4baaa95740ffbde28626cfa708b913b3c5b801a17e098046e18e68bd594b72
SHA512 1f1effe153ee666463ac3a905b6576881d50f1e0dbd6e54d42fbed6954d3db5186a1ccfb28d071531099cc1c457a9033e22c8078ed3b65e757483f8b844d45eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\_locales\pt_PT\messages.json

MD5 3956cec584afd7416af5de4c4ef33d88
SHA1 faf5f955eaa6018b612dee42cc538958415f60cd
SHA256 c3a77e80afe5b186c8052eee82c200cea780e0b3e3704c2659935193eb55ee3a
SHA512 b97afb03f3f04ec29a581b1fef7e96038c4e7c6d16d919fc123e1641e2bf58fc91fde1e92f7ecd7f5ab99b7027ba2f1bf6024e6ecc0973f8080cbef6ef25d906

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\_locales\sk\messages.json

MD5 8f2c18e2a051a53e7185b55b2247bb86
SHA1 af7ff3772426836599a94f75e62338fdfd6ae316
SHA256 7ab379d665ca2a312d6239d4dac708795fc5908ab91f11f6e019f6cc1da079f3
SHA512 105db86e37bd08dc12a565673e9c8c0fcf52b29d883146e8a9e64c62e23f7a1ecb3df58ce4c76abfff1af8780dfb11062e0c81b4529f9e402f9a1261526384d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\_locales\sr\messages.json

MD5 902339e3e08d9b51bda781c116919065
SHA1 08edd441bb7a6fe243ef99f45dabb3f575da0c32
SHA256 05d26726f205b6b1fb417377cb5a7ff9471195517c20bf382a73b45f03cf35b5
SHA512 7d02fe8d91962a2cc5b1ceab18a7af2b36fbf7d107e89c0ebf0f102bd6baebc2f9b9582378b7f1f3fa79fbe6b0c00fb3598fb39b5efea5e820a5c7e9b52debb4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\_locales\sv\messages.json

MD5 149e3da2a5ec6487a3a6100cf1fa0041
SHA1 45a810f4b2993b855f75a7b0f635c4b34ab721d3
SHA256 42e3e168c68faeda1ba10fc3ab190a6b1cbec93614c1e3053e6bf7dadae1c8ce
SHA512 029c0f7f8cfa94edbd5072d21544224edeb48fb3e6cd776ae4f466e35af55040d481929cb4c23cc8954a785f425429e10deb6ba4baf77001416dde51c6b22364

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\_locales\tr\messages.json

MD5 85b89e76e757c91681de625e2e1e2143
SHA1 170f735e8eba9768024d119e03aeaf0d9ebb8dad
SHA256 babc4b4777477e6975eee6bd72bc208b01894e6d5ca789f2819c0d94255a6dfe
SHA512 af8118e473e3fbbfbd21fad367209945b5cd2b7e63cb4c8f2ba3ab74a1705694d179b7a482d4bbeb87fbe3df0c6118fd90e1ef8ae9ae78f2f18f4c62a255fed8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\_locales\zh_CN\messages.json

MD5 9fdf4828944199a682617fa7ff2ecd54
SHA1 877e8023357ac49f165c33781bd36686944d13f8
SHA256 a784a41771a528b3f04ab1beb4aa64c9b3d26a540bbabdb8ebec4787e844742e
SHA512 33b0bcf6e3c2d7e1ca11b0d996667038a45861cd25d11bcd67ffc071ebfbd9f4f137cc8a284964d5c660eaa05dd2221f96fba55bcadf1df460a178e130fa9e53

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\_locales\zh_TW\messages.json

MD5 5d7b067e7a48e210eb1cdd3ea4b29fe4
SHA1 64df2081c292726ca28a55627891c2560210858a
SHA256 4b420cc80affe21d22495fd8ac53272009c0a040d6b298c15b750213cf92d058
SHA512 a0f0f7ca7f0c464c51e520dfdd52d25a8f154d7a5294770d851e33c477e78426af831aeebfce3085bfd030802ec2bf9889fa05ddb5832ad6ec5e88b135847f17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\_metadata\verified_contents.json

MD5 d3f199730af50d06b992afb5f9bee8fa
SHA1 c8c8436feb6e68255877bdcba983a789c8446179
SHA256 657679785c9fb0abaecfc2124136e7e39b6018ad4b9e5452b01d9066a0493b50
SHA512 dfed3fcd813f6b48ee50f3c0c0a6b1c401cbb85534490db6607cf8a075380915fe19f99d58dd7fa916702f927bc2acbd88b393e9db34214bd3c29c9c7e58341d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\wasm_lib.wasm

MD5 7612f49806af38acaa081f3056ef2e1b
SHA1 4e9b8711b0be39209d22ff647ba67803886e8dec
SHA256 c0324e0e92c5dbc019e4274a0f93774c8fa7767d02a26eb74116835f57948418
SHA512 876d39369fdf7ffcf4bd3b7856735425bed85a49444b18edf010fd6bb65f79a20d8b13ad6b854015a7b4502443945a776c4741e19c7301d4d1990ab242935cb5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\wasm_feature.wasm

MD5 7b3c4f728ad69b286da8074a9ac18d48
SHA1 3cf9ad45f2ba38479d2dbcf0e534798c0f7be5ab
SHA256 13946aecf894abf712069e5ff9f3f00433a446f781a3219ff7d92c18dc334c45
SHA512 820eb8e17634553ee9e2e03760a71d33588d83c8c162cddc1176113f21e0c6220dae9798fe80004c03d0698737256070dc3c7047a0ca72e2422c7be4873b6b0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\_locales\ru\messages.json

MD5 c80006a22bf2c0969546281f72fbf243
SHA1 67a66fd234f7e79699b521b66474d788aa83b8cb
SHA256 71a4050b25eb9edbf9e487cd53decc23093770c135cd2b0d14853700545520fc
SHA512 a5ce4399ab585ebfd34828b283f07f23ae7722e47709b0cde015eb2c46e676a19a13fc2249e28572fdea891fa30cd5d58bbd58316b801b3c91c4d8e6910e483e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\site_status_typosquatting.js

MD5 dfab0021c0752ddf6d5ae64d7304a559
SHA1 f9c12b487422d1da21438eb53327d8c37e0e305f
SHA256 2cd6f39bf364a97b8f086dc4a726c52f93f16c7e3785f3b4b57b9bf3ee93b760
SHA512 9ade7a5b37dcc13357fb800490acc08f25293a14c2f59e40dc7c0890cad90358cb7fd36c73f5d0c1b55c8e122b3553352bfef51b8f3484436597c00918a2da1f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\site_status_site_report.js

MD5 ff52015e993448ac26972885495946f7
SHA1 bf8987910346a0a9754fb78772fdd4233008b7e1
SHA256 dff593f633fbc39316e604d2c0032f2875c0265626c1a60ce62dfab9e22e4d98
SHA512 c139b2926bae4e5a23663ddfc494c55807a60245e93bb443df6f5fe8780fe276c009c710334535c2ee33ea0a76e87176b561a4a3cbc0663ff465eb7ae4d09da2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\site_status_block_page.js

MD5 b68b22728431f16d95c1362232117c92
SHA1 c07bfe695be462971a3e7f5a5ed0750d3ee72530
SHA256 cc284fd50fec97c8d2c4270c91ef35b019450c98daa46d90a4cd893355204c71
SHA512 ab2a773f90e8e79de56db00ea6a4709ad7866ca7bfb4a0b94dde454d82a922ade9e0d343046db4fbc0ca6d49d172600d59fb3bff38391f050dd2b030cd187087

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\page_banner_mb.js

MD5 a1eedc7e0a667473283610fbd3ec0c39
SHA1 d075652511ce4ef152224deed7f06f9df3b832bb
SHA256 daf9f9d32306f695953ccc8462693897d892bdb018b9b20402b7838ecfb09a39
SHA512 badd2bd340c4b0c982b1425e9bdd15c49c489e3ca1a1011484965ce2a10bb2ef4ae55085f22351f6fc9050cad73e1aeb24a24ed5ce751aaad3950f3a3eed74b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\manifest.json

MD5 10251313f96373f91b1377522598be3e
SHA1 d9a865dd4ee17d405f7455eefe12941db1598cf0
SHA256 7de0e004be0bfd5bf5a8d14697e80d797f5b45153ca3a98a1bc303f26faf8b75
SHA512 e075137399daea74f201f10fdccb73a4877e2d80ed32c2044aea937621445ba6afa789c427d92606f359f356363f0222653e71b029de82733913f61730bec1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\iframe_block_page.js

MD5 caa59401fd4cf428f16cca0734ea567b
SHA1 c1dacece2b62b40cbfe9be213858924f0515a44b
SHA256 005f69129394c010facbe81ebfa59598f7e844d2f7e173965a7f99c31d29a79c
SHA512 731f8b89b651bb0a7257fdf45106b0e9ae6bb5bede0e65bc42f641de1d76a509f1a5945009c7e0f4c4163f6b2367366c1712c64b8a4dfb8fd9a5a0314bbbb05f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\how_it_works.js

MD5 dc04e05ec7ec2cb375a2300f3125408a
SHA1 a12e12e024030cb166351c2ec511d6941660debb
SHA256 0c4b22d571ffb9e21c5aa3e6a41f13c1c4c05410419f997af70d8774c95c252b
SHA512 9bd13f1de9dba2aca795ea737c0678925f471f99a4d378f005099827d6f5e1e45f78bf3cc468fd6875199c151532523ccf6cbb309bc2cacd93ada99261b04378

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\background.js

MD5 19497daf44e10ee5312ba7e5a52e5592
SHA1 e9e8fcdc06584597b033167f8a8217a3ef6c7827
SHA256 8d35365549843cc3ca5f838c0d7be808bb790346471762d3b14258835a00757c
SHA512 dc498af261d4a04e96cf4d268ca3d3d0c3d96085aa3027f5574cc3fa6ccca1c3dbef6dbdc9dfb99ec7e684e016aebb2d25dad3a9f38d4aa9898136ed3f76215c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_124551619\CRX_INSTALL\activate_banner_mb.js

MD5 bb4b6691a984eaad33cd4d948ac9c876
SHA1 2ea8aa1aff226df8df47b498162858e70902c61f
SHA256 56e6ec6fd0f7c58308f985cd25114b9bc710c3f08f25f32d02618ce2055fda7e
SHA512 d9257d7eb860671c85b7a019ac0357dcdb134056dfa618c33139017691d045fa7362e4bf9c02fd3049c7c7c3f8a8fc0165030503934111f5c14a8c53de301e8f

C:\ProgramData\McAfee\WebAdvisor\ServiceHost.exe\log_00200057003F001D0006.txt

MD5 33149af8ba6874c44706375b7da16b7d
SHA1 7404c3671a5f4acae43b2fb3e11b0549aace4647
SHA256 dc9ea042f75a754b18055341799c84a49739cc54676cfe61491d1341833dc8bc
SHA512 add6c7931ca1fe5e2fb6c36cf27688c105b69f2f248d9a410f674aa6c0667df083c44184c3c620da53f4ddd9bea3a3d8b191e775d27cd56df10b7a4b9b62cbc1

C:\Users\Admin\AppData\Local\Temp\scoped_dir3584_372578608\CRX_INSTALL\images\browser_action\green_32.png

MD5 a646de09c67221f0b5635b208852fa43
SHA1 4dd709d378ec9e3b7b88d3400c7c0d159dd7a46e
SHA256 0337efdfd486d0877b3eae8a9c251e8c56c1e6787f48a412ad4b32504a46e1d5
SHA512 cced6b598b00ca4bb968234b8b08ad40fd2f8ea075a76ef6b14644f48b012ff7f95eda4317e1827bfd5517eb70cda95dcd40c0b110a28739a3e166d7ddbfcec8

C:\Users\Admin\AppData\Local\Temp\scoped_dir3584_372578608\CRX_INSTALL\images\browser_action\green_20.png

MD5 d498609be39540e6b441da31c3de20af
SHA1 1780747374c57bf886b33e957d561ae2367ee09c
SHA256 8526ea04f38e5632fb77272d9b03c0ba6bc4baa7fa25fef8adae81769e87f078
SHA512 74b567d12a49e3e984b2801eec23cd12c26383ffdaaba56b2971288e2e9d7da29fc94bc35eb12c8e00795d599ecc81154c606e9e5acac883f5e474e2fef7454e

C:\Users\Admin\AppData\Local\Temp\scoped_dir3584_372578608\CRX_INSTALL\images\browser_action\green_16.png

MD5 916575e87ca461fde65edc2dcccb0134
SHA1 bd0a7d65b1511b0124ad926b51dd2c98d47d1f5f
SHA256 073a0ce56d034c829b3c09102dbf50b4a9760118a3a49a5885fdb44abf36a58e
SHA512 99dab1542909ffd3c0fb81dc68f9563dc1be20bfa1e3fd1c96e63261ea2b40a5bc814281de42d17a5924f20de8d1ab97cf1c55eca676416e4cb5421229475efd

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

MD5 752a1f26b18748311b691c7d8fc20633
SHA1 c1f8e83eebc1cc1e9b88c773338eb09ff82ab862
SHA256 111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131
SHA512 a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

MD5 7ae2ff1050457cea5cdf52c6c715ace0
SHA1 4107e82eeb985d0dfa96066b8ebf728c13656c77
SHA256 894ae031a7d41ccaf8a9fa2fb5cdff1eb82290b6d5299a5a7e50f424aab0303c
SHA512 e3ff4f472bfc777014bccbabe684246e20969c630a3d4b91a1a0bc17a19732f4ea079814f63843e70703a9dafb6e01e5fa93788707adbf9a695ddc36058ad284

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

MD5 11e792ef30a930f99ffa1b60df900726
SHA1 e6da325d7fdf1a606bab978485a61e9b016bc6b8
SHA256 a2aa8b06ef173039dba708df02faa5ae756046948b4275c66a8fdcf4310d06af
SHA512 4c17435ce6eccb5f47f0dc5d476fb972b1b002f5a691c772acd2999ec51596e8dd3f577341944faed51693641df36ea850c4b7f620b79583b5607fa160322caf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 ba09f34a5d69f718cf6d932cb37d732f
SHA1 ff301d93ffa3094b846daf08088ba0328409c4c6
SHA256 030b2949d21adb41512b4a1cc32d3ca593de9e388ad5d323b7f28757a07ec392
SHA512 337889c9962d3a01e6860621a57130a375910d1aa8ea6cb85ab610c2e575525d79618d49b148c5e84ac2d030712cfcc93d24455fbc89b975362dd07eee1886f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 23da8c216a7633c78c347cc80603cd99
SHA1 a378873c9d3484e0c57c1cb6c6895f34fee0ea61
SHA256 03dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3
SHA512 d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17

C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll

MD5 b001f88504c8c9973e9a3b4dc03e6d1a
SHA1 a54b3046a70a4f2c792ad6a382b637b599f1dc48
SHA256 8ee4cbed114a588e934b5043f95c9c06f40468c2300fa0d1d938d16c1d46a8fd
SHA512 390e53be657fc35fb2e9f41b76b3b07c161a860d72445a4b1425ca973a6d8c0f32f6de6844719c6e9813e8d949ab65263642dea01c800a00285bd45595bed4d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e4bf11ed97b6b312e938ca216cf30e
SHA1 ff6b0b475e552dc08a2c81c9eb9230821d3c8290
SHA256 296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad
SHA512 ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5d235ce7552e3ff0ea0a0259b486931b
SHA1 202ec510b634ad1d13bff1927449ed8a1c71514f
SHA256 d9245d7fb2e980b14bd9b12ae694a409fa4bfa9d99e7311ac20db9461cc3a6f4
SHA512 2c452fb6274ca7703724b27b401334b50855f431fbadacb19718d85ab86fe869e02c9ce24c83547a66fd30815286fafd7dcb74aa73bf73a18658de926ed85fe9

F:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk

MD5 4d592fd525e977bf3d832cdb1482faa0
SHA1 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef
SHA256 f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6
SHA512 afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6bcaf36bf5e28f9f4fcfe79f40174d88
SHA1 92653073d5d284dc02df03447272fbf43a2e28b1
SHA256 68bee2ccca9bc93069113f773457abc7a85990a9bb48f9ca2f66880b102939b5
SHA512 5612b8cf2f7709100879377bf9d9fe3730f0473e6bae265b801b67605820f71cd1cd8f205fb3ab4a7e0ae6c50c17c9131963b512ec128e5445e90d7af3485d7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1036129f69cf68f6ef11c978abe2668f
SHA1 49ba8d0688d50fd6cbd41c799055cf25a6d3d7ec
SHA256 9f677d8456b0b5ce8b9394abfa07e20d16bd6ae657b36986907ebb7d3aeb3d68
SHA512 d95a7bfe154abf8b13db89fd1ea29423fa1cf8411bb76448b61264ae628e0cee2f65560c4e22b812406908e6410acb27a47d100463d208010881828ea086ac35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 a3b4e70a7580a08bd5f7e8d1a9dac97b
SHA1 b6105b77c20e9a99dc1771bce08bb1be98337fad
SHA256 17d95c2f150d6ba6ffb32f375604210203e95f0fe777d936fa993275f019dc36
SHA512 ac9e4f737389b881dfb21d75b4a8d16fcfd4cf3b3e75a992996f5f0a97f87c2145833dcc976b4ff5f263a408e9801279addb160a07b7d3d5335f2742a7718e77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

MD5 05e9679509b61424a07cc4d4efb7247f
SHA1 db4fcfac1d89c7e4f0bdbea9023034b64a9dbd81
SHA256 31798b2630a882be758010dfa51b12026c8fd81f0e4068b38fd739cac78cba0b
SHA512 1cbe7343e19b41f3f116a93d598d7b67779d29c6bc0a7b086d112dfcc76fee60811290b67b5d2561751700be483f6cd460b9b4c8325397813314ba064e4c2208

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

MD5 900e79f9d123f9e5c19350e37ba0a893
SHA1 88b2e2bb108d00f3a96bc19c83521e249e650511
SHA256 c3272b1a4671d2338cd724860345ef4709d130397d15aa1ed9d9da3d8b55db3a
SHA512 b24c12555e07c434a8b8ae8909342644bae735a31169c65fdd85cfbcbab5c49e13e3a065f02c09cfd7e49def243da8fb4383b625699bbb00138b0e019d2a8760

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2a9ad6275330ba83d7f883d6b1007ab5
SHA1 d63ad041fc3df2f73214ee0d75d3dcbd1eacc3a0
SHA256 4eb94177bd2af21a9150faf6dc07cdb753adf25bfd41a7694e46abb6f00c52c5
SHA512 5fb9cc66d58acc722c384be677f5be1a7877375103aeb1f70f10294cacf6fb9bb73cdf1cf27caf56243b6abb66f1daafb5f0ecccf88ca3a1d39f54d24978f29a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

MD5 c99a6d99b8fe6b4737b211b497848564
SHA1 fd44f4edada95fc7136904147e23ea9fd2f63f74
SHA256 9d142e74424c3c33d63812acd9e20a6c8be5bb0a7302af20141f4951c92cac6e
SHA512 811f5d9008aea96d6634477d93d736cab1f093b4f56789cd12bf6bb8a7f2e6b14ba11b8ac73ab7f85907382df0fe14a639a68f026f7602059d2e5a5514b92de8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

MD5 cfa2ab4f9278c82c01d2320d480258fe
SHA1 ba1468b2006b74fe48be560d3e87f181e8d8ba77
SHA256 d64d90cc9fa9be071a5e067a068d8afda2819b6e9926560dd0f8c2aaabeca22e
SHA512 4016e27b20442a84ea9550501eded854f84c632eeced46b594bcd4fc388de8e6a3fbfe3c1c4dbd05f870a2379034893bfd6fd73ac39ef4a85cbf280ab8d44979

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

MD5 8a42ba5472aa4afa3d3ac12f31d47408
SHA1 2add574424ac47c1e83b0b7fae5d040c46ac38a7
SHA256 759bfec59bce5ddea7751b7f93408074a8c27cb2c387b08b6b9f4aa111266ec4
SHA512 3e1081a6e1c29f6dae28ab997c551a6d107d4f4b7e0981a19ba81a30a4e420dee1791321dca8f4b500c9e7e4a41c5e5c75013a72e5a5cde3f7e6c50393eb10b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

MD5 d453eca18d366c4054d2efd57717cf9d
SHA1 c7b0dfc73bb89d8f0a94e2cde0eeba2b5e07d5c4
SHA256 be8f4fac2d40747a0adaecc6f1befe81b254a2b12bf25ce01d7194b374a457fc
SHA512 a6f770c9e4058e8c17f3f72a245f76075441e07507ef05d455108e1768ca2a93f851b92335b33c1de61cf941cf135b0be4698d3d551b54132b2d5c882fd34835

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9e5173fffb0de61d878dfcaa1105b931
SHA1 a8bea2eb658e8f8ccf1643976c2f25d2b0317d89
SHA256 5e8e514f6bc935c280e61dfffd5a4dc7872933085af405a4ba1f6731458c82e0
SHA512 847a47999c833c7f93343f20a94a5b0760689c5bf47be9487518772ee8885c780510e6c9651fff61ae4f7ad98d827ff19d562ae96b6311b9c5dd432d9d9d9285

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ff95592a91fb907b33bc0ad6f889e9f3
SHA1 f26e3b3b01b6b4865a8ffbdea60bb9d62ad3a481
SHA256 fb5d21f71fda1c11caece78d3abe23e44ae11d5b0874057f70e9a0b727c98d18
SHA512 eef10b4b4a794570f0ae0684fcfdf48620f2b7ee28da4b1a8d909dfbc90ec1642978cde26063ff08516e3282c39dfaecd149a9843b2a6f2ea02fbae71ac6d3b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

MD5 2335c53afb1602527663457cc9c69410
SHA1 8f5fc5d6c267d93a855106d908eb3e29c6b77d11
SHA256 9eace0b1569f237f159f7f0a949ba8c435b994331aea1f5c7f73c88d2383da89
SHA512 fb5c29cc151f75126a610aa2b81f05f0cc74ae3a115846ae3e0ea2ce5d233b48c3807868ea9043945de64107af790931fd44938ba28e8ceb90c0d549b0834984

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3c5f6d872c52da3733eeb7fae6d13e1a
SHA1 5770778690e9eb2540194b6ec796faa64181be42
SHA256 a52005a2b96d83db3e2250689fb4d657876e40027687a5bdc43557b8fec999b9
SHA512 1325e3a9eab60aed6ae372922fc3fd8fb0880ad743be1c882a12e6f0bed9d35706e386e7093ac582b7c9e8b8e68e696b8a826f94ad11e0f454f510fd6f92bf10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe642d89.TMP

MD5 9fa924d000a26e688bb59998e29b1492
SHA1 48e6e4e3d1c44c5fbeb60c3f9351bdcc5e6ecd1e
SHA256 29690248ac5b0b477939ef1f4548093e2c1679fb3bbbc460a55a6af3f399af1e
SHA512 cec4a6a95322d0f9cec2c209f600ec47969f3fc82f066b3653b9829622f7867430d75b7d36f6e8642db87fb3a2fe01c60925d0c18cbcef8a2a5b53956828b3e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5b2efcc7900efc1d31f6df2312cebd3f
SHA1 8bbef577061038ee658f0b5d66ff8517663c7ccd
SHA256 165ee5654875ae3db761733a71876f42d7670760800c8d4afd4492702e5febed
SHA512 0ade328f1e5d00167ff6bca9550fe4bb6bde68709ee551662648c16dbdaaa62601ad0b4e91f710a177093bc60f538531e56d0bd4963d0a3c916c786a5ca24dd6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b78f932bb3021984bb272426bf6b65d3
SHA1 c71b89812094eb1f6feca931952b776610d824c5
SHA256 a9bb87f36c189bc0241026b0232c6d462cb229596158368149d2eca7a0ff187d
SHA512 09016d74190a08ce6ed773ed7c6aab9a47b435328670f7b935efa0c25178db6743fd60e3a2d71ebb5cbc66debe97026de55901eaacfda3f9ce07cc86908cba70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 66fece35208ceefefa152e6679142254
SHA1 d6c3f6a1de0b604460ffd4136ebb4c2d3b1c354a
SHA256 271202b03489950d6e415aaea097ac902ea989d3edf743976486a88ceb15f1b0
SHA512 6c1004ed2118462856674ed064bc39283fb09177578f980a60af3820e24c8c601650245dc38460214ef786d1d1cd7792b5d8e16f6b18adbc696bf64e4c8c89e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e4460924655dbf9b3d0bfe8da198f6b9
SHA1 1ceffdb7b898bfe678c91ddd0bf162c353b57f78
SHA256 3079618bd9946879c5e5f0da82d1985044d58d4e2dcbc7e18c83ef77a5ed3745
SHA512 056d9093fa3a12d853121dd3eb1b46dd7a4cf60226fb248fee78470a57f5abefbb742fc979e3b11abd1de37be637af3a50b10f6fb1e29bfeadbc0c8ad7552871

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ae20bd3151a01cb49d7c10c10a9ebacd
SHA1 44df175204162a028a6f94ee475aafc278551a2b
SHA256 8e7cbe72a041f0f467ef887f03b15736d38ab51546904ec0a265d354a4dd25a4
SHA512 42a91e24b899cbe7d2f088093574daa2cbc6a5a403ad403b7b95ed1ea94cfb7deed511ceeaa2e266d32ed2178b610a2182a05050988d57661356558353d81449

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 82b3e4912b4971f082891acd4e59e87e
SHA1 cc48a9d39eef3cbaa949b47d2b997b18d8747c2f
SHA256 fac7b779598252d34a3d812bf3d1c798241bd7641e83f20bc65bdafd6d15a96f
SHA512 0d9d4cfb78ada4dfaf49c68b560a3e1630cb4d1e5e76ae4365e30e0132320eb3d300cdd149471fda88f4c887fe0320e35cacf14bfa024ed815108eb1745f2ba6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1b4bd132763829b3b6f4e6707ca6b834
SHA1 988cf2eaf5ff64112b4713fee2b2b29df890299f
SHA256 0a8285c47c0f84d68c06dc335619e3d517eded8b6eafc7ee52d1a52d479b2e80
SHA512 2d3fcd5cad132fb53a93d7f74570d92f4fe9d0c693a338d782e760d60d7a5596537e5fc11cfff4cd911b7a2772fb775dd7a12b61ee88be6833fa7b40dea984a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 10449856bf7f6edfd6af4f47e10ed182
SHA1 02313cbd95d33eda64880327f823a31462af2ed3
SHA256 91c244414db02ca4816a8f85a92c1c152fac43eb46fc1a7240eb8bb570250bd3
SHA512 1a71c69b7b4fc2a39609503ef7430fd9f527fe85db0c9b30945131a81fa61b836e98c2e958225c367d194b4278b9a81ae18a8e383e135b3eb5aa6ebac88cc7a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 17048272f98beeab99b691ed074aebd4
SHA1 7d38f395ee410265971ce4d3f92017236ffb8dd5
SHA256 26adc4d9f64ff20c48480e39989634d082d0c65f5053b5e5e739af5341aff7a7
SHA512 e6f954dbefd6f5a8692a9867d125bea957db6b1b7eec7e73cf274d883080691780e6516c10759824e2cab884a0811d4b3bf6af1ec655d19895cc97887ab8fb9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 9f06085c0f3d17532dc1c090c8e46c89
SHA1 37d8d5ae1881f65454ffc0fc6ffa8f4c40144110
SHA256 ef04bfce6346ce03b76d77d17196ad5be36d9419bbfa2b424f43334e8f345577
SHA512 ffacc62fc6e4a5ffdbc2d6a126fe9a06394c596367f12d342ba27f228d62a32af1f8f6e0d2d1e77bd9b530310092c7edf20dac0073c3c8f6a884c3c41731cc44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe658038.TMP

MD5 267675b7afa6470962cd23c462f8ba3b
SHA1 7cdfce876b8019b345c3e10b31e692147e29541b
SHA256 cda23e94438ba0647e2a02825693da69f496446556b48ea33dec6cb7b3158819
SHA512 b712d4bcb97120551afe1288a271ddaaa24f1a9f3996e8722b0e7db67acd69587c0304f602ce86c1a1d361cd402d4b1f4abe6aaccde30ebc29777741e207c3ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f95d409303cda04f1ecf5ba2be346a9a
SHA1 eda70541fc6a926b3bdcc1cf2be1effdb286624c
SHA256 53bd6850e442ff7fb90e8e27b59ad76b53a01bf7e53869d7a8b7bca3d5c90b13
SHA512 4c671c772a8f54971b594a7be319f648c933bac0bb1f633ed7d3885fc0bfa3d96703b447258a9a6884669c74866371e3292bc641453909de9e1559243855d254

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 199abfa07d7a4b05b129e22d3612aa5e
SHA1 76d4c304b633f76226544c43d31eaa5f1bc11c94
SHA256 ab8ada10a7d8a0c817536609338e370e17c5d79c95e48309b1471320f6039c0f
SHA512 af7df632d52f2f6cb478a0c4b91718ea324d4863400d8ca18cab06224801a3deec06110c719eaf461c0625d0ba1cf3bdde45dafebd2535d9b219e7efefd1bea8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bddad9dc32685e7ec5c3faeead210fd1
SHA1 8528a663520277b907b5c932cfb03390e3caef18
SHA256 98dedd816c4e414100a3b5572a6dcb24e085511325194ec49e42919b1351debc
SHA512 c52204aa50cf3828edd74576cf86c4f98c5874565e0a17016871a9e4eec721aaa06556507bd350f3b018f1376f73c45a313989454a9f04532a1c80fc3df9a3d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0c10f134ae1128d9880aef91e7cf77ab
SHA1 054d8b3f09c7e039ac3ec4a1aa5add14ce68eb10
SHA256 b5cd408b5c50e40573f6b78ff1f374ba8b276c56485eaed4b3466f51bd6af2ad
SHA512 337a13a6776593536b7afcd2700b6873a1d58acf487f35430b96db3ea25e7fc1c148a72f2aaa215968fec6e94efb5c307bac517548ba9db28f7c400ed89049af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a6fccf2fe72c3186112959d04f2f04c4
SHA1 d7aea645014b7efca47d5af0bf708c6161c1a7d6
SHA256 37164ab1fc595caf7a82ac2430ebb065109f8b965cbadf6f4c7288523ea6ce1f
SHA512 6d5df68854a1b59937c96ac3968bfe63f4b56841b268122e85fb57ec8d79dad98c3a086507a34ea55a42f71b220c465c47c93c8155e655fd5ce5cfea42576ace

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fceba4dc078fc31cb573562374500229
SHA1 4072c715926e79cdf63cc3fc53434af4cfdebe5b
SHA256 442853e545fae74a867504f4b80527a02b1d41f2e397332a559ae170ed38213c
SHA512 89e6ed97dd87c7bcdd172f517571173c13a22c6f85096163e4f651d1c1ba2ae91390df055937aafd9a9196a28d2b418e0582897279288e8ab9a5a8a8c5747dc1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a755c198f30ec0009babe662dcc4b190
SHA1 2ce19a8f72a37bb0540cc59b25cbe0bf32c72fc3
SHA256 c8d17a178d7cce1b93fc2534117982be7c406449b97c312dffd7e6d5c9a71e44
SHA512 cd52f2fbd26515dc515c16c80578075ce747cb5e2995ec487c34cf4fb4d56097e58307f863a57c7ac651b4e4fb7388a304d6b5d9a3cdb932d510f1fe7d0082e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7c385f5f5faa74d04a46784531a29c3b
SHA1 8036e3edd67d485135456241bc05799e2033dd89
SHA256 1fcd859e43c4c116e392fe4765ed52cb20febbae87c98ab0a285eb1938ca927b
SHA512 2490b361dc1140d6f585ff189324eda84a9f8739c189930ad1c60c0d295898b777e8fe119acad799fa8529e29dade3553629d424b0cd66e6671f1a75c56dda16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bd69c9f83f72040d6270f322ccb3766f
SHA1 ac47f89e827683a5700f53d3c796f4d05bca04a0
SHA256 81b946a6c8f6d7d1fac0a8f7c6eec7cbbc67a195e2d489162679f5e7d7f90d83
SHA512 57f0bd5be0efcece986d11e72de3c45373d6e7d8b506b02eafc933309b12739663349b49956daae69679960b55c564fd57a73f6da9e80d6f77054738c739ed8b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4b5b732b94f751aedb5167ee2d2a68ad
SHA1 957c2e85f69a9f32634192490a9372a5bd35fcfe
SHA256 38891086fff8476b752cc79cb938221e5208a61b63aa8852c1b3a71134a2b777
SHA512 30d1489a0663676c9a62b15d629dfb7f6a1e203ab58b9e28ae95cecf481173e099e6dd733dac943637752d4ffd5f5a4afa6ffe8c99046f01ee607151a612e31b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 193f7eb87e036901692c15fc4a117d54
SHA1 42c4397b47e55ce59a9105d8beabc6912281711a
SHA256 ec3e07c79c04d9d106bbc3840823c49beb31fd69c2746f707a59d44575ba3b1f
SHA512 dc6ff8522878360c363850b9293697d840be556436cc32010b048c8c1e39714e5383131b5bcbe29d6134531c0bbd1d704d383c09588c59a4fe78096f16d41bc4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 75484fa34ed393153bca1ce1d599d7d5
SHA1 e1d1060a47b8d7416c211b67d9d0c731737e9d4c
SHA256 2b6b49e5e2b5e74cb8d66d994f7227a14ecf2c81c84c162f6e32796aed0fd059
SHA512 388442ac697c351c987ea7baf3a08191b73503697a22fb4bc7dfb278c73fa80fb5d5896ab86d898688a256106b0109c1932a8daeaa94d4a671122cdc7d3e5ba7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8081abee8419f1157f7e456d49d4a24e
SHA1 cb9d1e19b02d80fdb71db5e59de2bd49f41e9185
SHA256 9f4659d1799de1720b6bb244c4396a252cb7d658b8d4112c6488f0d81d2f3f99
SHA512 b5aae814cab4f55437048afe11aec5ebde30fd29bf481c616141c452847e3c0192c1672e354c3d0657c88c1d8b08305564981c7f61e1dac9b351dd843b2454d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 68e276441ecd8945ac4235cd109a867d
SHA1 8d558ea2fe961be65216444f340deae16d471888
SHA256 514168179109dbd842c7b72cf8cdac91fedc1e9b77ce3b91a160c97c877a1b9f
SHA512 e3867cc509be970fda108e36288fe985019a1a2934c06831421c28f31dff070cf38b5e161f0fa1fd1d100bb29f964158d8bdeb1b6882d7cef8aac1e8db121177

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 19a22f29598b4d664c5c34ea91908983
SHA1 488fa9a78402bf78c9120be193e31c45aac60dd4
SHA256 ea32046d8bd7a8a4e8d46cec2661acd55e0a826f6e8d5942e14e481ab4d4272d
SHA512 b81452996330b52b5f5162393f8a004f1df54a5d154f53d8fa860b904a63ace78b0a7e632c54549d25da05ae2b629793c11bb8b63272945be0af8840fab03481

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 07ad2162a08a13cd3beebf7af3482956
SHA1 2701d3f7f4bf9f1c82b29875d064f799b7e86036
SHA256 f273bfa0228a46ca9f69a2a0291af1667d35591e05cd9fe0ec0b4a9d081a7cc1
SHA512 bcfac19b10ce1361d5b3a507731134ebece4171f3d73234379cbeee918477c7f9242be542ec0752bc0b53776cb4ec256ad569c1cda5b3d80deaacdfa788b1cc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 89f252b70822ba799da64333316c9f9d
SHA1 2e1c50a0fd7897e0ef28cdf82c0bc9a6a552e79f
SHA256 442001497581299be5b10297936fb5c340d3289700eac35897d2cdd1c90cacdc
SHA512 97e7d970c8efc8a5423531cc7730d31a7e402b0c609cb3cf91b537acd58861f651b7c20cca3f5e87cdaf9b877cd79cf0b764d24fd324a6b81e39ae7170e19f89

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 422da7a3cdc5777a8894b35009f1dfec
SHA1 3de5481ff699a6328d399238bd6a125daa80802a
SHA256 5c554d1a9b588d3ca3c612808affd39a80846676270c2fd0101001ae3abfddee
SHA512 80310ba28a3bee71007ded7f56c235d95a742b70338bcb6567c07ca491bd2ed5bfd75c20fadac51d36ee6d492458b8bd3a7d88769f0ccea99b66b415be17404a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 89c1d074ef78ee1ed83c89eb5b2db3a9
SHA1 32803a6c6c53a78484d42d825a2a183bf13651c4
SHA256 b093edff1c68c4abd387c0f569cd1621f3b9fba3ca197d5624721bf33ac2b6c5
SHA512 498190504787f2f318d3ee4511af190b9bd5cafae0a7728019035e28b6b02ddd292a2fd7ec18cb833d2f97961da4018f0f486b9ed17d61fd60c29dce16b26c01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b0fa0f32e332a54766eab1af2e32bea4
SHA1 0835e42a8c97cb9fd40241ae8650856f5cfec4d9
SHA256 242d435e131fcde1177eecd6ff35cdadf02bd9907f86b4f722a9af1cc21bd9c8
SHA512 47bf8693416ceefe8546f81ef305587731cbde4d64876ce078979ca05abe6991b1b47e54e61453591134293d3520f955c2c81a17b51df38aa68f648588d01805

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 daf8ed8ac453df4cc0bbe085ae2e5490
SHA1 38a8e77a16af9f8e58c1b6802c14c308aa72273d
SHA256 aa43974cb208ba7574095c78e0b0eb70f926c9492b780d2cac756ed5bc48643c
SHA512 8a24a0c13c4611e691b35e81568ec4b3e4cdb19dc12b41e5300009a785471cc7354ffe8554c998e5467a62f41b9826ad4696e5fac95cdb462223ad3d99c4558d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 62cd404548a8f73b66e0d78622b8d6ac
SHA1 b8a6c81fe904f04aec8d2a1562bde990fb1ab613
SHA256 6ce90ba16c5712d75965fc3681c254925dc38551fcbb820454d06c644d04ec6b
SHA512 f14ba04bb8aa1157ce3a339d1773da1c217757ccf95f2de0d9a959384b85079c826bf34fb815595014cf6bed9fc8efada06bee3b35dd7918e4a315fe04dd529a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1d53375419d23fa30b4baf37a352fe6f
SHA1 5b7cea04719e3cd924abf911172c9640580402d1
SHA256 4599c088b6761ddcf2a64fddb331033e8496a77b475c018f164df77a0b35d7f4
SHA512 ba97fefd76285d4fd510fe94ef77dcc22540fd874d2c09408c439ccfb0a2965fc094f99e36fa40b87b55a7bac4b31a946a24f7ce91ad8014fb47da6f4102f0d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9f8cd908723aab878e74bf41dd534ce5
SHA1 5daf832a68e7345a677cd21c938f0faeaf887e37
SHA256 eb117c9cab1d549abf213137d61b3a5270f5ff556921d21fa196de999e88d307
SHA512 0f4e614098d385c778fe9acd385ac97a9a500e37c47396d3f07551143e7628f98904db3fa95cd41e861e8fbff05684e3ace19e5332b8d8dd5cfc2e671ce8ec18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 757c38e6e8a9e7ebebdeb2d16908d195
SHA1 9b8f06371467c78c08627893808422b69af24726
SHA256 441fa72f40073cead3ec557322f14e8397ea04d5542f9a760b75dd98dafa0cac
SHA512 53ad08dec023fd660317781a3b5ae05c5971247e56fe0bc5f994f41c2d50945cb7f424e6d138052c0e9232ad2d0bea7acc05239f7f3cd16b448dcd729441a8d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2023744f967cdf46a47ea45103cd9ff0
SHA1 edf7b712dc6f87785af1e3b4f9e1a744a63a9f56
SHA256 b78284a9d987cae3ab45181d966d0b397636affdda016f92a5beefd657af1272
SHA512 41c76f218ee516c800fd4ebe10f80a990483d6e69aab6b5a501f668a9e5f140511ab48a1d2e99e550923ad23a1aaf3cd670d41da91e40488c072de322c3fddb8

C:\ProgramData\McAfee\WebAdvisor\updater.exe\log_00200057003F001D0006.txt

MD5 a0e089b4b489ebdf7823b92b8babebf7
SHA1 b47700fdaea42ce4da3ca6c367aff178a17650ba
SHA256 d6d0c506affa394e7374ae9e3c9ffa17aa0b9153f296c57583314776c4f2f2d3
SHA512 cb338b4c76e31e72ce4082ccc1f7339529a39217a88f39aa030d4214be12a7774b0fd91a0ae82880b9c27b97626bd99ab2b3c1e7a2bc31efa098fbeb42df121c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f55d9957cba0b3b5f82d8df5a5f38560
SHA1 762626eb358a0748d4dcf0e5752d7e5d7cfbe596
SHA256 769b1c2fac8d902f691ca57ea3fb06d1586dae2670bf61218d8021b51a0707f2
SHA512 03998815dab046e085853b24353228c4e989faddb320c6a4ada416b0d068e625b35d4bd8c97f5da417f2823b41ee3833132b781730d42b0311a6963bda82f148

memory/5720-16078-0x000001A76D560000-0x000001A76D568000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0C2C6FA2\450ec0a2-ae46-4076-ad83-ad20203bbf4d\UnifiedStub-installer.exe\assembly\dl3\337f3954\472cb6d4_c0ccda01\rsTime.DLL

MD5 b61f9701f92bab290bcc2f4a815d50fe
SHA1 e3d60442c7d35baee6ce4827f7bd8babdd654dea
SHA256 8132b936e29ccddb7a50e1a853de60acf27759f50241dfb4822d22bde75e8913
SHA512 a3f261607ca5d08301371dfc2a45976845491b4e029da88af0ccaa1dacb49a07548395d5b4d1f61b140d9a60cc5a1cd1408721f888e0bc5042197addac051d37

memory/4108-16086-0x0000021D48A20000-0x0000021D48A7C000-memory.dmp

memory/4108-16087-0x0000021D48F20000-0x0000021D48F7A000-memory.dmp

memory/4108-16088-0x0000021D48F80000-0x0000021D48FA8000-memory.dmp

memory/4108-16091-0x0000021D48A20000-0x0000021D48A7C000-memory.dmp

memory/4108-16101-0x0000021D62F70000-0x0000021D62FA2000-memory.dmp

memory/4108-16102-0x0000021D636E0000-0x0000021D63CF8000-memory.dmp

C:\Program Files\ReasonLabs\EPP\rsEngineSvc.InstallLog

MD5 705ace5df076489bde34bd8f44c09901
SHA1 b867f35786f09405c324b6bf692e479ffecdfa9c
SHA256 f05a09811f6377d1341e9b41c63aa7b84a5c246055c43b0be09723bf29480950
SHA512 1f490f09b7d21075e8cdf2fe16f232a98428bef5c487badf4891647053ffef02987517cd41dddbdc998bef9f2b0ddd33a3f3d2850b7b99ae7a4b3c115b0eeff7

memory/4108-16130-0x0000021D63F60000-0x0000021D641BE000-memory.dmp

memory/1892-16136-0x000002514E450000-0x000002514E480000-memory.dmp

memory/1892-16137-0x0000025166F90000-0x0000025166FF0000-memory.dmp

memory/2108-16258-0x0000024183F00000-0x0000024183F28000-memory.dmp

memory/2108-16259-0x000002419E6B0000-0x000002419E844000-memory.dmp

memory/1892-16260-0x000002514E480000-0x000002514E4A6000-memory.dmp

memory/1892-16261-0x0000025166D90000-0x0000025166DB8000-memory.dmp

memory/2108-16263-0x0000024183F00000-0x0000024183F28000-memory.dmp

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog

MD5 1068bade1997666697dc1bd5b3481755
SHA1 4e530b9b09d01240d6800714640f45f8ec87a343
SHA256 3e9b9f8ed00c5197cb2c251eb0943013f58dca44e6219a1f9767d596b4aa2a51
SHA512 35dfd91771fd7930889ff466b45731404066c280c94494e1d51127cc60b342c638f333caa901429ad812e7ccee7530af15057e871ed5f1d3730454836337b329

memory/1892-16262-0x0000025167370000-0x00000251673A8000-memory.dmp

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallLog

MD5 6895e7ce1a11e92604b53b2f6503564e
SHA1 6a69c00679d2afdaf56fe50d50d6036ccb1e570f
SHA256 3c609771f2c736a7ce540fec633886378426f30f0ef4b51c20b57d46e201f177
SHA512 314d74972ef00635edfc82406b4514d7806e26cec36da9b617036df0e0c2448a9250b0239af33129e11a9a49455aab00407619ba56ea808b4539549fd86715a2

memory/1892-16289-0x0000025167480000-0x0000025167506000-memory.dmp

memory/1892-16286-0x00000251673B0000-0x00000251673E2000-memory.dmp

C:\Program Files\ReasonLabs\EDR\rsEDRSvc.InstallState

MD5 362ce475f5d1e84641bad999c16727a0
SHA1 6b613c73acb58d259c6379bd820cca6f785cc812
SHA256 1f78f1056761c6ebd8965ed2c06295bafa704b253aff56c492b93151ab642899
SHA512 7630e1629cf4abecd9d3ddea58227b232d5c775cb480967762a6a6466be872e1d57123b08a6179fe1cfbc09403117d0f81bc13724f259a1d25c1325f1eac645b

memory/1892-16291-0x0000025166DC0000-0x0000025166DE6000-memory.dmp

memory/11164-16294-0x00000209772D0000-0x00000209775C0000-memory.dmp

memory/1892-16296-0x0000025167510000-0x000002516753E000-memory.dmp

memory/11164-16295-0x000002095E420000-0x000002095E44E000-memory.dmp

memory/1892-16297-0x0000025167830000-0x000002516788E000-memory.dmp

memory/1892-16311-0x0000025167890000-0x0000025167BFC000-memory.dmp

memory/11164-16310-0x0000020976D80000-0x0000020976DB8000-memory.dmp

memory/1892-16318-0x0000025167430000-0x000002516747F000-memory.dmp

memory/1892-16319-0x0000025167E90000-0x0000025168116000-memory.dmp

memory/1892-16322-0x0000025167C70000-0x0000025167CD6000-memory.dmp

memory/1892-16323-0x0000025167C00000-0x0000025167C3A000-memory.dmp

memory/1892-16324-0x0000025167580000-0x00000251675A6000-memory.dmp

memory/1892-16325-0x0000025167CE0000-0x0000025167D08000-memory.dmp

memory/11164-16376-0x0000020977190000-0x00000209771EE000-memory.dmp

memory/1892-16377-0x0000025167D90000-0x0000025167DC4000-memory.dmp

memory/1892-16378-0x0000025167D10000-0x0000025167D3A000-memory.dmp

memory/11164-16379-0x00000209777C0000-0x00000209777D6000-memory.dmp

memory/11164-16380-0x0000020977800000-0x000002097780A000-memory.dmp

C:\ProgramData\ReasonLabs\EPP\SignaturesYF.dat.tmp

MD5 d13bddae18c3ee69e044ccf845e92116
SHA1 31129f1e8074a4259f38641d4f74f02ca980ec60
SHA256 1fac07374505f68520aa60852e3a3a656449fceacb7476df7414c73f394ad9e0
SHA512 70b2b752c2a61dcf52f0aadcd0ab0fdf4d06dc140aee6520a8c9d428379deb9fdcc101140c37029d2bac65a6cfcf5ed4216db45e4a162acbc7c8c8b666cd15dd

C:\ProgramData\ReasonLabs\EPP\SignaturesYFS.dat.tmp

MD5 10a8f2f82452e5aaf2484d7230ec5758
SHA1 1bf814ddace7c3915547c2085f14e361bbd91959
SHA256 97bffb5fc024494f5b4ad1e50fdb8fad37559c05e5d177107895de0a1741b50b
SHA512 6df8953699e8f5ccff900074fd302d5eb7cad9a55d257ac1ef2cb3b60ba1c54afe74aee62dc4b06b3f6edf14617c2d236749357c5e80c5a13d4f9afcb4efa097

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.31.8\Cache\Cache_Data\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.31.8\Cache\Cache_Data\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.31.8\Cache\Cache_Data\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_614737917\CRX_INSTALL\assets\fonts\segoe-ui.woff

MD5 9a2931180d6b1dc7b33052657eef554b
SHA1 77b8f3cb5410c779206782a310990c19af2b02ca
SHA256 f424915a692bc5a458d6e7d9c99e4fe0cf5cb8883bd3516b01d4fef5da8d3663
SHA512 e839eb6fa727c6a604da142e7c823c5d8b7d8e33b3d19937da7bc1948c32893b08f0ace35c020e391ab0a9694b479b28282024c3518dac995eb87fd7aa18c631

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_614737917\CRX_INSTALL\assets\fonts\segoe-ui-bold.woff

MD5 52382539737f4e9913e4bf6b9966bee3
SHA1 d58d3dc5ff86fe8ff594134df53ea9b8074f6bc6
SHA256 d711a54cb4822ccf7926b1a95b7a43107fcfe8ef99a817e6906a1063657c7b28
SHA512 55f1767cfb589eca775f2849b975d8311295951f8e457be58de34983531961ce4fada3a856daed8d7cd712bd8b5fad53ceecf438949deaafb7d5cb87114ecb4d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_614737917\CRX_INSTALL\assets\fonts\noto-sans-semibold.ttf

MD5 dfad8b708bc7b6911ed49a6f35680b10
SHA1 44bd4f1602342642f6bbfc019cca65852d9f3ee0
SHA256 6a27c11bf011fbe565c4d5be9ab49d8535c7cfefeb3aa44dad5d1339f68aad1b
SHA512 0ee222bb6dd7882ec802fb21193ec49e814014f0ece7303c16c2fe24f94735f8d420fba59c9cd689748e89519880b723dfcbd4bbc635d2b89261cc336498e1a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_614737917\CRX_INSTALL\assets\fonts\noto-sans-regular.woff

MD5 0a66f097fb9215e828bc0ada73d19e45
SHA1 f962197011fa900ec29b4bd14f624a3309854626
SHA256 8e5f3060067847d71c398a897b8f8aecadbacadec3324b41d6eec5b3014fed89
SHA512 060d79916429b617f950a86ef6783198ceb844f26e65b7d26fd667a37c577c5913ba4ef183d2ca0e7f46b3d6e13c128a5bf8c4ae7e0f543c53c051bf13a92fd4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_614737917\CRX_INSTALL\assets\fonts\noto-sans-medium.ttf

MD5 09dc02dbe8133545806d275a2fec2ca7
SHA1 f85d0a08f987df19288a61f18a22519ce0551c3e
SHA256 9d0511ca54de389e3ef4e8a8accdd94e6fdf73eb144f7bba2017e55924092822
SHA512 afd4ad23eaee89cdf729c8645f3d51ead449d8f9fa943a0158270857141d40c8619e3da98163b17770c09c0409536cd60c367736938645e119e60a11ea93dd53

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_614737917\CRX_INSTALL\assets\fonts\noto-sans-bold.woff

MD5 a65fc7725f81daa832e2ac5d4820c2b1
SHA1 a5602a3cb911cdb6ed538c22f451763d884092f0
SHA256 5adee3972bb1a6f74b582f79a5d3b4735e665c00b2e49938a4fb68755e56d9df
SHA512 f8b07d9d46733c8820cf2466a14203710f10ceba789f80fb700b00ff950e5c1f30fb035939911e4d1a4e7ab92f37ce8f6fb47f5d9ab58f5eb5031804e4ad96a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_614737917\CRX_INSTALL\assets\icons\icon-upgrade.png

MD5 8f0dbfccb36007d663b552bb84db01d5
SHA1 709b15810f26fe075d1037b7d90e196f4471d574
SHA256 07b43077658e1bbc63ac5c7431fd1940f74e8231a532a055de9e2fa0ae79b0be
SHA512 064962f997821ab44b523dc6a7524b6ff21352d90fb9e13281a72ad4d09d3431173d96c71277c92cae023f91d435700169113f14171446d52e65e48b1a44f719

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_614737917\CRX_INSTALL\assets\icons\icon-threat.png

MD5 02e2204d82355dd71f3e9a493087ab40
SHA1 dd3e5c7ba4d4f7d4784bb040718ced43b0ec6d57
SHA256 d6c4b23336f9539c8dfb12a44282aebe1c052a8bd2a808587c08b01809a755cf
SHA512 035814b7e5ecee257c897e4ce0aee38839760eba0b745df3258e2544429e3ba0a351eed5596ac6125b2c3ab13aafb8d3b97383c2fadb56ed315d7a0b7dd92a54

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_614737917\CRX_INSTALL\assets\icons\icon-34.png

MD5 15b14e66c46e0a83449fea81f4d0e59c
SHA1 c3512dc47f25eb700e21a04f0925aa9d6996f08f
SHA256 10a9008f1b5e61a13f2fc225e9444f17a30036f76855826ff0f881de880db15e
SHA512 c0296a9252e9ea8336a28a73fdeb6d90a3fbd13cb5699f9b90e8b2e3858f041509e8886d056b402c5444e9b36a5950fdb8dc93dd46c15a79d84e1e579b5cd887

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_614737917\CRX_INSTALL\assets\icons\icon-128.png

MD5 a3c4a97b3abf5c40532df4c73b6a0aed
SHA1 487bcc26a31f4545cada98e13532510784f3d9e4
SHA256 dc9ab4985526d23074e9cf2ee176e68dd7a5cd282c147df32733da083b7ce8a6
SHA512 71c82630413b7d9e8f2541bb036b1884c2e88ba5abee2e6abf79744951f1f2e65f7a3d82fb59c274ad7f02b3e49ee5fa2f20973410db3cc2ca92e6bb3dd42fbf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_614737917\CRX_INSTALL\assets\images\logo_with_name.svg

MD5 7077be1629422619bbe5057dea2afcf6
SHA1 dccf730b9bd0ba9fb7c505f350aa2428457bc952
SHA256 0d28843ed45447345a2437b02ac99a6426de73143015d70bf2eb43ccd4fc75fa
SHA512 48da879c4223098c02814106279abcd6e5cd4a4379baf4cfeffa2fa7a961c4d8791ce10bb79a6643c1fc63d9b57e969f4fa2e5a2dc47e2ac60a1970b2f67f24f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_614737917\CRX_INSTALL\assets\images\logo-white.svg

MD5 716872be17ae1eabffaafacfb8c0d518
SHA1 f2dd6d573d2fefe6ee189dafebc829098e6c973c
SHA256 824842f23358a42597e09fcc04efadd083e1bbfd6a75a863fabc413713013cf1
SHA512 a54c370a019f85be810337c5550392cd55c6c208b8ce71156c670cd6d5a62c6708f9c4a2d7370c76b0bff3c4dbdf2f99df3dca043084d3d1b552011f0688de40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_614737917\CRX_INSTALL\assets\images\logo-blue.svg

MD5 846cbae00ad12be63ce5319c6a260323
SHA1 aa840c643cc93e70f704b2d191d4686df04c11c9
SHA256 26abe92c6ad8587e0a373ed74aba3c33f82eb2c8efefd5fba08ce66014417fa9
SHA512 6f3688b8964a38ddd081dd9f431c413656b44de3d0cdbc14a536ce4a32a1ad5fcf7a4f3f5d75b2c986e8fa647fe75cdd32bbaef27bec39bd9c4d03b328a8eca3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir3584_614737917\CRX_INSTALL\assets\images\crown.svg

MD5 e2e93bf6f4365635d8d01a854caf31d5
SHA1 33502919a2f609b8ef7c8a18f7722d3ce337360b
SHA256 7bf49e91bda1b6dd05b94288fbd86391500557f272b4f8e0ad3a69549e7a6104
SHA512 5548d7fc0faff4ecae85888dbe938438390d478110c26db26e27f9764a3dfc3e5faf91789f84e9e76575b8f371a6cc0cd90feae6b8e3dbf317e59129b71cfeee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\llbcnfanfmjhpedaedhbcnpgeepdnnok\6.0.0_0\_metadata\generated_indexed_rulesets\_ruleset1

MD5 54b8963605e13d9f85e145b3933e233c
SHA1 e6eae0d378cb72ce897a976dfc25ceffa9a0c900
SHA256 21ec97d6415cde5c52ecf20b183b9a5b2f76aecc8088b9dde49bdf195d1e9038
SHA512 3c4dac3f506789627bb858b67a94b8e7a87cf41fc801c7f3f2b827dfdd7b73ddc31ee342dd565a4ef592862d4df1c7c2192568de2fa9d465f0cec690d1f792f2

C:\Users\Admin\AppData\Local\Temp\scoped_dir9680_1310646196\CRX_INSTALL\contentScript.bundle.js

MD5 b5420e42524ff930ce283a078768460e
SHA1 505dbcb230b71985e0b75e1e323ebffe3b15f295
SHA256 a5d2108a9097c9f3fa821b3b90d79c5e4824f74ca21a18c5ff7271b05fda83c5
SHA512 3e8df8ad43c6dc59fa551719057f631d197402d7009b09be898454f28e56378c8539994a22c6141ea527f37549554dfe74e3169eb989d21e9ceb0637d22f61a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir9680_1045154332\CRX_INSTALL\assets\images\close-white.svg

MD5 1fe8bf19c860d2e13f6e9f1ebd2778cb
SHA1 3a47b23b93a3b89abaee6b57fdb597a742be1d23
SHA256 39c46e8e2da43cc6f31ec85120a8879bee0eefdde9b20ce92d1f5e8733b6eb40
SHA512 a3b13146700e148dd855df06045b374ad0f887c3e7452daf480ce913e47d199425741553d9c56e01721739829a1f741d27bdb564882499b908d55af55f57ea71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir9680_1045154332\CRX_INSTALL\_metadata\generated_indexed_rulesets\_ruleset1

MD5 944cc7b993253154878990ae8d949f99
SHA1 63bbb58e604b046a08b0e10de8484343922d54fb
SHA256 3ecb29ec9d6b71e2be72715e0649c965fa2b10ab41d26860913b25c774d5e0a3
SHA512 1f3869717809e7969ce4391afab9716a49593b0d136d0d4b62b00e35734c73f85ae1460c66a2341a2f19487c8d68926fa183420cc770918f45b9fc1b283cf1ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir9680_1045154332\CRX_INSTALL\_metadata\verified_contents.json

MD5 1b01ffc2bafd0a464913805b97e1dd6a
SHA1 f64210c6b06215c5d288f26b3195c557951db428
SHA256 f14934357881f8c7340890752a4fdc0e5440c7ddeb29660ac642c9a972e5f551
SHA512 0d26c87a86371b26bdee126c4ea37fa437538391f88cd263c058e3aa64edaca91efaab01bf93f5c81d4d8df92e73469fffccf403dfb4d49267653e851fc6da20

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir9680_1045154332\CRX_INSTALL\manifest.json

MD5 36c7c3d8f8d37e17ee06d7a4ce3099d0
SHA1 ea7a3d54e78ddbb80a05888412b2f079a75e5b7f
SHA256 1b594fb15c701e51f960bbb9efdfa72198cb3b6c3aa122ad759524e2c82a2142
SHA512 990a66fa225c7f63804a5c0ca9d4d1af87bff0c1ddf55cce2557d14ebfb17f8639dca12f544fc2c5b218723622fb1be6f7779d5ce8755a562957e5361d6fc9c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir9680_1045154332\CRX_INSTALL\assets\images\close-blue.svg

MD5 8d8bf8908be87508c56d626e0a776978
SHA1 3cad5703edacdadf1dc6fcb48fe921712b16fbf0
SHA256 9c5c3329378a3bfba29911b873f1d94239f6ac54dffe6bab113b3d51d8dc0ae0
SHA512 fc0b25c71d69c3721c104afd9ce6af91d89a92a37bf47f97e7df96187e45ed25ac08651e564a09281906e678f7df25af11aeff44b80a3fc17bf2c25c78e1236b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir9680_1045154332\CRX_INSTALL\assets\images\check.svg

MD5 0b2e057ac7229a93f0c0815343c57ff9
SHA1 4c99a278bb5dd30203fb4f33f8d3dcfc5aae5a8e
SHA256 98ce9f3ebf75b2ca71e096bd01988540667d9e9636d5512fe17d099d9eba91ea
SHA512 daf1f0ac010b53f48a1769201bb48df13ef40531e55d3b0736925fdb81441af75f6d3f4e068090feaa6c8ece9f5168c8e44e1dc18c171aca6ef3596a596e067a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir9680_1045154332\CRX_INSTALL\assets\images\attention-icon.svg

MD5 5232d122e13560c86cf3ff0c84ecc3de
SHA1 7c0a78dd1c15e4b50943e1101f0caa8c0405f2c6
SHA256 616cff0cab3ee3e3b69aff4423a541daba199172d2eb2b0f5e7d83e1d6e13f99
SHA512 619222dcc939be36477504882d3a6689a58f9ede708c135fc621d1b8c9d3d9bb4bf6abbecfe7c13bbbbcd7ae2f0f150baa3ac5cd5358db0c057453042484d7a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir9680_1045154332\CRX_INSTALL\assets\images\arrow.svg

MD5 8a4011cef8b4f6e1fe6dfd28c497ad69
SHA1 395ce130677ff0b579f1f3c7f8b45b8489490094
SHA256 31313b5ae51fffa0684dcd10537b9534413f105cfcfc3a8a39890bad5f3aa3f4
SHA512 e25314ee23995bc6d8cec92bd969b9b7e956d46e8bcf8d3ac209445c6f551d311468382f145f8017f6ab26d7cb8c9b6a0c4b3b41c5e7c3f03384116bf720ed85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir9680_1045154332\CRX_INSTALL\rules.json

MD5 5736d36e31b7bc0d59788d30260281ea
SHA1 c2810c0335d1760d2ab337db349c362596df06be
SHA256 79ecc25acaf4d184958e339a9e48a1f0d187f82a676843dc6a40ff907e1853f3
SHA512 046686a280f60d50791ff8bd13989ba4bf058f402bc3d45c3688bc60e8ea91e6e44ec3ae8bf66f1e47b66b336ea8b0f70f20ff1279f6dfb377d662d633296c7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir9680_1045154332\CRX_INSTALL\index.html

MD5 336fd61de62addda84cc9e5c283b7e67
SHA1 6b5985b920c40c61fb320f70be5f89233754699c
SHA256 6476c7b35152cbbe4906e94dada4e68faf052744cb0da74589679b86d49edd15
SHA512 2f641a563c6283ee3582c597c10be2336a18cf5e4a1e0c1a3c8b661e1ef49774145f15630b90cb5c1f9bd9439c6d64dc2bfc160763ae3d949eb0eca805bfbad6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir9680_1045154332\CRX_INSTALL\index.bundle.js

MD5 21a57bcfd8166f1a78e93ff075073dad
SHA1 b222925084dcb825c56a1f4d061ce60d73b5e697
SHA256 5fb95e4a8b1ee5fdf974bf4fa3e0890b3d973b98598ced1fd5f4cbfa27e7babb
SHA512 5de66932e9868b16eba364c24052131fa8bad2e097c72bc51f8493b91e8380df4b4717ff97536fb3789a6cffedf198c8b5bfba395572ceadf32fa1eeb130417a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir9680_1045154332\CRX_INSTALL\background.bundle.js

MD5 a0f181524d2f89830b233309e578191b
SHA1 5112f2f12100b01f242b0690a3aaf5f7e729cd9f
SHA256 727de56a3efb2b77feda4ac895cd5ab0e7f24b28ebec029b0b3460ffd5912eaa
SHA512 f4324039feb00e2109372a40927d69aa2f739d2dc8383f929689c510fc1a14bff653fe179810daa5d2a4c5518c846020ce8fdfdba403e400535a49f6976b8c59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 77ab5967e699f2273c47c7e627119c72
SHA1 98f2c174f6e4051614f981a3fbecb84c3ff00801
SHA256 69aca31f50e221362c0fbc3b6ca92ac7705dec423b04cf8ea718bc97c774f91e
SHA512 2629f7e80952fd021f5835906b7802aff85e7638cfa8436041dc60e62f9b2818ab9751688fd427b7ffd8f4bdefa855328334b32d610e98582a3b5efac6e94e1d

C:\Users\Admin\AppData\Roaming\ReasonLabs\EPP\Partitions\plan-picker_5.31.8\Network\Network Persistent State

MD5 6214fe8bac99e822ebc222e12a9b03df
SHA1 10135e2b9345057fd4a660e5f77579fbf4b7e5dc
SHA256 b639ee48bf5d56a5a7f1920bf7fe8cd9faa71b65b3cb1f6dd317ce98de172b97
SHA512 ee8ae60a54eeabbd7d84c5dbfd680ae9193879490aa21e99243539b46e016957cd1c3a90841dd225f5cbd8004f466a3a43704bce67bfc89b0c4f4962d482cefd

C:\ProgramData\McAfee\WebAdvisor\updater.exe\log_00200057003F001D0006.txt

MD5 1083175a3fa377535632b1e147804741
SHA1 c776c47e6439ed3d3cbaf055feb57be84792c457
SHA256 33552a55bb0474d94ae6c2524246928fcbf24e3ecc287a9bbe9d870bab276bcd
SHA512 5f88b57bfb545582ea55cd76cd91e67069308f6b60af26289b7fa9178d6d41cad97bb2afb975a9553f54837e978d6321906dcc8aeb964368cd0bc321770fd263