Malware Analysis Report

2024-11-16 12:57

Sample ID 240809-kxpctssekc
Target http://anydesk.com
Tags
defense_evasion discovery evasion execution exploit persistence privilege_escalation spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file http://anydesk.com was found to be: Likely malicious.

Malicious Activity Summary

defense_evasion discovery evasion execution exploit persistence privilege_escalation spyware stealer

Modifies Windows Firewall

Downloads MZ/PE file

Manipulates Digital Signatures

Possible privilege escalation attempt

Stops running service(s)

Creates new service(s)

Modifies file permissions

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Reads user/profile data of web browsers

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Enumerates connected drives

Adds Run key to start application

Checks installed software on the system

Drops file in System32 directory

Enumerates processes with tasklist

Drops file in Program Files directory

Launches sc.exe

Drops file in Windows directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

Checks processor information in registry

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Checks SCSI registry key(s)

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious behavior: LoadsDriver

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Enumerates system info in registry

NTFS ADS

Runs net.exe

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-09 08:58

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-09 08:58

Reported

2024-08-09 09:37

Platform

win11-20240802-en

Max time kernel

2298s

Max time network

2299s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://anydesk.com

Signatures

Creates new service(s)

persistence execution

Downloads MZ/PE file

Manipulates Digital Signatures

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2008\FuncName = "WVTAsn1SpcLinkDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.28\FuncName = "WVTAsn1SpcLinkDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.1.1\FuncName = "DecodeAttrSequence" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubLoadMessage" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.4.1.311.10.3.3\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2001\FuncName = "WVTAsn1SpcMinimalCriteriaInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\CallbackAllocFunction = "SoftpubLoadDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubCleanup" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.30\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.30\FuncName = "WVTAsn1SpcSigInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.4.4\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2010\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCheckCert" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2008\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.10\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2222\FuncName = "WVTAsn1CatMemberInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2008\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubAuthenticode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.28\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.4.4\FuncName = "WVTAsn1SealingTimestampAttributeDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.28\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000\FuncName = "WVTAsn1SpcSpAgencyInfoEncode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\DiagnosticPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubDefCertInit" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllFormatObject\1.3.6.1.5.5.7.3.4\Dll = "cryptdlg.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubCheckCert" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\2.16.840.1.113730.4.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.25\FuncName = "WVTAsn1SpcLinkDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2221\FuncName = "WVTAsn1CatNameValueDecode" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubInitialize" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubLoadSignature" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "WintrustCertificateTrust" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\OID\ENCODINGTYPE 0\CRYPTSIPDLLVERIFYINDIRECTDATA\{C689AAB9-8E78-11D0-8C47-00C04FC295EE} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\DefaultId = "{573E31F8-AABA-11D0-8CCB-00C04FC295EE}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubCheckCert" C:\Windows\SysWOW64\regsvr32.exe N/A

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Stops running service(s)

evasion execution

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.503.1001_native_461915b8ff524752313d2449b454659b_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS086EA039\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS086EA039\HD-CheckCpu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS086EA039\HD-CheckCpu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.503.1001_native_461915b8ff524752313d2449b454659b_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe N/A
N/A N/A C:\ProgramData\BlueStacksServicesSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-ForceGPU.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-CheckCpu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-CheckCpu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
N/A N/A C:\Users\Admin\Downloads\nox_setup_v7.0.6.0_full_intl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Nox\CheckGLVersion.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_vn_10077_CjwKCAjw_Na1BhAlEiwAM-dm7MWfnwgkhK4qEMWPpiZsI0ol8UblVmi-_ev1zXRfIK59Iibsdg2AXxoCP00QAvD_BwE_ld.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\A2BBB4ED-766D-434A-87BE-F33FF71B7B5A\dismhost.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\driverconfig.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\vbox-img.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe N/A
N/A N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
N/A N/A C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe N/A
N/A N/A C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.21.505.1008_amd64_native.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden" C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Windows\SysWOW64\takeown.exe N/A
File opened (read-only) \??\F: C:\Windows\SysWOW64\takeown.exe N/A
File opened (read-only) \??\F: C:\Windows\SysWOW64\takeown.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db C:\Users\Admin\Downloads\AnyDesk.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\AnyDeskPrintDriver-manifest.ini C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db C:\Users\Admin\Downloads\AnyDesk.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db C:\Users\Admin\Downloads\AnyDesk.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{66701646-b81b-3345-aff2-9eccba4b498e}\SET55D0.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{66701646-b81b-3345-aff2-9eccba4b498e}\SET55D2.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\AnyDeskPrintDriverRenderFilter-PipelineConfig.xml C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db C:\Users\Admin\Downloads\AnyDesk.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\AnyDeskPrintDriver.gpd C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\anydeskprintdriver.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db C:\Users\Admin\Downloads\AnyDesk.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{66701646-b81b-3345-aff2-9eccba4b498e}\SET55D2.tmp C:\Windows\system32\DrvInst.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{66701646-b81b-3345-aff2-9eccba4b498e}\SET55CF.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db C:\Users\Admin\Downloads\AnyDesk.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{66701646-b81b-3345-aff2-9eccba4b498e}\AnyDeskPrintDriverRenderFilter.dll C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db C:\Users\Admin\Downloads\AnyDesk.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\AnyDeskPrintDriver.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db C:\Users\Admin\Downloads\AnyDesk.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db C:\Users\Admin\Downloads\AnyDesk.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{66701646-b81b-3345-aff2-9eccba4b498e}\AnyDeskPrintDriverRenderFilter-PipelineConfig.xml C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db C:\Users\Admin\Downloads\AnyDesk.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{66701646-b81b-3345-aff2-9eccba4b498e}\SET55CE.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{66701646-b81b-3345-aff2-9eccba4b498e}\AnyDeskPrintDriver-manifest.ini C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{66701646-b81b-3345-aff2-9eccba4b498e}\SET55CF.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{66701646-b81b-3345-aff2-9eccba4b498e}\SET55D1.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{66701646-b81b-3345-aff2-9eccba4b498e}\AnyDeskPrintDriver.gpd C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{66701646-b81b-3345-aff2-9eccba4b498e}\SET55CD.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{66701646-b81b-3345-aff2-9eccba4b498e} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{66701646-b81b-3345-aff2-9eccba4b498e}\SET55D0.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db C:\Users\Admin\Downloads\AnyDesk.exe N/A
File opened for modification C:\Windows\SysWOW64\winmgmts:{impersonationLevel=Impersonate}!\root\cimv2 C:\Users\Admin\AppData\Local\Temp\Temp1_leomoon-dot-com_leomoon-cpu-v_win.zip\LeoMoon CPU-V.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db C:\Users\Admin\Downloads\AnyDesk.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{66701646-b81b-3345-aff2-9eccba4b498e}\SET55D1.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db C:\Users\Admin\Downloads\AnyDesk.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{66701646-b81b-3345-aff2-9eccba4b498e}\SET55CE.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{66701646-b81b-3345-aff2-9eccba4b498e}\anydeskprintdriver.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db C:\Users\Admin\Downloads\AnyDesk.exe N/A
File opened for modification C:\Windows\system32\storage.json C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{66701646-b81b-3345-aff2-9eccba4b498e}\AnyDeskPrintDriver.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\anydeskprintdriver.inf_amd64_07b22d0a6997cb3a\AnyDeskPrintDriverRenderFilter.dll C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\system32\storage.json C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db C:\Users\Admin\Downloads\AnyDesk.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{66701646-b81b-3345-aff2-9eccba4b498e}\SET55CD.tmp C:\Windows\system32\DrvInst.exe N/A

Enumerates processes with tasklist

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A
N/A N/A C:\Windows\system32\tasklist.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\BlueStacks X\www\images\noNetwork.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File created C:\Program Files\ldplayer9box\libssl-1_1-x64.dll F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\VBoxHostChannel.dll F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\x86\dasync.dll F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\vccorlib140.dll C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe N/A
File created C:\Program Files (x86)\BlueStacks X\app.ico C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\el.pak C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\en-GB.pak C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\Qt6QmlModels.dll C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe N/A
File created C:\Program Files\BlueStacks_nxt\Qt6QuickControls2.dll C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\cs.pak C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\language\chs.qm C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\bearer\qgenericbearer.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File created C:\Program Files\ldplayer9box\tstAnimate.exe F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\ldplayer9box\bldRTLdrCheckImports.exe F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\BlueStacks_nxt\BstkC.dll C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe N/A
File created C:\Program Files\BlueStacks_nxt\libOpenglRender.dll C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\imageformats\qsvg.dll C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\MyGames\Card_Elliptical_gradient.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libtransform_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File created C:\Program Files\BlueStacks_nxt\vcruntime140_1.dll C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\msvcp140_2.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\msvcp140_atomic_wait.dll C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\QtQuick\Layouts\qquicklayoutsplugin.dll C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\HD-DiskFormatCheck.exe C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe N/A
File created C:\Program Files (x86)\BlueStacks X\cef\locales\bg.pak C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\FocusBox.png C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\MIM Logo.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File created C:\Program Files\BlueStacks_nxt\QtQuick\Shapes\qmldir C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\ro.pak C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libblend_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File created C:\Program Files\ldplayer9box\VBoxTestOGL.exe F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\video_filter\liberase_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File created C:\Program Files\BlueStacks_nxt\Qt6WebEngineQuick.dll C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe N/A
File created C:\Program Files (x86)\BlueStacks X\cef\locales\en-GB.pak C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\cef\locales\hu.pak C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\Marketplace_on.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\Qt5Positioning.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File created C:\Program Files\ldplayer9box\SUPLoggerCtl.exe F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File created C:\Program Files\BlueStacks_nxt\QtWebEngine\qmldir C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\checkBox\checked_disable.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\CloudMode\Icon_instantly.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\www\localization\index.js C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\imageformats\qwbmp.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\codec\libflac_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\position\qtposition_winrt.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\image\MyGames\pc_refresh_default.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\TypeIndicator\PremiumGame_on.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File created C:\Program Files\BlueStacks_nxt\HD-ComRegistrar.exe C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\more.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\SideBar\left_arrow_hover.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File created C:\Program Files\ldplayer9box\x86\api-ms-win-core-memory-l1-1-0.dll F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\d3dcompiler_47.dll C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe N/A
File created C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\tr.pak C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe N/A
File created C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\zh-TW.pak C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe N/A
File created C:\Program Files (x86)\BlueStacks X\cef\locales\pt-BR.pak C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\image\close_main.svg C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\aws\aws-c-s3.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\plugins\audio_filter\libtospdif_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\plugins\misc\libfingerprinter_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File created C:\Program Files (x86)\BlueStacks X\plugins\misc\libstats_plugin.dll C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
File opened for modification C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe N/A
File created C:\Program Files\ldplayer9box\USBInstall.exe F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
File opened for modification C:\Program Files (x86)\BlueStacks X\cef\locales\da.pak C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\SysWOW64\rundll32.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\LOGS\DPX\setuperr.log C:\Windows\SysWOW64\expand.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Windows\SysWOW64\dism.exe N/A
File opened for modification C:\Windows\Logs\DISM\dism.log C:\Users\Admin\AppData\Local\Temp\A2BBB4ED-766D-434A-87BE-F33FF71B7B5A\dismhost.exe N/A
File opened for modification C:\Windows\LOGS\DPX\setupact.log C:\Windows\SysWOW64\expand.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\AnyDesk.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.503.1001_native_461915b8ff524752313d2449b454659b_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\nox_setup_v7.0.6.0_full_intl.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\LDPlayer9_vn_10077_CjwKCAjw_Na1BhAlEiwAM-dm7MWfnwgkhK4qEMWPpiZsI0ol8UblVmi-_ev1zXRfIK59Iibsdg2AXxoCP00QAvD_BwE_ld.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\AnyDesk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-CheckCpu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\HD-CheckCpu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zS086EA039\HD-CheckCpu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\BlueStacksServicesSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\AnyDesk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\AnyDesk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\expand.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.503.1001_native_461915b8ff524752313d2449b454659b_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language F:\LDPlayer\LDPlayer9\driverconfig.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\tasklist.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\LDPlayer9_vn_10077_CjwKCAjw_Na1BhAlEiwAM-dm7MWfnwgkhK4qEMWPpiZsI0ol8UblVmi-_ev1zXRfIK59Iibsdg2AXxoCP00QAvD_BwE_ld.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\HD-CheckCpu.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\nox_setup_v7.0.6.0_full_intl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\BlueStacksInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\BlueStacksInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\BlueStacksInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\AnyDesk.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\AnyDesk.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\BlueStacksInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001" F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001" F:\LDPlayer\LDPlayer9\dnplayer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History N/A N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" N/A N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" N/A N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" N/A N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133676675591104461" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent N/A N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "200" N/A N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" N/A N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" N/A N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" N/A N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" N/A N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" N/A N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" N/A N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM N/A N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" N/A N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2F1A-4D6C-81FC-E3FA843F49AE}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4521-44CC-DF95-186E4D057C83} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-F1F8-4590-941A-CDB66075C5BF}\NumMethods\ = "44" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-71B2-4817-9A64-4ED12C17388E}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-319C-4E7E-8150-C5837BD265F6}\ = "IGuestMouseEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3188-4C8C-8756-1395E8CB691C}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F6D4-4AB6-9CBF-558EB8959A6A}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\ProgId C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-47C7-4A3F-AAE1-1B516817DB41}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2F1A-4D6C-81FC-E3FA843F49AE} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-AC97-4C16-B3E2-81BD8A57CC27}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-70A2-487E-895E-D3FC9679F7B3}\NumMethods\ = "15" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8CE7-469F-A4C2-6476F581FF72}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9536-4EF8-820E-3B0E17E5BBC8}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7071-4894-93D6-DCBEC010FA91}\NumMethods\ = "58" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-61D9-4940-A084-E6BB29AF3D83}\ = "IUSBControllerChangedEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C927-11E7-B788-33C248E71FC7}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7F29-4AAE-A627-5A282C83092C}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8A02-45F3-A07D-A67AA72756AA}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.Session.1 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ldmnq.ldbk\DefaultIcon F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E8A-11E9-825C-AB7B2CABCE23}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-402E-022E-6180-C3944DE3F9C8}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-44DE-1653-B717-2EBF0CA9B664}\ = "IGuestFile" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-C71F-4A36-8E5F-A77D01D76090}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-AA82-4720-BC84-BD097B2B13B8} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-47C7-4A3F-AAE1-1B516817DB41}\NumMethods\ = "11" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B7F1-4A5A-A4EF-A11DD9C2A458}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-486E-472F-481B-969746AF2480}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-00B1-4E9D-0000-11FA00F9D583}\NumMethods\ = "13" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-EBF9-4D5C-7AEA-877BFC4256BA} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-D612-47D3-89D4-DB3992533948}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-647D-45AC-8FE9-F49B3183BA37}\ = "IGuestSessionEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-B7DB-4616-AAC6-CFB94D89BA78}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-735F-4FDE-8A54-427D49409B5F} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-70A2-487E-895E-D3FC9679F7B3}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-EABD-4FA6-960A-F1756C99EA1C}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6E0B-492A-A8D0-968472A94DC7}\NumMethods\ = "15" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9536-4EF8-820E-3B0E17E5BBC8}\NumMethods C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-D8ED-44CF-85AC-C83A26C95A4D} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-F1F8-4590-941A-CDB66075C5BF}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9849-4F47-813E-24A75DC85615}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0FF7-46B7-A138-3C6E5AC946B4}\ = "IGuestDnDTarget" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8F30-401B-A8CD-FE31DBE839C0}\NumMethods\ = "12" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C196-4D26-B8DB-4C8C389F1F82}\NumMethods\ = "22" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5F86-4D65-AD1B-87CA284FB1C8}\TypeLib\Version = "1.3" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-8079-447A-A33E-47A69C7980DB}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-AA82-4720-BC84-BD097B2B13B8}\TypeLib C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-B7F1-4A5A-A4EF-A11DD9C2A458} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2F1A-4D6C-81FC-E3FA843F49AE}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-486F-40DB-9150-DEEE3FD24189}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A75-437E-B0BB-7E7C90D0DF2A}\NumMethods\ = "88" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3E87-11E9-8AF2-576E84223953}\NumMethods\ = "36" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-3FF2-4F2E-8F09-07382EE25088}\ = "IMachineRegisteredEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-A227-4F23-8278-2F675EEA1BB2}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}" C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4521-44CC-DF95-186E4D057C83}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A75-437E-B0BB-7E7C90D0DF2A} C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4974-A19C-4DC6-CC98C2269626} C:\Windows\SYSTEM32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-08A7-4C8F-910D-47AABD67253A}\ = "IRecordingChangedEvent" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4521-44CC-DF95-186E4D057C83}\ProxyStubClsid32 C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6E15-4F71-A6A5-94E707FAFBCC}\NumMethods C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-394D-44D3-9EDB-AF2C4472C40A}\ = "ICloudNetworkEnvironmentInfo" C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4521-44CC-DF95-186E4D057C83}\ProxyStubClsid32 C:\Windows\SYSTEM32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-057D-4391-B928-F14B06B710C5}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.503.1001_native_461915b8ff524752313d2449b454659b_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\nox_setup_v7.0.6.0_full_intl.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\LDPlayer9_vn_10077_CjwKCAjw_Na1BhAlEiwAM-dm7MWfnwgkhK4qEMWPpiZsI0ol8UblVmi-_ev1zXRfIK59Iibsdg2AXxoCP00QAvD_BwE_ld.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\leomoon-dot-com_leomoon-cpu-v_win.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\AnyDesk.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS086EA039\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS086EA039\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS086EA039\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS086EA039\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS086EA039\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS086EA039\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS086EA039\BlueStacksInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\Bootstrapper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\Bootstrapper.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnplayer.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\Downloads\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\AnyDesk\AnyDesk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\Downloads\nox_setup_v7.0.6.0_full_intl.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Nox\CheckGLVersion.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
N/A N/A C:\Users\Admin\Downloads\LDPlayer9_vn_10077_CjwKCAjw_Na1BhAlEiwAM-dm7MWfnwgkhK4qEMWPpiZsI0ol8UblVmi-_ev1zXRfIK59Iibsdg2AXxoCP00QAvD_BwE_ld.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\LDPlayer.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\dnrepairer.exe N/A
N/A N/A C:\Program Files\ldplayer9box\Ld9BoxSVC.exe N/A
N/A N/A F:\LDPlayer\LDPlayer9\driverconfig.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE N/A
N/A N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
N/A N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
N/A N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
N/A N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
N/A N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
N/A N/A C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\HD-GLCheck.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\HD-GLCheck.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4848 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 2404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 4740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 4740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://anydesk.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9fa2acc40,0x7ff9fa2acc4c,0x7ff9fa2acc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1956,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1948 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1748,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1988 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2352 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3000,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3016 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3004,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3024 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4348,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4392 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4536,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4648 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3152,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4216 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3332,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4632 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004CC

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4956,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5064 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5240,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5316 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5716,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5724 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5732,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5860 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=6108,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6116 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6076,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6040 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6044,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5772 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3488,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5824 /prefetch:8

C:\Users\Admin\Downloads\AnyDesk.exe

"C:\Users\Admin\Downloads\AnyDesk.exe"

C:\Users\Admin\Downloads\AnyDesk.exe

"C:\Users\Admin\Downloads\AnyDesk.exe" --local-service

C:\Users\Admin\Downloads\AnyDesk.exe

"C:\Users\Admin\Downloads\AnyDesk.exe" --local-control

C:\Users\Admin\Downloads\AnyDesk.exe

"C:\Users\Admin\Downloads\AnyDesk.exe" --backend

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5208,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6532 /prefetch:8

C:\Users\Admin\Downloads\AnyDesk.exe

"C:\Users\Admin\Downloads\AnyDesk.exe" --install "C:\Program Files (x86)\AnyDesk" --start-with-win --create-shortcuts --create-taskbar-icon --create-desktop-icon --install-driver:mirror --install-driver:printer --update-main --svc-conf "C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf" --sys-conf "C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf"

C:\Program Files (x86)\AnyDesk\AnyDesk.exe

"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --service

C:\Program Files (x86)\AnyDesk\AnyDesk.exe

"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --control

C:\Windows\SysWOW64\expand.exe

expand -F:* "C:\Users\Admin\AppData\Roaming\AnyDesk\printer_driver\v4.cab" "C:\Users\Admin\AppData\Roaming\AnyDesk\printer_driver"

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" printui.dll, PrintUIEntry /if /b "AnyDesk Printer" /f "C:\Users\Admin\AppData\Roaming\AnyDesk\printer_driver\AnyDeskPrintDriver.inf" /r "AD_Port" /m "AnyDesk v4 Printer Driver"

C:\Program Files (x86)\AnyDesk\AnyDesk.exe

"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --new-install

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{79a5a7ad-243b-b843-934c-4ed5d6bc7a5c}\anydeskprintdriver.inf" "9" "49a18f3d7" "0000000000000150" "WinSta0\Default" "0000000000000160" "208" "c:\users\admin\appdata\roaming\anydesk\printer_driver"

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{BDAF9C34-DA20-43CD-B9CD-714F79D4B81A} Global\{FC3B7713-F3CF-408F-AF37-E39A128BB203} C:\Windows\System32\DriverStore\Temp\{66701646-b81b-3345-aff2-9eccba4b498e}\anydeskprintdriver.inf C:\Windows\System32\DriverStore\Temp\{66701646-b81b-3345-aff2-9eccba4b498e}\AnyDeskPrintDriver.cat

C:\Program Files (x86)\AnyDesk\AnyDesk.exe

"C:\Program Files (x86)\AnyDesk\AnyDesk.exe" --backend

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9fa2acc40,0x7ff9fa2acc4c,0x7ff9fa2acc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3740,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6636 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=2392,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6824 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5400,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6984 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6120,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5432 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5872,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7024 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=7132,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7148 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5876,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6100 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7164,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6940 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5456,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6468 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7092,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6768 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7180,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5444 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6504,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5884 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7492,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7504 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7048,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6732 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6764,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6112 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6536,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7524 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5200,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7544 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7424,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5480 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7436,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7508 /prefetch:8

C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.503.1001_native_461915b8ff524752313d2449b454659b_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe

"C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.503.1001_native_461915b8ff524752313d2449b454659b_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe"

C:\Users\Admin\AppData\Local\Temp\7zS086EA039\BlueStacksInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\7zS086EA039\BlueStacksInstaller.exe"

C:\Users\Admin\AppData\Local\Temp\7zS086EA039\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zS086EA039\HD-CheckCpu.exe" --cmd checkHypervEnabled

C:\Users\Admin\AppData\Local\Temp\7zS086EA039\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zS086EA039\HD-CheckCpu.exe" --cmd checkSSE4

C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe

"C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.505.1008_nxt.exe" -s

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\BlueStacks X\green.vbs"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c green.bat

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="BlueStacksWeb"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Cloud Game"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall add rule name="BlueStacksWeb" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall add rule name="Cloud Game" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\Cloud Game.exe"

C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.503.1001_native_461915b8ff524752313d2449b454659b_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe

"C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.503.1001_native_461915b8ff524752313d2449b454659b_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe" -versionMachineID=b2332b3f-c3cd-41f5-870f-45225a9970cf -machineID=bb990707-fedb-4d99-b1bc-054e01276c05 -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bsx -bsxVersion=10.41.503.1001 -country=GB -skipBinaryShortcuts -isWalletFeatureEnabled

C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\Bootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\Bootstrapper.exe" -versionMachineID=b2332b3f-c3cd-41f5-870f-45225a9970cf -machineID=bb990707-fedb-4d99-b1bc-054e01276c05 -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bsx -bsxVersion=10.41.503.1001 -country=GB -skipBinaryShortcuts -isWalletFeatureEnabled

C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\BlueStacksInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\BlueStacksInstaller.exe" -versionMachineID="b2332b3f-c3cd-41f5-870f-45225a9970cf" -machineID="bb990707-fedb-4d99-b1bc-054e01276c05" -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName="Pie64" -imageToLaunch="Pie64" -appToLaunch="bsx" -bsxVersion="10.41.503.1001" -country="GB" -skipBinaryShortcuts -isWalletFeatureEnabled -parentpath="C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.503.1001_native_461915b8ff524752313d2449b454659b_MzsxNSwwOzUsMTsxNSw0OzE1LA==.exe" -md5=461915b8ff524752313d2449b454659b -app64=

C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\CommonInstallUtils.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\" -aoa

C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\QtRedistx64.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\" -aoa

C:\ProgramData\BlueStacksServicesSetup.exe

"C:\ProgramData\BlueStacksServicesSetup.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq BlueStacksServices.exe" | find "BlueStacksServices.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq BlueStacksServices.exe"

C:\Windows\SysWOW64\find.exe

find "BlueStacksServices.exe"

C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-ForceGPU.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-ForceGPU.exe" 1 "C:\Program Files\BlueStacks_nxt"

C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-GLCheck.exe" 1 2

C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-GLCheck.exe" 4 2

C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-GLCheck.exe" 2 2

C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-GLCheck.exe" 1 1

C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-GLCheck.exe" 4 1

C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe

"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --hidden --initialLaunch

C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-GLCheck.exe" 2 1

C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-CheckCpu.exe" --cmd checkSSE4

C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\PF.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa

C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\\HD-GLCheck.exe" 2

C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\\HD-GLCheck.exe" 3

C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe

"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1708,i,16065034741535463325,12814940240496432548,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\cscript.exe

cscript.exe

C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe

"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1956 --field-trial-handle=1708,i,16065034741535463325,12814940240496432548,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\\HD-GLCheck.exe" 1

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"

C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe

"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id=com.bluestacks.services --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2608 --field-trial-handle=1708,i,16065034741535463325,12814940240496432548,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cscript.exe

cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKLM\SOFTWARE\BlueStacks_nxt

C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\QtRedistx64.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa

C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\PD.zip" -o"C:\ProgramData\BlueStacks_nxt" -aoa

C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe" x "C:\ProgramData\Pie64_5.21.505.1008.exe" -o"C:\ProgramData\BlueStacks_nxt\Engine\Pie64" -aoa

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\SYSTEM32\netsh.exe

"netsh.exe" advfirewall firewall delete rule name="BlueStacks Service"

C:\Windows\SYSTEM32\netsh.exe

"netsh.exe" advfirewall firewall add rule name="BlueStacks Service" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\HD-Player.exe" enable=yes

C:\Windows\SYSTEM32\netsh.exe

"netsh.exe" advfirewall firewall delete rule name="BlueStacksAppplayerWeb"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\SYSTEM32\netsh.exe

"netsh.exe" advfirewall firewall add rule name="BlueStacksAppplayerWeb" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe" enable=yes

C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-CheckCpu.exe" --cmd checkSSE3

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe" /c "sc.exe delete BlueStacksDrv_nxt"

C:\Windows\system32\sc.exe

sc.exe delete BlueStacksDrv_nxt

C:\Windows\SYSTEM32\reg.exe

"reg.exe" EXPORT HKLM\Software\BlueStacks_nxt "C:\Users\Admin\AppData\Local\Temp\ymiqbhm0.z2s\RegHKLM.txt"

C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\7zr.exe" a "C:\Users\Admin\AppData\Local\Temp\Installer.zip" -m0=LZMA:a=1 "C:\Users\Admin\AppData\Local\Temp\ymiqbhm0.z2s\*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cloud.bluestacks.com/bs3/help_articles?article=valid_cert_update&oem=nxt&locale=en-US&guid=bb990707-fedb-4d99-b1bc-054e01276c05&image_name=Pie64

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9e1923cb8,0x7ff9e1923cc8,0x7ff9e1923cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,5713668612939590413,9649753001748086765,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1984 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,5713668612939590413,9649753001748086765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,5713668612939590413,9649753001748086765,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5713668612939590413,9649753001748086765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5713668612939590413,9649753001748086765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1956,5713668612939590413,9649753001748086765,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4052 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,5713668612939590413,9649753001748086765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1956,5713668612939590413,9649753001748086765,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2728 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5713668612939590413,9649753001748086765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5713668612939590413,9649753001748086765,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5713668612939590413,9649753001748086765,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5713668612939590413,9649753001748086765,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=6740,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7532 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7420,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6888 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6932,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7412 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=7728,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7456 /prefetch:8

C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe

"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2380 --field-trial-handle=1708,i,16065034741535463325,12814940240496432548,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7348,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6088 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Users\Admin\Downloads\nox_setup_v7.0.6.0_full_intl.exe

"C:\Users\Admin\Downloads\nox_setup_v7.0.6.0_full_intl.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Users\Admin\AppData\Local\Nox\CheckGLVersion.exe

"C:\Users\Admin\AppData\Local\Nox\CheckGLVersion.exe "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://support.bignox.com/en/tsxn/GPU

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9e1923cb8,0x7ff9e1923cc8,0x7ff9e1923cd8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,3555298587997059175,1574067668194202000,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,3555298587997059175,1574067668194202000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,3555298587997059175,1574067668194202000,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3555298587997059175,1574067668194202000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3555298587997059175,1574067668194202000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,3555298587997059175,1574067668194202000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,3555298587997059175,1574067668194202000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3555298587997059175,1574067668194202000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3555298587997059175,1574067668194202000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3555298587997059175,1574067668194202000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,3555298587997059175,1574067668194202000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=6924,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7756 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=7924,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7788 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=7948,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7936 /prefetch:1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=8112,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7408 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=8188,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7736 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=7832,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7524 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=8208,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7060 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=8260,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8248 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=8376,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8380 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=8400,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8528 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=8668,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8656 /prefetch:1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=7952,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8876 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=8216,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8884 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=9164,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9104 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=9316,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9292 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=9432,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9532 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=9620,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9604 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=9440,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9728 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=9568,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9756 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=9544,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9168 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=9076,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9856 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=9268,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9592 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=9684,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10068 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=9520,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10212 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=10060,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10340 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=10504,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10516 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=9452,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9736 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Users\Admin\Downloads\LDPlayer9_vn_10077_CjwKCAjw_Na1BhAlEiwAM-dm7MWfnwgkhK4qEMWPpiZsI0ol8UblVmi-_ev1zXRfIK59Iibsdg2AXxoCP00QAvD_BwE_ld.exe

"C:\Users\Admin\Downloads\LDPlayer9_vn_10077_CjwKCAjw_Na1BhAlEiwAM-dm7MWfnwgkhK4qEMWPpiZsI0ol8UblVmi-_ev1zXRfIK59Iibsdg2AXxoCP00QAvD_BwE_ld.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=9120,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7928 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=10456,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9700 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=10440,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10464 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=10152,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10084 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=9068,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10092 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=10380,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9856 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=10768,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10792 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=10936,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9528 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=10752,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10816 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=11080,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11240 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=11100,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11092 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=11108,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8884 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --field-trial-handle=11132,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11376 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --field-trial-handle=11152,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11500 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --field-trial-handle=11172,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11628 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --field-trial-handle=11192,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11764 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=11200,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11892 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=11768,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11864 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --field-trial-handle=10916,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10744 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --field-trial-handle=6736,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7808 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --field-trial-handle=7848,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8600 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --field-trial-handle=10468,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8576 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --field-trial-handle=11712,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11680 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --field-trial-handle=11636,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11756 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --field-trial-handle=10880,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9864 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --field-trial-handle=10040,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=11728 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --field-trial-handle=9496,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8628 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --field-trial-handle=9456,i,3936209937114740559,12920986562028066200,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10408 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

F:\LDPlayer\LDPlayer9\LDPlayer.exe

"F:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=10077 -language=vn -path="F:\LDPlayer\LDPlayer9\" -googleid=CjwKCAjw_Na1BhAlEiwAM-dm7MWfnwgkhK4qEMWPpiZsI0ol8UblVmi-_ev1zXRfIK59Iibsdg2AXxoCP00QAvD_BwE

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

F:\LDPlayer\LDPlayer9\dnrepairer.exe

"F:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=918374

C:\Windows\SysWOW64\net.exe

"net" start cryptsvc

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start cryptsvc

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Softpub.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Wintrust.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32" Initpki.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" dssenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" rsaenh.dll /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" cryptdlg.dll /s

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "F:\LDPlayer\LDPlayer9\vms" /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" "F:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t

C:\Windows\SysWOW64\takeown.exe

"takeown" /f "F:\LDPlayer\LDPlayer9\\system.vmdk"

C:\Windows\SysWOW64\icacls.exe

"icacls" "F:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t

C:\Windows\SysWOW64\dism.exe

C:\Windows\system32\dism.exe /Online /English /Get-Features

C:\Users\Admin\AppData\Local\Temp\A2BBB4ED-766D-434A-87BE-F33FF71B7B5A\dismhost.exe

C:\Users\Admin\AppData\Local\Temp\A2BBB4ED-766D-434A-87BE-F33FF71B7B5A\dismhost.exe {2F57212B-EF03-4D50-A915-1312309EB760}

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s

C:\Windows\SYSTEM32\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\SysWOW64\regsvr32.exe

"regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto

C:\Windows\SysWOW64\sc.exe

"C:\Windows\system32\sc" start Ld9BoxSup

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'F:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow

F:\LDPlayer\LDPlayer9\driverconfig.exe

"F:\LDPlayer\LDPlayer9\driverconfig.exe"

C:\Windows\SysWOW64\takeown.exe

"takeown" /f F:\LDPlayer\ldmutiplayer\ /r /d y

C:\Windows\SysWOW64\icacls.exe

"icacls" F:\LDPlayer\ldmutiplayer\ /grant everyone:F /t

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/vn.ldplayer

F:\LDPlayer\LDPlayer9\dnplayer.exe

"F:\LDPlayer\LDPlayer9\\dnplayer.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9e1923cb8,0x7ff9e1923cc8,0x7ff9e1923cd8

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe

"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2

C:\Windows\SysWOW64\sc.exe

sc query HvHost

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8

C:\Windows\SysWOW64\sc.exe

sc query vmms

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\SysWOW64\sc.exe

sc query vmcompute

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-54d7-bbbb00000000

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-54d7-000000000000

C:\Program Files\ldplayer9box\vbox-img.exe

"C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "F:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-54d7-000000000000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe

"C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe" --comment leidian0 --startvm 20160302-aaaa-aaaa-54d7-000000000000 --vrde config

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://vi.ldplayer.net/blog/how-to-enable-vt.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9e1923cb8,0x7ff9e1923cc8,0x7ff9e1923cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6660 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7896 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8680 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8948 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8924 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8080 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2576 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8688 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Users\Admin\AppData\Local\Temp\Temp1_leomoon-dot-com_leomoon-cpu-v_win.zip\LeoMoon CPU-V.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_leomoon-dot-com_leomoon-cpu-v_win.zip\LeoMoon CPU-V.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,17106675936464945718,7064346400370260679,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=8876 /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE

"C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe

"C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe"

C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe

BlueStacksWeb.exe --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,NetworkServiceInProcess,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --mojo-platform-channel-handle=3712 /prefetch:1

C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe

BlueStacksWeb.exe --type=renderer --disable-speech-api --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations,NetworkServiceInProcess,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,InstalledApp,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3832 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://now.gg/play/garena-international-i/1398/free-fire?source=launcher&utm_medium=bluestacksx&launcher_guid=b4233740-23e2-411d-9218-11dc40147598&user_id=&utm_source=now.gg-partner&utm_campaign=BlueStacksXSysBrowser

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9e1923cb8,0x7ff9e1923cc8,0x7ff9e1923cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,12079691596436440415,15336811220082036764,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,12079691596436440415,15336811220082036764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,12079691596436440415,15336811220082036764,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,12079691596436440415,15336811220082036764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,12079691596436440415,15336811220082036764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1936,12079691596436440415,15336811220082036764,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5136 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,12079691596436440415,15336811220082036764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,12079691596436440415,15336811220082036764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,12079691596436440415,15336811220082036764,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,12079691596436440415,15336811220082036764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,12079691596436440415,15336811220082036764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,12079691596436440415,15336811220082036764,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,12079691596436440415,15336811220082036764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,12079691596436440415,15336811220082036764,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,12079691596436440415,15336811220082036764,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.21.505.1008_amd64_native.exe

"C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.21.505.1008_amd64_native.exe" -s -defaultImageName Pie64 -imageToLaunch Pie64 -skipBinaryShortcuts -appToLaunch=bsx

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Bootstrapper.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Bootstrapper.exe" -s -defaultImageName Pie64 -imageToLaunch Pie64 -skipBinaryShortcuts -appToLaunch=bsx

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\BlueStacksInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\BlueStacksInstaller.exe" -s -defaultImageName="Pie64" -imageToLaunch="Pie64" -skipBinaryShortcuts -appToLaunch="bsx" -parentpath="C:\Users\Admin\AppData\Local\BlueStacks X\BlueStacks-Installer_5.21.505.1008_amd64_native.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\CommonInstallUtils.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\" -aoa

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtRedistx64.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\" -aoa

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\HD-ForceGPU.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\HD-ForceGPU.exe" 1 "C:\Program Files\BlueStacks_nxt"

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\HD-GLCheck.exe" 1 2

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\HD-GLCheck.exe" 4 2

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\HD-GLCheck.exe" 2 2

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\HD-GLCheck.exe" 1 1

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\HD-GLCheck.exe" 4 1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\HD-GLCheck.exe" 2 1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\HD-CheckCpu.exe" --cmd checkSSE4

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\PF.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\\HD-GLCheck.exe" 2

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\\HD-GLCheck.exe" 3

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\HD-GLCheck.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\\HD-GLCheck.exe" 1

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtRedistx64.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\PD.zip" -o"C:\ProgramData\BlueStacks_nxt" -aoa

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe" x "C:\Users\Admin\AppData\Local\BlueStacks X\Pie64_5.21.505.1008.exe" -o"C:\ProgramData\BlueStacks_nxt\Engine\Pie64" -aoa

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\SYSTEM32\netsh.exe

"netsh.exe" advfirewall firewall delete rule name="BlueStacks Service"

C:\Windows\SYSTEM32\netsh.exe

"netsh.exe" advfirewall firewall add rule name="BlueStacks Service" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\HD-Player.exe" enable=yes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\SYSTEM32\netsh.exe

"netsh.exe" advfirewall firewall delete rule name="BlueStacksAppplayerWeb"

C:\Windows\SYSTEM32\netsh.exe

"netsh.exe" advfirewall firewall add rule name="BlueStacksAppplayerWeb" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe" enable=yes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\HD-CheckCpu.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\HD-CheckCpu.exe" --cmd checkSSE3

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe" /c "sc.exe delete BlueStacksDrv_nxt"

C:\Windows\system32\sc.exe

sc.exe delete BlueStacksDrv_nxt

C:\Windows\SYSTEM32\reg.exe

"reg.exe" EXPORT HKLM\Software\BlueStacks_nxt "C:\Users\Admin\AppData\Local\Temp\kkgjmq0v.ryh\RegHKLM.txt"

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe

"C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\7zr.exe" a "C:\Users\Admin\AppData\Local\Temp\Installer.zip" -m0=LZMA:a=1 "C:\Users\Admin\AppData\Local\Temp\kkgjmq0v.ryh\*"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cloud.bluestacks.com/bs3/help_articles?article=bsx_engine_install_instruction&launcher_version=10.41.503.1001

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0x100,0x12c,0x7ff9e1923cb8,0x7ff9e1923cc8,0x7ff9e1923cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,715810295327658232,560440930164301351,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2008 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,715810295327658232,560440930164301351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,715810295327658232,560440930164301351,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,715810295327658232,560440930164301351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,715810295327658232,560440930164301351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,715810295327658232,560440930164301351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1992,715810295327658232,560440930164301351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,715810295327658232,560440930164301351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,715810295327658232,560440930164301351,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,715810295327658232,560440930164301351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,715810295327658232,560440930164301351,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq HD-Player.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""

C:\Windows\system32\tasklist.exe

tasklist /FI "IMAGENAME eq BlueStacks X.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 anydesk.com udp
GB 18.244.114.28:80 www.anydesk.com tcp
GB 18.244.114.28:80 www.anydesk.com tcp
GB 18.244.114.28:443 www.anydesk.com tcp
US 8.8.8.8:53 ad-wa.anydesk.com udp
US 104.16.138.209:443 js.hs-scripts.com tcp
DE 167.235.224.171:443 ad-wa.anydesk.com tcp
DE 167.235.224.171:443 ad-wa.anydesk.com tcp
US 104.16.79.142:443 js.usemessages.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 104.18.30.176:443 tracking.g2crowd.com tcp
US 8.8.8.8:53 106.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 209.138.16.104.in-addr.arpa udp
US 8.8.8.8:53 168.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 171.224.235.167.in-addr.arpa udp
US 8.8.8.8:53 142.79.16.104.in-addr.arpa udp
US 104.18.87.42:443 cdn.cookielaw.org tcp
US 104.16.118.116:443 app.hubspot.com tcp
US 104.18.87.42:443 cdn.cookielaw.org tcp
US 104.18.28.127:443 geolocation.onetrust.com tcp
US 104.18.22.183:443 js.hs-banner.com tcp
US 104.17.175.201:443 js.hs-analytics.net tcp
US 104.18.22.183:443 js.hs-banner.com tcp
GB 108.138.233.123:443 www.dwin1.com tcp
GB 52.84.90.8:443 scripts.iconnode.com tcp
GB 18.164.68.15:443 serve.albacross.com tcp
NL 142.250.179.196:443 www.google.com tcp
GB 18.245.187.29:443 lantern.roeyecdn.com tcp
US 104.16.118.116:443 app.hubspot.com tcp
NL 142.250.102.155:443 stats.g.doubleclick.net tcp
IE 34.246.166.36:443 lantern.roeye.com tcp
GB 18.244.114.28:443 www.anydesk.com tcp
US 104.17.173.91:443 static.hsappstatic.net tcp
US 104.17.173.91:443 static.hsappstatic.net tcp
US 104.17.173.91:443 static.hsappstatic.net tcp
US 104.17.173.91:443 static.hsappstatic.net tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 104.16.117.116:443 app.hubspot.com tcp
US 8.8.8.8:53 91.173.17.104.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.16.118.116:443 app.hubspot.com tcp
GB 173.222.211.56:443 snap.licdn.com tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
N/A 224.0.0.251:5353 udp
IE 52.211.97.150:443 new-collect.albacross.com tcp
IT 157.240.231.1:443 connect.facebook.net tcp
DE 159.69.19.197:443 download.anydesk.com tcp
DE 159.69.19.197:443 download.anydesk.com tcp
IT 157.240.231.1:443 connect.facebook.net udp
NL 172.217.168.198:443 12375076.fls.doubleclick.net tcp
NL 172.217.168.198:443 12375076.fls.doubleclick.net tcp
NL 172.217.168.198:443 12375076.fls.doubleclick.net tcp
NL 172.217.168.198:443 12375076.fls.doubleclick.net udp
IT 157.240.231.35:443 www.facebook.com tcp
IT 157.240.231.35:443 www.facebook.com tcp
US 104.18.24.189:443 7940397.fs1.hubspotusercontent-na1.net tcp
DE 195.181.174.174:443 boot.net.anydesk.com tcp
GB 195.181.165.139:443 relay-2cf7befd.net.anydesk.com tcp
GB 18.245.187.82:80 api.playanext.com tcp
VN 14.191.137.86:24502 tcp
VN 14.191.137.86:7070 tcp
VN 14.191.137.86:7070 tcp
US 142.250.69.3:443 beacons.gcp.gvt2.com tcp
GB 195.181.165.139:443 relay-2cf7befd.net.anydesk.com tcp
GB 195.181.165.154:443 relay-98c428ee.net.anydesk.com tcp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:50003 udp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:50003 udp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:50003 udp
GB 18.245.187.59:80 api.playanext.com tcp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:50003 udp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:50003 udp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:50003 udp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:50003 udp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:50003 udp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:50003 udp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:50003 udp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:50003 udp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:50003 udp
VN 14.191.137.86:15952 tcp
VN 14.191.137.86:7070 tcp
VN 14.191.137.86:7070 tcp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
NL 142.250.179.196:443 www.google.com udp
US 216.239.34.180:443 colab.research.google.com tcp
US 216.239.34.180:443 colab.research.google.com tcp
US 216.239.34.180:443 colab.research.google.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
NL 142.251.36.14:443 www.youtube.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
NL 142.251.36.14:443 www.youtube.com udp
NL 142.250.179.196:443 www.google.com udp
NL 142.251.39.97:443 t6tg726r1x-496ff2e9c6d22116-0-colab.googleusercontent.com tcp
NL 142.251.39.97:443 t6tg726r1x-496ff2e9c6d22116-0-colab.googleusercontent.com tcp
NL 142.251.36.10:443 content-autofill.googleapis.com tcp
NL 142.251.39.97:443 t6tg726r1x-496ff2e9c6d22116-0-colab.googleusercontent.com udp
NL 216.58.214.14:443 play.google.com tcp
NL 142.251.36.10:443 content-autofill.googleapis.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
NL 142.250.102.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.179.174:443 accounts.youtube.com tcp
NL 216.58.214.14:443 play.google.com udp
NL 216.58.214.14:443 play.google.com udp
NL 172.217.168.195:443 beacons3.gvt2.com tcp
NL 172.217.168.195:443 beacons3.gvt2.com udp
NL 142.250.102.84:443 accounts.google.com udp
NL 142.250.102.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
NL 142.250.102.84:443 accounts.google.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
NL 142.250.179.196:443 www.google.com udp
NL 142.250.102.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
NL 142.251.36.10:443 content-autofill.googleapis.com udp
GB 142.250.200.35:443 beacons.gvt2.com tcp
GB 142.250.200.35:443 beacons.gvt2.com udp
NL 172.217.168.206:443 www.youtube.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
NL 172.217.168.206:443 www.youtube.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
NL 142.250.179.142:443 www.youtube.com tcp
NL 142.250.179.142:443 www.youtube.com tcp
NL 142.251.36.54:443 i.ytimg.com tcp
NL 142.250.102.84:443 accounts.google.com tcp
NL 142.250.102.84:443 accounts.google.com tcp
NL 142.251.36.10:443 content-autofill.googleapis.com tcp
NL 142.250.102.84:443 accounts.google.com udp
NL 142.251.36.10:443 content-autofill.googleapis.com tcp
NL 142.250.179.196:443 www.google.com tcp
NL 216.58.214.14:443 play.google.com tcp
NL 216.58.214.14:443 play.google.com udp
NL 142.251.36.10:443 content-autofill.googleapis.com udp
NL 142.250.179.138:443 content-autofill.googleapis.com udp
NL 142.250.179.142:443 www.youtube.com udp
NL 142.251.36.54:443 i.ytimg.com udp
NL 216.58.208.98:443 googleads.g.doubleclick.net tcp
NL 216.58.208.98:443 googleads.g.doubleclick.net udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
GB 23.62.195.195:443 cxcs.microsoft.net tcp
GB 184.28.176.9:443 www.bing.com tcp
NL 142.250.102.84:443 accounts.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
NL 142.250.102.84:443 accounts.google.com tcp
JP 34.84.111.50:443 e2c3.gcp.gvt2.com tcp
JP 34.84.111.50:443 e2c3.gcp.gvt2.com tcp
GB 142.250.200.35:443 beacons.gvt2.com tcp
NL 142.250.102.84:443 accounts.google.com udp
NL 142.250.179.174:443 accounts.youtube.com udp
NL 216.58.214.14:443 play.google.com udp
NL 216.58.214.10:443 content-autofill.googleapis.com udp
NL 142.250.179.174:443 accounts.youtube.com tcp
NL 142.250.27.94:443 accounts.google.com.vn tcp
NL 142.250.27.94:443 accounts.google.com.vn tcp
NL 142.251.36.54:443 i.ytimg.com udp
NL 216.58.208.98:443 googleads.g.doubleclick.net udp
NL 142.251.36.1:443 yt3.ggpht.com udp
NL 142.250.179.174:443 accounts.youtube.com udp
NL 142.250.179.138:443 content-autofill.googleapis.com udp
NL 172.217.168.234:443 content-autofill.googleapis.com udp
NL 142.250.179.142:443 www.youtube.com udp
NL 142.250.102.84:443 accounts.google.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
NL 142.250.179.196:443 www.google.com udp
NL 172.217.168.195:443 beacons3.gvt2.com tcp
NL 172.217.168.195:443 beacons3.gvt2.com udp
GB 108.138.233.47:443 www.bluestacks.com tcp
GB 108.138.233.47:443 www.bluestacks.com tcp
US 34.120.235.88:443 webapi-cloud.bluestacks.com tcp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
NL 142.250.102.84:443 accounts.google.com udp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
GB 92.123.140.34:443 cdn-www.bluestacks.com tcp
GB 92.123.140.34:443 cdn-www.bluestacks.com tcp
GB 92.123.140.34:443 cdn-www.bluestacks.com tcp
GB 92.123.140.34:443 cdn-www.bluestacks.com tcp
NL 172.217.23.195:443 google.com.vn tcp
NL 172.217.168.195:443 beacons3.gvt2.com tcp
GB 92.123.142.67:443 cdn.now.gg tcp
GB 92.123.142.67:443 cdn.now.gg tcp
GB 92.123.142.67:443 cdn.now.gg tcp
GB 92.123.142.67:443 cdn.now.gg tcp
GB 92.123.142.67:443 cdn.now.gg tcp
GB 92.123.142.67:443 cdn.now.gg tcp
US 8.8.8.8:53 195.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 cmp.inmobi.com udp
GB 92.123.142.67:443 cdn.now.gg udp
US 8.8.8.8:53 cdn-icon.bluestacks.com udp
GB 92.123.140.34:443 cdn-www.bluestacks.com udp
GB 18.244.114.17:443 cmp.inmobi.com tcp
GB 173.222.211.57:443 cdn-icon.bluestacks.com tcp
GB 173.222.211.57:443 cdn-icon.bluestacks.com tcp
GB 173.222.211.57:443 cdn-icon.bluestacks.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.179.202:443 content-autofill.googleapis.com tcp
GB 18.244.114.17:443 cmp.inmobi.com tcp
US 8.8.8.8:53 17.114.244.18.in-addr.arpa udp
US 8.8.8.8:53 57.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 202.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 cloud.bluestacks.com udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
DE 52.57.223.191:443 api.cmp.inmobi.com tcp
US 8.8.8.8:53 191.223.57.52.in-addr.arpa udp
US 34.160.86.181:443 cloud.bluestacks.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
NL 142.250.102.154:443 stats.g.doubleclick.net tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
NL 172.217.168.195:443 www.google.co.uk tcp
US 34.120.235.88:443 webapi-cloud.bluestacks.com tcp
US 34.120.235.88:443 webapi-cloud.bluestacks.com udp
US 34.160.86.181:443 cloud.bluestacks.com udp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 92.123.142.194:443 ak-build.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
GB 92.123.142.194:443 ak-build.bluestacks.com tcp
NL 216.58.208.98:443 googleads.g.doubleclick.net udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
GB 142.250.200.35:443 beacons.gvt2.com udp
N/A 127.0.0.1:54094 tcp
NL 172.217.23.195:443 google.com.vn udp
NL 172.217.168.195:443 www.google.co.uk udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
N/A 127.0.0.1:54101 tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
N/A 127.0.0.1:49968 tcp
US 34.96.124.47:443 wallet.now.gg tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 8.8.8.8:53 wallet.now.gg udp
US 8.8.8.8:53 wallet.now.gg udp
US 34.96.124.47:443 wallet.now.gg tcp
NL 142.251.36.10:443 fcmregistrations.googleapis.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 storage.googleapis.com udp
NL 216.58.214.27:443 storage.googleapis.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 104.16.51.111:443 support.bluestacks.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 23.200.147.41:80 apps.identrust.com tcp
US 8.8.8.8:53 111.51.16.104.in-addr.arpa udp
US 8.8.8.8:53 41.147.200.23.in-addr.arpa udp
US 8.8.8.8:53 use.fontawesome.com udp
US 104.18.72.113:443 ekr.zdassets.com tcp
US 104.21.27.152:443 use.fontawesome.com tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 104.21.27.152:443 use.fontawesome.com tcp
US 104.16.53.111:443 bluestacks.zendesk.com tcp
US 34.160.86.181:443 cloud.bluestacks.com udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 13.227.146.32:443 widget.kommunicate.io tcp
US 199.232.192.134:443 bluestacks-zendesk-com.disqus.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 104.18.70.113:443 ekr.zdassets.com tcp
US 8.8.8.8:53 disqus.com udp
US 151.101.128.134:443 disqus.com tcp
PL 18.244.102.46:443 c.disquscdn.com tcp
US 8.8.8.8:53 134.192.232.199.in-addr.arpa udp
US 8.8.8.8:53 113.70.18.104.in-addr.arpa udp
US 8.8.8.8:53 106.146.227.13.in-addr.arpa udp
US 104.16.53.111:443 bluestacks.zendesk.com tcp
PL 18.244.146.26:443 cdn.kommunicate.io tcp
US 13.227.146.32:443 widget.kommunicate.io tcp
US 8.8.8.8:53 26.146.244.18.in-addr.arpa udp
US 35.168.191.136:443 api.kommunicate.io tcp
US 34.234.148.15:443 chat.kommunicate.io tcp
US 8.8.8.8:53 15.148.234.34.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 104.18.6.128:443 vn.bignox.com tcp
US 104.18.6.128:443 vn.bignox.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 res02.noxgroup.com udp
US 8.8.8.8:53 res11.bignox.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
NL 172.217.168.195:443 www.google.co.uk udp
US 104.18.6.146:443 res02.noxgroup.com tcp
US 104.18.6.146:443 res02.noxgroup.com tcp
US 104.18.6.146:443 res02.noxgroup.com tcp
US 104.18.6.146:443 res02.noxgroup.com tcp
PL 18.244.102.61:443 res11.bignox.com tcp
PL 18.244.102.61:443 res11.bignox.com tcp
PL 18.244.102.61:443 res11.bignox.com tcp
US 8.8.8.8:53 bi.noxgroup.com udp
US 104.18.6.128:443 vn.bignox.com udp
US 8.8.8.8:53 res06.noxgroup.com udp
US 104.18.6.146:443 res06.noxgroup.com tcp
NL 142.250.179.202:443 fcmregistrations.googleapis.com tcp
US 8.8.8.8:53 res06.bignox.com udp
HK 103.210.21.251:443 bi.noxgroup.com tcp
US 8.8.8.8:53 128.6.18.104.in-addr.arpa udp
US 8.8.8.8:53 146.6.18.104.in-addr.arpa udp
US 8.8.8.8:53 61.102.244.18.in-addr.arpa udp
US 104.18.7.146:443 res06.noxgroup.com tcp
US 104.18.7.146:443 res06.noxgroup.com tcp
US 104.18.7.146:443 res06.noxgroup.com tcp
US 104.18.7.146:443 res06.noxgroup.com tcp
US 104.18.7.146:443 res06.noxgroup.com tcp
US 104.18.7.146:443 res06.noxgroup.com tcp
US 104.18.6.128:443 res06.bignox.com tcp
HK 103.210.21.251:443 bi.noxgroup.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 146.7.18.104.in-addr.arpa udp
US 8.8.8.8:53 251.21.210.103.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 104.18.6.128:443 res06.bignox.com udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp
CN 47.94.233.176:443 api-new.bignox.com tcp
CN 47.94.233.176:443 api-new.bignox.com tcp
US 8.8.8.8:53 support.bignox.com udp
US 8.8.8.8:53 support.bignox.com udp
US 104.18.6.128:443 www.bignox.com tcp
US 104.18.6.128:443 www.bignox.com tcp
US 104.18.6.146:443 res06.noxgroup.com tcp
US 104.18.6.146:443 res06.noxgroup.com tcp
US 104.18.6.146:443 res06.noxgroup.com tcp
US 104.18.6.146:443 res06.noxgroup.com tcp
US 104.18.6.146:443 res06.noxgroup.com tcp
US 104.18.6.146:443 res06.noxgroup.com tcp
US 104.18.7.128:443 www.bignox.com tcp
US 104.18.7.128:443 www.bignox.com tcp
US 104.18.7.128:443 www.bignox.com tcp
US 104.18.6.128:443 www.bignox.com tcp
US 104.18.6.146:443 res06.noxgroup.com tcp
HK 103.210.21.251:443 bi.noxgroup.com tcp
HK 103.210.21.251:443 bi.noxgroup.com tcp
HK 103.210.21.251:443 bi.noxgroup.com tcp
GB 104.86.110.97:443 tcp
GB 184.28.176.9:443 r.bing.com tcp
GB 184.28.176.9:443 r.bing.com tcp
GB 184.28.176.9:443 r.bing.com tcp
GB 184.28.176.9:443 r.bing.com tcp
GB 184.28.176.9:443 r.bing.com tcp
GB 184.28.176.9:443 r.bing.com tcp
US 8.8.8.8:53 browser.pipe.aria.microsoft.com udp
IE 20.50.73.9:443 browser.pipe.aria.microsoft.com tcp
GB 23.200.147.152:443 ow1.res.office365.com tcp
US 8.8.8.8:53 b-ring-fallback.msedge.net udp
US 13.107.9.254:443 b-ring-fallback.msedge.net tcp
US 13.107.253.64:443 fp-afd.azureedge.net tcp
US 8.8.8.8:53 254.9.107.13.in-addr.arpa udp
US 8.8.8.8:53 152.147.200.23.in-addr.arpa udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
GB 184.28.176.49:443 www.bing.com tcp
GB 23.62.195.195:443 cxcs.microsoft.net tcp
US 216.239.32.36:443 region1.google-analytics.com udp
NL 172.217.168.206:443 www.youtube.com udp
HK 103.210.21.251:443 bi.noxgroup.com tcp
GB 163.181.57.232:443 vi.ldplayer.net tcp
GB 163.181.57.232:443 vi.ldplayer.net tcp
HK 103.210.21.251:443 bi.noxgroup.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 172.67.70.36:443 cmp.setupcmp.com tcp
US 172.67.70.36:443 cmp.setupcmp.com tcp
GB 163.181.154.138:443 cdn.ldplayer.net tcp
GB 163.181.154.138:443 cdn.ldplayer.net tcp
GB 163.181.154.138:443 cdn.ldplayer.net tcp
US 8.8.8.8:53 232.57.181.163.in-addr.arpa udp
US 8.8.8.8:53 36.70.67.172.in-addr.arpa udp
US 8.8.8.8:53 138.154.181.163.in-addr.arpa udp
US 172.67.70.36:443 cmp.setupcmp.com tcp
NL 142.250.179.174:443 fundingchoicesmessages.google.com tcp
NL 142.250.179.174:443 fundingchoicesmessages.google.com tcp
GB 163.181.154.180:443 res.ldplayer.net tcp
GB 163.181.154.180:443 res.ldplayer.net tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.179.174:443 fundingchoicesmessages.google.com udp
NL 142.251.36.14:443 apis.google.com tcp
NL 142.250.179.138:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 usersdk.ldmnq.com udp
US 8.8.8.8:53 apivn.ldplayer.net udp
US 8.8.8.8:53 play-lh.googleusercontent.com udp
SG 47.236.4.49:443 usersdk.ldmnq.com tcp
NL 142.251.36.14:443 apis.google.com udp
NL 142.251.36.54:443 play-lh.googleusercontent.com tcp
HK 8.218.183.19:443 apivn.ldplayer.net tcp
HK 8.218.183.19:443 apivn.ldplayer.net tcp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 hm.baidu.com udp
US 204.79.197.237:443 bat.bing.com tcp
NL 142.250.179.174:443 fundingchoicesmessages.google.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
HK 8.218.183.19:443 apivn.ldplayer.net tcp
US 8.8.8.8:53 accounts.google.com udp
CN 14.215.183.79:443 hm.baidu.com tcp
CN 14.215.183.79:443 hm.baidu.com tcp
US 8.8.8.8:53 www.clarity.ms udp
NL 142.250.102.84:443 accounts.google.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
CN 14.215.183.79:443 hm.baidu.com tcp
NL 142.250.102.84:443 accounts.google.com udp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 19.183.218.8.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
GB 163.181.154.180:443 res.ldplayer.net udp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.196:443 www.google.com tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
NL 172.217.168.195:443 www.google.co.uk tcp
NL 142.250.179.196:443 www.google.com udp
NL 172.217.168.195:443 www.google.co.uk udp
US 104.18.31.49:443 stpd.cloud tcp
NL 142.251.36.34:443 www.googletagservices.com tcp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 34.36.251.142.in-addr.arpa udp
NL 142.250.179.162:443 securepubads.g.doubleclick.net tcp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 script.4dex.io udp
PL 18.244.149.66:443 c.amazon-adsystem.com tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 13.227.146.87:443 tagan.adlightning.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
DE 141.95.98.65:443 id5-sync.com tcp
US 104.26.8.169:443 script.4dex.io tcp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 adx.adform.net udp
US 8.8.8.8:53 prebid-eu.creativecdn.com udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 rtb.adxpremium.services udp
US 172.67.68.162:443 prebid-stag.setupad.net tcp
US 172.67.68.162:443 prebid-stag.setupad.net tcp
NL 185.184.8.90:443 prebid-eu.creativecdn.com tcp
NL 147.75.81.235:443 prebid.a-mo.net tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 104.18.11.176:443 mp.4dex.io tcp
NL 89.149.192.193:443 prg.smartadserver.com tcp
DK 37.157.2.228:443 adx.adform.net tcp
US 35.186.253.211:443 rtb.openx.net tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
US 104.26.8.169:443 script.4dex.io tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 104.18.22.145:443 cadmus.script.ac tcp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
PL 18.244.149.66:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 cm.adform.net udp
US 34.98.64.218:443 u.openx.net tcp
PL 18.66.233.117:443 config.aps.amazon-adsystem.com tcp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
US 13.227.146.154:443 aax.amazon-adsystem.com tcp
DK 37.157.6.243:443 cm.adform.net tcp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
US 34.98.64.218:443 u.openx.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 172.67.36.110:443 cdn.hadronid.net tcp
PL 18.244.146.21:443 tags.crwdcntrl.net tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
GB 2.17.68.19:443 secure.cdn.fastclick.net tcp
GB 2.17.68.19:443 secure.cdn.fastclick.net tcp
US 34.149.40.38:443 u.4dex.io tcp
FR 91.134.110.132:443 ssbsync-global.smartadserver.com tcp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 169.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 66.149.244.18.in-addr.arpa udp
US 8.8.8.8:53 65.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 87.146.227.13.in-addr.arpa udp
US 8.8.8.8:53 235.81.75.147.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 176.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 211.253.186.35.in-addr.arpa udp
US 8.8.8.8:53 228.2.157.37.in-addr.arpa udp
US 8.8.8.8:53 193.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 18.140.106.185.in-addr.arpa udp
US 8.8.8.8:53 145.22.18.104.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 243.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 117.233.66.18.in-addr.arpa udp
US 8.8.8.8:53 154.146.227.13.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 110.36.67.172.in-addr.arpa udp
US 8.8.8.8:53 19.68.17.2.in-addr.arpa udp
US 8.8.8.8:53 21.146.244.18.in-addr.arpa udp
US 8.8.8.8:53 38.40.149.34.in-addr.arpa udp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 132.110.134.91.in-addr.arpa udp
US 8.8.8.8:53 162.68.67.172.in-addr.arpa udp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
NL 142.250.179.196:443 www.google.com udp
NL 89.207.16.210:443 proc.ad.cpe.dotomi.com tcp
IE 63.32.135.176:443 bcp.crwdcntrl.net tcp
US 34.98.64.218:443 u.openx.net tcp
US 172.67.68.162:443 prebid-stag.setupad.net tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
IE 67.220.224.150:443 aax-eu.amazon-adsystem.com tcp
US 3.33.220.150:443 match.adsrvr.org tcp
US 8.8.8.8:53 a.ad.gt udp
DE 91.228.74.159:443 cms.quantserve.com tcp
DK 37.157.3.20:443 c1.adform.net tcp
US 172.67.23.234:443 a.ad.gt tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
NL 89.149.192.76:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 eu-u.openx.net udp
US 34.149.40.38:443 u.4dex.io tcp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 151.101.130.49:443 sync-tm.everesttech.net tcp
FR 5.196.111.72:443 rtb-csync.smartadserver.com tcp
US 3.229.202.201:443 pxl.iqm.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
US 52.46.128.147:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 150.224.220.67.in-addr.arpa udp
US 8.8.8.8:53 20.3.157.37.in-addr.arpa udp
US 8.8.8.8:53 159.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 76.192.149.89.in-addr.arpa udp
FR 5.196.111.72:443 rtb-csync.smartadserver.com tcp
NL 178.250.1.9:443 dis.eu.criteo.com tcp
DK 77.243.51.122:443 uipglob.semasio.net tcp
GB 104.82.143.163:443 secure-assets.rubiconproject.com tcp
NL 46.228.164.13:443 d.turn.com tcp
GB 95.100.245.251:443 eus.rubiconproject.com tcp
US 3.33.220.150:443 match.adsrvr.org tcp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
NL 142.250.179.193:443 1f0d59f6f1f21b88749767cc990e7697.safeframe.googlesyndication.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
US 8.8.8.8:53 147.128.46.52.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 122.51.243.77.in-addr.arpa udp
US 8.8.8.8:53 13.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 163.143.82.104.in-addr.arpa udp
US 8.8.8.8:53 251.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 193.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 ice.360yield.com udp
IE 52.51.137.36:443 ice.360yield.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 34.149.40.38:443 u.4dex.io udp
IE 34.249.11.239:443 rtb.gumgum.com tcp
IE 52.214.238.157:443 ce.lijit.com tcp
DE 51.89.9.253:443 onetag-sys.com tcp
DK 77.243.51.122:443 se.semasio.net tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 13.227.146.87:443 tagan.adlightning.com tcp
US 13.227.146.87:443 tagan.adlightning.com tcp
IE 52.49.5.142:443 match.prod.bidr.io tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
IE 79.125.68.228:443 pr-bh.ybp.yahoo.com tcp
IE 52.214.238.157:443 ce.lijit.com tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 52.86.39.66:443 sync.ipredictive.com tcp
US 52.46.128.147:443 s.amazon-adsystem.com tcp
US 104.18.6.198:443 capi.connatix.com tcp
DE 37.252.171.53:443 ib.adnxs.com tcp
NL 147.75.81.235:443 prebid.a-mo.net tcp
NL 142.251.36.6:443 s0.2mdn.net tcp
PL 18.66.233.34:443 live.primis.tech tcp
NL 142.251.36.6:443 s0.2mdn.net udp
US 8.8.8.8:53 228.68.125.79.in-addr.arpa udp
US 8.8.8.8:53 198.6.18.104.in-addr.arpa udp
US 8.8.8.8:53 66.39.86.52.in-addr.arpa udp
US 8.8.8.8:53 53.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 34.233.66.18.in-addr.arpa udp
GB 92.123.140.17:443 code.createjs.com tcp
DE 159.89.25.223:443 node.setupad.com tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
US 8.8.8.8:53 equativ-match.dotomi.com udp
IE 52.49.5.142:443 match.prod.bidr.io tcp
FR 5.196.111.72:443 rtb-csync.smartadserver.com tcp
NL 63.215.202.137:443 equativ-match.dotomi.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 104.21.48.215:443 adxbid.info tcp
NL 147.75.80.51:443 sync.a-mo.net tcp
US 35.186.253.211:443 rtb.openx.net tcp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 223.25.89.159.in-addr.arpa udp
US 52.46.128.147:443 s.amazon-adsystem.com tcp
US 52.73.59.20:443 sync.srv.stackadapt.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 63.215.202.172:443 openx2-match.dotomi.com tcp
FR 5.196.111.72:443 rtb-csync.smartadserver.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 104.19.159.19:443 assets.a-mo.net tcp
US 13.248.245.213:443 eb2.3lift.com tcp
US 35.186.253.211:443 rtb.openx.net udp
US 34.98.64.218:443 setupad-d.openx.net udp
NL 35.214.149.91:443 x.bidswitch.net tcp
DK 37.157.6.243:443 cm.adform.net tcp
FR 91.134.110.132:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 ws.rqtrk.eu udp
NL 198.47.127.18:443 image8.pubmatic.com tcp
US 172.64.151.101:443 ssum.casalemedia.com tcp
IE 34.255.230.198:443 ap.lijit.com tcp
DE 79.127.216.47:443 id.a-mx.com tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
DE 57.129.18.113:443 ws.rqtrk.eu tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 172.64.151.101:443 ssum.casalemedia.com udp
US 8.2.110.113:443 as.ck-ie.com tcp
NL 198.47.127.205:443 simage2.pubmatic.com tcp
NL 147.75.84.158:443 pb-am.a-mo.net tcp
NL 198.47.127.20:443 image4.pubmatic.com tcp
GB 84.17.50.8:443 vid.vidoomy.com tcp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 51.80.75.147.in-addr.arpa udp
US 8.8.8.8:53 172.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 20.59.73.52.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
NL 185.89.208.11:443 prebid.adnxs.com tcp
NL 185.64.189.116:443 ow.pubmatic.com tcp
DE 79.127.216.47:443 id.a-mx.com tcp
US 8.8.8.8:53 198.230.255.34.in-addr.arpa udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 47.216.127.79.in-addr.arpa udp
US 8.8.8.8:53 205.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 113.18.129.57.in-addr.arpa udp
US 8.8.8.8:53 113.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 158.84.75.147.in-addr.arpa udp
US 8.8.8.8:53 20.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 8.50.17.84.in-addr.arpa udp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
GB 89.187.167.38:443 vpaid.vidoomy.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
ES 212.36.83.245:443 a.vidoomy.com tcp
ES 212.36.83.245:443 a.vidoomy.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
IE 34.252.81.219:443 sync.crwdcntrl.net tcp
GB 2.18.108.192:443 ads.pubmatic.com tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
US 8.8.8.8:53 219.81.252.34.in-addr.arpa udp
US 8.8.8.8:53 192.108.18.2.in-addr.arpa udp
US 8.8.8.8:53 19.127.47.198.in-addr.arpa udp
US 172.67.40.173:443 mwzeom.zeotap.com tcp
NL 35.204.158.49:443 um.simpli.fi tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
US 34.111.129.221:443 cr.frontend.weborama.fr udp
US 34.111.131.239:443 idsync.frontend.weborama.fr tcp
CN 14.215.182.140:443 hm.baidu.com tcp
CN 14.215.182.140:443 hm.baidu.com tcp
CN 14.215.182.140:443 hm.baidu.com tcp
GB 185.64.190.81:443 simage4.pubmatic.com tcp
DE 3.127.42.165:443 sonata-notifications.taptapnetworks.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
DE 80.82.210.217:443 cookie.active-agent.com tcp
SE 13.50.192.155:443 d5p.de17a.com tcp
DK 77.243.51.122:443 se.semasio.net tcp
CA 148.113.153.93:443 pixel.onaudience.com tcp
NL 63.215.202.169:443 pubmatic-match.dotomi.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
US 8.8.8.8:53 93.153.113.148.in-addr.arpa udp
US 8.8.8.8:53 169.202.215.63.in-addr.arpa udp
DE 3.120.214.218:443 ps.eyeota.net tcp
CN 111.45.11.83:443 hm.baidu.com tcp
CN 111.45.11.83:443 hm.baidu.com tcp
CN 111.45.11.83:443 hm.baidu.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 89.149.192.193:443 prg.smartadserver.com tcp
US 35.186.253.211:443 rtb.openx.net udp
US 34.149.40.38:443 u.4dex.io udp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
DE 51.89.9.253:443 onetag-sys.com udp
IE 34.249.11.239:443 rtb.gumgum.com tcp
US 13.227.146.48:443 s.ad.smaato.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 185.89.210.90:443 secure.adnxs.com tcp
DE 52.59.252.86:443 match.sharethrough.com tcp
NL 89.149.192.76:443 ssbsync.smartadserver.com tcp
US 34.160.236.64:443 odr.mookie1.com tcp
NL 63.215.202.137:443 amazon-tam-match.dotomi.com tcp
IE 67.220.224.150:443 aax-eu.amazon-adsystem.com tcp
DE 51.89.9.253:443 onetag-sys.com tcp
IE 67.220.224.150:443 aax-eu.amazon-adsystem.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
NL 185.89.210.90:443 secure.adnxs.com tcp
IE 52.49.5.142:443 match.prod.bidr.io tcp
US 52.46.128.147:443 s.amazon-adsystem.com tcp
IE 34.247.205.196:443 usersync.gumgum.com tcp
IE 34.247.205.196:443 usersync.gumgum.com tcp
JP 124.146.153.151:443 tg.socdm.com tcp
NL 35.214.241.248:443 ads.creative-serving.com tcp
IE 34.247.205.196:443 usersync.gumgum.com tcp
US 52.73.59.20:443 sync.srv.stackadapt.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
NL 35.214.241.248:443 ads.creative-serving.com udp
JP 124.146.153.151:443 tg.socdm.com tcp
US 34.98.64.218:443 setupad-d.openx.net udp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 rtb.adentifi.com udp
NL 188.42.63.48:443 dsp-ap.eskimi.com tcp
NL 193.0.160.130:443 p.rfihub.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 35.186.193.173:443 ipac.ctnsnet.com tcp
US 52.0.218.89:443 rtb.adentifi.com tcp
US 50.31.142.255:443 b1sync.zemanta.com tcp
US 8.8.8.8:53 64.236.160.34.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 196.205.247.34.in-addr.arpa udp
US 8.8.8.8:53 248.241.214.35.in-addr.arpa udp
US 8.8.8.8:53 151.153.146.124.in-addr.arpa udp
SI 195.5.165.20:443 core.iprom.net tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 52.73.59.20:443 sync.srv.stackadapt.com tcp
US 52.73.59.20:443 sync.srv.stackadapt.com tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
IE 52.215.155.11:443 cm.adgrx.com tcp
FR 141.95.171.139:443 green.erne.co tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
NL 188.166.17.21:443 match.adsby.bidtheatre.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 52.86.39.66:443 sync.ipredictive.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
FR 54.38.113.5:443 pixel-eu.onaudience.com tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
DE 3.120.214.218:443 ps.eyeota.net tcp
US 104.18.36.155:443 dsum.casalemedia.com udp
US 169.197.150.8:443 match.deepintent.com tcp
DE 159.89.25.223:443 node.setupad.com tcp
US 8.8.8.8:53 21.17.166.188.in-addr.arpa udp
US 8.8.8.8:53 5.113.38.54.in-addr.arpa udp
US 8.8.8.8:53 8.150.197.169.in-addr.arpa udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
NL 193.3.178.3:443 sync.e-planning.net tcp
DE 37.252.171.53:443 ib.adnxs.com tcp
US 3.213.93.141:443 cookies.nextmillmedia.com tcp
NL 193.3.178.2:443 s.e-planning.net tcp
GB 163.181.154.138:443 cdn.ldplayer.net tcp
US 44.193.56.5:443 i.liadm.com tcp
NL 193.3.178.4:443 u-ams03.e-planning.net tcp
US 198.206.157.249:443 imglaunch-us.e-planning.net tcp
NL 46.228.164.11:443 ad.turn.com tcp
NL 193.3.178.3:443 sync.e-planning.net tcp
US 34.160.19.107:443 dmp.brand-display.com tcp
PL 18.244.146.21:443 tags.crwdcntrl.net tcp
US 34.149.40.38:443 u.4dex.io udp
US 8.8.8.8:53 107.19.160.34.in-addr.arpa udp
US 34.96.105.8:443 tr.blismedia.com tcp
PL 18.244.146.21:443 tags.crwdcntrl.net tcp
NL 35.214.162.128:443 csync.loopme.me tcp
DE 23.88.86.2:443 matching.truffle.bid tcp
US 104.18.24.173:443 a.tribalfusion.com tcp
US 8.8.8.8:53 8.105.96.34.in-addr.arpa udp
DE 23.88.86.2:443 matching.truffle.bid tcp
NL 142.250.179.196:443 www.google.com udp
US 51.8.64.151:443 h.clarity.ms tcp
NL 142.251.36.6:443 s0.2mdn.net udp
US 8.8.8.8:53 173.24.18.104.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
NL 142.251.36.14:443 apis.google.com udp
NL 172.217.23.206:443 google.com tcp
NL 142.251.36.14:443 apis.google.com tcp
NL 172.217.23.206:443 google.com tcp
CN 111.45.3.198:443 hm.baidu.com tcp
CN 111.45.3.198:443 hm.baidu.com tcp
CN 111.45.3.198:443 hm.baidu.com tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 97.136.219.8.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com tcp
DE 162.55.120.196:443 matching.truffle.bid tcp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com tcp
US 142.250.69.3:443 beacons.gcp.gvt2.com tcp
DE 162.55.120.196:443 matching.truffle.bid tcp
US 8.8.8.8:53 196.120.55.162.in-addr.arpa udp
US 8.8.8.8:53 h.clarity.ms udp
US 35.186.253.211:443 rtb.openx.net udp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 8.8.8.8:53 prg.smartadserver.com udp
NL 89.149.192.241:443 prg.smartadserver.com tcp
US 8.8.8.8:53 ads.stickyadstv.com udp
NL 154.57.158.116:443 ads.stickyadstv.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 34.149.40.38:443 u.4dex.io udp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
US 8.8.8.8:53 116.158.57.154.in-addr.arpa udp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
DE 37.252.171.53:443 ib.adnxs.com tcp
DE 159.89.25.223:443 node.setupad.com tcp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 54.158.203.221:443 sync.srv.stackadapt.com tcp
US 54.158.203.221:443 sync.srv.stackadapt.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 104.18.36.155:443 dsum.casalemedia.com udp
NL 193.3.178.4:443 u-ams03.e-planning.net tcp
US 8.8.8.8:53 s.company-target.com udp
US 34.96.71.22:443 s.company-target.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
US 8.8.8.8:53 221.203.158.54.in-addr.arpa udp
US 8.8.8.8:53 22.71.96.34.in-addr.arpa udp
US 34.160.236.64:443 odr.mookie1.com tcp
US 104.18.24.173:443 s.tribalfusion.com udp
US 34.95.81.168:443 euexchangesync.digitaleast.mobi tcp
CN 183.240.98.228:443 hm.baidu.com tcp
CN 183.240.98.228:443 hm.baidu.com tcp
CN 183.240.98.228:443 hm.baidu.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 89.149.192.241:443 prg.smartadserver.com tcp
US 35.186.253.211:443 rtb.openx.net udp
IE 34.240.119.244:443 ap.lijit.com tcp
IE 34.240.119.244:443 ap.lijit.com tcp
US 8.8.8.8:53 ce.lijit.com udp
IE 54.171.209.159:443 ce.lijit.com tcp
IE 54.171.209.159:443 ce.lijit.com tcp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
US 34.98.64.218:443 setupad-d.openx.net udp
NL 89.149.192.76:443 ssbsync.smartadserver.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
DE 37.252.171.53:443 ib.adnxs.com tcp
NL 185.89.210.90:443 secure.adnxs.com tcp
US 8.8.8.8:53 sync.ipredictive.com udp
NL 188.42.63.48:443 dsp-ap.eskimi.com tcp
US 54.156.79.63:443 sync.ipredictive.com tcp
US 8.8.8.8:53 ads.pubmatic.com udp
US 54.156.79.63:443 sync.ipredictive.com tcp
US 8.8.8.8:53 244.119.240.34.in-addr.arpa udp
IE 52.211.93.114:443 match.prod.bidr.io tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 8.8.8.8:53 sync.targeting.unrulymedia.com udp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 cs.krushmedia.com udp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 114.93.211.52.in-addr.arpa udp
US 8.8.8.8:53 63.79.156.54.in-addr.arpa udp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 8.8.8.8:53 sync.serverbid.com udp
PL 18.244.146.54:443 sync.serverbid.com tcp
US 8.2.110.134:443 cs.krushmedia.com tcp
US 8.8.8.8:53 54.146.244.18.in-addr.arpa udp
US 8.8.8.8:53 pixel-us-east.rubiconproject.com udp
US 69.173.151.100:443 pixel-us-east.rubiconproject.com tcp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 134.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 100.151.173.69.in-addr.arpa udp
DE 159.89.25.223:443 node.setupad.com tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 51.8.64.151:443 h.clarity.ms tcp
NL 142.251.36.14:443 apis.google.com udp
NL 172.217.23.206:443 google.com udp
NL 89.149.192.241:443 prg.smartadserver.com tcp
US 35.186.253.211:443 rtb.openx.net udp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
DE 159.89.25.223:443 node.setupad.com tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 13.227.146.102:443 apivn.ldmnq.com tcp
US 8.8.8.8:53 102.146.227.13.in-addr.arpa udp
US 8.8.8.8:53 212.96.244.18.in-addr.arpa udp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
SG 8.219.48.146:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 13.227.146.154:443 aax.amazon-adsystem.com tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 172.67.68.162:443 prebid-stag.setupad.net tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
NL 178.250.1.8:443 bidder.criteo.com tcp
DK 37.157.2.228:443 c1.adform.net tcp
US 35.186.253.211:443 rtb.openx.net udp
FR 51.178.195.209:443 prg.smartadserver.com tcp
US 104.18.11.176:443 mp.4dex.io tcp
NL 147.75.85.97:443 prebid.a-mo.net tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
US 8.8.8.8:53 97.85.75.147.in-addr.arpa udp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
DE 37.252.171.53:443 secure.adnxs.com tcp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
NL 35.214.149.91:443 x.bidswitch.net tcp
DE 159.89.25.223:443 node.setupad.com tcp
NL 172.217.168.226:443 googleads.g.doubleclick.net udp
US 51.8.64.151:443 h.clarity.ms tcp
NL 142.250.179.196:443 www.google.com udp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 8.8.8.8:53 en.ldplayer.net udp
US 13.227.146.12:443 ad.ldplayer.net tcp
GB 163.181.57.236:443 en.ldplayer.net tcp
GB 163.181.154.138:443 cdn.ldplayer.net tcp
GB 163.181.154.138:443 cdn.ldplayer.net tcp
GB 163.181.154.138:443 cdn.ldplayer.net tcp
GB 163.181.154.138:443 cdn.ldplayer.net tcp
GB 163.181.154.138:443 cdn.ldplayer.net tcp
US 8.8.8.8:53 236.57.181.163.in-addr.arpa udp
US 8.8.8.8:53 12.146.227.13.in-addr.arpa udp
US 8.8.8.8:53 advertise.ldplayer.net udp
US 8.8.8.8:53 www.facebook.com udp
GB 79.133.176.235:443 advertise.ldplayer.net tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 www.facebook.com udp
IT 157.240.231.35:443 www.facebook.com tcp
GB 163.181.154.180:443 res.ldplayer.net tcp
US 8.8.8.8:53 235.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
IT 157.240.231.1:443 static.xx.fbcdn.net tcp
IT 157.240.231.1:443 static.xx.fbcdn.net tcp
IT 157.240.231.1:443 static.xx.fbcdn.net tcp
IT 157.240.231.1:443 static.xx.fbcdn.net tcp
IT 157.240.231.1:443 static.xx.fbcdn.net tcp
IT 157.240.231.1:443 static.xx.fbcdn.net tcp
SG 8.219.136.97:443 middledata.ldplayer.net tcp
US 8.8.8.8:53 fbcdn.net udp
GB 163.181.154.180:443 res.ldplayer.net tcp
IT 157.240.231.35:443 fbsbx.com tcp
GB 163.181.154.180:443 res.ldplayer.net tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 8.8.8.8:53 vi.ldplayer.net udp
GB 163.181.57.231:443 vi.ldplayer.net tcp
GB 163.181.57.231:443 vi.ldplayer.net tcp
US 8.8.8.8:53 231.57.181.163.in-addr.arpa udp
US 8.8.8.8:53 cdn.ldplayer.net udp
US 172.67.70.36:443 cmp.setupcmp.com tcp
GB 163.181.154.138:443 cdn.ldplayer.net tcp
GB 163.181.154.138:443 cdn.ldplayer.net tcp
US 13.227.146.102:80 apivn.ldmnq.com tcp
US 13.227.146.102:443 apivn.ldmnq.com tcp
GB 79.133.176.235:443 advertise.ldplayer.net tcp
US 13.227.146.12:443 ad.ldplayer.net tcp
NL 142.250.179.174:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 www.youtube.com udp
NL 172.217.168.206:443 www.youtube.com tcp
NL 172.217.168.206:443 www.youtube.com tcp
GB 163.181.154.180:443 res.ldplayer.net tcp
US 8.8.8.8:53 ldcdn.ldmnq.com udp
GB 163.181.57.231:443 ldcdn.ldmnq.com tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 172.217.168.206:443 www.youtube.com udp
NL 142.250.179.214:443 i.ytimg.com tcp
GB 163.181.154.180:443 res.ldplayer.net tcp
GB 163.181.154.180:443 res.ldplayer.net tcp
NL 142.250.179.174:443 www.youtube.com udp
PL 18.66.233.89:443 encdn.ldmnq.com tcp
PL 18.66.233.89:443 encdn.ldmnq.com tcp
PL 18.66.233.89:443 encdn.ldmnq.com tcp
PL 18.66.233.89:443 encdn.ldmnq.com tcp
PL 18.66.233.89:443 encdn.ldmnq.com tcp
PL 18.66.233.89:443 encdn.ldmnq.com tcp
PL 18.66.233.89:443 encdn.ldmnq.com tcp
US 104.18.31.49:443 stpd.cloud tcp
US 104.18.31.49:443 stpd.cloud tcp
NL 142.251.36.14:443 www.youtube.com tcp
NL 172.217.168.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 214.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 89.233.66.18.in-addr.arpa udp
US 8.8.8.8:53 apivn.ldplayer.net udp
US 8.8.8.8:53 usersdk.ldmnq.com udp
NL 142.251.36.14:443 www.youtube.com udp
US 13.227.146.102:443 apivn.ldmnq.com tcp
HK 8.218.183.19:443 apivn.ldplayer.net tcp
NL 142.251.36.34:443 www.googletagservices.com tcp
SG 8.219.223.66:443 usersdk.ldmnq.com tcp
NL 172.217.168.226:443 googleads.g.doubleclick.net udp
HK 8.218.183.19:443 apivn.ldplayer.net tcp
SG 8.219.223.66:443 usersdk.ldmnq.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.102.84:443 accounts.google.com tcp
NL 142.250.179.162:443 securepubads.g.doubleclick.net tcp
NL 142.250.179.162:443 securepubads.g.doubleclick.net tcp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.251.36.10:443 jnn-pa.googleapis.com tcp
NL 142.251.36.10:443 jnn-pa.googleapis.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.10:443 jnn-pa.googleapis.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.10:443 jnn-pa.googleapis.com udp
NL 142.250.102.84:443 accounts.google.com udp
US 8.8.8.8:53 tagan.adlightning.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
ES 18.67.239.90:443 c.amazon-adsystem.com tcp
US 151.101.129.229:443 cdn.jsdelivr.net udp
US 13.227.146.37:443 tagan.adlightning.com tcp
US 13.227.146.37:443 tagan.adlightning.com tcp
ES 18.67.239.90:443 c.amazon-adsystem.com tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
NL 216.58.214.14:443 play.google.com tcp
NL 216.58.214.14:443 play.google.com tcp
NL 216.58.214.14:443 play.google.com tcp
NL 216.58.214.14:443 play.google.com tcp
NL 216.58.214.14:443 play.google.com tcp
US 8.8.8.8:53 90.239.67.18.in-addr.arpa udp
NL 216.58.214.14:443 play.google.com udp
US 8.8.8.8:53 play-lh.googleusercontent.com udp
NL 142.251.36.54:443 play-lh.googleusercontent.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 163.181.154.180:443 res.ldplayer.net tcp
NL 142.250.179.131:80 o.pki.goog tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 13.227.146.154:443 aax.amazon-adsystem.com tcp
NL 142.250.179.131:80 o.pki.goog tcp
PL 18.66.233.67:443 config.aps.amazon-adsystem.com tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
US 172.67.36.110:443 cdn.hadronid.net tcp
PL 18.244.146.43:443 tags.crwdcntrl.net tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 172.67.23.234:443 a.ad.gt tcp
PL 18.66.233.67:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 proc.ad.cpe.dotomi.com udp
IE 99.80.89.220:443 bcp.crwdcntrl.net tcp
NL 63.215.202.146:443 proc.ad.cpe.dotomi.com tcp
US 8.8.8.8:53 43.146.244.18.in-addr.arpa udp
US 8.8.8.8:53 67.233.66.18.in-addr.arpa udp
US 8.8.8.8:53 220.89.80.99.in-addr.arpa udp
US 8.8.8.8:53 146.202.215.63.in-addr.arpa udp
GB 163.181.154.180:443 res.ldplayer.net tcp
US 104.22.4.69:443 a.ad.gt tcp
GB 163.181.154.180:443 res.ldplayer.net tcp
GB 163.181.154.138:443 cdn.ldplayer.net tcp
US 172.67.70.36:443 cmp.setupcmp.com tcp
US 172.67.70.36:443 cmp.setupcmp.com tcp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
US 172.67.68.162:443 prebid-stag.setupad.net tcp
US 172.67.68.162:443 prebid-stag.setupad.net tcp
US 104.18.11.176:443 mp.4dex.io tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
FR 51.178.195.209:443 prg.smartadserver.com tcp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
US 35.186.253.211:443 rtb.openx.net tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 147.75.85.97:443 prebid.a-mo.net tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 104.26.8.169:443 script.4dex.io tcp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
DK 37.157.6.254:443 adx.adform.net tcp
US 104.26.8.169:443 script.4dex.io tcp
US 104.18.22.145:443 cadmus.script.ac tcp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
NL 142.250.179.196:443 www.google.com udp
US 35.244.159.8:443 u.openx.net tcp
NL 178.250.1.11:443 dnacdn.net tcp
US 35.244.159.8:443 u.openx.net udp
IE 52.211.208.99:443 ice.360yield.com tcp
DK 37.157.6.243:443 adx.adform.net tcp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 254.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 99.208.211.52.in-addr.arpa udp
NL 89.149.192.76:443 ssbsync-global.smartadserver.com tcp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 onetag-sys.com udp
DE 51.89.9.253:443 onetag-sys.com tcp
NL 142.250.179.174:443 accounts.youtube.com udp
US 8.8.8.8:53 sync.mathtag.com udp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 154.57.158.116:443 ads.stickyadstv.com tcp
DE 37.252.171.53:443 secure.adnxs.com tcp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 t.adx.opera.com udp
US 80.77.87.163:443 cs.admanmedia.com tcp
DE 51.89.9.253:443 onetag-sys.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 spl.zeotap.com udp
US 216.200.232.253:443 sync.mathtag.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
US 104.22.50.98:443 spl.zeotap.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 34.149.40.38:443 u.4dex.io tcp
US 52.46.155.104:443 s.amazon-adsystem.com tcp
GB 2.18.108.192:443 ads.pubmatic.com tcp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
NL 142.250.179.193:443 2f0913d9f12d31c28968bd335bdb44bd.safeframe.googlesyndication.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 104.155.46.52.in-addr.arpa udp
US 34.149.40.38:443 u.4dex.io udp
DE 159.89.25.223:443 node.setupad.com tcp
NL 185.235.87.218:443 ag.gbc.criteo.com tcp
NL 185.235.87.11:443 gem.gbc.criteo.com tcp
NL 185.235.87.218:443 ag.gbc.criteo.com tcp
NL 185.235.87.11:443 gem.gbc.criteo.com tcp
PL 18.244.102.5:443 setupad-tagan.adlightning.com tcp
PL 18.244.102.5:443 setupad-tagan.adlightning.com tcp
PL 18.244.102.5:443 setupad-tagan.adlightning.com tcp
PL 18.244.102.5:443 setupad-tagan.adlightning.com tcp
PL 18.244.102.5:443 setupad-tagan.adlightning.com tcp
PL 18.244.102.5:443 setupad-tagan.adlightning.com tcp
US 104.21.48.215:443 adxbid.info tcp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 3.33.220.150:443 match.adsrvr.org tcp
US 3.229.202.201:443 pxl.iqm.com tcp
NL 89.149.192.74:443 rtb-csync.smartadserver.com tcp
NL 89.149.192.74:443 rtb-csync.smartadserver.com tcp
NL 145.40.97.77:443 sync.a-mo.net tcp
US 13.248.245.213:443 eb2.3lift.com tcp
US 8.8.8.8:53 74.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 77.97.40.145.in-addr.arpa udp
US 104.19.159.19:443 assets.a-mo.net tcp
GB 95.100.245.168:80 x2.i.lencr.org tcp
FR 91.134.110.133:443 ssbsync.smartadserver.com tcp
US 13.248.245.213:443 eb2.3lift.com tcp
FR 91.134.110.133:443 ssbsync.smartadserver.com tcp
US 8.2.110.113:443 as.ck-ie.com tcp
GB 89.187.167.38:443 vid.vidoomy.com tcp
US 104.18.36.155:443 dsum.casalemedia.com tcp
US 8.8.8.8:53 133.110.134.91.in-addr.arpa udp
DE 35.156.61.253:443 match.sharethrough.com tcp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
GB 89.187.167.38:443 vpaid.vidoomy.com tcp
US 8.8.8.8:53 creativecdn.com udp
DK 37.157.6.243:443 adx.adform.net tcp
US 35.186.253.211:443 rtb.openx.net udp
US 104.18.31.49:443 stpd.cloud tcp
NL 185.184.8.90:443 creativecdn.com tcp
GB 2.18.108.192:443 ads.pubmatic.com tcp
US 35.186.253.211:443 rtb.openx.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 104.26.8.169:443 script.4dex.io tcp
US 8.8.8.8:53 253.61.156.35.in-addr.arpa udp
ES 212.36.83.246:443 a.vidoomy.com tcp
US 172.67.68.162:443 prebid-stag.setupad.net tcp
FR 51.178.195.209:443 prg.smartadserver.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 147.75.85.97:443 sync.a-mo.net tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
US 104.18.11.176:443 mp.4dex.io tcp
FR 51.178.195.209:443 prg.smartadserver.com tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
US 104.26.8.169:443 script.4dex.io tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 172.67.68.162:443 prebid-stag.setupad.net tcp
US 172.67.68.162:443 prebid-stag.setupad.net tcp
US 172.67.68.162:443 prebid-stag.setupad.net tcp
US 13.227.146.154:443 aax.amazon-adsystem.com tcp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
IE 99.80.89.220:443 bcp.crwdcntrl.net tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
IE 63.33.54.152:443 ap.lijit.com tcp
IE 52.95.115.196:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 152.54.33.63.in-addr.arpa udp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 193.3.178.3:443 ads.us.e-planning.net tcp
US 8.8.8.8:53 cebfe31ac5e6a70393ab827e6c35dacb.safeframe.googlesyndication.com udp
NL 142.250.179.193:443 cebfe31ac5e6a70393ab827e6c35dacb.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 16ed754104a7b8450d33315c7ad90c06.safeframe.googlesyndication.com udp
US 8.8.8.8:53 196.115.95.52.in-addr.arpa udp
PL 18.244.102.5:443 setupad-tagan.adlightning.com tcp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
DE 35.156.61.253:443 match.sharethrough.com tcp
DE 37.252.171.53:443 secure.adnxs.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 s.company-target.com udp
US 8.8.8.8:53 dsp.adfarm1.adition.com udp
US 8.8.8.8:53 sync.adotmob.com udp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 user-sync.adxpremium.services udp
US 34.96.71.22:443 s.company-target.com tcp
US 13.227.146.25:443 s.ad.smaato.net tcp
DE 85.114.159.118:443 dsp.adfarm1.adition.com tcp
FR 45.137.176.88:443 sync.adotmob.com tcp
NL 89.149.192.74:443 rtb-csync.smartadserver.com tcp
DE 159.89.25.223:443 node.setupad.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
GB 104.82.143.163:443 secure-assets.rubiconproject.com tcp
US 8.8.8.8:53 25.146.227.13.in-addr.arpa udp
US 8.8.8.8:53 118.159.114.85.in-addr.arpa udp
US 8.8.8.8:53 88.176.137.45.in-addr.arpa udp
GB 95.100.245.251:443 eus.rubiconproject.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
NL 145.40.97.77:443 sync.a-mo.net tcp
IE 54.228.88.178:443 ms-cookie-sync.presage.io tcp
DE 57.129.18.109:443 wt.rqtrk.eu tcp
US 8.2.110.113:443 as.ck-ie.com tcp
NL 35.214.162.128:443 csync.loopme.me tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
NL 142.250.179.129:443 cdn.ampproject.org tcp
DE 57.129.18.109:443 wt.rqtrk.eu tcp
DK 37.157.3.20:443 c1.adform.net tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 109.18.129.57.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
ES 212.36.83.246:443 a.vidoomy.com tcp
ES 212.36.83.246:443 a.vidoomy.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
IT 157.240.231.35:443 fbsbx.com tcp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
NL 216.58.214.14:443 play.google.com udp
US 13.227.146.154:443 aax.amazon-adsystem.com tcp
US 172.67.68.162:443 prebid-stag.setupad.net tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
DK 37.157.2.228:443 c1.adform.net tcp
US 35.186.253.211:443 rtb.openx.net udp
NL 147.75.85.97:443 sync.a-mo.net tcp
FR 51.178.195.209:443 prg.smartadserver.com tcp
US 104.18.11.176:443 mp.4dex.io tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 35.186.253.211:443 rtb.openx.net tcp
NL 185.235.87.17:443 gem.gbc.criteo.com tcp
DK 37.157.2.228:443 c1.adform.net tcp
NL 147.75.85.97:443 sync.a-mo.net tcp
FR 51.178.195.209:443 prg.smartadserver.com tcp
US 13.227.146.154:443 aax.amazon-adsystem.com tcp
NL 185.235.87.198:443 ag.gbc.criteo.com tcp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
NL 185.235.87.198:443 ag.gbc.criteo.com tcp
NL 185.235.87.17:443 gem.gbc.criteo.com tcp
US 140.99.245.61:443 leomoon.com tcp
US 140.99.245.61:443 leomoon.com tcp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
NL 172.217.168.226:443 googleads.g.doubleclick.net udp
NL 142.250.179.196:443 www.google.com udp
DE 159.89.25.223:443 node.setupad.com tcp
NL 185.235.87.218:443 ag.gbc.criteo.com tcp
NL 185.235.87.11:443 gem.gbc.criteo.com tcp
NL 185.235.87.218:443 ag.gbc.criteo.com tcp
NL 185.235.87.11:443 gem.gbc.criteo.com tcp
NL 142.250.179.214:443 i.ytimg.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 104.26.8.169:443 script.4dex.io tcp
NL 142.251.36.10:443 jnn-pa.googleapis.com udp
US 172.67.68.162:443 prebid-stag.setupad.net tcp
FR 51.178.195.209:443 prg.smartadserver.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
DK 37.157.6.254:443 adx.adform.net tcp
NL 147.75.85.97:443 sync.a-mo.net tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 104.18.11.176:443 mp.4dex.io tcp
US 104.26.8.169:443 script.4dex.io tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 13.227.146.154:443 aax.amazon-adsystem.com tcp
DK 37.157.6.243:443 adx.adform.net tcp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
US 8.8.8.8:53 55832a3d3260d7a92adb94d95b397fd8.safeframe.googlesyndication.com udp
NL 142.250.179.193:443 55832a3d3260d7a92adb94d95b397fd8.safeframe.googlesyndication.com tcp
DE 159.89.25.223:443 node.setupad.com tcp
US 8.8.8.8:53 sync.adkernel.com udp
FR 45.137.176.88:443 sync.adotmob.com tcp
US 3.33.220.150:443 match.adsrvr.org tcp
NL 35.214.162.128:443 csync.loopme.me tcp
US 3.229.202.201:443 pxl.iqm.com tcp
NL 145.40.97.77:443 sync.a-mo.net tcp
NL 77.245.57.72:443 sync.adkernel.com tcp
US 8.8.8.8:53 72.57.245.77.in-addr.arpa udp
US 8.8.8.8:53 gum.criteo.com udp
NL 142.250.179.193:443 c9109865cf8eaa10e137aa07144f6796.safeframe.googlesyndication.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
DE 159.89.25.223:443 node.setupad.com tcp
NL 145.40.97.77:443 sync.a-mo.net tcp
NL 89.149.192.74:443 rtb-csync.smartadserver.com tcp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 b1sync.zemanta.com udp
NL 89.149.192.74:443 rtb-csync.smartadserver.com tcp
NL 89.149.192.74:443 rtb-csync.smartadserver.com tcp
US 64.74.236.63:443 b1sync.zemanta.com tcp
US 13.248.245.213:443 eb2.3lift.com tcp
DE 35.156.61.253:443 match.sharethrough.com tcp
US 52.46.155.104:443 s.amazon-adsystem.com tcp
DE 57.129.18.109:443 wt.rqtrk.eu tcp
US 13.248.245.213:443 eb2.3lift.com tcp
DE 35.156.61.253:443 match.sharethrough.com tcp
US 8.2.110.113:443 as.ck-ie.com tcp
US 104.18.36.155:443 dsum.casalemedia.com tcp
US 51.8.64.151:443 h.clarity.ms tcp
US 209.192.201.180:443 user-sync.adxpremium.services tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
DK 37.157.6.243:443 adx.adform.net tcp
ES 212.36.83.246:443 a.vidoomy.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 8.8.8.8:53 ads.pubmatic.com udp
IE 63.33.54.152:443 ap.lijit.com tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
NL 185.235.87.25:443 gem.gbc.criteo.com tcp
NL 185.235.87.208:443 ag.gbc.criteo.com tcp
NL 185.235.87.208:443 ag.gbc.criteo.com tcp
NL 185.235.87.25:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
NL 185.235.87.198:443 ag.gbc.criteo.com tcp
NL 185.235.87.198:443 ag.gbc.criteo.com tcp
NL 185.235.87.17:443 gem.gbc.criteo.com tcp
NL 185.235.87.17:443 gem.gbc.criteo.com tcp
NL 185.235.87.218:443 ag.gbc.criteo.com tcp
NL 185.235.87.11:443 gem.gbc.criteo.com tcp
NL 185.235.87.218:443 ag.gbc.criteo.com tcp
NL 185.235.87.11:443 gem.gbc.criteo.com tcp
NL 216.58.214.14:443 play.google.com udp
NL 185.235.87.10:443 gem.gbc.criteo.com tcp
NL 185.235.87.204:443 ag.gbc.criteo.com tcp
NL 185.235.87.204:443 ag.gbc.criteo.com tcp
NL 185.235.87.10:443 gem.gbc.criteo.com tcp
NL 185.235.87.208:443 ag.gbc.criteo.com tcp
NL 185.235.87.208:443 ag.gbc.criteo.com tcp
NL 185.235.87.25:443 gem.gbc.criteo.com tcp
NL 185.235.87.25:443 gem.gbc.criteo.com tcp
NL 185.235.87.198:443 ag.gbc.criteo.com tcp
NL 185.235.87.17:443 gem.gbc.criteo.com tcp
NL 185.235.87.17:443 gem.gbc.criteo.com tcp
NL 185.235.87.198:443 ag.gbc.criteo.com tcp
US 13.227.146.154:443 aax.amazon-adsystem.com tcp
US 35.186.253.211:443 rtb.openx.net udp
NL 185.184.8.90:443 creativecdn.com tcp
NL 185.106.140.18:443 rtb.adxpremium.services tcp
NL 147.75.85.97:443 sync.a-mo.net tcp
US 8.8.8.8:53 prg.smartadserver.com udp
NL 178.250.1.8:443 bidder.criteo.com tcp
FR 178.32.210.227:443 prg.smartadserver.com tcp
DK 37.157.6.254:443 adx.adform.net tcp
US 104.18.10.176:443 mp.4dex.io tcp
US 104.26.8.178:443 prebid-stag.setupad.net tcp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
DE 37.252.171.53:443 secure.adnxs.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
NL 142.250.179.193:443 1f0d59f6f1f21b88749767cc990e7697.safeframe.googlesyndication.com udp
NL 172.217.168.226:443 googleads.g.doubleclick.net udp
NL 142.250.179.196:443 www.google.com udp
DE 159.89.25.223:443 node.setupad.com tcp
NL 185.235.87.7:443 gem.gbc.criteo.com tcp
NL 185.235.87.210:443 ag.gbc.criteo.com tcp
NL 185.235.87.210:443 ag.gbc.criteo.com tcp
NL 185.235.87.7:443 gem.gbc.criteo.com tcp
NL 185.235.87.204:443 ag.gbc.criteo.com tcp
NL 185.235.87.204:443 ag.gbc.criteo.com tcp
NL 185.235.87.10:443 gem.gbc.criteo.com tcp
NL 185.235.87.10:443 gem.gbc.criteo.com tcp
NL 185.235.87.25:443 gem.gbc.criteo.com tcp
NL 185.235.87.208:443 ag.gbc.criteo.com tcp
NL 185.235.87.208:443 ag.gbc.criteo.com tcp
NL 185.235.87.25:443 gem.gbc.criteo.com tcp
US 51.8.64.151:443 h.clarity.ms tcp
NL 185.235.87.23:443 gem.gbc.criteo.com tcp
NL 185.235.87.199:443 ag.gbc.criteo.com tcp
NL 185.235.87.199:443 ag.gbc.criteo.com tcp
NL 185.235.87.23:443 gem.gbc.criteo.com tcp
NL 185.235.87.210:443 ag.gbc.criteo.com tcp
NL 185.235.87.210:443 ag.gbc.criteo.com tcp
NL 185.235.87.7:443 gem.gbc.criteo.com tcp
NL 185.235.87.7:443 gem.gbc.criteo.com tcp
NL 185.235.87.204:443 ag.gbc.criteo.com tcp
NL 185.235.87.10:443 gem.gbc.criteo.com tcp
GB 104.86.110.97:443 tcp
US 150.171.70.254:443 mcr-ring.msedge.net tcp
US 52.123.129.254:443 dual-s-ring.msedge.net tcp
US 13.107.253.64:443 fp-afd-nocache-ccp.azureedge.net tcp
NL 185.235.87.10:443 gem.gbc.criteo.com tcp
NL 185.235.87.204:443 ag.gbc.criteo.com tcp
GB 184.28.176.9:443 r.bing.com tcp
NL 185.235.87.9:443 gem.gbc.criteo.com tcp
NL 172.217.168.226:443 googleads.g.doubleclick.net udp
NL 185.235.87.9:443 gem.gbc.criteo.com tcp
NL 185.235.87.222:443 ag.gbc.criteo.com tcp
NL 185.235.87.222:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.179.142:443 www.youtube.com udp
IT 157.240.231.35:443 www.facebook.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 h.clarity.ms udp
US 216.239.32.36:443 region1.analytics.google.com udp
NL 172.217.168.195:443 www.google.co.uk udp
US 13.107.21.237:443 bat.bing.com tcp
US 51.8.64.151:443 h.clarity.ms tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
GB 79.133.176.211:443 bsxplayerv2.bluestacks.com tcp
GB 79.133.176.211:443 bsxplayerv2.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
GB 92.123.142.194:443 ak-build.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 8.8.8.8:53 bsxplayerv2.bluestacks.com udp
US 8.8.8.8:53 dev-x.bstkinternal.net udp
SG 8.214.38.30:443 dev-x.bstkinternal.net tcp
GB 79.133.176.223:443 bsxplayerv2.bluestacks.com tcp
US 8.8.8.8:53 211.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 bst-launcher-sgp.bluestacks.cn udp
SG 8.214.38.30:443 dev-x.bstkinternal.net tcp
GB 79.133.176.166:443 bst-launcher-sgp.bluestacks.cn tcp
US 8.8.8.8:53 223.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 30.38.214.8.in-addr.arpa udp
US 8.8.8.8:53 166.176.133.79.in-addr.arpa udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
GB 92.123.143.232:443 cloud-api-cdn.bluestacks.com tcp
US 13.227.146.78:443 now.gg tcp
GB 92.123.142.210:443 cdn-bgp.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
GB 173.222.211.57:443 cdn-icon.bluestacks.com tcp
GB 173.222.211.57:443 cdn-icon.bluestacks.com tcp
GB 173.222.211.57:443 cdn-icon.bluestacks.com tcp
GB 173.222.211.57:443 cdn-icon.bluestacks.com tcp
GB 173.222.211.57:443 cdn-icon.bluestacks.com tcp
US 8.8.8.8:53 210.142.123.92.in-addr.arpa udp
GB 92.123.142.194:443 ak-build.bluestacks.com tcp
GB 92.123.142.194:443 ak-build.bluestacks.com tcp
GB 92.123.142.210:443 cdn-bgp.bluestacks.com tcp
GB 92.123.142.210:443 cdn-bgp.bluestacks.com tcp
GB 92.123.142.210:443 cdn-bgp.bluestacks.com tcp
GB 92.123.142.210:443 cdn-bgp.bluestacks.com tcp
GB 92.123.142.210:443 cdn-bgp.bluestacks.com tcp
GB 92.123.142.210:443 cdn-bgp.bluestacks.com tcp
GB 92.123.142.210:443 cdn-bgp.bluestacks.com tcp
GB 92.123.142.210:443 cdn-bgp.bluestacks.com tcp
GB 92.123.142.210:443 cdn-bgp.bluestacks.com tcp
GB 92.123.142.210:443 cdn-bgp.bluestacks.com tcp
GB 92.123.142.210:443 cdn-bgp.bluestacks.com tcp
GB 92.123.142.67:443 cdn.now.gg tcp
GB 92.123.142.67:443 cdn.now.gg tcp
GB 92.123.142.67:443 cdn.now.gg tcp
GB 92.123.142.67:443 cdn.now.gg tcp
GB 92.123.142.67:443 cdn.now.gg tcp
GB 92.123.142.67:443 cdn.now.gg tcp
GB 92.123.142.67:443 cdn.now.gg tcp
GB 92.123.142.67:443 cdn.now.gg tcp
GB 92.123.142.67:443 cdn.now.gg tcp
GB 92.123.142.67:443 cdn.now.gg tcp
US 8.8.8.8:53 cdn-bgp.bluestacks.com udp
GB 92.123.142.210:443 cdn-bgp.bluestacks.com tcp
GB 92.123.142.210:443 cdn-bgp.bluestacks.com tcp
GB 92.123.143.232:443 cloud-api-cdn.bluestacks.com tcp
GB 92.123.143.232:443 cloud-api-cdn.bluestacks.com tcp
GB 92.123.143.232:443 cloud-api-cdn.bluestacks.com tcp
GB 92.123.143.232:443 cloud-api-cdn.bluestacks.com tcp
GB 92.123.143.232:443 cloud-api-cdn.bluestacks.com tcp
GB 92.123.143.232:443 cloud-api-cdn.bluestacks.com tcp
US 8.8.8.8:53 cdn-icon.bluestacks.com udp
GB 173.222.211.57:443 cdn-icon.bluestacks.com tcp
GB 173.222.211.57:443 cdn-icon.bluestacks.com tcp
GB 173.222.211.57:443 cdn-icon.bluestacks.com tcp
GB 173.222.211.57:443 cdn-icon.bluestacks.com tcp
GB 173.222.211.57:443 cdn-icon.bluestacks.com tcp
GB 173.222.211.57:443 cdn-icon.bluestacks.com tcp
US 8.8.8.8:53 app-page-details-prod.bstkinternal.net udp
US 34.111.56.14:443 app-page-details-prod.bstkinternal.net tcp
US 34.111.56.14:443 app-page-details-prod.bstkinternal.net tcp
NL 142.250.179.142:443 www.youtube.com tcp
US 8.8.8.8:53 14.56.111.34.in-addr.arpa udp
GB 92.123.140.34:443 cdn-www.bluestacks.com tcp
GB 92.123.140.34:443 cdn-www.bluestacks.com tcp
GB 92.123.140.34:443 cdn-www.bluestacks.com tcp
GB 92.123.140.34:443 cdn-www.bluestacks.com tcp
GB 92.123.140.34:443 cdn-www.bluestacks.com tcp
GB 92.123.140.34:443 cdn-www.bluestacks.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.10:443 jnn-pa.googleapis.com tcp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.214:443 i.ytimg.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.214:443 i.ytimg.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 216.58.214.14:443 play.google.com tcp
NL 216.58.214.14:443 play.google.com tcp
NL 216.58.214.14:443 play.google.com tcp
NL 216.58.214.14:443 play.google.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
GB 173.222.211.57:443 cdn-icon.bluestacks.com tcp
GB 173.222.211.57:443 cdn-icon.bluestacks.com tcp
GB 173.222.211.57:443 cdn-icon.bluestacks.com tcp
GB 173.222.211.57:443 cdn-icon.bluestacks.com tcp
GB 173.222.211.57:443 cdn-icon.bluestacks.com tcp
GB 173.222.211.57:443 cdn-icon.bluestacks.com tcp
GB 92.123.140.34:443 cdn-www.bluestacks.com tcp
GB 92.123.140.34:443 cdn-www.bluestacks.com tcp
GB 92.123.142.67:443 cdn.now.gg tcp
GB 92.123.142.67:443 cdn.now.gg tcp
GB 92.123.140.34:443 cdn-www.bluestacks.com tcp
GB 92.123.140.34:443 cdn-www.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 13.227.146.78:443 now.gg tcp
US 13.227.146.78:443 now.gg tcp
US 8.8.8.8:53 cdn.now.gg udp
GB 92.123.142.67:443 cdn.now.gg tcp
US 8.8.8.8:53 sessions.bugsnag.com udp
US 35.190.88.7:443 sessions.bugsnag.com tcp
US 8.8.8.8:53 cmp.inmobi.com udp
US 13.227.146.65:443 cmp.inmobi.com tcp
US 35.190.88.7:443 sessions.bugsnag.com tcp
US 8.8.8.8:53 7.88.190.35.in-addr.arpa udp
GB 92.123.142.67:443 cdn.now.gg udp
US 35.190.88.7:443 sessions.bugsnag.com udp
US 8.8.8.8:53 65.146.227.13.in-addr.arpa udp
US 13.227.146.65:443 cmp.inmobi.com tcp
US 148.135.238.142:9031 udp
US 8.8.8.8:53 api.cmp.inmobi.com udp
DE 52.57.223.191:443 api.cmp.inmobi.com tcp
DE 52.57.223.191:443 api.cmp.inmobi.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 216.239.32.36:443 region1.analytics.google.com tcp
NL 172.217.168.195:443 www.google.co.uk tcp
NL 142.250.102.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 157.102.250.142.in-addr.arpa udp
NL 216.58.214.14:443 play.google.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 34.160.86.181:443 cloud.bluestacks.com udp
US 8.8.8.8:53 eb.bluestacks.com udp
US 52.52.115.199:443 eb.bluestacks.com tcp
US 8.8.8.8:53 199.115.52.52.in-addr.arpa udp
GB 92.123.142.145:443 cdn.now.gg udp
GB 92.123.142.145:443 cdn.now.gg udp
US 13.227.146.78:443 now.gg tcp
US 13.227.146.74:443 dn0qt3r0xannq.cloudfront.net tcp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 edge.aditude.io udp
US 8.8.8.8:53 static.kueezrtb.com udp
US 8.8.8.8:53 pub.doubleverify.com udp
US 8.8.8.8:53 static.vidazoo.com udp
US 8.8.8.8:53 www.googletagservices.com udp
US 104.22.60.119:443 raven-static.aditude.io tcp
US 104.18.22.145:443 cadmus.script.ac tcp
US 104.22.60.119:443 raven-static.aditude.io tcp
US 104.18.29.64:443 static.vidazoo.com tcp
US 104.18.166.224:443 pub.doubleverify.com tcp
US 172.67.21.232:443 gtrack.kueezrtb.com tcp
US 8.8.8.8:53 74.146.227.13.in-addr.arpa udp
US 8.8.8.8:53 119.60.22.104.in-addr.arpa udp
US 8.8.8.8:53 64.29.18.104.in-addr.arpa udp
US 8.8.8.8:53 224.166.18.104.in-addr.arpa udp
US 8.8.8.8:53 232.21.67.172.in-addr.arpa udp
US 34.95.69.49:443 i.clean.gg tcp
PL 108.138.51.113:443 geo-location.prebid.cloud tcp
US 8.8.8.8:53 u.kueezrtb.com udp
US 8.8.8.8:53 production-raven.infra.aditude.cloud udp
US 104.18.29.64:443 static.vidazoo.com tcp
PL 108.138.51.58:443 production-raven.infra.aditude.cloud tcp
US 34.95.69.49:443 i.clean.gg udp
NL 142.250.179.162:443 securepubads.g.doubleclick.net udp
NL 142.250.179.162:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 wserver.vidazoo.com udp
PL 18.244.149.66:443 c.amazon-adsystem.com tcp
US 104.248.229.159:443 sync.kueezrtb.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net udp
US 45.63.18.194:443 wserver.vidazoo.com tcp
US 104.22.60.119:443 raven-static.aditude.io tcp
PL 18.66.233.81:443 config.aps.amazon-adsystem.com tcp
US 162.243.161.113:443 bis5.vidazoo.com tcp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
GB 23.49.161.153:443 secure.cdn.fastclick.net tcp
US 34.237.162.203:443 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev tcp
PL 18.244.146.21:443 tags.crwdcntrl.net tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 159.229.248.104.in-addr.arpa udp
US 8.8.8.8:53 194.18.63.45.in-addr.arpa udp
IE 34.240.201.67:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 203.162.237.34.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
DE 162.19.138.116:443 id5-sync.com tcp
GB 92.123.142.210:443 cdn-bgp.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
GB 143.244.38.136:443 bst-appstore.b-cdn.net tcp
GB 143.244.38.136:443 bst-appstore.b-cdn.net tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
NL 142.250.179.142:443 www.youtube.com tcp
NL 172.217.168.219:443 storage.googleapis.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 8.8.8.8:53 cloud.bluestacks.com udp
US 34.160.86.181:443 cloud.bluestacks.com udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 104.16.53.111:443 support.bluestacks.com tcp
US 199.232.196.134:443 bluestacks-zendesk-com.disqus.com tcp
US 8.8.8.8:53 ekr.zdassets.com udp
US 104.18.70.113:443 ekr.zdassets.com tcp
US 151.101.128.134:443 disqus.com tcp
PL 18.244.102.46:443 c.disquscdn.com tcp
US 8.8.8.8:53 bluestacks.zendesk.com udp
US 8.8.8.8:53 134.196.232.199.in-addr.arpa udp
US 104.16.53.111:443 bluestacks.zendesk.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
US 34.160.86.181:443 cloud.bluestacks.com tcp
GB 92.123.143.217:443 ak-build.bluestacks.com tcp
US 8.8.8.8:53 217.143.123.92.in-addr.arpa udp
GB 104.86.110.97:443 tcp
GB 104.86.110.97:443 tcp
GB 104.86.110.97:443 tcp
GB 104.86.110.97:443 tcp
GB 104.86.110.97:443 tcp
GB 104.86.110.104:443 tcp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 016cb671605d14f5206b165997346b6e
SHA1 b0c386454a797c6efce3d5eece9e24011304cab1
SHA256 0793dfe9abd8f0cbfdb2dd2b22abb64635c1a1ebd6482927cab20defd2e7fae0
SHA512 a7a4b83ed3b830f82a63384436ebd732307dfc388c30ef05fb13af8b72a881647a396c5f5d7cbcab8109ae142d6b8fcb35c7712cf66edd64a02e532f9666051a

\??\pipe\crashpad_4848_SNHLKJXKFBDDMXTP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045

MD5 48d2860dd3168b6f06a4f27c6791bcaa
SHA1 f5f803efed91cd45a36c3d6acdffaaf0e863bf8c
SHA256 04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77
SHA512 172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8e6a1430c2db24d02c7b17479c193942
SHA1 5b031344b0a2c231545ca387a37c86d0fe63df93
SHA256 5ef2089855836ab06111d15f064d3c41aaee6fdf16f1bc5f6f8851a5dffd3365
SHA512 481c4c63f3cfb377c32e385c459f15511137113e6560b5a6ad80138642c26018655b7a9b65903141b7309f9a20fa57baadbfde23125530deb2659b8da823c9aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 747f68b17e2163991b4a6225015af304
SHA1 4dc347b2324ce1997f84a6234a23d9e7c46f721c
SHA256 24f6ff708478c89b39bbcee88a391a00c4df0f76327fe54fb0e5852b6b277fc5
SHA512 8ede941b17d62dd81a5f598fe6341a4e113f1b6a2390b8d6518beaa6605b016bf60375eacec8a2363147905265cde173715b535d3e1bc94606909f392af88483

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 97194c73cd20d6acc7a361284a6c7200
SHA1 bbbb367b92ef19a22524adfdfd8c00c89e7ee076
SHA256 4ad813f8fca25889f7955071b144ce6289a5651abb5c03fe5461ba80b67c5105
SHA512 fe64e276765156a8430eac0fe4a76b0ddf99907f5c0a08318b6bc7d9082d434375f84fcefeca041facfff9f9f2a935ec80312e7d057bca3f3b48fe1cf46dc059

C:\Users\Admin\Downloads\Unconfirmed 675560.crdownload

MD5 c8246dc58903007ccf749a8ad70f5587
SHA1 0b8b0ec823c7ca36bf821b75e2b92d16868da05e
SHA256 347e7d26f98de9ac2e998739d695028fa761c3f035dbe5890731e30e53a955b3
SHA512 02f5ee6fa5365498ea537f931bab82e3d95178cb8ca42a108030649283290520c27490557a2b642649533b935503ad240acedab005bcbf3dd7691f5671caf975

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 36554cdc186cf182ca3b65e6072c0da1
SHA1 966c751a192042f9151877b451706e55142a1269
SHA256 b502b8fb477e8349bdb79cf9f1aa13aaa4a7b6f7682b631c42fcb88b9094c0ed
SHA512 e7ca0c8f9e82306a9580fe65512975133addec7cf8d9746ea81244b8fb19cbf18f0bec016f9ce5958da9ff107895a6c21b863ca69f578f4719136dd1c46326a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ae689a2144e9e24bc49282f4757ca91c0bf7f5f1\index.txt

MD5 45f86884f5e41082498bde9d0f1e277e
SHA1 439e65a95284ff4a6ca9ff116c47efd98d953834
SHA256 c81891297dc3eb4f919ab6cb346f95ac860d7982d1cebacbe61e4d8f8ba3f09a
SHA512 fb7acf523f5e4d0f266ccde629388d9fdc41460233ec3b725684bef094a94d31b488db4bb8ab62c5f4b3054e724800a89f6e2e99b276edce59003916fdb5579f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ae689a2144e9e24bc49282f4757ca91c0bf7f5f1\index.txt~RFe585ba8.TMP

MD5 d6255fd9df4bc19c322c12755c221797
SHA1 20b059a0bb80a69b248b87a7e3268bc87e37940e
SHA256 3f6dde38c3ff5d7e6c960b362558c5a9361342f441aef3755d5f338a9ffce381
SHA512 dd22bdbfe74037d093e19d78595cf42f6d1a06b9e18f42f2e37cc8db6fe518a28a45ce43db464763ff277290b3b2222a2f804ed2b6c9bf8b44f5adf106e13622

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ea433a98ab330f2a57e6af8a8f402457
SHA1 44c5a287a56ca90a541c91a79d450a88e69eb937
SHA256 9477874927b2e771f67b809b2f30b191f48c137a7fb41163a2c16bdc2dab2102
SHA512 f2399a87e250753720a716dbdf155e3a3e502a80db7ebb135ec2885549cf9768cccccc9c892c94da83dd70a08858ec23b6c6bb3b503282fb9ea569fb133cffb0

C:\Users\Admin\Downloads\AnyDesk.exe:Zone.Identifier

MD5 0cd27a98a4e887b225ed61ed89c3fb2a
SHA1 8d7037d266c84b349cdc13093a96b6610be0c471
SHA256 f884353322476813d87a74247221be85ec8f9935042604def739ddf4a138c12b
SHA512 4eb88311be3bca80cb4469fa48ef14aff5c008cda3dc825bacc349e68c2873afd1d9d1ca7c53cae85eba86d89048ada82e1ab8eedd4db6dc2aab5a5e1aa72f33

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 45efed5f4ac5dbd7ca6450ec14a49bc3
SHA1 837c6d31d5fa6c40f5ad61992413b644ecc6c3fc
SHA256 a59a59862c8169ddf310cee1d26f5abe172c30b32aab140af100730cced05139
SHA512 13c50d9f379c7ed49a294ce504853a7c65b70191a880e725d560cc1a5b0cabae150444f6292a2e8607e460c965f09808b90463d72f8fedfb64d308806af22735

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3288692563d4dead4dbdcdbfdd3bd358
SHA1 b66bf1b921f0a38a2d033734293c0cc0d320fbe7
SHA256 67b34e7ec4d23bdd5a226ad7223c53faf98db5b116a5d28cb697462f39ca07d3
SHA512 b7e25bc5efaf95d3a0bc05d0e00df5cc9f2305f76d90b19cc60d8c8617f659885fda867eaf3e3c247d03386e79aff2343421b8cbb85be3d958a7eb486a729e55

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7b1f3373e0088910f4e5ebda3a123d17
SHA1 1236b16893614cb478abd6f2fe12596fcf0ddf39
SHA256 c82121e72589ef5d16bd842e61025fa343e63bb05027c245a1d4165f2a8ca70a
SHA512 4c5896c57e7493009e248169c57f5c170d51a216bb09528df3843be22770bf33c5e851d712bd8303a257866875a67e3335d49a575324e3212ec19a6a0e8c5c0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 39eb094ad44c44ded40ba91912aca64a
SHA1 ef96119a73bfaf2d4d5f0c678a034863522eaae9
SHA256 9eb42001db056f51d0d7cdec54465b15838fd26edb157e214925d45a3bd7be10
SHA512 3a93c7234d0b06bdadffbde6c821e7d9f4f6dcddce2b354e63d627e4f01e184f67fe233cdcf88e31eea5d90e7ad91818d03f9dd09ae6539ad33fb6a4d8f82d4b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 845826acd03d3dff0bdc45d2a4f57770
SHA1 2dcef503104adb66a7351ab2b4ae0d3ec72735e2
SHA256 751bc856ef0594d2b14243b4c21049fc786daa5e76d190c301303525f8da7da5
SHA512 b3c755c48f4fbc663bc42437f51638ed1b22cd1ac0ff27ce0cb47bd451ffc7818710e62a5d0bc81ec2038285a872401b75419c8ab62d004ef0b0f56a1044e8e7

memory/4812-476-0x00000000004D4000-0x0000000001726000-memory.dmp

memory/4812-477-0x00000000004D0000-0x0000000001C3F000-memory.dmp

memory/2152-487-0x00000000004D0000-0x0000000001C3F000-memory.dmp

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 046ffa109e5302c7f8eda3c58a16ccd7
SHA1 917d3fbda30bae6d77e7ce9d6bbe3d8e1bd545c9
SHA256 6886ce966e826a47eab26ae5cc72316d8a255e4fe99fa22c44d6b98cb63c4319
SHA512 b5ab8322d94eae50afd7f94a860cc23f995315bb56d9cdd2afb2a0e37501f168e6049a82e15c8ea4fd4c122834ff9b9caba9533fe2ead7488b96a89aa5cfd1ef

C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

MD5 640f1815e828506d3086125134eb5e3e
SHA1 a3f67ee394471b4383b63a43e2f8231102e7a5be
SHA256 3b1af4aee4a4e78b5003375340283c3a897136567c8a4debb6197bfa41d401cc
SHA512 791dd6019e1928db2abe12495ee2b03d3ec272359ee0c2d17989e1f15fa7b02f87f24eb27c2629a203aafd0cc46c1ade3339a828314bdaabb1d4b22df747dad9

memory/3000-489-0x00000000004D0000-0x0000000001C3F000-memory.dmp

C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

MD5 e0ed1c18001b99ea753ec34a9c75c7f5
SHA1 d5ae73c57a3972193a89d4397c0b210040c217cf
SHA256 44c2d7af43c5f8f4d02ea705647dac4bacf86be9745eb4248cb71bc148407301
SHA512 b6e95ba8cc8dd9758e10744c13abdbec9bca0602931bb3722cfc4829a15cc7fa902f80cf94f3f43140e13cc7742117498c1bcd81979cbef541e2cd1a791136de

C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

MD5 0c04ad1083dc5c7c45e3ee2cd344ae38
SHA1 f1cf190f8ca93000e56d49732e9e827e2554c46f
SHA256 6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0
SHA512 6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

memory/3000-520-0x00000000055C0000-0x00000000055DB000-memory.dmp

memory/3000-517-0x00000000055C0000-0x00000000055DB000-memory.dmp

C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

MD5 7f2d6cc6b1985c5e9baf3904cf361a46
SHA1 3c77f7f5f4c493b8a5b2a36456a0833e92659447
SHA256 488ca7e088b99048e09170b5d6c07df2fe3c7a690b49572bd1caa2fa01e09858
SHA512 776536858adadb35482829de9f4becfd8f2fd897e5cc8dba46da139b13dc52b316dd3f9115c1c5926f8dfda96d54d9dffad282d2af49f673241888b30bcb4d9a

memory/3000-521-0x00000000055C0000-0x00000000055DB000-memory.dmp

C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

MD5 4a95ae01f64271ade11d6116066d1efa
SHA1 fa160abfd4324c6e10c65f8b5c35620da26304f8
SHA256 af34ec2b5c991870bc2a0a91ed0b1635681f063769a822bc82cd726426bacd06
SHA512 3c8beac203ce263c653954a0f1ce77e94541f6d17508b17db29c321ade4a8744f4464f027e5838b39506d72bdf24c0f7c267b9486a50000a145d04bad4868785

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 77674c32de2b9011c939a7d1706f392f
SHA1 df543c7a4c8bcd5b34be9201971a0d4955420d07
SHA256 57e13fe8385d2bf1025804a4e9cc35b4b0281f0baf7e83ab91378d246f827c37
SHA512 7b1b64af65d87266766ecd439c8291e5060f3efd0d747bc93baf98cc24ba2c48800f700151b7b15c6bbfb7e0747643dfaa1a42ef2a87bc6b641d3015421303e0

C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

MD5 ef49ce4d1f3f54bf65982e91a2306437
SHA1 cc9b7b4c01ab329c8ee5e1dc0ac994de705ccaa4
SHA256 59e24e5d112cb57a50d54368cc363d3d2f29101dc7e46768d12b412d71d80859
SHA512 35287e6a0595c36ec99b875d33af7274e203495dac352d59a23cb340c1d86789f183c85a44c9cbbf4f7428cd531344d74b149ed73527c23688dc581f0817df9b

C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

MD5 c3dbfd4eef39e951c2d6b2fe0298e901
SHA1 8eca21987d77771fe33b101ff6cb2162d6c6765a
SHA256 86571c7455949e6cc64a7fddf67ba59777ab5152127d7f1cf39fa2143a8e3f56
SHA512 a98ae2ab5cb4ecf562a79bfbbb05d10d3d21802e7e0359e963f30e1c23c0bf82d043d26a6b1edcffd6861e7c185022ad8218d62a97650a6c74be59e5783dd2ef

C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

MD5 003d86a17644a4f97e367a7498a2f0f9
SHA1 588971478d82ad85f6d902f2b0cab962bdf47fd2
SHA256 e4a8e5975b7edd4a2345defe5625dca76c42049b179bd8a12dea386b640f7218
SHA512 022d9525468ca2893a9762c426b7b4e9f628c18ef435edee8b083c0b34997587eb951994477cf6df3cab4add5adf2e6577c22ecd32d2ecf341f55b50078d67e3

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 f6d946a093295353ff69403bac0ab386
SHA1 9d8492f19c13d9a115ab2597184857b159983cb4
SHA256 3c5bfd600cae342dfb78deb040f5ae3597902d3c377bb254fd534a3f962bf470
SHA512 dd81eea7b18d8352827fe8f8686f32660b93ffec8165cec2cf378c240fa951cded16fbaffaeb223f5250b1ccdccc98cccf9a841e763d60914c64e1f466cb1015

C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

MD5 163edf37e864e72ce5aac8eedb495268
SHA1 edd33cf935b19855ab36c4a2848325ee45b76ad6
SHA256 a79482f117517b209be68b88f77763a942ee307dc79019eb6978ad40daae0586
SHA512 d1af527a1bb5dd475dae8d7aca576abdf43b3ae959651793dc4a8a3bb5178d5a58e7d1f75d6eb916489fbaa22dd8e7dd2d8451565c71b102ea684dbf8d9c0a08

C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

MD5 25d2d05b1c28a35a5ceb593c90056699
SHA1 8dc2e83fc335f5b74d12f266437ae4558cb8868e
SHA256 7f157ea82574f49389170131d85a9357f78aea2c1565764fc144fe12fd58d001
SHA512 0fa30f926f1cde7ff04569f1c9a568dd15b0498e3e55faf811e8c2e6bd24410110a6ba1d637f840469e36ff50da236463731d8a3c476fb326f37010ebda9a68b

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 9b2a8c36acb751cc1e9ad2d9b833f0d0
SHA1 2ff80cbe103f9eb1c3f98e96a9fc29f7d92389f5
SHA256 4264530cb4b0880e3910cc97352bb1e340c6fe361e3284062ca280f436fd9d12
SHA512 82aa7e6ac846f5cd6842fdc59363e50501c4d029a8eb23e1dde214b61c4dcf28752cd8590f9fb8224466b058dcd8a3fae866465cb33705ebc1aa6627e7896faf

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 f9dbdb2a05c977565989dc675d709a5c
SHA1 14f1d36925cb1f9deeb96831c232e580cfbf07c0
SHA256 742432397879ad27e2b431c7d6ef1c551a41557185b807402d80fb8630a8382c
SHA512 d0218f9504ccc776a072864ee2bf75efae3134ebb0468dd50db0ad9d31f1b1947a187067e9c41f60184b514a6fca763dc8ad9736ee967894c40add1559d6acb5

C:\Users\Admin\Downloads\gcapi.dll

MD5 ecb9969b560eabbf7894b287d110eb4c
SHA1 783ded8c10cc919402a665c0702d6120405cee5d
SHA256 eb8ba080d7b2b98d9c451fbf3a43634491b1fbb563dbbfbc878cbfd728558ea6
SHA512 d86faac12f13fcb9570dff01df0ba910946a33eff1c1b1e48fb4b17b0fb61dded6abf018574ac8f3e36b9cf11ec025b2f56bb04dd00084df243e6d9d32770942

C:\Users\Admin\Downloads\gcapi.dll

MD5 1ce7d5a1566c8c449d0f6772a8c27900
SHA1 60854185f6338e1bfc7497fd41aa44c5c00d8f85
SHA256 73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf
SHA512 7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

memory/4812-676-0x00000000004D0000-0x0000000001C3F000-memory.dmp

memory/2152-678-0x00000000004D0000-0x0000000001C3F000-memory.dmp

memory/3000-677-0x00000000004D0000-0x0000000001C3F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 73ef1449da17bd2ce4b477f2217fbc06
SHA1 20dd8fc35c59ce391989662df0d47017eb157729
SHA256 0bc410dcef1ad2482a5fce6fde981cecd69a17740c71afa2f331395974fb2833
SHA512 6ef6978147fd7ee3d5d6279a12959e6ba1ceefb13d4a17e6512e28e3cf783908f56cffb4da94291e873e74f91f81baf3fd078b0d951b7859b3d5f36adfdf081e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a599d0d2b35c041613f9145a103dc77e
SHA1 70b53b9ec703cb7c57fe1b257fdd02ca882ba26c
SHA256 1ac7d8eb25ae22fcda69fe2d5b0a13014f923935fb4b778453a81ddc66585117
SHA512 5ced0cbb6f0e3cd29c3b94d1537384df1b39da1bbee365cba8cbefb0ff2d2ec5c679bc34af9c6ce7526912bbcccccd53e78b3e48db8019128ce72d22fb112c5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 205327c555dd960c2a333e9f24c32168
SHA1 9ae520e9733951f6f8dcb0d1f1848c49005eb578
SHA256 46585ef29b0c5266c921642c3fa4aabdf589b9396b6b44fc8fc0e7861e0db89b
SHA512 dcced7440bcb06b15165f3d13b104869210e99611574b5047556d92054502d07dbd8577b6451df854c0db725cb3416c561d36d855104ff9a2243b265cec99599

memory/4812-715-0x00000000004D4000-0x0000000001726000-memory.dmp

memory/3516-717-0x00000000004D0000-0x0000000001C3F000-memory.dmp

C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

MD5 328d0d8e165f52b827a798ebf9442b8e
SHA1 6a23f4aa3b989c8fc6549069a180e0ed575a2875
SHA256 8e6da1a58a7ed4c68e9cc423a60f5cb9bf2b9627a921574f463d4be68987b28a
SHA512 a08318051381e673d6ae95d1119f0ea279348f6394ed3b874a2d01b3f4481c47780683a5077046b832711c5c11d00b5566847de28e674b8541d7fb6f8bf5fef1

memory/3000-725-0x00000000004D0000-0x0000000001C3F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8b35050adb2b1ab51d59d22e204ac2a3
SHA1 51281d9088f8ddb46f24740c3d07e68cba06a5a3
SHA256 fae997da890f0671aa98fc3af9b65351d5814be3bd7ba64a18a5ce0d822bb20b
SHA512 32a082388801a64145b8d7d3ba0ee125e2e7d789fecfdd5f726f14fbaad8ab48ca9e55004079de0b40961ea5068f08a5123ed0c5492a55d34d2abfedbb9a1378

memory/3516-737-0x00000000004D0000-0x0000000001C3F000-memory.dmp

memory/3000-742-0x00000000004D0000-0x0000000001C3F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cc23ffb282bee430fd80f8ed2e0a5651
SHA1 3d183247982e6e13c378e5c4c40b052ee0f3abcc
SHA256 19535a06af58a2301aa09d8709ecdc8f4a1887aaf20a5b01df233a41e51a4238
SHA512 5f9c24697b509811cf81244fc4c4feed007375e3a34d3f28620f6cfc3c2a6938fd68adbbe5ed41dcfd63c0321439bea5d42cb0c462a1ed54d1d401d2839504a3

C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

MD5 79ecf9eba0e4cad49a0aebce8d7276bf
SHA1 40eb8ff45cda804a9f29c64fa7a77994712918eb
SHA256 292d9babf221723218e7f49b1ff7aaf49802b3875ba8e48c725cf6aff8efdc35
SHA512 4cebc15a498e9d4dbe8b5dc55c488c170fae8cb4bdcea781cf81eb3e0f1196587cefb4ad3b1b598ad292f52dd9a3b06db0fdf3ba2d2a456774825724d46be1a0

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 05465953b1a35e424d023972789fc0cb
SHA1 078669c4afaab535996897baae344d69a6046d34
SHA256 7b914de9a635d508cd26f9863ae276d14890ea850b84c780953cd4a3f9bd6789
SHA512 f84834ae070ad919976cdadc8e813b0b036ece274f99f25cd842b8995cc5074443c1a6b7abbaab85af84b01235870f09380c086eb15cf3efdcf0dcfc000ac6cb

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 a68aaa86ec43d28bf909f864b4caabb4
SHA1 eb9c8b99482a650bba98b0f24d7d33563d850bcc
SHA256 28c885e6a55f2c2d0aca815e947727a118fa156ca55faaa631212dcc988274aa
SHA512 a243676031e65394fe7381b6901b520eca3df1533df14f69d0b5bbcb5970f2d4913430934d19394357e3b5e64d68d56bf7d582c670519250538ad4f7c0ff00f6

memory/4812-937-0x00000000004D0000-0x0000000001C3F000-memory.dmp

memory/3000-938-0x00000000004D0000-0x0000000001C3F000-memory.dmp

memory/2152-939-0x00000000004D0000-0x0000000001C3F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d21b10a10d0b915ae65eb7ee33d87083
SHA1 b781f25d171f9bbf7c67e59ddf6659e36b00e883
SHA256 9a3417e0ddd228d98340ca3f094c3241a14b095b9046f3a3ae17542c3b16e94d
SHA512 a2aa672cce7f9a0c9f9ea3c7387a8cc5247e9e4550a23e67e4daddf6a4df9ac335bf818a9a17233728fbf0a98bb966bb5954a26b82738754c1a1626ba94aac5a

memory/3516-949-0x00000000004D0000-0x0000000001C3F000-memory.dmp

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

memory/3000-970-0x00000000004D0000-0x0000000001C3F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7dc7b69998140be2769d81a11ed18dd1
SHA1 cb949447481993bcac10265971b8ba2d394e941a
SHA256 123a5db3e5d87b0058a06c88d423c58e9f25cf2d853f455e6f9008d30a1a14e1
SHA512 cee3ca5faeaaf7e024663a2d63e086d12ec93ec0306d4622261593c3a3998f2fcc7394e2179a97adf0e33fcd542e69719e6bd8729a646d54c00fa2ccbe1e6a26

memory/2152-988-0x00000000004D0000-0x0000000001C3F000-memory.dmp

memory/3000-987-0x00000000004D0000-0x0000000001C3F000-memory.dmp

memory/3516-989-0x00000000004D0000-0x0000000001C3F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d9fc6b554cbdfba474f25f807342c830
SHA1 9482c13d267a7688b90eb41e3d30e1062fdc6d69
SHA256 fc68c190fa7498215279dbdd5b4391ead4da34dc28aa5bb28ac83136541ac125
SHA512 69cb35dfd8c9141ca04ad24f3ff87baa4eca8795905aaa90d02acc2afe152d84ab61cfb7a199027593e94d5b12c019f8583b21f6b21d95424307ffea5f2d27cc

memory/3000-1000-0x00000000004D0000-0x0000000001C3F000-memory.dmp

memory/3000-1004-0x00000000004D0000-0x0000000001C3F000-memory.dmp

memory/3516-1006-0x00000000004D0000-0x0000000001C3F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f5ecd6dc6bed53f1722b6e06056cbed4
SHA1 d7cfc6ae1384fbcc839e52090c288af6f5fc95e6
SHA256 d2d0d0cc8e544ac0d4049274d342e883bb7745c421edc3563bf3f02719265b91
SHA512 dc29f9a26fe18a99c2608cf35b97f34ddca8a189be54a6dddc77cdc427023f62b642face856a3371e41a1ed095c6fa95a35fc6cafeb86a557c5a26cd64db2b5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4a8f5fb587fdd883ad994cba21286a45
SHA1 9cffe42f9fc9d786eb22569efecf5d4cb11951a7
SHA256 297c39990a5b47b18cb7674c6529571bc2a0152d8b365b3e42a45a440abb582d
SHA512 13b271a30d1a0bf7f0f98e23506e1db13f95a112e674306503852a50a1234699f1fb823675e5bb5d0e8ccaa5315b5c3f607abfa614d0d7b3db1cccc6a6c8b391

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 215d065ba48cd4220b781dc14d0c9a10
SHA1 485fd26352aad7e6cfe14e9a23f79a1cf9cdec3f
SHA256 7456e8d782206e6cba7b1bc1823735dee0f23e058543b721f7f9f670b5166f5a
SHA512 8a586159aec8888d966f0c871dff30efb9bfebdb1d7809b7370707544280a133dd2bec046229d76dfa3a56cc0e381e87968528b94472e714a0db06d9ba0f623d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e65eae883557873934f7892fe037074a
SHA1 e1161c77ed4ef3840c67c7322646b83ed2846e55
SHA256 9a4c5e72027f5b9398d334f0847478917327d036f54f1a5ee9d16400b121338e
SHA512 3ef2444301630440e74e6df20cd2e0eb15eb45c4a625e6c030ebd57b7f272421a2c584454d8bf95dd09ae200616007fcc78ff1c06f7803524caa5165966c97a4

memory/4812-1079-0x00000000004D4000-0x0000000001726000-memory.dmp

C:\ProgramData\AnyDesk\system.conf

MD5 d67dcfef6ebac9d48fcd7c7e7fa44b2c
SHA1 d53718487319ff7a982eba4da3bed6ad7f82b51e
SHA256 73a44f8ec337e3cdcc3f42429b946e4e20bc59857c9c9e05c1a07f80c1e2513a
SHA512 04e4797b1b469e1de5f0d9528ccaac4fe384e687cbac633ea36159f56a2fe896f31c85d06c8da832d6ed43d673a0281d896143a70a56dbd7d1f2a03d7098861e

C:\ProgramData\AnyDesk\system.conf

MD5 a27131da7bbe3ff934d551b1ab38a799
SHA1 977cbed58824bba3eb27076cb7270541672ff052
SHA256 35ce209fe3f9c5d23ee93a35e4a7ac0095df7253b0cc31e3f624f9d8f04a25b3
SHA512 9e86a63ecbb57021cdcc43e8b37601210c9c8e33231f723e24c39729fb87cffeb533aeb834863d6566fca8098d0f8919b7211318a035e2ecf62e1a3ab288bb6e

C:\Users\Admin\AppData\Local\Temp\{79a5a7ad-243b-b843-934c-4ed5d6bc7a5c}\SET5521.tmp

MD5 1e4faaf4e348ba202dee66d37eb0b245
SHA1 bb706971bd21f07af31157875e0521631ecf8fa5
SHA256 3aa636e7660be17f841b7f0e380f93fb94f25c62d9100758b1d480cbb863db9d
SHA512 008e59d645b30add7d595d69be48192765dac606801e418eeb79991e0645833abeacfc55aa29dae52dc46aaf22b5c6bc1a9579c2005f4324bece9954ebb182ba

C:\Users\Admin\AppData\Local\Temp\{79a5a7ad-243b-b843-934c-4ed5d6bc7a5c}\SET5524.tmp

MD5 6d1663f0754e05a5b181719f2427d20a
SHA1 5affb483e8ca0e73e5b26928a3e47d72dfd1c46e
SHA256 12af5f4e8fc448d02bcfd88a302febe6820a5a497157ef5dca2219c50c1621e3
SHA512 7895f6e35591270bfa9e373b69b55389d250751b56b7ea0d5b10ab770283b8166182c75dca4ebbecdd6e9790dbbfda23130fb4f652545fd39c95619b77195424

C:\Users\Admin\AppData\Local\Temp\{79a5a7ad-243b-b843-934c-4ed5d6bc7a5c}\SET5523.tmp

MD5 0d7876b516b908aab67a8e01e49c4ded
SHA1 0900c56619cd785deca4c302972e74d5facd5ec9
SHA256 98933de1b6c34b4221d2dd065715418c85733c2b8cb4bd12ac71d797b78a1753
SHA512 6874f39fff34f9678e22c47b67f5cd33b825c41f0b0fd84041450a94cc86cc94811293ba838f5267c9cd167d9abcf74e00a2f3c65e460c67e668429403124546

C:\Users\Admin\AppData\Local\Temp\{79a5a7ad-243b-b843-934c-4ed5d6bc7a5c}\SET5522.tmp

MD5 b76df597dd3183163a6d19b73d28e6d3
SHA1 9f7d18a7e09b3818c32c9654fb082a784be35034
SHA256 cba7c721b76bb7245cd0f1fbfdf85073d57512ead2593050cad12ce76886ac33
SHA512 6f74ad6bbbb931fe78a6545bb6735e63c2c11c025253a7cb0c4605e364a1e3ac806338bb62311d715bf791c5a5610ee02942ff5a0280282d68b93708f1317c69

C:\Users\Admin\AppData\Local\Temp\{79a5a7ad-243b-b843-934c-4ed5d6bc7a5c}\SET5536.tmp

MD5 d4ca3f9ceeb46740c6c43826d94aba18
SHA1 d863cb54ad2fa0cfc0329954cbe49f70f49fdb87
SHA256 494e4351b85d2821e53a22434f51a4186aa0f7be5724922fc96dfb16687ad37c
SHA512 be08bc144ee2a491fbc80449b4339c01871c6e7d2ddc0e251475d8e426220c6ef35f67698b0586156f0a62b22db764c43842f577b82c3f9e4e93957f9d617db4

C:\Users\Admin\AppData\Local\Temp\{79a5a7ad-243b-b843-934c-4ed5d6bc7a5c}\SET5535.tmp

MD5 e0d32d133d4fe83b0e90aa22f16f4203
SHA1 a06b053a1324790dfd0780950d14d8fcec8a5eb9
SHA256 6e996f3523bcf961de2ff32e5a35bcbb59cb6fe343357eff930cd4d6fa35f1f4
SHA512 c0d24104d0b6cb15ff952cbef66013e96e5ed2d4d3b4a17aba3e571a1b9f16bd0e5c141e6aabac5651b4a198dbd9e65571c8c871e737eb5dcf47196c87b8907b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

MD5 b9ee014ac6dbed8c1e20fac6adc66186
SHA1 e0012f9cec6eae85b99d7cd7bc4ba1b58214ad5c
SHA256 e016aca0a88fb26a33d76fe4646011efee4cc23f6cf2bcda60972569880ae044
SHA512 4c4172e4435dec9a0aa7ea1ab9f570d600871b099b414be5452ad04265cc66900eb4166783c25f2721739ad8f2a684d66e12249837c4954b20e6336fff92bc9d

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 8ecb9428982c703c3fb9cb84e08c413b
SHA1 d4a9fada80d43b2f72ab4b16f692792a9397ac67
SHA256 c9e7a70ad180f612e87072ea6bcb01540dcdeb47aca2ce26134175fafee13ae2
SHA512 a4f55dc499daf57f10efb56dc7edb69f38263a829238c0984718ff7e7e432d128bc1c57870e1a67e17e658e83a92fda7db0dcafeb47a86593b5b875bcbe14ef0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4f80b73b22e77dc255cb8955fe0aba12
SHA1 c0c661f26705e6f2383e8ebca963a3d4ee9f3784
SHA256 9cfe9a8c100a23e7227f164e622a1f65878e0db655ff1366247825e655f6d4c3
SHA512 154f659d2c8cd9921b0745f1f1021327905b8a9d04a191c749ce1cdc205a4ef38be367ccfe9404e5c51795b40e2c6cdf99af08525814d3a53e88bd418744494a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a4eaf5eb1d008a30ca5158a68eae0b5f
SHA1 9c008ffb62ba231997af494bb1715b19da4fd041
SHA256 a6d0ef227fe1e2249eed3e2ab550ffe934bf970b8d9de7432adff485727400ca
SHA512 95efbd96df6cc630c2597f1dcdce9f107bb05747f43d837c691c10249377f41904f8e89831a37e3c924aaea4441dba7e803505254ec825e473fcc75642281b69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 34e669b4e0b0e95e513f66843d5459e4
SHA1 b118fd27196b6147a64a69961655f73fc322a44b
SHA256 e240479cb9c5809bdc36420e6368651b43efa6691d9f957e63ee08c8be4ea8ad
SHA512 ef006c715aeccb3d5a9be8952731848236f98de8e01768ec6678fc005a3f2529695b950aa6aa624484c6cc9c8b557cc354ee9040fa7cdfeb0fa80c267040eb08

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 cb4e1efdec6b7ea25751db7e8058072b
SHA1 7f4101ec6fa3a34c40d53a0607ec80fe2dad6017
SHA256 573c7c276b67532445ed92d36ee9eb0be3d99e0a9f21d425f996f18eca2e1896
SHA512 32442849c42c3f58cc281e4ad5607373cd923823ff9c0b3fff1d021ac737733b57ac44da8b7ab90ec8bda1e32243259f8590ca0f2bc24aa6fcf7bfb8122e77d6

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

MD5 7c3ff67b61d8e616feaf8163b7132fc4
SHA1 2ae03a918b89bbe65220877f7f30984431aa7436
SHA256 248c74486176c903a2cb27aced581b369a1fa3d9b8b6796d422ab7a256cf9f92
SHA512 aa906bb541b49399e09aae02ea9dfcd4508a749f10ac6c114064d07b3de474e60dd4b8e6d7e1df3db69f1c85fae33a5bfb3a34f62b9ab2907088c2616b8a344b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bacf9138892acc5e6a9c9d3a36220d42
SHA1 4a8e24ccf1b2982f9a27a3ce3a8801658e4f9127
SHA256 8e79d64b1fd63016800f01f8930e26bb8b3bc2ffbbe425b437d6fb6daf0bf416
SHA512 8b56d6e824008d9876d7098772bc4f7419aeabc0d93ef8bf5f41763d0e17ed5f2de134b9ea8d6611cabef8bc1a2c09c4ea4c0eff5950b46f3332d5626b6ac369

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9dbd3f0ba76b8ea41cf980d55d127d91
SHA1 6d9755f1fc3491ceb354586187ccfb9bf93fdd50
SHA256 c2e2f9ee9c81292f83e58058836dd571eaeff657a9c90ac0fe6c59c3ad6c63f9
SHA512 d0252a0014881638304095fe12fda799be74c3709b7ae02c6aeb2d96913623c2baab9e006400938ff12528906587d2e6792539fc63863a4fbccd370fa8b6c4ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 07de00748b010b9e4efc4a473089778f
SHA1 9852d52cd02583fe3856c20e5a83773373d46dbd
SHA256 f1a204078dbedac3e5ba4913799504eec53bc965ebaa028042815adb5cab4297
SHA512 918b4c0c964a4ffd0360a5f1e32ff9365a7b57c44f114974d59d5e466ed8408cef60d69cb5d7239535a2c01619621da6492b3df707f89ec525f8b6f7a8808129

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e69f87afb365d855195fb16e1d999ee3
SHA1 37a598cdf0ca95e7e721e80198f09bed1cce5410
SHA256 a52265a8cf4b09053dfbd0751466017cb90c0e6245f26453cd34d828e9464c23
SHA512 4a31e7b7212952b21835b4cbdd60fb68da2b2b34d992abc16c033a485493d363caabe8b8b50e3260d32918b82933cdbfe3bd21ba43bc0cbe1d6a220f62e2a138

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e7bb606376dc65852808f1545e9cb8e4
SHA1 c915aae39ae1ae160c5632428bbd17b53565f108
SHA256 94b4d2051007069265620a725d2cf01fc53c613ec98e0449d986aca5499d8e4a
SHA512 39e217235e763146bcadd94b3c753a1625713fea13673997579f76ea40329aaf195cb4caa1a3d8b59f9958dc5ad9fb86919d2605e598ba7c6df1d073aa582505

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e3e3abc76ba2223f7a72e14ae610d1b0
SHA1 0448c60c405c2d8be5546d7216c5c48986ba30a7
SHA256 a809b33524a450187a90ae73d4183dfdd0e5911fe7d5d4fbd65177c929170b03
SHA512 66b59e7896417f49d38128438cf6148a7f86f0e7a8a59bb4ed45f6b57afabe85b3e23aa0bdffb79e19b4f6b5da645bea87fca95e7896e89a57660ec3b33cfd45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bb27b6f20eab066286cd4364d9984e52
SHA1 dec83dc3b8f1eec027359ddf2513b8f3deb93bf4
SHA256 ee1d3078c851aea712423303d07e919ae53e466c34dbe9bd252ae25060edbfb0
SHA512 5291efb23ffd69cd190caf2360f26fb42398545ef0dfa55c16fd0599a7c74b2c6578c830b9865e7b1d7363ad4625a0c76db72f0fb001073a2fcc199a175562b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 eb214c79ce206da16bbbf4708ee4b4c3
SHA1 b25bd08ee265916045493d36eb03d0e954dc8c2d
SHA256 6a3dfd1774a1a44d7b868a360bdef889e0e2b5e75585f4f54decd44568d48f93
SHA512 a19f903e9a8c30cbecb192dd0be65536883824203a75a02d4e3766e99c092bc6218bdc14b8b0053b680b51eb23099341a5b78e5c80793eb5c59ac3cd456e1613

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7cd16ac7b301f138cab85003171fa408
SHA1 44541361de0553cbf9a81fafc125bb4904fa7806
SHA256 2b09e2f929477f9ca3aa62d731f2ce2e0924881061d06eac71d07eee22a6c4c3
SHA512 865979ab172e75c6c0e5c0fdadf312bb2ec3fe1cb104510081a349873a87dee7319e3143d6836f8db72bc58f4e718d558d40d0f89040524f401733020136fe6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 82cd263fd6f5a6f9f516a898aac41647
SHA1 fbc2444abfe1aef3c52252bda75478a776606115
SHA256 908e1301f7df2331ccaac47e8c7c7652fd5925b29e267c03a1cc9a5c75e25647
SHA512 b5e1effb45afd3aec3fcf081880e8d205a01e220d96c2009b9ed24fd5e4834ad2a78d5730ceea3e68d239ae69a2a098735dfeed44c32636966a42495c33943aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 d56c90cf1ff6567d934977fb178605c0
SHA1 2ba4bf90593b46f86073a990dc239b2ef9c15bec
SHA256 e4961ea48767fcd80a6c626350ec730c8fbcf7c84ce5a5097beb96af7aac2fdb
SHA512 6dee81c94e4b04831a3087c3016666a06a001ef0f5da9dbb0a1102e2da6caf60dcbd479e47a18bc39a7f8da7c0a3024a05c2913408a8acf2c890e19b2d9ee0db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9c2d705e91f5f5c8f90c69c3dbf63dfa
SHA1 fb95faef9b290097b96168722cac1a897e7ae00b
SHA256 090bbded7f6490f6c52b0cebfcbe5765cfe0f670c0c82649a59b06af67e0028a
SHA512 3f27dcb61e3a607cc60ff02df57513edb7079d6dd4a728e43b4639f14892f110c263f3406b3b34b39ceb9e545d4095504bccc6919b5b78d6c545f46b58c34844

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 97ace068419f50d356b98efcbf73c0e6
SHA1 43d5a893ce66a1f1b2906a0a76b445dda377e9f7
SHA256 7ef13cc935fdbdb2f9b0b7acfe730a884f43ba571a876a0df7dfe5315bf34d2f
SHA512 b78713aa07511abbdd7e2960a669efa07fa79f190f38edd305f91a918380b612cf9ee7fd5ab36ec60a17ad82e3b5070af14b8c741b1f04ece06087c08ea48a50

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9daaa0811f30d8af54bc7ec893666856
SHA1 24aa14c5eb6e0437ba96338c485381945fde1cd5
SHA256 f28b396dbe0d06204158f78d5ff82776c8d6ee599937a57bb54fc369fb8b226c
SHA512 8fe33cfd25d3f032bb90c832bc359c81b8d0a0b30cac362516429994fd95b98e2b6a89151c8e79069da9e0f133c30e975efcd069b87e9e4f5274e3ef3e9968a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 78d6377ccebd1f791dee0b42b4960f90
SHA1 c5025e0a95a13380951468de55daa9f057396402
SHA256 22bfbf2696ad2d27d9f4323ec49fa67b9c5c1e5a26e3101e18892f738b482c8e
SHA512 0c84560b48b85afe5b29a5b43faa1c34eb443747d3e26f194e01ce5c4d92200cfcb40e0331cbf9f77e9431c41f946ba9c5bd1d40d0ad5c4574cde573b128024f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 63c66ecd36b2ec1038597b2022498970
SHA1 870e9f3acd1b803115025ddae22427c671e47684
SHA256 d00e7e1362b851205052cf443c9379a1d80b5f5936def2a36ac1a34ea81779e4
SHA512 a7c3f1120df975331e60e556df89f6c8b5aab7418d8509d14f35d316d8df5ff40d8631b3136a42e152f87b7f82cea3b40cc258b76a5c0d8299fdd578f6580680

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000062

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0665b45b4e1385ceb518132dd86cf883
SHA1 4646cfd0bd885db3f29d2c96c9af3ce93d47666c
SHA256 ee7a0f05d489aa2dbd23fd2fa150b22ef2f5cdbfba8d1ceb9a086cee9cbd2bff
SHA512 6bd3ebd092ae7011a9c5b45449d8a72871bbe5c7ba722660fd4f4044946229dd90da6879dcf5eed31aa2aa10178bda70ea5e8ad45e1564288602ab1c0375b511

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 19e9a6d6857c5e147627e3fdc2667d42
SHA1 e771b122dbdf19b2e8f600ad005615c61fbd8077
SHA256 706bcfe7b9740ecec16596c3458462ba589a2f8c3d5d2fd3c3645809fc608654
SHA512 76d83cce5b0e88420cdb946c7cc3bfc993996cf63aafe48e8a6c0b8c29d9c505734317f73f000c79dccfc1d933afa4d2797bd605c8136a7280c35ec0106fe240

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 34db97cf304b75cb8d16cc591342713f
SHA1 843daf31379578301590202a37ff30d9e226e5ac
SHA256 bcb328686b236e0d6a261e95ddbf8a0a8d824f855cf1394f2939a57f6fc623fa
SHA512 7ad9699bde62d07727680386aebeb3b73d9bad81ed60ffac95d6dfa527c5b5b90a6e60c8e20895033c91d7b84805e2994e52b5d3125d99242e4249e1eecf2480

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 144c2172afc2f185347aebfdc1a993c8
SHA1 a14a6a63f95492c3a211648ef7735c1d6ef9b605
SHA256 c5bc30e7d8bed6fef01d98070918720845aa521ad383c5c65cf4a9fd5075560e
SHA512 e421dc373afc522929e75bceac12d94eef9c7e885866ddaa08a1ff8ef7938a258b9646c5ee91299ef0f8030dc0df71cc7d4b03872923b1499bd0443f1abaceae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 00b3cdad68b8d4bb52d6d7f3a74f2854
SHA1 8a52ffc8b615034f3b9e7bd754a656be90c4249c
SHA256 3f9f0cf72e0e03f7feb2685d368ef83e5fa1fa7aed8b03fd0c4bd1feb8228801
SHA512 1a90cb40f9c3de591155ad81f904f183bdd72662c299743b84fde3e0e7f8343d67cfcceb56ddabf558b2552a89f645d9a54202ef290a079438c181093c41f2a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2e994b4e6f049b10689832625e60c77e
SHA1 76960944a6bb811ed086eacb68febdc457cac117
SHA256 e391ef39547e756665d8e8bb165f5d165a6cf6a59a6f7f8d38f22bb3d0fb7124
SHA512 419c72167f184f99bfcd3eba092df65ac87a69989fd919eb2f1d07fb7c75585db96078d8eabf3dc83b5a1cb84dbf9389ea6879b699c24e8ae171c66097ffdea6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b07aa5fb672bb52f14e656f2dffd34eb
SHA1 b46c6dff12a235f07f8581a47c73504ac550b2f3
SHA256 ae24e868dda55694e8d6f79a75a56dc6581c7ce87c8c39a7dcc35005978cf537
SHA512 13ab9a0e8cd2d24b56a8d5d41272ca2094f60aa4b4948e755a43b56bf97cc2e13487197f3ff44ff89c726e7ed66197a27f0f7dd528e77f098fbbf7d00b9774b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c8c44d500ddb848c1aa65c13ca31d7a9
SHA1 7e12ad1afab4331e55e46e3b4bf9048070e78a3a
SHA256 7b929815d3ad730714b2b0b37de77dbf91c16db5bf87986a16995287e101e55d
SHA512 0a1f7ef87581b78f75b0afa50240071fea5e178434070dee6656756921bf3d7d39909a16bee107810a2d1fc1296b16a2ff65a2d8c61982ab5bd3025859cea8b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c4c49013a91dd5e67258c99d56c52e25
SHA1 691960d7a5d09629c85063be77c6d52cad2116b3
SHA256 05972b70e27a6e5121edfed1cc82350793ee1d2045cdd15abb5a0733f70ece3c
SHA512 772ea872a3aa5fea3ebcde119bdacd0e6054abee5baf94cf5e1ae0572f76f212c62dab7c99e82879098fb7987e1d3f26ae72a914d2f719d010b8e0db46249a3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b8bfeedbfa16cfda50a33cb9476e13d2
SHA1 1a875d8c403c2bad419e184cdd9d3bbc33823712
SHA256 be886487e50010a782a20b1cac2e4bffdd0fd5558067f3f08f1784312cc70b6f
SHA512 6bc5160bb56f4c9c2de54a8ae033e0c0fd99031026ce164eb634dd468bbd6b5f63e0f7a75f1677c722ed096e36f7da64d9ee57db929bba1da97875ba8d9495f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 39f466cfe40af3f473ef6abb3fd7e759
SHA1 0af18e74edd32915b587414cf2cc7aa32cf99571
SHA256 76f8afbe89a1f72df3ef8180fb6a1f6e972b3f99c692d7e4973865661f59af8b
SHA512 d08e9ea8682c37d4ae0e0917826be7ce3035a69f7da5522317972297ebf88957ca038ce4583e909a984fff7bcf8abd0ed268d12e171e679e23dcfd0e7f46aec3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a174a67babac1951ff9722a8ab87bd65
SHA1 954542b025e0790b5adb82e876e946c92526f893
SHA256 9fa5ed86e64e9d0d320c410b09c46b309aabca8af2fcca7975a6b79adcfd36f8
SHA512 8b7b9fb4b9bd632e6e64260d0665c9508c14b73a77eba043a43ac510a5961c862ea6389fa2d69c29a0f5e52795223329f4ab26e255541ddf60718b4af9bc404d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6eec6b078b85aa3de84d69991a785951
SHA1 9d24ea0b1a85a94ab4bf921e4491f15efed5ed9c
SHA256 cd16d6963b2d019d7673646a47cca92ac33aa618a5133a95d1c2c4727aaf73f9
SHA512 d4244c9d97f660b769fa8a4b38555239341e89ecc127d16f4c08fd4eb36669e6b961fc62aaa5102a08ee529d9d848073a082378497beaf52047fec3912182bab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d1bb64f3a0de457bc1fceb2a34505d68
SHA1 6fed2be801e9f794156d2ef76741e6ef75445aab
SHA256 6c4e6a148356ddcd8ab58f6ac462142364c1a2c76086129da48d10b9237797ec
SHA512 2e172d6bf524b4d3ad3221324cbea916ba123688a9671d09dadb306b826c7b12cf5ce7d4dc6dc43981ca7563a9aca0aa580bfe05e8f4a99c41f567505ecdbd00

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b87170888384bf38eaa4e8228213ecbc
SHA1 7fdf45febde5bd921799cbee33609e74fddd2b15
SHA256 38e856bff80630a1c1e2a01649a7b301f76d11063d29d544be3721894d21ab45
SHA512 a5682104c3d5c880f32d54b5ea5a4197184be387dbc2565abf1e54d10bcdea6865f1247c9ca93b666e3ffc5da81b2a89ce4a2e08083c5612d078c07b8858162e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 073b654f02100df7c522e9bed3cb8b2a
SHA1 9b66ee9e05ebb5393879211d0fac86e6aaa78b2d
SHA256 f0f9f799ccb42c55cf5040e409c42d853deee89c5ba02a07432bbaf2c9c77dd6
SHA512 ad926f431bfd4402bf54f43d159fa0c7580878bce7d96c56590b8cc3ef4529e60cb7ed8dce836f2127341df6694f5c5412ffcae290d953cdd5ffcfc772e635a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2190bb47d8e8761f00e2b5ccb9bff40c
SHA1 64033c65337de3ecd241227df4621124406123e0
SHA256 663d520c8455689dd7042bd140671ff6c6c8c5929b0c962f99488dbb50a5aeea
SHA512 2ebd06a8b9c1a3700d77bb35f67eaa2ada7b4b68fda3115206f5249d98eb8044b07b8a74f94978a4bae7a8a2f95a1406300b765035912dfe257ce8c9ed565962

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9bc18ea8515379ac1cba2847c55178a0
SHA1 47d42d341e687a5d04e609d6ec7d30cbccc5e1d7
SHA256 e2c9f64f7c892421f34bf9a9a4828a462dd26015b65cc69b600747186ef1abd2
SHA512 e9738c63c60fdbf142a7cc251e1f058b70b36c38a04ca3a63bd56efb0752748927e89eca304dfcc5097f865b0c1208400b0f2cdd4d1fcf6744e673a33890e595

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 34aa4394bac13f7ac5228582bdcb816e
SHA1 e96668ba999da3830b474899ade9cda4bc8d5438
SHA256 d0e559e09e6f984e828300e77d0e24b148c7d93c36b4696217d4f44022b13075
SHA512 2c6e6e1f14bdd0160563efb056f6a104bee2e5ea31d94eb9b51f0ec21a6744410c20813c8cc9abb8598f90d7b416a7b29bb7432df7059e983a87b3f5ebdd6b1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000075

MD5 c594a826934b9505d591d0f7a7df80b7
SHA1 c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256 e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA512 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2d2a330322ac77f33a833c29e6aefcb6
SHA1 d4b81b30d1641a8cbd910aa6d2ef2413139226ce
SHA256 4a69095bc3e636298f5a75b69ab7671faeb1fbc4b757ce8e1fdc18979fc91f1b
SHA512 93f67fd847c328737268373edcd3a35effe23fc932ef58e5fda290dfd765b6d3f6f198416a2a2219e4ba4d41ab2427d4aad6fb444871eb0136e8d256e4336e2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dc7d2f701de83486b8a88cb15be7f338
SHA1 c2682571c1ad4baba1fe4ce1d57141bb0333e51b
SHA256 898439a80abf00be34468c3a1658d10eaaaf3eafb396dd52dee6faa5bdcdef82
SHA512 067235630e64d655e29e43ca52126f95e8db48046008c94b670aad58b39ca11d85a476b72af42b9a3e6b4f3ed55c95a2698d08fd48653ead6478b4c1c76a93ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6f9649523691ffe566633ff1dd18806c
SHA1 b2eac83b7d1655eb41c6ea242c78d66c113834f3
SHA256 4cefe41bf7ca2b2668f2bf1d42448cadfc960f3ae758bd60265e04d48f520783
SHA512 04fb9f87d2aec9fadedd914711946d61ad277b242fc77716854d7200653bd2b51591d59f0508500051f608d0816844588fa197337d053a94af73fc69b4b704c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e582ea7982f5351dfc8a34c6a92db6f8
SHA1 91cd8404eedc06d5ef83cc4fcdfe1c6d43a2019e
SHA256 4016971c150bafc9504908572506d7ca8f2e4510b2728f0f5241141f63d6070e
SHA512 5fa4f87ff60509366533af346f3911be6532fbe040a423cb4c1658f26672c9405598fe7cd58f85817c11b770a46766ea68183b1d2c26003553b2af3c320bd210

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dfd64b10e634894235182b2becc48719
SHA1 7ee2098d7adfb018235118e9b00e3648efc66de5
SHA256 2cedc2254af2a1b5ec6b258e6aaa237688561c8dbad6613233355917b2c3bf24
SHA512 9f25f294192ffb9850195e110f34a6326eb16bf95d2abe091dfe0d3eca7929f5e541437052d557376a0309942ee3952a15ad51159dd933174650f8428f1b66fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f9fafaccb13f9a430d3cafca86c4802e
SHA1 b1a1622ac35bd87793150e3a6fa41482bdcea075
SHA256 5b3cc3d4a79f7abeca0976e6127ad564247f7b485f865657b83c795f40c28e9c
SHA512 ef2a38e052e5d426f697f718a65ab06ce3028559e270fa72fa64e7c6f3ded5a5cce662f10a14f71e60c7d197fc04fdfc8f78eabda1fabbdf5697ba5f58c4c248

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 626254ec824f29eb81c21efd9bd6b0d3
SHA1 c4af8d7f37165d87cf9f50be4fcef0eef440d988
SHA256 d28b5a13cf3a78e056c2756e3cb5334322fd11f79fe83e919c9a91d8b60abbef
SHA512 921420e2c345175a5dc91c1fa9e6ab750eaa9fecd9d61fe4d1af9443722af6a789e7e96e20217a54113354ca1c1ed1ff3600d4d2475da3e15a09070403744082

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b3b43a414f56d7c20af3017b9a09fb36
SHA1 11cc531e034bd19fef1ddd95f55253a3986574a3
SHA256 de893a400e72328b4b382e211cf7ab7fea9eeeaf80a5ee26e9e2a9b618db8213
SHA512 a509b41f96613e450e1bac34c85a1d34e06900a834ea215858049ea6f36ec43adea4fdb5243bf27d0b4d35005f6055bc62ecd2a1e9dda90a363535c1b729e16b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c05553831d6dbf092e993261365ccc67
SHA1 d045320049656c44f6e21de884a4e53454bbf7ea
SHA256 d180214474c0449984af161c81e803d5e9ccd89b6980b51934614b54c1a3307b
SHA512 1994729e4fa714425acbb672398a42fe91e4a5a947b57fa93373b7b72079f03e3f60bf116c531dd4b8c0939989820fb61bcb0e0ac8561f326b24b44bc722e020

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3617a9c8277a8a3b9df2a48b2058dc16
SHA1 1c0a2aaa706dd21dd3b5181ff9131cb4d9384888
SHA256 5548e277fbd580590a76e06f80e71732c8f57e61cbe727c683e337b54cc84247
SHA512 d98c375c1687feea2906491b81818f1c3b860ff33fb98093791fc2278e87f92118b0ed832aadb4cd083a13b96c1cc51d8e7b56369513bb449965a6755da2126e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 41ad1771b49951c0e166c1daa5ef8f68
SHA1 83fc5f83810bd0e1a9ac8fe49c7dc1180e2a50cb
SHA256 becf5680228a7f625d4d2b599956fc106c50be55c66f2fbf0d8650a9c427e722
SHA512 29bc35c2e5a68b7cf474901ad9e4d24a18a0d9deef95150273fcb96b0b9919af1b113f3a159c7518d4ddf65ebf6c2fd5ffb9e3d08f989611dea3b237921fbfc8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c945abab673d8789d646a6fd8bf15059
SHA1 dbdc8100e27f8d95de53b2842e483fe59fb4ae8b
SHA256 f3760e595db54004965d77b0fc9443690b8d66f577cdc91d37fa130d788a784b
SHA512 1561d12f56c668e44ec83256a2be498278795e58661bdcd52579e572837250501e6b37c13cedf418fdc527f1c9971cf2dcde8f44544a9b4f3bc481ac428e0b4f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 843854d2f4e28b842fc10be557208f6a
SHA1 e3547c218c1951d74b8712a35fec234c8efc7937
SHA256 8eedfc7f0675e0f28549581c5bb445101aebe670271b7b334f47df15a6d51966
SHA512 de462f986bdfdaeed2933a00c89d00adf14e93ec4598e047f438e3c85c529e39b262632ac3205f44690d2a6d5bcb80bdb96fcc204c42d6dcfefb1ead43d7b870

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 46779d317e5701ad5a04071ffc1c4643
SHA1 75a61322e5ab33a148c2e6a0f4142a2f664697ad
SHA256 d228888cc5b35c9cebbb06b6ed2705f618929301b10ccd4c2d1531735e16edf1
SHA512 f87cbbe085427ce802018d1fd6ec54a91ac345e9e7d19b2c95ddf772d30e4252d61f86243f0fb4e6c1511fe1ce49c33241b8200a75d7f9f751d804d7f35a47e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5b10c9e446f9e952ae9247deab277f5d
SHA1 4678af7fadcc8614f1c03654d81ff4657c661f8d
SHA256 b940cc6eeacac4c99ddbe98d98b6df6e12371b11d5101d86ead4dceba71df73a
SHA512 3fa1d39b0ae893ecd3bfe3998e5bf4dc653243f151a3495437701322cdb17a6e612b1ee4e0b1c7c9b656faf053e461e1b0108d67d5bbfb4bbaadee5af8c7d261

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fb5b5c16ca8361f43b8dc412445c7acf
SHA1 7221c47f9e424be816519b519aa425084a003ae8
SHA256 672f1b26a9b834fa932165d33e218cc952ef22e3ffc854c0b3a174a8902cb230
SHA512 469a8360c923edcbd5ca6bc23ad98961a70789c9189191c12f141880ba182ddee66a914b07d93ef0086b43cbe297b291bd69cca682960e6cddddfb046e3c87e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5b60dc39e85d6a6179fe4ef834e543c0
SHA1 cc21d37583d8319946d72ad5aed0ce945332c149
SHA256 d633ce42c586b43904e13049d7f261b2f94ee62814771275f9c7d3c64bf6d912
SHA512 2be1d594ab2f2842fa539ccb5b2dc52226aff7298e9fdb7730ef25c7c5bedf8df761b3245582f1e639ea7c7001d0d07a8c13d540afc3741ce2669b2759f4e3c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 09e029052bec190d019197b8f4540bff
SHA1 81164db0b7a7317cebfbf4834489c4727774e944
SHA256 be4ce74786b17f05e4e926674dd2ee48fbdeaa9fe021be5b1feec98c3b87de6f
SHA512 29880575ffc0b162f78c7080389b862f12480bbc94228b4839f917dd5ef682fcae7a5986413f13e43845fac50c457a1496e51604dcba7ae1de2b9866f5194157

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 02a8bed4279ba8f416451a7179d84ec1
SHA1 a243592cc251ae175c36ba5d7d41203001f9ceac
SHA256 bec0cca7a763b5d3f57b36fcfcca57ce08a8df0dcef462640ec9ca3e27c2012b
SHA512 8ca16ce554256a15a5fb259b07f4dd42fdf51e9850be6456625139f16242abb8d7962cd498dd827c5b0228ef6eded3bf501365fa74325e8c2dc75fd703cd2f81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 361a41f421da346020c0a101e727f364
SHA1 04af32be34364b8756dc3290c8927bc46462e882
SHA256 2623c84fb646844ab75a76a1d1445d329b15f1b1e2928af2c957d4c1e7c08196
SHA512 be2d34bf086e5dfbc64fb3e365d2e85f45d20ed576ce6c62bf285c74b80fca8a281eb63703e6dd7028ea5381c7eb05ab79f2b8603ea186de490e682245bcb377

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\40a9fc38-cc0d-4d0b-a396-bb67662dc5ed.tmp

MD5 2ed172cfaa8847ed5557da6386017f49
SHA1 b85d138856d050f60eb6356eab5a3a9cfd0bc5c2
SHA256 2abc7ef8caa11f3e3c8c96a0fe8ab9d7b7c7509fa86ada5a5f9a85531dcf4612
SHA512 fc3ec46c6458ac7985811fe9a84af2802d1dfab5783b0cb4a9782cb04ad7bce22a8800f07c7547254968db0ab1cfab6418b5f5c0c07180c59b75821afc7f73bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f625c9781f02b8075c61066c87a79195
SHA1 28c87a054ae0981dd28d34c818064d13bc4ed2b8
SHA256 d9317f84d9a00ed680699a009f7c6fb1557d93f7636107f3f25a3502a350825b
SHA512 60cb355890f76a1ab681615423a963d006b453b6ce1c4b5119074a97ad4953bba54056db0e2fd1b5e9a9be6a7597c1037ea91f5aca2bec68c2255dc030c7e82e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9116d45e8827650aefe340c2cb90ee25
SHA1 374f6ef051cee99b76d202f8be6de864716b2784
SHA256 1401d44b02f5366a88af6a398266d88a4735546a2f3e3b9b9794a04d7eb42bde
SHA512 317d2e19456bb7c11960e7ead27bd5e024770d97d1f545593334c8a409f1cd17c90fd9f084c565bd9bf5d0a051b0686544498db915a5046fedc48d42719b1562

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\87d5fc09616e951e_0

MD5 35565e700b3cc9b79ed8b2b79fda1aa6
SHA1 53c619acee26e802a4b589bb703aba247c76a533
SHA256 b4f347f8095a51acdd79abb4fe691f2128fe8001d1acc42060e6a3fa90079611
SHA512 5bf1e6d0ea16732675f494bab5249cd4db0c1022dc5c08bc85fac9ddab98742b83688aaea63714e0b145e3aaf70892f910cf74cdc64c0fbb1e776715a9130fb5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a0c43b31dfb24280_0

MD5 09ef82f6f4f5cafa3bcd2b4b7296c10d
SHA1 fb588f8a3f214dff25eab1cf5d65b2380c7e3529
SHA256 55d7d0eca1f22534c7000a0cf3f81e59112fc1e4996b2e51082c8ecb3d37af09
SHA512 f765f682c3e50fddcbb7830f71d4d87beeef9904a3d2b4ee9bd7b973e566ace6e6d8fe179fc125e73fcb8cd9fcf58872fdfe18d24f129343207d6e61b3b2958d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 bb9b3838a5706d208e2aef3b12e18dd5
SHA1 ff5821afe169fd96ac4697e9f60551febc9626a1
SHA256 672f13b98b82da37d36ca985c88d091228d53fd2e272b930f2e5c56f833bbb87
SHA512 520f56da1b1a7c9ac93a6d5a287ecda8d6da84070a8329df7edbd57d4597477b847b5fe3d7a89e1dd33698da7a361d2ae95abbe120fe937f29ec7398ab082bab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe65eb94.TMP

MD5 d66c5f7afc1869de23290d1c2af96f48
SHA1 82d880b0b9ac1d1b7ceb9cf6e5d34c2033337322
SHA256 3bf3fea195b6d5b5feba4507113595dad1df3f0df814adf73e0d78ecffcfeeaf
SHA512 dc03c7545ed2e660500bd5364fa4351e65f4f9cfb2f4764f236b04e1e395eaa4f3ac6da569a7487dc9678105bc49f42a69e8d94fb97c6d22cbb2ce3fcb115756

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 3b9975898ebbc584302871cd23aca6bb
SHA1 9a324836bf29c1618b1d7306217068f7a017f83a
SHA256 b41cd4a5d5f391ca2a07eedec213e2e843e82e52ac51ba9073a98ac8bf4f0acc
SHA512 92b7088318ead54155c8562f0f487aeeeb9797a9c9dd66243237625d6c022edeec6d83649871292354998dbca154d0ab003d287089e0ced819ffbb51de95e543

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a8ec6933f03ca7c551971bded08548a5
SHA1 3f8c000e4c71406eda6acba900699086ac3bf1a9
SHA256 1357b633f89895071ccb704c7a9326d5aa182c9a12cb1c25fb04a395f86e4994
SHA512 dc11c1984daa868698837c3ce065939640850715127d5c0772056c540c7d0fc91c6247438ed27700b136fe13d37513b5fc9f47538ab5d496559cd16e97efe1c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4848_910068258\Shortcuts Menu Icons\Monochrome\0\512.png

MD5 206fd9669027c437a36fbf7d73657db7
SHA1 8dee68de4deac72e86bbb28b8e5a915df3b5f3a5
SHA256 0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18
SHA512 2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

MD5 529a0ad2f85dff6370e98e206ecb6ef9
SHA1 7a4ff97f02962afeca94f1815168f41ba54b0691
SHA256 31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6
SHA512 d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\406692fb-91db-4fdb-b009-c041c927ba9c\index-dir\the-real-index

MD5 705147325adf1c7e4f32a1d1965a99de
SHA1 55ac09ba2c3300153b64632d8f71a20f3004cd2d
SHA256 a8a155af58b073559470841f550defb82a34ba17701a5035305f8c283e2bfda8
SHA512 6cc6499fd3a79650b198e63636968573c27605d3cdc1925613d75e7f5c71fd150e702dae482ffd4d399fb074ef65b211f175c801a8c93aacefa72deaf75bf8eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\406692fb-91db-4fdb-b009-c041c927ba9c\index-dir\the-real-index~RFe660b80.TMP

MD5 bdbed71f64a401737864f883bfae3942
SHA1 0cbac21d5ff58b0048251778a7973b930bfdab69
SHA256 37bc67438d9f879b73c392aca53c25043ae1d8d4b64b5ca3f2412b497ade5ae8
SHA512 a03eb70209aa1b6e650416dc4f572144080fedba90a6bac16cbb4e7dcc4c97c7bbf7c1276d034814dc1d6032d1a1f4867277cc3858d4cc6de340ebc0522d80df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d01f210819e4531cb79c0e4b40402047
SHA1 8d004263ba3ee168c0111003afdfa092432c88ae
SHA256 5014ba8c04ba27b2044edf7a9e206f471fb08df907e63c738b9eeb387dfd3e88
SHA512 cedc2c7512a662e93729ceff5774ae989adf668704bc2c6caa1a03ca36e63eed27c230d5651cda8c3712635e83536865b8053a8891712402453b5681a2f30a65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 6d14dd243ef45034e6d13c847e0198da
SHA1 51d5664e8a51dfb12fb8a039613a75ac3bc58820
SHA256 07dd168ff8ef8620757310a71814fab2837d3931456ca4edd2b9ecc1e9347016
SHA512 b33f60835b85277786e02f41c471fdf4ea4be58264c70bba0a795b2b88da01853ac9ebe9a9a7320de727da106eaf51dd35fd2902bc53c94993afcd96f7bf0d81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\970b3092-bcc6-430e-b2f2-5cd54fefd50c\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 7884eaf883603558fcfde1aef011c474
SHA1 adf8e9171bec2f4824414978ea4a34eae20ca66a
SHA256 1fa1a9b6698edf6cdae2c1571e94427a08d8207b414d6266ca80712fbe7efa9e
SHA512 453df57187cd2d86cf094e3e936bba2ba2b61d664c3f3f11bfa334fed5ff90d466a82f5788c353c7fc8f918aa1d66b46e875cb9d58da08877eb31f52f59d715c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 01626ade71d622b098757482ac169675
SHA1 642d4faf7e3c1486b6668d4fb7580cc09f787d0f
SHA256 24c4a57ccfe8f5468c3191344cbefbf44702dcd26a40267ec52fe942ee005450
SHA512 23fed7888c7cc81f47414049cf854e54981c5229083bb2b200e762bb6058cec769e8a602c11698b6c5c5db2336bf3b4e446bd3f0819ed64e9f5203700cb690a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008d

MD5 00be450e53be4c6908de198044d0d123
SHA1 8791756b3cc3becb7a8daa77d0df718571256c14
SHA256 95675e664f3a169ccdc99be73c4fe4a1217d8ff21373ba7d6839c3d72f8ad8dd
SHA512 8d758753acc6ed7d26c5d770d55c88aa6fbf4e84bc71ed56b64b0342c17bb02164e26cc7d91049061fbb02c5563fde21c8f0ad3312fc35454524abc980c5f8a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000095

MD5 dcd507c2d15f5727bb68cd49cd21537b
SHA1 11e3182ae9e2930bd4aaca34bd4eb9d24fb0e891
SHA256 25faa783118dc4161f9fc728dd6fe91e83b37a533b4d698d8a7a154e1d2b0890
SHA512 56a73e8a8ae795f7d8b6fd8b7561cfc5de14c78e0fbfcd0e01785b63d10d2218a8157aae205ec1112f298efedac7a94f68333f2660af5a7aaa7d0bbe8c98329e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000093

MD5 80f1c7472825e6dd19d7ab65b0984ffb
SHA1 76af1427993a5d699b8441a32d751777a91fb0ef
SHA256 cc6186b5115525964b454ef070e9034df1d919d806314ee6a2203a2d66b4f7b3
SHA512 b0be05f9536efd3ee010afef24fe879aeabe56cd52c877cc23980b8c1742823834f2e9e8c000a78d79b077d0f257dc30bff10b5eb5bfa6d2cd684405bfec7c0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 84e0c00d5edf323b9c48ae87fb7d7010
SHA1 cc3aee24093d878363a6b0ad4909846510d40fc5
SHA256 f830d41f03bd2468efc15f651097be507c130e40a617fd96b38b9fc6cb8e55f1
SHA512 7c4fe4ae40689dfe458ccbc340bc0074a3adf43ed95c6701e9b161a2796c69b1fa5a15c61515aaf79baf069588a9b3f0546622e13f90745936cff8840f957aea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000097

MD5 26d51f80be8b4eba2f2bfd0bf12fd8e1
SHA1 34b25b9da6aa0418b734dfc3ac5303d31bfbb37f
SHA256 a962b42006d54887e66690312ab151780b57640a341e70e3374990d2e96e4a46
SHA512 5b6e3f1a5336bdc3ba4c2793c046c2bcd3a3adddb30c3587dd2ab544ea5e5836df780c3c1ab2c9b2670f1eaba6bf7f619dd646f5b8d58551a48f7f79d2c22c34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000094

MD5 fd1f79856510e1cddd8141f1d82aff4f
SHA1 659aa5c13b63adfb1480856cf8da6acd4fa624f4
SHA256 d2c922c16632143318a2792e0ea9345ea5c072ad583a84d8ef164cf952fec4f4
SHA512 7781c5280010519da7e71a849a9cb5e37f7b29a1e800bbf9cc47536eaa937abeecd1a2d61867c2744b7de83f0cfdc88b72255ee083501df0455fd018b0f86376

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000096

MD5 bdcf1dd416d169d87ad5f73b2fb38bb2
SHA1 f6f595a5d88f84b54533e34be969f3871ed9942f
SHA256 ee2264f45d3d0fc70f89a61c215d0470df5a9c39e47828db7e48c59fca9a50dd
SHA512 335a8b789c5dd06285df135e9e33cbaae0b20b3cda378fd2e92b33a66d7726e4e079f7920055121d2495d102e993e18d9a4430a36860d8cef5cfa100452186fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 816a06b7485c44050fa867997edd874b
SHA1 f7691dcbba0fe95a47b8e9e30c8b53f26db769ac
SHA256 d45880371dd1102a7d7c57e388166e58354bff2bd9a24a94e024c556c1f991c2
SHA512 955072ce4354365c2e0a30f6f8bedb9a42892179247c11da59b24e7b851b1694bd084ca1b303bba9c66fff2ca02fc517fd58d1e98f1bff972e0c9686b8edd6ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f7bba2da44df78c47b68293c8a8f7895
SHA1 11fc20e7a9a18210a1b4bf5dd0d36abde3f1388d
SHA256 aa02de3e04cc3cd441b2464db5392be65077bfef28e5f5340555d0a0917969e2
SHA512 933f880215c77d5d2f06f31ff5321c832ac3edc469ac3b77c17081428078279f139d6e0e67ff3c23c4f60d29989424ab80d69bf790557993788cb9b1c85f9820

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 c54acee5f1dd92ef912980e9ef8fa183
SHA1 cd368f1ce2282b543208bd71dcd0962951ed9a71
SHA256 9449a660a0d9fee21591e3fceb5b701aef9ecf621260bfff07b51471f640bb76
SHA512 0788f36ab26c608e40ce58d53277f9bf6e2ed3c5d507cee482b1f5e0afb8e6e5afc8dc9274b2ac833a5fe7429acd047cfa19f0ca5120fb4d50925f532a01f2d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b6af8bf97a55c8a593102db05dc5605a
SHA1 ccd8436b180f85aa93fd0698e276bc2b19a23f36
SHA256 92e42ca668f11d61d0ba8afa4592565392e4c5bba65a9f5e581864ac9ef5be40
SHA512 0986f465a7be020a3d7457106d91f22bd4b083b30e9ddf6078685812069351969c8db1ffb459538e79e9309a0f1b99bfd7dedbf19d94ed31fc8bd41bf41cf539

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\da28d5ed-9e00-4d76-a137-010ab70a53e3\index-dir\the-real-index

MD5 2ae5cf88e3f452d9b31e25beaded5c71
SHA1 ccd5da45bb43d96d96608db5592184e989c0bda9
SHA256 374c80cfb082361a94b236e21a118145acc503a50cede0138825cab179f6fc87
SHA512 49c108c80f614cb2be7de1edbc6f50e6f35c2e44a5f447d7597c804644bbf47c161a56b2209e641701f3bd4bcc64e737ec5b05626a146ea0c402767c8db48b2e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\da28d5ed-9e00-4d76-a137-010ab70a53e3\index-dir\the-real-index~RFe666568.TMP

MD5 c4d6d3fc72a0140303ec2258e59622a5
SHA1 f50337b6e8809dfb3e69478e2eddc51d4e01183f
SHA256 c431ec4f72ab74937ecfd1bb7a3bedd10e6292fe9fdc7c345241ecafefefcf18
SHA512 5c10acd0efa23c9cfd9439336c7a089698fe58990ee1b603d82ac743748b7550a634765cc742a5b1da4f996f281cbe407af38f6fdace897d5e73d9baa6833881

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\406692fb-91db-4fdb-b009-c041c927ba9c\index-dir\the-real-index

MD5 533b016a52171bcdfc4528c27ea04755
SHA1 077143f9ee18e59e88a5d9cabbac1c629180fb86
SHA256 4c9b731fe2106e97927760082b0d8a72d83ccdf51637d3bcf5f5f8e623d04ed9
SHA512 17cbd3150e59682bfb8a998c727ec5d3062207b3377a940cf8361c297f8a670200b01e68f71bb080978fb6838a42a6913f698fd79f3119741930e247c72e8653

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 5beb55e04f40771ae852e879f7dde886
SHA1 8f00a0166d2bf0839a7c774e148b5d68427b0d6f
SHA256 f1be1a839f6bdbecddfbd61a5bfd7ba04cd422da86a32c1fd27d10d2f66898f0
SHA512 510924af94465b283ea4e8e9f48aa64cca36f46721944bb6698b411042851efb99e930fdd1e2622d59d495d8794cb615da75faeba5267b7d18c4ec2b90ab02c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0a83db50f6bf8d2fd720f4cf59b419d1
SHA1 b9cef517fc70000e70f077570e63265c6edd0beb
SHA256 cf41e904098b9e1738fe36a8e14c78ec04f9bee7c5800fcb1107d62859deffc7
SHA512 24c77cefabda684278ef3ede8477614ddaea6a258f4b1906983f3f01b28f8c36c793f8268e5d331fc28eb27d9dc204d348f5f4babdec99cc2e6e5848fe20260d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f31d243d8abb5f0015f31b5bbc7b2e85
SHA1 2b11ac5c4225d2d1fb5fc8a5667248198e8600b8
SHA256 ac5aadfce33f5cab6b5d24a12773ce1f476be11ee88e02ba10366d859ba0dd50
SHA512 4b596ee4206ce66e5a6e0accf8d466b052922d38249f6627e1f194e04fb57d4063c89d8e35f65617b89c4fe6f63e0b732f9b7d69744d5ca1a4f7e67d855e52fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\406692fb-91db-4fdb-b009-c041c927ba9c\index-dir\the-real-index

MD5 406b6bdb1e73795265ef646cb338b688
SHA1 e726fef9da6419bc3f52b9fe4e9adde76c0ca563
SHA256 30c7426c916b3347e95b19604d1c036a4c6584cbe02276dcf9031af0b7817fd5
SHA512 8aa76be9d34af085b1d5eea81d7821f8eb2d3324594e35c7bf20740e0dca7ac17e1894dfc807f921c623cf58148cb1fa8509095221b02905d99a8014300bbe64

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 718a0eb04b2ae38d5e5e2d386ea430f4
SHA1 bc80cdf2dcbd11a7b169bb3cf159edbdf4efa029
SHA256 15e03d1a30f79b489bb5b267b59184e9bb9b5788c561227badd0da7e65862e6a
SHA512 5076e4cedcf211f4fc4eed96978a6219862fce36f8f56f24ad86b6489a1055c97b97c1dc83a31298aaa68e263d3bd327a3bfcf2e7d2bed91bb8b7b5a999e1046

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c2d3ea64d679c16b22a9dcaee58a94e7
SHA1 d0ba4a5eff678164283be7b9a6e4b13160e569e2
SHA256 ee616d02bc6abfbea95411eb0c052028cdd531dca415a1c4ad3cdee20287bf7b
SHA512 c36a9ea029c85124d727cd5333edc0ff6d6f8da8ffd1a5c75a9ce8f39e66bb2d283410f3fb456e5be88285df2b415aa18817bd9655ad4c1f5e6414ecbc943a34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3e48236fa955e1bf35ad8b672f6f4b4c
SHA1 d3c6e260fe597d610c1ff484eb31c8fcdd5d8cfa
SHA256 9590a86a3bad046e142590342d57b1b3aa20a541c8d0a23cfd733585da593d0f
SHA512 d3cd6ade4cad195e8a0fdcb3c82d27cbcf46235dfbf1a83d6e8fd279147d46f774277adf2531bf76feba527abcde84da2d9ec16cf3bd19027789eb253dce9ecc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2f926df26d832a169bda552f89f224ed
SHA1 25fb18bc0e8529b4331bc399d40e2f7c41b11cc9
SHA256 fc5e16ac29305639e0396518be7e36f85fe38ed5b214924b3428d3ac12a81040
SHA512 cc69580dac3d67bb842053c5c5a6de3515523b51eb56e08e2c98239c840dd232959582f2f98b41da57546e04bd1ade35a962e968a3568ff658675370f8e96727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2924b207c852cde05b05246b004a541b
SHA1 b7896e60cc90280bc68df0007073f93f993b424b
SHA256 7c0ace172fc44fde15432651540f1469a579d7bf32b0806d59a8b2b5ec311fda
SHA512 d57b07295588f78ee0a006090881cbda56c7e2dff14d34e7870503f01a113d19a06da3f607adae88cbf99190c476f137a75d315faa1e16025ad1653e5347cdfe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 71ed24e608a8e7f2ba3ba93c23e904bf
SHA1 c8632780cd76b37474ee2170daf2fd5cbc127c6a
SHA256 da0e341ddfe15d0b40cc24918a7a45dd4662d45dce0f98057c8122e40956b07f
SHA512 1e69d243a43f8f56b3631402a499f4db1630ec14a2e3a73fb960c0b2b560c8ddf78dbce4f806c170a119027c3b3317749b8e22130d2b7e0764226836e3241789

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b015fec8298a99d44d93cf8a128e378f
SHA1 1eb4f670fd28f41fc1080d5602f10ef08fb6b3cc
SHA256 f9defd5c50716f8ac213f5126442575d55c4477e9de45bc1518cce44dfdcf122
SHA512 42574ec57e2258f2bf74a46dd6a154a83e81df881b152c68652d2035a13d4e3550f6f9546c644158a9b483407a1a95d8f9e921aca0ac68bf6d60c96cecd8d6e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008f

MD5 8eff0b8045fd1959e117f85654ae7770
SHA1 227fee13ceb7c410b5c0bb8000258b6643cb6255
SHA256 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
SHA512 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 aebf4de2845b428db5a496a1e6d8ae9e
SHA1 20cf67c8c96132d6e7a7d2f0ca2c592920eb2d58
SHA256 acf27aadb3735d2d03266baac15ce2b8af8c2fefb38f9f9ab4819c32f41a3845
SHA512 442effd1dd414db1f639af7bb685a031c87f026de15a0426950bd61f1db38b990372fefee2716b3bb282cbc028b70b131f05c3c83fb05e7711720a57e1132cb3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 7cffdc29cfadb7fddd09a3ff0c77268b
SHA1 e0975a1f7350cc0824e41478e95374aa83520523
SHA256 8d740519377541b02c4be38494a36e77236feb1ce10372bf0d339d8e3498c773
SHA512 7bea168b8d8a9850c5da1c5f8755095651314952b46114825cc978c20ea5c12af763dfd92f63cef56fb6254c23b2b6d9b168c50629717dfec524c5e60840d828

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000092

MD5 115c2d84727b41da5e9b4394887a8c40
SHA1 44f495a7f32620e51acca2e78f7e0615cb305781
SHA256 ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6
SHA512 00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000091

MD5 c83e4437a53d7f849f9d32df3d6b68f3
SHA1 fabea5ad92ed3e2431659b02e7624df30d0c6bbc
SHA256 d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb
SHA512 c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\da28d5ed-9e00-4d76-a137-010ab70a53e3\e969d77e575a9dd3_0

MD5 876c6fa27ed68efd3236457657d398f9
SHA1 470505356b28a960855e1c16ef156d5c2fd7f081
SHA256 cecb0b1fca6fa34b3203078f34feb3e335622d8a5743e09fdd234088a5eb4a1c
SHA512 2c1823aa97273727a667ca5133e1fce88429a64b9e4f74cc2904f05fa099c58cc65969ac34a5aaafe397b5b0476e5e490b3d1fb032456cc9a70dd559917d1998

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 269722b76eb42c2cbaf03f4fa6292a1e
SHA1 a7025edb67d975212d44838735b427205eafb567
SHA256 b435fc21140265fab65bfa961d05cdf295a6dfd351baba731a8376fc44325dd3
SHA512 c888631e65cc0adf21df3fa4c1fa65c7e9b2906630ee98d75361e8068edbbf5a342755f2cd762c0c24f0fdebb9a5b1b91342d5b7ca96f4649b59aedd2c210529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a8624b3803763c7257a676c74710a245
SHA1 57436edb70f492b4f624eed1b278ce4e5de5711d
SHA256 68aa68b4416b3baf4522405dd6373945f2f67cf82aeb4b4ddb07bb07ec606ada
SHA512 fbce62013e7ae38f0e4eece860a571eda62155c66944da260540d337e9ae2b0fa358d489e1184174af05c5e3faebcc03e165294b13ded866aab7365906a355aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\406692fb-91db-4fdb-b009-c041c927ba9c\index-dir\the-real-index

MD5 9092c9db9c5ef060967b0b24f03e3aa1
SHA1 542a5a48da16117684de8306202150dae155133b
SHA256 8fcc4fd7b99f734a1c84fb4141a8885b150d1e36d7afbb1a2c072d8c5032422e
SHA512 473ac3dfff0b3d6c4309e0563ff0c3dc68fc087f4c634a71a01a0b4c26255b625ed4f52b98ca2959724ad83b6d4a6c79ccd3a25f4366b53c74045d620c5e5eda

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d50724805b557cf591b694a361cbe0db
SHA1 ff69796f52b973aa015265228e9c6b5a4056f69c
SHA256 50195138bda7c6d97378c8a4ea1d3a42dd3a33e67d64a219f618b21a0f85805d
SHA512 c9d4b4106f63fb946587f194eb3d2f33a065e3c41973557c5887b48f59b48cd5747b5139480c716279590c12fc87a8eed50635e4e946e9483d9e044e4d46f953

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 330f76ef2802ca320e5bad3c701fc2f3
SHA1 8f9bf85a9ab74a5d0a2144cd7afe285cc8593ecc
SHA256 e75939ac47abe01219f3084c3a79ec59764ce7510b35fb6cde2df5b73b4052f7
SHA512 3a766d5d6c076f8023962dcef3ddbbcc4432ea50c1dfb6e28d61a65a4327e5f569dbcfebbd27daad26a00d5e829288fca8130203649e1cfb622962dd7628a704

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\da28d5ed-9e00-4d76-a137-010ab70a53e3\index-dir\the-real-index

MD5 730aee442b6e522e166560b16b80293d
SHA1 e548a7bc412842e28d7466826b82b0444d10f14c
SHA256 5686e18b08c4e6afd6f64c9b7e63841ad4a2bb3cc3cb2dd3c65512b610c9b40c
SHA512 335f6ba03e0a7fe103f874b6414f58a8504f3688ea273517a1c411f5930882291f62318c88ae1c45e9968926198154d30a2abf527c640e4431bcfec6bf9eec6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 a08e4905368990380eb31d89fb7e9658
SHA1 42e07820e3e35ed30c30833315ec005c09f43ac1
SHA256 07e97b52a71ac79b38f6152d0a1483f38f10c8cb91e77a3711721e2801a9a8fd
SHA512 2393e2c3419a74539e501c4cad5425211cf0b0e9ab0fecab6b53c10c0bd98e12e58564a8eef2729b880d2a0bba50b46c6f06d036a95732492c19cd0decb0ca69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 34306973af4ba4444aa41be95f9cc3da
SHA1 d591894b2b1c51a185f63a255b2729b80677e868
SHA256 7e5dd9fc336349046fdafd0131ea8c7b1d028484f91de8d7871b8b4982f0cd93
SHA512 6462391690b03fc0c45c6ab66b6072ee9dd6a3750557a67fa42864f7e6cc05349e597391d3b06494e95170c4434fcfa1b2401b7a68b98d009ca18e8e99fe1c27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4c5af746177de8a390da012a2597b72c
SHA1 1cf65670cd41db58b0b019f5129252f2370dbda0
SHA256 815fab3a5334fcc81029f5394c101bc4213a3d86c8899d02891cec27661ad535
SHA512 1b7f27bbbacab1dd1052aa7457b82b55d5c294f238d467a87b3213bbfa3ceafd6b77b283a1e4d8a2b1b868ebc2611401e9ffb79e78189996d68a25659bc78d82

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7027f0c467374aaf1a10acad53c98f52
SHA1 7dce64761d9b5badcf9ed0c16ba4fb0654368b00
SHA256 f70e6f5fbb90221afc478840aa2a04eaf3b62ca32e0c8b0a9541466bac4e51a3
SHA512 653f1304f834a83512cd9afbf493b629e03981de56ad27ed69e0b47899271207ae423f1df27073312b8665356cee814984cf7b91cd88d9ed1efb56a33b1eec4d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 39932b22783b4a631e31bfb62469bb9c
SHA1 34e92c7925cf34ee280c1843a2912c9677497b7c
SHA256 bb44819cdbd7b708250292f147318374124a8e9154449d2020aab2fd7eb04ddc
SHA512 926a56220a8d4052b88103df8aca393337185b054df9dd1066d0e19cfc3dd02d2dc5f5d6206f99ec0ab9245932c81e9589a6b5c95d78c47157126f20e4c3cb6f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1de3018ca4d240adabbaa66684015a92
SHA1 13960f7abc773d16bfaaef21aec1d876f7e6e97b
SHA256 0b89a34e278a99680658e6c33d773fbdee4db7ceee5f2e283a23e5270b68003a
SHA512 2d012d26cc88c8d4d72fd94e25b9a0efa5b31cb4ac609223a31f35c1cbf913d18bda9b2a52e9f9ce5f116fafaafcd0e3a619be4c36c8706703b83ca19241eb1f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 26ba448cb07d6cb8f3b922f7dbceb0ce
SHA1 46eb36ad367ab582c7a21274b0f551f1f462604d
SHA256 5ff2ea311f40ba36af57da4339f2afe40dbff74b364f4ab6e9ef6bb8d528bb22
SHA512 7154197f805ba8b08d00a94a7c1be961be6229fa1f1225e98c3f96edb6ddd80c3bbfbdcf3676f5be46ac11570fe8822de06c0ec67172ffba01dd626870b149b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\974567e540c4c0ca_0

MD5 b2bf450781aeed6e347c86624e732bde
SHA1 804a9f997e286e2b14e5f440a6b21beceb730cdf
SHA256 86e7dd967321366f47e2422e81b55df5ff37ad920a9ab7c8db33b5f2397645ec
SHA512 7befb79ca3b375b515e45b231fa74c7d638955318fa62c44c081daefa830bfd4a64e9f041e6efd0a00a84d3208384a6361eda61e4d1da75ab38668630a3ad985

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2d1a60d94cb115fb_0

MD5 79a56e8327f154592d9da44c4b053d6d
SHA1 58c3d83a6cd8b9004db454e433bd5f4a3b2db6af
SHA256 d47ce76dde2588411fd1c805b54422dbfa674e0492790df37629adc7296ae730
SHA512 9f88999d8a498d15f876956de9b647ddce6aa6895d30b967ed0f7c2a6cddc35d92781dfa2a94e3484b8a327713da1d81c5754fc849e482274be0d49070a58f95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5882f58fd10404ac079cc50a72132b8f
SHA1 bbc5ae9604872956d2a92fec15569b8879b3dabb
SHA256 508cded30b0ab5ff38508a94510d1da3bfefc725e5fe37e0e8d16b27850f67b8
SHA512 0f9e2dd7bae1f8668d7cfbc389b1b24a603eca5fb984bae9c83a45568cbab1b85b9f92bac86319c9ea98b5bb8966299e2c80348551d464eff265ee33996ecd55

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 71980888f55d200931acfc1be4d0b4f4
SHA1 84c1cccfcbadff4ff2666d16de34f8cedc92dbc7
SHA256 4e3780313cf1d018666a7a07210e97fa980e2c1a6b91a057ee492f2f68fe25c8
SHA512 9e81e2cfa4112e25f189f255f4bd2624d2da0d4a6951c8ffd3d92d415d1b9e8a41ea437f5d0d5b081f30d60ac224bd45e9f126b0cac244d30229a88d345ea0a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 47a5e3f83ebf8ee11ebce022880895ab
SHA1 ae43b06743eb6e0463d745120a786f9289fde3ab
SHA256 c9559680e793bd6e78e79524078dfefb7c5bbd84f8aa17f26ab4f721246216e4
SHA512 0b1500f414b0fb53c116ff3cc63f9334839a40fbf1facd3620a09efc63d30109370e93a9684605a447357b53bf57b8114c8a151343aabdfb08e13ccd95c34837

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 05ba5e9e59013514d849b196f7e42024
SHA1 08b433c2d9778e9e9fceb52881534a0badcfef74
SHA256 17074901fee3a019804823509e8014ddd4300df57d1922a44c95ad8d20f6f344
SHA512 1cfa540b4624cdeca785b32d023dd5e082bca9a8e87fd599649585d78ca366d893e4c8be82f3b10958f4ec8d5a880c4a77732c5926d4b69303b3ddf927d79e41

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2a0ecf56bb880947e7cb37186df63162
SHA1 5302524fc83a12fe2c394eb3a7d8613571f5333c
SHA256 47f54c3f19f87c1f2db67df04258aa440254033e29b852d051146a7473dabfbb
SHA512 b2e2f720a88e96496fe09efa12fdb5ef08904b9c9d273261db44e6fd1d6fdcc6a9b05eeb38b44650dd245374ffe781d567701329f275dd185eebb27ee223af06

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d4

MD5 335e1e56cc42c560d968c9045381f1e8
SHA1 a9d8683b6bc00c00ae7e63197560542422ee82c4
SHA256 d161fc024ff279db7a1e9f59d36f411911b158cb4d9ba6a2ada7aaaa6f9594d0
SHA512 9ef8de7fd17f022034b686e86f3ebdf2c12b1ee5e6f9b02564b618e81b821fb8f3a3fe0375d0258ff815eb317962e2d73e37a52f500581e476e0cb1215e64d57

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d3163461ab9bd49016d228b340d19928
SHA1 46996cfe04fb769e3304ee4e0367aa703db1be23
SHA256 fbf4b8131a5cf061c6f38570db9c862187d8333b89b4bd18e4ec7d4730719d5b
SHA512 3c7f330eaa143963a26b8148dbeda1dd3339a5d98863730ae1c2c7f5163ea7f3cca95a4b9443e0d3854f56bb7363491a915bda90c64cc3a3cbb5001850e2ad1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3b0bffdadb474a2f5516e2ef9496f3a0
SHA1 f85b02a9526b64a2f8906ff2b60ebeb633c8f75d
SHA256 7f70040fd1684febcd0cbf7f2984650e4e2d62f9070e126b9190444d31ed9c29
SHA512 1f574db137d5479995220f9c8a2b9daf27ac17470f2954f87ea8013eaf0f63fc489c6b29583f56312105bed8299a90c1e6b661b2c1ab74fed8aa3f9e67ecb213

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 05eeb0ea6c2e570b250f3f7763d658c4
SHA1 ae5fa99aaaed0ba1cdfa6660c4dbe28c18752483
SHA256 ecd60423848a31675e528b1f1c9931d17be1b219a01fb95c796ca312e29be8f7
SHA512 96bee45c67358ccbfc2b52fdd06c48bf2e348d5eea4ef239ce96606200fd23b90651919d64b1ac0c654d75d8b309da67a404c5f64bad1322c81acf16937478af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 22bec6c163187f5e4198815af81e1db3
SHA1 11dfe37bd8628f30118b29e13f6203862ea7cbf2
SHA256 a050cc1c37c178ed203c66bd30b3c40b8c8d497290cce1754a399c16ae0518b6
SHA512 148fc6816bb3d1497b75e546cf5d530a5dcdd528e7580a9cce080f02b45e19d8ae6dde0875ac7aa017d53506cc4f8050d8b6071a4fadb40c631cd9bc7a42453e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 351c91b8354980a17f5b9f941bbadade
SHA1 892bb5aa4eb34a878011c23d347815b5769f6ae6
SHA256 6191e56afe9146884b51b84e7c2286202bbe7e7898ea8d81529c359a29359bfe
SHA512 35bf56dd799f4742b6b4f63e63c412ed484a5d159e25784306c9b8260163db688e164dda2eda656eea72f978ffaede1bc6ec48977594f69bc1eaec1d777e6d05

C:\Users\Admin\AppData\Local\Temp\7zS086EA039\Assets\change_hover.png

MD5 57092634754fc26e5515e3ed5ca7d461
SHA1 3ae4d01db9d6bba535f5292298502193dfc02710
SHA256 8e5847487da148ebb3ea029cc92165afd215cdc08f7122271e13eb37f94e6dc1
SHA512 553baf9967847292c8e9249dc3b1d55069f51c79f4d1d3832a0036e79691f433a3ce8296a68c774b5797caf7000037637ce61b8365885d2a4eed3ff0730e5e2a

C:\Users\Admin\AppData\Local\Temp\7zS086EA039\BlueStacksInstaller.exe

MD5 61649b18be49277188fb628ad4208ce1
SHA1 7d601413b233c6f8f579275841449852bec9b279
SHA256 0231016bb24e3b91fd80dc779b9617e5dbc36af45ede2b32b204691541ad4f08
SHA512 71263084b20816a209e6ebd141f5543c4da7b4f99679063a7bed94c7f3345e3b801dedb1ccb7241241620ca73c8044d24a03315acd42cf86b5e56957dfcd4f1c

memory/4796-4139-0x0000000000FA0000-0x0000000001040000-memory.dmp

memory/4796-4140-0x000000001BE10000-0x000000001BE78000-memory.dmp

memory/4796-4142-0x000000001D0F0000-0x000000001D618000-memory.dmp

memory/4796-4144-0x000000001D080000-0x000000001D0B8000-memory.dmp

memory/4796-4145-0x000000001CF40000-0x000000001CF4E000-memory.dmp

memory/4796-4146-0x000000001C8B0000-0x000000001C8B8000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2a2995ab12c73bd35ac2d3f8bd34e531
SHA1 7400f9e964083cf72d15deaef9fe125ab047202d
SHA256 8f934e76f4a26565051f99aac0d3a530a420fba17460f5135d0601b213c9951e
SHA512 71276290ba3723c36970ea19d81d251f044c91425fea7cd8c9907cc5af53f4aefa13940605f3416bfc3d8394f3d4c6839a465bec77db345cb9d7ac6f92849991

C:\Users\Admin\AppData\Local\Temp\nsrCA10.tmp\nsDui.dll

MD5 00b6133cfc90765dc003b02644e99723
SHA1 50cfe98a05ca6c964d899bd8532cf20091a9710a
SHA256 7e490c705c4fe27aa70ddab2e36a5f9c54a3eff2903642c170b89b9b67e90efd
SHA512 4db73e1fdcf25d85008deea08568c52839ff4328f3ae58836f1d944409d045d474f6fc15f16eaad993928264ffd3e1761793be7dc7349b13409e98b9ccb18df9

C:\Users\Admin\AppData\Local\Temp\nsrCA10.tmp\BgWorker.dll

MD5 36c81676ada53ceb99e06693108d8cce
SHA1 d31fa4aebd584238b3edc4768dd5414494610889
SHA256 a9e4f7ec65670d2ce375ffaf09b6d07f4cd531132ca002452287a4d540154a38
SHA512 1300de7b3e1ac9e706e0aad0b70e3e2a21db8c860e05b314a52e63dd66b5dffdf6be1e38ab6ede13bfd3a64631cc909486bf4b1403e7d821e3b566edc514c63c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fd8fa4f85689404134dac5afe5aec29d
SHA1 3ac3effbb0b702c4f4dbb002e2fc7fb4100bc695
SHA256 33c26dd7bdb02b0281e0e7265e2df82ffcf6e617ce8dd87b321d4744a160c334
SHA512 450faa1e5f1eaace97fc7e91bb5b4a4bd1dd652cb06336fe51402b2329b452adf76115137e04b3ea43bcc604a102d26cae3268cbdead9800fcf06c9985f2f40e

C:\Users\Admin\AppData\Local\Temp\nsrCA10.tmp\System.dll

MD5 959ea64598b9a3e494c00e8fa793be7e
SHA1 40f284a3b92c2f04b1038def79579d4b3d066ee0
SHA256 03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
SHA512 5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_pressed.svg

MD5 dfddf8d0788988c3e48fcbfb2a76cd20
SHA1 463bb61f0012289e860c32f1885a3a8f57467f2e
SHA256 9585f41eb6202e89f2087266fa31852d7f41ca8cc659b907c96753fe165f937d
SHA512 e708c5114c60f7574589d6a56c9faedda26ee4a40f0eeb25f5e12eadcf790f24fdbf393fa0aa6ad449b5337d625b092d6f8822472fa8a6ce1339aca59c50c3ca

C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_normal.svg

MD5 3221ac69d7facd8aa90ffa15aea991b0
SHA1 e0571f30f4708ec78addc726a743679ca0f05e45
SHA256 92aeae68e9e0973d9e0dc575941f1cb2e24afd0574341a46b870be7384eaa537
SHA512 5e2de0abfe60a4db16ea5e8739260c19962fbfc60869a77bde6ab3547ad8ee3ad88e74e97da31fa23be096afddad018e431d152d6d0fa21a75357a11dacb1328

C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_hover.svg

MD5 76166804e6ce35e8a0c92917b8abc071
SHA1 8bd38726a11a9633ac937b9c6f205ce5d36348b0
SHA256 1bca2e912184b8168ee8961de68d1d839f4f9827fde6f48ab100fb61e82eff90
SHA512 93c4f1af7e9f89091a207ab308e05ddd4c92406c039f7465d3b8aca7e0cc7a6c922a22e1eee2f5c88db5e89016ef69294b2a0905d7d6a90fd32835bc11929005

C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_disabled.svg

MD5 e7fdf6a9c8cae1fc1108dc5a803a1905
SHA1 2853f9ff5e63685ebb1449dcf693176b17e4ab60
SHA256 8ee5aa84139b2ea5549f7272523aeb203d73954c5ccdcf6f7407bf1a3469f13e
SHA512 a6388b24926934e20ccf7fcab41bd219dc6c0053428481d7f466bf89f26bf1a36fdff716a9ddd9ab268df73b04dff1449c6bac1f5c707e31ae2ee71c2087e0d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ff917ff7ce324ab7caf02887cc19ca95
SHA1 fc3985a48b4c2ea5487401f9a98b43bd16e845aa
SHA256 5667273b89f7a6c5b064f9315f6b8c054de50004ba87f0360533f977c7de3c0a
SHA512 8a5dbe5752a74df3425952d32b95f4f99a746059f8215f80c35749f06c8a5190435f5770c7c4a3577a52c4747c7f0d7f5dcdf7f5c792303984eb9e2d3dc1a132

C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe

MD5 824fb5970ee20c8205d0a128e610e2d8
SHA1 e2341a3a786de0898cef220e5c7716059cdeba20
SHA256 d1983c6f709e0a45d97182317d5d4a2f2ea6bb7533aa14e735aad51b54c02dac
SHA512 7ef37534d4626f53bc363de095493b53ef3279d12ccbd6e855fc8452ef2394746b27c935380fcbeba628b2ca29df3af85879668cf5a8c44a292a086261898015

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 19c3c41441b8f263086d9fe049327f4e
SHA1 bf05febd598fab76933c54193ecffcb0333d22b4
SHA256 8389f83a728090f8c805d847706dc78f053e34ceec4b3c3dc17aeec2242aed6b
SHA512 350400738290b8cf24a1802980b5dd142a159a9577f3f886c5815c701ae6439f4b574600d5f72ff5deaa80680700552d1e913cca3bf7b1f8b8457e022aee6c7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 05adefc672f9f51e545dece2852bb572
SHA1 76f6d86abbf26f22d220bc6ba26ead52d1851c0c
SHA256 f15e704428aa16caf30c74edfd1882d714d0c72a716fa2077821783f0d3056d2
SHA512 ae391edc9ff68725dd044c9fd46a887e8c2d98a76b2ef85fff2fc2a8c7a2a1594f9f3afccc9d9c018ea3627a002f1d142c0ea375578721274fe9f49390fb482c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cf5acfff7242202d15cd22ddaba1335c
SHA1 8c6371399cd7218a54cee2f494a21e28aa404ece
SHA256 a22995ef0924cfa78aa32a327579750e53303faa6a62ca8929436741edd17054
SHA512 1c4d4d8e4ba6526cdb43c38a8f4aa9516d9c5e1fd4ad977aa8a5e9f29ccf90e3e41b3fd564f4688656cdc14e5ea9d3b57e23dd7027c0d750bb8d644d28ba7c63

C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\Assets\minimize_progress.png

MD5 1504b80f2a6f2d3fefc305da54a2a6c2
SHA1 432a9d89ebc2f693836d3c2f0743ea5d2077848d
SHA256 2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6
SHA512 675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94

C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\Assets\exit_close.png

MD5 26eb04b9e0105a7b121ea9c6601bbf2a
SHA1 efc08370d90c8173df8d8c4b122d2bb64c07ccd8
SHA256 7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157
SHA512 9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68

C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\Bootstrapper.exe

MD5 b2e3067e232c3e7240e9f2fda16c32d6
SHA1 f024aaedda326285bd0a9a23fb98b616907812d6
SHA256 43d8be3c07628b53a3b5ba65362a96a79fcb9b5ecc84b0c772d2fc0705d4cb18
SHA512 166baf6954aa3423a5d24e3b396c054708defd1232f0e9af95b0b54ee5d8e63536b9b10f09a0595c8a8a6d96576c54271ccdf58bbe2184f87d0cf12da33e287a

memory/7056-16628-0x0000000000440000-0x0000000000468000-memory.dmp

memory/7056-16629-0x000000001B0D0000-0x000000001B1B4000-memory.dmp

memory/688-16630-0x0000000000FD0000-0x0000000001026000-memory.dmp

memory/688-16631-0x000000001D2F0000-0x000000001D370000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zSC800A1DA\HD-CheckCpu.exe

MD5 81234fd9895897b8d1f5e6772a1b38d0
SHA1 80b2fec4a85ed90c4db2f09b63bd8f37038db0d3
SHA256 2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c
SHA512 4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

C:\Users\Admin\AppData\Local\Temp\nsbD4E8.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nsbD4E8.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

C:\Program Files\BlueStacks_nxt\Assets\checked_gray.png

MD5 ce144d2aab3bf213af693d4e18f87a59
SHA1 df59dc3dbba88bdc5ffc25f2e5e7b73ac3de5afa
SHA256 d8e502fab00b0c6f06ba6abede6922ab3b423fe6f2d2f56941dabc887b229ad3
SHA512 0f930edd485a0d49ef157f6cc8856609c087c91b77845adeb5cc8c8a80ebc7ec5416df351ffa1af780caad884dbb49dcc778b0b30de6fb7c85ffef22d7220ebe

C:\Program Files\BlueStacks_nxt\Assets\unchecked_gray_hover.png

MD5 62d7f14c26608f8392537d68f43dece1
SHA1 add4f30e7c3af4f7622e6bc55d960db612f3bb0a
SHA256 a631e26bd5b6ea19c8c65b766a056c92ba8a47e1483768dcf12b05293c9a7a0d
SHA512 e41210a78e6076954f75a2f73c0f7628e8604a09ecbb1d2ee0972741d4ef1d814b366828977c02944736b03ed116bc559a2ae47ddb7cbc6f4e54578c8263edf4

C:\Program Files\BlueStacks_nxt\BlueStacksUninstaller.exe.config

MD5 ca0a329097316832e4a6ea5d870c9268
SHA1 4a36b93361d3dc9df9b00313f2c2b394be9e1e72
SHA256 4b7df915d706af6459c38d75b09c5e14f951842ae0678078400f204ad1c7a7c2
SHA512 51f9a874e84f130be4fa29fcc4bc934105318234b5dd9ceedaf569e3f0e6b38e29f3bec056044724476ae24295a510b16d8a737b994fd6f1268609defa315271

C:\Program Files\BlueStacks_nxt\Assets\unchecked_gray.png

MD5 e50df2a0768f7fc4c3fe8d784564fea3
SHA1 d1fc4db50fe8e534019eb7ce70a61fd4c954621a
SHA256 671f26795b12008fbea1943143f660095f3dca5d925f67d765e2352fd7ee2396
SHA512 c87a8308a73b17cbdd179737631fb1ba7fdaeb65e82263f6617727519b70a81266bb695867b9e599c1306ee2cf0de525452f77ce367ca89bf870ea3ae7189998

C:\Program Files\BlueStacks_nxt\Assets\powered_by_bs.png

MD5 7a2e5c21140aa8269c2aafd207f5dbaa
SHA1 4e0d9e7e1b09e67eba10100d73dc51623517821e
SHA256 3d2afe5236ec813d9e8063bc43eb34b88c2155784e1bce19c6a533c32767af35
SHA512 63f512559f2068a9702c7c527c126f6017cd8d1d16af52e41b884aa9a64ff4294a57243ec78c3a416f70fb6178a79877d68345357725ff92c935709a2ef8adde

C:\Program Files\BlueStacks_nxt\Assets\installer_logo.png

MD5 e33432b5d6dafb8b58f161cf38b8f177
SHA1 d7f520887ce1bfa0a1abd49c5a7b215c24cbbf6a
SHA256 9f3104493216c1fa114ff935d23e3e41c7c3511792a30b10a40b507936c0d183
SHA512 520dc99f3176117ebc28da5ef5439b132486ef67d02fa17f28b7eab0c59db0fa99566e44c0ca7bb75c9e7bd5244e4a23d87611a55c841c6f9c9776e457fb1cbf

C:\Program Files\BlueStacks_nxt\Assets\installer_bg.jpg

MD5 3478e24ba1dd52c80a0ff0d43828b6b5
SHA1 b5b13bbf3fb645efb81d3562296599e76a2abac0
SHA256 4c7471c986e16de0cd451be27d4b3171e595fe2916b4b3bf7ca52df6ec368904
SHA512 5c8c9cc76d6dbc7ce482d0d1b6c2f3d48a7a510cd9ed01c191328763e1bccb56daeb3d18c33a9b10ac7c9780127007aa13799fa82d838de27fbe0a02ad98119d

C:\Program Files\BlueStacks_nxt\Assets\close_red_hover.png

MD5 5ceab43aa527bc146f9453a1586ddf03
SHA1 88ffb3cadccb54d4be3aabf31cf4d64210b5f553
SHA256 7c625ae4668cc03e37e4ffc478b87eace06b49b77e71e3209f431c23d98acdd0
SHA512 8a5c81c048fb7d02b246ed23a098ae5f95cdf6f4ca58fd3d30e4fe3001c933444310ca6391096cfaeed86b13f568236f84df4ea9a3d205c0677e31025616f19e

C:\Program Files\BlueStacks_nxt\Assets\close_red_click.png

MD5 6db7460b73a6641c7621d0a6203a0a90
SHA1 d39b488b96f3e5b5fe93ee3eecb6d28bb5b03cf3
SHA256 d5a7e6fc5e92e0b29a4f65625030447f3379b4e3ac4bed051a0646a7932ce0cd
SHA512 a0e6911853f51d73605e8f1a61442391fad25ff7b50a3f84d140d510fd98e262c971f130fb8a237a63704b8162c24b8440a5f235f51a5c343389f64e67c1c852

C:\Program Files\BlueStacks_nxt\Assets\close_red.png

MD5 93216b2f9d66d423b3e1311c0573332d
SHA1 5efaebec5f20f91f164f80d1e36f98c9ddaff805
SHA256 d0b6d143642d356b40c47459a996131a344cade6bb86158f1b74693426b09bfb
SHA512 922a7292de627c5e637818556d25d9842a88e89f2b198885835925679500dfd44a1e25ce79e521e63c4f84a6b0bd6bf98e46143ad8cee80ecdbaf3d3bc0f3a32

C:\Program Files\BlueStacks_nxt\Assets\checked_gray_hover.png

MD5 ea22933e94c7ab813b639627f2b38286
SHA1 c5358c5cb7fb1a0744c775f8148c2376928fb509
SHA256 d7c79677d2ef897fa0ad1efc90e916c46da29f571208f78f24505603b7165c20
SHA512 ba447a1aedec49419e2b4a8de85c6047886f1a5ebb94f1c45e205a3780c6826f412a3892e97115b35e43839f43e346f3c72ffbf0c57d57f6d26b360ae61b3964

C:\Program Files\BlueStacks_nxt\7zr.exe

MD5 fbaba140f30a11e5ff4f97d921de6d45
SHA1 d12360b79d9fe7ddc5380a22539dc7d4768ff5f3
SHA256 4889c0826c633c0291264d37834363be90ee39d07fcea228494ed151386dcb16
SHA512 cd18bb1b057b1b077fde372ca5f98701614b196b692ac42ec56e5b839535022d884a2cd9b6bf644a520c6f48f12f673574a24e60580c70c695067b66442ea7a5

C:\Users\Admin\AppData\Local\Temp\nsbD4E8.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsbD4E8.tmp\Registry.dll

MD5 2b7007ed0262ca02ef69d8990815cbeb
SHA1 2eabe4f755213666dbbbde024a5235ddde02b47f
SHA256 0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d
SHA512 aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca

C:\Users\Admin\AppData\Local\Temp\nsbD4E8.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nsbD4E8.tmp\nsExec.dll

MD5 ec0504e6b8a11d5aad43b296beeb84b2
SHA1 91b5ce085130c8c7194d66b2439ec9e1c206497c
SHA256 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA512 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

C:\Program Files\BlueStacks_nxt\HD-ForceGPU.exe

MD5 94887c7bdec016cdffdd03df19429145
SHA1 9a7ca11be6107954ffff2d5c11e9f629f4c165d1
SHA256 e38e6793bdf91452e06f049e848411f23e3cd581694b149c66da77be9ec7dbc4
SHA512 c54aa1353eb81b598e3fa11759072f26290de7c60510693ceb6309dfa29a8a6bc1d0e8cfb5e754a9d79aef44fe14e234c9c3141a064e9f0d6255ac6bbc806704

C:\Program Files\BlueStacks_nxt\HD-GLCheck.exe

MD5 b88a940f580970b240e23df45e70c27e
SHA1 73d8b651e74fb906da42b42f2c714610f830b6d9
SHA256 277313ea55f808b207cd43fa39af1e5823028bd3d784d4268b70e4ca054e00cd
SHA512 778b535e6910c702f81d2375a76cc4ea8815917fb20042c421f5d5c2d71272e5af5e15241259a6d346000a88c587c08818efb07eaa38ae5bbcc281c50540b888

C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json.tmp-319519575871875b

MD5 d21f3dd9f43e12fac642e9852be7f8b1
SHA1 ef7ec9c1823debbb02011f71d6a5fd916274245b
SHA256 bc1fb6d576a25ebc8f44b8ff747db5076cb5469e2d2311240ea5128e825046cb
SHA512 452db46d873b3f519845c06f79634bf28c29eec2aceef939179c62381c5f2d0fa56d1efba86dbd48d65a7fe0f07d7cb92717f0714da47ea69313edd6d6afd6fa

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json

MD5 61dcfacdd316400b2fe0b44c4864ac04
SHA1 fb3dbd6a5cc4120d9fc7f1a9500b9087a8ffb2b7
SHA256 8ed17a992f4e13c902dbbc8ca848a547cf607c3ff0fb1422c2369afe0ff506ce
SHA512 53b12bf4acf744be03cda0509d7d8ff070b5b9efbdc7ed0db3d06c90e31fe2d4c7b0c13dabf322eb7c46ddf2af9783486a857d287bfa7dc0041c9ea1c280c84d

C:\Program Files\BlueStacks_nxt\ProductLogo.ico

MD5 169706218f98a42594a8c5c5a65771fe
SHA1 b8ded94180212578d86a031eb71ef93dcffe1a26
SHA256 3803045963af064936d7071c178de8e40854968b3d3f9171c57a182c869f3697
SHA512 1c3f18ed0a24ffa78fe938826eb88531eb8be134d6f209b87d7af5d0e8c4829f01947d7b0048996b9755562bbb7f52e000bcd15d07d646cacb2989ac881ce448

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 63dbd0ff84a276344245246a6a40777c
SHA1 4ba1a96ac36240f6b8c42e69f2f7c309e072012b
SHA256 d9214931ef7069dc76ac9a29cdcfdbc0e12d790df7499f0f1993a886b9e03d0e
SHA512 22b07a7b74d01f1a6c60b0af4b1c9aa3f49c3a7b7b573ab090e97c44a6d4bf846435c899778d528a08e1ba0549b091c73b158c81b9a7acd425f53d7f7b273630

C:\Windows\System32\storage.json

MD5 aa9ab927f7bc1bc84ada9519e58f9650
SHA1 a9515474d15f9cd43c4f1c30b2c7041d6c6b05c4
SHA256 3cb23b535845ddd6fd6160dbb5fb6b14096161d3e632e0dc424a788875c85094
SHA512 b5bb47ea20ec20587e29dd3b6f8f68e7f8ac567e087b1e432320c3264769ae5e03b16693f5c9d4ba38a0c67d2f2a071b3ee7d104e75cbfaa0aa9342515f0085c

C:\ProgramData\BlueStacks_nxt\Client\Assets\exit_close_click.png

MD5 b09525b48c0023f893d6b64d06add4b1
SHA1 10ecd439ea04e02eefe17f6c110d0c0a78a1db21
SHA256 caa2a8fe9b282939a21b86f8f61fb0c9452222cc3409f06cbb0dcc45613aca8e
SHA512 c6f5a7014c24133eb576708ca17d15becf2b45ec278b3f94e5275e47c78cf0f2eb8bb1a17d277d1a665039f38f2e25faf830e275f426b0a94c6a3da096b6204f

C:\ProgramData\BlueStacks_nxt\Client\Assets\radio_unselected_hover.png

MD5 22efccf38e15df945962ac85ac3aa3b7
SHA1 b94a8615dc92982e1637680446896080f97c2564
SHA256 0ec39ed4bf89a341f1b5aea56d0e99ff5c923b9c3a6a81adeb9ff21764136f92
SHA512 41a4dbb57abed1a16aa84c72c202da461ca45cbaf68f69a10cb3e5529e8dff659e89f7f4459d1e2e8f3549c6fd51f23fc8422f86667577ebed5ab5df149c79ee

C:\ProgramData\BlueStacks_nxt\Client\Assets\radio_selected_hover.png

MD5 47ff3e4cc15b8c4a07e3ceb6cb619b62
SHA1 0318e54c613b8ff00f54d843e90ef88310c1a96f
SHA256 4786cfb7c98edcf01d6b670abf19c50891d56a4de87b96a5e17be142b1af666a
SHA512 0212bd7f6cee390d3bc221a22189b75407fa660a0951c7f768645bf97e7b61ee86fa9b1de6f546ff1151560dcb3b071db8c14a7b08b0e771b539a817b31b154e

C:\ProgramData\BlueStacks_nxt\Locales\i18n.ru-RU.txt

MD5 a7748f70870a0f2cf2e5804d05f433fb
SHA1 ee74469bbfa6e5d04043dae2a2cdec1a777c5b28
SHA256 f74bceefe2a7e7d39650128096f9b97aca5e929fa67e451bfa8238d7b90cea34
SHA512 122025652c05ba9336b339db79b925b781862a635cdb0c8d5db0adacfeb6e0e43ef85c283d417f119d8622640d0ed15cdc6d915749ee3cc1a4f89b062ae71075

C:\ProgramData\BlueStacks_nxt\Locales\i18n.zh-TW.txt

MD5 3ab7d825111b89950d8ca4b3da1c00c1
SHA1 cdf4ec4344598ca9593665465497d370a35aa178
SHA256 dd286cac4e14fe69877e4c2f35eab8352de125f7dc757f47e4fc8329572460ce
SHA512 ac0c2dfc6a963a88657304c83d9f00cdadb5735f208571e72d43c410d767ff6c2cd05c4fcfeb5d4c7f8882e079608e8eeee8b1aea1e2cb6442f78cafaa8ffd09

C:\ProgramData\BlueStacks_nxt\Locales\i18n.zh-CN.txt

MD5 1eee99faa98b0385fd8077acdf53e81e
SHA1 3191f6c03d6fd3b4db1944e3e7b3a8b85ef20dde
SHA256 7d245f9271426eb08f976a83e8b229e9a830f51674e47b6bfc2181716ec0ecf5
SHA512 d2c116c7c56d7fd6154c2ab856adccba5848ba1fe1ce5ae38fd740e388cae77f095feaf90d4161527a4b3c99c129374156f85033c18f3293defde33f78708691

C:\ProgramData\BlueStacks_nxt\Locales\i18n.vi-VN.txt

MD5 2ffe813470cfedf7384207e61dabf1df
SHA1 1673c446a89a41afff299acd0f74b4df65cc29c1
SHA256 e666975aa6894c7d5230eb44a6ee85564cac7a51188ed05b77059beb60545ac1
SHA512 3288001e68c5533ae092460d7bcb20ca42c37c04fbdfd412c1046ba41f0582ca3a135f136303125f680165c401536b9bacf6d6435e10ec1477d7f9b45942c34c

C:\ProgramData\BlueStacks_nxt\Locales\i18n.tr-TR.txt

MD5 2ddee14b7986e234a208189d650a2e4d
SHA1 ab60bc9393258e556c7ac20a8d68f632ad44ea6d
SHA256 fd9c690e597fc7d8b3bbcba7e39816087c424227f89bf3107da7d16d444fb3dd
SHA512 116d06a37e836d4f48b59aa9cf4164e1ba4abc081e62adfc6f3c8d112f46b57c060381dd2fc361fb83a162ab12f915408df193bdac405490e3014bc0effecc9c

C:\ProgramData\BlueStacks_nxt\Locales\i18n.th-TH.txt

MD5 bfb84603722e804e4697a52285b867b2
SHA1 5840e5e93319f981dc0f6df4c7d7be23547f6655
SHA256 98f156d8184c10d504189eab0077aeac8687e1d6714d0bb228704d660e01446d
SHA512 e26cc6ab7087a252471cd6233e3baa9d9a66c0a7a0b3703987b31ff4f91f89d00854d8d970f3090b2d90155d5eb5f724a096badddbc6a4dca7dd1a53fad6ffd5

C:\ProgramData\BlueStacks_nxt\Locales\i18n.pt-BR.txt

MD5 162e3a28c1b32a605d84cc18a2998ec9
SHA1 9c0a2ce21321f56a1ecc61879a9b2c1660cb4238
SHA256 345f2c774e182f1dadf8dacb5539dfa94e33a4d3effb006053f9ba17db6c0f01
SHA512 d2377da38814cfc22950bfcc42545542e33ed6d4939ddb102d1fb11ec2ff019e53fb980e97ce9a9a9926c0d9665d101dc12655a1d67f506a1456e5b244ad50d9

C:\ProgramData\BlueStacks_nxt\Locales\i18n.pl-PL.txt

MD5 c61810a689ad52145f3b644b3e4b01e9
SHA1 ee7f7229aeea4a0ec6e18805b69d0ff928afbf87
SHA256 c5cdf3696ccd6e3e600483836c81b290e5270984fd7ca12becafedea42cd64e4
SHA512 79dcf55c6ac864764fa4c614667053c99cd37f408b2b573ce18077fd09ba70877b3cbbd1f57b680ba6e9b5ed5a4d257f11d12c67a0b56dc9a099bf2584e0c393

C:\ProgramData\BlueStacks_nxt\Locales\i18n.ko-KR.txt

MD5 299768cf839ca0926344233731549181
SHA1 773aa661c5bbc1a92a41b2f02e59bf1d78b4b142
SHA256 883cf4af6b2124bb70f51d683c7a1f4b3cecccc4ea61163b8c4ea967155ea839
SHA512 0de4317aa9139b415d4d10aba7f64cbfe39f0417e2d19dd8e69ada7d0915a81f71be242caebf5e019a2638d6d0457c042493c80ea0d24c2dd43c18bfe76dd2c2

C:\ProgramData\BlueStacks_nxt\Locales\i18n.ja-JP.txt

MD5 cb5797745966bfbded96d28cf53e2f93
SHA1 1cdc380338f076c608a4143cb685e4cab2bee916
SHA256 25fbeecfbeec0b2a8ad45f8b7da31c4eb6fdbe413f46e75f40cd22d874c8f7c3
SHA512 f42ef0a3566f02a4487daf50725c186a0cd8c03850c569eb0cf4134ad2c2004135730ff8f672207bf12837980fe722c4581bb0c6c1eea5dcc9014da5719901b7

C:\ProgramData\BlueStacks_nxt\Locales\i18n.it-IT.txt

MD5 444e991f12d84ad04baf6c8eeccc7a9d
SHA1 f4bec5e01161d6f5cc9107f2cba325cc9b0ef325
SHA256 4b1f6e0fbc834a783ab8230e678bfd1506ae6c18b0ac0a5bef1d8344b5b2531f
SHA512 ff61397322d86f36a225e9be7444c643e2760a556311c97b230583b0b2788208d11f723e500c3d291d55d076b5cb0a52d92b50a8b1fdfe348fd61341b915f855

C:\ProgramData\BlueStacks_nxt\Locales\i18n.id-ID.txt

MD5 7e8631459def09a456900fa9d3cba360
SHA1 b5204153e26b303598c473e7e92b01a87818787f
SHA256 9620d50148651dc75d3741eb12a8a23fbdeb5efc29f1be24842fc37d01b71f8a
SHA512 f813863475538f763733b0668f3b5cd7d4b6f7132c1a9df3b4665907fe6280d6d8c9dd4f6e3e06bfee7f90a2a527f7cd66bd647f08b8203664395f31321cf84b

C:\ProgramData\BlueStacks_nxt\Locales\i18n.fr-FR.txt

MD5 3809a8d9df2f73bd1b2cb6a727e3768a
SHA1 78f7f511fb688e49827105109e73affcf0447040
SHA256 a0f88af33c36c2fdb71b4ef157c1fea12eaf4fb30b0c51e4fd2a574d3529fa10
SHA512 d698cd445159fb2ee672f719d99c1feb1a2bf0113f8f5cc17233b2dc01771a8c1cf3a979788a91f02f6e8e299dc7c55e31e5bd3eeac4fa028a7693f945e29f6a

C:\ProgramData\BlueStacks_nxt\Locales\i18n.es-ES.txt

MD5 412ce0feb5a656c908775da52043c31d
SHA1 54a35431dc77d66fde2c828f10372142926b4c47
SHA256 7db48c44d717c50011a2fe2d8f5eb0214c817c7eef5bf1f656feb70270a53458
SHA512 2209d911c91d21ceb44a8e9375fefa9b5ea55cb800f49f709a7baaa56d52a94f5711fce850d880394f6ae78d23d0e3f1a5727514b970f940d0b670e2e978a997

C:\ProgramData\BlueStacks_nxt\Locales\i18n.en-US.txt

MD5 a1e3293265a273080e68501ffdb9c2fc
SHA1 add264c4a560ce5803ca7b19263f8cd3ed6f68f0
SHA256 1cb847f640d0b2b363ce3c44872c4227656e8d2f1b4a5217603a62d802f0581f
SHA512 cb61083dc4d7d86f855a4cc3fe7c4938232a55188ad08b028a12445675fbff6188bb40638bd1ce4e6077f5bfc94449c145118c8f9b8929d4e9c47ed74cf7bece

C:\ProgramData\BlueStacks_nxt\Locales\i18n.de-DE.txt

MD5 defbcf66edf5e18b0b13c8062fdfeff8
SHA1 8c807de19b131831b72325455f1bcc3ead0a09cb
SHA256 a9d87275086fd2d700d588f45c3121eb6a75c64a2e6c4a8714a61032403cdb03
SHA512 a30e142679e942932d82fb8179a9f8ca2cd5882577de64e8e4c38eb84c99e359235346c35b6237133159288261b0f6e9032dc6b14f512e2a431f093187e1447a

C:\ProgramData\BlueStacks_nxt\Locales\i18n.ar-IL.txt

MD5 9fb07e066cc2f213a64d35a97a8c2922
SHA1 a70db989f5c562bc69caad89a1402c8ad7c9b80e
SHA256 65e7b0f37b5e2aa805ac8d57969804d803430186f34e9703ca9fa09ba908ef90
SHA512 81680bff55b475a62a4bf29a8c219230b84894c1165f60e372209a5aacdba8e4819c3dfb76f3b55c15d472ababeabf0cd4b30c04e7daa26df63c8a5101970c3c

C:\ProgramData\BlueStacks_nxt\Locales\i18n.ar-EG.txt

MD5 7dc7a16b5e42818c9249db888ca17075
SHA1 42f6b065b90017078fca7161cc4c26ae530dfbdd
SHA256 e696f4f231acef534d62ec9d99a3f4fc7b74a1c1deb3f9bbbeb4e94194bd9747
SHA512 f2706e0bb348a691d3cdc9d05ff4f71979804628547a41386aab068b008fe4933b8689500b5e45abf6afa6b6f1db3024ade2846659b2664b37b724fac5416a74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 67f72fccd12692258fb3ab7d7f553a24
SHA1 ea151ef3a8a46ab294ef72d37bc23a9450382144
SHA256 ca232befafc43f851ead900ca46f25824377ce4541d2f62f3d8d409906ce0f23
SHA512 6e86dd34e269c37c7936c20dc7bbb2f5eaa2b7567afb4d26f794dbf2be89f467f8d8b7d9eb0e6f3eea192a58a9bf9357f0f99fafe40a31dcfa5b61f7d131dce5

C:\Users\Admin\AppData\Local\Bluestacks\BlueStacks-Installer_5.21.505.1008.log

MD5 8c873d1e99c5484ee1d087d57ccad302
SHA1 89d1be3d1eb7e56dbcefdfb3fb324eb2a9f13a68
SHA256 372abec2e82e7ebd110d9f0f57369c00a221210a9bd81dd3029c0bb55d9c995b
SHA512 68b4bd75109259415e0eeab0d7fce92aecaa1d8515b342f068ee25e9dce53c441df928b3934943a0fa9860577f53616a67cecba31ad33fec14d3f13fb9a2f59b

memory/688-18482-0x0000000020BA0000-0x0000000020BA8000-memory.dmp

memory/688-18483-0x0000000020C10000-0x0000000020C32000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 98cd6ec131c9417b73a4e35b2fcfde0f
SHA1 270f1ae6605f1b95623b376488704d529beaae00
SHA256 889f0ed55c9da154e4b02484e7078021fc09db08e9b1bea4a55a8be1d4b75460
SHA512 17cafbcb02d075a85deb7ad887bfd244c95f428cfcddad8944dbbf42c5f582e14e63def2f4f7b6f7174b9dc913d71cd9363fdff01feb9683614db2321217c747

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 058032c530b52781582253cb245aa731
SHA1 7ca26280e1bfefe40e53e64345a0d795b5303fab
SHA256 1c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e
SHA512 77fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8276eab0f8f0c0bb325b5b8c329f64f
SHA1 8ce681e4056936ca8ccd6f487e7cd7cccbae538b
SHA256 847f60e288d327496b72dbe1e7aa1470a99bf27c0a07548b6a386a6188cd72da
SHA512 42f91bf90e92220d0731fa4279cc5773d5e9057a9587f311bee0b3f7f266ddceca367bd0ee7f1438c3606598553a2372316258c05e506315e4e11760c8f13918

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b0a473fb3a1bc008f1da56fb9776b978
SHA1 cb577afa8a8d3f5b2c088b44c25c3f67269cefbc
SHA256 29c3270e695bdaec8d54359e203a337e4067434f2eb80610c3647ee1ff2b4d9e
SHA512 1227849e55a520e1c0a60c3e68fb5b1fbc8fac368dbd7d156218a9507f557820203ccea25a7ce823f8c32bd65714aaf19f6f6819e421b2adda8a7852b91e1499

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8035bb8c157d80282272568c54d3de7e
SHA1 9ee30c0635da62fda4b9d7d93762f6a3fa39e5fb
SHA256 e613846cb13cbcaa533a0b13dc7655f6d5d0a76d864c38c21c27fd28bdcc5076
SHA512 89ae15a87d448bb0aa9b687104e67f91af3b29569630d772fbe0fcd777e3aaffbfc9d5f5db48403c5bb590bc86b333286ba2cd0e25eac8e17e26142a38f9d0a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 28b259373829e514e0f26b5c6cf9637d
SHA1 6568734df2eae037b55f8fb2f4014b478f095106
SHA256 a3b7120d4a5fdccd166e56f8acbe537dbe9a2049f2802dd5a01c4519f0a2f0d7
SHA512 7888274b4d70e9215015f2b8198aeef307bca74f990bbe12bd570d4f6d6b32cdba7f850826ed0e72590ce3ddd145c363f7da98f7183dfc9d0e5dc5c3eb6f94e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 22f26aec434406ab154b102b346b9cc4
SHA1 842e43255ecc29b3d0e85fab338e375d014e807d
SHA256 f5f250e8a0f98e70fe74c7a26d8a68e852c7a8d46c4ca80afc083eb84fa663fe
SHA512 a903abf9667501911b58a0ee806d4d0d4e30bd9a2bccac8c9057117d1aa1c87b9f18535359d85f6b7610e1be3c4e429d10c845d2e5eb53b8d7fbb8c79a2ec84d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 31dffb583c3e5c4743621973c09bbfb0
SHA1 a95199124557f8c8ee45925cc067161b05413bb9
SHA256 6fef3088bbd6b233d479348c995fbc75384204afa78cebf55d5394fb75d85aef
SHA512 3ac2440806b903291f11c123af76066b4a1785bcd723d9941409e92d9cce06f3642eb8912956d056f665fe6078f68f41fa646b98015254ef9b0fb5295501caab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 58572ece84e8edb56bb1b98bd971e730
SHA1 12582eedde5ca9b0191479fc4de80c2a7713a93b
SHA256 2ad0ebf01646a78af804b098a11508ad77b973d6fa867b3559fb64948910206b
SHA512 a85594e6b286511c5231506865a9f1c2b015283873f0ab1b0f707474236049330b5e0c48af3970f1dc64e2b94297f690f5da281935c012965aa8fd84f070c40e

C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\Network Persistent State

MD5 2548e3fb59a0f01df691f8db28daba91
SHA1 0f15608fe142aba95d76af18fb8e013372226180
SHA256 7ac298ca568edaaf8a1e5c1a97c50401330ab7051461853b5b2e7350f7144272
SHA512 ed5a969935ab27670af2e489cab2ac8c178fad44de02b41737860b5ba3844185a88609af2592db4d3cd00f6f50c6cd4ddf06b42cb5ed8b533d7eaac5e11fb4f2

C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\Network Persistent State~RFe6c0a0c.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 142887bf474516087567552adc2d1330
SHA1 a97bbc61030e3d6500b39bb21dcf21ed68c6dbcf
SHA256 b7a8a27b981fec42255d18d1dd2ad51cba631d9754b1cbb9e5ba6cd48b47a6b3
SHA512 93d16fe341e1c66755ed2fd5236b618fedc9fdc99e09accd4cb04f61acb46c6b66ac5d6b50612f6237a535b267a329525edbed0eb044c8386c347a0ddc0e9295

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0fbefac56fa30fb9c7c77fc0a0d76e7e
SHA1 8fa7d82c7bcd743ede973d5d49f317a6adf47801
SHA256 b3fde0e6c77418bd79c6b3a94f77ec74870609b1287d3b0eee8f19b9f91e95fd
SHA512 fe57d76b8360595e0bce24653bc5a7124ea040b02322c3af752b52cf8532997e4ad7fadf9f5438358700604a9bc681484b2291a14e7dbd51cefbb3c8c607ad5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b3ced8535be59ba48f5aebcf3da29c5a
SHA1 b217ada5dbabb8b25357958c5489d4cc00fa1935
SHA256 718c498699961e634b4c78f8540c8bc7b896b9803a441a2e6ae461b3e7545709
SHA512 f3aa54e57f0a718e0ed373061f166265a4c0ec56a59f060c64b7ab9cabccc3ed878eaa49154f2d6a678a75909474852b56268d4f4a00e0d8fb9325d86b65b75f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 34557dc23ae1a8dbacbe09cd3731441a
SHA1 35b944bae41438f945a1482729885278108091e7
SHA256 3ba961bd191ce1f862cd89ff78ef15897634af6feb27f79570e2069172df3ad5
SHA512 f953b562ba934bcc8240f04c24b000e02f3676aeeb2c7f1ad9b931b9fad81a8f2ebed598985da903153e5f16e8e5e5132550e18a10b21c69ba6f867e8f81b006

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 aaad37448d78bd6a29d4b2467298f6bc
SHA1 b6b7d37cc003215bbdc05008e38f09829cc6f614
SHA256 187b177dcfa294c296f88813e2d757478bbc37cf1c477e8d2b25b72ef1a703ee
SHA512 77de1531ad45ba5c3489b6e01135b7f5acdb6023d05ea34b2178da879d04a623ec3bfad94b58847ea2d7bcca0bb664552b6c72822758a6e24c45e12a2bc4e22d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4e7344035c473ce37db4edb860deaed5
SHA1 73ad2ac42616517f0f004e772bcd48ceb2b36079
SHA256 c88900cf71c24f561ac8f4d7fb2757e4c55a3b23b77e8eb45cb407880626e54f
SHA512 a5d41918194a0232e3555001a6f3d153aef4d07acf95df6b94bab8616ae4f21caa0e47717fc246d602015cd093b13e8ac5844d6a1401c65687f999b0a01982bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ef008e43c7e0678edbf2dbb8b86c0367
SHA1 545911f619c22536ae0e00d408e9165f6361e4a2
SHA256 74623a4bfdd8866b0421e669cccc5dfb42f7e3ab81d012f2c47b03ea47e516be
SHA512 e37e610781136f2db50d3ccad02497c336d49139a4323b37a124e88282495c424967a5b420ce5fefcdfbbccb80af4799a5f063b2e42e0f4375d9b2ec3095930f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 f78557b4c28f732ef19489bc33fd1796
SHA1 58ffbf40c6350d09f73a75cf31087739c1112429
SHA256 959d9c16b3885b829793932a505fc0b198150db3a4f02dd4c0f1702223e01a07
SHA512 00d7bca00071ad0cb50fff91305d047d450dcbe867b5d24b59316d37d9aad01800765662211de997746aeb34d1993d7e59730ec47badc7f77d40a1e1dbd5853e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a9c9bf8784b25abb234acd92d4238eec
SHA1 2d81e73e8a1fbeed3aaaf07f1164060f2a20d1ea
SHA256 a5d6aa50a1997938837ab154bec42423056a558b78aaab921ac3343ca4d0578c
SHA512 ae53639311bc4ab26c7a4769cf40f3cecb8c609447512341c952fbd69ba0b184f99237933a26b45d277e0281beb4ff667184b70867824af93510a75732f30038

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d1632a93eb3092c8a3b1196d55280114
SHA1 20bc0ae8fe9ec46070f7e569fd2ef4bc9d7f6f6b
SHA256 3c987ef83b4fec24898eccc0e8a98fe747f26ab0186e774ab5cf4833227d3c7f
SHA512 c1812a3c8f373cda5af7a05e8152f25fb701d53ee076bf07177690d53cddb5bb19b493f83c626a599d49e19786b9229f2801cede02030d0628f461c8a38864e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c8294751297e10a44e03c38f88b8aeb3
SHA1 e165a7cad8fc3655c48f5717aa162e80196c9d53
SHA256 6028e6f5dfee379df5af9174693d014cf995cd0d8ce495eb51b87fbe8b12c216
SHA512 65f123069535ae5adb18349f7ea29c93b756c1c0147e4ea60104ca9f51b8ac500f181de7f4c501ad5caf58af1709182db08796e96c748e2d5fd3560866c14e99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0bb94b58492325ef6c50817297fe8ef7
SHA1 62f318da11220e4ca0fb15c50cc3909ba0903801
SHA256 182a0ab4b9e671c4e5752ec2a232355f2de300678cfd7db219d40c5aa17d3ed7
SHA512 2b205ded149ebb694ba7b5d6f87399d18e8e172e49e36fa8a3795838ea4eb87a071f8e37045da09e86129fe67630b98bf6048c5da5910fd47e5c18ddcf1efdc6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4353aaecb68104bd29cce8eb91b1a482
SHA1 d4ffd104189c31c054224d1cf5a2181104228847
SHA256 453eac4bffd871d132933eaa80cc931e160113177f5b629f84c788a266f56b83
SHA512 a118b666074569b2de2cc56c6902d425c75c6dffb8eddee6f1afe2d1b4ad8872d8ce3ee8c1433b677320b6b0b26a472bcc15ade8708d5a17c6dbf67d2cf0063c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e70887c81d46c064b49eaa8ad8ccb989
SHA1 d1e686ce8fbec06bb11ee02be785115af95ceaec
SHA256 2794db7cddcf345fc95e48a4e84a43aada22a9759ad9e45b1d2f16622e4937c4
SHA512 2e72f9b44bf8804e6a0ed5f0b17659ed655bda821a9e7b8f1bee9a037ac15ce837f60a96ecfadae23250c7e5fe8ece44f62030aaa4a9b3ff34844ddc9ed624fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 88249ae1cee8d23f38b85e8f030404b3
SHA1 d9934e7a04a60efa7944d3da6d25e20980dc6a2b
SHA256 8bd4ca94729fc02448c9c446221da91beee17297198017172892f80bf784823f
SHA512 df2e15d0559637e40220b0c5913e94e4a9d45d38e3cfedf43e39a63ca4d81dc4873f3db265702d889225e5742f0cdfc0f90f0bf7eafe10a1cb60ec61e1830a8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f8e972c936febed3bf6fc5585ab37a7c
SHA1 e8fd91114b152823048b72265a5821e5acd8625c
SHA256 bad430fd95bf9a9ea0f7f9d81d269231d0fafb47e2cfc5bddcaff970dc8967cd
SHA512 12e9cd1ab09cb033ef7f738e22ecc27a2318496c8a6dc63a572964a418d8a8d9522768f34f259ca517eee323fa0ae2f94d1aebce217a9e169240af87eb7acceb

C:\Users\Admin\AppData\Local\Temp\NOXC20E.tmp

MD5 f529dd5c9109598721d753efaf306acd
SHA1 69aacdef7ebb9a1f974b659c8831a59107538dcc
SHA256 dfd55944df560ef7d1d9bb058f03e0d80e53a9d4eca0461cd67077da25f680c0
SHA512 689d35f0ca1889e52e55dbd50d5ae646ad8b52ad78cd76159a96508b7a4837c6d0a632584a462b4bfcd4676e7fbb62ac78d4b839874b5ed05ff36416dbe0c514

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f8366894-3244-47ad-aac6-d3aad0c8a9a2.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fd01ad1ec59993125f501d763d18aaac
SHA1 0cb578cc4798b0615e42d60cbfb615c74cc643b4
SHA256 f8b6c1472bb3be6826740d7a2677db7670ebe20d479a473d345ea6f819ee5139
SHA512 ca8de9b00cee6fce09df2fec02be55af7f9e01c634fba61b4b620971522eb235d3c5f90eaba9c5069a1c23749540ef9f0891486ac20036bb7b26a95346aa6985

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4eacf05903594600b2f0dee48705fd43
SHA1 537231535e4cdd76ce27b1854fc6d6ff19570367
SHA256 c9cd40d5e74946e379ed4aeca71a593882e608d39ca20e27e95e9f4db5d11d2e
SHA512 fb44de0105502afdddca13de0b3bbf19e441c4c35565c1cdfdcc5da7e2dd60541a555a8c777a3f5bebe5846111d6cd8e594ed6034037b7ea4c452cc4a4b26fad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 06451c4a1fd13a59de74201e70e652c8
SHA1 56c713ad8555389e57308cc3c9f5c52d084029be
SHA256 5c6fad4ff473e6922dcb16bff625de4e885b815e65d20c3a22ff6dafae428fd1
SHA512 936f902d9dcc5232451e64dfb772b6799913103d7a81681653ce79ba8d8e1650a4afcab849677f24e0ddbe74fb987b3e69414c15ce8bf8301693a07eb99bcef1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f192c0713a58acda709e8297c96de521
SHA1 3b0d751132036f8ebe120dfa3d0bfcbaceb5a207
SHA256 24aeb470185f980956f4b6749cf415e3fc722184c1092c7ce9aace59583af2d7
SHA512 17ee6b438f609cb5ea5d01855ce445ae4cbec78564adf0e5ae246c07a1720e7ad2a797818aab1e9c0db4e31f482dbb5244678d814391c98638201d6a9c2fedd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 eb30408b4eb3fe0ede8eda0550c378dc
SHA1 d2f23c719950e0e494ee37b16e57b75d614a1fec
SHA256 305d388f0a163b38e1a0303edc018e15baca6cdc64d5c8c17fbf3b59779706c0
SHA512 1c5c6f7eb0266709e110e9e0ef020aee5c4a879c2e123aeb8ee76b2c03aa3eeec05a1124f73a237a4a305b0f4490d7fa81f1177582eb91efdee9de7003a11be7

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 c0aa63e0b4dd571e990d8f578023f77b
SHA1 a8260a0b05fd7f35024eaeaf62ade720e8a0b237
SHA256 714347b7352f69f10cca2f4098e59e3cfa3daf6ee1aec98e0ab77909330c96fc
SHA512 637d7a8fbbefe74d460f85048211d499afe0db01a050c13dd8337be41fe1091ea21db7128751acca5cacac38adec162bf746e40bbe77f1505c0c6c8ecb26e31d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7c351ec079e4fb2ec7716c3057628b86
SHA1 457885fc427293eecb3ff6d38086c53fb4098597
SHA256 ae15d07ef962f93685fecf41e0109a10b69a8e98f932833c4eb978314469a417
SHA512 9cdbb1897f617a90baaa23ede74f2daec1f71807f4944d9238b585269818da912027fa9321cf7c0f4a78fe0ec348e97bc8adde71c3c21a263c30d24c84dd2d74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c7c458b90e104e444d6d9d89ace5a93b
SHA1 d81d614810138fe4c7151c4fa24936f270f05a93
SHA256 c5efdf39a5d017412c8901071cd707228fc9ee7dc341fa126137c8fbf6c5133e
SHA512 2974be57537954d2fef40cd1a4b81b1f525ae79f002168827bdc1160c17911d8559e7f55cb02dc3af0ed822faeb4893ea5036d62a15b577355380674a3966fbe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b4f13ec3611a1cee6b8bd3d7f12cf3c5
SHA1 5ff4498dd34f71ea1e3e32ec703e9418082b2860
SHA256 92e79bc2c8dd1e6075827e8a3cad925bfbfebb8ede191178fcc35e36c1102d5b
SHA512 96c823af2dc04615b0d425608fefa08be637ee61c9fee79d8b8c36ee9aba8751725c0fe858d254308c2e0eb948dcdd1fedb09c6bebcc6feb503af72d05d106b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a6e79b94343ae947384cc68c41cd7d85
SHA1 3a393df83ae57a1976fb23db4c60684c3ccdc716
SHA256 32fd840e3005b95cc235bdf7378914307c1b15a7c3a6b32b19613983f07c8a17
SHA512 6b97115c4a5da4c332d7da0314c72a76aaf898670364a8ebe188fac97347d03c264237de29e48ff2082531b6046c76e2f680222cf0dcb99cc0798e4b401dff62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f19193fd9341f4e7a5ccfc19a52b3928
SHA1 3120ad72bdd086b5c82ed0e1772bdff774a86855
SHA256 7499505a10e15dd4ea4390ce2bcd3c779e50b391809bba1785e7a65d51299d38
SHA512 8cbf28c792d331d9ba2215146a4bf48e6d1c631602f57c2c42030412608406f9267c7c60ed2ca7c735c3a2033c480e025047ff3eec74e39b5491b237d4e40fff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9661431bc513fd54933551afb1a4b2a5
SHA1 88421c1cc4bace75269d3c68f212064b44e217bc
SHA256 edc0530193db06e022bafc276b3e1919adb12a6959c953a5c9fc69d339f35a68
SHA512 6052436e2f5036c4c6de7a4e0859fee23a17199d9255ca2070604a58dc08596c98a0963c5ac9052e32549397c055602edb33e5a2d108b8abead2cd097b35b35f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eb66f8e7123c5dcdfd4d49be19ad06ea
SHA1 22a87ee87283c11a6342fcfa3d60f199a53da705
SHA256 ae19c9cc29f037710cdcfd997dd47b4c63f466f98e891281fc7855f3ca6db78c
SHA512 c3483b567f0787093c0fa28738c166741f0f6716d6f1b8f64cfbbfcff1f96667cc55d2a6493435b2eb437845cbdb25c7c0c90dfb237db65faa3a8cd7b42b4a38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2fe1e10a3b3487ae4f99e3f7a9b9b29b
SHA1 594b604d5ba1db73a09e95c23ddc3a3dfe70db44
SHA256 748b3ab07a1bf4c53d304e3172b7834842de0072cb1aac41a524605c46c13be7
SHA512 d1ee81daf3dc4d5be29313bf1e08c537ec4d862a6bac11731ccf90a6aea4b22bd686dbcce8d98ed66f85bfbb28c44ff0dfb019f24894f357504504948831c866

C:\Users\Admin\AppData\Local\Temp\NOXC21F.tmp

MD5 90d2edf41c693375a6246787ab76987f
SHA1 874d1df6f6fecbf714881134283af3005a1de431
SHA256 a1e348fd9ebf170ee6864f960c010fa89de32d992c6bd52c3960e7231ba04b74
SHA512 41f5028f4c0a41686ab77cd09770bfa38294d599bbc26db9c2591592f93f9c935ef0d0ab8b1a7a7fd83aac74f859a36b169d5ab59f484652f09a0f854cd3d4f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1fd3aff82c88b6400b2da1eb9c1092e4
SHA1 9292d8b9882820f3439354c3074f0cd1a579e831
SHA256 19bf19d47131896676388b818efa999c20bae8f9ad336b79793faac1a0186025
SHA512 da114089fb878588f0654b622f2a6e6d156c37cf6a16ce637903d61014121aecfdf23dbb5e2374449aa096ddd62b8c13fc7a01e8c3322139264c6f0d60733543

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\297ecea5cebb5dfe_0

MD5 86081cf32a877d4497f91e6df902bc7f
SHA1 75a843835c9312446d336c1703884282b6ff7815
SHA256 d8c1a01e70cf72f2d8a5c4ab1c3043d715595bc2315c9a82c7e2c151a69fc7ed
SHA512 0651d243801dd5c4e1b4bd21e4ed8da5553dc7ec967e17a1519c9ce36beba4b0d443eba7d5bd18f7f485229d5a10132babde9eadfa77dbee3219085869155d38

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\013888a1cda32b90_0

MD5 efa31ecd35b669360ec3a3da4bd25536
SHA1 d87f3c3542557e8b4f9ba8c3932c3aec310956bc
SHA256 08c22b1c94d3c731d618a9dcc2c3e19838446d1cd6fea6effd5a2b8a01e3759e
SHA512 2616665d838b773cc9bfff7ee9592d015046bf6ca0e3b22f467234ccaa905d2424beaa409b19bef75d78ca68b27e85dfebbfd343113b09e756aae41709bb3613

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 537626c83cf90ad06b6d9d374d52cd78
SHA1 6881748e54a2ef43ae036b6b75fbe5ece9e712bd
SHA256 c5a94a9c4611fe13991a7d41f385672020fd11f99b400eb5a070049607512d55
SHA512 d466cbf48076fc0c61b816bc3bcba1ddd8463c5ceb40da1611247a4b13ffefa740f1e84d0bab5e478cf27f56c92ef606ea0ffdb4f7b770cfb760bdfcb9466512

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 859e1ed3e95f5d16a9f226a7e2da9338
SHA1 0fa3d83d0e5a0856a8d78ef869b0ef6d55726b3a
SHA256 a96d3d3efcc1c7f2d6cb1d62a02e902f873bad4fa1ceffd076452dc5e0728a48
SHA512 bf161912675c2b6dfa9aac88727228b282843d112bd85a5e15d680cfd66729d3d1f570927292e6a18b46b6a306a437c13d657d692a1954df17c7e3becd53045c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 528c61501597b6a4e8e8a55ad4a6ceb1
SHA1 0dde4723b6c52670c0b63d36dc12762afa299b06
SHA256 693a4ab3553554cdec54a86f86df8c65c6c69c33dd998bfaa74ca879797ac5e4
SHA512 2e3e340611213c7724092ca9dcbbdcff26fa4ff587bfb17cc0d38171158af8a8ac9d41f3476070b832a7ad68e1e7312229b3c37dbfbe9925ceed2fe7c79dc549

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 328b8bb05b2aef0623caac454fa4e762
SHA1 92ab0f2ae81bcc23b9e2d0d77f0c22171a655459
SHA256 b7a3032cbf529be67e493354e2dd053508c5a3e8e60b1df550c6d0aee16030da
SHA512 ee85a2fddb9b964b377a5db6d5806e9b05c01946411be2ba27da474100f4e0909e12bc0370357e671b31b164f17573e9e1484f01c72d89c5f428f373bbb5b56a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000133

MD5 631c4ff7d6e4024e5bdf8eb9fc2a2bcb
SHA1 c59d67b2bb027b438d05bd7c3ad9214393ef51c6
SHA256 27ccc7fad443790d6f9dc6fbb217fc2bc6e12f6a88e010e76d58cc33e1e99c82
SHA512 12517b3522fcc96cfafc031903de605609f91232a965d92473be5c1e7fc9ad4b1a46fa38c554e0613f0b1cfb02fd0a14122eaf77a0bbf3a06bd5868d31d0160e

C:\Users\Admin\Downloads\Unconfirmed 464713.crdownload

MD5 757987a8437039276dad42102cba8f23
SHA1 9a1ba7bdf9ecc849525bb099bbd9d277dd46da15
SHA256 e3e2b21dee0127cb9ea06ae7184665284d36413d38146c252bf6fd8812e600ae
SHA512 9ebab1a503184ce029c319413c4c0698ee3ae0a71d3363f191b3464f7ab7b35d561c36489478bb481c734974ff3f469f4e3d5e0c553c7af88341dc2950af19a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a04bf8ca832dd19c284f861cbc16b3a8
SHA1 8f8864e0a1da936c58b150aeb8078f81b59e605d
SHA256 25248cbf3d105594e901bde51a32c47df3c2728fdf9db8e3c0642e978ac542e6
SHA512 18dedb5c63277d1fbff624f9706b050be1073b57727aa0f1942b66be8edecff65369d326c2a8cf170588b04c073e3d32220479a4c61f87fecb39819e38fd34cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 261985b198103c8c5f4e1a25da237247
SHA1 2f19472811ecc9eea86fc722e5fe83934a75945a
SHA256 a21a4402417c97b2af0bd2727ce35cbd480e9dae171b16222242b9e84517cf3b
SHA512 05a5380fbe0573d35bc5326eaea98ee4598b8b8349c15c906f78dec16fe721bd1667d3db9d07d24197c808c31ba09b7aa5f92666d14ad8bc0a49f6ea86b6f805

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 07c70296f31c19d50a42311d5cd58068
SHA1 709ac45f7baaab38b745810285f470a56c2185c8
SHA256 3573a20ede18a6ed24cbe69e401776d770b9238f870c8705d545303d9cf58314
SHA512 8ee4f004b4bccde53feac576622b7023d6803ea83fa3ec554b364ca62ceba53cfc75e426450e6e11f2d6a7e094404ea2a0a68c85b1c792aeefc612ace4ee64f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8f1365204c30a317c58696780775dbb3
SHA1 744cc4ee15f8754b6300f4590c67522fa75d0abe
SHA256 6fa836af5b6c445cf16316979f3d8063ff0cb64c95e58fbfdff34cfd00ae917e
SHA512 e0624f3231a3b11b318a07d9b159bb60be5be6a2204bb75f3ad2eff3c8d0bf437b26edd99362cfe8bf65e53ba24a97f41b9efba5454c2a6eac3e6cdf4c5bd81f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fa575e6fd2d3904087f4a324119956bd
SHA1 3a937480ed85aacdba7cbf60f814c9355a60cc9b
SHA256 21b74065accc90d9540184e7061d4f39aee7a68c70a6f842bf33add5d2d4d8e5
SHA512 01bc6d433c11f0c6a8e1ed2e12f09f5ec8387b77f8b52cb99ed0ff5d76e2a4b0ae0213d125588f8331a4f3706df276cab25e1722b50c1562ee5cccbb132739e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000146

MD5 05e9679509b61424a07cc4d4efb7247f
SHA1 db4fcfac1d89c7e4f0bdbea9023034b64a9dbd81
SHA256 31798b2630a882be758010dfa51b12026c8fd81f0e4068b38fd739cac78cba0b
SHA512 1cbe7343e19b41f3f116a93d598d7b67779d29c6bc0a7b086d112dfcc76fee60811290b67b5d2561751700be483f6cd460b9b4c8325397813314ba064e4c2208

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000145

MD5 d9d4968d58186f2b73099229140910e6
SHA1 d15ed09573302bf84c5e25998dd0d130f8dd7a25
SHA256 e42d4e8fbc0fc3db0617fdb9901dba11bfb126296dcbf24fb8792e2a61134394
SHA512 eb317fb19e4dae070b64af4c1a153859803bb2d831e61ea2f2e190e35ce062029776fee11708d59bf8599a95d9d278b054af9e33df5113e30bd028e0d2a64761

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000147

MD5 67e59a06ec50dcd4aebe11bb4a7e99a5
SHA1 5d073dbe75e1a8b4ff9c3120df0084f373768dae
SHA256 14be8f816315d26d4bc7f78088d502eff79dee045f9e6b239493a707758107fe
SHA512 6364515e92ed455f837dcc021cc5d7bbab8eac2a61140de17ff6a67dfdbbd8fbdded5ce739d001a0ba555b6693dafdb6af83424d6643ff6efddc46d391b21d95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3606211ed32676d5d9abc56b0ed84310
SHA1 5028041f5a92cd72bd365ac35c66e47f89f4736a
SHA256 7e0dcb5721eb2241775596d9d12f1b3623e1f0446274db5c84abb2487417b9a2
SHA512 b0d2234e36f32faa929e32331fc207f381980351d230531f93b23ffe2e3d006ed2aba09c5bf6d0438ffac399ad7b2ca2258b11b12f1d1ea372f2674742a3656b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6304caf8189e5a5d04c40f62661cacb5
SHA1 6a5d9002943bb34b1c6a8033913d1a946b7580f7
SHA256 9314ba21253815388bf7eb22c685fa7cb6498f6d2406aea98d8bc48838c8e575
SHA512 f26774b60c997b40549f61aedd171a18637cb82992540597d4b47fa8eb64602c70f79092a759237066fdef9a9f1d74b187d24b55ac4b47cbd1cbbf271c57c012

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4615a1c70b54e49e7604a2e6dbe38edb
SHA1 af61e883a057c3b1c57441722118dfd71d29b41e
SHA256 1c8d5da0a7936886e16118794cf258f91a551bd50bd69497e182683108d3fc83
SHA512 185a122cfa7d4d17f550c251cffa5377596516bda7e30b69ac17ebdfe293201af09c63d91f3901e0bacfed38dd49399998165ca7dd202508d71c580db355d831

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 40c201aab400feb2a32d0686108ea4ff
SHA1 77ea332701a627d23cda0899aeec1fea052a7fe5
SHA256 0389b58fc62d686381347131a0b7bd78e367bb31914e985e4e861664eb528b90
SHA512 d0bde7a749d4c86f1dc591c2e5564e65e372f59fed3a0def6301e79d0326564d6e7408ac0e8c94dba20bb323cebec8105f4169c46359cbfcb1bb0a64e0e757f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 99f91cbe700cb36357e51a2450eda313
SHA1 c62d7cd32f06f08c4181f4a6a980e6511065df64
SHA256 e3f15cc88bb5eedf3434f1ebb96bdcac94719c99488fac0cad96f7afdaa5d460
SHA512 8f47aaa5b58e4e92e390c11bea7ac89ffef08d4ddcce7e58c0b5d448bd2b699f0ecadc503d754871f2eec56963601cfd7fdfdd59cb1cdc4e51baf86f868a0de9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0168423721455b97a54a5ae9c6444015
SHA1 7a90948b2764bc12583f6b1925f835152c820216
SHA256 e67579e02d4c272be2183d359622701291b6d1e2ae9422e12ee70f799656142c
SHA512 f9634fb1eeeb477e74f41bad2e5dd368746252d002318b00274b8b58ee4288f1077295f734f4ddda56d904e65cd0de0d17f4d7de3be8056f8c44e458341063a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 edb1154215dca58a9ba3ca646d5b077d
SHA1 c862d8d90a856d3bab77258755ddf449647d9423
SHA256 8b83381ad0e5e63ae48d19e9687da53da9c1cef3990a86bf163937a381320d06
SHA512 8df6656f73c6655a30bc9b194c6e72c26e0a0dbc3674b48f2dea8142b40248fcadb6759f0f03aa3373c810c705cf08f781a21ba5fb2a696d5be499657feea429

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bf420be1-50c5-4925-b85f-f6df82c13ff8.tmp

MD5 a123aa97f4736a7e8c86e4ff302e2a43
SHA1 d6e1874f3b83baa816a858bf90d1b3329f0e98a2
SHA256 8a989326c721413b89ffa227b4b59a7fcb7eff7b30510061428eabcdd15ee1ed
SHA512 e241157bacbe21c32f43a81f1b5ce3eddd14f870772da8f686f8ebe366e4c633d585d97bdbc40b29cfca072c8b65bfcd5ae0def2aca76b29d34536dfac935b40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 19b8c7100c161b65398fe065dc5a7c73
SHA1 1883f6e8c0809ec9adefcd6ff2e23963011b5cc2
SHA256 6f08aa2f4813c738addc7694b045c7656f2d057cec1dc97814fae2b617501043
SHA512 ede7cea87f516982bc7e3206df05be8cd8a3f799ba4e4cb910c8ff0227dd859e90e68fa79a2fdb99dd85d0f60c4d42269bb14e9e199c82aadd54b9766597760d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7654d14284ca5fc6ff026de9103e6f7c
SHA1 78e8c04494c7fb38509c6b68b4bc7abe42c1b587
SHA256 bdcf2b597b922e613c3ea56eb4a88b87647b7c866cb0661a8efcd5dd08abc004
SHA512 0ba166f751a811b0f614acfdb79af82db5609d77411af1179fb05a5aa2012f88fd63cbd1126a45371107f6a459c312cf73b57ad41aca7e8d4b98bdb17366c7c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ea67222b4b434b891bf82657cc3ee9c6
SHA1 044b9e178e66186e0b18bf41e7094fe1452aeb8c
SHA256 815ec8a290694e483f4249c3d13213313c14f38ad51d2f5388d2b0c161f0b88e
SHA512 c5f38a4a905ac6192241df1c4a94b43a26c077b1d87c44c6a78b91d09f78ba8dc48e625df8b642af8ed215590bd3e54cb2061dd15f0d564208ec3bb111ec2fd6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7a004a01d398177c219dc381111ed25e
SHA1 9d8b85fce4b61c9c703889ebbeb0f5a9961e4058
SHA256 a269f4edafdcd80902ee0dda76bcfc5ef0b996f57e964eb64e1e2550622f11c7
SHA512 919ce1aa279a92470ab359cad266f13e59009f352ca6f62f17b2bc3a4fb77dce2a03818e4f10da0427a6a4ce233f0e1c87dc6283223d7e064b793a03f4d85931

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ed83b50dca5facaf5f6b699baac8a512
SHA1 f172e85904b877fb49c63550d4a9eadc22b5355a
SHA256 a16c8f1024e8442f485c578f52d853c070ce8299b0b366db514306550a1cf6fc
SHA512 139c81f9a00f886c6f2b7f6ed880b18b2394391c272af91aecbc08eadbdd222443de3d374f880c54c4725f5f4a46d8b12133340e3078385abca374ed3d55d5d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c735d4039825c80b_0

MD5 d85ab9d13b594b9a403c1bdc50b1cf8d
SHA1 e614b80bf9103c4935bfaa0f1b3d9e8dc9c06d92
SHA256 210ad73728bb8e499fe136cea9b4f9f5204cc8bf813cdf412437eb9c7837ce4c
SHA512 cc0f99d2a096415d4f0e7b0da4f0bc23eca251fb5747d99cfe9ad3366473ab2571aa2ebba975c85fc2d4a849cb4a427a4515503bbede6d305245fd84b9be11cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\07b8e8f5e5ff414c_0

MD5 6edff4ed902817c4830610076c1f0f85
SHA1 93b61c09ffd8b6d2c9668c49d146ef52e3cbce9a
SHA256 4cc65a247e2d45c3ad3b1d00b392d7623a764af9a49518a9e220908d3a9675fe
SHA512 0aa98d227efe8668b133ad98c218c7822cdd14faa2ce0b3f1772a49fe4ae742ce7db2bad84db12bba7278ae3d6202bc0863f866ad4515f81dda8d3c7f5826b56

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 31b3c84c63a86be569f45ed9c083ce4c
SHA1 c20ee82741b191fbae6931844a9d648b665e81af
SHA256 96b102a84cb182ae284403270263b95e76af5bba6e6e1dafcdedaa0ec879adf8
SHA512 b43d52a7a90dcba1b58358c2d5c499618421223eb0a02bb5616437e3471fbbe8435333968cc8265b78af0e558120e81d3ff15b2e6e6d8d34c8acd9a79d85ab77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f863fb18ca5fd5c3f7e463201f4998e0
SHA1 0c061eb680fe0becd05cd2fdc00179e4caf5dea3
SHA256 78150273aead88baee6800c55dfa1c2c51a16a24cb0234bd4d7b3e4c0e709d3a
SHA512 8c253b2ac08e3672df192d12692134c22e5eab9f2f16488a53ce71143d9061a763cf7d7f84586ace7adacb074c21cd7a09039a1ca1bbe203a1a06e4b6529d3af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 497fb6ccff4a3ea992914d543b72d079
SHA1 e962f455676a1dcdc547e193cf61e865dd716b5a
SHA256 444e995233b118ff1560ec7f293be9a48d317beaa18f7c01c206bb28153e1fd8
SHA512 b42e194dfeb8dd020acd067140a5e2b104e2739418777be90d288bfb6a2f4e56b24d92576d9f45d0a0ad18641363e9083c9c0bfd20b69cb7e5f5b286bd1e97f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e3a11237df5d60cb82a360c4651ad51f
SHA1 5bfbba69f787991553d1ba1bdef3365763a17e9d
SHA256 e5b843ae673703078b37737e4cae09f75c6b30ac560ba2349b06ada18410c759
SHA512 9dd9e04917925d46dbf9dbd89065c37a842836bb2d4cb0b0d31a7a1a4451ba0f2d3f4473116d2505d76568a98f2a7eb0b74020d25dd1d1576041942c99a4c5ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 abe16bb1c393c87b95b47d82980d49c2
SHA1 56507619ac470d4e8b6a3788ffce9313a5552a45
SHA256 980bc0337f27b20b217f5418e33f67b3d201108b2ed4aa3e5ab1e4db2a19092e
SHA512 01550b67b233ab4feee15fb108c9fccfd3d006b59615c6836738820efaedc1b65cded370fd2e36116982904f0d7e7a5218315481dc7ac1b0fe079478d197ce59

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c1115cb82125317df44645d578b99301
SHA1 5f9b545a20a1cf6a8fefb45093fbae1fcb6b1a70
SHA256 1f628bdae9071284062c8d8aaab901ace34da18a8464bc61541cdf199b59ecae
SHA512 86bc5735baa6321dbc3b310cc96526ac4418099fbfdafbd9b0e5423f15cd3390077a2b186311e55d019f2f04f64a6198de84580109c5e0f4f7d153462c8ddaf4

C:\Windows\Logs\DISM\dism.log

MD5 d661c93dd85314f6eaca02e374573e1f
SHA1 b8309d0d6cbc47f27af1a70062ef7d744fe0d8e9
SHA256 19727456bc0ac613e35e2be08ffd553f1f73bec931c42ffbd0a09f3f7bb8a3c1
SHA512 5899cb85b8847976c516d003d9291c13977e1fd3b864009896284fd1ce21b9e9e0c7d7ea5d225b9b590631cc6cd4b8ee066d27ae16b98707d59b993bced0336c

memory/7228-21183-0x0000000002EA0000-0x0000000002ED6000-memory.dmp

memory/7228-21184-0x0000000005990000-0x0000000005FBA000-memory.dmp

memory/7228-21185-0x0000000005830000-0x0000000005852000-memory.dmp

memory/7228-21187-0x00000000061A0000-0x0000000006206000-memory.dmp

memory/7228-21186-0x0000000006130000-0x0000000006196000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_voeyzcts.qiw.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/7228-21196-0x0000000006210000-0x0000000006567000-memory.dmp

memory/7228-21199-0x00000000066F0000-0x000000000673C000-memory.dmp

memory/7228-21198-0x00000000066B0000-0x00000000066CE000-memory.dmp

memory/7228-21200-0x0000000006C90000-0x0000000006CC4000-memory.dmp

memory/7228-21210-0x0000000007880000-0x000000000789E000-memory.dmp

memory/7228-21201-0x000000006DC60000-0x000000006DCAC000-memory.dmp

memory/7228-21211-0x00000000078B0000-0x0000000007954000-memory.dmp

memory/7228-21212-0x0000000008050000-0x00000000086CA000-memory.dmp

memory/7228-21213-0x0000000007A00000-0x0000000007A1A000-memory.dmp

memory/7228-21214-0x0000000007A80000-0x0000000007A8A000-memory.dmp

memory/7228-21215-0x0000000007C90000-0x0000000007D26000-memory.dmp

memory/7228-21216-0x0000000007C10000-0x0000000007C21000-memory.dmp

memory/7228-21217-0x0000000007C50000-0x0000000007C5E000-memory.dmp

memory/7228-21218-0x0000000007D30000-0x0000000007D4A000-memory.dmp

memory/7156-21221-0x0000000006220000-0x0000000006577000-memory.dmp

memory/7156-21230-0x000000006DC60000-0x000000006DCAC000-memory.dmp

memory/5716-21252-0x000000006DC60000-0x000000006DCAC000-memory.dmp

F:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll

MD5 66df6f7b7a98ff750aade522c22d239a
SHA1 f69464fe18ed03de597bb46482ae899f43c94617
SHA256 91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f
SHA512 48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e

F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll

MD5 4ba25d2cbe1587a841dcfb8c8c4a6ea6
SHA1 52693d4b5e0b55a929099b680348c3932f2c3c62
SHA256 b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49
SHA512 82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

F:\LDPlayer\ldmutiplayer\fonts\Roboto-Regular.otf

MD5 4acd5f0e312730f1d8b8805f3699c184
SHA1 67c957e102bf2b2a86c5708257bc32f91c006739
SHA256 72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5
SHA512 9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

F:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll

MD5 0054560df6c69d2067689433172088ef
SHA1 a30042b77ebd7c704be0e986349030bcdb82857d
SHA256 72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750
SHA512 418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0

F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr120.dll

MD5 50097ec217ce0ebb9b4caa09cd2cd73a
SHA1 8cd3018c4170072464fbcd7cba563df1fc2b884c
SHA256 2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112
SHA512 ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp120.dll

MD5 50260b0f19aaa7e37c4082fecef8ff41
SHA1 ce672489b29baa7119881497ed5044b21ad8fe30
SHA256 891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9
SHA512 6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

F:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll

MD5 3e29914113ec4b968ba5eb1f6d194a0a
SHA1 557b67e372e85eb39989cb53cffd3ef1adabb9fe
SHA256 c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a
SHA512 75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

F:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll

MD5 e8fd6da54f056363b284608c3f6a832e
SHA1 32e88b82fd398568517ab03b33e9765b59c4946d
SHA256 b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd
SHA512 4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b

F:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll

MD5 52c43baddd43be63fbfb398722f3b01d
SHA1 be1b1064fdda4dde4b72ef523b8e02c050ccd820
SHA256 8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f
SHA512 04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28

F:\LDPlayer\LDPlayer9\ldmutiplayer\libeay32.dll

MD5 ba46e6e1c5861617b4d97de00149b905
SHA1 4affc8aab49c7dc3ceeca81391c4f737d7672b32
SHA256 2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e
SHA512 bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6

F:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll

MD5 2d40f6c6a4f88c8c2685ee25b53ec00d
SHA1 faf96bac1e7665aa07029d8f94e1ac84014a863b
SHA256 1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334
SHA512 4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779

F:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll

MD5 01c4246df55a5fff93d086bb56110d2b
SHA1 e2939375c4dd7b478913328b88eaa3c91913cfdc
SHA256 c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889
SHA512 39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196

F:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe

MD5 ad9d7cbdb4b19fb65960d69126e3ff68
SHA1 dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d
SHA256 a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326
SHA512 f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3c7e686fb9e367c892b0e02ced29d6fd
SHA1 139948e72afad1ff5a7299ebf2ba60274f764b05
SHA256 c27549213e492f98fc210b66fb81c8309f0e76ba6678b74703f3086f55e3ff46
SHA512 f64bded8cd2e009d90aaf5a22d546309079e20736e3e0dad4e5a4c61633d891071831c5cd7d514a8b06be0f5ef6702ecfe042f69836b2c955b0c018df05e2627

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\eff3e36bf41f146c_0

MD5 cb82ceeeb80b05b91e5122fb8caf3c7c
SHA1 df238ee8851812d40c1849294054ca7e442ddac1
SHA256 95b3c2dfcffedb0d60129a6be48768eff50eb1595f725b84828cc178894f55c0
SHA512 4b49b97db35bd0714876fcc793b9dce73c6124d38964e90cb7e5c33b626962848863ff1c3a3c3e290c0d569afb6b3fe6a6bda35f7cb8b77e8de9c37a77a84259

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\afae69b7335bcc0b_0

MD5 708c3abc8925ad2aef01950b991f221f
SHA1 55507dd39bc71ed017431ef9c3e6d321972525f2
SHA256 01a4f2f61164e1800303e842caf1f07e27e1e47588dc8ec76e584594c768ec7f
SHA512 0e52f00d7fa7a75f2ced743357d73ee5075b249b2fdd10c2cfcec71e6c4822116fa028b01a21329cb1a2e3438bde767c70a253b7aa9bd59c2c2d62537d308af7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6a4515880fef6869_0

MD5 d45c1e74cae7fd3f34a0f7151f857557
SHA1 b9f4b25d0483d35c2d11aad188c5e759017cab8e
SHA256 a90afc092c82285c94f6da49d90e8ccecaffb2d09b32d1b84c6411cb24e8b369
SHA512 a19b72bb0d297b76b91aed3591af3f7e4bfa602394e8b94c2785fc7eac153fab4e3645c50d258a25e1dbf5996200f6c42ecea4d99c634ad8a7df70da294b2ff3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2bfde39962961371_0

MD5 e8554de6d8f5b8575c797be8f80757e7
SHA1 30b5a04233169fb2445eb1b5291bbcd161a796d3
SHA256 10332ef462f3bc9820d1db0b7c32ab50d640f860a27c53250a044d765a53922a
SHA512 8baf11b8faa18bb1419f1c59df276c2003bc33e14ca6d08667900bc972cbe4c4b4527a919061ffff81f8984d237a8e36f3b219c63eba145a186ed9f4a519e968

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7301576d8be84cba_0

MD5 b24bb5d067361654fef0ba6ca696d71f
SHA1 1889c3c3267338bbdd651f5e085933ce6d424eda
SHA256 c9b139e451cf5c8c75ccb66e56cb80e9eeb6148524b10aecc1db8bd2dfb80dab
SHA512 467027442edc40c78ae3417ba52dec92a135d91192ecb2ef9ba2e12de23ca90b427f6daf774b76d3655a41c87fc631d284052a7e4fbe1e58d8bf6f842499e5f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 36c21b9746fa7075ce494f1010cc7daf
SHA1 8b8b2b1313350373bec19950d7e5c9d542e45c42
SHA256 8c519c0c04e4cadf4a6c9bec59b61dacd3583b50d16908c1e9b7c11253169f14
SHA512 081b30c98d3002fc1c53f60292f1ad8b21b55da7e9088c3abf660ed7592009bd2eef7fe7ad9644dd3411c157022a54ebcf8d67b9363f23504b7b5eea39beef41

F:\LDPlayer\LDPlayer9\dnplayer.exe

MD5 6fe5ee1daf303963482ffc414b1f4aed
SHA1 076ebaeeb02853d96e20085fbedaf7e61f3a60d3
SHA256 2685e5c1aa3cdead02024f21abadb413c6dc130946f7b44ca01b0cea64bdd2ae
SHA512 8bc6758c95a53ebcd6b6fd27bdd3165f91bcd8f370d677afb7d599865b57ecad274eb21502235eeb64ad2624046cafa9f14576221b1503e333815df5a6dfe134

F:\LDPlayer\LDPlayer9\dnmultiplayer.exe

MD5 77138e2662cdeffd61cf6210ae3fb8ca
SHA1 a085b99630efc74cedd0be9a0eeb57eff7b3850f
SHA256 68c83685da55573ae966db3113ee513dd76ba489024373968e527bd44d814724
SHA512 a4621910aa3ae4b5dfa558e69d0270717341467cf067d9397e2bbf118f789c87eef8750ecb25ffd9c60f51f35ceb40b211ce9a738116c4dfc06e543ac90d1bcc

C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll

MD5 b2e3ba2084f827f2e46a917983363f0b
SHA1 41fd27f8688b7a755abc0acc72a2a6a0e1045c78
SHA256 7daa3d35584a7e87c3e8e3afeb436d088209966471d6c766328087823f1f3e73
SHA512 4aea989bda6efc91836264f04f23fb3760764e3ef7809f618ad949c2e64b5a167fe5d054607535ec22fea4942d9ddc5ea7f70a1f529ee23633c1cd275d90e508

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 af5cea84359c02aea2df0b0f312c91ba
SHA1 88f54e5873f11d3c6b320b946a4b15a4232cbb71
SHA256 9d46864e6f5217aac1809296841339f82fa5ffc238df4a39d3c3f0597e1c1841
SHA512 4c8fcfe68715b021d7746604e8707aa79a971b01055072cae6b87c91c9f65467c09458c632e3205b3057f06f829ac44c32209704051c2d6ccb8e78144d142522

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ec71aae4acbbfd779f564a14d9470e19
SHA1 76f7745ab6024e40b2314ae6f886de3197d9d64c
SHA256 54180aa99d9d405360ce115e24cacb9315a6701b75cdeb593c08fc91e1bd535d
SHA512 fed0fa74b67d4c357778af69974aec7ef29f69c9e18456f89d03eeacf1b42163f3cdcf04d12c2b4caa9330f23015949947c218cc8e2076fda10fac73ad66e51f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e764191617ae3de34573f2e3d785ff4c
SHA1 d4fa6093112e38824cb8b5f50db4a64d9be3a340
SHA256 295ffa56cec58446a468cc2366df1645b43ecc626ae10ce42cac1cd30f5896f9
SHA512 548c24200c23ce7d8800fd51300f7baa9ab1de5d39f75f5731a6197b27f9312701408df8604a16425d1af0c0ab8aa33bd121c87497033d3f82c125e0bb11ddd3

F:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk

MD5 4d592fd525e977bf3d832cdb1482faa0
SHA1 131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef
SHA256 f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6
SHA512 afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c85fb4d4928a2f78cc6c53f5d2dc4d78
SHA1 066d839464284250e2756bf4183669bcc651df0e
SHA256 997acac2de7c5ef4794403e122935b1403ca69e11771a86b1d14dff3b92b4fc1
SHA512 88bcf01cec2bc7c65820037155300619e8344c2c967c10ee500a4b2fe1bfee11e229c942a962c785d6edb9391812c2e33338436cabfaaf1adaffd436ed0c8294

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 712cdb6db75bd84cfa00e26385d80525
SHA1 3c67cd90039ac98e0d7db6dd1b214b683073cd9f
SHA256 2b217b51e267df864f8448ff696cce0e030e333fa6b1f7e11c0b11501281de47
SHA512 47153252e9d386b20ff3d3626a40600f9c6af8163eb3c69fad7c96be9d4054fa1455344c06bb1239b6612f2592e99be0af923b2214460372eaebff2107f810b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

MD5 fb27a5afc7d344e6c83f807c6d8892dc
SHA1 4304f79089a599fa89e5ffec15a93d9ebf042285
SHA256 ef2f8bb51abc91e0640ee8d2d37b912feacb3c558b4da1b719020557408fa24c
SHA512 90b8e77c45cc92e44d4f1c43e9b2faa99e4834dd1c3cf28a118c5537580a17d1b10c87ce7b731a9c884866a1812fe59196bbd2eaed60b7edcfb59ce7853628fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fb02dd92ecfdf15ded6397a3dc1292f1
SHA1 78984437e48fe0cd736bdcacd3326405a572f509
SHA256 a696706d041ee78e7aa3a274cba34a8f31f938bb34eba2abb5949be26757fc6b
SHA512 533e994fb8098635272f46cb4d0e03fe181e26c3d347f6281b588ab23a66b27907778f5a2b907d8b88d112753cbe52c72799d7904a3c47e35b4b83dcd6afb821

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a58c6f3410c346834506fa0185600fcc
SHA1 16518c2ad30c7c6f6e0c56961a0d8fd135c209dd
SHA256 9a7d60e3dc41c642bc5f75cce1b9dcf6ae318fbf379d693fddd6b4d48925dcc1
SHA512 1f84599f7d3a03b995e868ff32bb3b3c26a856250716293e36e33d286eb5160934a068cfcf80e639eca651a4fa81931e92234653847886e8ebc22939e1e5a696

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 814052742c49fc77f8a0333ad2ece3bf
SHA1 43b7e01ab1aefe59d237797e7ae8943fb9f0f3e6
SHA256 0e9f49bf67b4d07c80d9b3b185aa75f6e840c6a94ae842cff3526e0d6d482cbd
SHA512 4b2106e617aebbddc9a00c1c49328a0735e31e650d61b10453153c8668befb2124cf430b5c1c19693c072de2426850eaeae2f30de4fb0aa6b87c0cd1f8313667

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000074

MD5 6fb26b39d8dcf2f09ef8aebb8a5ffe23
SHA1 578cac24c947a6d24bc05a6aa305756dd70e9ac3
SHA256 774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059
SHA512 c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9e217e14b50dd9c2eeed6861047847dc
SHA1 53b78a59fc602b5dccf047e31a5e7fc61211f60e
SHA256 6b850f780bc222b17a73b866d15b8725b11611f4ea5aba7b7d6e04502a634e81
SHA512 d0e6433319e000b683df92e7d8015b26bfd5e68af4e82a56247cc61fcd1333ed3f4ea3e066bc9d3e884f8386222ddb52e6e88b51706bf830bf1ca9e12387a918

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

MD5 bc9e1a55eafea0af0cb26160d8a4898f
SHA1 e316874915f08e01bcda4efc9d49f3f393dca4a2
SHA256 ee50e01fc45da96f4e20f9f3d55eb679edff4d02fecdbe8b9a8473d03603d819
SHA512 0c40890b3a58705c8aacac5a14aa08cae628dabe51f2abd371b5919b16416dd67e2e677ba6004c6e207302844de94ddfe9649dab9800123fe3b2617a4120405a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068

MD5 c55dbb2a5e2048f8ac7b88cafbe13ab6
SHA1 6629572a0fd059184b4e5c57687fa414fa7283d3
SHA256 a82abfaf7dd683f673153324de1295a2a952e5b40fbbc581b5fc39603883f5cb
SHA512 61336d53f5f14636ad0552e92bafec6ab262faea08d28143dbe6f631bd6be86ed1b6b2dd5a2127cde53a1405ee4bc8384c3327521571917dc22c7fd553f108aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

MD5 89a574ff00e6b0ec61d995d059ce6e65
SHA1 aea09e96808ab77165ffa712eaa58b8f056d0bb6
SHA256 e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44
SHA512 30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

MD5 7820201f0db0c706a0ea5bb7ce018ef2
SHA1 6d116650afbb3b25bfd6226c7d5ee00dd1fe4515
SHA256 04f262a5cce0399379de17e5635f1e1acaf4371afe981edaaf792625a682c44a
SHA512 bfecb88d8852c413525e1e1bdb3eb69c97a10e4ff67ae3ca5eb97fff5a2ee369a1b80a0d314440a375d0f9e950e0e970a6de6afed09062d8523ca28ac878946f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062

MD5 cfa2ab4f9278c82c01d2320d480258fe
SHA1 ba1468b2006b74fe48be560d3e87f181e8d8ba77
SHA256 d64d90cc9fa9be071a5e067a068d8afda2819b6e9926560dd0f8c2aaabeca22e
SHA512 4016e27b20442a84ea9550501eded854f84c632eeced46b594bcd4fc388de8e6a3fbfe3c1c4dbd05f870a2379034893bfd6fd73ac39ef4a85cbf280ab8d44979

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000064

MD5 8a42ba5472aa4afa3d3ac12f31d47408
SHA1 2add574424ac47c1e83b0b7fae5d040c46ac38a7
SHA256 759bfec59bce5ddea7751b7f93408074a8c27cb2c387b08b6b9f4aa111266ec4
SHA512 3e1081a6e1c29f6dae28ab997c551a6d107d4f4b7e0981a19ba81a30a4e420dee1791321dca8f4b500c9e7e4a41c5e5c75013a72e5a5cde3f7e6c50393eb10b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d7033535a91b386f7e19621bc3b4aaaa
SHA1 39f95e68505a27f9b1cc9e7813ee3c778eefed95
SHA256 c32559d12ab41fdc6dc86a49acc997f419891c01a9825d33d7f3e9b7aa0626ed
SHA512 358bc5ad5c9141413d69cd443e9a313931870aeffc2a5465404bed68d4882a15bb52d57e7abe27d7bf79cacf9f2d2bf8a90f135c543bd4f0a4614b3ed9b4b5dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000079

MD5 1aca735014a6bb648f468ee476680d5b
SHA1 6d28e3ae6e42784769199948211e3aa0806fa62c
SHA256 e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a
SHA512 808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c9a85d1c88806aa5e9b59e025ed31750
SHA1 e09eba05ab31a89a976dd9171931db3b405da3e3
SHA256 b115bd9614164f3e7e0dbe855d5cc4d364640340bc39f189091ce966978ac6c2
SHA512 8e76aa27138434bb155ce376824784451a572953d00b15dfb77c86c074a7b17b9c460aca7f5f7dd06d84bd468e0de3a32bdc443bcb9008a0cad0d08cb54ca08d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000076

MD5 2335c53afb1602527663457cc9c69410
SHA1 8f5fc5d6c267d93a855106d908eb3e29c6b77d11
SHA256 9eace0b1569f237f159f7f0a949ba8c435b994331aea1f5c7f73c88d2383da89
SHA512 fb5c29cc151f75126a610aa2b81f05f0cc74ae3a115846ae3e0ea2ce5d233b48c3807868ea9043945de64107af790931fd44938ba28e8ceb90c0d549b0834984

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b4bfa1aa6be06b587a8319693738a53a
SHA1 316eab7aeaf919dffb86c39917c77a765425f018
SHA256 fc5ff1c7f07b4c4affe2d1c4ed92438d6eca1ee23f3ee577cfc69db04165aa32
SHA512 aec16e098ec89efde2761cb1af41d95b3fc41db8701f8a1fb9788e8f879d7762edaf3d830cf836ac1bfd7df3f798a761c01f3a4c299813d6d41b2baa79b81d6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 763b0f98d642270f66f4b5be4fc5f5d3
SHA1 00350de6c7c556ff40121b1c350dc61e7c25ba27
SHA256 26ee4b4d030dcb2ccde82c89d98290162b414f194ff019f9d53214fe60db6ae9
SHA512 3e653431d38fa770cc086cee2bce344a8fccef40361764bec847864fd421a5dea850b3b6d1f38e12c66ba6bad7098363eb555ff8f77414ed4a92b007dc2a0d35

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b953dbf4921c7eb1_0

MD5 0abbfe5b3e18e5cebc07c5d9b09cc3de
SHA1 5ce2ee175ba63afbf5e21ffdad6b239abd1c6141
SHA256 d13a4777ad9d5716aaab838f2fed9385f0d89edd13db61bb88178cd0e68bb249
SHA512 ea51e8ec56c9ec8ebcb7825e86a158e33a8bd6801d9c0f33e1292e65cf2e514ee00b6575c1ce53bef2796a625add8e17f138c0f84a55168b7238dc298509a24e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

MD5 87f4a2066a7ba3bb60789dc61c0970cd
SHA1 687efe2ef33a0fba0d8a0d3380c58104136a7836
SHA256 15a310395e304995da5a905a89f021d4a62163d92c6c3fa6e379f7913262bc62
SHA512 0ad5ef6c631cb15031e6e7d9725cf4c076842dbb5dae2e094218f98957e39210402f79d2b8691525fbb109c500a69fd34112c7c32c3a4a14431d0ea09b509156

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

MD5 807b95eaddd7ff6564f547187c5eafe2
SHA1 ccad1dfd43f2eac70ecbd8ecac540bfad52182ae
SHA256 9aa19d3388c083b7b5ab0bed96d9c9cdf8dd6a19177fdfd729791a0ded19841f
SHA512 544d7cee1eabba363b28909a86e9b4f81ad57e510af86baed6d9acc7ff11e4ddebb900481107b5381c73ea2dc80e3d05a20df1c115bfa059b9d2808de2e034ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ce160fc6afecf0279a7181ab9626972a
SHA1 eaf35bc61d577d893f53d1a9f6917ced8ef34c27
SHA256 aaf431214efca3f98b0df4db28392ccdfbbc24c249b99cf898d4c14a8a4bc849
SHA512 6b54907aca2599fb597678fdfbf8aa7984b2b79bb26dda9ef3d9e9e2f6b83ba9083a097230b4660fca65b085b10b8f523176e2d8ded7d1ebeac236611d137de0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ae65351aed47cf07072d7377fbb522ae
SHA1 bfa86b50e31a89f9a0a91eec858ac15f30910ed9
SHA256 f394915fe779250bd79e9a6fb47d23f9e96c70443cfac86deff75ecc61dbdd5d
SHA512 8da9975f1524c910f752273084f00509df15a192ab3919038c6418077da7b688f423025c3545b30796078099857b725de446366b1061c3141bfab780e870c031

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007e

MD5 40695d01e0b35f2bc7ecbd9595f4360a
SHA1 0898b5a6016b4b442233869342d61144986e3804
SHA256 f899c78c1600beb6df038d9506cba2f8275e7621ca16ff53d74acfa99f6e46bd
SHA512 82d4cbf149626025df25d952a35c17727f46fc18076928f5b4721710f19b2cdc09a111a7f9464e3cb7d1c37e0286abdbf3eac26c1e3de5b803f196385fbd3344

C:\Users\Admin\Downloads\leomoon-dot-com_leomoon-cpu-v_win.zip:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3722d92a3d3a7747c220deb86b232d46
SHA1 44cfbd5317cc83ed32953f9afc012522a7d51cd9
SHA256 fc653c564a014179177a54a229f376831858227ed363f08b3c7b5d790c6de5fa
SHA512 289b2edb41bf04c01f9f0065075b51fb4890a659265d724782bba76e4a9ffa9cb01082cb08515eca4673b67c355a94502b57b7003425375a4361532f42a766b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6c18d5bf4b5a7d14c034750b47b6deea
SHA1 297fd61fbb350887ad3763a21f46e74bdd48b47b
SHA256 76f457d9472c607ee9e94869a0567c3a443e743c7a453bb331ecc522e2970c75
SHA512 aafcccc343aa4b7401d202ec0bdede7a4a16c2113892bfa10cf0ef7f1cd3fbbd130df1a8819a84b54e46449c7099b643bb3a082dda5f3ed606f83007478d3bbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9fbcafe45596e52bdfb1a9f8bc9fbdbf
SHA1 87442dde4b60f9cccaa70f66f9af1cf95e37caa0
SHA256 6b53c1d7a785e131f928fd4e5de1f793d210ffed3eb175da2b5f6422604ce3bd
SHA512 b978971aff4affaca96740086c7075838e53ab351dc5f5a9e1c781d4201532e17a7ff12d135b1437c188a5ef2cbb11f9dab93b66f95ebf8f55698d6c97359776

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b6dad1d591f6e430253a1f0aa149e5c7
SHA1 9b764b2c711dcae65c14d3fba72c6942733fbedf
SHA256 76f9df47ffed6627739a977cedf0825f88edf36379cabaa80d52edde80614100
SHA512 3c6852538817dba293221339a4574c4ff25879dc6ae117f7bf3bb8f71be0a1147f7044bc8e29e1e02404db40f75524cfed6bdc246a77ec8e0f1f0430575096d1

C:\Users\Admin\AppData\Local\Temp\CPU-V.ini

MD5 71aeb97dda8b98fb3dd0eccde3610b73
SHA1 48dbad3303ffc7814a8e1c5962f3058f0b298257
SHA256 ba2267e8aa29108d63fd826e1fd3481bf905b4f1ec6f5de87ecce49378f8dc5b
SHA512 317ff8c725a72ed8d9f065b8e78c62193bae3a66d4ac8f7e163f04fb5b26ce98b6343639dd5d91481a9f44fdc49ea350baf7947858425b250c18a4d00c59b3fe

C:\Users\Admin\AppData\Local\Temp\CPU-V.dll

MD5 c324caacf1859269a6d0e7465644891d
SHA1 3b962eeebdcad3f99d1d74d417186b9e24417d84
SHA256 62cce2c15b1b06e3f7cc89c6707b437b010163d93ece7d40c349103d097987fb
SHA512 51a631092201de03e144e9a7112ae0af095379c9139fc309a043f8b71e593453230ba75d2089be82c59e5a62d353b0dc2294d850d42645d398e9e6ac08c238d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2947284b5259569852dadbf51bcc25af
SHA1 66a079030759645112fe48e02c78e63e79f07f2b
SHA256 a89480098e1a9e98a921de361db6e1fe53265105e10d78882528511edbd57039
SHA512 969c11e76c1f53efdb15bbf2acea3e72875b18f70b741b7347ff0546ead64ea6b0c97356c0bb8ead9423cef36fb3b2d3ff13db67c3840a072b99e84d8b5e8566

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 61e778d395b0cbffe17906d20a9457f7
SHA1 189d6e63be55e55ad319b9f86814e7e9c22b527b
SHA256 068d7f3f295f74c72aeaaf024436d41f03d5053053d59bd725b7933a2ca4f6da
SHA512 2aa486e0f2f341ad4a73bb0eba0176a2e8371187aeb08f5723a1a9e457cca1d176681bc456ee176a0d9661646b8700662f72c210e8de8007ad6ece530b2cab80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d9b5f26b80a590d836728a626ae96d7d
SHA1 9f5832f338d6ece508c06257ac6b4df6bbc24b40
SHA256 58738911b0dc04186e3f5e99b43c1620a2971c73639e516a8ec6689846dfaed9
SHA512 15c4ddebec61b3a09011777fff8efe3f602d7cdbcad311b0416c042017374fd7d0ba9ced3558a8ea7d01ce152fdc0ef4775d36be1b06ec5619aa9ea365773f8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1ded77eb1dd46f757c0e0ac186cafd10
SHA1 7fee3f318fc900a27966be2ab31190dc8a7c063b
SHA256 1de42b118cd468a89be1743005093ea82b6893aa3f849dfab4559255e64ed98b
SHA512 160b474622a53f343a63ed6b77195ff018f5cb1f27db95dfb3d3ca124d7b24b02162daf7a9859c3bd8e3c3551b3723f1537f6cd74eb53d651549f8dd8b44567f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 db86956cfa65887dfaf13e0cf6902b8c
SHA1 535ea89f29c8322a5f4449dd52684a9ad7b8ca9c
SHA256 6d102d2bcd8cdd187be8f002d9c52272ebd74148216701ce90c03f7281c75dc6
SHA512 078dc2fae1441c8a452e2e02a0fb2cfa9b91af0576caee3877385bf114304dc503fcdfa1474ed86245f29ac92bfa6ead3df34892eaf8e8feaeff9ecf470d95a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fcdb801bb2e90d6911bc360855266138
SHA1 76452399ea1898b71bfb06c4ca13bd72a9a99b6f
SHA256 a9aff3a200dedd2e33cfd9a0257a695c7b085397bf6527ce04a16d2856e279e9
SHA512 e36ad3991a82390b45c3c61c8f36b8fe45b73e5d4091a2a18c09e640130d88294af7569428f562b5366aaa681b05d7b437adffcd5055ac8d66cb665436ad1389

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3dacd7778093583e9c1e958c226005f4
SHA1 72ec390d5b4c732615cfeb9225da396656af0bd3
SHA256 c1b74d7df90d227255f6ce6a2fbba004a932c62903eb070a5e1f44dc1a161861
SHA512 f0531f94f6da7429f62f55cc21d685ce4df50877b25079ec1a1832304b6110c23758cd24cb81ad4e13890f8c0deca1c372b0e72e119ff82dd01f181f17cfc0b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1525eca2b18959c646a62d3c5bada55a
SHA1 83f7ed11b80d80a3d5f46205f11fce37883cd81e
SHA256 0f96bf631f5693fa177ef65cae7cb2080136a9cc13338a72b2179e08c396b6ed
SHA512 2709cb73039b0968e3282e998181ca876295a07a759bdbcbacbfffb6a3503bbded97e038fb664fb4f3d3e1c6a711272af5c5128b70555ae84206c26e8cdcf845

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 68a072e8ac94e02aacf4f7f5f5ecd181
SHA1 02a0cd3764513224a6af99743a14f377afdb4209
SHA256 f2947ae034cf70d9de32d156deb944e9714e956d318ea1dff823e55c9329e953
SHA512 a79008577a0bc4350bca321f6750fd40a79c529e9baa830893625b5bd1b222af0f9b5ce2c66fb43a19899830aba3ee74d31324033fabebbcd2bcdf7d6d335e8a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 224e871dc8a26ab2a3bb46e938428182
SHA1 9b78a43877cf040b45d641c95a87701140b29349
SHA256 6edb1587839895ecc7459406d9fb7666ff2a97e0cb7bdf868f1b4533eb583ffc
SHA512 779708c5906546c86fb1601069c3de386e8e2541bd9bb07219bb83aa762f9e04363175c30c7da8bd52917da8449fc70f85046446f5b48eb31947e68c97073212

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ee87b3867c3c7570f008b9c90c3f9ad2
SHA1 d8ef53eaa97298373c5919729c0f1405a5b8c647
SHA256 3e1da42f79dad6027c22208c92ed44c3e5c41f69bde69bad706bcb2bc124e91d
SHA512 2f8123897ee4604af552c3767c0cc561df01552079ea43dd3d366282554ea03da02ebeacacbd712a10c7b6a6c39ba1b44531a23f462681a087cc6a1d5b25586c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 53425483e6f7d3ad667cee6ecbada711
SHA1 d5f624bcf8a056fd752383912a9f61c40969f23d
SHA256 2f9cade80ed0a6efb4109cf082b83509acbddefb86fe518d555a4752b1637c3a
SHA512 e9bad875882d683068d1cc95a23546e666e7cb6ce7d3e52f533c282ac0ee6f57a9d6b894c017b5d1273c54eb8e8caa155caadba2409fe4c24e2689c8ab106a74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 203cac603f4d311196534708602b86b6
SHA1 d8a9ad413e8c7fece99ab41f4f96b291f9eb01e2
SHA256 403b4c146091ad4901d06ac93f633de48892a3acb3efbde9e19825277aeaa4e8
SHA512 229768526e37c03824a84311f9c016d55b0e19012b097e9026fd2af9d7ad588a67c38318e44fcf9df84c5cc5061ed52c0e61ade5deb5d470bc663596b133d95a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b8aa9d25b235d9809abb658b88df9474
SHA1 453008f6520e5fd41561a9c839a622189eb8a598
SHA256 1e6ff7025f963f04652e641b4d1b14855894114ea0cbc93ab3aa6cf3dff91d3e
SHA512 00bcc4381b63d082d17b420bee9180e8fbfa5af6eb0900a01061d5bf97980d48ccbead75f935a7022c0c62838ca73b9b21d35bae6a9155a8842cb857f8dfdcae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 308ea8afeee254c284209a3b603f7536
SHA1 15ea43b475132478ba9fdabfb07c7135c596cedd
SHA256 5986d95d205effa02b3157c879a0f1253d05ec56a7d9189cc737e6e97bab6c3b
SHA512 4dba2bbb7a51aa9a6dd5b59d9e2b048d9e8b6d6b0a146c7d208fd815eb2fb5b89f52085272608a60e0cef7b9d8dd0fc24178ddeefd32e0c93b6d565928a24732

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\013888a1cda32b90_1

MD5 2346e161c39784b888b1be6361c83230
SHA1 c0f1e474e7220281f57742560b46f1ede3ebed3e
SHA256 d6a0cd801f3d67616d1d50cfe19ab3613b664f587aa4e04b3955c7edeeb8a942
SHA512 30c885cd2cce98a7a61bf7c7c3ad4c2298ae135430f0d10409be58f05e59863e803e409d469ec6a563cf18108298af24e4b475dce4c0d86b0febc2d94a69c049

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\297ecea5cebb5dfe_1

MD5 65d2477644248b5f1c7b687cd5f747be
SHA1 d222edc5d8b4a6aa76443215e6905b1668252d9b
SHA256 7f820187860d51bc723b962d09d54eeb4d3ecc339069ba3342769438f01aacb9
SHA512 ba830b06e018a32155c42625b483c025f1c58b377146a2956a0d5edf9b3ec9b62d2077ae23243e07522d2e83bb54db454f709b9a5bc04a4220ab65d43e8ae744

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a25baeb767e0a5816eecf9192ffcc032
SHA1 8a17886c0c4936e09c10ee8875ec6d978f40db08
SHA256 95de90c4d03977bd0443f901754baa0507338e341672983aa23769bdc1ba1422
SHA512 91dbaa4a0b32d8dc6e387d9d22153a51eb88a226e2854390f4fc0c89699a505d0644c3ddfee0a4cdccfcfb5463deacf8a64a7255b196a55515f871ad5df8ba1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e6af4d356b8b49120ca78d04fdaae4c2
SHA1 3598355b79d1bd531c0e169bf400f698dc5dd6a2
SHA256 35b4f7979b94a46a9ff8899434cc34d609dee81a874cbb99a02d096c9fa1c077
SHA512 09ca9ac5df6a0b40aacc31f58a97f1acef1bf8c555570507b7ed5e490c2932154c260a9b4097274ca8940822d2291a6faf37cefa7e411413fe0933e97f93a1e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 84174944352604fd756a9c8ec573e807
SHA1 43f6377bab308b91d561a2ba64100f261431ff30
SHA256 3297183978bd1be2763586141dc13e6815f934725571c05cf4e2e52f1189ed0c
SHA512 596597076d16b7fbb87af4b79da3c087bd6899355c52a3c1b19f532278946f3be7efa975585829747aec76c2af8122b4fa4e58d7e656d638410034c0f3165dfd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 67dbbf3263b0864158307a65c3c85344
SHA1 8be9af753a3e4c9860bee4f26543a5ec529a7c98
SHA256 febef392ff24cce10276865a1e753a177b21bd37eb0571a2bf5492edf127d519
SHA512 c17bc1575415f1820c09a515466b182a50cca691de220d229f096747cb9ad25cf16b3bd83daeba5d31f6300c0bf90f1e3f98954bfb53a1d3a72c3ccd187ae6cc

C:\Users\Admin\AppData\Local\BlueStacks X\Log\log.txt

MD5 8f4fcd5b4897269522d5c8c6345eee65
SHA1 be8cd774e4c23223ac9ad469dee09d8781be0012
SHA256 6e87ff5807d812cc929fe7c155b525a598b62718ccc027e892ed2d7cc0d32be7
SHA512 e8264489b693135c7df08596ba4e28bc1420474198e64a0361a7dc29c98d2468001ce9484b81dd624e536e06ef46e5c1c53ef6393c9fbd2a146fc67040612240

C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_000010

MD5 6014e3fe89acd7f5591857120a061408
SHA1 266bf4b208c997969cd94ebcf644b92d7270d2e7
SHA256 a02c1c895841cf5651aaa2db0e6e8fd8d6d9e7ea57658a7b74d6ff283244f764
SHA512 b1aba3f15438f6f77b78ae82d40cfbefbf9b95f8f6b05b9ed558ae907886e360c8eabaae5a361e4886789a74337a2193490bdc11073d41231611b0c5e4fb2f86

C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_00000e

MD5 762d651b3659b78aaadd643672f395b4
SHA1 475f84a6cb0eda14d196ffae0b05ff224aa25ca1
SHA256 b15960fc83e52326bab2318e7d9966a7e2bb749f909a20ec8c79de9e67136588
SHA512 a3d62d4841571c5d0a89dc9ca17f3080be8a86e83aa059ba7e2c9e3dd57e7b65ea940f3713fb00f82207914a6a390d138c600a7c8f3cb7c3b1066dee297285df

C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_00000d

MD5 bbc4187abbb2f9a9ae9900c932a5765c
SHA1 89a3cb9f9c8a0c45405e63b3732c43ba9c144e22
SHA256 57e1bdb4cb31bd97a6766042daef89d87ff179f625d0dea038c96351b24b9949
SHA512 6860f1f7e776dd8368b5dc6c38485b390b5ceaec4a17c41a4661821f7287a21cd32a8d159c3f0f287c723b83adca5ff930c816d2402e66ddaf2fe52ed59f8e42

C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_00000f

MD5 f15a275b4ec3f10a615a1e12a02f541b
SHA1 bd17fb2b4a765e25f1dda8acfbb6c2e2d0b05b9a
SHA256 142b52d9f9b633a867d90f51a77fd04860105a6c074d8e29cd79c5f68215759f
SHA512 c48f5196da298a34aabfa9d30b2735e3d88edd6251f06d85e8e6cc1f120e80bfb401edeaf22f15f84a75da0b9238bffa56f44eb835bea9895f253274f05bee12

C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_000011

MD5 b869f8fbdc63577037f79ff2c7ca357c
SHA1 e3a83b8fcbb2bb30f0cb77b91912f1c0538852ab
SHA256 c4d579d2ac32e3a4aaa3fa1f1960c98753e25be27a7c2beb8646d57ef5cc3292
SHA512 d5c73403bbc2c79ebd7a4943e1ad2b7e12c2e8e6b321a571f05983688e94b0fe93dd6c066d2580b2b9002e32fc7cde17fbaf4e5bf005233c347821281f126ef2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f7306d1dea28d256993ea1c80a4ff8c5
SHA1 b92c3a5755374745c293d5f4e5069d8ade603bac
SHA256 69a9d2a70855a67ee4e23eb5ea0dce169cc51e37dbb2c08a00574ebc189a9e28
SHA512 6113514fb67540ec1256a1aafeee4353edb88920f4c9efcfc437d09142391f38ed9376eef7570d58ad780b9692e0d85bf6fcb43475c5a22245eb91730824e43f

C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json.tmp-3195920016b7c091

MD5 42f56e6204ded8d4948cc3abfc956135
SHA1 a827d7700ddc05acff02c49a315fc7f1aae73446
SHA256 e3e70a303e3f3d188cd35ab725ab3b8fce81f37fb53170f6bd6bf9875d40807f
SHA512 7b100264c995486b1b07886f83d3d7cb34d1c07a95cd8ea0d5b52511dda50e1de29ad185f7eac7f791aa37c09ca0f380eac0ee4571b48bf7cef9502b95ac5d59

C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json

MD5 cbfa06252fc5b58da4f5f033cf2b586f
SHA1 aaf607dde79352e782a28b9c6be5327b6bd44d0d
SHA256 0e15e48b25c1e8b1af3c466c303cde62e6e1c652c67a9f0f404f38fb221c5f7b
SHA512 94cbe8116e1d1482249677e9792a59144a304055f41e437ced68f148a008302115b49cb3282cbc4b04ea99776873012cc9c86c7d69175ac9bdb52732905bd84a

C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2892eee3e20e19a9ba77be6913508a54
SHA1 7c4ef82faa28393c739c517d706ac6919a8ffc49
SHA256 4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2
SHA512 b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 871fbed713fd84ebe093629ad5aec9a1
SHA1 75261a496dcb775d70e39688432ba2649f48c055
SHA256 ff0854ca0e0cf9c214dc0bf6b7945f480ca0f26638a51250c0718562892d9648
SHA512 c0af6f8891f82a0169ba8b3af221b2e7efe2cf5b72248e94f110d9f6f26df8e40f2e6d832d4030c4b079f49584b7cb8086189016750d9c7cdb88af2f22370500

C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_00001a

MD5 69af13eacc8bf3c5905494cfff5f0372
SHA1 3ed539a1a5b8db26716443fc304f31044e496594
SHA256 48934f377fbbb7287c1053fd99cbe0227b35f87b49f0dce6ed822f0d6995cc8e
SHA512 0330ffaa0bce8bc0932057d9a970053541b376f2f363311f4db350a6c4f66e392b6037266deb687ce339eb7e6853857cf7aa8dae7559cb0dd3e7a1dc68c5460f

C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\TransportSecurity

MD5 e6bd12a51b0f50c01fe7fa6de4d388ea
SHA1 f6b0a6dc9d6601dd606e906c7dacc3728cf4af54
SHA256 0488eb15d7dc5edb23e42f7922ef6178c770d9755823d2f7a65cd3464a3ee466
SHA512 419cb518c77b621e43ccbbf47c49b3a90ace169dbd23b7ddb87f52db0774ce4e8ddd4bf9d7611f15c943c51e1a42d948042853ed01a2c75f082da9f57faaa82d

C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\TransportSecurity~RFe762583.TMP

MD5 1890fb7b784a61ad129f5ea339b9ae16
SHA1 5d9d1bfc9607149691a4ee569319bd0b846999cc
SHA256 48a79a4106199a2533562b14baebe679fb440b353fbc36cbc6609f1875dc1e18
SHA512 0413e55a3c5bd40d2f6c34b97913e7d4061276ddc95bec8557df2480960ac5b7382ea776949dd49159b82d942a54634d6e6fce48cc17dd5b89cc25681cfee931

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1629b48b89ad230e13b42c054a2f6118
SHA1 5131ef0b8312d39c086acf54041f98f68b70c62c
SHA256 d6a3156ea7a1a24d0260395f3c49b162ba91b7de102abbbec6c62d88087774d0
SHA512 4ca0b0b5f73ed67c9ecdd4780e246d4bbf27177f51a3006681b10764dcfd05bf039a2ac6d49241c3f8666ea6a2b8af771ea64313747e6d980e202c4453a45bc0

C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_000027

MD5 b1cfc4975df0215fc2c91a9c4ff559dc
SHA1 cda91dccc7f60e110beea177bd82b7bad05cb0ab
SHA256 c128add461cc943a57541b90b23bca2bd8b02d8540f521616f4cba5516eb976b
SHA512 ce24def1d10ab6fc717d6ce4d49e982cddc855818d0b86e52d829b7d25f0ddcd57820d34ffae715e12809cb7a18e3d0c7afb8ac4d97da7d32af1dd80e87d530f

C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 27c8ddce0cb613131a02b7a89cddaf70
SHA1 6675f8d8062a23b51ec2df842054b59e89bb353f
SHA256 ec98d437d1f31abacf1e0a849d8492d62d85ab69c3f7f9918cd15cfbcc959387
SHA512 a95e6e81a41fe34521139742f9ea62771b7f84eef0429b6b869deb7d75d956349c5259e94cb06797d881a494a7cabfcc991227079232bc7b85507dc35fb2d78b

C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_000028

MD5 a95b05571b35a4f50e79e1ab396362c4
SHA1 7fe7d5cde5e88cf0f55498ed6983f34f35548aa0
SHA256 82e3823289314ac0de95611496eb3b2bb47b7e3fb56938285bef7278aab8ff68
SHA512 dfa5b1d36deaacb27245b8390eb4ce0a7d312fd1e238504c0d5dc9a6cdb6c74aff466adba303ec05e55f9a0fc261cd185127dc848b77ebb50d6cce9c41266a54

C:\Users\Admin\AppData\Local\BlueStacks X\cache\QtWebEngine\Default\Cache\f_00002a

MD5 e64addb1bfb0f535d2ee9b11b4649546
SHA1 18d356b258a01cfb946801a289fa325a6084af9b
SHA256 59fe9e5ee377e0d5a7d1f6f898133ea8fc125ce36782f3f364122720a2ddfe8d
SHA512 93b78f5b5b08903577d589f7abef2ba07eb3f36ff7ed0a2755aa2f4fe71925ae4958c6eea2dc80dd3db552f007366d6b904c25214925b38494cede442e048dbc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d3024a8baa9aa2f41d5964b7a22315ef
SHA1 59619129f421e48831e72dced99022d8e4ebb0de
SHA256 5cb819260e6d1b0d93afa53f1ac16a216077cc01d67ad7868305b40276303b4c
SHA512 be368d565e2c9f284b696baf08f9ba27eb4c3e87ba6d76b86ded368d101f47656bcc35a50b29b0e8b73348e6d3a27e475f71d8ff53aed1cf1d5fb2811a3462af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 caaaf5b370f2a27fb182734b3aefd508
SHA1 1fef754f08d6737a5073c0f33fc08c4ac5e580e6
SHA256 7ab3ed1a80cca46912f83d6bcac6a48b711ccd8629ef7eb3b647666c066e4dec
SHA512 3bef2a97669339a9748e42959a049dfac9b87058e39730d785d498bdefb39606dde02e1cc2c05a0e5c321eec08ee999a9dd8a809ff1138585ed01110698e8869

C:\Users\Admin\AppData\Local\BlueStacks X\Banner\https___cdn.now.gg_apps-content_com.dts.freefireth_videos_desktop_free-fire.mp4

MD5 8c88c1e8e0b145592d15159ae97bb9f1
SHA1 63e8083cc915f52411ef084414e52d9e033ef0bb
SHA256 e3cbe94ea783c7bd46e764d361ee508f5f943e591d186c854c1a9fbfaf511dbc
SHA512 1a99d8f478325d32e433c7fc005f1dbcd0cc18d1da7fdc6de262cca26e7237545e5e6e36a8f98eccd4a486458107a55f13a557401a232b822b8015d25b08a873

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 03d0e559c8a5ace4f0b09892a2408502
SHA1 9d633db764bfd340eb421dfafa9a55ef52e86314
SHA256 8ce96b14902e52aad07858fd068fd6c52fdf2465b94b42b2bdd08a8c21e3baab
SHA512 9ffc58f1b90c94838fd781769dad65a71b1fc24a2c0e08ce0db784073a16ece561621f1c1fa69575637469b7c5422cc6942db4da643ac3b020fdafff5025088b

C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\TransportSecurity

MD5 f8bac59063d2d95cbad9e93e3408d0f6
SHA1 ec185080ffdd7e1f55cd5b88f55af04350746c7b
SHA256 f2cfae3d9ddd3912f7c52396f84f53a8fe904d151ff2095f6297e65c97af1f08
SHA512 39c3908d021528cb9dac291c598ea05685527037fc6cf57d2e6fa54543fe0114363644b1fe2f16d71db1c8b62f870b181d8fc0f07709884721ad9e50366feab1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000086

MD5 fb297973f02a944e9e4cd1a6801065fd
SHA1 b2bf013f3ca78dfacd7ba797400c1b3d5bcdeaa2
SHA256 73835e4a9b838c837973eb2a302b0cce04eb098f5a175caeb146761e4fb75bf6
SHA512 3eec52d882a6b808fa3d6736f8c4a6718aa803bda6a4ea404f49a86adef445d5a0a245cfdf2c5b6efb37c1b0d4bbb358d65c3ceacb025cc03e530de264d5e4f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000082

MD5 db6d94096510a63a163dc3a89fb482d1
SHA1 b87304653024b01bc59b2d2f74386bfbe86b1fd3
SHA256 2d6d20583e69370baedeb772d5529554b680daf27322648b1a6d334efd0e24c0
SHA512 b7e7355aa0b928c8270419dd510654b7d476339553536c4da949ec276711e9b78362c0e621a324dd27d7187303d610332286a3179ff691f212d3b3b75c02840a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000085

MD5 93e654d6ce23aa89eab05353e0667a71
SHA1 02d055a16c543905ab1512c428d1456f2ab7fe12
SHA256 1070140325aacd711b837dc6c12b8f151e1279e7badf52989e6fac8506aa9f3b
SHA512 bd410430f761d952114428ce3f4fd214addd6a72d46d83cada8627ae860234e7598331afa201d23b9c30b98bda54e8d19306e69444717faabdfb49d546c5d9f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ce2cc4326a40380f22c2c4aac470cb5b
SHA1 be8d62985979319e0b4c8d7c3f3720ecaa1e585c
SHA256 8806020b0a7ac51b1615fa69980286b20c6ee3a81bc7da58838f3c21af71f566
SHA512 1933a336768cedfccf3617a7df29dd04aef5f520f52f9b95738ad798f2adfc6a0f67c34c6614d6a796345d4abbcc43ff814082be27bf9df2f162c34ed407e99a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 589c49f8a8e18ec6998a7a30b4958ebc
SHA1 cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA256 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512 e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5f78bb00ff489bae05dba4e3c5337792
SHA1 bcf398ce0f513094af02f2a1bd35eaac6a7046cc
SHA256 439cc61c9dd599d2abb99ebcbed6f468d87f872e61eb425bd22e6647ce4cc09f
SHA512 7f58cffb2187aad25687a2a33ca1e6cc4eb945730cb9cfff8fe7a2336aa9ec43a75f542ae641d6d4efdd74387a2aa7e3ac5d9e38f762145c610b3b597bc49094

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a30b59c39b196c4dc26f80a9eceac48c
SHA1 6b8affc4b3381e0306dbfb40950fceedc434e1e6
SHA256 ba7a9e5aae099470dafee6a54a227b3c2b812bc3aab4aedfb2581cc9bbcd0ab1
SHA512 42f628011f9a22bc35d8ef5e2e4b14a2673ccfdbe0fa47a11962e100e856531b4a4f769a93ee90f7e89f71b31ae4ffc9da490c26114cd1771362d38d9fd8d8b0

C:\Users\Admin\AppData\Local\BlueStacks X\QtWebEngine\Default\Network Persistent State

MD5 ec980fbadffaca092401ba8700fff894
SHA1 ebe647751bc4b9e5433efd31b512cd77b312cb01
SHA256 1c4186f03f265bdde11acafa41bf95d4c15c5f9426e326973e4876539b602979
SHA512 2508e182415295f1be67c9b952c82f012aad4a74a9136fce797028e20ebd0b98d501fad2854969bf14b7776d27c7308a6a0fb1d5b12acda63c7252aa55c0ca65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 facc29017e792dff5d0477ee1d75d764
SHA1 462a6ada4bba4f7604a3fa5c46ae66aca34c0c40
SHA256 f241fc80a1c060f191b98004f798cfb28363d1a7cb02f82f3a9b3edc5399072e
SHA512 578409561e6a5552ac39f6565b68a13774ef3e5e2c47f46746143ee1414313664983245ac4e41390abfa89a4efe3a357b694d8468308fbc27c1c85d4f18825fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 90c098f05409537024c5df3ff1ef4f89
SHA1 4262172670c8cc733f9623b06efa84d21447773a
SHA256 49c1495e7315f55b7027938905b5a24b83dc8572c790a3e527486bd12b6d3f6a
SHA512 62ae443fbeb89aaefbdd18e04917c64ba1a83d0e9e357dab8ee1b166876cb78f017e8afaad16d323e7a2b35b1a050f7d991dfe8be694f79e2c0d1fb63e6ed8a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 07a9ccf45995fc18b55adf6e94903985
SHA1 dc39319ce1afb2672a33107eea87588b7708722d
SHA256 95a201afe435c1cf2e6bfabeee51ac2214fc4590269df277bd111244be813f05
SHA512 8d8412ad656cd497c821617937c30834e27a18e59bac5d0325e7af41ebb89c384073aca43afc00dbcab543fb72958f1872c741bd2334391c3b32677549bed553

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 60776c9492b88eabf5a031891bb6706e
SHA1 5c6d665503d8b5fa84fa8b67e453c6331cde860e
SHA256 fa0a60e861186562a0cfb699160f0a1e008d5f52fb07af5b1fff1a35deae5a9a
SHA512 2e0df2d5022c8995101f33eeff19447293012997a595869ee952db20773ce3a542c752298aabd6c42574da03e7455d9250edaf4216914458f682b9b1cc23e0a1

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 2f1e833500eac494fb5b7888c1910644
SHA1 97ed0ceda185e6cc86348474bf7f527b45ceb4e7
SHA256 7f9218db2a71d8934b72ede88ebf5ffb2fc79cfa5d82523d2578ca3855dcb0f3
SHA512 3f175d1a4e5c4c8ea78d2cbba5690975d15034569e6abea08bcb1b32074247489fcb4ccb1a841efaa341c5bcb4b0205279a45759ee66112416be2b0c1bf258e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bfdd46b8c5917449d933b1b2ec19b3cd
SHA1 2c97bc279dab701f5184ddb7a874d83075a578e2
SHA256 a7eb5f072c812f514b17c7385a5eee3178c8d04fde75f8dcde7024fbdffe5351
SHA512 04f940c240ac538897bf53801ff89c35c7dfb117c73cbc9f5674195d300dc7b256868188afa7bd7be8732be1978ff32dd77bfe75a18332f97d6d0767c36ac318

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 962c379cb64d5eeb19f5af824c4db65a
SHA1 782a60805e871f082c67d3755def68e01a131084
SHA256 ba6ef35d5ca8d5c0fe28398c304f015181a8e1198c681682e47cc1d06afa8bdb
SHA512 0ef3c035638f6942c3b66314fc2ce7e8364df6d04c9a479d1408314f520f81d6ec266d1dce1bd929878bf7f8204bd0c5cf733ba78d8e4dc6c8e4d321be193b36

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 37b4f7d71c24e75df6664b7cc57ab29f
SHA1 3c78712c0dd2b1fe679c7e02e940b3c5f4c3c879
SHA256 e5d000b4e86c04694fdd49577f2a34d11d76c51fdaa255af8d0ba5e521d801af
SHA512 fd9defacc0f42e6d67acde2509a7759b51115d0db6e8e64d73bb72d4462763e44f4bf3d9e6c126490ca781d468274ca6679840e06da0a26a5fd60570d4f338d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

MD5 b6eda8305d3976cdb62fd45d4a07823f
SHA1 b3db43c1857022c2e29fbc5c55411c192ae5ce2b
SHA256 15de111f63d12ec228b90489323d498caead641f3e056d4487c29121f0ab7915
SHA512 27e8feb610bba8ed64c1ae9938b7d6d88e2b9e89ab555665ecd374c869c1c6e21aa709641c19f2409e198f656690bd18eef92d16bc51f030c24730cad55cabb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d43ef50d3784c3eae842e8d6822117c1
SHA1 21f4c6868ab424d5f3a886fa1c6a24100ad330a9
SHA256 5c5237ca75c0526a7d9615e63321a3f08cce1b61293ee5464ea91b0194271eb3
SHA512 bc1a5170cb177c568846219a9ea829387a347a32b0d341f5287040b519172567128552dd9175d8a6f708a2e30ed49cc1be69f8a5879bf1eaa5e99d19460a632c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c46747ea0474142039d6ed79e3ea9bff
SHA1 f384c0417bd0f07e56241df2b9a3c598817e8fdd
SHA256 5b275a85a3162bc413dc0eb51ab19442194979f1d19b4537d3bff5f7a102b39f
SHA512 6624debeab2fce7bfa443f7136b8b50e112eeb1fef8e2cc0673fe5584ea8687095fcb344a76f1e5c576640da926f636ebfce575ad8c9b710c9297cc2ce37fb7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 de745451e3e283a94e3f317ec5471072
SHA1 19b114c08ea726c9851a35c48d47431cd707dc90
SHA256 f05a109790c3a1874cdab12c14b434da1aca455da57db6f0261583622b21b0f5
SHA512 f878da2521d9e88aff14b93b3b669fcf38f82e90fdfb22a86a3c19f1a2dcb4065e681017b6bfdd5681f3b0ecb066ee8690a59aebb7a8a99f98cb908044942882

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2e5300d49b188b272948c0d1e000a3ed
SHA1 c1ddc193de90a254a41c2042f03c847dc75ff732
SHA256 30588d19b1a8495f75fca20d19d878a6620d2a23f6ea7f0557b27f251f959565
SHA512 51441b393468902aec0e777f49f7b7e28983f0911c46468ae5b9ea12f0395dd411556fb18a1b265fdcbd53a21e18b0857ac302c92bb9985274876ef0db3c44e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5fae45615427704cb45c083b2ea3e81d
SHA1 7bfd28f0be9db539feaf0d4dd5a0053b2b5d4aca
SHA256 5af50fcad00516022f23dc7ebc8b59f833cfd2c4f1333eb59c3cb4bded5d4365
SHA512 c19821f1cb60f5fc3f93fe9109feab64e01168da121201f7a24f2da3321577458d1db139a9ab2dbf82f482d6e0338012a4b2270fd7c43c92a149a8757fbd96e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6ba6535d8ce936be6916488e630f9f26
SHA1 1909e916cd5b655cc7b03cdcde90ed26b0bf1fd2
SHA256 f51ee3e15cdfd743bac9ee70f7c052ca7aa8a70248cb4d9c7f9e99cb86602e61
SHA512 4b9f0358e6b8651e2bb8be15a7d9ff54fab4858f7c8661c3902e1c3be98c8b5df0fcd9ed5f9d7511f1b56283898af227c7109c41fb99492616d95c0e49c69659

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c2330c887fd5c29af2af2d398d33c02e
SHA1 4afff132eddac12f3c7ad906013cb7724445a609
SHA256 4c6a9873c81edf538a060aff4e3e156f8596bfd9020ea619993039e07e86d626
SHA512 1d5c0d487206709c77ba18c2b64607a28e671e303f633f82d3f90340c8e7aefa7db7df8c5b5208e155791dd6f5c2b08dded15d5f4ebaef1b6b7bbf78f02576fc

C:\Users\Admin\AppData\Local\BlueStacks X\Banner\https___cdn-bgp.bluestacks.com_bgp_fle_images_boot_promo_com.dts.freefireth_1.jpg.tmp

MD5 57c1f945e1d8d4c27f7c3745afe34902
SHA1 c293a5e6e7a1b9889c5828f6dc248ca8610f7f28
SHA256 3cb13979e72c8d692a1ebadc7f902b9d2ab9eb83c8d72f875e4014383db547df
SHA512 de66fdd898edab551ac82a27277c69bd322bab377eac54fbbc60253654ee40a9bb1ec2df6c6c87f0ff52792fbd6de45064a3e9d9532c736a8cbb1c75a7a4085c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7384fae6ec145306753b1108996fb9fa
SHA1 4c19766ef763d24ba789917dfc8a502fabfb9952
SHA256 9a030f56a2a5be3dd3e2ea1a45514aaaa96fefc98983a96277d4e78627b3cfeb
SHA512 6910e9c42cbe99e3020e161c42f71856550023f4de70cd6cdf81e5cbb2af0e3f1a6853b13d5efe608ad6066d0dc6fc49946473dd3ae5d8e6e44afbe78481c609

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Assets\error_icon_72.png

MD5 4aaf83d2b3fd56ad806708e60474df39
SHA1 144777a265879b69fadea3eb3ac6939458918578
SHA256 84e59d14d9433e6c3d92daeb8c443063b5e3be6c0b297f0403dbde473a05cb3f
SHA512 3b8485f054fe6ed2374bc81cb1786f09741219fbfcb22503707b11cf5db1ab262ba4349633597d5d9ddabc3415b170fa8eebc932f58d211d7092b8fb96fa1304

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Assets\installer_minimize.png

MD5 38b539a1e4229738e5c196eedb4eb225
SHA1 f027b08dce77c47aaed75a28a2fce218ff8c936c
SHA256 a064f417e3c2b8f3121a14bbded268b2cdf635706880b7006f931de31476bbc2
SHA512 2ce433689a94fae454ef65e0e9ec33657b89718bbb5a038bf32950f6d68722803922f3a427278bad432395a1716523e589463fcce4279dc2a895fd77434821cc

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Assets\setpath_hover.png

MD5 b1e53a76b6ddb3ecff52bfc1a8e5b09d
SHA1 012b5879e879fa25bf48e4bb62c35ee829eea571
SHA256 2da3f9367c847e47131370dd163f611c4639287512a47f487e0025c5665830e0
SHA512 4369891858b4adaf9144636c44b55979290177bcff57f67f341071e42e90f992531024e122c0bc5436ddb8c55e994e7b913ec37137a642dc0164e6e2516f0b68

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Assets\setpath_click.png

MD5 624e84e9b49bc150043aa9fb0eed2822
SHA1 f23f2a4ec609e3e9cff9319533e561968ccabb22
SHA256 c94924e95a49b175c8fc00bdc2821bb70a85b864cc193becc553b32f0024dde1
SHA512 288e1954d29bd3d22b56fadb2e0d3d10580a540fa1f2bab1284d957708bad96df5e38b67c6dc14784e1e275b89082c57370b786c0d0c4307601c0d2bf3704460

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\oem.cfg

MD5 880dbbc36b6f1d4a6ca9a73419564776
SHA1 1b4eaca846ca50a9fecb6a741dd19973eee9e557
SHA256 0d111e0260b3c11e1dae2b5328bcfd2d1fb21f15f5b49064bd07e272a8bb0822
SHA512 19980cae5bd279216d737cdabc9e9980c74f8918234879b9d5fe9aef1e265cf426931e9db798e2582399272258e18dc04d817b0dad6557010d04b6ff7a715322

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Newtonsoft.Json.dll

MD5 3aaba077f88029f346cb16e35b83c06f
SHA1 1497eabbac624d4c46e18c9b94b95377e3924b41
SHA256 bbe9ae0b3f451cb885a8a91c096713bfeefd5fd17bb52ab1f70f61d6220b64c1
SHA512 11622634b96c7696854d44b3898bb6739145ae2440d112e46e94d11d7f4a8ca7ca04d701ebc561670c325e248176b04c5d7aaed0dbda397a0483796a596934a8

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Microsoft.WindowsAPICodePack.Shell.dll

MD5 46fa58ad3cadfca4307ab048a7002cf9
SHA1 b4ecb62b57cfdaee0da8bd67ed9252669dc88bc3
SHA256 a64bcae4784ffd95541f7ebc72cd7e52c00ef7545a8f743071192ab73735c573
SHA512 b137070b9733901d39eb41f326faeac853ddd2af3720c39b0657811860742fc4b9d8266bdf5417889493f62b3c7c19930e6bd3e38d28a26babda9aa36b685f68

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Microsoft.WindowsAPICodePack.dll

MD5 2f47d71fc14c6f4d8aa7c09be7a224c4
SHA1 7917dbebaac77ff55691d791735d2f03ebf0f0b2
SHA256 7114040ec7f4afd81955eea1a4f506e5effb52a015df6c11c68081e48f86e80c
SHA512 699f6c4bfdfcf78e45561ecdeb1c0c72e1890dce06729ce62fc1fdc5ef25e7f6bee62c2f90acf929ea855de8324d69cc2418f141442e29005d849b0b72387d7e

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\HD-Common.dll

MD5 94a049c3275e3af7031582e2aa9a412f
SHA1 0c488da4104ab782cd807470cb157b5977fa34c7
SHA256 f2c482281cd571b4eedafc6f8f05ff1a7fb4218ac63a2e467a0e2c070930bba4
SHA512 6387657e4f28ffcc1f164d8737baaa1c9997318f1075e86a42f57e2ece8c805b9f48bf255d5f839e567bc8d9ad185d7efb3e1787603d38b409b7baa89a5bda9b

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\HD-Bridge-Native.dll

MD5 5728e88228143295931dcb11cd02ea73
SHA1 9b66872803f6692e38bd42d55e0597b586975202
SHA256 e2c6cb6213d0993a8e19aea8828049ebc08393b1944abc632cf405d53de86723
SHA512 8b5fcb3eb86380c17b9e2db7d336138553edcfe27208511f976906202e31ef88f02c3b18c76f8b0d2358036412fed498de2c156456cd5857b4bc06c094f69683

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Assets\setpath.png

MD5 b2e7f40179744c74fded932e829cb12a
SHA1 a0059ab8158a497d2cf583a292b13f87326ec3f0
SHA256 5bbb2f41f9f3a805986c3c88a639bcc22d90067d4b8de9f1e21e3cf9e5c1766b
SHA512 b95b7ebdb4a74639276eaa5c055fd8d9431e2f58a5f7c57303f7cf22e8b599f6f2a7852074cf71b19b49eb31cc9bf2509aedf41d608981d116e49a00030c797c

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Assets\minimize_progress_hover.png

MD5 fc2a0361a751177d3aacdba9c31b2682
SHA1 0a8f672d7a8777d1106e3b8ee36bd6e45bd322ab
SHA256 1a4aaa46893e2a9b011c478fbb0cd0e84c199f9f3520703189640088969ef5cd
SHA512 a15542c90972387133d86f6a94c17435432b1493b02502533c4d7978428ed7d44a7d3c5564fe08946561638f8a5a3dd0b35b81979c2929dcc386ee5f6f7ecccb

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Assets\loader.png

MD5 03903fd42ed2ee3cb014f0f3b410bcb4
SHA1 762a95240607fe8a304867a46bc2d677f494f5c2
SHA256 076263cc65f9824f4f82eb6beaa594d1df90218a2ee21664cf209181557e04b1
SHA512 8b0e717268590e5287c07598a06d89220c5e9a33cd1c29c55f8720321f4b3efc869d20c61fcc892e13188d77f0fdc4c73a2ee6dece174bf876fcc3a6c5683857

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Assets\link.png

MD5 ae2c73ee43d722c327c7fb6fdbee905c
SHA1 96f238bf53ac80f5b7a9ad6ef2531e8e3f274628
SHA256 28c0abc6bfe7a155815104883a37a53dd783d142300471064c95eddf3cae0eaf
SHA512 5a1e341f727cf1cb4832cced8e96c5a74971451629603c48bfb91ceb4561d0122ab9ae701f8b34681d5f13115a384467d430ccb8282494b40f4577ebc3ad825b

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Assets\installer_upgrade_image_bg.jpg

MD5 3bb85d2c8cef28c89a2d07adf931e955
SHA1 596d13e7742455afce8a534382b28cfd2f6aa185
SHA256 b7f75233e633107d50f24ca82099225c83a832571cd2ce92901f2db3897f058b
SHA512 7075fe989d69ad5f0f4cca5fbbbabad16e0949c2ab8538f3f96020b831a4ec1cc3a701dcb7332e577b5eceba230449efbbf8e288dad47a53d76e40c2337dc730

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Assets\installer_minimize_hover.png

MD5 18fb6465b029206477d0222e8da6fdf9
SHA1 b7f91e5e3002a5d3c84a30ca6cebe1a89a65ba7b
SHA256 57aae4bf49dcbb0ad6cff6263200015c89d7752dc75c2ad918bf846e1ce9646d
SHA512 f045dfed35ea9ff31336cd354a0dd2e9a7ac2582cea1d25a444fffa3bd01e03d73611f786873a81a27a370e5ddb3a6043713e29f064d274088df1c925eb6785f

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Assets\installer_minimize_click.png

MD5 08fc39a69fa17e0f529915919cea1633
SHA1 2966a3f739698e2ce368585fb7f6ac4eae4497b1
SHA256 2599d6a55a8e12b1f05a6e8982d55559151a25ae3690e6637510b6283622dd95
SHA512 f5eae902f9b631410b03b6d4f9be1b4cf6547a94f1a2eee6bf70b0f3036499c01a42c9d58cf98ffbe10edbe79577a01e64faf0e527a70bc9470a1c3d9263b805

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Assets\exit_close_hover.png

MD5 92c2bf222d6ab81fe7a0c072bf31c107
SHA1 8853eb08a2aa3e99fae6dabb9cff6461704f2a2e
SHA256 bcc053a9a087e077d58114106d29701a34f7851f4052f3157102811355d3e709
SHA512 6548d0038f4bda1db69de0729cc9648725d744953649a396b9147afb16abf018a5aef7ff7d3bb019031863f20c81bc202d6e37d171027ab9fde3b37402e179c7

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Assets\error_icon.png

MD5 dab2c4538a83422b5deae0e0de9b7a30
SHA1 78c2ab2271aa4020df1e0289bc3c1ba9a43fd424
SHA256 666ad4fe456216ddc06618967846ed31f81d8db5be97da6531842c0667352b89
SHA512 24cb30a68ce117ba16edd1e94c7d066343eb265c874cd55467db2f913c01b9d776b2ad846e3414cd820c0ba10d93f132aea27739d16165b6e9dd5fbc8890bfdc

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Assets\custom_hover.png

MD5 f3e05f142e742e25a98d4f5af3ae0623
SHA1 88363e81ddef700803f4859d2f3f0b4af516bbf3
SHA256 d588ef0eaa334ed8482f32e5839a7ee0d0b544d5b8d5f7720b8c57010e080424
SHA512 5f07a7163c9834564dc4de5a1a484ac8208151bc244f8e72d64556abf88c35f6a81dd6718a3e6f681265c10e2dbbadb07570fa64c31113342a88fd605019496a

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Assets\custom_click.png

MD5 ced07c9db242115400e159d9a02bb7b7
SHA1 6f2bebd1714dd7522479b5f3e3f2b3f0d18e8c77
SHA256 1318e0f34a551edae1e82818fdf7de5ac627493db5b24556d919f525052d5b90
SHA512 d52e63792a5b4172d4ac4e2d369b22b170578616d04de5a40be15b260a2741bf8158b3aed9509760c334283360dd13a4fa21538fc4547ba464be5dd700a22b70

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Assets\custom.png

MD5 03b17f0b1c067826b0fcc6746cced2cb
SHA1 e07e4434e10df4d6c81b55fceb6eca2281362477
SHA256 fbece8bb5f4dfa55dcfbf41151b10608af807b9477e99acf0940954a11e68f7b
SHA512 67c78ec01e20e9c8d9cdbba665bb2fd2bb150356f30b88d3d400bbdb0ae92010f5d7bcb683dcf6f895722a9151d8e669d8bef913eb6e728ba56bb02f264573b2

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Assets\backicon.png

MD5 7ff5dc8270b5fa7ef6c4a1420bd67a7f
SHA1 b224300372feaa97d882ca2552b227c0f2ef4e3e
SHA256 fa64884054171515e97b78aaa1aad1ec5baa9d1daf9c682e0b3fb4a41a9cb1c1
SHA512 f0d5a842a01b99f189f3d46ab59d2c388a974951b042b25bbce54a15f5a3f386984d19cfca22ba1440eebd79260066a37dfeff6cb0d1332fca136add14488eef

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\concrt140.dll

MD5 c4fe3f03efd3188252caa101f954ffeb
SHA1 98b613aee45c71aed9d2be0d61d7ace323929e9c
SHA256 95bb425be3d515a6a58f7399d44dd9e032baea11667dfdba29517c460171880a
SHA512 80018e0bddf079367d3568433a5f89f0144aa0a75286b0105fe32aeeb5d80876c9b2e1ecaafb70fb041271e27a234a2cb88a2d3d160a4aa3768ccfcfc574704a

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\BstkTypeLib.dll

MD5 14eaeddcdf2c09f7fb65ded924189684
SHA1 479e6d68e8498d841089b6e16b0492a0a54b570b
SHA256 a21e6b63ae0beb3e3e83fd0d845736f971375107278028a6c1b4ebad56483552
SHA512 8c438ed3313e18edbcc597ec0ca85a48c521f2fc9cc59102d3401f385f0a4cb88c1b31a9427fb6fac494cc55fb7eb52078fdcfe43c678c7d372c06afc4b79639

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\HD-Astcdecoder.dll

MD5 d557e5bef30f583512029a1668b68a71
SHA1 d91837c90d208e61ec78e9d783f14b1ce2412bc8
SHA256 92ce421b8c23faba144c0923c41f45051c2d8ca3c9835f0fe7242ba7881341d6
SHA512 a0b1636748e394908bf72a7325e0d71cda1fe79f1d36be570de863b1e7f12e73917d259e17676bfbb469b2d8b5813657d465131c17e25c9cb5dad5d33e354e46

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\d3dcompiler_47.dll

MD5 5faba8b020b313253703b07591d00379
SHA1 f5ea546901c3faf60122a4ec2d15a86b916d5d10
SHA256 bef3c125122bb459434bb02e763454cc21454257a78e63ceabfb5b347d46efd2
SHA512 b23f0df210b25996953e51ceb2304bd85aaed33c41c75ee1577f6d76f37bbd2a2e96be0ba7561270e23b26cf0db2c8ae60567cdf91fbbd2d0577ae88e9ce3939

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\libEGL.dll

MD5 be6ff0ec680921380c04331351a1ca2f
SHA1 164a58758bd929d3f61f5193494dc4ea188c34c2
SHA256 5e287e7e884504b524dc4610bebe79e013f0bc6f87fe788dd1f5562b70a6dd65
SHA512 8603d539b08c32a9777eb5749ea9707a26a025dee72e8b44a34bc7e5270d8d88004a3dc0625986b4814402a3891ce32d815a27c6ec7e0079638a36b68d13890a

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\libGLESv2.dll

MD5 35b10fb121ff7c4f85636c4ac075307c
SHA1 ced4a1b68ec66eb8bad69651e8d2d7ea63028f8f
SHA256 5b0acf994cd091c5c07d707219a33de7d5d9ce2038bf93644a7c3d8d64de48d5
SHA512 14fad63bbe5bc296206656b1b6075167d4d86278e2db7afe5ec68144e7896227a07ea07d93e3a5b042deae6089984ab1ff9f38f80c9c9b128787871d13f28d71

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\HD-Opengl-Native.dll

MD5 c0616b751eb8f1c52de8427b55cc754a
SHA1 d4121e9f308380c81bf621adf9968672ed367214
SHA256 6238e5f6379127466162a13dce89805c02cacb302f099ab26be2f460c274586d
SHA512 4b99b9e38858b69df13f754609b18be4a19153f7062068fa66637e76b1f1ba8238c28a5d10de24c489c6e13b06b41a1b30ba751ed734bed39da56c258af4d3d5

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\msvcp140_codecvt_ids.dll

MD5 4266e7bb9bfce998083d2f4f938b11c9
SHA1 23fc9c4c9de9fd3e71941df86e26c4dd44f2a95b
SHA256 e1ee6d29e30708ad5812035626bbc1058ea12fd5503d5a79d28c9cb67fab4a14
SHA512 5dc1e769f973aec3f0f766ad7c2364a184b9f71c1266f5e5a874c3e63ca7082e9a2c38346d387aa516e2f23acaaf62979434819697b2695644883ce07bbfd867

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\vcruntime140_1.dll

MD5 7667b0883de4667ec87c3b75bed84d84
SHA1 e6f6df83e813ed8252614a46a5892c4856df1f58
SHA256 04e7ccbdcad7cbaf0ed28692fb08eab832c38aad9071749037ee7a58f45e9d7d
SHA512 968cbaafe416a9e398c5bfd8c5825fa813462ae207d17072c035f916742517edc42349a72ab6795199d34ccece259d5f2f63587cfaeb0026c0667632b05c5c74

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\vcruntime140.dll

MD5 11d9ac94e8cb17bd23dea89f8e757f18
SHA1 d4fb80a512486821ad320c4fd67abcae63005158
SHA256 e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e
SHA512 aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\vccorlib140.dll

MD5 7ef7eab654df53e087ac4703c9ea0b16
SHA1 743dc76d168326b60f09347945fe1342a6effc4c
SHA256 13e568fdcde1b7b7f2d1c97a474bdb8858f5ab761157f0fea7201ccecf84b9b8
SHA512 0b860f10c03acb3866e82fd6044c29d63a2c6a1d5f6628f3d31f1cd1e44d7144e3660df3446b7a0b76b7811b261675e5aa39fb27efeec060d287fde3e630edd2

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\msvcp140_atomic_wait.dll

MD5 1d2a0d23e35b93464bb5b09e5e4c02b2
SHA1 04d1a1eed3868433c5b7652ecae0fdcd29e1ef39
SHA256 a577b5fc4e3a14ae141657c30a38d11ff8593135e51e55485b252eb821d47e75
SHA512 18a0db760e4c4d9c4e014cff5ee0f433b298b65fdeca95b8f5f172b9bc534a1c7f64a1b2751b90e89cf76f41ee1ab468415466d2a657905eca9835e41cae264e

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\avcodec-60.dll

MD5 5c9a91c44c5646c0d7d2ee4cf990cb5f
SHA1 65c34751b36fab3d4bdf6e79e34d1e9ad50c3291
SHA256 639f445c807dfef8a42a5e1bc0b1a19f82fcf2523b46820c60465bd47d8e47a5
SHA512 11f227a0431451e15426e5fd34fcdb69096f50d589762e2f17ff834b32f70d5305c5e707eb61efe07740f2f001405c905a7ebaf5b0e91b4b040a8b14062ede3d

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\libOpenglRender.dll

MD5 9cf4a61fc72929fe7aebf070ea3d28ad
SHA1 682a7f09a4dc0964e8063d45209321cb0ca2cf2d
SHA256 68321dc5898f921a21e536ad8a46f208c18c63d30611d14f2e39fe50bea1c99e
SHA512 f9fb81089ab943f1ef873b69d9979d12041faaf14dab57177bfcdf909da00274ba695b94fd01a64e51b2504444d0fb2d5295b9a64df2307a0e65e7877fa0510a

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\avformat-60.dll

MD5 aaf5e285e8e8ed6a6e428b52728ed18e
SHA1 89794b8e834a617724f24aa18de745f413221045
SHA256 17e49a141502a26655cb3adec68c45ea19491e713eea13b1c3c35e458e77cc1d
SHA512 67cb2a03ab2740ed4f10955be1c2b7025f5e16e1eff7814fa6176458cc676dc892dc4b6d53ab0ac94be1c6176916f29b49d9dd3e1dd8e08c002d968c90eaf051

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\imageformats\qsvg.dll

MD5 b90e88e9952dc0a930895feab50348c0
SHA1 768a2797e6d0732faf54ba3994a804374dc9bf98
SHA256 f04ec129d462e1bbf3fa4b8fefacab7fdaceafd4a2ecfc50a677e8c85f7238ea
SHA512 3d573d87bab03edf59dad9c30381e1f6da140c016967cfec801ae335cd6eb4d8bc169c03602d457974ce1d61667c13973f7c6ff57881c7ef416b20ece7039f15

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\multimedia\windowsmediaplugin.dll

MD5 ecbfa8c49ca2fa398553fb71dbc3f2f0
SHA1 c20cf6528683d7d85d2498bdcb99816466b92c33
SHA256 d1ac17c7c60869dd6c974a443084e7b5956e8d3d15b36327d9ded665118577cd
SHA512 8f1604ea33b8a6363af531a4b8ce4ce8564a4e18e9c796f9a311181ab970aaa8339c286e924671b69b06fddcbd5580f40faa6f63b21e91124694fcf422b929d4

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt5Compat\GraphicalEffects\qtgraphicaleffectsplugin.dll

MD5 40a9f3952037a83b01bfed728be9b2de
SHA1 61c643498ff17937e3e42925733220e88e207551
SHA256 34e10130fb528670c01c03c3ab9e1ae7171df0de477211a050e797bf9b0eaf2f
SHA512 76d8b87dbb1ef249f9b46ccc57014a8d88b29c9603d2502993c30bfc8d394bfaa4caa2b7e1bc05de28ce65a1e82aa71e3ee493426b929ca1218f0d6cc9e77e66

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt5Compat\GraphicalEffects\qmldir

MD5 dff2761c6a369bb68fb64757f2ce7a1b
SHA1 1b8f6975a6ace9a806aa332af0f90a92d4cd3b38
SHA256 746e523c5ab620100ae9331b0736a7b76013b432982c9aa68c10cf67fba0aa89
SHA512 fae63c67b220913fc81f385e9de05f55377eb3bbc1ca3c5d3f51a2aef05532631c1c9d34013eda3a4bd88b98cb86d5e5f78ebde6ed48f0737a16b670daf202c2

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt5Compat\GraphicalEffects\private\qtgraphicaleffectsprivateplugin.dll

MD5 329586d78bd77e76e91c50602fd2c956
SHA1 0a9aa198a6b1cb7dae7dc6d9faf8242f4e1acd7f
SHA256 19922327ad13710715304f6734ada287f6ca3fcd5921e27d5daa155381d03cb6
SHA512 f99747692ca92a1e5df9367d77ff20164e81fd0a3a986868555f935667bcffe290374a4b90c22a0cff6fb4e56e5d30da7a717f1e41d91fd66f94cdae7e9023df

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6Core.dll

MD5 b5fdc51aaabe8c0f1b611e003817b3e0
SHA1 e856cfb754a1f753c85f10e3e51914b76c916f5c
SHA256 8a1af6b5ea341ef0d01573a9005e5c68206cfef6853b5584e8a737c26c9d9ee7
SHA512 b9d9973d34087dad86a0b6fdaa0a8ffcb1261c73782459cdd16675001bea9333039e9a75da98c4f2f24891931fd4ce7dfdb090dfe046d47ece6b5ada99368afd

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt5Compat\GraphicalEffects\private\qmldir

MD5 f1a067104d9bd191b0f3d848a0fa6d64
SHA1 53b15433f57c61c540c493963aff6a77f9fdff45
SHA256 bb9481e3e26069623c4dfaa9cb9c415529d084edd67edda1595854421bfac5ce
SHA512 71ec428d3ba43ea5c544f25dea40e58cc3f8605b6a15ea4312427003227637a99e74cb0e8f04a4a95a726026a65c2c02a31c1204db00dfac259298b3cf91b381

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt\labs\platform\qtlabsplatformplugin.dll

MD5 5995705b62f1ca954f74b0a59dcc99d5
SHA1 342077d1b46d5bba36e4f0333dd7258f55ade651
SHA256 8df3e0528be697ca08e5c82cb2e77131bacdc8f2ed9324d14a3ce7fb8d2c7b25
SHA512 5d391cfaa898a0501f54b5a6248b111f63950731427944d4d40341e4c0552692e8178297bc31e63fab4106d30099defa50785565eba01e23bee8215b0fe7f493

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6Network.dll

MD5 794760c25a8de30dcb152808dd5b7416
SHA1 8a4fbca5e2a29e56e5d25db6912a23784fe1a644
SHA256 f6702966e341d9a2f1707df5833db984205b3717fb5ce3cd2a37383ac347905d
SHA512 7d03a3077644e394aaf0e9ebbb1dcb28c4394139a508006c4134891670541d599216a8fcc1e229debb84ddfd0c2248392510597e2fa1073675e01728a0d8dfd8

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6MultimediaQuick.dll

MD5 b5a48a332e16e6728a2d26714c126c49
SHA1 5f6b55c7a2eb5afe58b5c09185d2ce1eb97e4518
SHA256 c87fa93fd57a6fb2f7d10e9c45ec09c9cbe1298ddd5f4d7458ff896e99b17b85
SHA512 4a5f92f87c6eeade882d088ef6c46cc93a57786fb740422806e6a603db4dadfc9ddd018829add5c59db40ed86a4d5d25c933d97b712cb2b757a32a7c8771037c

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6QmlWorkerScript.dll

MD5 48f041709a6b31471d6eeaa090232d19
SHA1 feb934bde6bc8d4042e96b579b7b8a2b01af3679
SHA256 c52c62b7feb5491d2d914ae10478f3a0bfa3fb58cb75189932f5dd5ffad31b1a
SHA512 efd6169527836c8088d78741b2d813176ffd6050536187323d19e41ec1ee58eaf28ef51412665fab2425709955d046dce370f5d7613c64d2713e81111140482e

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6QmlModels.dll

MD5 3d185167828e5b21ba37d2f7a366aa6c
SHA1 a865604239a8c960695512e494b6a876ba052720
SHA256 846d37da5d81570c08824fccc2a1fa7b10b40dc15bcb2a71b9da553b87680992
SHA512 8d41b405fe4c1881b2f6aed9a4d655ed9a3041a92b977ef7e48ab7f27af1e61f6b8c97b48946a15ba7ac3b99ef06186670d42bc9f0f68b7f8e02ae79e0de8f55

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6RemoteObjects.dll

MD5 d1996fa4136cd8c2f643a3770ecf5f5c
SHA1 74cf4b91731a518ee3124ce649884a2757d9c615
SHA256 f3e3ae32eddd2290021c4e55ce3b519f2000d20e7e648102a1d0a3976e718e47
SHA512 a9f6af09fef0f94fe7cc50a2f98e28a8148d91dbbef081ca73011f8335bc9a746e74d55b7a94d879a10ce7a3cf50e69113a9296d29beb8f5366f5be8c9d788c4

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6WebChannelQuick.dll

MD5 ddfd4bea4e325844d083ca06be370a61
SHA1 85ac85fce3ed43db9cb8286b74a33e01b4b48b65
SHA256 e842737a7a88fd6e7822d85a93a8eb0b7873f09cf1c5ff7bef21b53d2c4dbf41
SHA512 e462089d9f01b93efb769bf75dc64fa8fb275aa3a37fe48e1a3d1bdd33a9f7ac9125f8fce538d39ec05f493a673611a69cc126d10e7e55212472d9a7c4c9e37d

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6WebChannel.dll

MD5 e1c366b3a51c734adecc49be9a0142ba
SHA1 342d3d3f03f3b56135b0f59a6f2b5191e3900b20
SHA256 52653500fd113610125240f5d18b64c5373eb0b75c8fdcb2718eb68ba02acb70
SHA512 b84b4e3c1335277f8e94e297ea827cc1ea787a6d4508435b77d7c93aa093ee3aa81b2e6b6b1d87058acca4adbc42b3182e08db5d9ffebc4e683e70cec106dbfb

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6Svg.dll

MD5 3b75cf39102e5152a34bab94edf82167
SHA1 ff99d035fba6f8e20e7ea5fecaa3435dec919cde
SHA256 cc8fefc7bff06fe18e7994039b0943a26b3fed4d5c9b09845e464bad3adf4f66
SHA512 ff46d4a54e4b4c7915ee5172dc8e6b176039fc6c180cd49aba2308fd7143f49529f96471d0c7e7a0f9abf101600d4414a765fd0b9b7b80c5698918b1a62cefae

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6QuickLayouts.dll

MD5 8a386180bd4c11a96a1ff7b2a9b47320
SHA1 3a25f58ac2dd640469730045f77a1c8d36349c84
SHA256 ba807b732f8b380118a0dcab28aa75c2df3bbbe1952f0b14164430a7d348bf30
SHA512 6d0ccec63889f4d7b54aac8ed97e11b5ca2179ddc0174b0fdc111ef670497f349e81e4a5961abd1d4b260ad9cebd25a1ee2c5ad8dde7a9a06192c52152498e4c

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6QuickDialogs2QuickImpl.dll

MD5 1fed3fe9d304c1083e54ea30b383635b
SHA1 aad2eb155460089e8d6d3cb00821bac8c5d00e7c
SHA256 2560952163e1de8d982e669dd271bde723e32b2c93de6721e3ac6174fee91cbf
SHA512 1121193477e8218e9aee2fdbdabf5b43f42f922b2af72143240e013268b6ba1fa4a42bb13099c7ba6e190715854798488706c44158408e2ebabc4c0983f7b099

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6QuickDialogs2Utils.dll

MD5 0206f58a2b914da1ac21bec6858cd61b
SHA1 b0169cdba3e35229d29809e7da759b1fe198707f
SHA256 e54f5c10133e2b331c5da0095dbee0b3df4c0f29f2341db9d3878ff5a825209e
SHA512 98e390617a5cc898d45ab3cb204a9c9a688158487e1bf55f47f3e492d9a66edc9e47a99d4610c39834b2488d06a8c0edb634a703f0188293eec6094fcb77c9bb

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6QuickControls2BasicStyleImpl.dll

MD5 8a6e9a37ba9e1b09c20db8e36ceca0b5
SHA1 fd2ab3d9e63dfdaaad1c5e0913e8b8988920fbd2
SHA256 e584ad5196ba39477c82b53c4494e2634f1d680662366e13e9d196974f4b09d9
SHA512 462e37a8d7f49f15c62c495e4bef728603b37e3d521637c04c1f009b55acfeeb9b3f782f43795ead5a280663f086018a2197b665d82bafc275b3617b17e9e1ff

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6QuickControls2Basic.dll

MD5 0efd67dea0c545954384c802b361830a
SHA1 fbc6f799b9d048957dd58975a358f0c5706af5bb
SHA256 241f93951bd5354b645dc85db5fb4f886e7486f624bf007ba7d233a89e5e4f0e
SHA512 ede83a52bcc79014fc752360f2cc72d7c82cc2a4a3daf5764758b5a200c434cedeafa299012b4f47f84a38004f449493010faa7e5dfb734327041d42cdf2e0b7

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6Qml.dll

MD5 903ee7dcbc454a86d6eb9827ea627966
SHA1 2fd693ba9ea121e2055f12a966028f2264ce9275
SHA256 578afdb3822eac599b48f6e101a35d40744afcbdea8f35bf3c69b57004c8ad51
SHA512 042bdd2283578faeee87d8f338e47db5b138e0118de24fb4533c353e8a4c7f5d99c7dd6ff699a8d9da706dfc56e5d712d285e17e2088a0c56b531206cfef03ae

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6QuickControls2Impl.dll

MD5 cd9c82e899b96d90664d0fdbd3b9b328
SHA1 533d7cbd433d88aa815e530c1898d2436c5cf26e
SHA256 b1f431714c90b70c990378f4ed8d598f333125803a8f891b5f5d49d62f37045f
SHA512 539e7f6ba69be8d86187aca70af18e59104098a7979b2258e6a6b6459d3a40b34c70ea26af524d4961b0de3da6766ec672d36d6f8766b2c17758661e5d448b9b

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6Positioning.dll

MD5 5918eade11bcca3d515081fa588d8483
SHA1 a83686f6612786a3749431a810b90cbbea6e4926
SHA256 ed4660c36afabf34e5ac18430c94ef82122e770c28a3f71b88a09fff0cbe7a69
SHA512 78167e577f241d0ebf2fdae86bf4d89410c36043ff8bfea7544942d779297434e738db5c8d8f928d13244515d9fbf3535c8e8adbe99d351bb95242cf9cf73bee

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6OpenGL.dll

MD5 7e0773c305ab95833cb14884766fdad1
SHA1 566c5942e445e42ccda7766bbb2c7a5ec7219948
SHA256 5180dc9d9394d8c4de756d6e97e6f12e4f27639578124236589e08ba837f0d3f
SHA512 809599445c48b9fe486ad157891ba0459d446cc268374419f64650dbe2b11d3848d917811115aa11ad613761da9ff556a788a81cb2c5f390cf7150fd2fb75c39

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6QuickTemplates2.dll

MD5 ac8c3b6ea0500c236b1f78f7084bfa2e
SHA1 3d93090b8d5b4023287fad1834413cf9ea838ae8
SHA256 9ce15041acffb2a9c2967cfc8144f4353f26b70113ee7e0f12ce582fb6cf4a74
SHA512 269d7fabf3dd5819402a0dd7fb2b7ac81abeb775ffaf4995f00acade78cfca81613d89476638c110898e9e1522ef3c2a477f410efc33860ccd6907b27e1dac4a

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6QuickShapes.dll

MD5 70b3be941970285ab6c5df7da09c7995
SHA1 9e9cf814123537cd6b4c2c78821d639457172e04
SHA256 96c7d04941ce1e2aa053756c24cf770eb21d5d87488d12e0e52ff1aa23f2120b
SHA512 6a0094d53fd076e45ab445435590e3c36243517d97e31b054180298d9873d67986554be182e07a4c87f7ec03346c567ee2288e12d0c8bf7f9ffa2bebe21983e5

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6QuickDialogs2.dll

MD5 8edd41e58cc4203d53ff49d823afef39
SHA1 38dfd9301113737d4d6fe3444e048d1bf4dd3dc6
SHA256 bfb0dc7f2d715f203b19a0a39f16542f00892c7c7d2c9789d878f97b8e646b2d
SHA512 5f68ef40292ba9133d43b259fd1441813ec130b935fc6a664a892fda75fadef38cd332b4175dc038ff75e60b4285c4992c0e61f6267e2961a2e0b1dd32045932

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6QuickControls2.dll

MD5 c6a5d1d04232d1f649ecec45b6a3f01b
SHA1 3a11301f621170b0aada088753f83b1c917edfbd
SHA256 3e8892f343a7850884d88935cf67c28a97e186271c34d33dda7e5d0c83ab22ea
SHA512 39ca3971179a6b11b1293d473f82cd22f8bbe0819773c96d9c952a42c93cff12e6050eab6b5b8b618c66ee93f72fa0862d271c1318e30c305e1a8cb828a2303a

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6Quick.dll

MD5 59511eaa8c0fcb1af74123efd644e849
SHA1 3538e0948e97f898745b0abd268ce15c97d00715
SHA256 5deee180c5947e3370cbde40ca5151367d8cf48879fdae1d748fb1ee995744f5
SHA512 e2373982457febcb021e9eff401df3092d9edad7134e87f2ee6d0717da2df8ca47d7d089279c396502235a9ec4cbe748ac53a6613ee088f1fbd0814e49f63bf0

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6Multimedia.dll

MD5 bdd2401c24e694769007d290744fa00b
SHA1 b1d5b2333a643fa3010fd4d1de8a403f6a42f033
SHA256 d65d749813c1778264115ebd03ecccd87628dd1432a03560f13b009330459306
SHA512 922ebff563f4c9a2c04526ae9b3d0eb63a4a3e2a60bb3843c08aeded55f6cce4dff247ddb70b44ff31de9c6e49fd9af78cbee45b4b05b2b8e6264fcb86ae134d

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6Gui.dll

MD5 817b182e009f388672445e69144f8543
SHA1 a66cf9f9909bc2c4306dd7a6382965eedebbcde1
SHA256 cfce665b7c477ebff815fb27a9b55d0b629183c0cecb5282a87bad666d76daa8
SHA512 3e7ac5cf005a11d0d0e23084efce3256a342fa559c393f40bb81ced616898e03ebdf265fbbc855864d402665471010210d6ed12a2688f9fdb4383a0c659043b6

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt\labs\platform\qmldir

MD5 e49a668b90132546b4d746fde6428b49
SHA1 46870297a9a52118a50b846db083215b3233b2a7
SHA256 a56a9f3e36f099d7ecdc2d0f12bb1e4bca34f0c9b6218850a8dc676c29280e83
SHA512 1da70221873392cf25856a76f2810a0290c4ffd490cae22bc8183a3b165f645a10a2e47eacf373ff34bd1f4ec7d9352fbb814e52bc84c1bb514bc905c39134cf

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\platforms\qwindows.dll

MD5 b3c0fdf5e0c90b2b11ea47ac30d00dcb
SHA1 f0e77ea6359b825483807c4791cc802afe584839
SHA256 82886475a18ea367f9d409946c8d1ad99a6d926e20a40a6e2ff8edbff0dd3b4b
SHA512 70815fbdd030c0b174b186bb59ccb2705c4a9d5e04621c24f9c1e6908d0e223e7f5a3284c874ba9c3a34be92779ca3480eb6cfede5f4e2e40fbae59fb00432b0

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtQml\qmldir

MD5 d23134f3e810ba1311f1526c8e784685
SHA1 409d8050b045777b22529a814be8fc7daddda2db
SHA256 872dd0ad9c23701f8e551ca98f6b15b1551b3af0d4fafd2ceca61b328d45df60
SHA512 3b113ace75caee2268f196aef8c636482b3ec84de6055fccda50eb518bec03f9b4db2f4930177ee3d4e6ac896069a3bf27d596d9c45475428c2fcdb1e3f3afd8

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\resources\icudtl.dat

MD5 e0f1ad85c0933ecce2e003a2c59ae726
SHA1 a8539fc5a233558edfa264a34f7af6187c3f0d4f
SHA256 f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb
SHA512 714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtMultimedia\quickmultimediaplugin.dll

MD5 006ce437705bb2b7b296dec8d971fe51
SHA1 e0f334a24c8710c044f5752b8d958885a49dbac4
SHA256 46af14e6e6873f6c878ee68def05934a30d1ae4328bdf1904cba00d354322c5d
SHA512 a0ea63d3bbc4f072449d9a5390f8a4e2394ec927ba390084c786446a72c8ba4cce94f50caa910a2ebca8b70d8ed5148542b08aac746db2f18f2902c4b2ddfcb2

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\swresample-4.dll

MD5 7eeba1942a05fe865cf997fc90430093
SHA1 b63c26c162b77f80bff2fad565d07b34c8051310
SHA256 baa987629e36f324a77a8922ddbdea7652a3ae8b5eb55a0f03b475facdda8293
SHA512 e466a02df89336002f2f2cabdc1b9f208c150702c5e1b1679d5012fa791631b99443e25867940e5d60e812c64874a5fb2847716e6712ea6743b6ff8a36cb8ea6

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\am.pak

MD5 bc4c700b7c415ad4c92e3bef4ae7c4a8
SHA1 345931d353f78872bd3b516e2252acfd72c534da
SHA256 ee3bcc0a396a18e14e6ac1b4f2310cd6118c7fa9a317e67e273d5e2b8ca01d6d
SHA512 fd0ca4632c6a7c166c226c8f84f3a39448b3e21e7dc1404ba912470eaaafe2c891e435d5b2c3347a7017aa5bf34fb45cb74abaf1bcb8a2a02946681ec49070fc

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\el.pak

MD5 800026f5d9237f49835886db2c53b295
SHA1 8a957b90218585fefb8c11a7d7fbc1e0dab02cc1
SHA256 b5e5c07f0a8837eee32bdb0954c1bfd5ea48e069a7fb50a97610457bb2d96de8
SHA512 c75df40d4e5be9c56fc3c5d1b6a0c2accf08ff714c62091165ff892655fc8dcfa28f3ce5129adc004b270c04fa3f63188f40320f1f235e90cbc720651b730e3d

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\es.pak

MD5 7d3755aa3480aa469e6172b451ebd0d4
SHA1 f91b913cd06aac123678ccdaadcbb4f0cca4a5da
SHA256 97ed628a013d27736ab03547e5e68e25392e6b47d5b531d4fa8abbf1544a65c6
SHA512 8613d17f6234ab5cc96cbf870e63a6622994b10ab4d135255131ee57b1757b1abdcf26678b978faf49175db183300cbb09613eabac82c6691179479c1bf1bf4d

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\ja.pak

MD5 286a4d7ee7e011a524e8f4c70592d1ff
SHA1 f62452ecbbc5633bca65c6485dbfe9467333c290
SHA256 87831c3227dad088afaf94a2dd03dc66fe14aee7c2e031c7b7798ff4b11b30d7
SHA512 86bc78f53175372dba41be8ac4867f45e2d962eb3dab5798d9a71a22e450f6876d335fe347d07a86621d1560aa0538aa3c2180452f72076983d57d9db48d4c1c

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\sl.pak

MD5 790d7c9113c73b8a0274a1b5a43fd7cb
SHA1 e1ed463fbd33e0731bd0c27acbe6a72841643e23
SHA256 d56f8cc78078bc7904203c078425d7e5ca943509e6ccc87947eb866671e5be7a
SHA512 177903a73763eca159cddd45a7b24b01f8a8867d4edc2befcdfbffc69af8191f6f476b8d6ebe0b0ff330343f005478fd375bb083288635c1849bee01ec12edb9

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\tr.pak

MD5 0b215cb173e45ca6b3c5b117380249c3
SHA1 54713fc7a589a39fa51b0b724e3b79f6af82846c
SHA256 c85fc7d5f699150c5643702e694ba82f94f0e630730441223a214a9d9437242d
SHA512 7a62fdc6e19613192d4d80f7e59aacd8250181f92766603eb92320a1b9391781a7ed4f058094ef5b91aa42cb92a802b37bbcce95ffd67f654d9ff690a513a497

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\uk.pak

MD5 42f48e833a462cacf030bb0a0e9f9439
SHA1 31f08d6fec67b2c296ebf2dd2193fb8d4ecaf7f4
SHA256 dee2afb40fa3b7c6788b6d8e3a775953b9b0589a131841ad9b520f580cf92881
SHA512 e24ece15476c9fd77aa84c7139823bce7216fe06e7f8040db94cf46220cbe431dfd634696165950621961bdd045c0365287693b807f54bdfe5f28d56b6365f64

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\vi.pak

MD5 844b68e44ccbaac773f36d442e59a339
SHA1 915354dc412fd0d2a60f99520462720e7796b6c6
SHA256 8b98769b3b97df10ebed4f25a0b115f2e0b059e9adedebb96c444a71e2eadf17
SHA512 2107bf5ee8317c7c7e9b279255df376e53eeba56185071168a8246bfc50aa738329b2886711164eacd877c7f0bc0fda7137f766be03e7fd5d3fc3e93f7df60bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b7742262728f4c5ac1a25423f2ad2ff1
SHA1 d3fce9d65edc89913dfa7f31cc00c12f57ed5c6f
SHA256 9ba83d5e211e36d018e606b38ee9b7116b26f2715458059a0bb636c4e4047491
SHA512 8a4591167dcd1fad9b9e26857298c12be00c354456794d3d43fb79372d3e7fbbb223be292bab5e6d2f0eb638841fa706f26652362adb1b3585b62798b674ffba

C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe.config

MD5 1b456d88546e29f4f007cd0bf1025703
SHA1 e5c444fcfe5baf2ef71c1813afc3f2c1100cab86
SHA256 d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb
SHA512 c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

C:\Program Files\BlueStacks_nxt\Assets\installer_bg.png

MD5 08d091faf58df0ea8218d7e08140bbeb
SHA1 38ebf2763bd2082635a5971c4302021ecaddc0d1
SHA256 7e5f6998d34d56aeca87f676c12a42c6c4362ae16a753dc567aae00e253b0817
SHA512 5cfede2ea2ade7bbc4b63475af5eb52f78af567fa7096a2ead396056271b8745df4dc6e11e4328151ce59ab74c6c48fd49cd13e30f7f4b86c566757e310fd5e8

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\zh-CN.pak

MD5 917ab791cb4d24be5f369956cd059e21
SHA1 433a3aeaa06d6066ed55718564f5980e8c6d3ce8
SHA256 331e9240251d1191c599b09230d7ca9f8b11e51e5d94ff8bd63108512c0ddc58
SHA512 969f4662eaec6e3788fcc5823446135657b6816cd2419d8a3839acb07bee629d3c9ef69b2bef48856e16975fe31b7ee5d0d390ce4fd121a700d096348500b2fc

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\zh-TW.pak

MD5 ba9709f6d6363aa06a4838ac8344e262
SHA1 3544dd9c7ec8720c3d135b5df32e71f4b1c88983
SHA256 b81e24415243f7470f714379363157f2bd7b2d22e203ec5966878ed4b68140d3
SHA512 9ceb5e9340a3a38507419972754563823f0b3f808b39e17d78d8a18a171231100ed2bc0c677a75da16237219071996702dd7fb8a6a6dec098e69bdad0b3dbf40

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\ru.pak

MD5 7cde65967d57746972a785d73223a7f0
SHA1 16bddf07f603fa4281335a9f6c60e543aeefc0de
SHA256 2d4583e3bbe119224a4dbd80ece065a978890d294d0bc1f3948a10c33ea7f06d
SHA512 c4e9a364bb1b36685d03ee7e5f1e847d99fb875151023c7ab2da446ad5d91bb73fe84622cb46da3b544854cda755912262260b445667da1d018f597f52653bf6

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\ro.pak

MD5 3f570679307286594588bcad66a13f8c
SHA1 dd3d0a1d51ed81e8620b9625ea5d43ad513d58e4
SHA256 f916fe52080eaccab979a8b527596e7196acde3aa90b1f836801d9f7b90df1fd
SHA512 11eac14c5a26810ecfe9130ddf96732dd567f222499ca4c7a5cc363ba4e29683569e9abf37f4fe695553fece3dd9a97c57a84376340f33ac7b463c03f14a3fa8

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\pt-PT.pak

MD5 c21418f325ad1b9d86b7957b41ecbeef
SHA1 27fef99b33f81f53cbb63c326aa386957db177a8
SHA256 98e2b6e8c3e67da3a2069040330461f0a4b6feb05c6d3981d07b748ac191182e
SHA512 55c340510d92b938d2c696ed5c73ee3d54e9d931cc97ac2f425a83e4a25b2ebf48aadd8a06fd24902365da3ca2376f36c5339d8fd4c099aa3da8cd150a8328fb

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\pt-BR.pak

MD5 fc5c376e32878058c7fb3dd691de3338
SHA1 4791055d548d678c76fdbdd50c412273cf935630
SHA256 e2a95144584d124e754f20c743ea91ed31f96d375bd24df8b0df3c411c6e08b9
SHA512 ebd545258e4c4d1448bed9a94c5e0527df06527717b0f19edf83866673705859dcf13c53af8e5151bf50da024128da28f1d697a51ae4fc4293c9d9e55dae3004

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\mr.pak

MD5 69217e4bad9444e0b36b9dec6d13587a
SHA1 21d7c31c656add29346bf61cc5f01b99cac4c24a
SHA256 ec720a494da509c7f6d6581bf83a7194d20a4da8fd260c4cd5590399506fe89a
SHA512 7821f7291cd3fc1fcdd5a92cd189c5238fe2bd0806f58c2e6786b253d4f67924bfa63542511a40d88edc29418fc70db64206edbcaddd5bee0c0978200397123e

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\ms.pak

MD5 7321194b6267c9cdd0bda30e4203b859
SHA1 86a4f9299ed0ddcf70b44aa65427a752af2dae35
SHA256 47f77f32d6f18d95c15c0e4c04df8ba1a05784c8c671360aaf2db487520ddcf8
SHA512 6a831e9afd3d50c698b1e6ddd18f6ec95bd07bb8d3f4d6cfa9a19b65371a430c5c63adb5276f44d3e9a7c2b4e1502f239ee793ee5035f60f57988685a918c110

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\fi.pak

MD5 1fe6aff5d58a2e9078125a3eba51310d
SHA1 bcd0b0afa94a51281558abe598ecd6916def3600
SHA256 55fcad7f30965e07a749a79d4e304cb8aff79afc367c6870738b8dbe78ae3ced
SHA512 f6dcaa2890347f05096de8f70e0c657b6c4c8bb1e428f3ed4d31c942f214949745afd5216c44a7f5cfa875825dd41c683f1156583646eeb1efab570ea3ae1dfa

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\fa.pak

MD5 4003031412d00fd89eb2700e6be45b66
SHA1 e903cacbbcaeecf37773f1491db4be0c727462f9
SHA256 9915278c25a19420b400f28859c504e3f82fc8d44046d769e586d6b97deb44c0
SHA512 8e72aaa570652d3f95ec5b963a5fb534826c3b32b0ef88627bd099934ec849516bffa43e3e3cd074eefb53f63ae9c1a9fbc9df533da82f62dd099dea63cd10fa

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\th.pak

MD5 3c92d82202b5169d4de9dcee45708772
SHA1 4a7025840bcb20955c655528d23d41c155ba8fc3
SHA256 719d26daf93fb83bd66e97984cc907a55210e0cb0af3a226bec535451d38fdb7
SHA512 94c832de7b33e69ca8606d79ebc6a0b0b37bc61ea5e5be223bd639b9295300a9b1ba2b75860949fa7d452122bdc81f402bb8091035e79d5b2761566432ddeef7

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\te.pak

MD5 ca628239fb9568e6badcdb848bf764de
SHA1 c2d6324d2605a9e6186cc7e8dd7e341bd08010eb
SHA256 294f64705018a555ef7d76f82dfd783fd81d2bcd99d521841be0f2d887e4d3b9
SHA512 859d07b604081925f3277d49586af78299313ddda6abe280dcf3f7be4d10a1ac65ab23db61d9babb35850fa48ef27b9aec942b049701cb251bd7c0149dc655f9

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\ta.pak

MD5 984e4341b5b8077e4d0c76fdfd14785f
SHA1 2c41c6f0844c8e321120b8bd5808594ca686c03a
SHA256 3683217dba2149b98f418cbe50920561c6dc7d702a85dda98efe8981da669585
SHA512 29823eb9c37d7c26324536a50fc80ee985995be8f0e59b57794c965f3b06b3e8d1fef6253b9afb4c7b8ad89386ebdeceff5920288b8ff7d5a59e626e4c9ea889

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtQuick\Window\qmldir

MD5 94ebe16c3ede17a27d79716cf1b00d3c
SHA1 34f50446b26c05a86018c2fe587d0cecdeb7db29
SHA256 cf518c3574e25f91acaec7ad8831e28c18fccfe15411672ea56809b2eb94077c
SHA512 f19b2326600b902bb124a8c5b07d70ac2e6b6f65a02be9bf7f95b7641e9c44ca3faaf3a409b5e47b4203fcd1fa62eb49ca4f09eee0e95c7806428e58971ade6a

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtQuick\Window\quickwindowplugin.dll

MD5 9703533f14281d6ddb3635ab0fac97f7
SHA1 bc26999f82b97e56aef84fff6b2adacfeccbfb49
SHA256 9aea4a0ab67426a0ca989e62e8a5cd8290cc169fedea5dc6912be3d32144ab0d
SHA512 3a4472f522924f3e9a930438e514d034141732d9c0df76961dfc8ff4d8059ddd89fb89ab85bfabd5ce7493b15d3ecd4ee4b61110be4ce9cc011aac1d7612c938

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtWebChannel\qmldir

MD5 e0e05541afe2a4120f98b955aa43f663
SHA1 8ca6194e64beef2352bd3df18770eb7cc478744a
SHA256 0d728adee8ed1308524a8b3e5234781d8207a15dd6c738b74e62246f9679d21d
SHA512 0333def621780792272b2c9af8ffab76ada8ebbb4733ecdcc6353cbceea94b83b25c861f424b9d5e37d4d63f198da76f58ed6d77196ba29483aaf1dcee786a71

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtWebChannel\webchannelquickplugin.dll

MD5 42d0cc66b8adffd8db1c44d4c5ebc188
SHA1 092487413fe9e4cc7d65b7fa7e7540a4f5761055
SHA256 89e99655ed1de0d8daa34f7fd550509f0e64795ddbe4c866c66715adbdec97e0
SHA512 fdba365a2dbf7dc34bc67313ead8ed406f98412d87cec2f2c95656861c61e606929c15a834a9d8b8e339b11fb8db2deeec617a82bb4991b3f3cae268ac6b0786

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtWebEngine\qmldir

MD5 305905ee8126ed39d5f4b5312aa2c99d
SHA1 46a27e297e6fc3846f64d23b6b54512c70ebe1cf
SHA256 9ce4a1ac66b6a7dc6950b0abf7040117c107aecf0432ede1d015d45a8883bbc3
SHA512 2b2c9a56f77f5581ec3758622ae47adf28f790a68da61cb1759af3ba2c6c1906940d2cc9707b2ab4a2b564096dd144eb4eb453a864e36600a7ff8457be13becd

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtWebEngine\qtwebenginequickplugin.dll

MD5 fcc2017d74e088cbac65104c90474063
SHA1 2b4d32cb48be3cad1f2bef4c6786065f5fd0b733
SHA256 cdd3e9f9c1dc7cdd1f20b0d932064f69081e84aa32f1061322dd84d4136ffec5
SHA512 83a53d4cf8102131e2d400daeebe700da4964d80262848a72070931ed8046f2831f2bf9d37a53917ab36d25a31efc7f96e19a9495735d9985d32dee4a7afbbb0

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtWebSockets\qmldir

MD5 b37b47dc81d0ddd5733d3c3df54a0ad4
SHA1 de3b51b3fe652e502ee44061552affcbfe6448c7
SHA256 4ee99fa9bbf2dc0c4526df9f10c54f7833fb503b508e6b2cccbe573b422128d8
SHA512 f3111cffb73bb28dc43afd5cb5ca6ba2ce68620ec363caeb7b86275def0f06236103f2d1753c731166d222918b0fb059b73fd5d6298a1a078b91a5ac038debb9

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtWebSockets\qmlwebsocketsplugin.dll

MD5 6162f3f09fc11878e4850c1c0ca57d06
SHA1 c454f1985b65b8ff64ff133c559ed9528c8cbbc1
SHA256 0935f9f612bfd0fc905e86535193663cffeee560a8af83433bd67cd7291eed1f
SHA512 7b5ffa2d36938585565954b564abcabd15ea3dae56495b199f09d51bd92421e2f5da26e5e99e6a79dc24b5ab73a155fedc147a347aa4eec77a0d88114ae74f73

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtQml\qmlmetaplugin.dll

MD5 852714229daa6a278feb0d01f8e34375
SHA1 92e768efc89624434a610a7201721e74db49f0b5
SHA256 c02b6e8fa0a1b93c50096f56218d38e0d15099c7e1b58ddb31b24951d3e1bcb0
SHA512 81152863a5758f73ef72f852e4435d5b147fc130805272a676dfe3fa415eddffeea9193ae70e6834513d0bcf09cf2881bccf18a98404f27bb3b84a1b466d49f9

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtQml\WorkerScript\qmldir

MD5 2d775cb02542905e995fd826dda7c026
SHA1 64ecb2070786b0d83f8f01b4f0fc8b44fe0a191a
SHA256 516dd5663b9e122cdbb2d212509724ccbb826b0774b1eb08cb96c5f82fd38ac3
SHA512 3b2aa32bac27b3b384a518926d4e26d5655a4434a907b327cecd61a0c25ac5931f81fcc49d16d0b25cfc00f98d346bd269310829c6064a54df2664c60f43b718

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtQml\WorkerScript\workerscriptplugin.dll

MD5 9db78074c4e988c40441b7f318d31a29
SHA1 b507f2a12d6698cc4acccc14423f8adcf6da5dae
SHA256 e478700ec9dd0f1de166f43eaa408a38b9bc2f8b994a80846649ff934d8c0e07
SHA512 917bc4a6f347b81e0b0bab1b6a9782d0a021771b98684cd9f9c2abedf155491006a01e3d56b5265a01ee7aea17965bdcee0ba290dcf92e782937aa816d2b041a

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtQuick\Controls\Basic\impl\qmldir

MD5 d6b02bd0093c8bb00347b387e01be80c
SHA1 06ad73d6ebf391957932c537f8b933ebc82d1bae
SHA256 89daa248ee0544aa92530173d3e969d4c5b05ac2122d836173cc50d069805cc8
SHA512 3b0813529bf0b1fa3541798a1c1b8a738f13d0a3f769b0d49aa242aca18b5ba8bd3e3e2746ab7ac0d5cd680d916777814fdda5420bd31bdeed270be8e4428fe7

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtQuick\Controls\Basic\impl\qtquickcontrols2basicstyleimplplugin.dll

MD5 5bf2a01e2dd7ade5616ca79170a8d23f
SHA1 cee7440be25c58c73600a50cb11bb6fac7136a61
SHA256 554e784f16b2150058eaf4cd3003c018e980b4fc5cf93ce1e93f3eb14fbb74c9
SHA512 e42aea99eb87ea4a2bdd815c95c53b91b80a0df5603d7786e0d9b1c3fb0031a5670574f9360f17c5fe35582118e73595f4a6a5f2b830dcce32a6b8aeeb0329dd

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtQuick\Controls\Basic\qmldir

MD5 3329231d19c34ec08997356bd2df27a2
SHA1 9f7214d9f3b15263ee2fee5568a9940b3b023a06
SHA256 142346c196c2b2674fd0f0e7f8c1fa23fb9964bce47c02d5029041d6a9248c69
SHA512 ae9a06615a5037a46eaaca120b4ccb176466d8aa0472fefea59dfcd7d83e5d05a1773f941981f41d268d8fafa421cb0f1b21bbb28e3918a3f548603a1a939c67

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtQuick\Controls\Basic\qtquickcontrols2basicstyleplugin.dll

MD5 bbe4d4b6f282dcdf020edea17fa11234
SHA1 ea871074fb5abff1baa4087f1aaa6409f6a5f10f
SHA256 4907a1cd4ad812637b1c5f7359b12f1219c462962eadce8e6f8472fbea628104
SHA512 50ad4997a84da6c272c79d3dc820d83438d83512f5c35c8250e319577863903f4a8eb4a2e995b6c3d023c15aa5aa147f8345ebf573dd5083746bc25521a57524

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtQuick\Controls\impl\qmldir

MD5 10b88077e9248124cc7eb9a17b5d6906
SHA1 a519e508367c7e7002fa17fbf1be61a0c7242e5a
SHA256 d968aed9b217c5a95b8a0d3d3f48635302696b9b2f5f7e73ab16e8be6a9fc66b
SHA512 90c735b12bccfc14c8583450a7df0e0a8a0d56173e2ffcb377aaedf18e6d9960b5b52ad53494da8a53c69420175b56766a0cca29b096dcd2918c533f7cda5ab6

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtQuick\Controls\impl\qtquickcontrols2implplugin.dll

MD5 42cbd88fe9d6570f24b4b517e5f30694
SHA1 f7109c9ca08efbd9040d983b3f7b1f6bb6c4b1d0
SHA256 0736118554729f3a01528082c106c0717f92e728dd93b4f9761e7d39b050d64d
SHA512 0f6e8f4c1b1d23197608d1a35827665454e3cc439b2ad80c6b358a8238ffbe2128b5196635e2f78f0ffb0302958c1b7a54eb0e8d5309a91c1ba00ad123093101

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtQuick\Controls\qmldir

MD5 a098009511c5c0a59833180919453a5c
SHA1 90ecb87885d6fd7aa15cafd2c8d67a68c4d43f25
SHA256 9fd5547623ce4b95247351517534bc5b4b29d43f36f57b7f3378b24acb58ef0f
SHA512 63ce67b9f9285453f5263a6b1ed612b9434c804cd0097ce56ca31448a45ddb7befc592f2901b83e66211b33cea7ea46635d9213277eaeec8bfd683ab65e62c8d

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtQuick\Controls\qtquickcontrols2plugin.dll

MD5 603a83e1eb93e0b4e1c7fe1b768fd105
SHA1 3f5d29c06475ec16b7436a121fc23ecd861f87e8
SHA256 932a269dd90d509b03f32abdd2d2008db697f4750df47bc25eb6b02e965f836d
SHA512 0f39d3091eb96348222a935f567509c7f5edfda74f7481453386c3e7053405517296d28cd264872fd1a50951d3bd417b4a40df24dfcd425d4077a3a78d4a0080

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtQuick\Dialogs\qmldir

MD5 82ef8bdd05ae26b81ed33e11d06e28d7
SHA1 18fc845d32c1deca96d97d47a5a6900ab7f99747
SHA256 6b547b8e506fd70e034967fa4678368a515dc8e7cdbbdd0fd2b1f263b28fe46c
SHA512 4541c30ecd7178dd6c238a99eb3f0a9fa46029e2366ae3eb1ea9684619038832534e5a4b0658973d47597ae7bbd6e344c8cee2d74e1126c2657a6be8048cb393

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtQuick\Dialogs\qtquickdialogsplugin.dll

MD5 3d45a03c422d0604517d735180f32b65
SHA1 cdd53042670df5cbd2a94b595553658ce21ab2bd
SHA256 00edeaf6b5447c16654d1e8f010d882d909aa2766afe44f4b6e38b260a9928e8
SHA512 54e288db318376cbf782890bf46b51160122e69fe4a6a61cd6ca42b614c37ca74d38f85f24717ac78efafb6ee14d844a2240dd94a41597c09875d7d651ee3e6a

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtQuick\Dialogs\quickimpl\qmldir

MD5 a732e1b574ca5ab3590b8c6d6de8b2a4
SHA1 0bfcf7f7af86f82b196446e0542c367f88023f24
SHA256 947b7856d7f3ac5e731045d2627973df06744aab3ff392248ef2eda5d42a6279
SHA512 9dccaf5a9258c8907d58c0d72c9ba315e32d4878d3d31168a58e3e5c4cad234d34d668f6979d57e9e47bb5c5fbed538f4e4f7009ca3c17f614f7367addbda4b5

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtQuick\Dialogs\quickimpl\qtquickdialogs2quickimplplugin.dll

MD5 abfd86b2b24ad23f3aab3edd952ab053
SHA1 3f82656bff4f357ea40787d43f9610c9e4a2337d
SHA256 c5ee749b4f347a1e00b1f912ebf5e4a4e6c34ffcb8877b5db556742b0c46eedb
SHA512 9768741702df37fb2bccade5d0118c114cd6440bff1bd7e76801a51c34c86b82e681cb4b195cbfceb4cb2936c81eed0b40b14507084ffbbe653b1e0f68ee27e6

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtQuick\Layouts\qmldir

MD5 59476cc514bb3c0e6d94b0450fde47bf
SHA1 ceddc40c1c97d5f88831e76460afb127b808fdde
SHA256 be7bc0d0defd3037fd4493987ade323210f191bad527255eb32d1df15b1b8edf
SHA512 3331f35f7c6c6e278192017b73ead6802ff1c394111c82c061120cfc7cffa365c407328a5b31d239f847fd3567ecc2afdb3f005062ab948c504bbbae21a381c9

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtQuick\Layouts\qquicklayoutsplugin.dll

MD5 fe46bb3ebb124f1a49f3b057f53fc117
SHA1 c0b2d468629ab2f517d8bf91916b3d1361526a2b
SHA256 8b25efda99d9978b84c99fb5c63b423ebdbea40061611a835cbfde745e6892f3
SHA512 74d428d7737f6d0ff723c92ef680f9807c8b5eafbc472a3ba021217e0d61e74847930c7a46e598b39bd8e792c205988da51b1776076a2be598dfe1d316798863

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtQuick\qmldir

MD5 229c819d9d388357c948f58e96513964
SHA1 9580844569cb3de2d0f728695d9c83c6713d5c74
SHA256 137c386f9b2ba49fb3a3417b55096f6f1bd15a794a98613a862b490a6fe4fa79
SHA512 61fb9d95be728ea658b31b137216ca2db2a52ae4523ebac1f7bd7b20fdfde4442b6570b03c7defe9047a96905227cffd0160a6e3f42940e27ad58dbf3b3383ca

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtQuick\qtquick2plugin.dll

MD5 0c90675a28d95f6bb1050b69f6477de4
SHA1 bb8518a467430fc41322060361534ae73879f362
SHA256 e9f4fa73ea93efa6883c8256f74e4351c7cf808db721e0e1d49d4f5af97cdcac
SHA512 c338061443eca85503619b9b9e5397a480ad60b2478cfe3468db360c88d0d5f938fc577e5393d8dd4ae8c40c335000bda9a7fbe9490f112a5ed0d2346be0a605

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtQuick\Shapes\qmldir

MD5 29545ca5555980969d58494c03e810db
SHA1 b56a6150c8d39708e502b53d2c7535438aa02568
SHA256 de2dab12c07574207db93315ebf5bd6ec6656d1aa506df756328f73342b2a7f9
SHA512 6715f3b9f144ee65cb37cc200c1be14a827cc40b6fbc47e456a5ad04eeb751f69b1cdd8d4c3fb2a5ace30173c2d61b6633958e7b8753a2c6bd9c3d27275941fa

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtQuick\Shapes\qmlshapesplugin.dll

MD5 cf18f633aff01189246c1a2b257bd8e4
SHA1 e782db1781c57ebcae62b01d594ecc81022e6379
SHA256 6be600ee9189a6c84e35eae24e91534ee5eecfdae33797e15472c6ffc8ef039c
SHA512 78473cc3e4d2cde99759988e47d4387b44a5b34245d59d0b6f2dd9206f96ccf7aa2f06d841c546fcfadf239fe0a6d1cc8d775f74797328bc4bdf2746345b43a5

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtQuick\Templates\qmldir

MD5 d6238b74f2a445964a7f223b96bc6442
SHA1 a7fbbe96872ca73d293470ff50f4a0a7278c10a7
SHA256 60e185a2a878267d15f2b54f6088e1bcb3c7e66b67ac016b121b9e79b305a9ac
SHA512 5cbe2966e26f6ec1227fc36e3baa363fc9997e5e2322100d8f7dcb0faf520d18c210568a7682b85156d5d73c90465c4934e557de08d82a1ca95989eca1257d2e

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtQuick\Templates\qtquicktemplates2plugin.dll

MD5 d804c42ee7783da45affec5016be7546
SHA1 7128d899253257f14829ca2f28fb9b7606f38d15
SHA256 e931944d5eb53bd373d2b4dc9e2562951a44e49c40e177670aea7735f3a3497e
SHA512 0508477329365f2bc49176d358df4c5718eeab85ccdd74a928e2f8df23eb75203115980c6f3b9ae948cc3b9f3cf434b27784933ba36f89f43cee9ea77cec4a02

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\sw.pak

MD5 a76199fc5387610c34c10fe432de8ae6
SHA1 78beef278932682c53755d2ef2ec7bb702920fa5
SHA256 8e37295c46adc0afe92ca7f4a1a2ed52a97e14423d11eb05e8a14b543493195b
SHA512 68990913627bbe34292b65074f24f399c0172282cb6b55a631b2aac1c2b12109135192f8eec22be5e533ebb25a590a69d91caa4c8bf304a2c26e512515610eb2

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\sv.pak

MD5 bcaa22655669b60765b38521b21da875
SHA1 f34e37dfdb5521ebc332a52baeab8c568722ffc0
SHA256 9ba97cf45ed07f4b8b3304c55bade120fd01f6ef0c2d7685765151c40b2b3acb
SHA512 9e8d7d7d58ee7ef352d850ec14e22f5017c0059c66d7ae7ac7b3ae26a0c5cb7a11b90318e5cf189e2732928f658868fd5e13596369513ae45926e9dc1c0e8ae0

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\sr.pak

MD5 ff5e1f8f679fcf45ace4b095d23841d0
SHA1 dcb7cc4c3afe6a4c9baee3cf7e2c900f530ce3cc
SHA256 b8d0bb2ef02f21acd435e4e969bce77b7b3410263763d2ed76a2fa73120e5e1a
SHA512 fd4940cc1e3106eb73b35ce13a63556e5eae05fe03139dad255472d25d37a223f25fac85e5e45b468383edcb174e3d8bd342574b0a55ddd27bb530a1ca614a2d

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\sk.pak

MD5 097248216acaad35198b979dd2bee4fb
SHA1 d8d51024575138afa55217960a623469a7e65cb4
SHA256 c7609346fc5d8cf34d3f6e6b5fe4366f6eac06731e14e6453b7820f02c21b635
SHA512 777aac33755b874e853f5f2189babd99d0d9408d182e4094f27af26f4d451d8ac3e6efa6892307f90c51df7008394f713d68efd76ef1963b8593c201031b8846

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\pl.pak

MD5 1e6a60b03abd6dc4f8c869dbc774b680
SHA1 f3d02e9d34dd05bec55fb69846342282b32ab405
SHA256 cc4775d2d1a1751cd6ee4de5adc7d4a13b079e7b132898595cb2865e0a57c823
SHA512 54c2d9eabc73ca873314336df35e5c38302dcc78da5194b097cf16c0bcf3b64ef4a9bf7230ea7367b23fa9785d1a2b94bbccdaf0f38eb45b3b4226f32be5a2eb

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\nl.pak

MD5 a17f9d1ecc10a7da391a2fa71220e123
SHA1 025d8fc0ee1eba270973fa2ad2f10701bbd708b9
SHA256 bf1b04e7fd896333e4e2ffbc411563d5de30e4c241e3f7e0c60548af1310bc1a
SHA512 47079ecc377e85e907ee779a332fe6dd8e66beb39c94dc0643a8b5baa400b97285b42d727ee32efe88fae26ff59e18671974766e9ed9b744bb7df11a3c5e74b9

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\nb.pak

MD5 bd58803d4cd991cc7b562da68428867b
SHA1 fe36b791388d2a1137ab2377b72272fc8dacec82
SHA256 43fbabc2a7b4ab2dddd00fb511aafa241a9905af40409b7c3f54210b6152302f
SHA512 6f546f39fd47f81e73bc1de8e105882c91b56d32d6517ac115401f173c4c7202d8db9de72bd131526ab54feb3aa3745d8550c2f993dac211b14ee99d71d4801f

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\ml.pak

MD5 3f2d7238334e87c1dd28508ae42ce499
SHA1 f368408c86e61a2fd972876f659247dc4f1a2090
SHA256 c182a95c3b75b2bc5795bba0af6badcb2588ba2d84cd68925e75cf5ffc0168da
SHA512 5f0ac10d7fa2e6fdb0d9f8fded6f055febb1a3926013e28db108f8f8a8ab8c24216329f1d4b0e8bfea6da9220294cccdddfab810e60253455e99d52ae26bfd44

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\lv.pak

MD5 84509c858c9da5347db91821960af8e8
SHA1 2e4edff02a0e429a9f4a633cbe3877e5ad7bb38f
SHA256 624c7917250b498c2e643421212989b7dfaec944d06a5a0954568f8e9e90b0b2
SHA512 9aecf65282432c8b7bdb327f373b715a48438fd1730bec5d2e27270810b5ec880b98d13e8f4a0586a420a42b700feed50abd844fa7e3d655bf9f723bebeb8365

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\lt.pak

MD5 82c786051cc71dac807c37fca436a91e
SHA1 7c663b0225b90bfb1dac4cc10f950349c0281b89
SHA256 0050421881174da761b3177082de0862eeb1f20165169eb057ee74fcbdf95eee
SHA512 dc8887aeeb5d2f88f5ff01a2b417c7f8d471ec386adeb848f4af2af32c97152eb9bb50f7c78ee9cc216cf64821f761c2a25367e96eb2064e4ce2d00021c7fa4c

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\ko.pak

MD5 bd258202d84cb6cd398c38eb444d7c13
SHA1 4b03cd62fd99f107dbac2f600130ab070cdd7e64
SHA256 d1e47481b8775c11c7b4b42fd73c7fca614e16950581e892ea739def6cc9dcbb
SHA512 0a0ea62530b9e8486b8d081057174b0bb6211f5ca4e23f1db4ff7316d252f4c1ab09803c33368b1c068045341d35977b1fd8d6b18efd068928b170d7adfe34c1

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\kn.pak

MD5 3638bfec55b3e6146eaacff7edac9976
SHA1 0aac7b431980d1df51170c2ab5e5e960604364df
SHA256 77b514e529b8aba4da86653bbfae0fdf3fc4eee0d84caf40530a23bfa58d790f
SHA512 477410a6ab9db7b74e82e5de5101fcdc13a42fa8c9a9437419fbebe66cadb9b57d61930a3938b53135d90527419f30bcb5381997cfddc2cc51f65b121b5d5482

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\it.pak

MD5 84030ab6437d9279b2e93a4e83ab5d56
SHA1 7cde75bf29eeeb84c6226983130e7fad0442f777
SHA256 6f1cd9d09ec1be6033bcb0c2efba08a961214f1d6d7a9844b88e7d612e7a1860
SHA512 86aefece3ac2862144f997ab3e69b9aed98be5ba5e9941baa02600ef63ca7ab9099b6e083f3263d077e4cc014df308ee8231c0268c06ed846f6c59f6f2e6460c

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\id.pak

MD5 e1038c2d0ea1eebfd9e25dae192a868d
SHA1 6be7fe8751880e14ed8322f7d29794a8cdbc7467
SHA256 3134fa4e6e3745d206aaff3d8b4fbc289ca29b687ef1d8f16ff22012efb3dfef
SHA512 5dba90a2850b2851314620be62cff5d593a048338cd984731eb4d6e5e77d806296c6e1746b5a7c08be19beca1695ff418d5cc9e1b84fcf5dfbce5e7953a6bdd4

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\hu.pak

MD5 10f85e5fede463e2486ed890a561bed5
SHA1 bd0113b5573d79119fbb15d053da17fdfb4e2d50
SHA256 2e6795aac09546926d93180082a3e4ef64b08a18ac513d79493ea8fa168e9cc4
SHA512 cac4858b1ba904d893250028afc8a10bd9ffa99c7301efa0448e316585a2a817db1936edfd325c1d6dbca5fa21af0f0a8f4b8ec0c6506df035d8d582688eaf08

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\hr.pak

MD5 b556be50b983d7d62a8f44dcb24efea5
SHA1 6c6840dfdf83a69dde3536e8236358c32b6a8535
SHA256 155a03a996003ae7cf7ba22894b0fa479f0fc6a04578baf6a888ff1b2e8473fd
SHA512 4dbe58000c5fe799be609597078535f321e62210dbfb6ec6e9613dfd569e04b16dc305e5a827c6706acafd250fe5c00eae2f24e9784ec304ff5d0446c194f847

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\hi.pak

MD5 248182b1fe577681f70dda64b046e120
SHA1 3c3f2726be0921121486f5dee10886b74cb37556
SHA256 eef6fc72fe85670200ca23656e69804d9d02d9ef3d0c1ccf7d129d71474ef400
SHA512 86365716669d960fb67e96e0ab903e1412a7c5387349b49cdbf8d0ebcaf118c0d99c93df0f166089f32aae2d0b5f2c2e34734506f6558c9a8819729abf7f55e8

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\he.pak

MD5 3d3d2134b30ef1d443e07250229e2678
SHA1 fba103c120d78c07f3000ac7709d3681688809a1
SHA256 4dad9b698b48ad90553bc3c82ce8faca6e4f8264ec6ac5b9e1bf2cd20f2ecce6
SHA512 c806b7f37d87957904c5f0097fa4951874a115f06392857a482ae50af6b19178acf478296a8859d031a71493960e7b807b6a772fac04bf56f88200d93073872a

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\gu.pak

MD5 e3074b687e6a6deb35bf1400caffb425
SHA1 5e524e883b510a67e05b1ceb082f3661b5890341
SHA256 b558039d718858f3a15ceaf9c2ba5a89282bc5f6f15ede43a1e552fa458114ff
SHA512 489d922276ee9e7f42ca0d003caefd97e62abdb712d678d1cb8e8c756be707a1d07ce080201c6957b529c2b7a9eba26e7d0a5ffe7251051721ba1e44160f8fb0

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\fr.pak

MD5 c63cb62bf919064b0b6326a0e598da50
SHA1 b3b09ede4892391fcfe51288e55d9503b8848aa6
SHA256 5b88cebd089e9bca4978cb9df076ed06f97fd5f6d496f6a47ef6d42441726566
SHA512 dd51706d7150367303dba7c99029d5468ecd1d57abdb28c1688b5937700547e14d707440b12f2040b4120cbd0f4c4dec67e99f175761b58c9f14581aa0e0923c

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\fil.pak

MD5 3a9fe4cb75cbf95a747e4a98e9a5134b
SHA1 1a39f169d11ee06ef63c028a7708af81926d7918
SHA256 af5917413713e97363a62aef1909cf7a800f031ca68bbf211cb243032a68b461
SHA512 bd2da49b2b6425708206aa4607a1c40c4da68847becf59ed9092ccf16a79f967c58428d2bf7b198bec0441358ef05141a56549572e206355a3bec7ddc088038a

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\et.pak

MD5 03aab03a3d067c79b8ad078af1aff9f6
SHA1 c5e402fa5b148f09895bfdce750033fe8e5c3e35
SHA256 7b301a55543e15c5255db083b7156a5cbb1bd7669c863376651e7c536a0d3c03
SHA512 3fbbf675a1b26e92625f30a245b92c80ab5cccbe3559e4d79bb81b6bde33f796e82e128bbfebfd29b324cb6a0718edaf4fc53be28648366288375fe615079538

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\es-419.pak

MD5 41a4b6343b952185a4fada57ee9fcbc9
SHA1 e2475227c6f62da6f8a1467b2035f89d9741a132
SHA256 803dd9d993d27ee7ada530046f6933dc5eaf35af1e43cb678b1f82e41375c5a2
SHA512 66824110cff65417d12a46ca3d6c42030038dcf1032aa6dc6062323513eb781778851849f84f37dc0225f951be29bc94534a33f74647910bd4ecabe3edfc44c7

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\en-US.pak

MD5 f70ea9666c4b2d503da8e0237c46eca8
SHA1 f150561cbdfefb7327b9824fa3a291c792a44d26
SHA256 2ba506930a8da5c3389d0616ada76630dd7f41d5cb8ee850f2406028f015d3db
SHA512 e8e4b03c6b1e5b7c6ae082e372f903bc78f61fac0c2308e7c716b02ff2f8275eace5f541d7ada90b9fc6d33ede29008fdb3e6994fdcbc736a705244d360eab98

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\en-GB.pak

MD5 1d94e3d6893a9f8e54962482186ede36
SHA1 357a64334864a48d72b7d3ac8969c28fab065505
SHA256 525d94f828b967070b72e6043e0b9d1c55364b382be1f040b010b90a41b6a815
SHA512 3be8fc06e379df5d6389547a2d3ca122f367d8092c00e87089b23fffec60e6a4a8b1edc281bd96fbbaf3ff02b77548259d44edc93d7e5af46b0b32ce78f2efd1

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\de.pak

MD5 ef63e015c168179a884821c9db90bfe4
SHA1 2dcab43076d76cd723e6d01e99fc6ac30271eb99
SHA256 4fd6c23374b3bb860a705ab343bea2905cda824953cf2729f2da7c86ef314f99
SHA512 de21ce56b1f47fb42b671167265b8d493f6d0d27cde4bd97e1fe6d86f26ca07208a864b47b0d1ec7a3b2163447791c986e71fda255b1702f2f0f6bc7f50235f8

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\da.pak

MD5 18300a43e13aa570e0ddad7205e4c528
SHA1 3a13f35888d22437055347ec0fd8b2e67cfbef28
SHA256 dcf563b44cf1bce09dfb017a8e51da2e5653e834e312e7d9c3a868c4b90b5a7e
SHA512 a1c4d8333461c723bf6ec51622759f9a7f3a89ffe03f63b3223d296ff99ed926d2836c819b5ac4da2cd33eddb8adcabcd15a18d5c9bf41d399da17c9bc65702d

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\cs.pak

MD5 2fa44a92c2e2304f8180f703e2363d2c
SHA1 73ffa3b6999acba487a76b77e26d52d10a4ff69b
SHA256 6e6e158da321c3914399aabad1bb68f43d907e21c5568c182ac12539ed308672
SHA512 3377284037652bcd9a7cd1b9397e0c7acf084c42c7ef5170cdd92c8e1eb2005b6cdd818abe6b9f24c1cea2c10531c1571c351f331da42d68320267197b1d21d1

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\ca.pak

MD5 dd10c97f6c8153faec769dec63aeed67
SHA1 37fff3ede19be23bc01c4d297372ec2a4f4338bf
SHA256 beec5dbddc73c0d80faa6677298f002c52dad4991deb5f533da8f07cef775be2
SHA512 a387606c54404e2b07db9541d23124a3d8ccdfe6e3f6f27492f5bcaa0fb5be4de59b50b3fb288c5261d02b719e4ec05ec767e53469ae96e6d943a3bf2920f412

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\bn.pak

MD5 e5bfbba7a15e8d989257ab6f4cc65550
SHA1 40726da19598b58271c650311039ab6f7d7f2bb1
SHA256 9d9bd667d75539698c1e1febc4f0d9f37accca2cd0813314fde01df8d130a20a
SHA512 7b26b407d51d27c73e3337e8430ecd5e53f07293edbd3865774f0cd76efd615d4d699bfce6c05ab3d44ecab6fae13c80359f2ea94a08ffc1d822d10033b82ca3

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\bg.pak

MD5 fcae54e530f1c0b4cab64328c89e4128
SHA1 bc54613a70daac0cb08dc938ba830a3332bf5656
SHA256 bb6107701d4184539f914a33634ae0300d0a9e2deae979b88a3ece53605c5179
SHA512 00b32d37822a1bb74a8e7fa22157b5034655c4be523df9060961bc81637b554fa78b3033b51253c2be9312e0caf3a0e30d8794d3593e038b24f8adac87f64322

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\translations\qtwebengine_locales\ar.pak

MD5 3368204e7ff3e30e61651b6872f7a6b7
SHA1 ef64940a8b0d955e4f2c441a967166fa55064137
SHA256 65266af2212453cc9cab96296a516070375924119ec55754f41c8053af3d8048
SHA512 2d0b4948e191a22837ef2dce2db59ccc12aa111ec378de6efa7281e875e98c9c160adb94b4b373e16744b65aad5c85eb1fef0fc7a12d2cb49ddcabdc95dc6d9d

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\tls\qschannelbackend.dll

MD5 a79fdae77d68c47599a2501224a1bb1a
SHA1 11d3bf27e0e54eab9c8cbba8639e37fd6c2cf647
SHA256 8a25fc4b8d29ee934fac2a26f85f98b82eaa4eb5b0ea924a98bfe597cbe7cd71
SHA512 5c2941da9cbe7973abe90d25b4e5e56a0bf94d67d43c0d5652859f032146461f9db5b0de5580e97abe0de067aa82bf213ae32b98c90ad1ea3cf25d5bef0743b5

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\tls\qopensslbackend.dll

MD5 2ce461340c36cefe018d18bcfa0bc943
SHA1 f4116728002c0d1e1667af27b359ac0d90fdf356
SHA256 d78806f6c92310172e095240b112bc966c60c7a34eaaf3aac8497ba31e6cd95a
SHA512 ca0822cec7e6f49a2d9f8ba889fe28d5309de4b6f25da585f1fb4d10420a815d2817f3e39cd82207fbe68e755ee98a9700c6053d5950e3442d865fe0eb487893

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\tls\qcertonlybackend.dll

MD5 5240566cd1d97774f03c319606396659
SHA1 7715e321e912f413561e0e3e5f6316ba1ea77525
SHA256 9039e7af3cc64ff8d653b71f8bf9a90549ef5f35de6beed23cab336f4e3102fc
SHA512 4958b92c632253fd18c2816a3dc288285e92a96a265766679881efac284a8c49f9d49ad5596206ec374506e4341a9e10f5d66354fc8120f29375ed0feffcfb2e

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\swscale-7.dll

MD5 60ee6404315f42cfd111ffda6d30a1a4
SHA1 14aafa75e18202af1a4bf23d526d1738f96c4156
SHA256 331c66b7974abbd85639c63e9ebf63c62858d5b1d8a47ba52c7bc10715aeebe0
SHA512 8a4d858ef96a9cbe311bda94492d6759460f93751a79dfae826fb6b63748626134b11e3f30a37e19b6fff1567556d6a3f51d22211885bfad433f8a4451d2abea

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\resources\v8_context_snapshot.bin

MD5 38a09bcf4160f5b345942462b63c1c7e
SHA1 c4de02fecac708d94096d6e3e16cfac3472781e0
SHA256 3202f8ca18e49da8be573afdfe3ada8b98b351f8c5f1ec08ee92e8f00cd8d9b2
SHA512 1dfc511b0b387db1876989d4faa74bdcfde66714af76379bf768f71252874a6743bb803035a137f87c530d120aa180009215e8ce1020dafbc6f531381e891995

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\resources\qtwebengine_resources_200p.pak

MD5 09da93dd890313c6051e3eb31cab562e
SHA1 ca4281451381360393c0abac1029aa4c632b5ce1
SHA256 70418cc40f2078d59972bfd5d182b1169beceec2a828a5b81cf6e77933adf6f4
SHA512 ad00145b99f09ba25ef886ba89e3339c52d09c8080d0d9cf33707f23091e9bc8fde035ba99be291303f727b99cfd798ec3c77644e9ff46c0c6bf64c8d3e91856

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\resources\qtwebengine_resources_100p.pak

MD5 698db9c6537b8d9dec4869a11355af2a
SHA1 0d2450a12e0b3405ae30b3c7f5ad233fd6cbbef2
SHA256 c471280e5c2b50d0089c069954c84b121a70a7c50a2865b061e6c5eda329e634
SHA512 deb7faffb6e3c28616e200d10e18707df229a649c9d16e6db8921c3eec7381aeb977e1308dbd07bbf2c2a839b19de25bb6f8a9ba9d094f1243c3aa2d2ebb3f16

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\resources\qtwebengine_resources.pak

MD5 f249e5dd0eaf7ffbcc2843fccce85ef2
SHA1 ab7449a0d3fc68daa29f2cce08263fc290c4b046
SHA256 7e9c3c381c6a1bf31b4fc75c68a9c2f30ca34d9999291ada1d3eaf0b79618d4a
SHA512 be88d39e01828788e5a8b8c436cfc73d2863debf7251b92323d2ca3c02a8737d8edf1c70d24b98a9b11388cb3650129ed46e8134ce3b168a8564e37c3c67e215

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\QtMultimedia\qmldir

MD5 b7d5c74f4485b2550ad065e16252976a
SHA1 af8c4cf1a294e7efa6bffb00bf3a66ed9750f18c
SHA256 2a0f427a8594e31ed6b3fbc1b2242856976a02131cddd8c59b23858dd3d67cf5
SHA512 25581e90656d77023d91e2ec5797b6290e805caec2996ec58be98c618e2284c3657be93f5cc18dfabc6ecf662279a1854be08f888805b217628172ad040c47f7

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6Xml.dll

MD5 8169c439135d3453614e28466d0f3e8b
SHA1 14cfaba32e6f878e94ac2137852dae5dcc67e3b7
SHA256 fd6e3dfc8be003418f40aeedd90aef4296ce39aeac544a3f4c04bc86ba1b06f2
SHA512 6d2655020f76412a45adc3b6da7b0c5ea9e15031161f346ebb8b8875dd2356fbe0d66d9ef829292f5fe5bd6fb495e003413b4b6cefdd348188b8cb8892a66a34

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6Widgets.dll

MD5 c3241a2e538115dbaddf3a8c283c7966
SHA1 0833370c511d9e44d6a9fd44eab950a77e6908e1
SHA256 6a97350bbfe5518c5e41453062548f493014f8037a70645246549de33e6cfc17
SHA512 3ee01be6b0f3f112cf0f64ea3d446bc819f310a9fa23b96e6839d4a4c007a70603a7cf595c25c107f04a65110639b3d617094c1b0d1240dbae9e54ee42e6b148

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6WebSockets.dll

MD5 04cc26f549ab23a726f5625d773f659a
SHA1 66f7b72558335121d676fdb276e3679fe4b5da17
SHA256 d955e7ffdf0f3ebae045796a242949f851db07ddfac9cf50df45f601e04b0e57
SHA512 b3f8f4012f683444f09e3a7a48586143e3401e5d165c6455af4bebc04c6e01d92bc3255c3dbe3fcfad08f7b55f6badb3216b342854d1870951cb153ea50c5640

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6WebEngineQuickDelegatesQml.dll

MD5 93c0440d85f375b171fd01c5b43ba85b
SHA1 f05aeb8c34aa2269a1622d1748c6702334774fef
SHA256 efabaf7879040b2ff01dc1db582f15ad1d28e04684eb67f3907e24c780c4e014
SHA512 b9b3c2af9678cd6610317fb7a64fdb2e1607980c515d213efc74851e8580301c9b9520bf6cc8a06d8abf8ceef47f169048dc7cf1bfd31ca268384c21752f4827

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\Qt6WebEngineQuick.dll

MD5 97814a8961992936598f1b7683aca5cb
SHA1 6644cf3079595f1337116881e9cfcb2ef11c818f
SHA256 1585dda7eda1e6cca66d840257b23fc0b25b0f4b448b25c0896de790ec744cb4
SHA512 a6c2b88fca842a8aad3b3b1d878f50b90f573830009d0499248f3f1a38a8ceae42978cc106894855eda40708f09a215c77615960d06cdd1da634e280c94ea448

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\multimedia\ffmpegmediaplugin.dll

MD5 200a2431241ea2b1bebf61d1c242bbf6
SHA1 80a6e9298c6ce3af44d7f829d5359534979de266
SHA256 5b8b003a86e49e3c4d1c750c940c6620fe6d8f0c2cb4e35b01eebf5899c958ff
SHA512 b4ce3565d780a8201a7f01f74cc830e577a026d1002f60c9de28a13491160213dc76831a80265539c8148044db92f9e4fa76b77f86fa82d0e84c93a3b09f5cac

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\imageformats\qjpeg.dll

MD5 85089a44f0a801bf0df3e529d5dfdfe0
SHA1 9eaf3133ee6e4f504092bb67ab86241b5734cbc7
SHA256 ed785d7a87abc60ef8e9df6fb9a68eeea65f354a6959fdaecd325e56182af7de
SHA512 f95542b9357a911dcbbade0545f4121847c5bf64fc7fd01592bef7faa97b9a24af0ccb345893d14462a0bc32d139cac84849ce12ff02578f739041ada2001adc

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\imageformats\qgif.dll

MD5 cda2aa5f7792f7f6989fbfb976c76107
SHA1 6f1f2a75b11689adb68175d2b382e9cdd435d395
SHA256 4db6e6109b1771f966deba62abdbb80300fb7d154266a2fa8c77e2fa6d4abcb0
SHA512 0068f8ba909533b2d876e80882a0ad10bc8323afdce405fc273b2c8dcae5f34be76bb2c04ed816c136c8dedb513356af0cd92d0cd832b066ef4c26f3149e138e

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\BlueStacksAppplayerWeb.exe

MD5 33f277e986149e4b3cb590e052c4904e
SHA1 00d90936afc6183b612d03a3ec12db2bf4b0c8b0
SHA256 a753fb439c724ccfc00a0d5218ba540ed13e287fbaefa55017d2a96c6b616c29
SHA512 7aa2f723d3c042d849ac771c190f2c06de532a8f263eb0ba3468f0594a1dd8c58ba545b58a77f611d1c4feb519138dab455dd47dcf483907660089c8f4c82546

C:\Users\Admin\AppData\Local\Temp\7zSC6FC2439\avutil-58.dll

MD5 203009102eef773a714cf83515723b4f
SHA1 7d3a4941e2ccc42e9d313a5ec2f1f7bad65c1a61
SHA256 a8da1bcec215e8b002c4f8da2ddbc340d93937c93c480cd30d42b1d506f77a7c
SHA512 919b8badcdb3e1a78b5a96ec81dcacdf5cc9b76bca53d27dc7916700cc1e77e416642338d456345a617118bacc6913fa62bfb43c8937048ae346c1d295b5d8b7

C:\ProgramData\BlueStacks_nxt\Engine\Manager\BstkGlobal.xml.in

MD5 8c11ed64e4cb4e992c891a1685f5e0bd
SHA1 1b125f8aa3f77ab5e23bcf18ff7fd9efa5232bc5
SHA256 4c64d4ad8897d3198cc69c27e54c9ad24aafd70ee2818a4eb3a970f24b7cd535
SHA512 c2eee227704f0940bd46db419e42f15ce0dff3b006753c94005ac4c063fe2a2f0f24833a6674e9bbe570adcb425277a78bbbf398d600017e05357f33661d7c7d

C:\ProgramData\BlueStacks_nxt\Client\Assets\minimize_progress.png

MD5 90d5c0e2977d65b21b430f486114521e
SHA1 cfb48cef2634d4be33210ba54e5b7c5c197530e4
SHA256 aa538477ded33f33e33cb9a21241dacaceaa0c3e5ad8eb1b6830a448262bc998
SHA512 9a3f6690a638a69232335b746a4512ed1c623baa984d87cf4127663c4f85e818a4220564c63b764570e2ade8302989482580af7d9032052335d44b9c98d2d37b

C:\ProgramData\BlueStacks_nxt\Client\Assets\menu_help.png

MD5 2e82bd45c7a8b2e216c27a24d42f12a8
SHA1 8ff552358b2d77090a54dad0c12c2757af2ec433
SHA256 e55ef002466578307998045edd5e10577161efd1cf8f1a71768a8046f4c2ee0d
SHA512 d8f44a110bc31d5834b337553baa599c9a127d7335aeddd7e139ba5c7851db006d36ef74d841f10f7fe69e25edffd89a6faea9d3c72eba27bbbade843af440f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a923a31c7ace4565fc14e241fae1639a
SHA1 d0f119e17b62f56d13fe2912fdac920f82d5114d
SHA256 118c9a686209ff3614bfe9a7ead57c6cd5c6a741a78e69345fe299ee6fd36372
SHA512 270943258866508438fd770681616a3190f7f55bd4906225a48b5cc0428c08dae2e5559e61817066a7f9294379cae89d74feada65ebd6ea9a575e8e0d286041d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a4aab8ad801f0054b1976faa04305f25
SHA1 02e0212c39d1cdfee2feb32a6b37e620b7b0799b
SHA256 3f09d7d3c64f8e627d42025dba4f98e9ab7d16a6a0b8c3c4b6c8191300895721
SHA512 63d557b7f736785b4d054afb03915ca3f7213d4f90c82207d9b9242b8a53757bbd904072dc4b965d404583134d84fc6c716cd0329242adfbcbb4a04a7af75508

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b5d5539a3f930b1f03c37b66a03c4724
SHA1 1923b7f7b86ac5122d11e42ddca4dc8c71fd1584
SHA256 a7f304d694dd590c06ba91d1164b1d58d15ade4a227afd03944f039e1705a0c1
SHA512 790d8c6fc705604dc63c5f98c322539804ad55210d65cb830ac1478a211c1f11743a3edc8060cf2dfae03531d6fb011ab987cd73023ca90c0eea1d12fb0c9942

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 b29bcf9cd0e55f93000b4bb265a9810b
SHA1 e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256 f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512 e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 087825e27e0c2b3758ef5debe1864ea5
SHA1 dd023acde8a56c9aa0d3677d88b5f879a82d4457
SHA256 ac0cb615c0bf60a6c90b4b107a3eb1d5d4ee1d1818ed66b567ff7154f4b59ca1
SHA512 9b4605b63d75e830d5c71376044e0da7463b42142f85966c15a79362880a2f170072f3253c86a8383b48c37fb39fcce6a630b79b424ec74b4aa632878476d215

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 778ba02f0eb9a3f2f5be12eb012a27ca
SHA1 dff37b122f002ecf44d2f2e3fccec5969207c739
SHA256 c2c1b2c6d97ad04bdf2d45c2efabd97e5c8bd3ca1a50149ea2bbf51fa7474415
SHA512 4c8e551c548788a63175174a4ce7bb6930726e68636da01f12283c3bf83a541c56a48ae3891447bcc2e8b0290de99d4530ec1a22fd6771db5d689f0cd58e3acd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 60e3f691077715586b918375dd23c6b0
SHA1 476d3eab15649c40c6aebfb6ac2366db50283d1b
SHA256 e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee
SHA512 d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

MD5 a397e5983d4a1619e36143b4d804b870
SHA1 aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4
SHA256 9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4
SHA512 4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 39734a9f76353d6023d8e99f338f459e
SHA1 3243a07340393fd51a474d231caec470ba97b6fc
SHA256 c1e6c3b53aaeb9a8b6fbae80a68a31ede18fb272f49f0c3672177a52b96582a3
SHA512 68bb80b23e971e0e5d23450a03e8416b22f1eb82197d5fcae15b687715c52903abf34ad93a34e7645ba1ce65f29566a778e355556703d468233611a3a1ae7986

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ddd6c7730a266f2178925bd7df624549
SHA1 92c67e5bf999c15f969ced02e86f9105cac0b9bc
SHA256 259fe2d00325d50333c13b70e148ec7bd67aac5bb9ad4c28864ec49722961b5d
SHA512 eb2c32aeaa1920f4eab91cf1a3a0fd3c25e001824ebfdbf7f87fd11964786cfdf092e325809480a8cce047419c2048ef4e20cf7089e2cbf9a7ee80f474264073

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c5188cf5291bcd8e994cad63e266cca4
SHA1 796d9c67fb594fd023b3e47f24a654c0307d6fa0
SHA256 4423d0e77fbbf2429d54ab3f5f341000a0066b2099cd9acfd13e36ce2bd5e049
SHA512 632f3da6552a60e172b8cd119a391a9534745aefc27fb7a6e4771f2b0aa0913da3cbe505568cf21536a7a4701a85e0a36480be79b49d1ec9ea356e9ff60d8abd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 13643ce8a3564d2cd48ffb0f748ae81a
SHA1 2ec0a3788a9dacd0a9d0fa0669fb0e1baaeefdfb
SHA256 6d2200d3364dec6a3d41b0e36e727fde7b6808e41bb7f7f58fd92f857a5e84c1
SHA512 de439db5c6262d6f6cfe571b2934bbfd320e5e646507c81d66e8b9bca3d1a7612e95db714c36d8fb977867c0df6813047451039face8cc2845fa696e8fd81906

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8540cc42aae1294bcb3197db3611c6ba
SHA1 4532544fa8ce40a82337a596733898a6646dafa9
SHA256 8b683f9ccb2fe9399c30e49f1c30f16dbcbfc04b274785bce2cf21bc32c87e1b
SHA512 b2e80b94d2b14e7a01e7b191f9c49d5b1f6cfe396a2a8c39721a0135306d5c80747c0da4b2c60c864241511872ff3a1b4d6e20d93b51343d0189dda06e088f7e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 33c5e2453781482687a89d01e94dafbc
SHA1 0be3078cab8c481314844dd66ddfe9f950f0e3b7
SHA256 4b69b92a5a8ad2546702134804f5bc0880e0a89cf3f76558e7368027faf51168
SHA512 f3783636cc86b2216274d6db43bbb1ddc6c2e6ab595b37ddc694f4ab4586549bf9bab491f1b66c02e1ea92595286ba6513acc76425b1153e753b0f7c4c06d014

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3980c7b128df5acc7baea168d3685029
SHA1 490d560f2226cdba13ccdf4171413a8729262766
SHA256 0ca636280bba34255e25887ff7750fb2c7302b24e318334ad6f2c4a2e882738b
SHA512 49877e1cac98cfbf710b769fe85feb71a4acf84be0f2b4ef8e2352cc4822f83bd2ef74f54e861a54e2489ec9bb6a92b2c1f88f7109acb03173bb6ddef52db36f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b5198c8d7aea690c76cbedd0985192c8
SHA1 cc6d5396e611d71b1e536ac689354f1cdcd45894
SHA256 18744bb2d8f859682b6551d82169227bbd389af1256b2eec98777afbd52e3830
SHA512 72ae114faa7e92d56cf88d546b1cf97ae828cae533d2b739c3b8fbbb2de97ddf2a4997c50af7778c5003a85809b4a19265171549e6877ad12470a2dc9f3a952b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5aed3615b3e3df395b99862dacebae97
SHA1 d3c9f882ee56f0600650071fdd4524ef1241c3d6
SHA256 8e93dfdfd2dc2ba1eb5b150352ac06a9d76aaf699d43077a0cf1346b048c9809
SHA512 040f7113eb71836e18984ddd7b0eff98c51dd73132f38d67720ac81645ffa0a417b53994804bf436c645edb04793df63756fbf4b5f2d799a128f15bf5254bcc3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3e9db5c306d7c22fab11197dc78c822b
SHA1 0f7f2d6012aadab32e0a5c8e7c93fe72ae7d0746
SHA256 1e14ac3b2cfc0d0300940cf385123cd50b3b48639b9c3b722a677f49a3ffd3b4
SHA512 c0b87d99296de12f289f7c91b7816ba4ae66bfa126aa9f383782495614218004e361577c3499bd39135682eb4a8d248b437a78a8942ad09ebabad9173a095e60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d085425419d099aac23920086f76e7d4
SHA1 5867cfe9e185baf917b5dbb288a8ea797017893d
SHA256 f4b974f045e606e9feab1af447d95cc436c0b8b2c2b8aae921d099ec0c59f7ad
SHA512 46ccee83f4fd153487aa15e33e385a823fc29c19787e1eac216ce5a47185543aca2ed40d0040be2594db021760d17c2edc54c05d3c29594c083a78caa43afa7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 45583a5e53dcc9be9fdd7bcf21cebf7b
SHA1 fb6b1fd5f95248997215a9b1c84d251684b7c9ec
SHA256 5b551ceb127bed7f6cbb299c740ad9c458dcb4406007ac5252dbb4d66664729c
SHA512 03d71da223193926e119acd6254db348689878d15eccdb7a0877105248bb2e6b512c944addb0645109216d5db919c2d25208bde6aed5194efcc80a359e1c8b41

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0e8d5467beaf220eb283bfcbb0abcd70
SHA1 e53ac2dcb8286cc2f461ed6eb49258f3916cd1e5
SHA256 8409aa864c30b63122b9463dfb70d26d9ccae08b98e73b06a572a6f492851a27
SHA512 8a92e1e812de5de4e1177203f979c17367dd78e0ad0c902a738570ed232af21cb80ef4e7214e45ca1fd51bc2b7244d167bf927346500de73f9c77bbe664a3a61

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 27eac9b5550279429495746de9ea12f7
SHA1 ccd70df6e55808ec29bbfb3c283329a98e7026be
SHA256 2b6fa20640fac1a7633eebda58e0db42e0cf2fbc223221c3c4931c18c6b7c889
SHA512 3f6f6239f872134999bea6374c8596b6b9a317d794eee8a6ff4d2d36417bf2bc5230426a5cae9a0c527ed87f506d32dec29cca27c82aadd7bb7d6e99f373b57b